diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:16:42 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 05:16:42 +0000 |
commit | 88e196ee72fcef7bdeaeefc0304e59750e15fb1a (patch) | |
tree | 2f5638b1b21f7f172ced56765bb49cfdc991efaa | |
parent | 38837ea34500c144ba427283e034563bfbc6e68c (diff) | |
parent | 855173504f4e3a444945a739f3a769713262a499 (diff) | |
download | ring-aml_uwb_341513070.tar.gz |
Snap for 10453563 from 855173504f4e3a444945a739f3a769713262a499 to mainline-uwb-releaseaml_uwb_341710010aml_uwb_341513070aml_uwb_341511050aml_uwb_341310300aml_uwb_341310030aml_uwb_341111010aml_uwb_341011000android14-mainline-uwb-release
Change-Id: I6bbf6397a122476c9274d632038f09c63d3d66a6
285 files changed, 21882 insertions, 38067 deletions
@@ -36,10 +36,11 @@ license { rust_library { name: "libring", + // has rustc warnings host_supported: true, crate_name: "ring", cargo_env_compat: true, - cargo_pkg_version: "0.16.20", + cargo_pkg_version: "0.17.0-alpha.11", srcs: ["src/lib.rs"], edition: "2018", features: [ @@ -61,19 +62,20 @@ rust_library { ], apex_available: [ "//apex_available:platform", - "com.android.compos", "com.android.resolv", - "com.android.virt", ], + vendor_available: true, + product_available: true, min_sdk_version: "29", } rust_test { name: "ring_test_src_lib", + // has rustc warnings host_supported: true, crate_name: "ring", cargo_env_compat: true, - cargo_pkg_version: "0.16.20", + cargo_pkg_version: "0.17.0-alpha.11", srcs: ["src/lib.rs"], test_suites: ["general-tests"], auto_gen_config: true, @@ -104,7 +106,7 @@ rust_defaults { name: "ring_test_defaults", crate_name: "ring", cargo_env_compat: true, - cargo_pkg_version: "0.16.20", + cargo_pkg_version: "0.17.0-alpha.11", test_suites: ["general-tests"], auto_gen_config: true, edition: "2018", @@ -127,6 +129,7 @@ rust_defaults { rust_test { name: "ring_test_tests_aead_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/aead_tests.rs"], test_options: { @@ -137,6 +140,7 @@ rust_test { rust_test { name: "ring_test_tests_agreement_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/agreement_tests.rs"], test_options: { @@ -147,6 +151,7 @@ rust_test { rust_test { name: "ring_test_tests_constant_time_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/constant_time_tests.rs"], test_options: { @@ -157,6 +162,7 @@ rust_test { rust_test { name: "ring_test_tests_digest_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/digest_tests.rs"], test_options: { @@ -167,6 +173,7 @@ rust_test { rust_test { name: "ring_test_tests_ecdsa_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/ecdsa_tests.rs"], test_options: { @@ -177,6 +184,7 @@ rust_test { rust_test { name: "ring_test_tests_ed25519_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/ed25519_tests.rs"], test_options: { @@ -187,6 +195,7 @@ rust_test { rust_test { name: "ring_test_tests_hkdf_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/hkdf_tests.rs"], test_options: { @@ -197,6 +206,7 @@ rust_test { rust_test { name: "ring_test_tests_hmac_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/hmac_tests.rs"], test_options: { @@ -207,6 +217,7 @@ rust_test { rust_test { name: "ring_test_tests_pbkdf2_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/pbkdf2_tests.rs"], test_options: { @@ -217,6 +228,7 @@ rust_test { rust_test { name: "ring_test_tests_quic_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/quic_tests.rs"], test_options: { @@ -227,6 +239,7 @@ rust_test { rust_test { name: "ring_test_tests_rand_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/rand_tests.rs"], test_options: { @@ -237,6 +250,7 @@ rust_test { rust_test { name: "ring_test_tests_rsa_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/rsa_tests.rs"], test_options: { @@ -247,6 +261,7 @@ rust_test { rust_test { name: "ring_test_tests_signature_tests", defaults: ["ring_test_defaults"], + // has rustc warnings host_supported: true, srcs: ["tests/signature_tests.rs"], test_options: { @@ -265,9 +280,10 @@ cc_library_static { "crypto/poly1305/poly1305_vec.c", "crypto/curve25519/curve25519.c", "crypto/fipsmodule/ec/ecp_nistz.c", - "crypto/fipsmodule/ec/ecp_nistz256.c", "crypto/fipsmodule/ec/gfp_p256.c", "crypto/fipsmodule/ec/gfp_p384.c", + "crypto/fipsmodule/ec/p256.c", + "crypto/fipsmodule/rsa/padding.c", "crypto/limbs/limbs.c", "crypto/mem.c", "crypto/fipsmodule/bn/montgomery.c", @@ -283,7 +299,6 @@ cc_library_static { "crypto/curve25519/asm/x25519-asm-arm.S", "pregenerated/sha256-armv4-linux32.S", "pregenerated/sha512-armv4-linux32.S", - "pregenerated/ecp_nistz256-armv4-linux32.S", "pregenerated/aesv8-armx-linux32.S", "pregenerated/bsaes-armv7-linux32.S", "pregenerated/ghashv8-armx-linux32.S", @@ -297,7 +312,6 @@ cc_library_static { "pregenerated/aesv8-armx-linux64.S", "pregenerated/armv8-mont-linux64.S", "pregenerated/chacha-armv8-linux64.S", - "pregenerated/ecp_nistz256-armv8-linux64.S", "pregenerated/ghash-neon-armv8-linux64.S", "pregenerated/ghashv8-armx-linux64.S", "pregenerated/sha256-armv8-linux64.S", @@ -309,7 +323,6 @@ cc_library_static { srcs: [ "pregenerated/aesni-x86-elf.S", "pregenerated/chacha-x86-elf.S", - "pregenerated/ecp_nistz256-x86-elf.S", "pregenerated/ghash-x86-elf.S", "pregenerated/vpaes-x86-elf.S", "pregenerated/x86-mont-elf.S", @@ -317,6 +330,7 @@ cc_library_static { }, x86_64: { srcs: [ + "crypto/fipsmodule/ec/p256-x86_64.c", "pregenerated/aesni-gcm-x86_64-elf.S", "pregenerated/aesni-x86_64-elf.S", "pregenerated/chacha-x86_64-elf.S", @@ -330,6 +344,9 @@ cc_library_static { "pregenerated/x86_64-mont-elf.S", ], }, + riscv64: { + cflags: ["-DOPENSSL_NO_ASM"], + }, }, cflags: [ @@ -347,10 +364,10 @@ cc_library_static { local_include_dirs: ["include"], apex_available: [ "//apex_available:platform", - "com.android.compos", "com.android.resolv", - "com.android.virt", ], + vendor_available: true, + product_available: true, min_sdk_version: "29", } @@ -363,9 +380,9 @@ cc_library_static { local_include_dirs: ["include"], apex_available: [ "//apex_available:platform", - "com.android.compos", "com.android.resolv", - "com.android.virt", ], + vendor_available: true, + product_available: true, min_sdk_version: "29", } @@ -3,21 +3,20 @@ # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies +# to registry (e.g., crates.io) dependencies. # -# If you believe there's an error in this file please file an -# issue against the rust-lang/cargo repository. If you're -# editing this file be aware that the upstream Cargo.toml -# will likely look very different (and much more reasonable) +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. [package] edition = "2018" name = "ring" -version = "0.16.20" +version = "0.17.0-alpha.11" authors = ["Brian Smith <brian@briansmith.org>"] build = "build.rs" -links = "ring-asm" -include = ["LICENSE", "Cargo.toml", "pregenerated/*", "build.rs", "crypto/chacha/asm/chacha-armv4.pl", "crypto/chacha/asm/chacha-armv8.pl", "crypto/chacha/asm/chacha-x86.pl", "crypto/chacha/asm/chacha-x86_64.pl", "crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt", "crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt", "crypto/constant_time_test.c", "crypto/cpu-intel.c", "crypto/crypto.c", "crypto/curve25519/asm/x25519-asm-arm.S", "crypto/curve25519/curve25519.c", "crypto/curve25519/curve25519_tables.h", "crypto/curve25519/internal.h", "crypto/fipsmodule/aes/aes_nohw.c", "crypto/fipsmodule/aes/asm/aesni-x86.pl", "crypto/fipsmodule/aes/asm/aesni-x86_64.pl", "crypto/fipsmodule/aes/asm/aesv8-armx.pl", "crypto/fipsmodule/aes/asm/bsaes-armv7.pl", "crypto/fipsmodule/aes/asm/bsaes-x86_64.pl", "crypto/fipsmodule/aes/asm/vsaes-armv7.pl", "crypto/fipsmodule/aes/asm/vpaes-x86.pl", "crypto/fipsmodule/aes/asm/vpaes-x86_64.pl", "crypto/fipsmodule/bn/asm/armv4-mont.pl", "crypto/fipsmodule/bn/asm/armv8-mont.pl", "crypto/fipsmodule/bn/asm/x86-mont.pl", "crypto/fipsmodule/bn/asm/x86_64-mont.pl", "crypto/fipsmodule/bn/asm/x86_64-mont5.pl", "crypto/fipsmodule/bn/internal.h", "crypto/fipsmodule/bn/montgomery.c", "crypto/fipsmodule/bn/montgomery_inv.c", "crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl", "crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl", "crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl", "crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl", "crypto/fipsmodule/ec/ecp_nistz.c", "crypto/fipsmodule/ec/ecp_nistz.h", "crypto/fipsmodule/ec/ecp_nistz256.c", "crypto/fipsmodule/ec/ecp_nistz256.h", "crypto/fipsmodule/ec/ecp_nistz256_table.inl", "crypto/fipsmodule/ec/ecp_nistz384.h", "crypto/fipsmodule/ec/ecp_nistz384.inl", "crypto/fipsmodule/ec/gfp_p256.c", "crypto/fipsmodule/ec/gfp_p384.c", "crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt", "crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl", "crypto/fipsmodule/modes/asm/ghash-armv4.pl", "crypto/fipsmodule/modes/asm/ghash-x86.pl", "crypto/fipsmodule/modes/asm/ghash-x86_64.pl", "crypto/fipsmodule/modes/asm/ghashv8-armx.pl", "crypto/fipsmodule/sha/asm/sha256-armv4.pl", "crypto/fipsmodule/sha/asm/sha512-armv4.pl", "crypto/fipsmodule/sha/asm/sha512-armv8.pl", "crypto/fipsmodule/sha/asm/sha512-x86_64.pl", "crypto/internal.h", "crypto/limbs/limbs.c", "crypto/limbs/limbs.h", "crypto/limbs/limbs.inl", "crypto/mem.c", "crypto/perlasm/arm-xlate.pl", "crypto/perlasm/x86asm.pl", "crypto/perlasm/x86gas.pl", "crypto/perlasm/x86nasm.pl", "crypto/perlasm/x86_64-xlate.pl", "crypto/poly1305/internal.h", "crypto/poly1305/poly1305.c", "crypto/poly1305/poly1305_arm.c", "crypto/poly1305/poly1305_arm_asm.S", "crypto/poly1305/poly1305_vec.c", "crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl", "doc/link-to-readme.md", "examples/checkdigest.rs", "include/GFp/aes.h", "include/GFp/arm_arch.h", "include/GFp/base.h", "include/GFp/check.h", "include/GFp/cpu.h", "include/GFp/mem.h", "include/GFp/poly1305.h", "include/GFp/type_check.h", "src/aead.rs", "src/aead/aes.rs", "src/aead/aes_gcm.rs", "src/aead/aes_tests.txt", "src/aead/block.rs", "src/aead/chacha.rs", "src/aead/chacha_tests.txt", "src/aead/chacha20_poly1305.rs", "src/aead/chacha20_poly1305_openssh.rs", "src/aead/counter.rs", "src/aead/gcm.rs", "src/aead/gcm/gcm_nohw.rs", "src/aead/iv.rs", "src/aead/nonce.rs", "src/aead/poly1305.rs", "src/aead/poly1305_test.txt", "src/aead/quic.rs", "src/aead/shift.rs", "src/agreement.rs", "src/arithmetic.rs", "src/arithmetic/bigint.rs", "src/arithmetic/bigint_elem_exp_consttime_tests.txt", "src/arithmetic/bigint_elem_exp_vartime_tests.txt", "src/arithmetic/bigint_elem_mul_tests.txt", "src/arithmetic/bigint_elem_reduced_once_tests.txt", "src/arithmetic/bigint_elem_reduced_tests.txt", "src/arithmetic/bigint_elem_squared_tests.txt", "src/arithmetic/constant.rs", "src/arithmetic/montgomery.rs", "src/array.rs", "src/bits.rs", "src/bssl.rs", "src/c.rs", "src/constant_time.rs", "src/cpu.rs", "src/data/alg-rsa-encryption.der", "src/debug.rs", "src/digest.rs", "src/digest/sha1.rs", "src/digest/sha2.rs", "src/ec/curve25519/ed25519/digest.rs", "src/ec/curve25519/ed25519.rs", "src/ec/curve25519/ed25519/signing.rs", "src/ec/curve25519/ed25519/verification.rs", "src/ec/curve25519/ed25519/ed25519_pkcs8_v2_template.der", "src/ec/curve25519.rs", "src/ec/curve25519/ops.rs", "src/ec/curve25519/scalar.rs", "src/ec/curve25519/x25519.rs", "src/ec.rs", "src/ec/keys.rs", "src/ec/suite_b/curve.rs", "src/ec/suite_b/ecdh.rs", "src/ec/suite_b/ecdsa/digest_scalar.rs", "src/ec/suite_b/ecdsa.rs", "src/ec/suite_b/ecdsa/signing.rs", "src/ec/suite_b/ecdsa/verification.rs", "src/ec/suite_b/ecdsa/ecdsa_digest_scalar_tests.txt", "src/ec/suite_b/ecdsa/ecPublicKey_p256_pkcs8_v1_template.der", "src/ec/suite_b/ecdsa/ecPublicKey_p384_pkcs8_v1_template.der", "src/ec/suite_b/ecdsa/ecdsa_sign_asn1_tests.txt", "src/ec/suite_b/ecdsa/ecdsa_sign_fixed_tests.txt", "src/ec/suite_b.rs", "src/ec/suite_b/ops/elem.rs", "src/ec/suite_b/ops.rs", "src/ec/suite_b/ops/p256.rs", "src/ec/suite_b/ops/p256_elem_mul_tests.txt", "src/ec/suite_b/ops/p256_elem_neg_tests.txt", "src/ec/suite_b/ops/p256_elem_sum_tests.txt", "src/ec/suite_b/ops/p256_point_double_tests.txt", "src/ec/suite_b/ops/p256_point_mul_base_tests.txt", "src/ec/suite_b/ops/p256_point_mul_serialized_tests.txt", "src/ec/suite_b/ops/p256_point_mul_tests.txt", "src/ec/suite_b/ops/p256_point_sum_mixed_tests.txt", "src/ec/suite_b/ops/p256_point_sum_tests.txt", "src/ec/suite_b/ops/p256_scalar_mul_tests.txt", "src/ec/suite_b/ops/p256_scalar_square_tests.txt", "src/ec/suite_b/ops/p384.rs", "src/ec/suite_b/ops/p384_elem_div_by_2_tests.txt", "src/ec/suite_b/ops/p384_elem_mul_tests.txt", "src/ec/suite_b/ops/p384_elem_neg_tests.txt", "src/ec/suite_b/ops/p384_elem_sum_tests.txt", "src/ec/suite_b/ops/p384_point_double_tests.txt", "src/ec/suite_b/ops/p384_point_mul_base_tests.txt", "src/ec/suite_b/ops/p384_point_mul_tests.txt", "src/ec/suite_b/ops/p384_point_sum_tests.txt", "src/ec/suite_b/ops/p384_scalar_mul_tests.txt", "src/ec/suite_b/private_key.rs", "src/ec/suite_b/public_key.rs", "src/ec/suite_b/suite_b_public_key_tests.txt", "src/endian.rs", "src/error.rs", "src/hkdf.rs", "src/hmac.rs", "src/hmac_generate_serializable_tests.txt", "src/io.rs", "src/io/der.rs", "src/io/der_writer.rs", "src/io/positive.rs", "src/io/writer.rs", "src/lib.rs", "src/limb.rs", "src/endian.rs", "src/pbkdf2.rs", "src/pkcs8.rs", "src/polyfill.rs", "src/polyfill/convert.rs", "src/rand.rs", "src/rsa/convert_nist_rsa_test_vectors.py", "src/rsa.rs", "src/rsa/padding.rs", "src/rsa/random.rs", "src/rsa/rsa_pss_padding_tests.txt", "src/rsa/signature_rsa_example_private_key.der", "src/rsa/signature_rsa_example_public_key.der", "src/rsa/signing.rs", "src/rsa/verification.rs", "src/signature.rs", "src/test.rs", "src/test_1_syntax_error_tests.txt", "src/test_1_tests.txt", "src/test_3_tests.txt", "tests/aead_aes_128_gcm_tests.txt", "tests/aead_aes_256_gcm_tests.txt", "tests/aead_chacha20_poly1305_tests.txt", "tests/aead_chacha20_poly1305_openssh_tests.txt", "tests/aead_tests.rs", "tests/agreement_tests.rs", "tests/agreement_tests.txt", "tests/constant_time_tests.rs", "tests/digest_tests.rs", "tests/digest_tests.txt", "tests/ecdsa_from_pkcs8_tests.txt", "tests/ecdsa_tests.rs", "tests/ecdsa_test_private_key_p256.p8", "tests/ecdsa_test_public_key_p256.der", "tests/ecdsa_test_public_key_p256_debug.txt", "tests/ecdsa_sign_asn1_tests.txt", "tests/ecdsa_sign_fixed_tests.txt", "tests/ecdsa_verify_asn1_tests.txt", "tests/ecdsa_verify_fixed_tests.txt", "tests/ed25519_from_pkcs8_tests.txt", "tests/ed25519_from_pkcs8_unchecked_tests.txt", "tests/ed25519_tests.rs", "tests/ed25519_tests.txt", "tests/ed25519_test_private_key.bin", "tests/ed25519_test_private_key.p8", "tests/ed25519_test_public_key.bin", "tests/ed25519_test_public_key.der", "tests/hkdf_tests.rs", "tests/hkdf_tests.txt", "tests/hmac_tests.rs", "tests/hmac_tests.txt", "tests/pbkdf2_tests.rs", "tests/pbkdf2_tests.txt", "tests/quic_aes_128_tests.txt", "tests/quic_aes_256_tests.txt", "tests/quic_chacha20_tests.txt", "tests/quic_tests.rs", "tests/rand_tests.rs", "tests/rsa_from_pkcs8_tests.txt", "tests/rsa_pkcs1_sign_tests.txt", "tests/rsa_pkcs1_verify_tests.txt", "tests/rsa_primitive_verify_tests.txt", "tests/rsa_pss_sign_tests.txt", "tests/rsa_pss_verify_tests.txt", "tests/rsa_tests.rs", "tests/rsa_test_private_key_2048.p8", "tests/rsa_test_public_key_2048.der", "tests/rsa_test_public_key_2048_debug.txt", "tests/signature_tests.rs", "third_party/fiat/curve25519_32.h", "third_party/fiat/curve25519_64.h", "third_party/fiat/LICENSE", "third_party/fiat/make_curve25519_tables.py", "third_party/NIST/SHAVS/SHA1LongMsg.rsp", "third_party/NIST/SHAVS/SHA1Monte.rsp", "third_party/NIST/SHAVS/SHA1ShortMsg.rsp", "third_party/NIST/SHAVS/SHA224LongMsg.rsp", "third_party/NIST/SHAVS/SHA224Monte.rsp", "third_party/NIST/SHAVS/SHA224ShortMsg.rsp", "third_party/NIST/SHAVS/SHA256LongMsg.rsp", "third_party/NIST/SHAVS/SHA256Monte.rsp", "third_party/NIST/SHAVS/SHA256ShortMsg.rsp", "third_party/NIST/SHAVS/SHA384LongMsg.rsp", "third_party/NIST/SHAVS/SHA384Monte.rsp", "third_party/NIST/SHAVS/SHA384ShortMsg.rsp", "third_party/NIST/SHAVS/SHA512LongMsg.rsp", "third_party/NIST/SHAVS/SHA512Monte.rsp", "third_party/NIST/SHAVS/SHA512ShortMsg.rsp"] +links = "ring_core_0_17_0_alpha_11" +include = ["LICENSE", "Cargo.toml", "pregenerated/*", "build.rs", "crypto/chacha/asm/chacha-armv4.pl", "crypto/chacha/asm/chacha-armv8.pl", "crypto/chacha/asm/chacha-x86.pl", "crypto/chacha/asm/chacha-x86_64.pl", "crypto/cipher_extra/test/aes_128_gcm_siv_tests.txt", "crypto/cipher_extra/test/aes_256_gcm_siv_tests.txt", "crypto/constant_time_test.c", "crypto/cpu-intel.c", "crypto/crypto.c", "crypto/curve25519/asm/x25519-asm-arm.S", "crypto/curve25519/curve25519.c", "crypto/curve25519/curve25519_tables.h", "crypto/curve25519/internal.h", "crypto/fipsmodule/aes/aes_nohw.c", "crypto/fipsmodule/aes/asm/aesni-x86.pl", "crypto/fipsmodule/aes/asm/aesni-x86_64.pl", "crypto/fipsmodule/aes/asm/aesv8-armx.pl", "crypto/fipsmodule/aes/asm/bsaes-armv7.pl", "crypto/fipsmodule/aes/asm/bsaes-x86_64.pl", "crypto/fipsmodule/aes/asm/vsaes-armv7.pl", "crypto/fipsmodule/aes/asm/vpaes-x86.pl", "crypto/fipsmodule/aes/asm/vpaes-x86_64.pl", "crypto/fipsmodule/bn/asm/armv4-mont.pl", "crypto/fipsmodule/bn/asm/armv8-mont.pl", "crypto/fipsmodule/bn/asm/x86-mont.pl", "crypto/fipsmodule/bn/asm/x86_64-mont.pl", "crypto/fipsmodule/bn/asm/x86_64-mont5.pl", "crypto/fipsmodule/bn/internal.h", "crypto/fipsmodule/bn/montgomery.c", "crypto/fipsmodule/bn/montgomery_inv.c", "crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl", "crypto/fipsmodule/ec/ecp_nistz.c", "crypto/fipsmodule/ec/ecp_nistz.h", "crypto/fipsmodule/ec/ecp_nistz384.h", "crypto/fipsmodule/ec/ecp_nistz384.inl", "crypto/fipsmodule/ec/gfp_p256.c", "crypto/fipsmodule/ec/gfp_p384.c", "crypto/fipsmodule/ec/p256.c", "crypto/fipsmodule/ec/p256-x86_64-table.h", "crypto/fipsmodule/ec/p256-x86_64.c", "crypto/fipsmodule/ec/p256-x86_64.h", "crypto/fipsmodule/ec/p256_shared.h", "crypto/fipsmodule/ec/p256_table.h", "crypto/fipsmodule/ec/util.h", "crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt", "crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl", "crypto/fipsmodule/modes/asm/ghash-armv4.pl", "crypto/fipsmodule/modes/asm/ghash-x86.pl", "crypto/fipsmodule/modes/asm/ghash-x86_64.pl", "crypto/fipsmodule/modes/asm/ghashv8-armx.pl", "crypto/fipsmodule/rsa/padding.c", "crypto/fipsmodule/sha/asm/sha256-armv4.pl", "crypto/fipsmodule/sha/asm/sha512-armv4.pl", "crypto/fipsmodule/sha/asm/sha512-armv8.pl", "crypto/fipsmodule/sha/asm/sha512-x86_64.pl", "crypto/internal.h", "crypto/limbs/limbs.c", "crypto/limbs/limbs.h", "crypto/limbs/limbs.inl", "crypto/mem.c", "crypto/perlasm/arm-xlate.pl", "crypto/perlasm/x86asm.pl", "crypto/perlasm/x86gas.pl", "crypto/perlasm/x86nasm.pl", "crypto/perlasm/x86_64-xlate.pl", "crypto/poly1305/internal.h", "crypto/poly1305/poly1305.c", "crypto/poly1305/poly1305_arm.c", "crypto/poly1305/poly1305_arm_asm.S", "crypto/poly1305/poly1305_vec.c", "crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl", "doc/link-to-readme.md", "examples/checkdigest.rs", "include/ring-core/aes.h", "include/ring-core/arm_arch.h", "include/ring-core/base.h", "include/ring-core/check.h", "include/ring-core/cpu.h", "include/ring-core/mem.h", "include/ring-core/poly1305.h", "include/ring-core/type_check.h", "src/aead.rs", "src/aead/aes.rs", "src/aead/aes_gcm.rs", "src/aead/aes_tests.txt", "src/aead/block.rs", "src/aead/chacha.rs", "src/aead/chacha/fallback.rs", "src/aead/chacha_tests.txt", "src/aead/chacha20_poly1305.rs", "src/aead/chacha20_poly1305_openssh.rs", "src/aead/gcm.rs", "src/aead/gcm/gcm_nohw.rs", "src/aead/less_safe_key.rs", "src/aead/nonce.rs", "src/aead/opening_key.rs", "src/aead/poly1305.rs", "src/aead/poly1305_test.txt", "src/aead/quic.rs", "src/aead/sealing_key.rs", "src/aead/shift.rs", "src/aead/unbound_key.rs", "src/agreement.rs", "src/arithmetic.rs", "src/arithmetic/bigint.rs", "src/arithmetic/bigint_elem_exp_consttime_tests.txt", "src/arithmetic/bigint_elem_exp_vartime_tests.txt", "src/arithmetic/bigint_elem_mul_tests.txt", "src/arithmetic/bigint_elem_reduced_once_tests.txt", "src/arithmetic/bigint_elem_reduced_tests.txt", "src/arithmetic/bigint_elem_squared_tests.txt", "src/arithmetic/constant.rs", "src/arithmetic/montgomery.rs", "src/array.rs", "src/bits.rs", "src/bssl.rs", "src/c.rs", "src/constant_time.rs", "src/cpu.rs", "src/data/alg-rsa-encryption.der", "src/debug.rs", "src/digest.rs", "src/digest/sha1.rs", "src/digest/sha2.rs", "src/ec/curve25519/ed25519/digest.rs", "src/ec/curve25519/ed25519.rs", "src/ec/curve25519/ed25519/signing.rs", "src/ec/curve25519/ed25519/verification.rs", "src/ec/curve25519/ed25519/ed25519_pkcs8_v2_template.der", "src/ec/curve25519.rs", "src/ec/curve25519/ops.rs", "src/ec/curve25519/scalar.rs", "src/ec/curve25519/x25519.rs", "src/ec.rs", "src/ec/keys.rs", "src/ec/suite_b/curve.rs", "src/ec/suite_b/ecdh.rs", "src/ec/suite_b/ecdsa/digest_scalar.rs", "src/ec/suite_b/ecdsa.rs", "src/ec/suite_b/ecdsa/signing.rs", "src/ec/suite_b/ecdsa/verification.rs", "src/ec/suite_b/ecdsa/ecdsa_digest_scalar_tests.txt", "src/ec/suite_b/ecdsa/ecPublicKey_p256_pkcs8_v1_template.der", "src/ec/suite_b/ecdsa/ecPublicKey_p384_pkcs8_v1_template.der", "src/ec/suite_b/ecdsa/ecdsa_sign_asn1_tests.txt", "src/ec/suite_b/ecdsa/ecdsa_sign_fixed_tests.txt", "src/ec/suite_b.rs", "src/ec/suite_b/ops/elem.rs", "src/ec/suite_b/ops.rs", "src/ec/suite_b/ops/p256.rs", "src/ec/suite_b/ops/p256_elem_mul_tests.txt", "src/ec/suite_b/ops/p256_elem_neg_tests.txt", "src/ec/suite_b/ops/p256_elem_sum_tests.txt", "src/ec/suite_b/ops/p256_point_double_tests.txt", "src/ec/suite_b/ops/p256_point_mul_base_tests.txt", "src/ec/suite_b/ops/p256_point_mul_serialized_tests.txt", "src/ec/suite_b/ops/p256_point_mul_tests.txt", "src/ec/suite_b/ops/p256_point_sum_mixed_tests.txt", "src/ec/suite_b/ops/p256_point_sum_tests.txt", "src/ec/suite_b/ops/p256_scalar_mul_tests.txt", "src/ec/suite_b/ops/p256_scalar_square_tests.txt", "src/ec/suite_b/ops/p384.rs", "src/ec/suite_b/ops/p384_elem_div_by_2_tests.txt", "src/ec/suite_b/ops/p384_elem_mul_tests.txt", "src/ec/suite_b/ops/p384_elem_neg_tests.txt", "src/ec/suite_b/ops/p384_elem_sum_tests.txt", "src/ec/suite_b/ops/p384_point_double_tests.txt", "src/ec/suite_b/ops/p384_point_mul_base_tests.txt", "src/ec/suite_b/ops/p384_point_mul_tests.txt", "src/ec/suite_b/ops/p384_point_sum_tests.txt", "src/ec/suite_b/ops/p384_scalar_mul_tests.txt", "src/ec/suite_b/private_key.rs", "src/ec/suite_b/public_key.rs", "src/ec/suite_b/suite_b_public_key_tests.txt", "src/endian.rs", "src/error.rs", "src/hkdf.rs", "src/hmac.rs", "src/hmac_generate_serializable_tests.txt", "src/io.rs", "src/io/der.rs", "src/io/der_writer.rs", "src/io/positive.rs", "src/io/writer.rs", "src/lib.rs", "src/limb.rs", "src/endian.rs", "src/pbkdf2.rs", "src/pkcs8.rs", "src/polyfill.rs", "src/polyfill/array_map.rs", "src/polyfill/chunks_fixed.rs", "src/prefixed.rs", "src/rand.rs", "src/rsa/convert_nist_rsa_test_vectors.py", "src/rsa.rs", "src/rsa/bounds.rs", "src/rsa/keypair.rs", "src/rsa/keypair/asn1.rs", "src/rsa/keypair/components.rs", "src/rsa/keypair/core.rs", "src/rsa/keypair/oaep.rs", "src/rsa/keypair/signature_rsa_example_private_key.der", "src/rsa/keypair/signature_rsa_example_public_key.der", "src/rsa/keypair/signing.rs", "src/rsa/padding.rs", "src/rsa/public.rs", "src/rsa/public/components.rs", "src/rsa/public/key.rs", "src/rsa/public/oaep.rs", "src/rsa/random.rs", "src/rsa/rsa_pss_padding_tests.txt", "src/rsa/verification.rs", "src/signature.rs", "src/test.rs", "src/test_1_syntax_error_tests.txt", "src/test_1_tests.txt", "src/test_3_tests.txt", "tests/aead_aes_128_gcm_tests.txt", "tests/aead_aes_256_gcm_tests.txt", "tests/aead_chacha20_poly1305_tests.txt", "tests/aead_chacha20_poly1305_openssh_tests.txt", "tests/aead_tests.rs", "tests/agreement_tests.rs", "tests/agreement_tests.txt", "tests/constant_time_tests.rs", "tests/digest_tests.rs", "tests/digest_tests.txt", "tests/ecdsa_from_pkcs8_tests.txt", "tests/ecdsa_tests.rs", "tests/ecdsa_test_private_key_p256.p8", "tests/ecdsa_test_public_key_p256.der", "tests/ecdsa_test_public_key_p256_debug.txt", "tests/ecdsa_sign_asn1_tests.txt", "tests/ecdsa_sign_fixed_tests.txt", "tests/ecdsa_verify_asn1_tests.txt", "tests/ecdsa_verify_fixed_tests.txt", "tests/ed25519_from_pkcs8_tests.txt", "tests/ed25519_from_pkcs8_unchecked_tests.txt", "tests/ed25519_tests.rs", "tests/ed25519_tests.txt", "tests/ed25519_test_private_key.bin", "tests/ed25519_test_private_key.p8", "tests/ed25519_test_public_key.bin", "tests/ed25519_test_public_key.der", "tests/hkdf_tests.rs", "tests/hkdf_tests.txt", "tests/hmac_tests.rs", "tests/hmac_tests.txt", "tests/pbkdf2_tests.rs", "tests/pbkdf2_tests.txt", "tests/quic_aes_128_tests.txt", "tests/quic_aes_256_tests.txt", "tests/quic_chacha20_tests.txt", "tests/quic_tests.rs", "tests/rand_tests.rs", "tests/rsa_from_pkcs8_tests.txt", "tests/rsa_pkcs1_sign_tests.txt", "tests/rsa_pkcs1_verify_tests.txt", "tests/rsa_primitive_verify_tests.txt", "tests/rsa_pss_sign_tests.txt", "tests/rsa_pss_verify_tests.txt", "tests/rsa_tests.rs", "tests/rsa_test_private_key_2048.p8", "tests/rsa_test_public_key_2048.der", "tests/rsa_test_public_key_2048_debug.txt", "tests/signature_tests.rs", "third_party/fiat/curve25519_32.h", "third_party/fiat/curve25519_64.h", "third_party/fiat/p256_32.h", "third_party/fiat/p256_64.h", "third_party/fiat/LICENSE", "third_party/NIST/SHAVS/SHA1LongMsg.rsp", "third_party/NIST/SHAVS/SHA1Monte.rsp", "third_party/NIST/SHAVS/SHA1ShortMsg.rsp", "third_party/NIST/SHAVS/SHA224LongMsg.rsp", "third_party/NIST/SHAVS/SHA224Monte.rsp", "third_party/NIST/SHAVS/SHA224ShortMsg.rsp", "third_party/NIST/SHAVS/SHA256LongMsg.rsp", "third_party/NIST/SHAVS/SHA256Monte.rsp", "third_party/NIST/SHAVS/SHA256ShortMsg.rsp", "third_party/NIST/SHAVS/SHA384LongMsg.rsp", "third_party/NIST/SHAVS/SHA384Monte.rsp", "third_party/NIST/SHAVS/SHA384ShortMsg.rsp", "third_party/NIST/SHAVS/SHA512LongMsg.rsp", "third_party/NIST/SHAVS/SHA512Monte.rsp", "third_party/NIST/SHAVS/SHA512ShortMsg.rsp"] description = "Safe, fast, small crypto using Rust." documentation = "https://briansmith.org/rustdoc/ring/" readme = "doc/link-to-readme.md" @@ -48,7 +47,7 @@ name = "ring" [dependencies.untrusted] version = "0.7.1" [build-dependencies.cc] -version = "1.0.62" +version = "1.0.66" default-features = false [features] @@ -68,7 +67,7 @@ default-features = false version = "0.5.2" default-features = false [target."cfg(any(target_os = \"android\", target_os = \"linux\"))".dependencies.libc] -version = "0.2.69" +version = "0.2.84" default-features = false [target."cfg(any(target_os = \"android\", target_os = \"linux\"))".dependencies.once_cell] @@ -81,7 +80,7 @@ version = "1.5.2" features = ["std"] default-features = false [target."cfg(any(unix, windows))".dev-dependencies.libc] -version = "0.2.80" +version = "0.2.84" default-features = false [target."cfg(target_arch = \"wasm32\")".dev-dependencies.wasm-bindgen-test] version = "0.3.18" diff --git a/Cargo.toml.orig b/Cargo.toml.orig index c9daac8..ee4f2e0 100644 --- a/Cargo.toml.orig +++ b/Cargo.toml.orig @@ -10,10 +10,18 @@ license-file = "LICENSE" name = "ring" readme = "doc/link-to-readme.md" repository = "https://github.com/briansmith/ring" -version = "0.16.20" -# Prevent multiple versions of *ring* from being linked into the same program. -links = "ring-asm" +# Keep in sync with `links` below. +version = "0.17.0-alpha.11" + +# Keep in sync with `version` above. +# +# "ring_core_" + version, replacing punctuation with underscores. +# +# build.rs uses this to derive the prefix for FFI symbols and the file names +# of the FFI libraries, so it must be a valid identifier prefix and a valid +# filename prefix. +links = "ring_core_0_17_0_alpha_11" include = [ "LICENSE", @@ -53,25 +61,27 @@ include = [ "crypto/fipsmodule/bn/internal.h", "crypto/fipsmodule/bn/montgomery.c", "crypto/fipsmodule/bn/montgomery_inv.c", - "crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl", - "crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl", - "crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl", "crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl", "crypto/fipsmodule/ec/ecp_nistz.c", "crypto/fipsmodule/ec/ecp_nistz.h", - "crypto/fipsmodule/ec/ecp_nistz256.c", - "crypto/fipsmodule/ec/ecp_nistz256.h", - "crypto/fipsmodule/ec/ecp_nistz256_table.inl", "crypto/fipsmodule/ec/ecp_nistz384.h", "crypto/fipsmodule/ec/ecp_nistz384.inl", "crypto/fipsmodule/ec/gfp_p256.c", "crypto/fipsmodule/ec/gfp_p384.c", + "crypto/fipsmodule/ec/p256.c", + "crypto/fipsmodule/ec/p256-x86_64-table.h", + "crypto/fipsmodule/ec/p256-x86_64.c", + "crypto/fipsmodule/ec/p256-x86_64.h", + "crypto/fipsmodule/ec/p256_shared.h", + "crypto/fipsmodule/ec/p256_table.h", + "crypto/fipsmodule/ec/util.h", "crypto/fipsmodule/ecdsa/ecdsa_verify_tests.txt", "crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl", "crypto/fipsmodule/modes/asm/ghash-armv4.pl", "crypto/fipsmodule/modes/asm/ghash-x86.pl", "crypto/fipsmodule/modes/asm/ghash-x86_64.pl", "crypto/fipsmodule/modes/asm/ghashv8-armx.pl", + "crypto/fipsmodule/rsa/padding.c", "crypto/fipsmodule/sha/asm/sha256-armv4.pl", "crypto/fipsmodule/sha/asm/sha512-armv4.pl", "crypto/fipsmodule/sha/asm/sha512-armv8.pl", @@ -94,32 +104,35 @@ include = [ "crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl", "doc/link-to-readme.md", "examples/checkdigest.rs", - "include/GFp/aes.h", - "include/GFp/arm_arch.h", - "include/GFp/base.h", - "include/GFp/check.h", - "include/GFp/cpu.h", - "include/GFp/mem.h", - "include/GFp/poly1305.h", - "include/GFp/type_check.h", + "include/ring-core/aes.h", + "include/ring-core/arm_arch.h", + "include/ring-core/base.h", + "include/ring-core/check.h", + "include/ring-core/cpu.h", + "include/ring-core/mem.h", + "include/ring-core/poly1305.h", + "include/ring-core/type_check.h", "src/aead.rs", "src/aead/aes.rs", "src/aead/aes_gcm.rs", "src/aead/aes_tests.txt", "src/aead/block.rs", "src/aead/chacha.rs", + "src/aead/chacha/fallback.rs", "src/aead/chacha_tests.txt", "src/aead/chacha20_poly1305.rs", "src/aead/chacha20_poly1305_openssh.rs", - "src/aead/counter.rs", "src/aead/gcm.rs", "src/aead/gcm/gcm_nohw.rs", - "src/aead/iv.rs", + "src/aead/less_safe_key.rs", "src/aead/nonce.rs", + "src/aead/opening_key.rs", "src/aead/poly1305.rs", "src/aead/poly1305_test.txt", "src/aead/quic.rs", + "src/aead/sealing_key.rs", "src/aead/shift.rs", + "src/aead/unbound_key.rs", "src/agreement.rs", "src/arithmetic.rs", "src/arithmetic/bigint.rs", @@ -208,16 +221,28 @@ include = [ "src/pbkdf2.rs", "src/pkcs8.rs", "src/polyfill.rs", - "src/polyfill/convert.rs", + "src/polyfill/array_map.rs", + "src/polyfill/chunks_fixed.rs", + "src/prefixed.rs", "src/rand.rs", "src/rsa/convert_nist_rsa_test_vectors.py", "src/rsa.rs", + "src/rsa/bounds.rs", + "src/rsa/keypair.rs", + "src/rsa/keypair/asn1.rs", + "src/rsa/keypair/components.rs", + "src/rsa/keypair/core.rs", + "src/rsa/keypair/oaep.rs", + "src/rsa/keypair/signature_rsa_example_private_key.der", + "src/rsa/keypair/signature_rsa_example_public_key.der", + "src/rsa/keypair/signing.rs", "src/rsa/padding.rs", + "src/rsa/public.rs", + "src/rsa/public/components.rs", + "src/rsa/public/key.rs", + "src/rsa/public/oaep.rs", "src/rsa/random.rs", "src/rsa/rsa_pss_padding_tests.txt", - "src/rsa/signature_rsa_example_private_key.der", - "src/rsa/signature_rsa_example_public_key.der", - "src/rsa/signing.rs", "src/rsa/verification.rs", "src/signature.rs", "src/test.rs", @@ -275,8 +300,9 @@ include = [ "tests/signature_tests.rs", "third_party/fiat/curve25519_32.h", "third_party/fiat/curve25519_64.h", + "third_party/fiat/p256_32.h", + "third_party/fiat/p256_64.h", "third_party/fiat/LICENSE", - "third_party/fiat/make_curve25519_tables.py", "third_party/NIST/SHAVS/SHA1LongMsg.rsp", "third_party/NIST/SHAVS/SHA1Monte.rsp", "third_party/NIST/SHAVS/SHA1ShortMsg.rsp", @@ -307,7 +333,7 @@ untrusted = { version = "0.7.1" } spin = { version = "0.5.2", default-features = false } [target.'cfg(any(target_os = "android", target_os = "linux"))'.dependencies] -libc = { version = "0.2.69", default-features = false } +libc = { version = "0.2.84", default-features = false } once_cell = { version = "1.5.2", default-features = false, features=["std"], optional = true } [target.'cfg(any(target_os = "dragonfly", target_os = "freebsd", target_os = "illumos", target_os = "netbsd", target_os = "openbsd", target_os = "solaris"))'.dependencies] @@ -323,11 +349,10 @@ winapi = { version = "0.3.8", default-features = false, features = ["ntsecapi", wasm-bindgen-test = { version = "0.3.18", default-features = false } [target.'cfg(any(unix, windows))'.dev-dependencies] -libc = { version = "0.2.80", default-features = false } +libc = { version = "0.2.84", default-features = false } -# Keep this in sync with `[dependencies]` in pregenerate_asm/Cargo.toml. [build-dependencies] -cc = { version = "1.0.62", default-features = false } +cc = { version = "1.0.66", default-features = false } [features] # These features are documented in the top-level module's documentation. @@ -1,3 +1,7 @@ +# This project was upgraded with external_updater. +# Usage: tools/external_updater/updater.sh update rust/crates/ring +# For more info, check https://cs.android.com/android/platform/superproject/+/master:tools/external_updater/README.md + name: "ring" description: "Safe, fast, small crypto using Rust." third_party { @@ -7,13 +11,13 @@ third_party { } url { type: ARCHIVE - value: "https://static.crates.io/crates/ring/ring-0.16.20.crate" + value: "https://static.crates.io/crates/ring/ring-0.17.0-alpha.11.crate" } - version: "0.16.20" + version: "0.17.0-alpha.11" license_type: NOTICE last_upgrade_date { - year: 2021 - month: 6 - day: 24 + year: 2023 + month: 2 + day: 3 } } diff --git a/TEST_MAPPING b/TEST_MAPPING index 82c4cf9..d53283e 100644 --- a/TEST_MAPPING +++ b/TEST_MAPPING @@ -6,30 +6,12 @@ }, { "path": "external/rust/crates/webpki" - } - ], - "presubmit": [ - { - "name": "apkdmverity.test" - }, - { - "name": "authfs_device_test_src_lib" - }, - { - "name": "doh_unit_test" - }, - { - "name": "libapkverify.integration_test" - }, - { - "name": "libapkverify.test" - }, - { - "name": "libidsig.test" }, { - "name": "microdroid_manager_test" - }, + "path": "packages/modules/DnsResolver" + } + ], + "postsubmit": [ { "name": "ring_test_src_lib", "options": [ @@ -39,6 +21,16 @@ ] }, { + "name": "ring_test_tests_digest_tests", + "options": [ + { + "test-timeout": "600000" + } + ] + } + ], + "presubmit": [ + { "name": "ring_test_tests_aead_tests" }, { @@ -48,14 +40,6 @@ "name": "ring_test_tests_constant_time_tests" }, { - "name": "ring_test_tests_digest_tests", - "options": [ - { - "test-timeout": "600000" - } - ] - }, - { "name": "ring_test_tests_ecdsa_tests" }, { @@ -81,42 +65,10 @@ }, { "name": "ring_test_tests_signature_tests" - }, - { - "name": "virtualizationservice_device_test" } ], "presubmit-rust": [ { - "name": "apkdmverity.test" - }, - { - "name": "authfs_device_test_src_lib" - }, - { - "name": "doh_unit_test" - }, - { - "name": "libapkverify.integration_test" - }, - { - "name": "libapkverify.test" - }, - { - "name": "libidsig.test" - }, - { - "name": "microdroid_manager_test" - }, - { - "name": "ring_test_src_lib", - "options": [ - { - "test-timeout": "100000" - } - ] - }, - { "name": "ring_test_tests_aead_tests" }, { @@ -126,14 +78,6 @@ "name": "ring_test_tests_constant_time_tests" }, { - "name": "ring_test_tests_digest_tests", - "options": [ - { - "test-timeout": "600000" - } - ] - }, - { "name": "ring_test_tests_ecdsa_tests" }, { @@ -159,9 +103,6 @@ }, { "name": "ring_test_tests_signature_tests" - }, - { - "name": "virtualizationservice_device_test" } ] } @@ -19,14 +19,11 @@ // another for the concrete logging implementation). Instead we use `eprintln!` // to log everything to stderr. -// In the `pregenerate_asm_main()` case we don't want to access (Cargo) -// environment variables at all, so avoid `use std::env` here. - use std::{ fs::{self, DirEntry}, + io::Write, path::{Path, PathBuf}, process::Command, - time::SystemTime, }; const X86: &str = "x86"; @@ -36,19 +33,20 @@ const ARM: &str = "arm"; #[rustfmt::skip] const RING_SRCS: &[(&[&str], &str)] = &[ + (&[], "crypto/curve25519/curve25519.c"), (&[], "crypto/fipsmodule/aes/aes_nohw.c"), (&[], "crypto/fipsmodule/bn/montgomery.c"), (&[], "crypto/fipsmodule/bn/montgomery_inv.c"), + (&[], "crypto/fipsmodule/rsa/padding.c"), (&[], "crypto/limbs/limbs.c"), (&[], "crypto/mem.c"), (&[], "crypto/poly1305/poly1305.c"), (&[AARCH64, ARM, X86_64, X86], "crypto/crypto.c"), - (&[AARCH64, ARM, X86_64, X86], "crypto/curve25519/curve25519.c"), (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/ecp_nistz.c"), - (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/ecp_nistz256.c"), (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/gfp_p256.c"), (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/gfp_p384.c"), + (&[AARCH64, ARM, X86_64, X86], "crypto/fipsmodule/ec/p256.c"), (&[X86_64, X86], "crypto/cpu-intel.c"), @@ -56,14 +54,14 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[X86], "crypto/fipsmodule/aes/asm/vpaes-x86.pl"), (&[X86], "crypto/fipsmodule/bn/asm/x86-mont.pl"), (&[X86], "crypto/chacha/asm/chacha-x86.pl"), - (&[X86], "crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl"), (&[X86], "crypto/fipsmodule/modes/asm/ghash-x86.pl"), + (&[X86_64], "crypto/chacha/asm/chacha-x86_64.pl"), (&[X86_64], "crypto/fipsmodule/aes/asm/aesni-x86_64.pl"), (&[X86_64], "crypto/fipsmodule/aes/asm/vpaes-x86_64.pl"), (&[X86_64], "crypto/fipsmodule/bn/asm/x86_64-mont.pl"), (&[X86_64], "crypto/fipsmodule/bn/asm/x86_64-mont5.pl"), - (&[X86_64], "crypto/chacha/asm/chacha-x86_64.pl"), + (&[X86_64], "crypto/fipsmodule/ec/p256-x86_64.c"), (&[X86_64], "crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl"), (&[X86_64], "crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl"), (&[X86_64], "crypto/fipsmodule/modes/asm/ghash-x86_64.pl"), @@ -79,7 +77,6 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[ARM], "crypto/fipsmodule/bn/asm/armv4-mont.pl"), (&[ARM], "crypto/chacha/asm/chacha-armv4.pl"), (&[ARM], "crypto/curve25519/asm/x25519-asm-arm.S"), - (&[ARM], "crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl"), (&[ARM], "crypto/fipsmodule/modes/asm/ghash-armv4.pl"), (&[ARM], "crypto/poly1305/poly1305_arm.c"), (&[ARM], "crypto/poly1305/poly1305_arm_asm.S"), @@ -89,7 +86,6 @@ const RING_SRCS: &[(&[&str], &str)] = &[ (&[AARCH64], "crypto/fipsmodule/aes/asm/vpaes-armv8.pl"), (&[AARCH64], "crypto/fipsmodule/bn/asm/armv8-mont.pl"), (&[AARCH64], "crypto/chacha/asm/chacha-armv8.pl"), - (&[AARCH64], "crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl"), (&[AARCH64], "crypto/fipsmodule/modes/asm/ghash-neon-armv8.pl"), (&[AARCH64], SHA512_ARMV8), ]; @@ -102,43 +98,6 @@ const SHA512_ARMV8: &str = "crypto/fipsmodule/sha/asm/sha512-armv8.pl"; const RING_TEST_SRCS: &[&str] = &[("crypto/constant_time_test.c")]; -#[rustfmt::skip] -const RING_INCLUDES: &[&str] = - &[ - "crypto/curve25519/curve25519_tables.h", - "crypto/curve25519/internal.h", - "crypto/fipsmodule/bn/internal.h", - "crypto/fipsmodule/ec/ecp_nistz256_table.inl", - "crypto/fipsmodule/ec/ecp_nistz384.inl", - "crypto/fipsmodule/ec/ecp_nistz.h", - "crypto/fipsmodule/ec/ecp_nistz384.h", - "crypto/fipsmodule/ec/ecp_nistz256.h", - "crypto/internal.h", - "crypto/limbs/limbs.h", - "crypto/limbs/limbs.inl", - "crypto/poly1305/internal.h", - "include/GFp/aes.h", - "include/GFp/arm_arch.h", - "include/GFp/base.h", - "include/GFp/check.h", - "include/GFp/cpu.h", - "include/GFp/mem.h", - "include/GFp/poly1305.h", - "include/GFp/type_check.h", - "third_party/fiat/curve25519_32.h", - "third_party/fiat/curve25519_64.h", - ]; - -#[rustfmt::skip] -const RING_PERL_INCLUDES: &[&str] = - &["crypto/perlasm/arm-xlate.pl", - "crypto/perlasm/x86gas.pl", - "crypto/perlasm/x86nasm.pl", - "crypto/perlasm/x86asm.pl", - "crypto/perlasm/x86_64-xlate.pl"]; - -const RING_BUILD_FILE: &[&str] = &["build.rs"]; - const PREGENERATED: &str = "pregenerated"; fn c_flags(target: &Target) -> &'static [&'static str] { @@ -213,36 +172,133 @@ const LD_FLAGS: &[&str] = &[]; // None means "any OS" or "any target". The first match in sequence order is // taken. -const ASM_TARGETS: &[(&str, Option<&str>, Option<&str>)] = &[ - ("x86_64", Some("ios"), Some("macosx")), - ("x86_64", Some("macos"), Some("macosx")), - ("x86_64", Some(WINDOWS), Some("nasm")), - ("x86_64", None, Some("elf")), - ("aarch64", Some("ios"), Some("ios64")), - ("aarch64", Some("macos"), Some("ios64")), - ("aarch64", None, Some("linux64")), - ("x86", Some(WINDOWS), Some("win32n")), - ("x86", Some("ios"), Some("macosx")), - ("x86", None, Some("elf")), - ("arm", Some("ios"), Some("ios32")), - ("arm", None, Some("linux32")), - ("wasm32", None, None), +const ASM_TARGETS: &[AsmTarget] = &[ + AsmTarget { + oss: LINUX_ABI, + arch: "aarch64", + perlasm_format: "linux64", + asm_extension: "S", + preassemble: false, + }, + AsmTarget { + oss: LINUX_ABI, + arch: "arm", + perlasm_format: "linux32", + asm_extension: "S", + preassemble: false, + }, + AsmTarget { + oss: LINUX_ABI, + arch: "x86", + perlasm_format: "elf", + asm_extension: "S", + preassemble: false, + }, + AsmTarget { + oss: LINUX_ABI, + arch: "x86_64", + perlasm_format: "elf", + asm_extension: "S", + preassemble: false, + }, + AsmTarget { + oss: MACOS_ABI, + arch: "aarch64", + perlasm_format: "ios64", + asm_extension: "S", + preassemble: false, + }, + AsmTarget { + oss: MACOS_ABI, + arch: "x86_64", + perlasm_format: "macosx", + asm_extension: "S", + preassemble: false, + }, + AsmTarget { + oss: &[WINDOWS], + arch: "x86", + perlasm_format: "win32n", + asm_extension: "asm", + preassemble: true, + }, + AsmTarget { + oss: &[WINDOWS], + arch: "x86_64", + perlasm_format: "nasm", + asm_extension: "asm", + preassemble: true, + }, +]; + +struct AsmTarget { + /// Operating systems. + oss: &'static [&'static str], + + /// Architectures. + arch: &'static str, + + /// The PerlAsm format name. + perlasm_format: &'static str, + + /// The filename extension for assembly files. + asm_extension: &'static str, + + /// Whether pre-assembled object files should be included in the Cargo + /// package instead of the asm sources. This way, the user doesn't need + /// to install an assembler for the target. This is particularly important + /// for x86/x86_64 Windows since an assembler doesn't come with the C + /// compiler. + preassemble: bool, +} + +/// Operating systems that have the same ABI as Linux on every architecture +/// mentioned in `ASM_TARGETS`. +const LINUX_ABI: &[&str] = &[ + "android", + "dragonfly", + "freebsd", + "fuchsia", + "illumos", + "netbsd", + "openbsd", + "linux", + "solaris", ]; +/// Operating systems that have the same ABI as macOS on every architecture +/// mentioned in `ASM_TARGETS`. +const MACOS_ABI: &[&str] = &["ios", "macos"]; + const WINDOWS: &str = "windows"; + const MSVC: &str = "msvc"; const MSVC_OBJ_OPT: &str = "/Fo"; const MSVC_OBJ_EXT: &str = "obj"; +/// Read an environment variable and tell Cargo that we depend on it. +/// +/// This needs to be used for any environment variable that isn't a standard +/// Cargo-supplied variable. +/// +/// The name is static since we intend to only read a static set of environment +/// variables. +fn read_env_var(name: &'static str) -> Result<String, std::env::VarError> { + println!("cargo:rerun-if-env-changed={}", name); + std::env::var(name) +} + fn main() { - if let Ok(package_name) = std::env::var("CARGO_PKG_NAME") { - if package_name == "ring" { - ring_build_rs_main(); - return; + const RING_PREGENERATE_ASM: &str = "RING_PREGENERATE_ASM"; + match read_env_var(RING_PREGENERATE_ASM).as_deref() { + Ok("1") => { + pregenerate_asm_main(); + } + Err(std::env::VarError::NotPresent) => ring_build_rs_main(), + _ => { + panic!("${} has an invalid value", RING_PREGENERATE_ASM); } } - - pregenerate_asm_main(); } fn ring_build_rs_main() { @@ -276,37 +332,41 @@ fn ring_build_rs_main() { }; let pregenerated = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()).join(PREGENERATED); - build_c_code(&target, pregenerated, &out_dir); - check_all_files_tracked() + build_c_code(&target, pregenerated, &out_dir, &ring_core_prefix()); + emit_rerun_if_changed() } fn pregenerate_asm_main() { + println!("cargo:rustc-cfg=pregenerate_asm_only"); + let pregenerated = PathBuf::from(PREGENERATED); std::fs::create_dir(&pregenerated).unwrap(); let pregenerated_tmp = pregenerated.join("tmp"); std::fs::create_dir(&pregenerated_tmp).unwrap(); - for &(target_arch, target_os, perlasm_format) in ASM_TARGETS { + let mut generated_prefix_headers = false; + + for asm_target in ASM_TARGETS { // For Windows, package pregenerated object files instead of // pregenerated assembly language source files, so that the user // doesn't need to install the assembler. - let asm_dir = if target_os == Some(WINDOWS) { + let asm_dir = if asm_target.preassemble { &pregenerated_tmp } else { &pregenerated }; - if let Some(perlasm_format) = perlasm_format { - let perlasm_src_dsts = - perlasm_src_dsts(&asm_dir, target_arch, target_os, perlasm_format); - perlasm(&perlasm_src_dsts, target_arch, perlasm_format, None); + let perlasm_src_dsts = perlasm_src_dsts(&asm_dir, asm_target); + perlasm(&perlasm_src_dsts, asm_target); - if target_os == Some(WINDOWS) { - let srcs = asm_srcs(perlasm_src_dsts); - for src in srcs { - let obj_path = obj_path(&pregenerated, &src, MSVC_OBJ_EXT); - run_command(nasm(&src, target_arch, &obj_path)); - } + if asm_target.preassemble { + if !std::mem::replace(&mut generated_prefix_headers, true) { + generate_prefix_symbols_nasm(&pregenerated, &ring_core_prefix()).unwrap(); + } + let srcs = asm_srcs(perlasm_src_dsts); + for src in srcs { + let obj_path = obj_path(&pregenerated, &src, MSVC_OBJ_EXT); + run_command(nasm(&src, asm_target.arch, &obj_path, &pregenerated)); } } } @@ -322,7 +382,9 @@ struct Target { is_debug: bool, } -fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path) { +fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path, ring_core_prefix: &str) { + println!("cargo:rustc-env=RING_CORE_PREFIX={}", ring_core_prefix); + #[cfg(not(feature = "wasm32_c"))] { if &target.arch == "wasm32" { @@ -330,32 +392,9 @@ fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path) { } } - let includes_modified = RING_INCLUDES - .iter() - .chain(RING_BUILD_FILE.iter()) - .chain(RING_PERL_INCLUDES.iter()) - .map(|f| file_modified(Path::new(*f))) - .max() - .unwrap(); - - fn is_none_or_equals<T>(opt: Option<T>, other: T) -> bool - where - T: PartialEq, - { - if let Some(value) = opt { - value == other - } else { - true - } - } - - let (_, _, perlasm_format) = ASM_TARGETS - .iter() - .find(|entry| { - let &(entry_arch, entry_os, _) = *entry; - entry_arch == target.arch && is_none_or_equals(entry_os, &target.os) - }) - .unwrap(); + let asm_target = ASM_TARGETS.iter().find(|asm_target| { + asm_target.arch == target.arch && asm_target.oss.contains(&target.os.as_ref()) + }); let use_pregenerated = !target.is_git; let warnings_are_errors = target.is_git; @@ -366,17 +405,13 @@ fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path) { out_dir }; - let asm_srcs = if let Some(perlasm_format) = perlasm_format { - let perlasm_src_dsts = - perlasm_src_dsts(asm_dir, &target.arch, Some(&target.os), perlasm_format); + generate_prefix_symbols(target, out_dir, ring_core_prefix).unwrap(); + + let asm_srcs = if let Some(asm_target) = asm_target { + let perlasm_src_dsts = perlasm_src_dsts(asm_dir, asm_target); if !use_pregenerated { - perlasm( - &perlasm_src_dsts[..], - &target.arch, - perlasm_format, - Some(includes_modified), - ); + perlasm(&perlasm_src_dsts[..], asm_target); } let mut asm_srcs = asm_srcs(perlasm_src_dsts); @@ -406,23 +441,24 @@ fn build_c_code(target: &Target, pregenerated: PathBuf, out_dir: &Path) { let test_srcs = RING_TEST_SRCS.iter().map(PathBuf::from).collect::<Vec<_>>(); let libs = [ - ("ring-core", &core_srcs[..], &asm_srcs[..]), - ("ring-test", &test_srcs[..], &[]), + ("", &core_srcs[..], &asm_srcs[..]), + ("test", &test_srcs[..], &[]), ]; // XXX: Ideally, ring-test would only be built for `cargo test`, but Cargo // can't do that yet. - libs.iter().for_each(|&(lib_name, srcs, additional_srcs)| { - build_library( - &target, - &out_dir, - lib_name, - srcs, - additional_srcs, - warnings_are_errors, - includes_modified, - ) - }); + libs.iter() + .for_each(|&(lib_name_suffix, srcs, additional_srcs)| { + let lib_name = String::from(ring_core_prefix) + lib_name_suffix; + build_library( + &target, + &out_dir, + &lib_name, + srcs, + additional_srcs, + warnings_are_errors, + ) + }); println!( "cargo:rustc-link-search=native={}", @@ -437,80 +473,65 @@ fn build_library( srcs: &[PathBuf], additional_srcs: &[PathBuf], warnings_are_errors: bool, - includes_modified: SystemTime, ) { // Compile all the (dirty) source files into object files. let objs = additional_srcs .iter() .chain(srcs.iter()) .filter(|f| &target.env != "msvc" || f.extension().unwrap().to_str().unwrap() != "S") - .map(|f| compile(f, target, warnings_are_errors, out_dir, includes_modified)) + .map(|f| compile(f, target, warnings_are_errors, out_dir)) .collect::<Vec<_>>(); // Rebuild the library if necessary. let lib_path = PathBuf::from(out_dir).join(format!("lib{}.a", lib_name)); - if objs - .iter() - .map(Path::new) - .any(|p| need_run(&p, &lib_path, includes_modified)) - { - let mut c = cc::Build::new(); + let mut c = cc::Build::new(); - for f in LD_FLAGS { - let _ = c.flag(&f); - } - match target.os.as_str() { - "macos" => { - let _ = c.flag("-fPIC"); - let _ = c.flag("-Wl,-dead_strip"); - } - _ => { - let _ = c.flag("-Wl,--gc-sections"); - } + for f in LD_FLAGS { + let _ = c.flag(&f); + } + match target.os.as_str() { + "macos" => { + let _ = c.flag("-fPIC"); + let _ = c.flag("-Wl,-dead_strip"); } - for o in objs { - let _ = c.object(o); + _ => { + let _ = c.flag("-Wl,--gc-sections"); } + } + for o in objs { + let _ = c.object(o); + } - // Handled below. - let _ = c.cargo_metadata(false); + // Handled below. + let _ = c.cargo_metadata(false); - c.compile( - lib_path - .file_name() - .and_then(|f| f.to_str()) - .expect("No filename"), - ); - } + c.compile( + lib_path + .file_name() + .and_then(|f| f.to_str()) + .expect("No filename"), + ); // Link the library. This works even when the library doesn't need to be // rebuilt. println!("cargo:rustc-link-lib=static={}", lib_name); } -fn compile( - p: &Path, - target: &Target, - warnings_are_errors: bool, - out_dir: &Path, - includes_modified: SystemTime, -) -> String { +fn compile(p: &Path, target: &Target, warnings_are_errors: bool, out_dir: &Path) -> String { let ext = p.extension().unwrap().to_str().unwrap(); if ext == "obj" { p.to_str().expect("Invalid path").into() } else { let mut out_path = out_dir.join(p.file_name().unwrap()); assert!(out_path.set_extension(target.obj_ext)); - if need_run(&p, &out_path, includes_modified) { - let cmd = if target.os != WINDOWS || ext != "asm" { - cc(p, ext, target, warnings_are_errors, &out_path) - } else { - nasm(p, &target.arch, &out_path) - }; + let cmd = if target.os != WINDOWS || ext != "asm" { + cc(p, ext, target, warnings_are_errors, &out_path, out_dir) + } else { + nasm(p, &target.arch, &out_path, out_dir) + }; - run_command(cmd); - } + run_command(cmd); out_path.to_str().expect("Invalid path").into() } } @@ -526,12 +547,14 @@ fn cc( ext: &str, target: &Target, warnings_are_errors: bool, - out_dir: &Path, + out_path: &Path, + include_dir: &Path, ) -> Command { let is_musl = target.env.starts_with("musl"); let mut c = cc::Build::new(); let _ = c.include("include"); + let _ = c.include(include_dir); match ext { "c" => { for f in c_flags(target) { @@ -586,7 +609,7 @@ fn cc( // TODO: Expand this to non-clang compilers in 0.17.0 if practical. if compiler.is_like_clang() { let _ = c.flag("-nostdlibinc"); - let _ = c.define("GFp_NOSTDLIBINC", "1"); + let _ = c.define("RING_CORE_NOSTDLIBINC", "1"); } } } @@ -614,24 +637,35 @@ fn cc( .arg(format!( "{}{}", target.obj_opt, - out_dir.to_str().expect("Invalid path") + out_path.to_str().expect("Invalid path") )) .arg(file); c } -fn nasm(file: &Path, arch: &str, out_file: &Path) -> Command { +fn nasm(file: &Path, arch: &str, out_file: &Path, include_dir: &Path) -> Command { let oformat = match arch { "x86_64" => ("win64"), "x86" => ("win32"), _ => panic!("unsupported arch: {}", arch), }; - let mut c = Command::new("./target/tools/nasm"); + + // Nasm requires that the path end in a path separator. + let mut include_dir = include_dir.as_os_str().to_os_string(); + include_dir.push(std::ffi::OsString::from(String::from( + std::path::MAIN_SEPARATOR, + ))); + + let mut c = Command::new("./target/tools/windows/nasm/nasm"); let _ = c .arg("-o") .arg(out_file.to_str().expect("Invalid path")) .arg("-f") .arg(oformat) + .arg("-i") + .arg("include/") + .arg("-i") + .arg(include_dir) .arg("-Xgnu") .arg("-gcv8") .arg(file); @@ -665,17 +699,12 @@ fn sources_for_arch(arch: &str) -> Vec<PathBuf> { .collect::<Vec<_>>() } -fn perlasm_src_dsts( - out_dir: &Path, - arch: &str, - os: Option<&str>, - perlasm_format: &str, -) -> Vec<(PathBuf, PathBuf)> { - let srcs = sources_for_arch(arch); +fn perlasm_src_dsts(out_dir: &Path, asm_target: &AsmTarget) -> Vec<(PathBuf, PathBuf)> { + let srcs = sources_for_arch(asm_target.arch); let mut src_dsts = srcs .iter() .filter(|p| is_perlasm(p)) - .map(|src| (src.clone(), asm_path(out_dir, src, os, perlasm_format))) + .map(|src| (src.clone(), asm_path(out_dir, src, asm_target))) .collect::<Vec<_>>(); // Some PerlAsm source files need to be run multiple times with different @@ -688,7 +717,7 @@ fn perlasm_src_dsts( let synthesized_path = PathBuf::from(synthesized); src_dsts.push(( concrete_path, - asm_path(out_dir, &synthesized_path, os, perlasm_format), + asm_path(out_dir, &synthesized_path, asm_target), )) } }; @@ -710,32 +739,23 @@ fn is_perlasm(path: &PathBuf) -> bool { path.extension().unwrap().to_str().unwrap() == "pl" } -fn asm_path(out_dir: &Path, src: &Path, os: Option<&str>, perlasm_format: &str) -> PathBuf { +fn asm_path(out_dir: &Path, src: &Path, asm_target: &AsmTarget) -> PathBuf { let src_stem = src.file_stem().expect("source file without basename"); let dst_stem = src_stem.to_str().unwrap(); - let dst_extension = if os == Some("windows") { "asm" } else { "S" }; - let dst_filename = format!("{}-{}.{}", dst_stem, perlasm_format, dst_extension); + let dst_filename = format!( + "{}-{}.{}", + dst_stem, asm_target.perlasm_format, asm_target.asm_extension + ); out_dir.join(dst_filename) } -fn perlasm( - src_dst: &[(PathBuf, PathBuf)], - arch: &str, - perlasm_format: &str, - includes_modified: Option<SystemTime>, -) { +fn perlasm(src_dst: &[(PathBuf, PathBuf)], asm_target: &AsmTarget) { for (src, dst) in src_dst { - if let Some(includes_modified) = includes_modified { - if !need_run(src, dst, includes_modified) { - continue; - } - } - let mut args = Vec::<String>::new(); args.push(src.to_string_lossy().into_owned()); - args.push(perlasm_format.to_owned()); - if arch == "x86" { + args.push(asm_target.perlasm_format.to_owned()); + if asm_target.arch == "x86" { args.push("-fPIC".into()); args.push("-DOPENSSL_IA32_SSE2".into()); } @@ -750,57 +770,29 @@ fn perlasm( } } -fn need_run(source: &Path, target: &Path, includes_modified: SystemTime) -> bool { - let s_modified = file_modified(source); - if let Ok(target_metadata) = std::fs::metadata(target) { - let target_modified = target_metadata.modified().unwrap(); - s_modified >= target_modified || includes_modified >= target_modified - } else { - // On error fetching metadata for the target file, assume the target - // doesn't exist. - true - } -} - -fn file_modified(path: &Path) -> SystemTime { - let path = Path::new(path); - let path_as_str = format!("{:?}", path); - std::fs::metadata(path) - .expect(&path_as_str) - .modified() - .expect("nah") +fn get_command(var: &'static str, default: &str) -> String { + read_env_var(var).unwrap_or_else(|_| default.into()) } -fn get_command(var: &str, default: &str) -> String { - std::env::var(var).unwrap_or_else(|_| default.into()) -} - -fn check_all_files_tracked() { +// TODO: We should emit `cargo:rerun-if-changed-env` for the various +// environment variables that affect the build. +fn emit_rerun_if_changed() { for path in &["crypto", "include", "third_party/fiat"] { - walk_dir(&PathBuf::from(path), &is_tracked); - } -} - -fn is_tracked(file: &DirEntry) { - let p = file.path(); - let cmp = |f| p == PathBuf::from(f); - let tracked = match p.extension().and_then(|p| p.to_str()) { - Some("h") | Some("inl") => RING_INCLUDES.iter().any(cmp), - Some("c") | Some("S") | Some("asm") => { - RING_SRCS.iter().any(|(_, f)| cmp(f)) || RING_TEST_SRCS.iter().any(cmp) - } - Some("pl") => RING_SRCS.iter().any(|(_, f)| cmp(f)) || RING_PERL_INCLUDES.iter().any(cmp), - _ => true, - }; - if !tracked { - panic!("{:?} is not tracked in build.rs", p); + walk_dir(&PathBuf::from(path), &|entry| { + let path = entry.path(); + match path.extension().and_then(|ext| ext.to_str()) { + Some("c") | Some("S") | Some("h") | Some("inl") | Some("pl") | None => { + println!("cargo:rerun-if-changed={}", path.to_str().unwrap()); + } + _ => { + // Ignore other types of files. + } + } + }) } } -fn walk_dir<F>(dir: &Path, cb: &F) -where - F: Fn(&DirEntry), -{ +fn walk_dir(dir: &Path, cb: &impl Fn(&DirEntry)) { if dir.is_dir() { for entry in fs::read_dir(dir).unwrap() { let entry = entry.unwrap(); @@ -813,3 +805,210 @@ where } } } + +fn ring_core_prefix() -> String { + let links = std::env::var("CARGO_MANIFEST_LINKS").unwrap(); + + let computed = { + let name = std::env::var("CARGO_PKG_NAME").unwrap(); + let version = std::env::var("CARGO_PKG_VERSION").unwrap(); + name + "_core_" + &version.replace(&['-', '.'][..], "_") + }; + + assert_eq!(links, computed); + + links + "_" +} + +/// Creates the necessary header file for symbol renaming and returns the path of the +/// generated include directory. +fn generate_prefix_symbols( + target: &Target, + out_dir: &Path, + prefix: &str, +) -> Result<(), std::io::Error> { + generate_prefix_symbols_header(out_dir, "prefix_symbols.h", '#', None, prefix)?; + + if target.os == "windows" { + let _ = generate_prefix_symbols_nasm(out_dir, prefix)?; + } else { + generate_prefix_symbols_header( + out_dir, + "prefix_symbols_asm.h", + '#', + Some("#if defined(__APPLE__)"), + prefix, + )?; + } + + Ok(()) +} + +fn generate_prefix_symbols_nasm(out_dir: &Path, prefix: &str) -> Result<(), std::io::Error> { + generate_prefix_symbols_header( + out_dir, + "prefix_symbols_nasm.inc", + '%', + Some("%ifidn __OUTPUT_FORMAT__,win32"), + prefix, + ) +} + +fn generate_prefix_symbols_header( + out_dir: &Path, + filename: &str, + pp: char, + prefix_condition: Option<&str>, + prefix: &str, +) -> Result<(), std::io::Error> { + let dir = out_dir.join("ring_core_generated"); + std::fs::create_dir_all(&dir)?; + + let path = dir.join(filename); + let mut file = std::fs::File::create(&path)?; + + let filename_ident = filename.replace(".", "_").to_uppercase(); + writeln!( + file, + r#" +{pp}ifndef ring_core_generated_{filename_ident} +{pp}define ring_core_generated_{filename_ident} +"#, + pp = pp, + filename_ident = filename_ident + )?; + + if let Some(prefix_condition) = prefix_condition { + writeln!(file, "{}", prefix_condition)?; + writeln!(file, "{}", prefix_all_symbols(pp, "_", prefix))?; + writeln!(file, "{pp}else", pp = pp)?; + }; + writeln!(file, "{}", prefix_all_symbols(pp, "", prefix))?; + if prefix_condition.is_some() { + writeln!(file, "{pp}endif", pp = pp)? + } + + writeln!(file, "{pp}endif", pp = pp)?; + + Ok(()) +} + +fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String { + static SYMBOLS_TO_PREFIX: &[&str] = &[ + "CRYPTO_poly1305_finish", + "CRYPTO_poly1305_finish_neon", + "CRYPTO_poly1305_init", + "CRYPTO_poly1305_init_neon", + "CRYPTO_poly1305_update", + "CRYPTO_poly1305_update_neon", + "ChaCha20_ctr32", + "LIMBS_add_mod", + "LIMBS_are_even", + "LIMBS_are_zero", + "LIMBS_equal", + "LIMBS_equal_limb", + "LIMBS_less_than", + "LIMBS_less_than_limb", + "LIMBS_reduce_once", + "LIMBS_select_512_32", + "LIMBS_shl_mod", + "LIMBS_sub_mod", + "LIMBS_window5_split_window", + "LIMBS_window5_unsplit_window", + "LIMB_shr", + "OPENSSL_armcap_P", + "OPENSSL_cpuid_setup", + "OPENSSL_ia32cap_P", + "OPENSSL_memcmp", + "RSA_padding_check_oaep", + "aes_hw_ctr32_encrypt_blocks", + "aes_hw_encrypt", + "aes_hw_set_encrypt_key", + "aes_nohw_ctr32_encrypt_blocks", + "aes_nohw_encrypt", + "aes_nohw_set_encrypt_key", + "aesni_gcm_decrypt", + "aesni_gcm_encrypt", + "bn_from_montgomery", + "bn_from_montgomery_in_place", + "bn_gather5", + "bn_mul_mont", + "bn_mul_mont_gather5", + "bn_neg_inv_mod_r_u64", + "bn_power5", + "bn_scatter5", + "bn_sqr8x_internal", + "bn_sqrx8x_internal", + "bsaes_ctr32_encrypt_blocks", + "bssl_constant_time_test_main", + "chacha20_poly1305_open", + "chacha20_poly1305_seal", + "gcm_ghash_avx", + "gcm_ghash_clmul", + "gcm_ghash_neon", + "gcm_gmult_clmul", + "gcm_gmult_neon", + "gcm_init_avx", + "gcm_init_clmul", + "gcm_init_neon", + "limbs_mul_add_limb", + "little_endian_bytes_from_scalar", + "nistz256_neg", + "nistz256_select_w5", + "nistz256_select_w7", + "nistz384_point_add", + "nistz384_point_double", + "nistz384_point_mul", + "p256_mul_mont", + "p256_point_add", + "p256_point_add_affine", + "p256_point_double", + "p256_point_mul", + "p256_point_mul_base", + "p256_scalar_mul_mont", + "p256_scalar_sqr_rep_mont", + "p256_sqr_mont", + "p384_elem_div_by_2", + "p384_elem_mul_mont", + "p384_elem_neg", + "p384_elem_sub", + "p384_scalar_mul_mont", + "poly1305_neon2_addmulmod", + "poly1305_neon2_blocks", + "sha256_block_data_order", + "sha512_block_data_order", + "vpaes_ctr32_encrypt_blocks", + "vpaes_encrypt", + "vpaes_encrypt_key_to_bsaes", + "vpaes_set_encrypt_key", + "x25519_NEON", + "x25519_fe_invert", + "x25519_fe_isnegative", + "x25519_fe_mul_ttt", + "x25519_fe_neg", + "x25519_fe_tobytes", + "x25519_ge_double_scalarmult_vartime", + "x25519_ge_frombytes_vartime", + "x25519_ge_scalarmult_base", + "x25519_public_from_private_generic_masked", + "x25519_sc_mask", + "x25519_sc_muladd", + "x25519_sc_reduce", + "x25519_scalar_mult_generic_masked", + ]; + + let mut out = String::new(); + + for symbol in SYMBOLS_TO_PREFIX { + let line = format!( + "{pp}define {prefix_prefix}{symbol} {prefix_prefix}{prefix}{symbol}\n", + pp = pp, + prefix_prefix = prefix_prefix, + prefix = prefix, + symbol = symbol + ); + out += &line; + } + + out +} diff --git a/cargo2android.json b/cargo2android.json index 2809212..ae417f7 100644 --- a/cargo2android.json +++ b/cargo2android.json @@ -2,18 +2,17 @@ "add-toplevel-block": "cargo2android_cc.bp", "apex-available": [ "//apex_available:platform", - "com.android.compos", - "com.android.resolv", - "com.android.virt" + "com.android.resolv" ], "dependencies": true, "device": true, "features": "alloc,default,dev_urandom_fallback,once_cell,std", "min-sdk-version": "29", + "patch": "patches/Android.bp.patch", "run": true, "tests": true, "whole-static-libs": [ "ring-core", "ring-test" ] -}
\ No newline at end of file +} diff --git a/cargo2android_cc.bp b/cargo2android_cc.bp index 179d7f8..e8749a9 100644 --- a/cargo2android_cc.bp +++ b/cargo2android_cc.bp @@ -9,9 +9,10 @@ cc_library_static { "crypto/poly1305/poly1305_vec.c", "crypto/curve25519/curve25519.c", "crypto/fipsmodule/ec/ecp_nistz.c", - "crypto/fipsmodule/ec/ecp_nistz256.c", "crypto/fipsmodule/ec/gfp_p256.c", "crypto/fipsmodule/ec/gfp_p384.c", + "crypto/fipsmodule/ec/p256.c", + "crypto/fipsmodule/rsa/padding.c", "crypto/limbs/limbs.c", "crypto/mem.c", "crypto/fipsmodule/bn/montgomery.c", @@ -27,7 +28,6 @@ cc_library_static { "crypto/curve25519/asm/x25519-asm-arm.S", "pregenerated/sha256-armv4-linux32.S", "pregenerated/sha512-armv4-linux32.S", - "pregenerated/ecp_nistz256-armv4-linux32.S", "pregenerated/aesv8-armx-linux32.S", "pregenerated/bsaes-armv7-linux32.S", "pregenerated/ghashv8-armx-linux32.S", @@ -41,7 +41,6 @@ cc_library_static { "pregenerated/aesv8-armx-linux64.S", "pregenerated/armv8-mont-linux64.S", "pregenerated/chacha-armv8-linux64.S", - "pregenerated/ecp_nistz256-armv8-linux64.S", "pregenerated/ghash-neon-armv8-linux64.S", "pregenerated/ghashv8-armx-linux64.S", "pregenerated/sha256-armv8-linux64.S", @@ -53,7 +52,6 @@ cc_library_static { srcs: [ "pregenerated/aesni-x86-elf.S", "pregenerated/chacha-x86-elf.S", - "pregenerated/ecp_nistz256-x86-elf.S", "pregenerated/ghash-x86-elf.S", "pregenerated/vpaes-x86-elf.S", "pregenerated/x86-mont-elf.S", @@ -61,6 +59,7 @@ cc_library_static { }, x86_64: { srcs: [ + "crypto/fipsmodule/ec/p256-x86_64.c", "pregenerated/aesni-gcm-x86_64-elf.S", "pregenerated/aesni-x86_64-elf.S", "pregenerated/chacha-x86_64-elf.S", @@ -74,6 +73,9 @@ cc_library_static { "pregenerated/x86_64-mont-elf.S", ], }, + riscv64: { + cflags: ["-DOPENSSL_NO_ASM"], + }, }, cflags: [ @@ -91,10 +93,10 @@ cc_library_static { local_include_dirs: ["include"], apex_available: [ "//apex_available:platform", - "com.android.compos", "com.android.resolv", - "com.android.virt", ], + vendor_available: true, + product_available: true, min_sdk_version: "29", } @@ -107,9 +109,9 @@ cc_library_static { local_include_dirs: ["include"], apex_available: [ "//apex_available:platform", - "com.android.compos", "com.android.resolv", - "com.android.virt", ], + vendor_available: true, + product_available: true, min_sdk_version: "29", -}
\ No newline at end of file +} diff --git a/crypto/chacha/asm/chacha-armv4.pl b/crypto/chacha/asm/chacha-armv4.pl index 90fa2c7..bb63413 100644 --- a/crypto/chacha/asm/chacha-armv4.pl +++ b/crypto/chacha/asm/chacha-armv4.pl @@ -171,7 +171,7 @@ my @ret; } $code.=<<___; -#include <GFp/arm_arch.h> +#include <ring-core/arm_arch.h> @ Silence ARMv8 deprecated IT instruction warnings. This file is used by both @ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. @@ -197,18 +197,18 @@ $code.=<<___; .Lone: .long 1,0,0,0 #if __ARM_MAX_ARCH__>=7 -.extern GFp_armcap_P -.hidden GFp_armcap_P +.extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .LOPENSSL_armcap: -.word GFp_armcap_P-.LChaCha20_ctr32 +.word OPENSSL_armcap_P-.LChaCha20_ctr32 #else .word -1 #endif -.globl GFp_ChaCha20_ctr32 -.type GFp_ChaCha20_ctr32,%function +.globl ChaCha20_ctr32 +.type ChaCha20_ctr32,%function .align 5 -GFp_ChaCha20_ctr32: +ChaCha20_ctr32: .LChaCha20_ctr32: ldr r12,[sp,#0] @ pull pointer to counter and nonce stmdb sp!,{r0-r2,r4-r11,lr} @@ -630,7 +630,7 @@ $code.=<<___; add sp,sp,#4*(32+3) .Lno_data: ldmia sp!,{r4-r11,pc} -.size GFp_ChaCha20_ctr32,.-GFp_ChaCha20_ctr32 +.size ChaCha20_ctr32,.-ChaCha20_ctr32 ___ {{{ diff --git a/crypto/chacha/asm/chacha-armv8.pl b/crypto/chacha/asm/chacha-armv8.pl index 80ec882..f40d66a 100644 --- a/crypto/chacha/asm/chacha-armv8.pl +++ b/crypto/chacha/asm/chacha-armv8.pl @@ -120,10 +120,10 @@ my ($a3,$b3,$c3,$d3)=map(($_&~3)+(($_+1)&3),($a2,$b2,$c2,$d2)); } $code.=<<___; -#include <GFp/arm_arch.h> +#include <ring-core/arm_arch.h> -.extern GFp_armcap_P -.hidden GFp_armcap_P +.extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .section .rodata @@ -136,20 +136,20 @@ $code.=<<___; .text -.globl GFp_ChaCha20_ctr32 -.type GFp_ChaCha20_ctr32,%function +.globl ChaCha20_ctr32 +.type ChaCha20_ctr32,%function .align 5 -GFp_ChaCha20_ctr32: +ChaCha20_ctr32: AARCH64_VALID_CALL_TARGET cbz $len,.Labort #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 - adrp @x[0],:pg_hi21_nc:GFp_armcap_P + adrp @x[0],:pg_hi21_nc:OPENSSL_armcap_P #else - adrp @x[0],:pg_hi21:GFp_armcap_P + adrp @x[0],:pg_hi21:OPENSSL_armcap_P #endif cmp $len,#192 b.lo .Lshort - ldr w17,[@x[0],:lo12:GFp_armcap_P] + ldr w17,[@x[0],:lo12:OPENSSL_armcap_P] tst w17,#ARMV7_NEON b.ne ChaCha20_neon @@ -334,7 +334,7 @@ $code.=<<___; ldp x29,x30,[sp],#96 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_ChaCha20_ctr32,.-GFp_ChaCha20_ctr32 +.size ChaCha20_ctr32,.-ChaCha20_ctr32 ___ {{{ diff --git a/crypto/chacha/asm/chacha-x86.pl b/crypto/chacha/asm/chacha-x86.pl index 599a38e..ffe2990 100644 --- a/crypto/chacha/asm/chacha-x86.pl +++ b/crypto/chacha/asm/chacha-x86.pl @@ -118,7 +118,7 @@ my ($ap,$bp,$cp,$dp)=map(($_&~3)+(($_-1)&3),($ai,$bi,$ci,$di)); # previous &static_label("ssse3_data"); &static_label("pic_point"); -&function_begin("GFp_ChaCha20_ctr32"); +&function_begin("ChaCha20_ctr32"); &xor ("eax","eax"); &cmp ("eax",&wparam(2)); # len==0? &je (&label("no_data")); @@ -126,7 +126,7 @@ if ($xmm) { &call (&label("pic_point")); &set_label("pic_point"); &blindpop("eax"); - &picmeup("ebp","GFp_ia32cap_P","eax",&label("pic_point")); + &picmeup("ebp","OPENSSL_ia32cap_P","eax",&label("pic_point")); &test (&DWP(0,"ebp"),1<<24); # test FXSR bit &jz (&label("x86")); &test (&DWP(4,"ebp"),1<<9); # test SSSE3 bit @@ -356,7 +356,7 @@ if ($xmm) { &set_label("done"); &stack_pop(33); &set_label("no_data"); -&function_end("GFp_ChaCha20_ctr32"); +&function_end("ChaCha20_ctr32"); if ($xmm) { my ($xa,$xa_,$xb,$xb_,$xc,$xc_,$xd,$xd_)=map("xmm$_",(0..7)); diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl index c85bfa8..41eeb8e 100644 --- a/crypto/chacha/asm/chacha-x86_64.pl +++ b/crypto/chacha/asm/chacha-x86_64.pl @@ -76,7 +76,7 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; $code.=<<___; .text -.extern GFp_ia32cap_P +.extern OPENSSL_ia32cap_P .align 64 .Lzero: @@ -224,14 +224,14 @@ my @x=map("\"$_\"",@x); ######################################################################## # Generic code path that handles all lengths on pre-SSSE3 processors. $code.=<<___; -.globl GFp_ChaCha20_ctr32 -.type GFp_ChaCha20_ctr32,\@function,5 +.globl ChaCha20_ctr32 +.type ChaCha20_ctr32,\@function,5 .align 64 -GFp_ChaCha20_ctr32: +ChaCha20_ctr32: .cfi_startproc cmp \$0,$len je .Lno_data - mov GFp_ia32cap_P+4(%rip),%r10 + mov OPENSSL_ia32cap_P+4(%rip),%r10 ___ $code.=<<___; test \$`1<<(41-32)`,%r10d @@ -408,7 +408,7 @@ $code.=<<___; .Lno_data: ret .cfi_endproc -.size GFp_ChaCha20_ctr32,.-GFp_ChaCha20_ctr32 +.size ChaCha20_ctr32,.-ChaCha20_ctr32 ___ ######################################################################## @@ -713,7 +713,7 @@ ChaCha20_4x: mov %r10,%r11 ___ $code.=<<___ if ($avx>1); - shr \$32,%r10 # GFp_ia32cap_P+8 + shr \$32,%r10 # OPENSSL_ia32cap_P+8 test \$`1<<5`,%r10 # test AVX2 jnz .LChaCha20_8x ___ @@ -1982,9 +1982,9 @@ full_handler: .section .pdata .align 4 - .rva .LSEH_begin_GFp_ChaCha20_ctr32 - .rva .LSEH_end_GFp_ChaCha20_ctr32 - .rva .LSEH_info_GFp_ChaCha20_ctr32 + .rva .LSEH_begin_ChaCha20_ctr32 + .rva .LSEH_end_ChaCha20_ctr32 + .rva .LSEH_info_ChaCha20_ctr32 .rva .LSEH_begin_ChaCha20_ssse3 .rva .LSEH_end_ChaCha20_ssse3 @@ -2002,7 +2002,7 @@ ___ $code.=<<___; .section .xdata .align 8 -.LSEH_info_GFp_ChaCha20_ctr32: +.LSEH_info_ChaCha20_ctr32: .byte 9,0,0,0 .rva se_handler diff --git a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl index 017570b..aa42c67 100644 --- a/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl +++ b/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl @@ -38,7 +38,7 @@ $avx = 2; $code.=<<___; .text -.extern GFp_ia32cap_P +.extern OPENSSL_ia32cap_P chacha20_poly1305_constants: @@ -436,16 +436,16 @@ poly_hash_ad_internal: { ################################################################################ -# void GFp_chacha20_poly1305_open(uint8_t *out_plaintext, const uint8_t *ciphertext, -# size_t plaintext_len, const uint8_t *ad, -# size_t ad_len, -# union chacha20_poly1305_open_data *aead_data) +# void chacha20_poly1305_open(uint8_t *out_plaintext, const uint8_t *ciphertext, +# size_t plaintext_len, const uint8_t *ad, +# size_t ad_len, +# union chacha20_poly1305_open_data *aead_data) # $code.=" -.globl GFp_chacha20_poly1305_open -.type GFp_chacha20_poly1305_open,\@function,6 +.globl chacha20_poly1305_open +.type chacha20_poly1305_open,\@function,6 .align 64 -GFp_chacha20_poly1305_open: +chacha20_poly1305_open: .cfi_startproc push %rbp .cfi_push %rbp @@ -484,7 +484,7 @@ $code.=" mov $adl, 0+$len_store mov $inl, 8+$len_store\n"; $code.=" - mov GFp_ia32cap_P+8(%rip), %eax + mov OPENSSL_ia32cap_P+8(%rip), %eax and \$`(1<<5) + (1<<8)`, %eax # Check both BMI2 and AVX2 are present xor \$`(1<<5) + (1<<8)`, %eax jz chacha20_poly1305_open_avx2\n" if ($avx>1); @@ -855,18 +855,19 @@ $code.=" movdqa $C2, $B2 movdqa $D2, $C2 jmp .Lopen_sse_128_xor_hash -.size GFp_chacha20_poly1305_open, .-GFp_chacha20_poly1305_open +.size chacha20_poly1305_open, .-chacha20_poly1305_open .cfi_endproc ################################################################################ -# void GFp_chacha20_poly1305_seal(uint8_t *out_ciphertext, const uint8_t *plaintext, -# size_t plaintext_len, const uint8_t *ad, -# size_t ad_len, -# union chacha20_poly1305_seal_data *data); -.globl GFp_chacha20_poly1305_seal -.type GFp_chacha20_poly1305_seal,\@function,6 +################################################################################ +# void chacha20_poly1305_seal(uint8_t *out_ciphertext, const uint8_t *plaintext, +# size_t plaintext_len, const uint8_t *ad, +# size_t ad_len, +# union chacha20_poly1305_seal_data *data); +.globl chacha20_poly1305_seal +.type chacha20_poly1305_seal,\@function,6 .align 64 -GFp_chacha20_poly1305_seal: +chacha20_poly1305_seal: .cfi_startproc push %rbp .cfi_push %rbp @@ -879,7 +880,7 @@ GFp_chacha20_poly1305_seal: push %r14 .cfi_push %r14 push %r15 -.cfi_push %r15 +.cfi_push %r15 # We write the calculated authenticator back to keyp at the end, so save # the pointer on the stack too. push $keyp @@ -906,7 +907,7 @@ $code.=" mov $inl, 8+$len_store mov %rdx, $inl\n"; $code.=" - mov GFp_ia32cap_P+8(%rip), %eax + mov OPENSSL_ia32cap_P+8(%rip), %eax and \$`(1<<5) + (1<<8)`, %eax # Check both BMI2 and AVX2 are present xor \$`(1<<5) + (1<<8)`, %eax jz chacha20_poly1305_seal_avx2\n" if ($avx>1); @@ -1366,7 +1367,7 @@ $code.=" mov %r8, $itr2 call poly_hash_ad_internal jmp .Lseal_sse_128_tail_xor -.size GFp_chacha20_poly1305_seal, .-GFp_chacha20_poly1305_seal +.size chacha20_poly1305_seal, .-chacha20_poly1305_seal .cfi_endproc\n"; } @@ -1709,7 +1710,7 @@ chacha20_poly1305_open_avx2: # Hash and decrypt 512 bytes each iteration cmp \$16*32, $inl jb .Lopen_avx2_main_loop_done\n"; - &prep_state_avx2(4); $code.=" + &prep_state_avx2(4); $code.=" xor $itr1, $itr1 .Lopen_avx2_main_loop_rounds: \n"; &poly_add("0*8($inp,$itr1)"); diff --git a/crypto/cpu-intel.c b/crypto/cpu-intel.c index adaff7a..b563ea1 100644 --- a/crypto/cpu-intel.c +++ b/crypto/cpu-intel.c @@ -54,7 +54,7 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include <GFp/cpu.h> +#include <ring-core/cpu.h> #if !defined(OPENSSL_NO_ASM) && (defined(OPENSSL_X86) || defined(OPENSSL_X86_64)) @@ -107,7 +107,7 @@ static void OPENSSL_cpuid(uint32_t *out_eax, uint32_t *out_ebx, // // See https://software.intel.com/en-us/articles/how-to-detect-new-instruction-support-in-the-4th-generation-intel-core-processor-family static uint64_t OPENSSL_xgetbv(uint32_t xcr) { -#if defined(_MSC_VER) && !defined(__clang__) +#if defined(_MSC_VER) return (uint64_t)_xgetbv(xcr); #else uint32_t eax, edx; @@ -116,7 +116,7 @@ static uint64_t OPENSSL_xgetbv(uint32_t xcr) { #endif } -void GFp_cpuid_setup(void) { +void OPENSSL_cpuid_setup(void) { // Determine the vendor and maximum input value. uint32_t eax, ebx, ecx, edx; OPENSSL_cpuid(&eax, &ebx, &ecx, &edx, 0); @@ -194,10 +194,10 @@ void GFp_cpuid_setup(void) { extended_features[0] &= ~(1u << 19); } - GFp_ia32cap_P[0] = edx; - GFp_ia32cap_P[1] = ecx; - GFp_ia32cap_P[2] = extended_features[0]; - GFp_ia32cap_P[3] = extended_features[1]; + OPENSSL_ia32cap_P[0] = edx; + OPENSSL_ia32cap_P[1] = ecx; + OPENSSL_ia32cap_P[2] = extended_features[0]; + OPENSSL_ia32cap_P[3] = extended_features[1]; } #endif // !OPENSSL_NO_ASM && (OPENSSL_X86 || OPENSSL_X86_64) diff --git a/crypto/crypto.c b/crypto/crypto.c index 8a3d066..7caecc5 100644 --- a/crypto/crypto.c +++ b/crypto/crypto.c @@ -12,7 +12,7 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include <GFp/cpu.h> +#include <ring-core/cpu.h> #include "internal.h" // Our assembly does not use the GOT to reference symbols, which means @@ -34,5 +34,5 @@ // archive, linking on OS X will fail to resolve common symbols. By // initialising it to zero, it becomes a "data symbol", which isn't so // affected. -HIDDEN uint32_t GFp_ia32cap_P[4] = {0}; +HIDDEN uint32_t OPENSSL_ia32cap_P[4] = {0}; #endif diff --git a/crypto/curve25519/asm/x25519-asm-arm.S b/crypto/curve25519/asm/x25519-asm-arm.S index 5f3e921..c2f6122 100644 --- a/crypto/curve25519/asm/x25519-asm-arm.S +++ b/crypto/curve25519/asm/x25519-asm-arm.S @@ -25,20 +25,16 @@ #if !defined(OPENSSL_NO_ASM) && defined(__arm__) && !defined(__APPLE__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif +#include "ring_core_generated/prefix_symbols_asm.h" .fpu neon .text .align 4 -.global GFp_x25519_NEON - -.hidden GFp_x25519_NEON -.type GFp_x25519_NEON, %function -GFp_x25519_NEON: - +.global x25519_NEON +.hidden x25519_NEON +.type x25519_NEON, %function +x25519_NEON: vpush {q4,q5,q6,q7} mov r12,sp sub sp,sp,#736 diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c index 30afff0..0b8b526 100644 --- a/crypto/curve25519/curve25519.c +++ b/crypto/curve25519/curve25519.c @@ -19,7 +19,7 @@ // // The field functions are shared by Ed25519 and X25519 where possible. -#include <GFp/mem.h> +#include <ring-core/mem.h> #include "internal.h" #include "../internal.h" @@ -159,7 +159,7 @@ static void fe_frombytes_strict(fe *h, const uint8_t s[32]) { static void fe_frombytes(fe *h, const uint8_t s[32]) { uint8_t s_copy[32]; - GFp_memcpy(s_copy, s, 32); + OPENSSL_memcpy(s_copy, s, 32); s_copy[31] &= 0x7f; fe_frombytes_strict(h, s_copy); } @@ -171,21 +171,21 @@ static void fe_tobytes(uint8_t s[32], const fe *f) { // h = 0 static void fe_0(fe *h) { - GFp_memset(h, 0, sizeof(fe)); + OPENSSL_memset(h, 0, sizeof(fe)); } static void fe_loose_0(fe_loose *h) { - GFp_memset(h, 0, sizeof(fe_loose)); + OPENSSL_memset(h, 0, sizeof(fe_loose)); } // h = 1 static void fe_1(fe *h) { - GFp_memset(h, 0, sizeof(fe)); + OPENSSL_memset(h, 0, sizeof(fe)); h->v[0] = 1; } static void fe_loose_1(fe_loose *h) { - GFp_memset(h, 0, sizeof(fe_loose)); + OPENSSL_memset(h, 0, sizeof(fe_loose)); h->v[0] = 1; } @@ -392,7 +392,7 @@ static int fe_isnonzero(const fe_loose *f) { fe_tobytes(s, &tight); static const uint8_t zero[32] = {0}; - return GFp_memcmp(s, zero, sizeof(zero)) != 0; + return OPENSSL_memcmp(s, zero, sizeof(zero)) != 0; } // return 1 if f is in {1,3,5,...,q-2} @@ -473,7 +473,7 @@ static void fe_pow22523(fe *out, const fe *z) { // Group operations. -int GFp_x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) { +int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) { fe u; fe_loose v; fe v3; @@ -779,7 +779,7 @@ static void table_select(ge_precomp *t, int pos, signed char b) { // // Preconditions: // a[31] <= 127 -void GFp_x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { +void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { signed char e[64]; signed char carry; ge_p1p1 r; @@ -952,7 +952,7 @@ static inline int64_t int64_lshift21(int64_t a) { // s[0]+256*s[1]+...+256^31*s[31] = s mod l // where l = 2^252 + 27742317777372353535851937790883648493. // Overwrites s in place. -void GFp_x25519_sc_reduce(uint8_t s[64]) { +void x25519_sc_reduce(uint8_t s[64]) { int64_t s0 = 2097151 & load_3(s); int64_t s1 = 2097151 & (load_4(s + 2) >> 5); int64_t s2 = 2097151 & (load_3(s + 5) >> 2); @@ -1775,14 +1775,14 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, } -void GFp_x25519_scalar_mult_generic_masked(uint8_t out[32], +void x25519_scalar_mult_generic_masked(uint8_t out[32], const uint8_t scalar_masked[32], const uint8_t point[32]) { fe x1, x2, z2, x3, z3, tmp0, tmp1; fe_loose x2l, z2l, x3l, tmp0l, tmp1l; uint8_t e[32]; - GFp_memcpy(e, scalar_masked, 32); + OPENSSL_memcpy(e, scalar_masked, 32); // The following implementation was transcribed to Coq and proven to // correspond to unary scalar multiplication in affine coordinates given that // x1 != 0 is the x coordinate of some point on the curve. It was also checked @@ -1853,13 +1853,13 @@ void GFp_x25519_scalar_mult_generic_masked(uint8_t out[32], fe_tobytes(out, &x2); } -void GFp_x25519_public_from_private_generic_masked(uint8_t out_public_value[32], +void x25519_public_from_private_generic_masked(uint8_t out_public_value[32], const uint8_t private_key_masked[32]) { uint8_t e[32]; - GFp_memcpy(e, private_key_masked, 32); + OPENSSL_memcpy(e, private_key_masked, 32); ge_p3 A; - GFp_x25519_ge_scalarmult_base(&A, e); + x25519_ge_scalarmult_base(&A, e); // We only need the u-coordinate of the curve25519 point. The map is // u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y). @@ -1872,40 +1872,40 @@ void GFp_x25519_public_from_private_generic_masked(uint8_t out_public_value[32], fe_tobytes(out_public_value, &zminusy_inv); } -void GFp_x25519_fe_invert(fe *out, const fe *z) { +void x25519_fe_invert(fe *out, const fe *z) { fe_invert(out, z); } -uint8_t GFp_x25519_fe_isnegative(const fe *f) { +uint8_t x25519_fe_isnegative(const fe *f) { return (uint8_t)fe_isnegative(f); } -void GFp_x25519_fe_mul_ttt(fe *h, const fe *f, const fe *g) { +void x25519_fe_mul_ttt(fe *h, const fe *f, const fe *g) { fe_mul_ttt(h, f, g); } -void GFp_x25519_fe_neg(fe *f) { +void x25519_fe_neg(fe *f) { fe_loose t; fe_neg(&t, f); fe_carry(f, &t); } -void GFp_x25519_fe_tobytes(uint8_t s[32], const fe *h) { +void x25519_fe_tobytes(uint8_t s[32], const fe *h) { fe_tobytes(s, h); } -void GFp_x25519_ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, +void x25519_ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, const ge_p3 *A, const uint8_t *b) { ge_double_scalarmult_vartime(r, a, A, b); } -void GFp_x25519_sc_mask(uint8_t a[32]) { +void x25519_sc_mask(uint8_t a[32]) { a[0] &= 248; a[31] &= 127; a[31] |= 64; } -void GFp_x25519_sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, +void x25519_sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c) { sc_muladd(s, a, b, c); } diff --git a/crypto/curve25519/internal.h b/crypto/curve25519/internal.h index 60f2f61..b040d2e 100644 --- a/crypto/curve25519/internal.h +++ b/crypto/curve25519/internal.h @@ -15,7 +15,7 @@ #ifndef OPENSSL_HEADER_CURVE25519_INTERNAL_H #define OPENSSL_HEADER_CURVE25519_INTERNAL_H -#include <GFp/base.h> +#include <ring-core/base.h> #include "../internal.h" @@ -24,7 +24,7 @@ #define BORINGSSL_X25519_NEON // x25519_NEON is defined in asm/x25519-arm.S. -void GFp_x25519_NEON(uint8_t out[32], const uint8_t scalar[32], +void x25519_NEON(uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32]); #endif diff --git a/crypto/fipsmodule/aes/aes_nohw.c b/crypto/fipsmodule/aes/aes_nohw.c index 19b019e..a6306f0 100644 --- a/crypto/fipsmodule/aes/aes_nohw.c +++ b/crypto/fipsmodule/aes/aes_nohw.c @@ -12,7 +12,7 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include <GFp/aes.h> +#include <ring-core/aes.h> #include "../../internal.h" @@ -346,7 +346,7 @@ static inline uint8_t lo(uint32_t a) { static inline void aes_nohw_compact_block(aes_word_t out[AES_NOHW_BLOCK_WORDS], const uint8_t in[16]) { - GFp_memcpy(out, in, 16); + OPENSSL_memcpy(out, in, 16); #if defined(OPENSSL_SSE2) // No conversions needed. #elif defined(OPENSSL_64_BIT) @@ -374,7 +374,7 @@ static inline void aes_nohw_compact_block(aes_word_t out[AES_NOHW_BLOCK_WORDS], static inline void aes_nohw_uncompact_block( uint8_t out[16], const aes_word_t in[AES_NOHW_BLOCK_WORDS]) { #if defined(OPENSSL_SSE2) - GFp_memcpy(out, in, 16); // No conversions needed. + OPENSSL_memcpy(out, in, 16); // No conversions needed. #elif defined(OPENSSL_64_BIT) uint64_t a0 = in[0]; uint64_t a1 = in[1]; @@ -382,8 +382,8 @@ static inline void aes_nohw_uncompact_block( aes_nohw_uncompact_word((a0 & UINT64_C(0x00000000ffffffff)) | (a1 << 32)); uint64_t b1 = aes_nohw_uncompact_word((a1 & UINT64_C(0xffffffff00000000)) | (a0 >> 32)); - GFp_memcpy(out, &b0, 8); - GFp_memcpy(out + 8, &b1, 8); + OPENSSL_memcpy(out, &b0, 8); + OPENSSL_memcpy(out + 8, &b1, 8); #else uint32_t a0 = in[0]; uint32_t a1 = in[1]; @@ -404,10 +404,10 @@ static inline void aes_nohw_uncompact_block( b1 = aes_nohw_uncompact_word(b1); b2 = aes_nohw_uncompact_word(b2); b3 = aes_nohw_uncompact_word(b3); - GFp_memcpy(out, &b0, 4); - GFp_memcpy(out + 4, &b1, 4); - GFp_memcpy(out + 8, &b2, 4); - GFp_memcpy(out + 12, &b3, 4); + OPENSSL_memcpy(out, &b0, 4); + OPENSSL_memcpy(out + 4, &b1, 4); + OPENSSL_memcpy(out + 8, &b2, 4); + OPENSSL_memcpy(out + 12, &b3, 4); #endif } @@ -475,7 +475,7 @@ static void aes_nohw_transpose(AES_NOHW_BATCH *batch) { static void aes_nohw_to_batch(AES_NOHW_BATCH *out, const uint8_t *in, size_t num_blocks) { // Don't leave unused blocks uninitialized. - GFp_memset(out, 0, sizeof(AES_NOHW_BATCH)); + OPENSSL_memset(out, 0, sizeof(AES_NOHW_BATCH)); debug_assert_nonsecret(num_blocks <= AES_NOHW_BATCH_SIZE); for (size_t i = 0; i < num_blocks; i++) { aes_word_t block[AES_NOHW_BLOCK_WORDS]; @@ -770,7 +770,7 @@ static void aes_nohw_expand_round_keys(AES_NOHW_SCHEDULE *out, // Copy the round key into each block in the batch. for (size_t j = 0; j < AES_NOHW_BATCH_SIZE; j++) { aes_word_t tmp[AES_NOHW_BLOCK_WORDS]; - GFp_memcpy(tmp, key->rd_key + 4 * i, 16); + OPENSSL_memcpy(tmp, key->rd_key + 4 * i, 16); aes_nohw_batch_set(&out->keys[i], tmp, j); } aes_nohw_transpose(&out->keys[i]); @@ -794,7 +794,7 @@ static inline aes_word_t aes_nohw_rcon_slice(uint8_t rcon, size_t i) { static void aes_nohw_sub_block(aes_word_t out[AES_NOHW_BLOCK_WORDS], const aes_word_t in[AES_NOHW_BLOCK_WORDS]) { AES_NOHW_BATCH batch; - GFp_memset(&batch, 0, sizeof(batch)); + OPENSSL_memset(&batch, 0, sizeof(batch)); aes_nohw_batch_set(&batch, in, 0); aes_nohw_transpose(&batch); aes_nohw_sub_bytes(&batch); @@ -807,7 +807,7 @@ static void aes_nohw_setup_key_128(AES_KEY *key, const uint8_t in[16]) { aes_word_t block[AES_NOHW_BLOCK_WORDS]; aes_nohw_compact_block(block, in); - GFp_memcpy(key->rd_key, block, 16); + OPENSSL_memcpy(key->rd_key, block, 16); for (size_t i = 1; i <= 10; i++) { aes_word_t sub[AES_NOHW_BLOCK_WORDS]; @@ -826,7 +826,7 @@ static void aes_nohw_setup_key_128(AES_KEY *key, const uint8_t in[16]) { block[j] = aes_nohw_xor(block[j], aes_nohw_shift_left(v, 8)); block[j] = aes_nohw_xor(block[j], aes_nohw_shift_left(v, 12)); } - GFp_memcpy(key->rd_key + 4 * i, block, 16); + OPENSSL_memcpy(key->rd_key + 4 * i, block, 16); } } @@ -836,10 +836,10 @@ static void aes_nohw_setup_key_256(AES_KEY *key, const uint8_t in[32]) { // Each key schedule iteration produces two round keys. aes_word_t block1[AES_NOHW_BLOCK_WORDS], block2[AES_NOHW_BLOCK_WORDS]; aes_nohw_compact_block(block1, in); - GFp_memcpy(key->rd_key, block1, 16); + OPENSSL_memcpy(key->rd_key, block1, 16); aes_nohw_compact_block(block2, in + 16); - GFp_memcpy(key->rd_key + 4, block2, 16); + OPENSSL_memcpy(key->rd_key + 4, block2, 16); for (size_t i = 2; i <= 14; i += 2) { aes_word_t sub[AES_NOHW_BLOCK_WORDS]; @@ -857,7 +857,7 @@ static void aes_nohw_setup_key_256(AES_KEY *key, const uint8_t in[32]) { block1[j] = aes_nohw_xor(block1[j], aes_nohw_shift_left(v, 8)); block1[j] = aes_nohw_xor(block1[j], aes_nohw_shift_left(v, 12)); } - GFp_memcpy(key->rd_key + 4 * i, block1, 16); + OPENSSL_memcpy(key->rd_key + 4 * i, block1, 16); if (i == 14) { break; @@ -873,15 +873,15 @@ static void aes_nohw_setup_key_256(AES_KEY *key, const uint8_t in[32]) { block2[j] = aes_nohw_xor(block2[j], aes_nohw_shift_left(v, 8)); block2[j] = aes_nohw_xor(block2[j], aes_nohw_shift_left(v, 12)); } - GFp_memcpy(key->rd_key + 4 * (i + 1), block2, 16); + OPENSSL_memcpy(key->rd_key + 4 * (i + 1), block2, 16); } } // External API. -int GFp_aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, - AES_KEY *aeskey) { +int aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, + AES_KEY *aeskey) { switch (bits) { case 128: aes_nohw_setup_key_128(aeskey, key); @@ -893,7 +893,7 @@ int GFp_aes_nohw_set_encrypt_key(const uint8_t *key, unsigned bits, return 1; } -void GFp_aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { +void aes_nohw_encrypt(const uint8_t *in, uint8_t *out, const AES_KEY *key) { AES_NOHW_SCHEDULE sched; aes_nohw_expand_round_keys(&sched, key); AES_NOHW_BATCH batch; @@ -906,16 +906,16 @@ static inline void aes_nohw_xor_block(uint8_t out[16], const uint8_t a[16], const uint8_t b[16]) { for (size_t i = 0; i < 16; i += sizeof(aes_word_t)) { aes_word_t x, y; - GFp_memcpy(&x, a + i, sizeof(aes_word_t)); - GFp_memcpy(&y, b + i, sizeof(aes_word_t)); + OPENSSL_memcpy(&x, a + i, sizeof(aes_word_t)); + OPENSSL_memcpy(&y, b + i, sizeof(aes_word_t)); x = aes_nohw_xor(x, y); - GFp_memcpy(out + i, &x, sizeof(aes_word_t)); + OPENSSL_memcpy(out + i, &x, sizeof(aes_word_t)); } } -void GFp_aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, - size_t blocks, const AES_KEY *key, - const uint8_t ivec[16]) { +void aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, + size_t blocks, const AES_KEY *key, + const uint8_t ivec[16]) { if (blocks == 0) { return; } @@ -929,7 +929,7 @@ void GFp_aes_nohw_ctr32_encrypt_blocks(const uint8_t *in, uint8_t *out, uint8_t u8[AES_NOHW_BATCH_SIZE * 16]; } ivs, enc_ivs; for (size_t i = 0; i < AES_NOHW_BATCH_SIZE; i++) { - GFp_memcpy(ivs.u8 + 16 * i, ivec, 16); + OPENSSL_memcpy(ivs.u8 + 16 * i, ivec, 16); } uint32_t ctr = CRYPTO_bswap4(ivs.u32[3]); diff --git a/crypto/fipsmodule/aes/asm/aesni-x86.pl b/crypto/fipsmodule/aes/asm/aesni-x86.pl index aee1f5f..687cda0 100644 --- a/crypto/fipsmodule/aes/asm/aesni-x86.pl +++ b/crypto/fipsmodule/aes/asm/aesni-x86.pl @@ -67,10 +67,10 @@ # Goldmont 3.84/1.39 1.39 1.63 1.31 1.70 # Bulldozer 5.80/0.98 1.05 1.24 0.93 1.23 -$PREFIX="GFp_aes_hw"; # if $PREFIX is set to "AES", the script +$PREFIX="aes_hw"; # if $PREFIX is set to "AES", the script # generates drop-in replacement for # crypto/aes/asm/aes-586.pl:-) -$AESNI_PREFIX="GFp_aes_hw"; +$AESNI_PREFIX="aes_hw"; $inline=1; # inline _aesni_[en|de]crypt $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; @@ -83,7 +83,7 @@ open OUT,">$output"; &asm_init($ARGV[0]); -&external_label("GFp_ia32cap_P"); +&external_label("OPENSSL_ia32cap_P"); &static_label("key_const"); if ($PREFIX eq $AESNI_PREFIX) { $movekey=\&movups; } @@ -688,7 +688,7 @@ if ($PREFIX eq $AESNI_PREFIX) { &blindpop("ebx"); &lea ("ebx",&DWP(&label("key_const")."-".&label("pic"),"ebx")); - &picmeup("ebp","GFp_ia32cap_P","ebx",&label("key_const")); + &picmeup("ebp","OPENSSL_ia32cap_P","ebx",&label("key_const")); &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey &xorps ("xmm4","xmm4"); # low dword of xmm4 is assumed 0 &mov ("ebp",&DWP(4,"ebp")); diff --git a/crypto/fipsmodule/aes/asm/aesni-x86_64.pl b/crypto/fipsmodule/aes/asm/aesni-x86_64.pl index 7ad0a89..630d399 100644 --- a/crypto/fipsmodule/aes/asm/aesni-x86_64.pl +++ b/crypto/fipsmodule/aes/asm/aesni-x86_64.pl @@ -206,7 +206,7 @@ $movkey = $PREFIX eq "aes_hw" ? "movups" : "movups"; ("%rdi","%rsi","%rdx","%rcx"); # Unix order $code=".text\n"; -$code.=".extern GFp_ia32cap_P\n"; +$code.=".extern OPENSSL_ia32cap_P\n"; $rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!! # this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ... @@ -265,10 +265,10 @@ ___ { my ($inp,$out,$key) = @_4args; $code.=<<___; -.globl GFp_${PREFIX}_encrypt -.type GFp_${PREFIX}_encrypt,\@abi-omnipotent +.globl ${PREFIX}_encrypt +.type ${PREFIX}_encrypt,\@abi-omnipotent .align 16 -GFp_${PREFIX}_encrypt: +${PREFIX}_encrypt: .cfi_startproc movups ($inp),$inout0 # load input mov 240($key),$rounds # key->rounds @@ -281,7 +281,7 @@ $code.=<<___; pxor $inout0,$inout0 ret .cfi_endproc -.size GFp_${PREFIX}_encrypt,.-GFp_${PREFIX}_encrypt +.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt ___ } @@ -577,9 +577,9 @@ ___ if ($PREFIX eq "aes_hw") { { ###################################################################### -# void GFp_aes_hw_ctr32_encrypt_blocks (const void *in, void *out, -# size_t blocks, const AES_KEY *key, -# const char *ivec); +# void aesni_ctr32_encrypt_blocks (const void *in, void *out, +# size_t blocks, const AES_KEY *key, +# const char *ivec); # # Handles only complete blocks, operates on 32-bit counter and # does not update *ivec! (see crypto/modes/ctr128.c for details) @@ -594,10 +594,10 @@ my ($key0,$ctr)=("%ebp","${ivp}d"); my $frame_size = 0x80 + ($win64?160:0); $code.=<<___; -.globl GFp_${PREFIX}_ctr32_encrypt_blocks -.type GFp_${PREFIX}_ctr32_encrypt_blocks,\@function,5 +.globl ${PREFIX}_ctr32_encrypt_blocks +.type ${PREFIX}_ctr32_encrypt_blocks,\@function,5 .align 16 -GFp_${PREFIX}_ctr32_encrypt_blocks: +${PREFIX}_ctr32_encrypt_blocks: .cfi_startproc cmp \$1,$len jne .Lctr32_bulk @@ -692,7 +692,7 @@ $code.=<<___; lea 7($ctr),%r9 mov %r10d,0x60+12(%rsp) bswap %r9d - leaq GFp_ia32cap_P(%rip),%r10 + leaq OPENSSL_ia32cap_P(%rip),%r10 mov 4(%r10),%r10d xor $key0,%r9d and \$`1<<26|1<<22`,%r10d # isolate XSAVE+MOVBE @@ -1151,7 +1151,7 @@ $code.=<<___; .Lctr32_epilogue: ret .cfi_endproc -.size GFp_${PREFIX}_ctr32_encrypt_blocks,.-GFp_${PREFIX}_ctr32_encrypt_blocks +.size ${PREFIX}_ctr32_encrypt_blocks,.-${PREFIX}_ctr32_encrypt_blocks ___ } }} @@ -1167,8 +1167,8 @@ ___ # Aggressively optimized in respect to aeskeygenassist's critical path # and is contained in %xmm0-5 to meet Win64 ABI requirement. # -# int GFp_${PREFIX}_set_encrypt_key(const unsigned char *inp, -# int bits, AES_KEY * const key); +# int ${PREFIX}_set_encrypt_key(const unsigned char *inp, +# int bits, AES_KEY * const key); # # input: $inp user-supplied key # $bits $inp length in bits @@ -1184,10 +1184,10 @@ ___ # amount of volatile registers is smaller on Windows. # $code.=<<___; -.globl GFp_${PREFIX}_set_encrypt_key -.type GFp_${PREFIX}_set_encrypt_key,\@abi-omnipotent +.globl ${PREFIX}_set_encrypt_key +.type ${PREFIX}_set_encrypt_key,\@abi-omnipotent .align 16 -GFp_${PREFIX}_set_encrypt_key: +${PREFIX}_set_encrypt_key: __aesni_set_encrypt_key: .cfi_startproc .byte 0x48,0x83,0xEC,0x08 # sub rsp,8 @@ -1200,7 +1200,7 @@ __aesni_set_encrypt_key: movups ($inp),%xmm0 # pull first 128 bits of *userKey xorps %xmm4,%xmm4 # low dword of xmm4 is assumed 0 - leaq GFp_ia32cap_P(%rip),%r10 + leaq OPENSSL_ia32cap_P(%rip),%r10 movl 4(%r10),%r10d and \$`1<<28|1<<11`,%r10d # AVX and XOP bits lea 16($key),%rax # %rax is used as modifiable copy of $key @@ -1419,7 +1419,7 @@ __aesni_set_encrypt_key: .cfi_adjust_cfa_offset -8 ret .cfi_endproc -.LSEH_end_GFp_set_encrypt_key: +.LSEH_end_set_encrypt_key: .align 16 .Lkey_expansion_128: @@ -1489,7 +1489,7 @@ __aesni_set_encrypt_key: shufps \$0b10101010,%xmm1,%xmm1 # critical path xorps %xmm1,%xmm2 ret -.size GFp_${PREFIX}_set_encrypt_key,.-GFp_${PREFIX}_set_encrypt_key +.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key ___ } @@ -1616,25 +1616,25 @@ ctr_xts_se_handler: .align 4 ___ $code.=<<___ if ($PREFIX eq "aes_hw"); - .rva .LSEH_begin_GFp_${PREFIX}_ctr32_encrypt_blocks - .rva .LSEH_end_GFp_${PREFIX}_ctr32_encrypt_blocks - .rva .LSEH_info_GFp_ctr32 + .rva .LSEH_begin_${PREFIX}_ctr32_encrypt_blocks + .rva .LSEH_end_${PREFIX}_ctr32_encrypt_blocks + .rva .LSEH_info_ctr32 ___ $code.=<<___; - .rva GFp_${PREFIX}_set_encrypt_key - .rva .LSEH_end_GFp_set_encrypt_key - .rva .LSEH_info_GFp_key + .rva ${PREFIX}_set_encrypt_key + .rva .LSEH_end_set_encrypt_key + .rva .LSEH_info_key .section .xdata .align 8 ___ $code.=<<___ if ($PREFIX eq "aes_hw"); -.LSEH_info_GFp_ctr32: +.LSEH_info_ctr32: .byte 9,0,0,0 .rva ctr_xts_se_handler .rva .Lctr32_body,.Lctr32_epilogue # HandlerData[] ___ $code.=<<___; -.LSEH_info_GFp_key: +.LSEH_info_key: .byte 0x01,0x04,0x01,0x00 .byte 0x04,0x02,0x00,0x00 # sub rsp,8 ___ diff --git a/crypto/fipsmodule/aes/asm/aesv8-armx.pl b/crypto/fipsmodule/aes/asm/aesv8-armx.pl index 804df81..89cc6c5 100644 --- a/crypto/fipsmodule/aes/asm/aesv8-armx.pl +++ b/crypto/fipsmodule/aes/asm/aesv8-armx.pl @@ -53,7 +53,7 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; $prefix="aes_hw"; $code=<<___; -#include <GFp/arm_arch.h> +#include <ring-core/arm_arch.h> #if __ARM_MAX_ARCH__>=7 .text @@ -89,10 +89,10 @@ $code.=<<___; .text -.globl GFp_${prefix}_set_encrypt_key -.type GFp_${prefix}_set_encrypt_key,%function +.globl ${prefix}_set_encrypt_key +.type ${prefix}_set_encrypt_key,%function .align 5 -GFp_${prefix}_set_encrypt_key: +${prefix}_set_encrypt_key: .Lenc_key: ___ $code.=<<___ if ($flavour =~ /64/); @@ -235,7 +235,7 @@ $code.=<<___; mov x0,$ptr // return value `"ldr x29,[sp],#16" if ($flavour =~ /64/)` ret -.size GFp_${prefix}_set_encrypt_key,.-GFp_${prefix}_set_encrypt_key +.size ${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key ___ }}} {{{ @@ -247,10 +247,10 @@ my $rounds="w3"; my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3)); $code.=<<___; -.globl GFp_${prefix}_${dir}crypt -.type GFp_${prefix}_${dir}crypt,%function +.globl ${prefix}_${dir}crypt +.type ${prefix}_${dir}crypt,%function .align 5 -GFp_${prefix}_${dir}crypt: +${prefix}_${dir}crypt: AARCH64_VALID_CALL_TARGET ldr $rounds,[$key,#240] vld1.32 {$rndkey0},[$key],#16 @@ -276,11 +276,12 @@ GFp_${prefix}_${dir}crypt: vst1.8 {$inout},[$out] ret -.size GFp_${prefix}_${dir}crypt,.-GFp_${prefix}_${dir}crypt +.size ${prefix}_${dir}crypt,.-${prefix}_${dir}crypt ___ } &gen_block("en"); -&gen_block("de"); +# Decryption removed in *ring*. +# &gen_block("de"); }}} {{{ my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); @@ -296,10 +297,10 @@ my ($dat,$tmp)=($dat0,$tmp0); ### q8-q15 preloaded key schedule $code.=<<___; -.globl GFp_${prefix}_ctr32_encrypt_blocks -.type GFp_${prefix}_ctr32_encrypt_blocks,%function +.globl ${prefix}_ctr32_encrypt_blocks +.type ${prefix}_ctr32_encrypt_blocks,%function .align 5 -GFp_${prefix}_ctr32_encrypt_blocks: +${prefix}_ctr32_encrypt_blocks: ___ $code.=<<___ if ($flavour =~ /64/); // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. @@ -513,7 +514,7 @@ $code.=<<___ if ($flavour =~ /64/); ret ___ $code.=<<___; -.size GFp_${prefix}_ctr32_encrypt_blocks,.-GFp_${prefix}_ctr32_encrypt_blocks +.size ${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks ___ }}} $code.=<<___; diff --git a/crypto/fipsmodule/aes/asm/bsaes-armv7.pl b/crypto/fipsmodule/aes/asm/bsaes-armv7.pl index 2804d61..062f8f1 100644 --- a/crypto/fipsmodule/aes/asm/bsaes-armv7.pl +++ b/crypto/fipsmodule/aes/asm/bsaes-armv7.pl @@ -707,7 +707,7 @@ ___ $code.=<<___; #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} @@ -937,10 +937,10 @@ my $const = "r6"; # shared with _bsaes_encrypt8_alt my $keysched = "sp"; $code.=<<___; -.global GFp_bsaes_ctr32_encrypt_blocks -.type GFp_bsaes_ctr32_encrypt_blocks,%function +.global bsaes_ctr32_encrypt_blocks +.type bsaes_ctr32_encrypt_blocks,%function .align 5 -GFp_bsaes_ctr32_encrypt_blocks: +bsaes_ctr32_encrypt_blocks: @ In OpenSSL, short inputs fall back to aes_nohw_* here. We patch this @ out to retain a constant-time implementation. mov ip, sp @@ -1120,7 +1120,7 @@ GFp_bsaes_ctr32_encrypt_blocks: @ OpenSSL contains aes_nohw_* fallback code here. We patch this @ out to retain a constant-time implementation. -.size GFp_bsaes_ctr32_encrypt_blocks,.-GFp_bsaes_ctr32_encrypt_blocks +.size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks ___ } $code.=<<___; diff --git a/crypto/fipsmodule/aes/asm/vpaes-x86.pl b/crypto/fipsmodule/aes/asm/vpaes-x86.pl index 1418869..f29e896 100644 --- a/crypto/fipsmodule/aes/asm/vpaes-x86.pl +++ b/crypto/fipsmodule/aes/asm/vpaes-x86.pl @@ -555,7 +555,7 @@ $k_deskew=0x180; # deskew tables: inverts the sbox's "skew" # # Interface to OpenSSL # -&function_begin("GFp_${PREFIX}_set_encrypt_key"); +&function_begin("${PREFIX}_set_encrypt_key"); &mov ($inp,&wparam(0)); # inp &lea ($base,&DWP(-56,"esp")); &mov ($round,&wparam(1)); # bits @@ -577,9 +577,9 @@ $k_deskew=0x180; # deskew tables: inverts the sbox's "skew" &mov ("esp",&DWP(48,"esp")); &xor ("eax","eax"); -&function_end("GFp_${PREFIX}_set_encrypt_key"); +&function_end("${PREFIX}_set_encrypt_key"); -&function_begin("GFp_${PREFIX}_encrypt"); +&function_begin("${PREFIX}_encrypt"); &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); &call ("_vpaes_preheat"); &set_label("pic_point"); @@ -596,7 +596,7 @@ $k_deskew=0x180; # deskew tables: inverts the sbox's "skew" &movdqu (&QWP(0,$out),"xmm0"); &mov ("esp",&DWP(48,"esp")); -&function_end("GFp_${PREFIX}_encrypt"); +&function_end("${PREFIX}_encrypt"); &asm_finish(); diff --git a/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl b/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl index 6b93a45..33cf05e 100644 --- a/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl +++ b/crypto/fipsmodule/aes/asm/vpaes-x86_64.pl @@ -636,10 +636,10 @@ _vpaes_schedule_mangle: # # Interface to OpenSSL # -.globl GFp_${PREFIX}_set_encrypt_key -.type GFp_${PREFIX}_set_encrypt_key,\@function,3 +.globl ${PREFIX}_set_encrypt_key +.type ${PREFIX}_set_encrypt_key,\@function,3 .align 16 -GFp_${PREFIX}_set_encrypt_key: +${PREFIX}_set_encrypt_key: .cfi_startproc #ifdef BORINGSSL_DISPATCH_TEST .extern BORINGSSL_function_hit @@ -689,12 +689,12 @@ $code.=<<___; xor %eax,%eax ret .cfi_endproc -.size GFp_${PREFIX}_set_encrypt_key,.-GFp_${PREFIX}_set_encrypt_key +.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key -.globl GFp_${PREFIX}_encrypt -.type GFp_${PREFIX}_encrypt,\@function,3 +.globl ${PREFIX}_encrypt +.type ${PREFIX}_encrypt,\@function,3 .align 16 -GFp_${PREFIX}_encrypt: +${PREFIX}_encrypt: .cfi_startproc ___ $code.=<<___ if ($win64); @@ -734,18 +734,18 @@ ___ $code.=<<___; ret .cfi_endproc -.size GFp_${PREFIX}_encrypt,.-GFp_${PREFIX}_encrypt +.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt ___ { my ($inp,$out,$blocks,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx","%r8"); -# void GFp_vpaes_ctr32_encrypt_blocks(const uint8_t *inp, uint8_t *out, +# void vpaes_ctr32_encrypt_blocks(const uint8_t *inp, uint8_t *out, # size_t blocks, const AES_KEY *key, # const uint8_t ivp[16]); $code.=<<___; -.globl GFp_${PREFIX}_ctr32_encrypt_blocks -.type GFp_${PREFIX}_ctr32_encrypt_blocks,\@function,5 +.globl ${PREFIX}_ctr32_encrypt_blocks +.type ${PREFIX}_ctr32_encrypt_blocks,\@function,5 .align 16 -GFp_${PREFIX}_ctr32_encrypt_blocks: +${PREFIX}_ctr32_encrypt_blocks: .cfi_startproc # _vpaes_encrypt_core and _vpaes_encrypt_core_2x expect the key in %rdx. xchg $key, $blocks @@ -838,7 +838,7 @@ $code.=<<___; .Lctr32_abort: ret .cfi_endproc -.size GFp_${PREFIX}_ctr32_encrypt_blocks,.-GFp_${PREFIX}_ctr32_encrypt_blocks +.size ${PREFIX}_ctr32_encrypt_blocks,.-${PREFIX}_ctr32_encrypt_blocks ___ } $code.=<<___; @@ -1029,28 +1029,28 @@ se_handler: .section .pdata .align 4 - .rva .LSEH_begin_GFp_${PREFIX}_set_encrypt_key - .rva .LSEH_end_GFp_${PREFIX}_set_encrypt_key - .rva .LSEH_info_GFp_${PREFIX}_set_encrypt_key + .rva .LSEH_begin_${PREFIX}_set_encrypt_key + .rva .LSEH_end_${PREFIX}_set_encrypt_key + .rva .LSEH_info_${PREFIX}_set_encrypt_key - .rva .LSEH_begin_GFp_${PREFIX}_encrypt - .rva .LSEH_end_GFp_${PREFIX}_encrypt - .rva .LSEH_info_GFp_${PREFIX}_encrypt - .rva .LSEH_begin_GFp_${PREFIX}_ctr32_encrypt_blocks - .rva .LSEH_end_GFp_${PREFIX}_ctr32_encrypt_blocks - .rva .LSEH_info_GFp_${PREFIX}_ctr32_encrypt_blocks + .rva .LSEH_begin_${PREFIX}_encrypt + .rva .LSEH_end_${PREFIX}_encrypt + .rva .LSEH_info_${PREFIX}_encrypt + .rva .LSEH_begin_${PREFIX}_ctr32_encrypt_blocks + .rva .LSEH_end_${PREFIX}_ctr32_encrypt_blocks + .rva .LSEH_info_${PREFIX}_ctr32_encrypt_blocks .section .xdata .align 8 -.LSEH_info_GFp_${PREFIX}_set_encrypt_key: +.LSEH_info_${PREFIX}_set_encrypt_key: .byte 9,0,0,0 .rva se_handler .rva .Lenc_key_body,.Lenc_key_epilogue # HandlerData[] -.LSEH_info_GFp_${PREFIX}_encrypt: +.LSEH_info_${PREFIX}_encrypt: .byte 9,0,0,0 .rva se_handler .rva .Lenc_body,.Lenc_epilogue # HandlerData[] -.LSEH_info_GFp_${PREFIX}_ctr32_encrypt_blocks: +.LSEH_info_${PREFIX}_ctr32_encrypt_blocks: .byte 9,0,0,0 .rva se_handler .rva .Lctr32_body,.Lctr32_epilogue # HandlerData[] diff --git a/crypto/fipsmodule/bn/asm/armv4-mont.pl b/crypto/fipsmodule/bn/asm/armv4-mont.pl index dbc28b5..f9af795 100644 --- a/crypto/fipsmodule/bn/asm/armv4-mont.pl +++ b/crypto/fipsmodule/bn/asm/armv4-mont.pl @@ -97,7 +97,7 @@ $_n0="$num,#14*4"; $_num="$num,#15*4"; $_bpend=$_num; $code=<<___; -#include <GFp/arm_arch.h> +#include <ring-core/arm_arch.h> @ Silence ARMv8 deprecated IT instruction warnings. This file is used by both @ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. @@ -112,18 +112,18 @@ $code=<<___; #endif #if __ARM_MAX_ARCH__>=7 -.extern GFp_armcap_P -.hidden GFp_armcap_P +.extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .align 5 .LOPENSSL_armcap: -.word GFp_armcap_P-.Lbn_mul_mont +.word OPENSSL_armcap_P-.Lbn_mul_mont #endif -.global GFp_bn_mul_mont -.type GFp_bn_mul_mont,%function +.global bn_mul_mont +.type bn_mul_mont,%function .align 5 -GFp_bn_mul_mont: +bn_mul_mont: .Lbn_mul_mont: ldr ip,[sp,#4] @ load num stmdb sp!,{r0,r2} @ sp points at argument block @@ -294,7 +294,7 @@ GFp_bn_mul_mont: moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif -.size GFp_bn_mul_mont,.-GFp_bn_mul_mont +.size bn_mul_mont,.-bn_mul_mont ___ { my ($A0,$A1,$A2,$A3)=map("d$_",(0..3)); diff --git a/crypto/fipsmodule/bn/asm/armv8-mont.pl b/crypto/fipsmodule/bn/asm/armv8-mont.pl index 717ea68..f82c495 100644 --- a/crypto/fipsmodule/bn/asm/armv8-mont.pl +++ b/crypto/fipsmodule/bn/asm/armv8-mont.pl @@ -55,7 +55,7 @@ open OUT,"| \"$^X\" $xlate $flavour $output"; $lo1,$hi1,$nj,$m1,$nlo,$nhi, $ovf, $i,$j,$tp,$tj) = map("x$_",6..17,19..24); -# int GFp_bn_mul_mont( +# int bn_mul_mont( $rp="x0"; # BN_ULONG *rp, $ap="x1"; # const BN_ULONG *ap, $bp="x2"; # const BN_ULONG *bp, @@ -64,14 +64,14 @@ $n0="x4"; # const BN_ULONG *n0, $num="x5"; # size_t num); $code.=<<___; -#include <GFp/arm_arch.h> +#include <ring-core/arm_arch.h> .text -.globl GFp_bn_mul_mont -.type GFp_bn_mul_mont,%function +.globl bn_mul_mont +.type bn_mul_mont,%function .align 5 -GFp_bn_mul_mont: +bn_mul_mont: AARCH64_SIGN_LINK_REGISTER tst $num,#7 b.eq __bn_sqr8x_mont @@ -272,7 +272,7 @@ GFp_bn_mul_mont: ldr x29,[sp],#64 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_bn_mul_mont,.-GFp_bn_mul_mont +.size bn_mul_mont,.-bn_mul_mont ___ { ######################################################################## diff --git a/crypto/fipsmodule/bn/asm/x86-mont.pl b/crypto/fipsmodule/bn/asm/x86-mont.pl index 7b1e94b..18dbfb2 100644 --- a/crypto/fipsmodule/bn/asm/x86-mont.pl +++ b/crypto/fipsmodule/bn/asm/x86-mont.pl @@ -45,9 +45,9 @@ open STDOUT,">$output"; $sse2=0; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } -&external_label("GFp_ia32cap_P") if ($sse2); +&external_label("OPENSSL_ia32cap_P") if ($sse2); -&function_begin("GFp_bn_mul_mont"); +&function_begin("bn_mul_mont"); $i="edx"; $j="ecx"; @@ -145,7 +145,7 @@ $mul1="mm5"; $temp="mm6"; $mask="mm7"; - &picmeup("eax","GFp_ia32cap_P"); + &picmeup("eax","OPENSSL_ia32cap_P"); &bt (&DWP(0,"eax"),26); # The non-SSE2 code was removed. @@ -327,7 +327,7 @@ $mask="mm7"; &mov ("esp",$_sp); # pull saved stack pointer &mov ("eax",1); -&function_end("GFp_bn_mul_mont"); +&function_end("bn_mul_mont"); &asciz("Montgomery Multiplication for x86, CRYPTOGAMS by <appro\@openssl.org>"); diff --git a/crypto/fipsmodule/bn/asm/x86_64-mont.pl b/crypto/fipsmodule/bn/asm/x86_64-mont.pl index e0ad0b9..d6fc564 100644 --- a/crypto/fipsmodule/bn/asm/x86_64-mont.pl +++ b/crypto/fipsmodule/bn/asm/x86_64-mont.pl @@ -65,7 +65,7 @@ open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; # output, so this isn't useful anyway. $addx = 1; -# void GFp_bn_mul_mont( +# void bn_mul_mont( $rp="%rdi"; # BN_ULONG *rp, $ap="%rsi"; # const BN_ULONG *ap, $bp="%rdx"; # const BN_ULONG *bp, @@ -85,12 +85,12 @@ $m1="%rbp"; $code=<<___; .text -.extern GFp_ia32cap_P +.extern OPENSSL_ia32cap_P -.globl GFp_bn_mul_mont -.type GFp_bn_mul_mont,\@function,6 +.globl bn_mul_mont +.type bn_mul_mont,\@function,6 .align 16 -GFp_bn_mul_mont: +bn_mul_mont: .cfi_startproc mov ${num}d,${num}d mov %rsp,%rax @@ -101,7 +101,7 @@ GFp_bn_mul_mont: jb .Lmul_enter ___ $code.=<<___ if ($addx); - mov GFp_ia32cap_P+8(%rip),%r11d + mov OPENSSL_ia32cap_P+8(%rip),%r11d ___ $code.=<<___; cmp $ap,$bp @@ -346,7 +346,7 @@ $code.=<<___; .Lmul_epilogue: ret .cfi_endproc -.size GFp_bn_mul_mont,.-GFp_bn_mul_mont +.size bn_mul_mont,.-bn_mul_mont ___ {{{ my @A=("%r10","%r11"); @@ -818,10 +818,10 @@ my @A1=("%r12","%r13"); my ($a0,$a1,$ai)=("%r14","%r15","%rbx"); $code.=<<___ if ($addx); -.extern GFp_bn_sqrx8x_internal # see x86_64-mont5 module +.extern bn_sqrx8x_internal # see x86_64-mont5 module ___ $code.=<<___; -.extern GFp_bn_sqr8x_internal # see x86_64-mont5 module +.extern bn_sqr8x_internal # see x86_64-mont5 module .type bn_sqr8x_mont,\@function,6 .align 32 @@ -906,12 +906,12 @@ bn_sqr8x_mont: movq %r10, %xmm3 # -$num ___ $code.=<<___ if ($addx); - mov GFp_ia32cap_P+8(%rip),%eax + mov OPENSSL_ia32cap_P+8(%rip),%eax and \$0x80100,%eax cmp \$0x80100,%eax jne .Lsqr8x_nox - call GFp_bn_sqrx8x_internal # see x86_64-mont5 module + call bn_sqrx8x_internal # see x86_64-mont5 module # %rax top-most carry # %rbp nptr # %rcx -8*num @@ -927,7 +927,7 @@ $code.=<<___ if ($addx); .Lsqr8x_nox: ___ $code.=<<___; - call GFp_bn_sqr8x_internal # see x86_64-mont5 module + call bn_sqr8x_internal # see x86_64-mont5 module # %rax top-most carry # %rbp nptr # %r8 -8*num @@ -1532,9 +1532,9 @@ sqr_handler: .section .pdata .align 4 - .rva .LSEH_begin_GFp_bn_mul_mont - .rva .LSEH_end_GFp_bn_mul_mont - .rva .LSEH_info_GFp_bn_mul_mont + .rva .LSEH_begin_bn_mul_mont + .rva .LSEH_end_bn_mul_mont + .rva .LSEH_info_bn_mul_mont .rva .LSEH_begin_bn_mul4x_mont .rva .LSEH_end_bn_mul4x_mont @@ -1552,7 +1552,7 @@ ___ $code.=<<___; .section .xdata .align 8 -.LSEH_info_GFp_bn_mul_mont: +.LSEH_info_bn_mul_mont: .byte 9,0,0,0 .rva mul_handler .rva .Lmul_body,.Lmul_epilogue # HandlerData[] diff --git a/crypto/fipsmodule/bn/asm/x86_64-mont5.pl b/crypto/fipsmodule/bn/asm/x86_64-mont5.pl index b79b403..38e24ea 100644 --- a/crypto/fipsmodule/bn/asm/x86_64-mont5.pl +++ b/crypto/fipsmodule/bn/asm/x86_64-mont5.pl @@ -50,7 +50,7 @@ open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; # output, so this isn't useful anyway. $addx = 1; -# int GFp_bn_mul_mont_gather5( +# int bn_mul_mont_gather5( $rp="%rdi"; # BN_ULONG *rp, $ap="%rsi"; # const BN_ULONG *ap, $bp="%rdx"; # const BN_ULONG *bp, @@ -72,12 +72,12 @@ $m1="%rbp"; $code=<<___; .text -.extern GFp_ia32cap_P +.extern OPENSSL_ia32cap_P -.globl GFp_bn_mul_mont_gather5 -.type GFp_bn_mul_mont_gather5,\@function,6 +.globl bn_mul_mont_gather5 +.type bn_mul_mont_gather5,\@function,6 .align 64 -GFp_bn_mul_mont_gather5: +bn_mul_mont_gather5: .cfi_startproc mov ${num}d,${num}d mov %rsp,%rax @@ -86,7 +86,7 @@ GFp_bn_mul_mont_gather5: jnz .Lmul_enter ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 mov 8(%r11),%r11d ___ $code.=<<___; @@ -447,7 +447,7 @@ $code.=<<___; .Lmul_epilogue: ret .cfi_endproc -.size GFp_bn_mul_mont_gather5,.-GFp_bn_mul_mont_gather5 +.size bn_mul_mont_gather5,.-bn_mul_mont_gather5 ___ {{{ my @A=("%r10","%r11"); @@ -492,7 +492,7 @@ $code.=<<___; # modulo 4096, which covers ret[num], am[num] and n[num] # (see bn_exp.c). This is done to allow memory disambiguation # logic do its magic. [Extra [num] is allocated in order - # to align with GFp_bn_power5's frame, which is cleansed after + # to align with bn_power5's frame, which is cleansed after # completing exponentiation. Extra 256 bytes is for power mask # calculated from 7th argument, the index.] # @@ -1067,7 +1067,7 @@ ___ }}} {{{ ###################################################################### -# void GFp_bn_power5( +# void bn_power5( my $rptr="%rdi"; # BN_ULONG *rptr, my $aptr="%rsi"; # const BN_ULONG *aptr, my $bptr="%rdx"; # const void *table, @@ -1082,16 +1082,16 @@ my @A1=("%r12","%r13"); my ($a0,$a1,$ai)=("%r14","%r15","%rbx"); $code.=<<___; -.globl GFp_bn_power5 -.type GFp_bn_power5,\@function,6 +.globl bn_power5 +.type bn_power5,\@function,6 .align 32 -GFp_bn_power5: +bn_power5: .cfi_startproc mov %rsp,%rax .cfi_def_cfa_register %rax ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 mov 8(%r11),%r11d and \$0x80108,%r11d cmp \$0x80108,%r11d # check for AD*X+BMI2+BMI1 @@ -1220,13 +1220,13 @@ $code.=<<___; .Lpower5_epilogue: ret .cfi_endproc -.size GFp_bn_power5,.-GFp_bn_power5 +.size bn_power5,.-bn_power5 -.globl GFp_bn_sqr8x_internal -.hidden GFp_bn_sqr8x_internal -.type GFp_bn_sqr8x_internal,\@abi-omnipotent +.globl bn_sqr8x_internal +.hidden bn_sqr8x_internal +.type bn_sqr8x_internal,\@abi-omnipotent .align 32 -GFp_bn_sqr8x_internal: +bn_sqr8x_internal: __bn_sqr8x_internal: .cfi_startproc ############################################################## @@ -2021,7 +2021,7 @@ __bn_sqr8x_reduction: jb .L8x_reduction_loop ret .cfi_endproc -.size GFp_bn_sqr8x_internal,.-GFp_bn_sqr8x_internal +.size bn_sqr8x_internal,.-bn_sqr8x_internal ___ } ############################################################## @@ -2090,17 +2090,17 @@ ___ } { $code.=<<___; -.globl GFp_bn_from_montgomery -.type GFp_bn_from_montgomery,\@abi-omnipotent +.globl bn_from_montgomery +.type bn_from_montgomery,\@abi-omnipotent .align 32 -GFp_bn_from_montgomery: +bn_from_montgomery: .cfi_startproc testl \$7,`($win64?"48(%rsp)":"%r9d")` jz bn_from_mont8x xor %eax,%eax ret .cfi_endproc -.size GFp_bn_from_montgomery,.-GFp_bn_from_montgomery +.size bn_from_montgomery,.-bn_from_montgomery .type bn_from_mont8x,\@function,6 .align 32 @@ -2132,7 +2132,7 @@ bn_from_mont8x: # Ensure that stack frame doesn't alias with $rptr+3*$num # modulo 4096, which covers ret[num], am[num] and n[num] # (see bn_exp.c). The stack is allocated to aligned with - # GFp_bn_power5's frame, and as GFp_bn_from_montgomery happens to be + # bn_power5's frame, and as bn_from_montgomery happens to be # last operation, we use the opportunity to cleanse it. # lea -320(%rsp,$num,2),%r11 @@ -2218,7 +2218,7 @@ bn_from_mont8x: movq %r10, %xmm3 # -num ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 mov 8(%r11),%r11d and \$0x80108,%r11d cmp \$0x80108,%r11d # check for AD*X+BMI2+BMI1 @@ -2313,7 +2313,7 @@ bn_mulx4x_mont_gather5: # modulo 4096, which covers ret[num], am[num] and n[num] # (see bn_exp.c). This is done to allow memory disambiguation # logic do its magic. [Extra [num] is allocated in order - # to align with GFp_bn_power5's frame, which is cleansed after + # to align with bn_power5's frame, which is cleansed after # completing exponentiation. Extra 256 bytes is for power mask # calculated from 7th argument, the index.] # @@ -2752,7 +2752,7 @@ $code.=<<___; ___ }{ ###################################################################### -# void GFp_bn_power5( +# void bn_power5( my $rptr="%rdi"; # BN_ULONG *rptr, my $aptr="%rsi"; # const BN_ULONG *aptr, my $bptr="%rdx"; # const void *table, @@ -2902,10 +2902,10 @@ bn_powerx5: .cfi_endproc .size bn_powerx5,.-bn_powerx5 -.globl GFp_bn_sqrx8x_internal -.type GFp_bn_sqrx8x_internal,\@abi-omnipotent +.globl bn_sqrx8x_internal +.type bn_sqrx8x_internal,\@abi-omnipotent .align 32 -GFp_bn_sqrx8x_internal: +bn_sqrx8x_internal: __bn_sqrx8x_internal: .cfi_startproc ################################################################## @@ -3541,7 +3541,7 @@ __bn_sqrx8x_reduction: jb .Lsqrx8x_reduction_loop ret .cfi_endproc -.size GFp_bn_sqrx8x_internal,.-GFp_bn_sqrx8x_internal +.size bn_sqrx8x_internal,.-bn_sqrx8x_internal ___ } ############################################################## @@ -3614,10 +3614,10 @@ my $STRIDE=2**5*8; my $N=$STRIDE/4; $code.=<<___; -.globl GFp_bn_scatter5 -.type GFp_bn_scatter5,\@abi-omnipotent +.globl bn_scatter5 +.type bn_scatter5,\@abi-omnipotent .align 16 -GFp_bn_scatter5: +bn_scatter5: .cfi_startproc cmp \$0, $num jz .Lscatter_epilogue @@ -3632,14 +3632,14 @@ GFp_bn_scatter5: .Lscatter_epilogue: ret .cfi_endproc -.size GFp_bn_scatter5,.-GFp_bn_scatter5 +.size bn_scatter5,.-bn_scatter5 -.globl GFp_bn_gather5 -.type GFp_bn_gather5,\@abi-omnipotent +.globl bn_gather5 +.type bn_gather5,\@abi-omnipotent .align 32 -GFp_bn_gather5: +bn_gather5: .cfi_startproc -.LSEH_begin_GFp_bn_gather5: # Win64 thing, but harmless in other cases +.LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases # I can't trust assembler to use specific encoding:-( .byte 0x4c,0x8d,0x14,0x24 #lea (%rsp),%r10 .cfi_def_cfa_register %r10 @@ -3725,9 +3725,9 @@ $code.=<<___; lea (%r10),%rsp .cfi_def_cfa_register %rsp ret -.LSEH_end_GFp_bn_gather5: +.LSEH_end_bn_gather5: .cfi_endproc -.size GFp_bn_gather5,.-GFp_bn_gather5 +.size bn_gather5,.-bn_gather5 ___ } $code.=<<___; @@ -3852,17 +3852,17 @@ mul_handler: .section .pdata .align 4 - .rva .LSEH_begin_GFp_bn_mul_mont_gather5 - .rva .LSEH_end_GFp_bn_mul_mont_gather5 - .rva .LSEH_info_GFp_bn_mul_mont_gather5 + .rva .LSEH_begin_bn_mul_mont_gather5 + .rva .LSEH_end_bn_mul_mont_gather5 + .rva .LSEH_info_bn_mul_mont_gather5 .rva .LSEH_begin_bn_mul4x_mont_gather5 .rva .LSEH_end_bn_mul4x_mont_gather5 .rva .LSEH_info_bn_mul4x_mont_gather5 - .rva .LSEH_begin_GFp_bn_power5 - .rva .LSEH_end_GFp_bn_power5 - .rva .LSEH_info_GFp_bn_power5 + .rva .LSEH_begin_bn_power5 + .rva .LSEH_end_bn_power5 + .rva .LSEH_info_bn_power5 .rva .LSEH_begin_bn_from_mont8x .rva .LSEH_end_bn_from_mont8x @@ -3875,16 +3875,16 @@ $code.=<<___ if ($addx); .rva .LSEH_begin_bn_powerx5 .rva .LSEH_end_bn_powerx5 - .rva .LSEH_info_GFp_bn_powerx5 + .rva .LSEH_info_bn_powerx5 ___ $code.=<<___; - .rva .LSEH_begin_GFp_bn_gather5 - .rva .LSEH_end_GFp_bn_gather5 - .rva .LSEH_info_GFp_bn_gather5 + .rva .LSEH_begin_bn_gather5 + .rva .LSEH_end_bn_gather5 + .rva .LSEH_info_bn_gather5 .section .xdata .align 8 -.LSEH_info_GFp_bn_mul_mont_gather5: +.LSEH_info_bn_mul_mont_gather5: .byte 9,0,0,0 .rva mul_handler .rva .Lmul_body,.Lmul_body,.Lmul_epilogue # HandlerData[] @@ -3894,7 +3894,7 @@ $code.=<<___; .rva mul_handler .rva .Lmul4x_prologue,.Lmul4x_body,.Lmul4x_epilogue # HandlerData[] .align 8 -.LSEH_info_GFp_bn_power5: +.LSEH_info_bn_power5: .byte 9,0,0,0 .rva mul_handler .rva .Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue # HandlerData[] @@ -3911,14 +3911,14 @@ $code.=<<___ if ($addx); .rva mul_handler .rva .Lmulx4x_prologue,.Lmulx4x_body,.Lmulx4x_epilogue # HandlerData[] .align 8 -.LSEH_info_GFp_bn_powerx5: +.LSEH_info_bn_powerx5: .byte 9,0,0,0 .rva mul_handler .rva .Lpowerx5_prologue,.Lpowerx5_body,.Lpowerx5_epilogue # HandlerData[] ___ $code.=<<___; .align 8 -.LSEH_info_GFp_bn_gather5: +.LSEH_info_bn_gather5: .byte 0x01,0x0b,0x03,0x0a .byte 0x0b,0x01,0x21,0x00 # sub rsp,0x108 .byte 0x04,0xa3,0x00,0x00 # lea r10,(rsp) diff --git a/crypto/fipsmodule/bn/internal.h b/crypto/fipsmodule/bn/internal.h index 044e4e8..c3ba88e 100644 --- a/crypto/fipsmodule/bn/internal.h +++ b/crypto/fipsmodule/bn/internal.h @@ -123,7 +123,7 @@ #ifndef OPENSSL_HEADER_BN_INTERNAL_H #define OPENSSL_HEADER_BN_INTERNAL_H -#include <GFp/base.h> +#include <ring-core/base.h> #if defined(OPENSSL_X86_64) && defined(_MSC_VER) && !defined(__clang__) #pragma warning(push, 3) @@ -180,8 +180,8 @@ typedef crypto_word BN_ULONG; OPENSSL_STATIC_ASSERT(sizeof(int) == sizeof(size_t) || (sizeof(int) == 4 && sizeof(size_t) == 8), "int and size_t ABI mismatch"); -void GFp_bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, - const BN_ULONG *np, const BN_ULONG *n0, size_t num); +void bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, size_t num); static inline void bn_umult_lohi(BN_ULONG *low_out, BN_ULONG *high_out, BN_ULONG a, BN_ULONG b) { diff --git a/crypto/fipsmodule/bn/montgomery.c b/crypto/fipsmodule/bn/montgomery.c index e13379e..b1f1c69 100644 --- a/crypto/fipsmodule/bn/montgomery.c +++ b/crypto/fipsmodule/bn/montgomery.c @@ -118,7 +118,7 @@ OPENSSL_STATIC_ASSERT( sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS == sizeof(uint64_t), "uint64_t is insufficient precision for n0"); -int GFp_bn_from_montgomery_in_place(BN_ULONG r[], size_t num_r, BN_ULONG a[], +int bn_from_montgomery_in_place(BN_ULONG r[], size_t num_r, BN_ULONG a[], size_t num_a, const BN_ULONG n[], size_t num_n, const BN_ULONG n0_[BN_MONT_CTX_N0_LIMBS]) { @@ -132,7 +132,7 @@ int GFp_bn_from_montgomery_in_place(BN_ULONG r[], size_t num_r, BN_ULONG a[], BN_ULONG n0 = n0_[0]; BN_ULONG carry = 0; for (size_t i = 0; i < num_n; i++) { - BN_ULONG v = GFp_limbs_mul_add_limb(a + i, n, a[i] * n0, num_n); + BN_ULONG v = limbs_mul_add_limb(a + i, n, a[i] * n0, num_n); v += carry + a[i + num_n]; carry |= (v != a[i + num_n]); carry &= (v <= a[i + num_n]); diff --git a/crypto/fipsmodule/bn/montgomery_inv.c b/crypto/fipsmodule/bn/montgomery_inv.c index f32848f..421a751 100644 --- a/crypto/fipsmodule/bn/montgomery_inv.c +++ b/crypto/fipsmodule/bn/montgomery_inv.c @@ -46,7 +46,7 @@ OPENSSL_STATIC_ASSERT(sizeof(BN_ULONG) * BN_MONT_CTX_N0_LIMBS == sizeof(uint64_t // caller would have to negate the resultant |v| for the purpose of Montgomery // multiplication. This implementation does the negation implicitly by doing // the computations as a difference instead of a sum. -uint64_t GFp_bn_neg_inv_mod_r_u64(uint64_t n) { +uint64_t bn_neg_inv_mod_r_u64(uint64_t n) { dev_assert_secret(n % 2 == 1); // alpha == 2**(lg r - 1) == r / 2. diff --git a/crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl b/crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl deleted file mode 100644 index 06f3480..0000000 --- a/crypto/fipsmodule/ec/asm/ecp_nistz256-armv4.pl +++ /dev/null @@ -1,901 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - - -# ==================================================================== -# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ECP_NISTZ256 module for ARMv4. -# -# October 2014. -# -# Original ECP_NISTZ256 submission targeting x86_64 is detailed in -# http://eprint.iacr.org/2013/816. In the process of adaptation -# original .c module was made 32-bit savvy in order to make this -# implementation possible. -# -# with/without -DECP_NISTZ256_ASM -# Cortex-A8 +53-170% -# Cortex-A9 +76-205% -# Cortex-A15 +100-316% -# Snapdragon S4 +66-187% -# -# Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. Lower coefficients are for ECDSA sign, server-side -# operation. Keep in mind that +200% means 3x improvement. - -$flavour = shift; -if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } -else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } - -if ($flavour && $flavour ne "void") { - $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; - ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or - ( $xlate="${dir}../../../perlasm/arm-xlate.pl" and -f $xlate) or - die "can't locate arm-xlate.pl"; - - open STDOUT,"| \"$^X\" $xlate $flavour $output"; -} else { - open STDOUT,">$output"; -} - -$code.=<<___; -#include <GFp/arm_arch.h> - -.text -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.asciz "ECP_NISTZ256 for ARMv4, CRYPTOGAMS by <appro\@openssl.org>" -.align 6 -___ - -######################################################################## -# common register layout, note that $t2 is link register, so that if -# internal subroutine uses $t2, then it has to offload lr... - -($r_ptr,$a_ptr,$b_ptr,$ff,$a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7,$t1,$t2)= - map("r$_",(0..12,14)); -($t0,$t3)=($ff,$a_ptr); - -$code.=<<___; -.type __ecp_nistz256_mul_by_2,%function -.align 4 -__ecp_nistz256_mul_by_2: - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - adds $a0,$a0,$a0 @ a[0:7]+=a[0:7], i.e. add with itself - ldr $a3,[$a_ptr,#12] - adcs $a1,$a1,$a1 - ldr $a4,[$a_ptr,#16] - adcs $a2,$a2,$a2 - ldr $a5,[$a_ptr,#20] - adcs $a3,$a3,$a3 - ldr $a6,[$a_ptr,#24] - adcs $a4,$a4,$a4 - ldr $a7,[$a_ptr,#28] - adcs $a5,$a5,$a5 - adcs $a6,$a6,$a6 - mov $ff,#0 - adcs $a7,$a7,$a7 - adc $ff,$ff,#0 - - b .Lreduce_by_sub -.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2 - -@ void GFp_nistz256_add(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl GFp_nistz256_add -.type GFp_nistz256_add,%function -.align 4 -GFp_nistz256_add: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_add -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_nistz256_add,.-GFp_nistz256_add - -.type __ecp_nistz256_add,%function -.align 4 -__ecp_nistz256_add: - str lr,[sp,#-4]! @ push lr - - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - ldr $a3,[$a_ptr,#12] - ldr $a4,[$a_ptr,#16] - ldr $t0,[$b_ptr,#0] - ldr $a5,[$a_ptr,#20] - ldr $t1,[$b_ptr,#4] - ldr $a6,[$a_ptr,#24] - ldr $t2,[$b_ptr,#8] - ldr $a7,[$a_ptr,#28] - ldr $t3,[$b_ptr,#12] - adds $a0,$a0,$t0 - ldr $t0,[$b_ptr,#16] - adcs $a1,$a1,$t1 - ldr $t1,[$b_ptr,#20] - adcs $a2,$a2,$t2 - ldr $t2,[$b_ptr,#24] - adcs $a3,$a3,$t3 - ldr $t3,[$b_ptr,#28] - adcs $a4,$a4,$t0 - adcs $a5,$a5,$t1 - adcs $a6,$a6,$t2 - mov $ff,#0 - adcs $a7,$a7,$t3 - adc $ff,$ff,#0 - ldr lr,[sp],#4 @ pop lr - -.Lreduce_by_sub: - - @ if a+b >= modulus, subtract modulus. - @ - @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subtraction borrowed. - - subs $a0,$a0,#-1 - sbcs $a1,$a1,#-1 - sbcs $a2,$a2,#-1 - sbcs $a3,$a3,#0 - sbcs $a4,$a4,#0 - sbcs $a5,$a5,#0 - sbcs $a6,$a6,#1 - sbcs $a7,$a7,#-1 - sbc $ff,$ff,#0 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ using value of borrow as a whole or extracting single bit. - @ Follow $ff register... - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_add,.-__ecp_nistz256_add - -.type __ecp_nistz256_mul_by_3,%function -.align 4 -__ecp_nistz256_mul_by_3: - str lr,[sp,#-4]! @ push lr - - @ As multiplication by 3 is performed as 2*n+n, below are inline - @ copies of __ecp_nistz256_mul_by_2 and __ecp_nistz256_add, see - @ corresponding subroutines for details. - - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - adds $a0,$a0,$a0 @ a[0:7]+=a[0:7] - ldr $a3,[$a_ptr,#12] - adcs $a1,$a1,$a1 - ldr $a4,[$a_ptr,#16] - adcs $a2,$a2,$a2 - ldr $a5,[$a_ptr,#20] - adcs $a3,$a3,$a3 - ldr $a6,[$a_ptr,#24] - adcs $a4,$a4,$a4 - ldr $a7,[$a_ptr,#28] - adcs $a5,$a5,$a5 - adcs $a6,$a6,$a6 - mov $ff,#0 - adcs $a7,$a7,$a7 - adc $ff,$ff,#0 - - subs $a0,$a0,#-1 @ .Lreduce_by_sub but without stores - sbcs $a1,$a1,#-1 - sbcs $a2,$a2,#-1 - sbcs $a3,$a3,#0 - sbcs $a4,$a4,#0 - sbcs $a5,$a5,#0 - sbcs $a6,$a6,#1 - sbcs $a7,$a7,#-1 - sbc $ff,$ff,#0 - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - adcs $a2,$a2,$ff - adcs $a3,$a3,#0 - adcs $a4,$a4,#0 - ldr $b_ptr,[$a_ptr,#0] - adcs $a5,$a5,#0 - ldr $t1,[$a_ptr,#4] - adcs $a6,$a6,$ff,lsr#31 - ldr $t2,[$a_ptr,#8] - adc $a7,$a7,$ff - - ldr $t0,[$a_ptr,#12] - adds $a0,$a0,$b_ptr @ 2*a[0:7]+=a[0:7] - ldr $b_ptr,[$a_ptr,#16] - adcs $a1,$a1,$t1 - ldr $t1,[$a_ptr,#20] - adcs $a2,$a2,$t2 - ldr $t2,[$a_ptr,#24] - adcs $a3,$a3,$t0 - ldr $t3,[$a_ptr,#28] - adcs $a4,$a4,$b_ptr - adcs $a5,$a5,$t1 - adcs $a6,$a6,$t2 - mov $ff,#0 - adcs $a7,$a7,$t3 - adc $ff,$ff,#0 - ldr lr,[sp],#4 @ pop lr - - b .Lreduce_by_sub -.size __ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3 - -.type __ecp_nistz256_div_by_2,%function -.align 4 -__ecp_nistz256_div_by_2: - @ ret = (a is odd ? a+mod : a) >> 1 - - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - mov $ff,$a0,lsl#31 @ place least significant bit to most - @ significant position, now arithmetic - @ right shift by 31 will produce -1 or - @ 0, while logical right shift 1 or 0, - @ this is how modulus is conditionally - @ synthesized in this case... - ldr $a3,[$a_ptr,#12] - adds $a0,$a0,$ff,asr#31 - ldr $a4,[$a_ptr,#16] - adcs $a1,$a1,$ff,asr#31 - ldr $a5,[$a_ptr,#20] - adcs $a2,$a2,$ff,asr#31 - ldr $a6,[$a_ptr,#24] - adcs $a3,$a3,#0 - ldr $a7,[$a_ptr,#28] - adcs $a4,$a4,#0 - mov $a0,$a0,lsr#1 @ a[0:7]>>=1, we can start early - @ because it doesn't affect flags - adcs $a5,$a5,#0 - orr $a0,$a0,$a1,lsl#31 - adcs $a6,$a6,$ff,lsr#31 - mov $b_ptr,#0 - adcs $a7,$a7,$ff,asr#31 - mov $a1,$a1,lsr#1 - adc $b_ptr,$b_ptr,#0 @ top-most carry bit from addition - - orr $a1,$a1,$a2,lsl#31 - mov $a2,$a2,lsr#1 - str $a0,[$r_ptr,#0] - orr $a2,$a2,$a3,lsl#31 - mov $a3,$a3,lsr#1 - str $a1,[$r_ptr,#4] - orr $a3,$a3,$a4,lsl#31 - mov $a4,$a4,lsr#1 - str $a2,[$r_ptr,#8] - orr $a4,$a4,$a5,lsl#31 - mov $a5,$a5,lsr#1 - str $a3,[$r_ptr,#12] - orr $a5,$a5,$a6,lsl#31 - mov $a6,$a6,lsr#1 - str $a4,[$r_ptr,#16] - orr $a6,$a6,$a7,lsl#31 - mov $a7,$a7,lsr#1 - str $a5,[$r_ptr,#20] - orr $a7,$a7,$b_ptr,lsl#31 @ don't forget the top-most carry bit - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 - -.type __ecp_nistz256_sub,%function -.align 4 -__ecp_nistz256_sub: - str lr,[sp,#-4]! @ push lr - - ldr $a0,[$a_ptr,#0] - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - ldr $a3,[$a_ptr,#12] - ldr $a4,[$a_ptr,#16] - ldr $t0,[$b_ptr,#0] - ldr $a5,[$a_ptr,#20] - ldr $t1,[$b_ptr,#4] - ldr $a6,[$a_ptr,#24] - ldr $t2,[$b_ptr,#8] - ldr $a7,[$a_ptr,#28] - ldr $t3,[$b_ptr,#12] - subs $a0,$a0,$t0 - ldr $t0,[$b_ptr,#16] - sbcs $a1,$a1,$t1 - ldr $t1,[$b_ptr,#20] - sbcs $a2,$a2,$t2 - ldr $t2,[$b_ptr,#24] - sbcs $a3,$a3,$t3 - ldr $t3,[$b_ptr,#28] - sbcs $a4,$a4,$t0 - sbcs $a5,$a5,$t1 - sbcs $a6,$a6,$t2 - sbcs $a7,$a7,$t3 - sbc $ff,$ff,$ff @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - -.Lreduce_by_add: - - @ if a-b borrows, add modulus. - @ - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ broadcasting borrow bit to a register, $ff, and using it as - @ a whole or extracting single bit. - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_sub,.-__ecp_nistz256_sub - -@ void GFp_nistz256_neg(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl GFp_nistz256_neg -.type GFp_nistz256_neg,%function -.align 4 -GFp_nistz256_neg: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_neg -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_nistz256_neg,.-GFp_nistz256_neg - -.type __ecp_nistz256_neg,%function -.align 4 -__ecp_nistz256_neg: - ldr $a0,[$a_ptr,#0] - eor $ff,$ff,$ff - ldr $a1,[$a_ptr,#4] - ldr $a2,[$a_ptr,#8] - subs $a0,$ff,$a0 - ldr $a3,[$a_ptr,#12] - sbcs $a1,$ff,$a1 - ldr $a4,[$a_ptr,#16] - sbcs $a2,$ff,$a2 - ldr $a5,[$a_ptr,#20] - sbcs $a3,$ff,$a3 - ldr $a6,[$a_ptr,#24] - sbcs $a4,$ff,$a4 - ldr $a7,[$a_ptr,#28] - sbcs $a5,$ff,$a5 - sbcs $a6,$ff,$a6 - sbcs $a7,$ff,$a7 - sbc $ff,$ff,$ff - - b .Lreduce_by_add -.size __ecp_nistz256_neg,.-__ecp_nistz256_neg -___ -{ -my @acc=map("r$_",(3..11)); -my ($t0,$t1,$bj,$t2,$t3)=map("r$_",(0,1,2,12,14)); - -$code.=<<___; -@ void GFp_nistz256_mul_mont(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl GFp_nistz256_mul_mont -.type GFp_nistz256_mul_mont,%function -.align 4 -GFp_nistz256_mul_mont: - stmdb sp!,{r4-r12,lr} - bl __ecp_nistz256_mul_mont -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_nistz256_mul_mont,.-GFp_nistz256_mul_mont - -.type __ecp_nistz256_mul_mont,%function -.align 4 -__ecp_nistz256_mul_mont: - stmdb sp!,{r0-r2,lr} @ make a copy of arguments too - - ldr $bj,[$b_ptr,#0] @ b[0] - ldmia $a_ptr,{@acc[1]-@acc[8]} - - umull @acc[0],$t3,@acc[1],$bj @ r[0]=a[0]*b[0] - stmdb sp!,{$acc[1]-@acc[8]} @ copy a[0-7] to stack, so - @ that it can be addressed - @ without spending register - @ on address - umull @acc[1],$t0,@acc[2],$bj @ r[1]=a[1]*b[0] - umull @acc[2],$t1,@acc[3],$bj - adds @acc[1],@acc[1],$t3 @ accumulate high part of mult - umull @acc[3],$t2,@acc[4],$bj - adcs @acc[2],@acc[2],$t0 - umull @acc[4],$t3,@acc[5],$bj - adcs @acc[3],@acc[3],$t1 - umull @acc[5],$t0,@acc[6],$bj - adcs @acc[4],@acc[4],$t2 - umull @acc[6],$t1,@acc[7],$bj - adcs @acc[5],@acc[5],$t3 - umull @acc[7],$t2,@acc[8],$bj - adcs @acc[6],@acc[6],$t0 - adcs @acc[7],@acc[7],$t1 - eor $t3,$t3,$t3 @ first overflow bit is zero - adc @acc[8],$t2,#0 -___ -for(my $i=1;$i<8;$i++) { -my $t4=@acc[0]; - - # Reduction iteration is normally performed by accumulating - # result of multiplication of modulus by "magic" digit [and - # omitting least significant word, which is guaranteed to - # be 0], but thanks to special form of modulus and "magic" - # digit being equal to least significant word, it can be - # performed with additions and subtractions alone. Indeed: - # - # ffff.0001.0000.0000.0000.ffff.ffff.ffff - # * abcd - # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd - # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 - # - abcd.0000.0000.0000.0000.0000.0000.abcd - # - # or marking redundant operations: - # - # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- - # + abcd.0000.abcd.0000.0000.abcd.----.----.---- - # - abcd.----.----.----.----.----.----.---- - -$code.=<<___; - @ multiplication-less reduction $i - adds @acc[3],@acc[3],@acc[0] @ r[3]+=r[0] - ldr $bj,[sp,#40] @ restore b_ptr - adcs @acc[4],@acc[4],#0 @ r[4]+=0 - adcs @acc[5],@acc[5],#0 @ r[5]+=0 - adcs @acc[6],@acc[6],@acc[0] @ r[6]+=r[0] - ldr $t1,[sp,#0] @ load a[0] - adcs @acc[7],@acc[7],#0 @ r[7]+=0 - ldr $bj,[$bj,#4*$i] @ load b[i] - adcs @acc[8],@acc[8],@acc[0] @ r[8]+=r[0] - eor $t0,$t0,$t0 - adc $t3,$t3,#0 @ overflow bit - subs @acc[7],@acc[7],@acc[0] @ r[7]-=r[0] - ldr $t2,[sp,#4] @ a[1] - sbcs @acc[8],@acc[8],#0 @ r[8]-=0 - umlal @acc[1],$t0,$t1,$bj @ "r[0]"+=a[0]*b[i] - eor $t1,$t1,$t1 - sbc @acc[0],$t3,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr $t3,[sp,#8] @ a[2] - umlal @acc[2],$t1,$t2,$bj @ "r[1]"+=a[1]*b[i] - str @acc[0],[sp,#36] @ temporarily offload overflow - eor $t2,$t2,$t2 - ldr $t4,[sp,#12] @ a[3], $t4 is alias @acc[0] - umlal @acc[3],$t2,$t3,$bj @ "r[2]"+=a[2]*b[i] - eor $t3,$t3,$t3 - adds @acc[2],@acc[2],$t0 @ accumulate high part of mult - ldr $t0,[sp,#16] @ a[4] - umlal @acc[4],$t3,$t4,$bj @ "r[3]"+=a[3]*b[i] - eor $t4,$t4,$t4 - adcs @acc[3],@acc[3],$t1 - ldr $t1,[sp,#20] @ a[5] - umlal @acc[5],$t4,$t0,$bj @ "r[4]"+=a[4]*b[i] - eor $t0,$t0,$t0 - adcs @acc[4],@acc[4],$t2 - ldr $t2,[sp,#24] @ a[6] - umlal @acc[6],$t0,$t1,$bj @ "r[5]"+=a[5]*b[i] - eor $t1,$t1,$t1 - adcs @acc[5],@acc[5],$t3 - ldr $t3,[sp,#28] @ a[7] - umlal @acc[7],$t1,$t2,$bj @ "r[6]"+=a[6]*b[i] - eor $t2,$t2,$t2 - adcs @acc[6],@acc[6],$t4 - ldr @acc[0],[sp,#36] @ restore overflow bit - umlal @acc[8],$t2,$t3,$bj @ "r[7]"+=a[7]*b[i] - eor $t3,$t3,$t3 - adcs @acc[7],@acc[7],$t0 - adcs @acc[8],@acc[8],$t1 - adcs @acc[0],$acc[0],$t2 - adc $t3,$t3,#0 @ new overflow bit -___ - push(@acc,shift(@acc)); # rotate registers, so that - # "r[i]" becomes r[i] -} -$code.=<<___; - @ last multiplication-less reduction - adds @acc[3],@acc[3],@acc[0] - ldr $r_ptr,[sp,#32] @ restore r_ptr - adcs @acc[4],@acc[4],#0 - adcs @acc[5],@acc[5],#0 - adcs @acc[6],@acc[6],@acc[0] - adcs @acc[7],@acc[7],#0 - adcs @acc[8],@acc[8],@acc[0] - adc $t3,$t3,#0 - subs @acc[7],@acc[7],@acc[0] - sbcs @acc[8],@acc[8],#0 - sbc @acc[0],$t3,#0 @ overflow bit - - @ Final step is "if result > mod, subtract mod", but we do it - @ "other way around", namely subtract modulus from result - @ and if it borrowed, add modulus back. - - adds @acc[1],@acc[1],#1 @ subs @acc[1],@acc[1],#-1 - adcs @acc[2],@acc[2],#0 @ sbcs @acc[2],@acc[2],#-1 - adcs @acc[3],@acc[3],#0 @ sbcs @acc[3],@acc[3],#-1 - sbcs @acc[4],@acc[4],#0 - sbcs @acc[5],@acc[5],#0 - sbcs @acc[6],@acc[6],#0 - sbcs @acc[7],@acc[7],#1 - adcs @acc[8],@acc[8],#0 @ sbcs @acc[8],@acc[8],#-1 - ldr lr,[sp,#44] @ restore lr - sbc @acc[0],@acc[0],#0 @ broadcast borrow bit - add sp,sp,#48 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ broadcasting borrow bit to a register, @acc[0], and using it as - @ a whole or extracting single bit. - - adds @acc[1],@acc[1],@acc[0] @ add modulus or zero - adcs @acc[2],@acc[2],@acc[0] - str @acc[1],[$r_ptr,#0] - adcs @acc[3],@acc[3],@acc[0] - str @acc[2],[$r_ptr,#4] - adcs @acc[4],@acc[4],#0 - str @acc[3],[$r_ptr,#8] - adcs @acc[5],@acc[5],#0 - str @acc[4],[$r_ptr,#12] - adcs @acc[6],@acc[6],#0 - str @acc[5],[$r_ptr,#16] - adcs @acc[7],@acc[7],@acc[0],lsr#31 - str @acc[6],[$r_ptr,#20] - adc @acc[8],@acc[8],@acc[0] - str @acc[7],[$r_ptr,#24] - str @acc[8],[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont -___ -} - -{{{ -######################################################################## -# Below $aN assignment matches order in which 256-bit result appears in -# register bank at return from __ecp_nistz256_mul_mont, so that we can -# skip over reloading it from memory. This means that below functions -# use custom calling sequence accepting 256-bit input in registers, -# output pointer in r0, $r_ptr, and optional pointer in r2, $b_ptr. -# -# See their "normal" counterparts for insights on calculations. - -my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7, - $t0,$t1,$t2,$t3)=map("r$_",(11,3..10,12,14,1)); -my $ff=$b_ptr; - -$code.=<<___; -.type __ecp_nistz256_sub_from,%function -.align 5 -__ecp_nistz256_sub_from: - str lr,[sp,#-4]! @ push lr - - ldr $t0,[$b_ptr,#0] - ldr $t1,[$b_ptr,#4] - ldr $t2,[$b_ptr,#8] - ldr $t3,[$b_ptr,#12] - subs $a0,$a0,$t0 - ldr $t0,[$b_ptr,#16] - sbcs $a1,$a1,$t1 - ldr $t1,[$b_ptr,#20] - sbcs $a2,$a2,$t2 - ldr $t2,[$b_ptr,#24] - sbcs $a3,$a3,$t3 - ldr $t3,[$b_ptr,#28] - sbcs $a4,$a4,$t0 - sbcs $a5,$a5,$t1 - sbcs $a6,$a6,$t2 - sbcs $a7,$a7,$t3 - sbc $ff,$ff,$ff @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from - -.type __ecp_nistz256_sub_morf,%function -.align 5 -__ecp_nistz256_sub_morf: - str lr,[sp,#-4]! @ push lr - - ldr $t0,[$b_ptr,#0] - ldr $t1,[$b_ptr,#4] - ldr $t2,[$b_ptr,#8] - ldr $t3,[$b_ptr,#12] - subs $a0,$t0,$a0 - ldr $t0,[$b_ptr,#16] - sbcs $a1,$t1,$a1 - ldr $t1,[$b_ptr,#20] - sbcs $a2,$t2,$a2 - ldr $t2,[$b_ptr,#24] - sbcs $a3,$t3,$a3 - ldr $t3,[$b_ptr,#28] - sbcs $a4,$t0,$a4 - sbcs $a5,$t1,$a5 - sbcs $a6,$t2,$a6 - sbcs $a7,$t3,$a7 - sbc $ff,$ff,$ff @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf - -.type __ecp_nistz256_add_self,%function -.align 4 -__ecp_nistz256_add_self: - adds $a0,$a0,$a0 @ a[0:7]+=a[0:7] - adcs $a1,$a1,$a1 - adcs $a2,$a2,$a2 - adcs $a3,$a3,$a3 - adcs $a4,$a4,$a4 - adcs $a5,$a5,$a5 - adcs $a6,$a6,$a6 - mov $ff,#0 - adcs $a7,$a7,$a7 - adc $ff,$ff,#0 - - @ if a+b >= modulus, subtract modulus. - @ - @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subtraction borrowed. - - subs $a0,$a0,#-1 - sbcs $a1,$a1,#-1 - sbcs $a2,$a2,#-1 - sbcs $a3,$a3,#0 - sbcs $a4,$a4,#0 - sbcs $a5,$a5,#0 - sbcs $a6,$a6,#1 - sbcs $a7,$a7,#-1 - sbc $ff,$ff,#0 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ using value of borrow as a whole or extracting single bit. - @ Follow $ff register... - - adds $a0,$a0,$ff @ add synthesized modulus - adcs $a1,$a1,$ff - str $a0,[$r_ptr,#0] - adcs $a2,$a2,$ff - str $a1,[$r_ptr,#4] - adcs $a3,$a3,#0 - str $a2,[$r_ptr,#8] - adcs $a4,$a4,#0 - str $a3,[$r_ptr,#12] - adcs $a5,$a5,#0 - str $a4,[$r_ptr,#16] - adcs $a6,$a6,$ff,lsr#31 - str $a5,[$r_ptr,#20] - adcs $a7,$a7,$ff - str $a6,[$r_ptr,#24] - str $a7,[$r_ptr,#28] - - mov pc,lr -.size __ecp_nistz256_add_self,.-__ecp_nistz256_add_self - -___ - -######################################################################## -# following subroutines are "literal" implementation of those found in -# ecp_nistz256.c -# -######################################################################## -# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -{ -my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); -# above map() describes stack layout with 5 temporary -# 256-bit vectors on top. Then note that we push -# starting from r0, which means that we have copy of -# input arguments just below these temporary vectors. - -$code.=<<___; -.globl GFp_nistz256_point_double -.type GFp_nistz256_point_double,%function -.align 5 -GFp_nistz256_point_double: - stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional - sub sp,sp,#32*5 - -.Lpoint_double_shortcut: - add r3,sp,#$in_x - ldmia $a_ptr!,{r4-r11} @ copy in_x - stmia r3,{r4-r11} - - add $r_ptr,sp,#$S - bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(S, in_y); - - add $b_ptr,$a_ptr,#32 - add $a_ptr,$a_ptr,#32 - add $r_ptr,sp,#$Zsqr - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Zsqr, in_z); - - add $a_ptr,sp,#$S - add $b_ptr,sp,#$S - add $r_ptr,sp,#$S - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(S, S); - - ldr $b_ptr,[sp,#32*5+4] - add $a_ptr,$b_ptr,#32 - add $b_ptr,$b_ptr,#64 - add $r_ptr,sp,#$tmp0 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(tmp0, in_z, in_y); - - ldr $r_ptr,[sp,#32*5] - add $r_ptr,$r_ptr,#64 - bl __ecp_nistz256_add_self @ p256_mul_by_2(res_z, tmp0); - - add $a_ptr,sp,#$in_x - add $b_ptr,sp,#$Zsqr - add $r_ptr,sp,#$M - bl __ecp_nistz256_add @ p256_add(M, in_x, Zsqr); - - add $a_ptr,sp,#$in_x - add $b_ptr,sp,#$Zsqr - add $r_ptr,sp,#$Zsqr - bl __ecp_nistz256_sub @ p256_sub(Zsqr, in_x, Zsqr); - - add $a_ptr,sp,#$S - add $b_ptr,sp,#$S - add $r_ptr,sp,#$tmp0 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(tmp0, S); - - add $a_ptr,sp,#$Zsqr - add $b_ptr,sp,#$M - add $r_ptr,sp,#$M - bl __ecp_nistz256_mul_mont @ p256_mul_mont(M, M, Zsqr); - - ldr $r_ptr,[sp,#32*5] - add $a_ptr,sp,#$tmp0 - add $r_ptr,$r_ptr,#32 - bl __ecp_nistz256_div_by_2 @ p256_div_by_2(res_y, tmp0); - - add $a_ptr,sp,#$M - add $r_ptr,sp,#$M - bl __ecp_nistz256_mul_by_3 @ p256_mul_by_3(M, M); - - add $a_ptr,sp,#$in_x - add $b_ptr,sp,#$S - add $r_ptr,sp,#$S - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, in_x); - - add $r_ptr,sp,#$tmp0 - bl __ecp_nistz256_add_self @ p256_mul_by_2(tmp0, S); - - ldr $r_ptr,[sp,#32*5] - add $a_ptr,sp,#$M - add $b_ptr,sp,#$M - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(res_x, M); - - add $b_ptr,sp,#$tmp0 - bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, tmp0); - - add $b_ptr,sp,#$S - add $r_ptr,sp,#$S - bl __ecp_nistz256_sub_morf @ p256_sub(S, S, res_x); - - add $a_ptr,sp,#$M - add $b_ptr,sp,#$S - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, M); - - ldr $r_ptr,[sp,#32*5] - add $b_ptr,$r_ptr,#32 - add $r_ptr,$r_ptr,#32 - bl __ecp_nistz256_sub_from @ p256_sub(res_y, S, res_y); - - add sp,sp,#32*5+16 @ +16 means "skip even over saved r0-r3" -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4-r12,pc} -#else - ldmia sp!,{r4-r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_nistz256_point_double,.-GFp_nistz256_point_double -___ -} - -}}} - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/geo; - - s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT"; diff --git a/crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl b/crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl deleted file mode 100644 index 4347d7d..0000000 --- a/crypto/fipsmodule/ec/asm/ecp_nistz256-armv8.pl +++ /dev/null @@ -1,908 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# openssl-core@openssl.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.openssl.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== -# -# This product includes cryptographic software written by Eric Young -# (eay@cryptsoft.com). This product includes software written by Tim -# Hudson (tjh@cryptsoft.com). - - -# ==================================================================== -# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ECP_NISTZ256 module for ARMv8. -# -# February 2015. -# -# Original ECP_NISTZ256 submission targeting x86_64 is detailed in -# http://eprint.iacr.org/2013/816. -# -# with/without -DECP_NISTZ256_ASM -# Apple A7 +120-360% -# Cortex-A53 +120-400% -# Cortex-A57 +120-350% -# X-Gene +200-330% -# Denver +140-400% -# -# Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. Lower coefficients are for ECDSA sign, server-side -# operation. Keep in mind that +400% means 5x improvement. - -$flavour = shift; -while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../../perlasm/arm-xlate.pl" and -f $xlate) or -die "can't locate arm-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -{ -my ($rp,$ap,$bp,$bi,$a0,$a1,$a2,$a3,$t0,$t1,$t2,$t3,$poly1,$poly3, - $acc0,$acc1,$acc2,$acc3,$acc4,$acc5) = - map("x$_",(0..17,19,20)); - -my ($acc6,$acc7)=($ap,$bp); # used in __ecp_nistz256_sqr_mont - -$code.=<<___; -#include <GFp/arm_arch.h> - -.text -.align 5 -.Lpoly: -.quad 0xffffffffffffffff,0x00000000ffffffff,0x0000000000000000,0xffffffff00000001 -.Lone_mont: -.quad 0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe -.Lone: -.quad 1,0,0,0 -.asciz "ECP_NISTZ256 for ARMv8, CRYPTOGAMS by <appro\@openssl.org>" - -// void GFp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl GFp_nistz256_mul_mont -.type GFp_nistz256_mul_mont,%function -.align 4 -GFp_nistz256_mul_mont: - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldr $bi,[$bp] // bp[0] - ldp $a0,$a1,[$ap] - ldp $a2,$a3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_mul_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - ret -.size GFp_nistz256_mul_mont,.-GFp_nistz256_mul_mont - -// void GFp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl GFp_nistz256_sqr_mont -.type GFp_nistz256_sqr_mont,%function -.align 4 -GFp_nistz256_sqr_mont: - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldp $a0,$a1,[$ap] - ldp $a2,$a3,[$ap,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_sqr_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - ret -.size GFp_nistz256_sqr_mont,.-GFp_nistz256_sqr_mont - -// void GFp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl GFp_nistz256_add -.type GFp_nistz256_add,%function -.align 4 -GFp_nistz256_add: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ldp $acc0,$acc1,[$ap] - ldp $t0,$t1,[$bp] - ldp $acc2,$acc3,[$ap,#16] - ldp $t2,$t3,[$bp,#16] - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_add - - ldp x29,x30,[sp],#16 - ret -.size GFp_nistz256_add,.-GFp_nistz256_add - -// void GFp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl GFp_nistz256_neg -.type GFp_nistz256_neg,%function -.align 4 -GFp_nistz256_neg: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - mov $bp,$ap - mov $acc0,xzr // a = 0 - mov $acc1,xzr - mov $acc2,xzr - mov $acc3,xzr - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - bl __ecp_nistz256_sub_from - - ldp x29,x30,[sp],#16 - ret -.size GFp_nistz256_neg,.-GFp_nistz256_neg - -// note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded -// to $a0-$a3 and b[0] - to $bi -.type __ecp_nistz256_mul_mont,%function -.align 4 -__ecp_nistz256_mul_mont: - mul $acc0,$a0,$bi // a[0]*b[0] - umulh $t0,$a0,$bi - - mul $acc1,$a1,$bi // a[1]*b[0] - umulh $t1,$a1,$bi - - mul $acc2,$a2,$bi // a[2]*b[0] - umulh $t2,$a2,$bi - - mul $acc3,$a3,$bi // a[3]*b[0] - umulh $t3,$a3,$bi - ldr $bi,[$bp,#8] // b[1] - - adds $acc1,$acc1,$t0 // accumulate high parts of multiplication - lsl $t0,$acc0,#32 - adcs $acc2,$acc2,$t1 - lsr $t1,$acc0,#32 - adcs $acc3,$acc3,$t2 - adc $acc4,xzr,$t3 - mov $acc5,xzr -___ -for($i=1;$i<4;$i++) { - # Reduction iteration is normally performed by accumulating - # result of multiplication of modulus by "magic" digit [and - # omitting least significant word, which is guaranteed to - # be 0], but thanks to special form of modulus and "magic" - # digit being equal to least significant word, it can be - # performed with additions and subtractions alone. Indeed: - # - # ffff0001.00000000.0000ffff.ffffffff - # * abcdefgh - # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh - # - # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we - # rewrite above as: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh - # + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000 - # - 0000abcd.efgh0000.00000000.00000000.abcdefgh - # - # or marking redundant operations: - # - # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.-------- - # + abcdefgh.abcdefgh.0000abcd.efgh0000.-------- - # - 0000abcd.efgh0000.--------.--------.-------- - -$code.=<<___; - subs $t2,$acc0,$t0 // "*0xffff0001" - sbc $t3,$acc0,$t1 - adds $acc0,$acc1,$t0 // +=acc[0]<<96 and omit acc[0] - mul $t0,$a0,$bi // lo(a[0]*b[i]) - adcs $acc1,$acc2,$t1 - mul $t1,$a1,$bi // lo(a[1]*b[i]) - adcs $acc2,$acc3,$t2 // +=acc[0]*0xffff0001 - mul $t2,$a2,$bi // lo(a[2]*b[i]) - adcs $acc3,$acc4,$t3 - mul $t3,$a3,$bi // lo(a[3]*b[i]) - adc $acc4,$acc5,xzr - - adds $acc0,$acc0,$t0 // accumulate low parts of multiplication - umulh $t0,$a0,$bi // hi(a[0]*b[i]) - adcs $acc1,$acc1,$t1 - umulh $t1,$a1,$bi // hi(a[1]*b[i]) - adcs $acc2,$acc2,$t2 - umulh $t2,$a2,$bi // hi(a[2]*b[i]) - adcs $acc3,$acc3,$t3 - umulh $t3,$a3,$bi // hi(a[3]*b[i]) - adc $acc4,$acc4,xzr -___ -$code.=<<___ if ($i<3); - ldr $bi,[$bp,#8*($i+1)] // b[$i+1] -___ -$code.=<<___; - adds $acc1,$acc1,$t0 // accumulate high parts of multiplication - lsl $t0,$acc0,#32 - adcs $acc2,$acc2,$t1 - lsr $t1,$acc0,#32 - adcs $acc3,$acc3,$t2 - adcs $acc4,$acc4,$t3 - adc $acc5,xzr,xzr -___ -} -$code.=<<___; - // last reduction - subs $t2,$acc0,$t0 // "*0xffff0001" - sbc $t3,$acc0,$t1 - adds $acc0,$acc1,$t0 // +=acc[0]<<96 and omit acc[0] - adcs $acc1,$acc2,$t1 - adcs $acc2,$acc3,$t2 // +=acc[0]*0xffff0001 - adcs $acc3,$acc4,$t3 - adc $acc4,$acc5,xzr - - adds $t0,$acc0,#1 // subs $t0,$acc0,#-1 // tmp = ret-modulus - sbcs $t1,$acc1,$poly1 - sbcs $t2,$acc2,xzr - sbcs $t3,$acc3,$poly3 - sbcs xzr,$acc4,xzr // did it borrow? - - csel $acc0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus - csel $acc1,$acc1,$t1,lo - csel $acc2,$acc2,$t2,lo - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,lo - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont - -// note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded -// to $a0-$a3 -.type __ecp_nistz256_sqr_mont,%function -.align 4 -__ecp_nistz256_sqr_mont: - // | | | | | |a1*a0| | - // | | | | |a2*a0| | | - // | |a3*a2|a3*a0| | | | - // | | | |a2*a1| | | | - // | | |a3*a1| | | | | - // *| | | | | | | | 2| - // +|a3*a3|a2*a2|a1*a1|a0*a0| - // |--+--+--+--+--+--+--+--| - // |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx - // - // "can't overflow" below mark carrying into high part of - // multiplication result, which can't overflow, because it - // can never be all ones. - - mul $acc1,$a1,$a0 // a[1]*a[0] - umulh $t1,$a1,$a0 - mul $acc2,$a2,$a0 // a[2]*a[0] - umulh $t2,$a2,$a0 - mul $acc3,$a3,$a0 // a[3]*a[0] - umulh $acc4,$a3,$a0 - - adds $acc2,$acc2,$t1 // accumulate high parts of multiplication - mul $t0,$a2,$a1 // a[2]*a[1] - umulh $t1,$a2,$a1 - adcs $acc3,$acc3,$t2 - mul $t2,$a3,$a1 // a[3]*a[1] - umulh $t3,$a3,$a1 - adc $acc4,$acc4,xzr // can't overflow - - mul $acc5,$a3,$a2 // a[3]*a[2] - umulh $acc6,$a3,$a2 - - adds $t1,$t1,$t2 // accumulate high parts of multiplication - mul $acc0,$a0,$a0 // a[0]*a[0] - adc $t2,$t3,xzr // can't overflow - - adds $acc3,$acc3,$t0 // accumulate low parts of multiplication - umulh $a0,$a0,$a0 - adcs $acc4,$acc4,$t1 - mul $t1,$a1,$a1 // a[1]*a[1] - adcs $acc5,$acc5,$t2 - umulh $a1,$a1,$a1 - adc $acc6,$acc6,xzr // can't overflow - - adds $acc1,$acc1,$acc1 // acc[1-6]*=2 - mul $t2,$a2,$a2 // a[2]*a[2] - adcs $acc2,$acc2,$acc2 - umulh $a2,$a2,$a2 - adcs $acc3,$acc3,$acc3 - mul $t3,$a3,$a3 // a[3]*a[3] - adcs $acc4,$acc4,$acc4 - umulh $a3,$a3,$a3 - adcs $acc5,$acc5,$acc5 - adcs $acc6,$acc6,$acc6 - adc $acc7,xzr,xzr - - adds $acc1,$acc1,$a0 // +a[i]*a[i] - adcs $acc2,$acc2,$t1 - adcs $acc3,$acc3,$a1 - adcs $acc4,$acc4,$t2 - adcs $acc5,$acc5,$a2 - lsl $t0,$acc0,#32 - adcs $acc6,$acc6,$t3 - lsr $t1,$acc0,#32 - adc $acc7,$acc7,$a3 -___ -for($i=0;$i<3;$i++) { # reductions, see commentary in - # multiplication for details -$code.=<<___; - subs $t2,$acc0,$t0 // "*0xffff0001" - sbc $t3,$acc0,$t1 - adds $acc0,$acc1,$t0 // +=acc[0]<<96 and omit acc[0] - adcs $acc1,$acc2,$t1 - lsl $t0,$acc0,#32 - adcs $acc2,$acc3,$t2 // +=acc[0]*0xffff0001 - lsr $t1,$acc0,#32 - adc $acc3,$t3,xzr // can't overflow -___ -} -$code.=<<___; - subs $t2,$acc0,$t0 // "*0xffff0001" - sbc $t3,$acc0,$t1 - adds $acc0,$acc1,$t0 // +=acc[0]<<96 and omit acc[0] - adcs $acc1,$acc2,$t1 - adcs $acc2,$acc3,$t2 // +=acc[0]*0xffff0001 - adc $acc3,$t3,xzr // can't overflow - - adds $acc0,$acc0,$acc4 // accumulate upper half - adcs $acc1,$acc1,$acc5 - adcs $acc2,$acc2,$acc6 - adcs $acc3,$acc3,$acc7 - adc $acc4,xzr,xzr - - adds $t0,$acc0,#1 // subs $t0,$acc0,#-1 // tmp = ret-modulus - sbcs $t1,$acc1,$poly1 - sbcs $t2,$acc2,xzr - sbcs $t3,$acc3,$poly3 - sbcs xzr,$acc4,xzr // did it borrow? - - csel $acc0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus - csel $acc1,$acc1,$t1,lo - csel $acc2,$acc2,$t2,lo - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,lo - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont - -// Note that __ecp_nistz256_add expects both input vectors pre-loaded to -// $a0-$a3 and $t0-$t3. This is done because it's used in multiple -// contexts, e.g. in multiplication by 2 and 3... -.type __ecp_nistz256_add,%function -.align 4 -__ecp_nistz256_add: - adds $acc0,$acc0,$t0 // ret = a+b - adcs $acc1,$acc1,$t1 - adcs $acc2,$acc2,$t2 - adcs $acc3,$acc3,$t3 - adc $ap,xzr,xzr // zap $ap - - adds $t0,$acc0,#1 // subs $t0,$a0,#-1 // tmp = ret-modulus - sbcs $t1,$acc1,$poly1 - sbcs $t2,$acc2,xzr - sbcs $t3,$acc3,$poly3 - sbcs xzr,$ap,xzr // did subtraction borrow? - - csel $acc0,$acc0,$t0,lo // ret = borrow ? ret : ret-modulus - csel $acc1,$acc1,$t1,lo - csel $acc2,$acc2,$t2,lo - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,lo - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_add,.-__ecp_nistz256_add - -.type __ecp_nistz256_sub_from,%function -.align 4 -__ecp_nistz256_sub_from: - ldp $t0,$t1,[$bp] - ldp $t2,$t3,[$bp,#16] - subs $acc0,$acc0,$t0 // ret = a-b - sbcs $acc1,$acc1,$t1 - sbcs $acc2,$acc2,$t2 - sbcs $acc3,$acc3,$t3 - sbc $ap,xzr,xzr // zap $ap - - subs $t0,$acc0,#1 // adds $t0,$a0,#-1 // tmp = ret+modulus - adcs $t1,$acc1,$poly1 - adcs $t2,$acc2,xzr - adc $t3,$acc3,$poly3 - cmp $ap,xzr // did subtraction borrow? - - csel $acc0,$acc0,$t0,eq // ret = borrow ? ret+modulus : ret - csel $acc1,$acc1,$t1,eq - csel $acc2,$acc2,$t2,eq - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,eq - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from - -.type __ecp_nistz256_sub_morf,%function -.align 4 -__ecp_nistz256_sub_morf: - ldp $t0,$t1,[$bp] - ldp $t2,$t3,[$bp,#16] - subs $acc0,$t0,$acc0 // ret = b-a - sbcs $acc1,$t1,$acc1 - sbcs $acc2,$t2,$acc2 - sbcs $acc3,$t3,$acc3 - sbc $ap,xzr,xzr // zap $ap - - subs $t0,$acc0,#1 // adds $t0,$a0,#-1 // tmp = ret+modulus - adcs $t1,$acc1,$poly1 - adcs $t2,$acc2,xzr - adc $t3,$acc3,$poly3 - cmp $ap,xzr // did subtraction borrow? - - csel $acc0,$acc0,$t0,eq // ret = borrow ? ret+modulus : ret - csel $acc1,$acc1,$t1,eq - csel $acc2,$acc2,$t2,eq - stp $acc0,$acc1,[$rp] - csel $acc3,$acc3,$t3,eq - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf - -.type __ecp_nistz256_div_by_2,%function -.align 4 -__ecp_nistz256_div_by_2: - subs $t0,$acc0,#1 // adds $t0,$a0,#-1 // tmp = a+modulus - adcs $t1,$acc1,$poly1 - adcs $t2,$acc2,xzr - adcs $t3,$acc3,$poly3 - adc $ap,xzr,xzr // zap $ap - tst $acc0,#1 // is a even? - - csel $acc0,$acc0,$t0,eq // ret = even ? a : a+modulus - csel $acc1,$acc1,$t1,eq - csel $acc2,$acc2,$t2,eq - csel $acc3,$acc3,$t3,eq - csel $ap,xzr,$ap,eq - - lsr $acc0,$acc0,#1 // ret >>= 1 - orr $acc0,$acc0,$acc1,lsl#63 - lsr $acc1,$acc1,#1 - orr $acc1,$acc1,$acc2,lsl#63 - lsr $acc2,$acc2,#1 - orr $acc2,$acc2,$acc3,lsl#63 - lsr $acc3,$acc3,#1 - stp $acc0,$acc1,[$rp] - orr $acc3,$acc3,$ap,lsl#63 - stp $acc2,$acc3,[$rp,#16] - - ret -.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 -___ -######################################################################## -# following subroutines are "literal" implementation of those found in -# ecp_nistz256.c -# -######################################################################## -# void GFp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -{ -my ($S,$M,$Zsqr,$tmp0)=map(32*$_,(0..3)); -# above map() describes stack layout with 4 temporary -# 256-bit vectors on top. -my ($rp_real,$ap_real) = map("x$_",(21,22)); - -$code.=<<___; -.globl GFp_nistz256_point_double -.type GFp_nistz256_point_double,%function -.align 5 -GFp_nistz256_point_double: - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - sub sp,sp,#32*4 - -.Ldouble_shortcut: - ldp $acc0,$acc1,[$ap,#32] - mov $rp_real,$rp - ldp $acc2,$acc3,[$ap,#48] - mov $ap_real,$ap - ldr $poly1,.Lpoly+8 - mov $t0,$acc0 - ldr $poly3,.Lpoly+24 - mov $t1,$acc1 - ldp $a0,$a1,[$ap_real,#64] // forward load for p256_sqr_mont - mov $t2,$acc2 - mov $t3,$acc3 - ldp $a2,$a3,[$ap_real,#64+16] - add $rp,sp,#$S - bl __ecp_nistz256_add // p256_mul_by_2(S, in_y); - - add $rp,sp,#$Zsqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Zsqr, in_z); - - ldp $t0,$t1,[$ap_real] - ldp $t2,$t3,[$ap_real,#16] - mov $a0,$acc0 // put Zsqr aside for p256_sub - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - add $rp,sp,#$M - bl __ecp_nistz256_add // p256_add(M, Zsqr, in_x); - - add $bp,$ap_real,#0 - mov $acc0,$a0 // restore Zsqr - mov $acc1,$a1 - ldp $a0,$a1,[sp,#$S] // forward load for p256_sqr_mont - mov $acc2,$a2 - mov $acc3,$a3 - ldp $a2,$a3,[sp,#$S+16] - add $rp,sp,#$Zsqr - bl __ecp_nistz256_sub_morf // p256_sub(Zsqr, in_x, Zsqr); - - add $rp,sp,#$S - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(S, S); - - ldr $bi,[$ap_real,#32] - ldp $a0,$a1,[$ap_real,#64] - ldp $a2,$a3,[$ap_real,#64+16] - add $bp,$ap_real,#32 - add $rp,sp,#$tmp0 - bl __ecp_nistz256_mul_mont // p256_mul_mont(tmp0, in_z, in_y); - - mov $t0,$acc0 - mov $t1,$acc1 - ldp $a0,$a1,[sp,#$S] // forward load for p256_sqr_mont - mov $t2,$acc2 - mov $t3,$acc3 - ldp $a2,$a3,[sp,#$S+16] - add $rp,$rp_real,#64 - bl __ecp_nistz256_add // p256_mul_by_2(res_z, tmp0); - - add $rp,sp,#$tmp0 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(tmp0, S); - - ldr $bi,[sp,#$Zsqr] // forward load for p256_mul_mont - ldp $a0,$a1,[sp,#$M] - ldp $a2,$a3,[sp,#$M+16] - add $rp,$rp_real,#32 - bl __ecp_nistz256_div_by_2 // p256_div_by_2(res_y, tmp0); - - add $bp,sp,#$Zsqr - add $rp,sp,#$M - bl __ecp_nistz256_mul_mont // p256_mul_mont(M, M, Zsqr); - - mov $t0,$acc0 // duplicate M - mov $t1,$acc1 - mov $t2,$acc2 - mov $t3,$acc3 - mov $a0,$acc0 // put M aside - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - add $rp,sp,#$M - bl __ecp_nistz256_add - mov $t0,$a0 // restore M - mov $t1,$a1 - ldr $bi,[$ap_real] // forward load for p256_mul_mont - mov $t2,$a2 - ldp $a0,$a1,[sp,#$S] - mov $t3,$a3 - ldp $a2,$a3,[sp,#$S+16] - bl __ecp_nistz256_add // p256_mul_by_3(M, M); - - add $bp,$ap_real,#0 - add $rp,sp,#$S - bl __ecp_nistz256_mul_mont // p256_mul_mont(S, S, in_x); - - mov $t0,$acc0 - mov $t1,$acc1 - ldp $a0,$a1,[sp,#$M] // forward load for p256_sqr_mont - mov $t2,$acc2 - mov $t3,$acc3 - ldp $a2,$a3,[sp,#$M+16] - add $rp,sp,#$tmp0 - bl __ecp_nistz256_add // p256_mul_by_2(tmp0, S); - - add $rp,$rp_real,#0 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(res_x, M); - - add $bp,sp,#$tmp0 - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, tmp0); - - add $bp,sp,#$S - add $rp,sp,#$S - bl __ecp_nistz256_sub_morf // p256_sub(S, S, res_x); - - ldr $bi,[sp,#$M] - mov $a0,$acc0 // copy S - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - add $bp,sp,#$M - bl __ecp_nistz256_mul_mont // p256_mul_mont(S, S, M); - - add $bp,$rp_real,#32 - add $rp,$rp_real,#32 - bl __ecp_nistz256_sub_from // p256_sub(res_y, S, res_y); - - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x29,x30,[sp],#80 - ret -.size GFp_nistz256_point_double,.-GFp_nistz256_point_double -___ -} - -######################################################################## -# void GFp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, -# const P256_POINT_AFFINE *in2); -{ -my ($res_x,$res_y,$res_z, - $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..9)); -my $Z1sqr = $S2; -# above map() describes stack layout with 10 temporary -# 256-bit vectors on top. -my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26)); - -$code.=<<___; -.globl GFp_nistz256_point_add_affine -.type GFp_nistz256_point_add_affine,%function -.align 5 -GFp_nistz256_point_add_affine: - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - sub sp,sp,#32*10 - - mov $rp_real,$rp - mov $ap_real,$ap - mov $bp_real,$bp - ldr $poly1,.Lpoly+8 - ldr $poly3,.Lpoly+24 - - ldp $a0,$a1,[$ap,#64] // in1_z - ldp $a2,$a3,[$ap,#64+16] - orr $t0,$a0,$a1 - orr $t2,$a2,$a3 - orr $in1infty,$t0,$t2 - cmp $in1infty,#0 - csetm $in1infty,ne // !in1infty - - ldp $acc0,$acc1,[$bp] // in2_x - ldp $acc2,$acc3,[$bp,#16] - ldp $t0,$t1,[$bp,#32] // in2_y - ldp $t2,$t3,[$bp,#48] - orr $acc0,$acc0,$acc1 - orr $acc2,$acc2,$acc3 - orr $t0,$t0,$t1 - orr $t2,$t2,$t3 - orr $acc0,$acc0,$acc2 - orr $t0,$t0,$t2 - orr $in2infty,$acc0,$t0 - cmp $in2infty,#0 - csetm $in2infty,ne // !in2infty - - add $rp,sp,#$Z1sqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); - - mov $a0,$acc0 - mov $a1,$acc1 - mov $a2,$acc2 - mov $a3,$acc3 - ldr $bi,[$bp_real] - add $bp,$bp_real,#0 - add $rp,sp,#$U2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, Z1sqr, in2_x); - - add $bp,$ap_real,#0 - ldr $bi,[$ap_real,#64] // forward load for p256_mul_mont - ldp $a0,$a1,[sp,#$Z1sqr] - ldp $a2,$a3,[sp,#$Z1sqr+16] - add $rp,sp,#$H - bl __ecp_nistz256_sub_from // p256_sub(H, U2, in1_x); - - add $bp,$ap_real,#64 - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, Z1sqr, in1_z); - - ldr $bi,[$ap_real,#64] - ldp $a0,$a1,[sp,#$H] - ldp $a2,$a3,[sp,#$H+16] - add $bp,$ap_real,#64 - add $rp,sp,#$res_z - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_z, H, in1_z); - - ldr $bi,[$bp_real,#32] - ldp $a0,$a1,[sp,#$S2] - ldp $a2,$a3,[sp,#$S2+16] - add $bp,$bp_real,#32 - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, S2, in2_y); - - add $bp,$ap_real,#32 - ldp $a0,$a1,[sp,#$H] // forward load for p256_sqr_mont - ldp $a2,$a3,[sp,#$H+16] - add $rp,sp,#$R - bl __ecp_nistz256_sub_from // p256_sub(R, S2, in1_y); - - add $rp,sp,#$Hsqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Hsqr, H); - - ldp $a0,$a1,[sp,#$R] - ldp $a2,$a3,[sp,#$R+16] - add $rp,sp,#$Rsqr - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Rsqr, R); - - ldr $bi,[sp,#$H] - ldp $a0,$a1,[sp,#$Hsqr] - ldp $a2,$a3,[sp,#$Hsqr+16] - add $bp,sp,#$H - add $rp,sp,#$Hcub - bl __ecp_nistz256_mul_mont // p256_mul_mont(Hcub, Hsqr, H); - - ldr $bi,[$ap_real] - ldp $a0,$a1,[sp,#$Hsqr] - ldp $a2,$a3,[sp,#$Hsqr+16] - add $bp,$ap_real,#0 - add $rp,sp,#$U2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, in1_x, Hsqr); - - mov $t0,$acc0 - mov $t1,$acc1 - mov $t2,$acc2 - mov $t3,$acc3 - add $rp,sp,#$Hsqr - bl __ecp_nistz256_add // p256_mul_by_2(Hsqr, U2); - - add $bp,sp,#$Rsqr - add $rp,sp,#$res_x - bl __ecp_nistz256_sub_morf // p256_sub(res_x, Rsqr, Hsqr); - - add $bp,sp,#$Hcub - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, Hcub); - - add $bp,sp,#$U2 - ldr $bi,[$ap_real,#32] // forward load for p256_mul_mont - ldp $a0,$a1,[sp,#$Hcub] - ldp $a2,$a3,[sp,#$Hcub+16] - add $rp,sp,#$res_y - bl __ecp_nistz256_sub_morf // p256_sub(res_y, U2, res_x); - - add $bp,$ap_real,#32 - add $rp,sp,#$S2 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, in1_y, Hcub); - - ldr $bi,[sp,#$R] - ldp $a0,$a1,[sp,#$res_y] - ldp $a2,$a3,[sp,#$res_y+16] - add $bp,sp,#$R - add $rp,sp,#$res_y - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_y, res_y, R); - - add $bp,sp,#$S2 - bl __ecp_nistz256_sub_from // p256_sub(res_y, res_y, S2); - - ldp $a0,$a1,[sp,#$res_x] // res - ldp $a2,$a3,[sp,#$res_x+16] - ldp $t0,$t1,[$bp_real] // in2 - ldp $t2,$t3,[$bp_real,#16] -___ -for($i=0;$i<64;$i+=32) { # conditional moves -$code.=<<___; - ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? - ldp $acc2,$acc3,[$ap_real,#$i+16] - csel $t0,$a0,$t0,ne - csel $t1,$a1,$t1,ne - ldp $a0,$a1,[sp,#$res_x+$i+32] // res - csel $t2,$a2,$t2,ne - csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? - ldp $a2,$a3,[sp,#$res_x+$i+48] - csel $acc0,$t0,$acc0,ne - csel $acc1,$t1,$acc1,ne - ldp $t0,$t1,[$bp_real,#$i+32] // in2 - csel $acc2,$t2,$acc2,ne - csel $acc3,$t3,$acc3,ne - ldp $t2,$t3,[$bp_real,#$i+48] - stp $acc0,$acc1,[$rp_real,#$i] - stp $acc2,$acc3,[$rp_real,#$i+16] -___ -$code.=<<___ if ($i == 0); - adr $bp_real,.Lone_mont-64 -___ -} -$code.=<<___; - ldp $acc0,$acc1,[$ap_real,#$i] // in1 - cmp $in1infty,#0 // !$in1intfy, remember? - ldp $acc2,$acc3,[$ap_real,#$i+16] - csel $t0,$a0,$t0,ne - csel $t1,$a1,$t1,ne - csel $t2,$a2,$t2,ne - csel $t3,$a3,$t3,ne - cmp $in2infty,#0 // !$in2intfy, remember? - csel $acc0,$t0,$acc0,ne - csel $acc1,$t1,$acc1,ne - csel $acc2,$t2,$acc2,ne - csel $acc3,$t3,$acc3,ne - stp $acc0,$acc1,[$rp_real,#$i] - stp $acc2,$acc3,[$rp_real,#$i+16] - - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x29,x30,[sp],#80 - ret -.size GFp_nistz256_point_add_affine,.-GFp_nistz256_point_add_affine -___ -} } - -foreach (split("\n",$code)) { - s/\`([^\`]*)\`/eval $1/ge; - - print $_,"\n"; -} -close STDOUT or die "error closing STDOUT"; diff --git a/crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl b/crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl deleted file mode 100644 index 65212d0..0000000 --- a/crypto/fipsmodule/ec/asm/ecp_nistz256-x86.pl +++ /dev/null @@ -1,1122 +0,0 @@ -#! /usr/bin/env perl -# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# openssl-core@openssl.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.openssl.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== -# -# This product includes cryptographic software written by Eric Young -# (eay@cryptsoft.com). This product includes software written by Tim -# Hudson (tjh@cryptsoft.com). - - -# ==================================================================== -# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL -# project. The module is, however, dual licensed under OpenSSL and -# CRYPTOGAMS licenses depending on where you obtain it. For further -# details see http://www.openssl.org/~appro/cryptogams/. -# ==================================================================== -# -# ECP_NISTZ256 module for x86/SSE2. -# -# October 2014. -# -# Original ECP_NISTZ256 submission targeting x86_64 is detailed in -# http://eprint.iacr.org/2013/816. In the process of adaptation -# original .c module was made 32-bit savvy in order to make this -# implementation possible. -# -# with/without -DECP_NISTZ256_ASM -# Pentium +66-163% -# PIII +72-172% -# P4 +65-132% -# Core2 +90-215% -# Sandy Bridge +105-265% (contemporary i[57]-* are all close to this) -# Atom +65-155% -# Opteron +54-110% -# Bulldozer +99-240% -# VIA Nano +93-290% -# -# Ranges denote minimum and maximum improvement coefficients depending -# on benchmark. Lower coefficients are for ECDSA sign, server-side -# operation. Keep in mind that +200% means 3x improvement. - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -push(@INC,"${dir}","${dir}../../../perlasm"); -require "x86asm.pl"; - -$output=pop; -open STDOUT,">$output"; - -&asm_init($ARGV[0],"ecp_nistz256-x86.pl",$ARGV[$#ARGV] eq "386"); - -$sse2=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&external_label("GFp_ia32cap_P") if ($sse2); - - -######################################################################## -# Keep in mind that constants are stored least to most significant word -&static_label("ONE_mont"); -&set_label("ONE_mont"); -&data_word(1,0,0,-1,-1,-1,-2,0); - - -&function_begin_B("_ecp_nistz256_div_by_2"); - # tmp = a is odd ? a+mod : a - # - # note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # assigning least significant bit of input to one register, - # %ebp, and its negative to another, %edx. - - &mov ("ebp",&DWP(0,"esi")); - &xor ("edx","edx"); - &mov ("ebx",&DWP(4,"esi")); - &mov ("eax","ebp"); - &and ("ebp",1); - &mov ("ecx",&DWP(8,"esi")); - &sub ("edx","ebp"); - - &add ("eax","edx"); - &adc ("ebx","edx"); - &mov (&DWP(0,"edi"),"eax"); - &adc ("ecx","edx"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - - &mov ("eax",&DWP(12,"esi")); - &mov ("ebx",&DWP(16,"esi")); - &adc ("eax",0); - &mov ("ecx",&DWP(20,"esi")); - &adc ("ebx",0); - &mov (&DWP(12,"edi"),"eax"); - &adc ("ecx",0); - &mov (&DWP(16,"edi"),"ebx"); - &mov (&DWP(20,"edi"),"ecx"); - - &mov ("eax",&DWP(24,"esi")); - &mov ("ebx",&DWP(28,"esi")); - &adc ("eax","ebp"); - &adc ("ebx","edx"); - &mov (&DWP(24,"edi"),"eax"); - &sbb ("esi","esi"); # broadcast carry bit - &mov (&DWP(28,"edi"),"ebx"); - - # ret = tmp >> 1 - - &mov ("eax",&DWP(0,"edi")); - &mov ("ebx",&DWP(4,"edi")); - &mov ("ecx",&DWP(8,"edi")); - &mov ("edx",&DWP(12,"edi")); - - &shr ("eax",1); - &mov ("ebp","ebx"); - &shl ("ebx",31); - &or ("eax","ebx"); - - &shr ("ebp",1); - &mov ("ebx","ecx"); - &shl ("ecx",31); - &mov (&DWP(0,"edi"),"eax"); - &or ("ebp","ecx"); - &mov ("eax",&DWP(16,"edi")); - - &shr ("ebx",1); - &mov ("ecx","edx"); - &shl ("edx",31); - &mov (&DWP(4,"edi"),"ebp"); - &or ("ebx","edx"); - &mov ("ebp",&DWP(20,"edi")); - - &shr ("ecx",1); - &mov ("edx","eax"); - &shl ("eax",31); - &mov (&DWP(8,"edi"),"ebx"); - &or ("ecx","eax"); - &mov ("ebx",&DWP(24,"edi")); - - &shr ("edx",1); - &mov ("eax","ebp"); - &shl ("ebp",31); - &mov (&DWP(12,"edi"),"ecx"); - &or ("edx","ebp"); - &mov ("ecx",&DWP(28,"edi")); - - &shr ("eax",1); - &mov ("ebp","ebx"); - &shl ("ebx",31); - &mov (&DWP(16,"edi"),"edx"); - &or ("eax","ebx"); - - &shr ("ebp",1); - &mov ("ebx","ecx"); - &shl ("ecx",31); - &mov (&DWP(20,"edi"),"eax"); - &or ("ebp","ecx"); - - &shr ("ebx",1); - &shl ("esi",31); - &mov (&DWP(24,"edi"),"ebp"); - &or ("ebx","esi"); # handle top-most carry bit - &mov (&DWP(28,"edi"),"ebx"); - - &ret (); -&function_end_B("_ecp_nistz256_div_by_2"); - -######################################################################## -# void GFp_nistz256_add(BN_ULONG edi[8],const BN_ULONG esi[8], -# const BN_ULONG ebp[8]); -&function_begin("GFp_nistz256_add"); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_add"); -&function_end("GFp_nistz256_add"); - -&function_begin_B("_ecp_nistz256_add"); - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &add ("eax",&DWP(0,"ebp")); - &mov ("edx",&DWP(12,"esi")); - &adc ("ebx",&DWP(4,"ebp")); - &mov (&DWP(0,"edi"),"eax"); - &adc ("ecx",&DWP(8,"ebp")); - &mov (&DWP(4,"edi"),"ebx"); - &adc ("edx",&DWP(12,"ebp")); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &adc ("eax",&DWP(16,"ebp")); - &mov ("edx",&DWP(28,"esi")); - &adc ("ebx",&DWP(20,"ebp")); - &mov (&DWP(16,"edi"),"eax"); - &adc ("ecx",&DWP(24,"ebp")); - &mov (&DWP(20,"edi"),"ebx"); - &mov ("esi",0); - &adc ("edx",&DWP(28,"ebp")); - &mov (&DWP(24,"edi"),"ecx"); - &adc ("esi",0); - &mov (&DWP(28,"edi"),"edx"); - - # if a+b >= modulus, subtract modulus. - # - # But since comparison implies subtraction, we subtract modulus - # to see if it borrows, and then subtract it for real if - # subtraction didn't borrow. - - &mov ("eax",&DWP(0,"edi")); - &mov ("ebx",&DWP(4,"edi")); - &mov ("ecx",&DWP(8,"edi")); - &sub ("eax",-1); - &mov ("edx",&DWP(12,"edi")); - &sbb ("ebx",-1); - &mov ("eax",&DWP(16,"edi")); - &sbb ("ecx",-1); - &mov ("ebx",&DWP(20,"edi")); - &sbb ("edx",0); - &mov ("ecx",&DWP(24,"edi")); - &sbb ("eax",0); - &mov ("edx",&DWP(28,"edi")); - &sbb ("ebx",0); - &sbb ("ecx",1); - &sbb ("edx",-1); - &sbb ("esi",0); - - # Note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # by using borrow. - - ¬ ("esi"); - &mov ("eax",&DWP(0,"edi")); - &mov ("ebp","esi"); - &mov ("ebx",&DWP(4,"edi")); - &shr ("ebp",31); - &mov ("ecx",&DWP(8,"edi")); - &sub ("eax","esi"); - &mov ("edx",&DWP(12,"edi")); - &sbb ("ebx","esi"); - &mov (&DWP(0,"edi"),"eax"); - &sbb ("ecx","esi"); - &mov (&DWP(4,"edi"),"ebx"); - &sbb ("edx",0); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &mov ("eax",&DWP(16,"edi")); - &mov ("ebx",&DWP(20,"edi")); - &mov ("ecx",&DWP(24,"edi")); - &sbb ("eax",0); - &mov ("edx",&DWP(28,"edi")); - &sbb ("ebx",0); - &mov (&DWP(16,"edi"),"eax"); - &sbb ("ecx","ebp"); - &mov (&DWP(20,"edi"),"ebx"); - &sbb ("edx","esi"); - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - &ret (); -&function_end_B("_ecp_nistz256_add"); - -&function_begin_B("_ecp_nistz256_sub"); - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &sub ("eax",&DWP(0,"ebp")); - &mov ("edx",&DWP(12,"esi")); - &sbb ("ebx",&DWP(4,"ebp")); - &mov (&DWP(0,"edi"),"eax"); - &sbb ("ecx",&DWP(8,"ebp")); - &mov (&DWP(4,"edi"),"ebx"); - &sbb ("edx",&DWP(12,"ebp")); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &sbb ("eax",&DWP(16,"ebp")); - &mov ("edx",&DWP(28,"esi")); - &sbb ("ebx",&DWP(20,"ebp")); - &sbb ("ecx",&DWP(24,"ebp")); - &mov (&DWP(16,"edi"),"eax"); - &sbb ("edx",&DWP(28,"ebp")); - &mov (&DWP(20,"edi"),"ebx"); - &sbb ("esi","esi"); # broadcast borrow bit - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - # if a-b borrows, add modulus. - # - # Note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # assigning borrow bit to one register, %ebp, and its negative - # to another, %esi. But we started by calculating %esi... - - &mov ("eax",&DWP(0,"edi")); - &mov ("ebp","esi"); - &mov ("ebx",&DWP(4,"edi")); - &shr ("ebp",31); - &mov ("ecx",&DWP(8,"edi")); - &add ("eax","esi"); - &mov ("edx",&DWP(12,"edi")); - &adc ("ebx","esi"); - &mov (&DWP(0,"edi"),"eax"); - &adc ("ecx","esi"); - &mov (&DWP(4,"edi"),"ebx"); - &adc ("edx",0); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &mov ("eax",&DWP(16,"edi")); - &mov ("ebx",&DWP(20,"edi")); - &mov ("ecx",&DWP(24,"edi")); - &adc ("eax",0); - &mov ("edx",&DWP(28,"edi")); - &adc ("ebx",0); - &mov (&DWP(16,"edi"),"eax"); - &adc ("ecx","ebp"); - &mov (&DWP(20,"edi"),"ebx"); - &adc ("edx","esi"); - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - &ret (); -&function_end_B("_ecp_nistz256_sub"); - -######################################################################## -# void GFp_nistz256_neg(BN_ULONG edi[8],const BN_ULONG esi[8]); -&function_begin("GFp_nistz256_neg"); - &mov ("ebp",&wparam(1)); - &mov ("edi",&wparam(0)); - - &xor ("eax","eax"); - &stack_push(8); - &mov (&DWP(0,"esp"),"eax"); - &mov ("esi","esp"); - &mov (&DWP(4,"esp"),"eax"); - &mov (&DWP(8,"esp"),"eax"); - &mov (&DWP(12,"esp"),"eax"); - &mov (&DWP(16,"esp"),"eax"); - &mov (&DWP(20,"esp"),"eax"); - &mov (&DWP(24,"esp"),"eax"); - &mov (&DWP(28,"esp"),"eax"); - - &call ("_ecp_nistz256_sub"); - - &stack_pop(8); -&function_end("GFp_nistz256_neg"); - -&function_begin_B("_picup_eax"); - &mov ("eax",&DWP(0,"esp")); - &ret (); -&function_end_B("_picup_eax"); - -######################################################################## -# void GFp_nistz256_mul_mont(BN_ULONG edi[8],const BN_ULONG esi[8], -# const BN_ULONG ebp[8]); -&function_begin("GFp_nistz256_mul_mont"); - &mov ("esi",&wparam(1)); - &mov ("ebp",&wparam(2)); - if ($sse2) { - &call ("_picup_eax"); - &set_label("pic"); - &picmeup("eax","GFp_ia32cap_P","eax",&label("pic")); - &mov ("eax",&DWP(0,"eax")); } - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_mul_mont"); -&function_end("GFp_nistz256_mul_mont"); - -&function_begin_B("_ecp_nistz256_mul_mont"); - if ($sse2) { - # We always use SSE2 - - ######################################## - # SSE2 code path featuring 32x16-bit - # multiplications is ~2x faster than - # IALU counterpart (except on Atom)... - ######################################## - # stack layout: - # +------------------------------------+< %esp - # | 7 16-byte temporary XMM words, | - # | "sliding" toward lower address | - # . . - # +------------------------------------+ - # | unused XMM word | - # +------------------------------------+< +128,%ebx - # | 8 16-byte XMM words holding copies | - # | of a[i]<<64|a[i] | - # . . - # . . - # +------------------------------------+< +256 - &mov ("edx","esp"); - &sub ("esp",0x100); - - &movd ("xmm7",&DWP(0,"ebp")); # b[0] -> 0000.00xy - &lea ("ebp",&DWP(4,"ebp")); - &pcmpeqd("xmm6","xmm6"); - &psrlq ("xmm6",48); # compose 0xffff<<64|0xffff - - &pshuflw("xmm7","xmm7",0b11011100); # 0000.00xy -> 0000.0x0y - &and ("esp",-64); - &pshufd ("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y - &lea ("ebx",&DWP(0x80,"esp")); - - &movd ("xmm0",&DWP(4*0,"esi")); # a[0] -> 0000.00xy - &pshufd ("xmm0","xmm0",0b11001100); # 0000.00xy -> 00xy.00xy - &movd ("xmm1",&DWP(4*1,"esi")); # a[1] -> ... - &movdqa (&QWP(0x00,"ebx"),"xmm0"); # offload converted a[0] - &pmuludq("xmm0","xmm7"); # a[0]*b[0] - - &movd ("xmm2",&DWP(4*2,"esi")); - &pshufd ("xmm1","xmm1",0b11001100); - &movdqa (&QWP(0x10,"ebx"),"xmm1"); - &pmuludq("xmm1","xmm7"); # a[1]*b[0] - - &movq ("xmm4","xmm0"); # clear upper 64 bits - &pslldq("xmm4",6); - &paddq ("xmm4","xmm0"); - &movdqa("xmm5","xmm4"); - &psrldq("xmm4",10); # upper 32 bits of a[0]*b[0] - &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[0] - - # Upper half of a[0]*b[i] is carried into next multiplication - # iteration, while lower one "participates" in actual reduction. - # Normally latter is done by accumulating result of multiplication - # of modulus by "magic" digit, but thanks to special form of modulus - # and "magic" digit it can be performed only with additions and - # subtractions (see note in IALU section below). Note that we are - # not bothered with carry bits, they are accumulated in "flatten" - # phase after all multiplications and reductions. - - &movd ("xmm3",&DWP(4*3,"esi")); - &pshufd ("xmm2","xmm2",0b11001100); - &movdqa (&QWP(0x20,"ebx"),"xmm2"); - &pmuludq("xmm2","xmm7"); # a[2]*b[0] - &paddq ("xmm1","xmm4"); # a[1]*b[0]+hw(a[0]*b[0]), carry - &movdqa (&QWP(0x00,"esp"),"xmm1"); # t[0] - - &movd ("xmm0",&DWP(4*4,"esi")); - &pshufd ("xmm3","xmm3",0b11001100); - &movdqa (&QWP(0x30,"ebx"),"xmm3"); - &pmuludq("xmm3","xmm7"); # a[3]*b[0] - &movdqa (&QWP(0x10,"esp"),"xmm2"); - - &movd ("xmm1",&DWP(4*5,"esi")); - &pshufd ("xmm0","xmm0",0b11001100); - &movdqa (&QWP(0x40,"ebx"),"xmm0"); - &pmuludq("xmm0","xmm7"); # a[4]*b[0] - &paddq ("xmm3","xmm5"); # a[3]*b[0]+lw(a[0]*b[0]), reduction step - &movdqa (&QWP(0x20,"esp"),"xmm3"); - - &movd ("xmm2",&DWP(4*6,"esi")); - &pshufd ("xmm1","xmm1",0b11001100); - &movdqa (&QWP(0x50,"ebx"),"xmm1"); - &pmuludq("xmm1","xmm7"); # a[5]*b[0] - &movdqa (&QWP(0x30,"esp"),"xmm0"); - &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step - - &movd ("xmm3",&DWP(4*7,"esi")); - &pshufd ("xmm2","xmm2",0b11001100); - &movdqa (&QWP(0x60,"ebx"),"xmm2"); - &pmuludq("xmm2","xmm7"); # a[6]*b[0] - &movdqa (&QWP(0x40,"esp"),"xmm1"); - &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step - - &movd ("xmm0",&DWP(0,"ebp")); # b[1] -> 0000.00xy - &pshufd ("xmm3","xmm3",0b11001100); - &movdqa (&QWP(0x70,"ebx"),"xmm3"); - &pmuludq("xmm3","xmm7"); # a[7]*b[0] - - &pshuflw("xmm7","xmm0",0b11011100); # 0000.00xy -> 0000.0x0y - &movdqa ("xmm0",&QWP(0x00,"ebx")); # pre-load converted a[0] - &pshufd ("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y - - &mov ("ecx",6); - &lea ("ebp",&DWP(4,"ebp")); - &jmp (&label("madd_sse2")); - -&set_label("madd_sse2",16); - &paddq ("xmm2","xmm5"); # a[6]*b[i-1]+lw(a[0]*b[i-1]), reduction step [modulo-scheduled] - &paddq ("xmm3","xmm4"); # a[7]*b[i-1]+lw(a[0]*b[i-1])*0xffffffff, reduction step [modulo-scheduled] - &movdqa ("xmm1",&QWP(0x10,"ebx")); - &pmuludq("xmm0","xmm7"); # a[0]*b[i] - &movdqa(&QWP(0x50,"esp"),"xmm2"); - - &movdqa ("xmm2",&QWP(0x20,"ebx")); - &pmuludq("xmm1","xmm7"); # a[1]*b[i] - &movdqa(&QWP(0x60,"esp"),"xmm3"); - &paddq ("xmm0",&QWP(0x00,"esp")); - - &movdqa ("xmm3",&QWP(0x30,"ebx")); - &pmuludq("xmm2","xmm7"); # a[2]*b[i] - &movq ("xmm4","xmm0"); # clear upper 64 bits - &pslldq("xmm4",6); - &paddq ("xmm1",&QWP(0x10,"esp")); - &paddq ("xmm4","xmm0"); - &movdqa("xmm5","xmm4"); - &psrldq("xmm4",10); # upper 33 bits of a[0]*b[i]+t[0] - - &movdqa ("xmm0",&QWP(0x40,"ebx")); - &pmuludq("xmm3","xmm7"); # a[3]*b[i] - &paddq ("xmm1","xmm4"); # a[1]*b[i]+hw(a[0]*b[i]), carry - &paddq ("xmm2",&QWP(0x20,"esp")); - &movdqa (&QWP(0x00,"esp"),"xmm1"); - - &movdqa ("xmm1",&QWP(0x50,"ebx")); - &pmuludq("xmm0","xmm7"); # a[4]*b[i] - &paddq ("xmm3",&QWP(0x30,"esp")); - &movdqa (&QWP(0x10,"esp"),"xmm2"); - &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] - - &movdqa ("xmm2",&QWP(0x60,"ebx")); - &pmuludq("xmm1","xmm7"); # a[5]*b[i] - &paddq ("xmm3","xmm5"); # a[3]*b[i]+lw(a[0]*b[i]), reduction step - &paddq ("xmm0",&QWP(0x40,"esp")); - &movdqa (&QWP(0x20,"esp"),"xmm3"); - &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step - - &movdqa ("xmm3","xmm7"); - &pmuludq("xmm2","xmm7"); # a[6]*b[i] - &movd ("xmm7",&DWP(0,"ebp")); # b[i++] -> 0000.00xy - &lea ("ebp",&DWP(4,"ebp")); - &paddq ("xmm1",&QWP(0x50,"esp")); - &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step - &movdqa (&QWP(0x30,"esp"),"xmm0"); - &pshuflw("xmm7","xmm7",0b11011100); # 0000.00xy -> 0000.0x0y - - &pmuludq("xmm3",&QWP(0x70,"ebx")); # a[7]*b[i] - &pshufd("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y - &movdqa("xmm0",&QWP(0x00,"ebx")); # pre-load converted a[0] - &movdqa (&QWP(0x40,"esp"),"xmm1"); - &paddq ("xmm2",&QWP(0x60,"esp")); - - &dec ("ecx"); - &jnz (&label("madd_sse2")); - - &paddq ("xmm2","xmm5"); # a[6]*b[6]+lw(a[0]*b[6]), reduction step [modulo-scheduled] - &paddq ("xmm3","xmm4"); # a[7]*b[6]+lw(a[0]*b[6])*0xffffffff, reduction step [modulo-scheduled] - &movdqa ("xmm1",&QWP(0x10,"ebx")); - &pmuludq("xmm0","xmm7"); # a[0]*b[7] - &movdqa(&QWP(0x50,"esp"),"xmm2"); - - &movdqa ("xmm2",&QWP(0x20,"ebx")); - &pmuludq("xmm1","xmm7"); # a[1]*b[7] - &movdqa(&QWP(0x60,"esp"),"xmm3"); - &paddq ("xmm0",&QWP(0x00,"esp")); - - &movdqa ("xmm3",&QWP(0x30,"ebx")); - &pmuludq("xmm2","xmm7"); # a[2]*b[7] - &movq ("xmm4","xmm0"); # clear upper 64 bits - &pslldq("xmm4",6); - &paddq ("xmm1",&QWP(0x10,"esp")); - &paddq ("xmm4","xmm0"); - &movdqa("xmm5","xmm4"); - &psrldq("xmm4",10); # upper 33 bits of a[0]*b[i]+t[0] - - &movdqa ("xmm0",&QWP(0x40,"ebx")); - &pmuludq("xmm3","xmm7"); # a[3]*b[7] - &paddq ("xmm1","xmm4"); # a[1]*b[7]+hw(a[0]*b[7]), carry - &paddq ("xmm2",&QWP(0x20,"esp")); - &movdqa (&QWP(0x00,"esp"),"xmm1"); - - &movdqa ("xmm1",&QWP(0x50,"ebx")); - &pmuludq("xmm0","xmm7"); # a[4]*b[7] - &paddq ("xmm3",&QWP(0x30,"esp")); - &movdqa (&QWP(0x10,"esp"),"xmm2"); - &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] - - &movdqa ("xmm2",&QWP(0x60,"ebx")); - &pmuludq("xmm1","xmm7"); # a[5]*b[7] - &paddq ("xmm3","xmm5"); # reduction step - &paddq ("xmm0",&QWP(0x40,"esp")); - &movdqa (&QWP(0x20,"esp"),"xmm3"); - &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step - - &movdqa ("xmm3",&QWP(0x70,"ebx")); - &pmuludq("xmm2","xmm7"); # a[6]*b[7] - &paddq ("xmm1",&QWP(0x50,"esp")); - &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step - &movdqa (&QWP(0x30,"esp"),"xmm0"); - - &pmuludq("xmm3","xmm7"); # a[7]*b[7] - &pcmpeqd("xmm7","xmm7"); - &movdqa ("xmm0",&QWP(0x00,"esp")); - &pslldq ("xmm7",8); - &movdqa (&QWP(0x40,"esp"),"xmm1"); - &paddq ("xmm2",&QWP(0x60,"esp")); - - &paddq ("xmm2","xmm5"); # a[6]*b[7]+lw(a[0]*b[7]), reduction step - &paddq ("xmm3","xmm4"); # a[6]*b[7]+lw(a[0]*b[7])*0xffffffff, reduction step - &movdqa(&QWP(0x50,"esp"),"xmm2"); - &movdqa(&QWP(0x60,"esp"),"xmm3"); - - &movdqa ("xmm1",&QWP(0x10,"esp")); - &movdqa ("xmm2",&QWP(0x20,"esp")); - &movdqa ("xmm3",&QWP(0x30,"esp")); - - &movq ("xmm4","xmm0"); # "flatten" - &pand ("xmm0","xmm7"); - &xor ("ebp","ebp"); - &pslldq ("xmm4",6); - &movq ("xmm5","xmm1"); - &paddq ("xmm0","xmm4"); - &pand ("xmm1","xmm7"); - &psrldq ("xmm0",6); - &movd ("eax","xmm0"); - &psrldq ("xmm0",4); - - &paddq ("xmm5","xmm0"); - &movdqa ("xmm0",&QWP(0x40,"esp")); - &sub ("eax",-1); # start subtracting modulus, - # this is used to determine - # if result is larger/smaller - # than modulus (see below) - &pslldq ("xmm5",6); - &movq ("xmm4","xmm2"); - &paddq ("xmm1","xmm5"); - &pand ("xmm2","xmm7"); - &psrldq ("xmm1",6); - &mov (&DWP(4*0,"edi"),"eax"); - &movd ("eax","xmm1"); - &psrldq ("xmm1",4); - - &paddq ("xmm4","xmm1"); - &movdqa ("xmm1",&QWP(0x50,"esp")); - &sbb ("eax",-1); - &pslldq ("xmm4",6); - &movq ("xmm5","xmm3"); - &paddq ("xmm2","xmm4"); - &pand ("xmm3","xmm7"); - &psrldq ("xmm2",6); - &mov (&DWP(4*1,"edi"),"eax"); - &movd ("eax","xmm2"); - &psrldq ("xmm2",4); - - &paddq ("xmm5","xmm2"); - &movdqa ("xmm2",&QWP(0x60,"esp")); - &sbb ("eax",-1); - &pslldq ("xmm5",6); - &movq ("xmm4","xmm0"); - &paddq ("xmm3","xmm5"); - &pand ("xmm0","xmm7"); - &psrldq ("xmm3",6); - &mov (&DWP(4*2,"edi"),"eax"); - &movd ("eax","xmm3"); - &psrldq ("xmm3",4); - - &paddq ("xmm4","xmm3"); - &sbb ("eax",0); - &pslldq ("xmm4",6); - &movq ("xmm5","xmm1"); - &paddq ("xmm0","xmm4"); - &pand ("xmm1","xmm7"); - &psrldq ("xmm0",6); - &mov (&DWP(4*3,"edi"),"eax"); - &movd ("eax","xmm0"); - &psrldq ("xmm0",4); - - &paddq ("xmm5","xmm0"); - &sbb ("eax",0); - &pslldq ("xmm5",6); - &movq ("xmm4","xmm2"); - &paddq ("xmm1","xmm5"); - &pand ("xmm2","xmm7"); - &psrldq ("xmm1",6); - &movd ("ebx","xmm1"); - &psrldq ("xmm1",4); - &mov ("esp","edx"); - - &paddq ("xmm4","xmm1"); - &pslldq ("xmm4",6); - &paddq ("xmm2","xmm4"); - &psrldq ("xmm2",6); - &movd ("ecx","xmm2"); - &psrldq ("xmm2",4); - &sbb ("ebx",0); - &movd ("edx","xmm2"); - &pextrw ("esi","xmm2",2); # top-most overflow bit - &sbb ("ecx",1); - &sbb ("edx",-1); - &sbb ("esi",0); # borrow from subtraction - - # Final step is "if result > mod, subtract mod", and at this point - # we have result - mod written to output buffer, as well as borrow - # bit from this subtraction, and if borrow bit is set, we add - # modulus back. - # - # Note that because mod has special form, i.e. consists of - # 0xffffffff, 1 and 0s, we can conditionally synthesize it by - # assigning borrow bit to one register, %ebp, and its negative - # to another, %esi. But we started by calculating %esi... - - &sub ("ebp","esi"); - &add (&DWP(4*0,"edi"),"esi"); # add modulus or zero - &adc (&DWP(4*1,"edi"),"esi"); - &adc (&DWP(4*2,"edi"),"esi"); - &adc (&DWP(4*3,"edi"),0); - &adc ("eax",0); - &adc ("ebx",0); - &mov (&DWP(4*4,"edi"),"eax"); - &adc ("ecx","ebp"); - &mov (&DWP(4*5,"edi"),"ebx"); - &adc ("edx","esi"); - &mov (&DWP(4*6,"edi"),"ecx"); - &mov (&DWP(4*7,"edi"),"edx"); - - &ret (); - -} # Non-SSE2 code removed. - -&function_end_B("_ecp_nistz256_mul_mont"); - -######################################################################## -# following subroutines are "literal" implementation of those found in -# ecp_nistz256.c -# -######################################################################## -# void GFp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); -# -&static_label("point_double_shortcut"); -&function_begin("GFp_nistz256_point_double"); -{ my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); - - &mov ("esi",&wparam(1)); - - # above map() describes stack layout with 5 temporary - # 256-bit vectors on top, then we take extra word for - # GFp_ia32cap_P copy. - &stack_push(8*5+1); - if ($sse2) { - &call ("_picup_eax"); - &set_label("pic"); - &picmeup("edx","GFp_ia32cap_P","eax",&label("pic")); - &mov ("ebp",&DWP(0,"edx")); } - -&set_label("point_double_shortcut"); - &mov ("eax",&DWP(0,"esi")); # copy in_x - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP($in_x+0,"esp"),"eax"); - &mov (&DWP($in_x+4,"esp"),"ebx"); - &mov (&DWP($in_x+8,"esp"),"ecx"); - &mov (&DWP($in_x+12,"esp"),"edx"); - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("edx",&DWP(28,"esi")); - &mov (&DWP($in_x+16,"esp"),"eax"); - &mov (&DWP($in_x+20,"esp"),"ebx"); - &mov (&DWP($in_x+24,"esp"),"ecx"); - &mov (&DWP($in_x+28,"esp"),"edx"); - &mov (&DWP(32*5,"esp"),"ebp"); # GFp_ia32cap_P copy - - &lea ("ebp",&DWP(32,"esi")); - &lea ("esi",&DWP(32,"esi")); - &lea ("edi",&DWP($S,"esp")); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(S, in_y); - - &mov ("eax",&DWP(32*5,"esp")); # GFp_ia32cap_P copy - &mov ("esi",64); - &add ("esi",&wparam(1)); - &lea ("edi",&DWP($Zsqr,"esp")); - &mov ("ebp","esi"); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Zsqr, in_z); - - &mov ("eax",&DWP(32*5,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($S,"esp")); - &lea ("ebp",&DWP($S,"esp")); - &lea ("edi",&DWP($S,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(S, S); - - &mov ("eax",&DWP(32*5,"esp")); # GFp_ia32cap_P copy - &mov ("ebp",&wparam(1)); - &lea ("esi",&DWP(32,"ebp")); - &lea ("ebp",&DWP(64,"ebp")); - &lea ("edi",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(tmp0, in_z, in_y); - - &lea ("esi",&DWP($in_x,"esp")); - &lea ("ebp",&DWP($Zsqr,"esp")); - &lea ("edi",&DWP($M,"esp")); - &call ("_ecp_nistz256_add"); # p256_add(M, in_x, Zsqr); - - &mov ("edi",64); - &lea ("esi",&DWP($tmp0,"esp")); - &lea ("ebp",&DWP($tmp0,"esp")); - &add ("edi",&wparam(0)); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(res_z, tmp0); - - &lea ("esi",&DWP($in_x,"esp")); - &lea ("ebp",&DWP($Zsqr,"esp")); - &lea ("edi",&DWP($Zsqr,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(Zsqr, in_x, Zsqr); - - &mov ("eax",&DWP(32*5,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($S,"esp")); - &lea ("ebp",&DWP($S,"esp")); - &lea ("edi",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(tmp0, S); - - &mov ("eax",&DWP(32*5,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($M,"esp")); - &lea ("ebp",&DWP($Zsqr,"esp")); - &lea ("edi",&DWP($M,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(M, M, Zsqr); - - &mov ("edi",32); - &lea ("esi",&DWP($tmp0,"esp")); - &add ("edi",&wparam(0)); - &call ("_ecp_nistz256_div_by_2"); # p256_div_by_2(res_y, tmp0); - - &lea ("esi",&DWP($M,"esp")); - &lea ("ebp",&DWP($M,"esp")); - &lea ("edi",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_add"); # 1/2 p256_mul_by_3(M, M); - - &mov ("eax",&DWP(32*5,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($in_x,"esp")); - &lea ("ebp",&DWP($S,"esp")); - &lea ("edi",&DWP($S,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S, S, in_x); - - &lea ("esi",&DWP($tmp0,"esp")); - &lea ("ebp",&DWP($M,"esp")); - &lea ("edi",&DWP($M,"esp")); - &call ("_ecp_nistz256_add"); # 2/2 p256_mul_by_3(M, M); - - &lea ("esi",&DWP($S,"esp")); - &lea ("ebp",&DWP($S,"esp")); - &lea ("edi",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(tmp0, S); - - &mov ("eax",&DWP(32*5,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($M,"esp")); - &lea ("ebp",&DWP($M,"esp")); - &mov ("edi",&wparam(0)); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(res_x, M); - - &mov ("esi","edi"); # %edi is still res_x here - &lea ("ebp",&DWP($tmp0,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, tmp0); - - &lea ("esi",&DWP($S,"esp")); - &mov ("ebp","edi"); # %edi is still res_x - &lea ("edi",&DWP($S,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(S, S, res_x); - - &mov ("eax",&DWP(32*5,"esp")); # GFp_ia32cap_P copy - &mov ("esi","edi"); # %edi is still &S - &lea ("ebp",&DWP($M,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S, S, M); - - &mov ("ebp",32); - &lea ("esi",&DWP($S,"esp")); - &add ("ebp",&wparam(0)); - &mov ("edi","ebp"); - &call ("_ecp_nistz256_sub"); # p256_sub(res_y, S, res_y); - - &stack_pop(8*5+1); -} &function_end("GFp_nistz256_point_double"); - -######################################################################## -# void GFp_nistz256_point_add_affine(P256_POINT *out, -# const P256_POINT *in1, -# const P256_POINT_AFFINE *in2); -&function_begin("GFp_nistz256_point_add_affine"); -{ - my ($res_x,$res_y,$res_z, - $in1_x,$in1_y,$in1_z, - $in2_x,$in2_y, - $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); - my $Z1sqr = $S2; - my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); - - &mov ("esi",&wparam(1)); - - # above map() describes stack layout with 15 temporary - # 256-bit vectors on top, then we take extra words for - # !in1infty, !in2infty, and GFp_ia32cap_P copy. - &stack_push(8*15+3); - if ($sse2) { - &call ("_picup_eax"); - &set_label("pic"); - &picmeup("edx","GFp_ia32cap_P","eax",&label("pic")); - &mov ("ebp",&DWP(0,"edx")); } - - &lea ("edi",&DWP($in1_x,"esp")); - for($i=0;$i<96;$i+=16) { - &mov ("eax",&DWP($i+0,"esi")); # copy in1 - &mov ("ebx",&DWP($i+4,"esi")); - &mov ("ecx",&DWP($i+8,"esi")); - &mov ("edx",&DWP($i+12,"esi")); - &mov (&DWP($i+0,"edi"),"eax"); - &mov (&DWP(32*15+8,"esp"),"ebp") if ($i==0); - &mov ("ebp","eax") if ($i==64); - &or ("ebp","eax") if ($i>64); - &mov (&DWP($i+4,"edi"),"ebx"); - &or ("ebp","ebx") if ($i>=64); - &mov (&DWP($i+8,"edi"),"ecx"); - &or ("ebp","ecx") if ($i>=64); - &mov (&DWP($i+12,"edi"),"edx"); - &or ("ebp","edx") if ($i>=64); - } - &xor ("eax","eax"); - &mov ("esi",&wparam(2)); - &sub ("eax","ebp"); - &or ("ebp","eax"); - &sar ("ebp",31); - &mov (&DWP(32*15+0,"esp"),"ebp"); # !in1infty - - &lea ("edi",&DWP($in2_x,"esp")); - for($i=0;$i<64;$i+=16) { - &mov ("eax",&DWP($i+0,"esi")); # copy in2 - &mov ("ebx",&DWP($i+4,"esi")); - &mov ("ecx",&DWP($i+8,"esi")); - &mov ("edx",&DWP($i+12,"esi")); - &mov (&DWP($i+0,"edi"),"eax"); - &mov ("ebp","eax") if ($i==0); - &or ("ebp","eax") if ($i!=0); - &mov (&DWP($i+4,"edi"),"ebx"); - &or ("ebp","ebx"); - &mov (&DWP($i+8,"edi"),"ecx"); - &or ("ebp","ecx"); - &mov (&DWP($i+12,"edi"),"edx"); - &or ("ebp","edx"); - } - &xor ("ebx","ebx"); - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &sub ("ebx","ebp"); - &lea ("esi",&DWP($in1_z,"esp")); - &or ("ebx","ebp"); - &lea ("ebp",&DWP($in1_z,"esp")); - &sar ("ebx",31); - &lea ("edi",&DWP($Z1sqr,"esp")); - &mov (&DWP(32*15+4,"esp"),"ebx"); # !in2infty - - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($in2_x,"esp")); - &mov ("ebp","edi"); # %esi is stull &Z1sqr - &lea ("edi",&DWP($U2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, Z1sqr, in2_x); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($in1_z,"esp")); - &lea ("ebp",&DWP($Z1sqr,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Z1sqr, in1_z); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($in1_x,"esp")); - &lea ("edi",&DWP($H,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(H, U2, in1_x); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($in2_y,"esp")); - &lea ("ebp",&DWP($S2,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S2, in2_y); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($in1_z,"esp")); - &lea ("ebp",&DWP($H,"esp")); - &lea ("edi",&DWP($res_z,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, H, in1_z); - - &lea ("esi",&DWP($S2,"esp")); - &lea ("ebp",&DWP($in1_y,"esp")); - &lea ("edi",&DWP($R,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(R, S2, in1_y); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($H,"esp")); - &lea ("ebp",&DWP($H,"esp")); - &lea ("edi",&DWP($Hsqr,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Hsqr, H); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($R,"esp")); - &lea ("ebp",&DWP($R,"esp")); - &lea ("edi",&DWP($Rsqr,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Rsqr, R); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($in1_x,"esp")); - &lea ("ebp",&DWP($Hsqr,"esp")); - &lea ("edi",&DWP($U2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, in1_x, Hsqr); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($H,"esp")); - &lea ("ebp",&DWP($Hsqr,"esp")); - &lea ("edi",&DWP($Hcub,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(Hcub, Hsqr, H); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($U2,"esp")); - &lea ("edi",&DWP($Hsqr,"esp")); - &call ("_ecp_nistz256_add"); # p256_mul_by_2(Hsqr, U2); - - &lea ("esi",&DWP($Rsqr,"esp")); - &lea ("ebp",&DWP($Hsqr,"esp")); - &lea ("edi",&DWP($res_x,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_x, Rsqr, Hsqr); - - &lea ("esi",&DWP($res_x,"esp")); - &lea ("ebp",&DWP($Hcub,"esp")); - &lea ("edi",&DWP($res_x,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, Hcub); - - &lea ("esi",&DWP($U2,"esp")); - &lea ("ebp",&DWP($res_x,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_y, U2, res_x); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($Hcub,"esp")); - &lea ("ebp",&DWP($in1_y,"esp")); - &lea ("edi",&DWP($S2,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Hcub, in1_y); - - &mov ("eax",&DWP(32*15+8,"esp")); # GFp_ia32cap_P copy - &lea ("esi",&DWP($R,"esp")); - &lea ("ebp",&DWP($res_y,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_y, res_y, R); - - &lea ("esi",&DWP($res_y,"esp")); - &lea ("ebp",&DWP($S2,"esp")); - &lea ("edi",&DWP($res_y,"esp")); - &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); - - &mov ("ebp",&DWP(32*15+0,"esp")); # !in1infty - &mov ("esi",&DWP(32*15+4,"esp")); # !in2infty - &mov ("edi",&wparam(0)); - &mov ("edx","ebp"); - ¬ ("ebp"); - &and ("edx","esi"); - &and ("ebp","esi"); - ¬ ("esi"); - - ######################################## - # conditional moves - for($i=64;$i<96;$i+=4) { - my $one=@ONE_mont[($i-64)/4]; - - &mov ("eax","edx"); - &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp") if ($one && $one!=-1); - &and ("ebx",$one) if ($one && $one!=-1); - &mov ("ecx","esi"); - &and ("ecx",&DWP($in1_x+$i,"esp")); - &or ("eax",$one==-1?"ebp":"ebx") if ($one); - &or ("eax","ecx"); - &mov (&DWP($i,"edi"),"eax"); - } - for($i=0;$i<64;$i+=4) { - &mov ("eax","edx"); - &and ("eax",&DWP($res_x+$i,"esp")); - &mov ("ebx","ebp"); - &and ("ebx",&DWP($in2_x+$i,"esp")); - &mov ("ecx","esi"); - &and ("ecx",&DWP($in1_x+$i,"esp")); - &or ("eax","ebx"); - &or ("eax","ecx"); - &mov (&DWP($i,"edi"),"eax"); - } - &stack_pop(8*15+3); -} &function_end("GFp_nistz256_point_add_affine"); - -&asm_finish(); - -close STDOUT or die "error closing STDOUT"; diff --git a/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl b/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl index f30025e..0575bfd 100644 --- a/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl +++ b/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl @@ -59,7 +59,7 @@ $addx = 1; $code.=<<___; .text -.extern GFp_ia32cap_P +.extern OPENSSL_ia32cap_P # The polynomial .align 64 @@ -90,57 +90,11 @@ my ($r_ptr,$a_ptr,$b_ptr)=("%rdi","%rsi","%rdx"); $code.=<<___; ################################################################################ -# void GFp_nistz256_add(uint64_t res[4], uint64_t a[4], uint64_t b[4]); -.globl GFp_nistz256_add -.type GFp_nistz256_add,\@function,3 +# void nistz256_neg(uint64_t res[4], uint64_t a[4]); +.globl nistz256_neg +.type nistz256_neg,\@function,2 .align 32 -GFp_nistz256_add: - push %r12 - push %r13 - - mov 8*0($a_ptr), $a0 - xor $t4, $t4 - mov 8*1($a_ptr), $a1 - mov 8*2($a_ptr), $a2 - mov 8*3($a_ptr), $a3 - lea .Lpoly(%rip), $a_ptr - - add 8*0($b_ptr), $a0 - adc 8*1($b_ptr), $a1 - mov $a0, $t0 - adc 8*2($b_ptr), $a2 - adc 8*3($b_ptr), $a3 - mov $a1, $t1 - adc \$0, $t4 - - sub 8*0($a_ptr), $a0 - mov $a2, $t2 - sbb 8*1($a_ptr), $a1 - sbb 8*2($a_ptr), $a2 - mov $a3, $t3 - sbb 8*3($a_ptr), $a3 - sbb \$0, $t4 - - cmovc $t0, $a0 - cmovc $t1, $a1 - mov $a0, 8*0($r_ptr) - cmovc $t2, $a2 - mov $a1, 8*1($r_ptr) - cmovc $t3, $a3 - mov $a2, 8*2($r_ptr) - mov $a3, 8*3($r_ptr) - - pop %r13 - pop %r12 - ret -.size GFp_nistz256_add,.-GFp_nistz256_add - -################################################################################ -# void GFp_nistz256_neg(uint64_t res[4], uint64_t a[4]); -.globl GFp_nistz256_neg -.type GFp_nistz256_neg,\@function,2 -.align 32 -GFp_nistz256_neg: +nistz256_neg: .cfi_startproc push %r12 .cfi_push %r12 @@ -189,7 +143,7 @@ GFp_nistz256_neg: .Lneg_epilogue: ret .cfi_endproc -.size GFp_nistz256_neg,.-GFp_nistz256_neg +.size nistz256_neg,.-nistz256_neg ___ } { @@ -200,19 +154,19 @@ my ($poly1,$poly3)=($acc6,$acc7); $code.=<<___; ################################################################################ -# void GFp_p256_scalar_mul_mont( +# void p256_scalar_mul_mont( # uint64_t res[4], # uint64_t a[4], # uint64_t b[4]); -.globl GFp_p256_scalar_mul_mont -.type GFp_p256_scalar_mul_mont,\@function,3 +.globl p256_scalar_mul_mont +.type p256_scalar_mul_mont,\@function,3 .align 32 -GFp_p256_scalar_mul_mont: +p256_scalar_mul_mont: .cfi_startproc ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip), %rcx + leaq OPENSSL_ia32cap_P(%rip), %rcx mov 8(%rcx), %rcx and \$0x80100, %ecx cmp \$0x80100, %ecx @@ -528,22 +482,22 @@ $code.=<<___; .Lord_mul_epilogue: ret .cfi_endproc -.size GFp_p256_scalar_mul_mont,.-GFp_p256_scalar_mul_mont +.size p256_scalar_mul_mont,.-p256_scalar_mul_mont ################################################################################ -# void GFp_p256_scalar_sqr_rep_mont( +# void p256_scalar_sqr_rep_mont( # uint64_t res[4], # uint64_t a[4], # uint64_t rep); -.globl GFp_p256_scalar_sqr_rep_mont -.type GFp_p256_scalar_sqr_rep_mont,\@function,3 +.globl p256_scalar_sqr_rep_mont +.type p256_scalar_sqr_rep_mont,\@function,3 .align 32 -GFp_p256_scalar_sqr_rep_mont: +p256_scalar_sqr_rep_mont: .cfi_startproc ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip), %rcx + leaq OPENSSL_ia32cap_P(%rip), %rcx mov 8(%rcx), %rcx and \$0x80100, %ecx cmp \$0x80100, %ecx @@ -829,7 +783,7 @@ $code.=<<___; .Lord_sqr_epilogue: ret .cfi_endproc -.size GFp_p256_scalar_sqr_rep_mont,.-GFp_p256_scalar_sqr_rep_mont +.size p256_scalar_sqr_rep_mont,.-p256_scalar_sqr_rep_mont ___ $code.=<<___ if ($addx); @@ -1281,19 +1235,19 @@ ___ $code.=<<___; ################################################################################ -# void GFp_nistz256_mul_mont( +# void p256_mul_mont( # uint64_t res[4], # uint64_t a[4], # uint64_t b[4]); -.globl GFp_nistz256_mul_mont -.type GFp_nistz256_mul_mont,\@function,3 +.globl p256_mul_mont +.type p256_mul_mont,\@function,3 .align 32 -GFp_nistz256_mul_mont: +p256_mul_mont: .cfi_startproc ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip), %rcx + leaq OPENSSL_ia32cap_P(%rip), %rcx mov 8(%rcx), %rcx and \$0x80100, %ecx ___ @@ -1361,7 +1315,7 @@ $code.=<<___; .Lmul_epilogue: ret .cfi_endproc -.size GFp_nistz256_mul_mont,.-GFp_nistz256_mul_mont +.size p256_mul_mont,.-p256_mul_mont .type __ecp_nistz256_mul_montq,\@abi-omnipotent .align 32 @@ -1582,20 +1536,20 @@ __ecp_nistz256_mul_montq: .size __ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq ################################################################################ -# void GFp_nistz256_sqr_mont( +# void p256_sqr_mont( # uint64_t res[4], # uint64_t a[4]); # we optimize the square according to S.Gueron and V.Krasnov, # "Speeding up Big-Number Squaring" -.globl GFp_nistz256_sqr_mont -.type GFp_nistz256_sqr_mont,\@function,2 +.globl p256_sqr_mont +.type p256_sqr_mont,\@function,2 .align 32 -GFp_nistz256_sqr_mont: +p256_sqr_mont: .cfi_startproc ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip), %rcx + leaq OPENSSL_ia32cap_P(%rip), %rcx mov 8(%rcx), %rcx and \$0x80100, %ecx ___ @@ -1658,7 +1612,7 @@ $code.=<<___; .Lsqr_epilogue: ret .cfi_endproc -.size GFp_nistz256_sqr_mont,.-GFp_nistz256_sqr_mont +.size p256_sqr_mont,.-p256_sqr_mont .type __ecp_nistz256_sqr_montq,\@abi-omnipotent .align 32 @@ -2136,22 +2090,22 @@ my ($M1,$T2a,$T2b,$TMP2,$M2,$T2a,$T2b,$TMP2)=map("%xmm$_",(8..15)); $code.=<<___; ################################################################################ -# void GFp_nistz256_select_w5(uint64_t *val, uint64_t *in_t, crypto_word index); -.globl GFp_nistz256_select_w5 -.type GFp_nistz256_select_w5,\@abi-omnipotent +# void nistz256_select_w5(uint64_t *val, uint64_t *in_t, crypto_word index); +.globl nistz256_select_w5 +.type nistz256_select_w5,\@abi-omnipotent .align 32 -GFp_nistz256_select_w5: +nistz256_select_w5: .cfi_startproc ___ $code.=<<___ if ($avx>1); - leaq GFp_ia32cap_P(%rip), %rax + leaq OPENSSL_ia32cap_P(%rip), %rax mov 8(%rax), %rax test \$`1<<5`, %eax jnz .Lavx2_select_w5 ___ $code.=<<___ if ($win64); lea -0x88(%rsp), %rax -.LSEH_begin_GFp_nistz256_select_w5: +.LSEH_begin_nistz256_select_w5: .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax), %rsp .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6, -0x20(%rax) .byte 0x0f,0x29,0x78,0xf0 #movaps %xmm7, -0x10(%rax) @@ -2232,26 +2186,26 @@ ___ $code.=<<___; ret .cfi_endproc -.LSEH_end_GFp_nistz256_select_w5: -.size GFp_nistz256_select_w5,.-GFp_nistz256_select_w5 +.LSEH_end_nistz256_select_w5: +.size nistz256_select_w5,.-nistz256_select_w5 ################################################################################ -# void GFp_nistz256_select_w7(uint64_t *val, uint64_t *in_t, crypto_word index); -.globl GFp_nistz256_select_w7 -.type GFp_nistz256_select_w7,\@abi-omnipotent +# void nistz256_select_w7(uint64_t *val, uint64_t *in_t, crypto_word index); +.globl nistz256_select_w7 +.type nistz256_select_w7,\@abi-omnipotent .align 32 -GFp_nistz256_select_w7: +nistz256_select_w7: .cfi_startproc ___ $code.=<<___ if ($avx>1); - leaq GFp_ia32cap_P(%rip), %rax + leaq OPENSSL_ia32cap_P(%rip), %rax mov 8(%rax), %rax test \$`1<<5`, %eax jnz .Lavx2_select_w7 ___ $code.=<<___ if ($win64); lea -0x88(%rsp), %rax -.LSEH_begin_GFp_nistz256_select_w7: +.LSEH_begin_nistz256_select_w7: .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax), %rsp .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6, -0x20(%rax) .byte 0x0f,0x29,0x78,0xf0 #movaps %xmm7, -0x10(%rax) @@ -2321,8 +2275,8 @@ ___ $code.=<<___; ret .cfi_endproc -.LSEH_end_GFp_nistz256_select_w7: -.size GFp_nistz256_select_w7,.-GFp_nistz256_select_w7 +.LSEH_end_nistz256_select_w7: +.size nistz256_select_w7,.-nistz256_select_w7 ___ } if ($avx>1) { @@ -2333,10 +2287,10 @@ my ($M1,$T1a,$T1b,$T1c,$TMP1)=map("%ymm$_",(10..14)); $code.=<<___; ################################################################################ -# void GFp_nistz256_avx2_select_w5(uint64_t *val, uint64_t *in_t, crypto_word index); -.type GFp_nistz256_avx2_select_w5,\@abi-omnipotent +# void ecp_nistz256_avx2_select_w5(uint64_t *val, uint64_t *in_t, int index); +.type ecp_nistz256_avx2_select_w5,\@abi-omnipotent .align 32 -GFp_nistz256_avx2_select_w5: +ecp_nistz256_avx2_select_w5: .cfi_startproc .Lavx2_select_w5: vzeroupper @@ -2344,7 +2298,7 @@ ___ $code.=<<___ if ($win64); lea -0x88(%rsp), %rax mov %rsp,%r11 -.LSEH_begin_GFp_nistz256_avx2_select_w5: +.LSEH_begin_ecp_nistz256_avx2_select_w5: .byte 0x48,0x8d,0x60,0xe0 # lea -0x20(%rax), %rsp .byte 0xc5,0xf8,0x29,0x70,0xe0 # vmovaps %xmm6, -0x20(%rax) .byte 0xc5,0xf8,0x29,0x78,0xf0 # vmovaps %xmm7, -0x10(%rax) @@ -2426,8 +2380,8 @@ ___ $code.=<<___; ret .cfi_endproc -.LSEH_end_GFp_nistz256_avx2_select_w5: -.size GFp_nistz256_avx2_select_w5,.-GFp_nistz256_avx2_select_w5 +.LSEH_end_ecp_nistz256_avx2_select_w5: +.size ecp_nistz256_avx2_select_w5,.-ecp_nistz256_avx2_select_w5 ___ } if ($avx>1) { @@ -2440,11 +2394,10 @@ my ($M2,$T2a,$T2b,$TMP2)=map("%ymm$_",(12..15)); $code.=<<___; ################################################################################ -# void GFp_nistz256_avx2_select_w7(uint64_t *val, uint64_t *in_t, crypto_word index); -.globl GFp_nistz256_avx2_select_w7 -.type GFp_nistz256_avx2_select_w7,\@abi-omnipotent +# void ecp_nistz256_avx2_select_w7(uint64_t *val, uint64_t *in_t, int index); +.type ecp_nistz256_avx2_select_w7,\@abi-omnipotent .align 32 -GFp_nistz256_avx2_select_w7: +ecp_nistz256_avx2_select_w7: .cfi_startproc .Lavx2_select_w7: vzeroupper @@ -2452,7 +2405,7 @@ ___ $code.=<<___ if ($win64); mov %rsp,%r11 lea -0x88(%rsp), %rax -.LSEH_begin_GFp_nistz256_avx2_select_w7: +.LSEH_begin_ecp_nistz256_avx2_select_w7: .byte 0x48,0x8d,0x60,0xe0 # lea -0x20(%rax), %rsp .byte 0xc5,0xf8,0x29,0x70,0xe0 # vmovaps %xmm6, -0x20(%rax) .byte 0xc5,0xf8,0x29,0x78,0xf0 # vmovaps %xmm7, -0x10(%rax) @@ -2549,18 +2502,8 @@ ___ $code.=<<___; ret .cfi_endproc -.LSEH_end_GFp_nistz256_avx2_select_w7: -.size GFp_nistz256_avx2_select_w7,.-GFp_nistz256_avx2_select_w7 -___ -} else { -$code.=<<___; -.globl GFp_nistz256_avx2_select_w7 -.type GFp_nistz256_avx2_select_w7,\@function,3 -.align 32 -GFp_nistz256_avx2_select_w7: - .byte 0x0f,0x0b # ud2 - ret -.size GFp_nistz256_avx2_select_w7,.-GFp_nistz256_avx2_select_w7 +.LSEH_end_ecp_nistz256_avx2_select_w7: +.size ecp_nistz256_avx2_select_w7,.-ecp_nistz256_avx2_select_w7 ___ } {{{ @@ -2757,14 +2700,14 @@ sub gen_double () { $bias = 0; $code.=<<___; -.globl GFp_nistz256_point_double -.type GFp_nistz256_point_double,\@function,2 +.globl p256_point_double +.type p256_point_double,\@function,2 .align 32 -GFp_nistz256_point_double: +p256_point_double: .cfi_startproc ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip), %rcx + leaq OPENSSL_ia32cap_P(%rip), %rcx mov 8(%rcx), %rcx and \$0x80100, %ecx cmp \$0x80100, %ecx @@ -2776,9 +2719,9 @@ ___ $bias = 128; $code.=<<___; -.type GFp_nistz256_point_doublex,\@function,2 +.type p256_point_doublex,\@function,2 .align 32 -GFp_nistz256_point_doublex: +p256_point_doublex: .cfi_startproc .Lpoint_doublex: ___ @@ -2865,7 +2808,7 @@ $code.=<<___; call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(res_y, S); ___ { -######## GFp_nistz256_div_by_2(res_y, res_y); ########################## +######## ecp_nistz256_div_by_2(res_y, res_y); ########################## # operate in 4-5-6-7 "name space" that matches squaring output # my ($poly1,$poly3)=($a_ptr,$t1); @@ -2988,7 +2931,7 @@ $code.=<<___; .Lpoint_double${x}_epilogue: ret .cfi_endproc -.size GFp_nistz256_point_double$sfx,.-GFp_nistz256_point_double$sfx +.size p256_point_double$sfx,.-p256_point_double$sfx ___ } &gen_double("q"); @@ -3009,14 +2952,14 @@ sub gen_add () { $bias = 0; $code.=<<___; -.globl GFp_nistz256_point_add -.type GFp_nistz256_point_add,\@function,3 +.globl p256_point_add +.type p256_point_add,\@function,3 .align 32 -GFp_nistz256_point_add: +p256_point_add: .cfi_startproc ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip), %rcx + leaq OPENSSL_ia32cap_P(%rip), %rcx mov 8(%rcx), %rcx and \$0x80100, %ecx cmp \$0x80100, %ecx @@ -3028,9 +2971,9 @@ ___ $bias = 128; $code.=<<___; -.type GFp_nistz256_point_addx,\@function,3 +.type p256_point_addx,\@function,3 .align 32 -GFp_nistz256_point_addx: +p256_point_addx: .cfi_startproc .Lpoint_addx: ___ @@ -3387,7 +3330,7 @@ $code.=<<___; .Lpoint_add${x}_epilogue: ret .cfi_endproc -.size GFp_nistz256_point_add$sfx,.-GFp_nistz256_point_add$sfx +.size p256_point_add$sfx,.-p256_point_add$sfx ___ } &gen_add("q"); @@ -3407,14 +3350,14 @@ sub gen_add_affine () { $bias = 0; $code.=<<___; -.globl GFp_nistz256_point_add_affine -.type GFp_nistz256_point_add_affine,\@function,3 +.globl p256_point_add_affine +.type p256_point_add_affine,\@function,3 .align 32 -GFp_nistz256_point_add_affine: +p256_point_add_affine: .cfi_startproc ___ $code.=<<___ if ($addx); - leaq GFp_ia32cap_P(%rip), %rcx + leaq OPENSSL_ia32cap_P(%rip), %rcx mov 8(%rcx), %rcx and \$0x80100, %ecx cmp \$0x80100, %ecx @@ -3426,9 +3369,9 @@ ___ $bias = 128; $code.=<<___; -.type GFp_nistz256_point_add_affinex,\@function,3 +.type p256_point_add_affinex,\@function,3 .align 32 -GFp_nistz256_point_add_affinex: +p256_point_add_affinex: .cfi_startproc .Lpoint_add_affinex: ___ @@ -3712,7 +3655,7 @@ $code.=<<___; .Ladd_affine${x}_epilogue: ret .cfi_endproc -.size GFp_nistz256_point_add_affine$sfx,.-GFp_nistz256_point_add_affine$sfx +.size p256_point_add_affine$sfx,.-p256_point_add_affine$sfx ___ } &gen_add_affine("q"); @@ -4013,17 +3956,17 @@ full_handler: .section .pdata .align 4 - .rva .LSEH_begin_GFp_nistz256_neg - .rva .LSEH_end_GFp_nistz256_neg - .rva .LSEH_info_GFp_nistz256_neg + .rva .LSEH_begin_nistz256_neg + .rva .LSEH_end_nistz256_neg + .rva .LSEH_info_nistz256_neg - .rva .LSEH_begin_GFp_p256_scalar_mul_mont - .rva .LSEH_end_GFp_p256_scalar_mul_mont - .rva .LSEH_info_GFp_p256_scalar_mul_mont + .rva .LSEH_begin_p256_scalar_mul_mont + .rva .LSEH_end_p256_scalar_mul_mont + .rva .LSEH_info_p256_scalar_mul_mont - .rva .LSEH_begin_GFp_p256_scalar_sqr_rep_mont - .rva .LSEH_end_GFp_p256_scalar_sqr_rep_mont - .rva .LSEH_info_GFp_p256_scalar_sqr_rep_mont + .rva .LSEH_begin_p256_scalar_sqr_rep_mont + .rva .LSEH_end_p256_scalar_sqr_rep_mont + .rva .LSEH_info_p256_scalar_sqr_rep_mont ___ $code.=<<___ if ($addx); .rva .LSEH_begin_ecp_nistz256_ord_mul_montx @@ -4035,71 +3978,71 @@ $code.=<<___ if ($addx); .rva .LSEH_info_ecp_nistz256_ord_sqr_montx ___ $code.=<<___; - .rva .LSEH_begin_GFp_nistz256_mul_mont - .rva .LSEH_end_GFp_nistz256_mul_mont - .rva .LSEH_info_GFp_nistz256_mul_mont + .rva .LSEH_begin_p256_mul_mont + .rva .LSEH_end_p256_mul_mont + .rva .LSEH_info_p256_mul_mont - .rva .LSEH_begin_GFp_nistz256_sqr_mont - .rva .LSEH_end_GFp_nistz256_sqr_mont - .rva .LSEH_info_GFp_nistz256_sqr_mont + .rva .LSEH_begin_p256_sqr_mont + .rva .LSEH_end_p256_sqr_mont + .rva .LSEH_info_p256_sqr_mont - .rva .LSEH_begin_GFp_nistz256_select_w5 - .rva .LSEH_end_GFp_nistz256_select_w5 - .rva .LSEH_info_GFp_nistz256_select_wX + .rva .LSEH_begin_nistz256_select_w5 + .rva .LSEH_end_nistz256_select_w5 + .rva .LSEH_info_ecp_nistz256_select_wX - .rva .LSEH_begin_GFp_nistz256_select_w7 - .rva .LSEH_end_GFp_nistz256_select_w7 - .rva .LSEH_info_GFp_nistz256_select_wX + .rva .LSEH_begin_nistz256_select_w7 + .rva .LSEH_end_nistz256_select_w7 + .rva .LSEH_info_ecp_nistz256_select_wX ___ $code.=<<___ if ($avx>1); - .rva .LSEH_begin_GFp_nistz256_avx2_select_w5 - .rva .LSEH_end_GFp_nistz256_avx2_select_w5 - .rva .LSEH_info_GFp_nistz256_avx2_select_wX + .rva .LSEH_begin_ecp_nistz256_avx2_select_w5 + .rva .LSEH_end_ecp_nistz256_avx2_select_w5 + .rva .LSEH_info_ecp_nistz256_avx2_select_wX - .rva .LSEH_begin_GFp_nistz256_avx2_select_w7 - .rva .LSEH_end_GFp_nistz256_avx2_select_w7 - .rva .LSEH_info_GFp_nistz256_avx2_select_wX + .rva .LSEH_begin_ecp_nistz256_avx2_select_w7 + .rva .LSEH_end_ecp_nistz256_avx2_select_w7 + .rva .LSEH_info_ecp_nistz256_avx2_select_wX ___ $code.=<<___; - .rva .LSEH_begin_GFp_nistz256_point_double - .rva .LSEH_end_GFp_nistz256_point_double - .rva .LSEH_info_GFp_nistz256_point_double + .rva .LSEH_begin_p256_point_double + .rva .LSEH_end_p256_point_double + .rva .LSEH_info_p256_point_double - .rva .LSEH_begin_GFp_nistz256_point_add - .rva .LSEH_end_GFp_nistz256_point_add - .rva .LSEH_info_GFp_nistz256_point_add + .rva .LSEH_begin_p256_point_add + .rva .LSEH_end_p256_point_add + .rva .LSEH_info_p256_point_add - .rva .LSEH_begin_GFp_nistz256_point_add_affine - .rva .LSEH_end_GFp_nistz256_point_add_affine - .rva .LSEH_info_GFp_nistz256_point_add_affine + .rva .LSEH_begin_p256_point_add_affine + .rva .LSEH_end_p256_point_add_affine + .rva .LSEH_info_p256_point_add_affine ___ $code.=<<___ if ($addx); - .rva .LSEH_begin_GFp_nistz256_point_doublex - .rva .LSEH_end_GFp_nistz256_point_doublex - .rva .LSEH_info_GFp_nistz256_point_doublex + .rva .LSEH_begin_p256_point_doublex + .rva .LSEH_end_p256_point_doublex + .rva .LSEH_info_p256_point_doublex - .rva .LSEH_begin_GFp_nistz256_point_addx - .rva .LSEH_end_GFp_nistz256_point_addx - .rva .LSEH_info_GFp_nistz256_point_addx + .rva .LSEH_begin_p256_point_addx + .rva .LSEH_end_p256_point_addx + .rva .LSEH_info_p256_point_addx - .rva .LSEH_begin_GFp_nistz256_point_add_affinex - .rva .LSEH_end_GFp_nistz256_point_add_affinex - .rva .LSEH_info_GFp_nistz256_point_add_affinex + .rva .LSEH_begin_p256_point_add_affinex + .rva .LSEH_end_p256_point_add_affinex + .rva .LSEH_info_p256_point_add_affinex ___ $code.=<<___; .section .xdata .align 8 -.LSEH_info_GFp_nistz256_neg: +.LSEH_info_nistz256_neg: .byte 9,0,0,0 .rva short_handler .rva .Lneg_body,.Lneg_epilogue # HandlerData[] -.LSEH_info_GFp_p256_scalar_mul_mont: +.LSEH_info_p256_scalar_mul_mont: .byte 9,0,0,0 .rva full_handler .rva .Lord_mul_body,.Lord_mul_epilogue # HandlerData[] .long 48,0 -.LSEH_info_GFp_p256_scalar_sqr_rep_mont: +.LSEH_info_p256_scalar_sqr_rep_mont: .byte 9,0,0,0 .rva full_handler .rva .Lord_sqr_body,.Lord_sqr_epilogue # HandlerData[] @@ -4118,17 +4061,17 @@ $code.=<<___ if ($addx); .long 48,0 ___ $code.=<<___; -.LSEH_info_GFp_nistz256_mul_mont: +.LSEH_info_p256_mul_mont: .byte 9,0,0,0 .rva full_handler .rva .Lmul_body,.Lmul_epilogue # HandlerData[] .long 48,0 -.LSEH_info_GFp_nistz256_sqr_mont: +.LSEH_info_p256_sqr_mont: .byte 9,0,0,0 .rva full_handler .rva .Lsqr_body,.Lsqr_epilogue # HandlerData[] .long 48,0 -.LSEH_info_GFp_nistz256_select_wX: +.LSEH_info_ecp_nistz256_select_wX: .byte 0x01,0x33,0x16,0x00 .byte 0x33,0xf8,0x09,0x00 #movaps 0x90(rsp),xmm15 .byte 0x2e,0xe8,0x08,0x00 #movaps 0x80(rsp),xmm14 @@ -4144,7 +4087,7 @@ $code.=<<___; .align 8 ___ $code.=<<___ if ($avx>1); -.LSEH_info_GFp_nistz256_avx2_select_wX: +.LSEH_info_ecp_nistz256_avx2_select_wX: .byte 0x01,0x36,0x17,0x0b .byte 0x36,0xf8,0x09,0x00 # vmovaps 0x90(rsp),xmm15 .byte 0x31,0xe8,0x08,0x00 # vmovaps 0x80(rsp),xmm14 @@ -4161,17 +4104,17 @@ $code.=<<___ if ($avx>1); .align 8 ___ $code.=<<___; -.LSEH_info_GFp_nistz256_point_double: +.LSEH_info_p256_point_double: .byte 9,0,0,0 .rva full_handler .rva .Lpoint_doubleq_body,.Lpoint_doubleq_epilogue # HandlerData[] .long 32*5+56,0 -.LSEH_info_GFp_nistz256_point_add: +.LSEH_info_p256_point_add: .byte 9,0,0,0 .rva full_handler .rva .Lpoint_addq_body,.Lpoint_addq_epilogue # HandlerData[] .long 32*18+56,0 -.LSEH_info_GFp_nistz256_point_add_affine: +.LSEH_info_p256_point_add_affine: .byte 9,0,0,0 .rva full_handler .rva .Ladd_affineq_body,.Ladd_affineq_epilogue # HandlerData[] @@ -4179,17 +4122,17 @@ $code.=<<___; ___ $code.=<<___ if ($addx); .align 8 -.LSEH_info_GFp_nistz256_point_doublex: +.LSEH_info_p256_point_doublex: .byte 9,0,0,0 .rva full_handler .rva .Lpoint_doublex_body,.Lpoint_doublex_epilogue # HandlerData[] .long 32*5+56,0 -.LSEH_info_GFp_nistz256_point_addx: +.LSEH_info_p256_point_addx: .byte 9,0,0,0 .rva full_handler .rva .Lpoint_addx_body,.Lpoint_addx_epilogue # HandlerData[] .long 32*18+56,0 -.LSEH_info_GFp_nistz256_point_add_affinex: +.LSEH_info_p256_point_add_affinex: .byte 9,0,0,0 .rva full_handler .rva .Ladd_affinex_body,.Ladd_affinex_epilogue # HandlerData[] diff --git a/crypto/fipsmodule/ec/ecp_nistz.c b/crypto/fipsmodule/ec/ecp_nistz.c index ebbbf33..1811e28 100644 --- a/crypto/fipsmodule/ec/ecp_nistz.c +++ b/crypto/fipsmodule/ec/ecp_nistz.c @@ -25,7 +25,7 @@ * the end. The extra byte is useful because the caller will be breaking |str| * up into windows of a number of bits (5 or 7) that isn't divisible by 8, and * so it is useful for it to be able to read an extra zero byte. */ -void gfp_little_endian_bytes_from_scalar(uint8_t str[], size_t str_len, +void little_endian_bytes_from_scalar(uint8_t str[], size_t str_len, const Limb scalar[], size_t num_limbs) { debug_assert_nonsecret(str_len == (num_limbs * sizeof(Limb)) + 1); diff --git a/crypto/fipsmodule/ec/ecp_nistz.h b/crypto/fipsmodule/ec/ecp_nistz.h index 2bcf4b5..1e74ce0 100644 --- a/crypto/fipsmodule/ec/ecp_nistz.h +++ b/crypto/fipsmodule/ec/ecp_nistz.h @@ -15,7 +15,7 @@ #ifndef OPENSSL_HEADER_EC_ECP_NISTZ_H #define OPENSSL_HEADER_EC_ECP_NISTZ_H -#include <GFp/base.h> +#include <ring-core/base.h> #include "../../limbs/limbs.h" @@ -114,7 +114,7 @@ // is a prime that is much larger than 2^w. It also only holds when windows // are applied from most significant to least significant, doubling between each // window. It does not apply to more complex table strategies such as -// |EC_GFp_nistz256_method|. +// |EC_nistz256_method|. // // PROOF: // @@ -267,8 +267,8 @@ static inline void booth_recode(crypto_word *is_negative, crypto_word *digit, #pragma GCC diagnostic pop #endif -void gfp_little_endian_bytes_from_scalar(uint8_t str[], size_t str_len, - const Limb scalar[], - size_t num_limbs); +void little_endian_bytes_from_scalar(uint8_t str[], size_t str_len, + const Limb scalar[], + size_t num_limbs); #endif // OPENSSL_HEADER_EC_ECP_NISTZ_H diff --git a/crypto/fipsmodule/ec/ecp_nistz256.c b/crypto/fipsmodule/ec/ecp_nistz256.c deleted file mode 100644 index b71100c..0000000 --- a/crypto/fipsmodule/ec/ecp_nistz256.c +++ /dev/null @@ -1,349 +0,0 @@ -/* Copyright (c) 2014, Intel Corporation. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -/* Developers and authors: - * Shay Gueron (1, 2), and Vlad Krasnov (1) - * (1) Intel Corporation, Israel Development Center - * (2) University of Haifa - * Reference: - * Shay Gueron and Vlad Krasnov - * "Fast Prime Field Elliptic Curve Cryptography with 256 Bit Primes" - * http://eprint.iacr.org/2013/816 */ - -#include "ecp_nistz256.h" - -#include "ecp_nistz.h" -#include "../bn/internal.h" -#include "../../limbs/limbs.inl" - -#if defined(__GNUC__) -#pragma GCC diagnostic ignored "-Wsign-conversion" -#endif - -/* Functions implemented in assembly */ -/* Modular neg: res = -a mod P */ -void GFp_nistz256_neg(Limb res[P256_LIMBS], const Limb a[P256_LIMBS]); - - -/* One converted into the Montgomery domain */ -static const Limb ONE[P256_LIMBS] = { - TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000), - TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe), -}; - -static void copy_conditional(Limb dst[P256_LIMBS], - const Limb src[P256_LIMBS], Limb move) { - Limb mask1 = move; - Limb mask2 = ~mask1; - - dst[0] = (src[0] & mask1) ^ (dst[0] & mask2); - dst[1] = (src[1] & mask1) ^ (dst[1] & mask2); - dst[2] = (src[2] & mask1) ^ (dst[2] & mask2); - dst[3] = (src[3] & mask1) ^ (dst[3] & mask2); - if (P256_LIMBS == 8) { - dst[4] = (src[4] & mask1) ^ (dst[4] & mask2); - dst[5] = (src[5] & mask1) ^ (dst[5] & mask2); - dst[6] = (src[6] & mask1) ^ (dst[6] & mask2); - dst[7] = (src[7] & mask1) ^ (dst[7] & mask2); - } -} - -void GFp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); - -#if defined(GFp_USE_LARGE_TABLE) -void GFp_nistz256_point_add_affine(P256_POINT *r, const P256_POINT *a, - const P256_POINT_AFFINE *b); -#endif - -void GFp_nistz256_point_add(P256_POINT *r, const P256_POINT *a, - const P256_POINT *b); - -// |GFp_nistz256_point_add| is defined in assembly language in X86-64 only. -#if !defined(OPENSSL_X86_64) - -static const BN_ULONG Q[P256_LIMBS] = { - TOBN(0xffffffff, 0xffffffff), - TOBN(0x00000000, 0xffffffff), - TOBN(0x00000000, 0x00000000), - TOBN(0xffffffff, 0x00000001), -}; - -static inline Limb is_equal(const Limb a[P256_LIMBS], const Limb b[P256_LIMBS]) { - return LIMBS_equal(a, b, P256_LIMBS); -} - -static inline Limb is_zero(const BN_ULONG a[P256_LIMBS]) { - return LIMBS_are_zero(a, P256_LIMBS); -} - -static inline void elem_mul_by_2(Limb r[P256_LIMBS], const Limb a[P256_LIMBS]) { - LIMBS_shl_mod(r, a, Q, P256_LIMBS); -} - -static inline void elem_mul_mont(Limb r[P256_LIMBS], const Limb a[P256_LIMBS], - const Limb b[P256_LIMBS]) { - GFp_nistz256_mul_mont(r, a, b); -} - -static inline void elem_sqr_mont(Limb r[P256_LIMBS], const Limb a[P256_LIMBS]) { - GFp_nistz256_sqr_mont(r, a); -} - -static inline void elem_sub(Limb r[P256_LIMBS], const Limb a[P256_LIMBS], - const Limb b[P256_LIMBS]) { - LIMBS_sub_mod(r, a, b, Q, P256_LIMBS); -} - -/* Point addition: r = a+b */ -void GFp_nistz256_point_add(P256_POINT *r, const P256_POINT *a, const P256_POINT *b) { - BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS]; - BN_ULONG U1[P256_LIMBS], S1[P256_LIMBS]; - BN_ULONG Z1sqr[P256_LIMBS]; - BN_ULONG Z2sqr[P256_LIMBS]; - BN_ULONG H[P256_LIMBS], R[P256_LIMBS]; - BN_ULONG Hsqr[P256_LIMBS]; - BN_ULONG Rsqr[P256_LIMBS]; - BN_ULONG Hcub[P256_LIMBS]; - - BN_ULONG res_x[P256_LIMBS]; - BN_ULONG res_y[P256_LIMBS]; - BN_ULONG res_z[P256_LIMBS]; - - const BN_ULONG *in1_x = a->X; - const BN_ULONG *in1_y = a->Y; - const BN_ULONG *in1_z = a->Z; - - const BN_ULONG *in2_x = b->X; - const BN_ULONG *in2_y = b->Y; - const BN_ULONG *in2_z = b->Z; - - BN_ULONG in1infty = is_zero(a->Z); - BN_ULONG in2infty = is_zero(b->Z); - - elem_sqr_mont(Z2sqr, in2_z); /* Z2^2 */ - elem_sqr_mont(Z1sqr, in1_z); /* Z1^2 */ - - elem_mul_mont(S1, Z2sqr, in2_z); /* S1 = Z2^3 */ - elem_mul_mont(S2, Z1sqr, in1_z); /* S2 = Z1^3 */ - - elem_mul_mont(S1, S1, in1_y); /* S1 = Y1*Z2^3 */ - elem_mul_mont(S2, S2, in2_y); /* S2 = Y2*Z1^3 */ - elem_sub(R, S2, S1); /* R = S2 - S1 */ - - elem_mul_mont(U1, in1_x, Z2sqr); /* U1 = X1*Z2^2 */ - elem_mul_mont(U2, in2_x, Z1sqr); /* U2 = X2*Z1^2 */ - elem_sub(H, U2, U1); /* H = U2 - U1 */ - - BN_ULONG is_exceptional = is_equal(U1, U2) & ~in1infty & ~in2infty; - if (is_exceptional) { - if (is_equal(S1, S2)) { - GFp_nistz256_point_double(r, a); - } else { - limbs_zero(r->X, P256_LIMBS); - limbs_zero(r->Y, P256_LIMBS); - limbs_zero(r->Z, P256_LIMBS); - } - return; - } - - elem_sqr_mont(Rsqr, R); /* R^2 */ - elem_mul_mont(res_z, H, in1_z); /* Z3 = H*Z1*Z2 */ - elem_sqr_mont(Hsqr, H); /* H^2 */ - elem_mul_mont(res_z, res_z, in2_z); /* Z3 = H*Z1*Z2 */ - elem_mul_mont(Hcub, Hsqr, H); /* H^3 */ - - elem_mul_mont(U2, U1, Hsqr); /* U1*H^2 */ - elem_mul_by_2(Hsqr, U2); /* 2*U1*H^2 */ - - elem_sub(res_x, Rsqr, Hsqr); - elem_sub(res_x, res_x, Hcub); - - elem_sub(res_y, U2, res_x); - - elem_mul_mont(S2, S1, Hcub); - elem_mul_mont(res_y, R, res_y); - elem_sub(res_y, res_y, S2); - - copy_conditional(res_x, in2_x, in1infty); - copy_conditional(res_y, in2_y, in1infty); - copy_conditional(res_z, in2_z, in1infty); - - copy_conditional(res_x, in1_x, in2infty); - copy_conditional(res_y, in1_y, in2infty); - copy_conditional(res_z, in1_z, in2infty); - - limbs_copy(r->X, res_x, P256_LIMBS); - limbs_copy(r->Y, res_y, P256_LIMBS); - limbs_copy(r->Z, res_z, P256_LIMBS); -} -#endif - -/* r = p * p_scalar */ -void GFp_nistz256_point_mul(P256_POINT *r, const Limb p_scalar[P256_LIMBS], - const Limb p_x[P256_LIMBS], - const Limb p_y[P256_LIMBS]) { - static const size_t kWindowSize = 5; - static const crypto_word kMask = (1 << (5 /* kWindowSize */ + 1)) - 1; - - uint8_t p_str[(P256_LIMBS * sizeof(Limb)) + 1]; - gfp_little_endian_bytes_from_scalar(p_str, sizeof(p_str) / sizeof(p_str[0]), - p_scalar, P256_LIMBS); - - /* A |P256_POINT| is (3 * 32) = 96 bytes, and the 64-byte alignment should - * add no more than 63 bytes of overhead. Thus, |table| should require - * ~1599 ((96 * 16) + 63) bytes of stack space. */ - alignas(64) P256_POINT table[16]; - - /* table[0] is implicitly (0,0,0) (the point at infinity), therefore it is - * not stored. All other values are actually stored with an offset of -1 in - * table. */ - P256_POINT *row = table; - - limbs_copy(row[1 - 1].X, p_x, P256_LIMBS); - limbs_copy(row[1 - 1].Y, p_y, P256_LIMBS); - limbs_copy(row[1 - 1].Z, ONE, P256_LIMBS); - - GFp_nistz256_point_double(&row[2 - 1], &row[1 - 1]); - GFp_nistz256_point_add(&row[3 - 1], &row[2 - 1], &row[1 - 1]); - GFp_nistz256_point_double(&row[4 - 1], &row[2 - 1]); - GFp_nistz256_point_double(&row[6 - 1], &row[3 - 1]); - GFp_nistz256_point_double(&row[8 - 1], &row[4 - 1]); - GFp_nistz256_point_double(&row[12 - 1], &row[6 - 1]); - GFp_nistz256_point_add(&row[5 - 1], &row[4 - 1], &row[1 - 1]); - GFp_nistz256_point_add(&row[7 - 1], &row[6 - 1], &row[1 - 1]); - GFp_nistz256_point_add(&row[9 - 1], &row[8 - 1], &row[1 - 1]); - GFp_nistz256_point_add(&row[13 - 1], &row[12 - 1], &row[1 - 1]); - GFp_nistz256_point_double(&row[14 - 1], &row[7 - 1]); - GFp_nistz256_point_double(&row[10 - 1], &row[5 - 1]); - GFp_nistz256_point_add(&row[15 - 1], &row[14 - 1], &row[1 - 1]); - GFp_nistz256_point_add(&row[11 - 1], &row[10 - 1], &row[1 - 1]); - GFp_nistz256_point_double(&row[16 - 1], &row[8 - 1]); - - Limb tmp[P256_LIMBS]; - alignas(32) P256_POINT h; - static const size_t START_INDEX = 256 - 1; - size_t index = START_INDEX; - - crypto_word raw_wvalue; - crypto_word recoded_is_negative; - crypto_word recoded; - - raw_wvalue = p_str[(index - 1) / 8]; - raw_wvalue = (raw_wvalue >> ((index - 1) % 8)) & kMask; - booth_recode(&recoded_is_negative, &recoded, raw_wvalue, kWindowSize); - dev_assert_secret(!recoded_is_negative); - GFp_nistz256_select_w5(r, table, recoded); - - while (index >= kWindowSize) { - if (index != START_INDEX) { - size_t off = (index - 1) / 8; - - raw_wvalue = p_str[off] | p_str[off + 1] << 8; - raw_wvalue = (raw_wvalue >> ((index - 1) % 8)) & kMask; - booth_recode(&recoded_is_negative, &recoded, raw_wvalue, kWindowSize); - - GFp_nistz256_select_w5(&h, table, recoded); - GFp_nistz256_neg(tmp, h.Y); - copy_conditional(h.Y, tmp, recoded_is_negative); - - GFp_nistz256_point_add(r, r, &h); - } - - index -= kWindowSize; - - GFp_nistz256_point_double(r, r); - GFp_nistz256_point_double(r, r); - GFp_nistz256_point_double(r, r); - GFp_nistz256_point_double(r, r); - GFp_nistz256_point_double(r, r); - } - - /* Final window */ - raw_wvalue = p_str[0]; - raw_wvalue = (raw_wvalue << 1) & kMask; - - booth_recode(&recoded_is_negative, &recoded, raw_wvalue, kWindowSize); - GFp_nistz256_select_w5(&h, table, recoded); - GFp_nistz256_neg(tmp, h.Y); - copy_conditional(h.Y, tmp, recoded_is_negative); - GFp_nistz256_point_add(r, r, &h); -} - -#if defined(GFp_USE_LARGE_TABLE) - -/* Precomputed tables for the default generator */ -#include "ecp_nistz256_table.inl" - -static const size_t kWindowSize = 7; - -static inline void select_precomputed(P256_POINT_AFFINE *p, size_t i, - crypto_word raw_wvalue) { - crypto_word recoded_is_negative; - crypto_word recoded; - booth_recode(&recoded_is_negative, &recoded, raw_wvalue, kWindowSize); - GFp_nistz256_select_w7(p, GFp_nistz256_precomputed[i], recoded); - Limb neg_y[P256_LIMBS]; - GFp_nistz256_neg(neg_y, p->Y); - copy_conditional(p->Y, neg_y, recoded_is_negative); -} - -/* This assumes that |x| and |y| have been each been reduced to their minimal - * unique representations. */ -static Limb is_infinity(const Limb x[P256_LIMBS], - const Limb y[P256_LIMBS]) { - Limb acc = 0; - for (size_t i = 0; i < P256_LIMBS; ++i) { - acc |= x[i] | y[i]; - } - return constant_time_is_zero_w(acc); -} - -void GFp_nistz256_point_mul_base(P256_POINT *r, - const Limb g_scalar[P256_LIMBS]) { - static const crypto_word kMask = (1 << (7 /* kWindowSize */ + 1)) - 1; - - uint8_t p_str[(P256_LIMBS * sizeof(Limb)) + 1]; - gfp_little_endian_bytes_from_scalar(p_str, sizeof(p_str) / sizeof(p_str[0]), - g_scalar, P256_LIMBS); - - /* First window */ - size_t index = kWindowSize; - - alignas(32) P256_POINT_AFFINE t; - - crypto_word raw_wvalue = (p_str[0] << 1) & kMask; - select_precomputed(&t, 0, raw_wvalue); - - alignas(32) P256_POINT p; - limbs_copy(p.X, t.X, P256_LIMBS); - limbs_copy(p.Y, t.Y, P256_LIMBS); - limbs_copy(p.Z, ONE, P256_LIMBS); - /* If it is at the point at infinity then p.p.X will be zero. */ - copy_conditional(p.Z, p.X, is_infinity(p.X, p.Y)); - - for (size_t i = 1; i < 37; i++) { - size_t off = (index - 1) / 8; - raw_wvalue = p_str[off] | p_str[off + 1] << 8; - raw_wvalue = (raw_wvalue >> ((index - 1) % 8)) & kMask; - index += kWindowSize; - select_precomputed(&t, i, raw_wvalue); - GFp_nistz256_point_add_affine(&p, &p, &t); - } - - limbs_copy(r->X, p.X, P256_LIMBS); - limbs_copy(r->Y, p.Y, P256_LIMBS); - limbs_copy(r->Z, p.Z, P256_LIMBS); -} - -#endif diff --git a/crypto/fipsmodule/ec/ecp_nistz256.h b/crypto/fipsmodule/ec/ecp_nistz256.h deleted file mode 100644 index 561d415..0000000 --- a/crypto/fipsmodule/ec/ecp_nistz256.h +++ /dev/null @@ -1,54 +0,0 @@ -/* Copyright (c) 2014, Intel Corporation. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#ifndef OPENSSL_HEADER_EC_ECP_NISTZ256_H -#define OPENSSL_HEADER_EC_ECP_NISTZ256_H - -#include "../../limbs/limbs.h" - -// Keep this in sync with p256.rs. -#if defined(OPENSSL_AARCH64) || defined(OPENSSL_X86) || defined(OPENSSL_X86_64) -#define GFp_USE_LARGE_TABLE -#endif - -#define P256_LIMBS (256u / LIMB_BITS) - -typedef struct { - Limb X[P256_LIMBS]; - Limb Y[P256_LIMBS]; - Limb Z[P256_LIMBS]; -} P256_POINT; - -#if defined(GFp_USE_LARGE_TABLE) -typedef struct { - Limb X[P256_LIMBS]; - Limb Y[P256_LIMBS]; -} P256_POINT_AFFINE; -#endif - -typedef Limb PRECOMP256_ROW[64 * 2 * P256_LIMBS]; // 64 (x, y) entries. - -void GFp_nistz256_mul_mont(Limb res[P256_LIMBS], const Limb a[P256_LIMBS], - const Limb b[P256_LIMBS]); -void GFp_nistz256_sqr_mont(Limb res[P256_LIMBS], const Limb a[P256_LIMBS]); - -/* Functions that perform constant time access to the precomputed tables */ -void GFp_nistz256_select_w5(P256_POINT *out, const P256_POINT table[16], - crypto_word index); - -#if defined(GFp_USE_LARGE_TABLE) -void GFp_nistz256_select_w7(P256_POINT_AFFINE *out, const PRECOMP256_ROW table, crypto_word index); -#endif - -#endif /* OPENSSL_HEADER_EC_ECP_NISTZ256_H */ diff --git a/crypto/fipsmodule/ec/ecp_nistz256_table.inl b/crypto/fipsmodule/ec/ecp_nistz256_table.inl deleted file mode 100644 index d4f40c5..0000000 --- a/crypto/fipsmodule/ec/ecp_nistz256_table.inl +++ /dev/null @@ -1,9501 +0,0 @@ -/* Copyright (c) 2015, Intel Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -// This is the precomputed constant time access table for the code in -// GFp_nistz256.c, for the default generator. The table consists of 37 -// subtables, each subtable contains 64 affine points. The affine points are -// encoded as eight uint64's, four for the x coordinate and four for the y. -// Both values are in little-endian order. There are 37 tables because a -// signed, 6-bit recoding of the scalar is used and ceil(256/(6 + 1)) = 37. -// Within each table there are 64 values because the 6-bit recoding can take -// 64 values, ignoring the sign bit, which is implemented by performing a -// negation of the affine point when required. We would like to align it to 2MB -// in order to increase the chances of using a large page but that appears to -// lead to invalid ELF files being produced. - -// This file is generated by make_p256-x86_64-table.go. - -static const alignas(4096) PRECOMP256_ROW GFp_nistz256_precomputed[37] = { - {TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), - TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6), - TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), - TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85), - TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d), - TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b), - TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8), - TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b), - TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb), - TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e), - TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a), - TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07), - TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173), - TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b), - TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447), - TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863), - TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d), - TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8), - TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b), - TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916), - TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e), - TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673), - TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5), - TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f), - TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7), - TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03), - TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd), - TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867), - TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455), - TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d), - TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15), - TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76), - TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841), - TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b), - TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3), - TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b), - TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139), - TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f), - TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08), - TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5), - TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0), - TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073), - TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8), - TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e), - TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33), - TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156), - TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637), - TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca), - TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d), - TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759), - TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3), - TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797), - TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3), - TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e), - TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2), - TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb), - TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b), - TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09), - TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25), - TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4), - TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b), - TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723), - TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587), - TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220), - TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b), - TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e), - TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e), - TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0), - TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e), - TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda), - TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c), - TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d), - TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e), - TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc), - TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5), - TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b), - TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc), - TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e), - TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae), - TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0), - TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d), - TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc), - TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61), - TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3), - TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a), - TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4), - TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4), - TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074), - TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e), - TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42), - TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a), - TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f), - TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35), - TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115), - TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356), - TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a), - TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0), - TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e), - TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950), - TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968), - TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538), - TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10), - TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508), - TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7), - TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313), - TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a), - TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58), - TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31), - TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892), - TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97), - TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68), - TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278), - TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880), - TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48), - TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3), - TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b), - TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1), - TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c), - TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a), - TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72), - TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6), - TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4), - TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028), - TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745), - TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf), - TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4), - TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908), - TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4), - TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103), - TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c), - TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef), - TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4), - TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d), - TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64), - TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92), - TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8), - TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7), - TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521), - TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5), - TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8), - TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f), - TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3), - TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13), - TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526), - TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55), - TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb), - TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850), - TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8), - TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce), - TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c), - TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409), - TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d), - TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346), - TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac), - TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876), - TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408), - TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c), - TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227), - TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34), - TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f), - TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822), - TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f), - TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47), - TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b), - TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7), - TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43), - TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae), - TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d), - TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa), - TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994), - TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8), - TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0), - TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb), - TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291), - TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f), - TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a), - TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18), - TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278), - TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5), - TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5), - TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba), - TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc), - TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b), - TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865), - TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906), - TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd), - TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13), - TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27), - TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0), - TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad), - TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7), - TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2), - TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909), - TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b), - TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a), - TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36), - TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278), - TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7), - TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96), - TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13), - TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f), - TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443), - TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65), - TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d), - TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0), - TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542), - TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562), - TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d), - TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679), - TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0), - TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2), - TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283), - TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f), - TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851), - TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa), - TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb), - TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6), - TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd), - TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4), - TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4), - TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a), - TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63), - TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b), - TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08), - TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29), - TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc), - TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a), - TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626), - TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf), - TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd), - TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad), - TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741), - TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1), - TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7), - TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea), - TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b), - TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7), - TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915), - TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c), - TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832), - TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84), - TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa), - TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d), - TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3), - TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7), - TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413), - TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e), - TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009), - TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed), - TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d), - TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197), - TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70), - TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9), - TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7), - TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82), - TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)}, - {TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54), - TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617), - TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff), - TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188), - TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d), - TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c), - TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5), - TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53), - TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5), - TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6), - TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3), - TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656), - TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5), - TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290), - TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d), - TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108), - TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be), - TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502), - TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220), - TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a), - TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3), - TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4), - TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd), - TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2), - TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95), - TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0), - TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda), - TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232), - TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf), - TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863), - TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd), - TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f), - TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298), - TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c), - TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78), - TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2), - TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8), - TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014), - TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30), - TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb), - TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638), - TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec), - TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314), - TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868), - TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146), - TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e), - TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f), - TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435), - TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2), - TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808), - TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3), - TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd), - TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90), - TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60), - TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347), - TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2), - TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957), - TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec), - TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3), - TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e), - TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509), - TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45), - TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d), - TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f), - TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f), - TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85), - TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54), - TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f), - TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0), - TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6), - TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787), - TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8), - TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d), - TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176), - TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc), - TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1), - TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701), - TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442), - TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30), - TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959), - TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f), - TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f), - TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be), - TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac), - TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295), - TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c), - TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241), - TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97), - TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a), - TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f), - TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0), - TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f), - TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678), - TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48), - TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948), - TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184), - TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6), - TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f), - TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52), - TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369), - TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd), - TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887), - TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682), - TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6), - TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901), - TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef), - TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549), - TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9), - TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f), - TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c), - TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278), - TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f), - TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd), - TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04), - TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad), - TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084), - TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5), - TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723), - TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd), - TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9), - TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2), - TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c), - TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24), - TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2), - TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf), - TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da), - TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad), - TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9), - TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254), - TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39), - TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6), - TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09), - TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3), - TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc), - TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1), - TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6), - TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b), - TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec), - TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14), - TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1), - TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1), - TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09), - TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e), - TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331), - TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830), - TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da), - TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0), - TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7), - TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be), - TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb), - TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1), - TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a), - TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d), - TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b), - TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d), - TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8), - TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a), - TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272), - TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82), - TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525), - TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3), - TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a), - TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159), - TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32), - TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb), - TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4), - TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01), - TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f), - TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a), - TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120), - TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b), - TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1), - TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17), - TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c), - TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3), - TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7), - TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043), - TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2), - TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4), - TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084), - TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546), - TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd), - TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7), - TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715), - TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93), - TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e), - TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26), - TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa), - TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681), - TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663), - TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce), - TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607), - TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c), - TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72), - TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992), - TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8), - TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485), - TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7), - TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50), - TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253), - TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04), - TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1), - TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13), - TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce), - TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13), - TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe), - TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747), - TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a), - TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da), - TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b), - TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0), - TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26), - TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4), - TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621), - TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3), - TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0), - TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de), - TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228), - TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa), - TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d), - TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381), - TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb), - TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9), - TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407), - TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748), - TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb), - TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661), - TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f), - TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c), - TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45), - TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19), - TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45), - TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc), - TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131), - TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980), - TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663), - TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42), - TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589), - TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212), - TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76), - TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e), - TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5), - TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee), - TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd), - TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d), - TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e), - TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773), - TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3), - TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c), - TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0), - TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545), - TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4), - TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182), - TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085), - TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b), - TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)}, - {TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8), - TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551), - TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164), - TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38), - TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0), - TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825), - TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b), - TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a), - TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35), - TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699), - TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562), - TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6), - TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e), - TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219), - TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf), - TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415), - TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012), - TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d), - TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334), - TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f), - TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18), - TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7), - TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0), - TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151), - TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af), - TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3), - TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5), - TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514), - TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142), - TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922), - TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1), - TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b), - TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d), - TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8), - TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69), - TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1), - TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5), - TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41), - TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9), - TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63), - TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b), - TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f), - TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b), - TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440), - TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72), - TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5), - TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900), - TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a), - TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c), - TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf), - TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981), - TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe), - TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031), - TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d), - TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4), - TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88), - TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8), - TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6), - TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03), - TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51), - TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f), - TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f), - TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e), - TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53), - TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c), - TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e), - TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef), - TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d), - TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de), - TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36), - TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8), - TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82), - TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e), - TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee), - TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26), - TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e), - TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337), - TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590), - TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249), - TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b), - TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6), - TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823), - TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71), - TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91), - TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273), - TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067), - TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e), - TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530), - TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606), - TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303), - TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd), - TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a), - TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7), - TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb), - TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976), - TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609), - TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90), - TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3), - TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2), - TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec), - TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43), - TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af), - TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538), - TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6), - TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79), - TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4), - TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225), - TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153), - TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99), - TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8), - TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f), - TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10), - TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864), - TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822), - TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92), - TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87), - TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1), - TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f), - TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3), - TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba), - TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917), - TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8), - TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf), - TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234), - TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1), - TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e), - TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb), - TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f), - TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43), - TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94), - TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3), - TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a), - TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d), - TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf), - TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129), - TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7), - TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4), - TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13), - TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137), - TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85), - TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390), - TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9), - TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06), - TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331), - TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50), - TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f), - TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5), - TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77), - TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2), - TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17), - TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2), - TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76), - TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc), - TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722), - TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b), - TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba), - TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b), - TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c), - TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8), - TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855), - TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73), - TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793), - TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd), - TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07), - TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749), - TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b), - TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55), - TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b), - TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e), - TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f), - TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2), - TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80), - TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114), - TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760), - TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f), - TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d), - TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c), - TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a), - TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5), - TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14), - TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649), - TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd), - TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5), - TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523), - TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92), - TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa), - TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934), - TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50), - TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05), - TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f), - TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32), - TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef), - TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e), - TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6), - TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1), - TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207), - TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c), - TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043), - TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0), - TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391), - TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da), - TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545), - TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92), - TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5), - TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7), - TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1), - TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b), - TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71), - TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18), - TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a), - TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c), - TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a), - TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0), - TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95), - TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee), - TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55), - TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc), - TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21), - TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f), - TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44), - TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea), - TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06), - TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48), - TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d), - TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4), - TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52), - TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840), - TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf), - TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32), - TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd), - TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b), - TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6), - TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958), - TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658), - TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1), - TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab), - TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7), - TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656), - TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945), - TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de), - TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd), - TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984), - TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09), - TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c), - TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e), - TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156), - TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f), - TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd), - TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca), - TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36), - TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af), - TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0), - TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035), - TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3), - TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc), - TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)}, - {TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6), - TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829), - TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8), - TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca), - TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e), - TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db), - TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3), - TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c), - TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b), - TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a), - TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042), - TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f), - TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f), - TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e), - TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509), - TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837), - TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758), - TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68), - TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5), - TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453), - TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6), - TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4), - TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881), - TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6), - TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f), - TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89), - TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34), - TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50), - TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea), - TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed), - TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6), - TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082), - TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e), - TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10), - TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9), - TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a), - TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783), - TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8), - TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60), - TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a), - TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e), - TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346), - TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9), - TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b), - TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3), - TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7), - TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef), - TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3), - TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc), - TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9), - TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e), - TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52), - TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544), - TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f), - TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d), - TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e), - TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755), - TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d), - TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5), - TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f), - TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3), - TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142), - TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942), - TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4), - TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7), - TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0), - TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e), - TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864), - TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024), - TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d), - TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279), - TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab), - TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19), - TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc), - TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d), - TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940), - TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea), - TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d), - TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b), - TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821), - TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b), - TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d), - TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2), - TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d), - TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18), - TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8), - TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246), - TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7), - TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1), - TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006), - TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d), - TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20), - TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318), - TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a), - TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb), - TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b), - TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f), - TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9), - TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88), - TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3), - TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221), - TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb), - TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84), - TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f), - TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267), - TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397), - TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f), - TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec), - TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373), - TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7), - TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead), - TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b), - TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032), - TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db), - TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460), - TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3), - TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e), - TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124), - TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069), - TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431), - TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431), - TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b), - TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57), - TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460), - TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869), - TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc), - TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49), - TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251), - TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205), - TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149), - TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33), - TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e), - TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40), - TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292), - TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4), - TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6), - TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79), - TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d), - TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd), - TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968), - TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c), - TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280), - TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe), - TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac), - TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305), - TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8), - TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010), - TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae), - TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13), - TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed), - TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65), - TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee), - TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd), - TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257), - TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65), - TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d), - TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750), - TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7), - TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251), - TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28), - TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea), - TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e), - TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af), - TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b), - TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa), - TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582), - TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468), - TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0), - TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2), - TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed), - TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0), - TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7), - TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426), - TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241), - TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace), - TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885), - TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2), - TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8), - TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd), - TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab), - TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533), - TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd), - TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1), - TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95), - TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff), - TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71), - TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e), - TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba), - TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734), - TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9), - TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703), - TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953), - TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d), - TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5), - TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1), - TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c), - TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da), - TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311), - TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f), - TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0), - TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877), - TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352), - TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba), - TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8), - TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27), - TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd), - TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f), - TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16), - TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0), - TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e), - TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136), - TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f), - TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7), - TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4), - TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca), - TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42), - TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6), - TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1), - TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed), - TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301), - TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b), - TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02), - TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720), - TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef), - TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e), - TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7), - TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795), - TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900), - TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd), - TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54), - TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa), - TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32), - TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db), - TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c), - TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff), - TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544), - TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892), - TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc), - TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c), - TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e), - TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948), - TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37), - TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65), - TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141), - TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a), - TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f), - TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8), - TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9), - TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d), - TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe), - TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1), - TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805), - TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952), - TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37), - TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b), - TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)}, - {TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206), - TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec), - TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3), - TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c), - TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5), - TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529), - TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80), - TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be), - TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c), - TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436), - TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4), - TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a), - TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc), - TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc), - TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56), - TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba), - TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74), - TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439), - TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a), - TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158), - TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e), - TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4), - TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a), - TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321), - TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493), - TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c), - TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9), - TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b), - TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb), - TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f), - TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca), - TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3), - TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27), - TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6), - TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5), - TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d), - TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7), - TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4), - TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0), - TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080), - TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b), - TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc), - TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186), - TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610), - TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3), - TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297), - TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7), - TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76), - TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef), - TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521), - TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da), - TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370), - TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146), - TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5), - TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980), - TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de), - TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8), - TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519), - TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f), - TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f), - TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0), - TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9), - TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917), - TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3), - TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358), - TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a), - TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61), - TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207), - TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c), - TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60), - TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca), - TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493), - TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0), - TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d), - TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24), - TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01), - TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665), - TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839), - TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b), - TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0), - TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09), - TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c), - TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6), - TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4), - TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484), - TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31), - TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9), - TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9), - TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7), - TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4), - TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324), - TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d), - TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e), - TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43), - TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5), - TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60), - TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba), - TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376), - TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a), - TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d), - TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551), - TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba), - TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628), - TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108), - TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9), - TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510), - TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742), - TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207), - TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4), - TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9), - TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32), - TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4), - TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753), - TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f), - TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f), - TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d), - TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20), - TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975), - TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b), - TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b), - TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7), - TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a), - TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade), - TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b), - TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620), - TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6), - TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44), - TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c), - TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585), - TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d), - TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930), - TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a), - TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493), - TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502), - TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed), - TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58), - TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b), - TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788), - TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669), - TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865), - TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3), - TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d), - TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63), - TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e), - TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42), - TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5), - TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07), - TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129), - TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93), - TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f), - TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f), - TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1), - TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b), - TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91), - TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca), - TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824), - TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522), - TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61), - TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b), - TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2), - TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c), - TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e), - TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02), - TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631), - TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d), - TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432), - TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea), - TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb), - TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522), - TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec), - TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e), - TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7), - TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076), - TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5), - TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef), - TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad), - TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf), - TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3), - TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527), - TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0), - TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde), - TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4), - TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d), - TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650), - TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a), - TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265), - TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176), - TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e), - TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1), - TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7), - TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132), - TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025), - TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76), - TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e), - TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2), - TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b), - TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea), - TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b), - TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81), - TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375), - TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65), - TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a), - TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d), - TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5), - TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20), - TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f), - TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03), - TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82), - TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f), - TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122), - TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a), - TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88), - TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e), - TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431), - TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7), - TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c), - TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb), - TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71), - TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d), - TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68), - TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85), - TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f), - TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928), - TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514), - TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd), - TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1), - TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07), - TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c), - TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573), - TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f), - TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403), - TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728), - TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43), - TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b), - TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c), - TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2), - TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8), - TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904), - TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065), - TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6), - TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0), - TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588), - TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73), - TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493), - TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3), - TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9), - TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58), - TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314), - TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a), - TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288), - TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26), - TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3), - TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5), - TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967), - TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6), - TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)}, - {TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366), - TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5), - TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576), - TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7), - TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957), - TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4), - TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682), - TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae), - TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf), - TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9), - TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4), - TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402), - TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06), - TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381), - TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b), - TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa), - TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784), - TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228), - TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118), - TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e), - TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550), - TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048), - TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7), - TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d), - TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5), - TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f), - TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68), - TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3), - TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67), - TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0), - TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19), - TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077), - TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494), - TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4), - TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7), - TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67), - TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6), - TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8), - TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27), - TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0), - TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096), - TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d), - TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21), - TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb), - TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2), - TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc), - TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c), - TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84), - TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a), - TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b), - TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0), - TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69), - TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937), - TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3), - TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422), - TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6), - TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06), - TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce), - TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598), - TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05), - TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d), - TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08), - TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158), - TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4), - TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221), - TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85), - TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5), - TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284), - TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2), - TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73), - TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90), - TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3), - TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e), - TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a), - TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80), - TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e), - TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4), - TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064), - TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab), - TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02), - TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7), - TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc), - TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1), - TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c), - TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb), - TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8), - TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe), - TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b), - TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736), - TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0), - TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83), - TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393), - TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b), - TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae), - TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5), - TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30), - TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3), - TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a), - TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066), - TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e), - TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3), - TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf), - TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6), - TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289), - TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684), - TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5), - TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e), - TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c), - TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0), - TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f), - TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2), - TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7), - TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a), - TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45), - TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9), - TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5), - TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531), - TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af), - TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f), - TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e), - TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db), - TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7), - TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073), - TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa), - TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87), - TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f), - TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace), - TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58), - TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9), - TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41), - TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f), - TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59), - TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0), - TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961), - TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c), - TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225), - TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef), - TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734), - TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6), - TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6), - TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06), - TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08), - TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de), - TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff), - TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe), - TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e), - TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee), - TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056), - TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0), - TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709), - TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0), - TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a), - TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a), - TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d), - TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6), - TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a), - TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32), - TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d), - TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a), - TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870), - TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653), - TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea), - TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc), - TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf), - TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4), - TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390), - TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc), - TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88), - TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041), - TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe), - TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0), - TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020), - TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079), - TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662), - TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53), - TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d), - TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b), - TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c), - TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c), - TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251), - TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7), - TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238), - TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce), - TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e), - TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c), - TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592), - TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8), - TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08), - TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7), - TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7), - TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc), - TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13), - TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c), - TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63), - TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea), - TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26), - TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1), - TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa), - TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483), - TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c), - TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea), - TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103), - TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4), - TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d), - TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61), - TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80), - TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e), - TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88), - TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3), - TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10), - TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69), - TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413), - TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475), - TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4), - TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d), - TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e), - TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac), - TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553), - TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290), - TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732), - TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f), - TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46), - TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486), - TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a), - TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392), - TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b), - TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa), - TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6), - TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475), - TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644), - TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3), - TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17), - TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44), - TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688), - TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b), - TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c), - TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958), - TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea), - TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb), - TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb), - TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a), - TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50), - TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588), - TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4), - TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420), - TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6), - TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2), - TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd), - TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4), - TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82), - TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8), - TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a), - TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20), - TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8), - TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27), - TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)}, - {TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350), - TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e), - TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b), - TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78), - TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c), - TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893), - TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3), - TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07), - TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325), - TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3), - TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64), - TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614), - TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63), - TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b), - TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71), - TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f), - TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2), - TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad), - TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498), - TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3), - TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6), - TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24), - TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb), - TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4), - TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b), - TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17), - TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621), - TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c), - TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef), - TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39), - TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665), - TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69), - TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9), - TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0), - TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0), - TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8), - TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1), - TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe), - TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c), - TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615), - TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef), - TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba), - TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030), - TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725), - TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362), - TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990), - TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd), - TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca), - TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581), - TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5), - TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51), - TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76), - TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97), - TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd), - TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b), - TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715), - TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51), - TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b), - TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3), - TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924), - TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49), - TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4), - TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb), - TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d), - TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369), - TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae), - TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1), - TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed), - TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3), - TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac), - TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933), - TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369), - TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13), - TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6), - TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956), - TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a), - TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c), - TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55), - TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e), - TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5), - TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a), - TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72), - TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0), - TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704), - TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0), - TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e), - TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092), - TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2), - TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164), - TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0), - TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f), - TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b), - TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b), - TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512), - TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b), - TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd), - TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e), - TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32), - TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963), - TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a), - TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48), - TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a), - TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a), - TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2), - TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925), - TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd), - TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c), - TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae), - TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b), - TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a), - TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb), - TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504), - TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34), - TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f), - TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1), - TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51), - TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9), - TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867), - TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac), - TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85), - TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee), - TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6), - TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c), - TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b), - TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241), - TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df), - TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0), - TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b), - TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034), - TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6), - TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e), - TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0), - TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb), - TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111), - TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7), - TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f), - TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e), - TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02), - TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b), - TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d), - TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d), - TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5), - TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2), - TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc), - TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c), - TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384), - TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752), - TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0), - TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc), - TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc), - TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062), - TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7), - TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8), - TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d), - TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8), - TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19), - TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf), - TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536), - TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837), - TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740), - TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7), - TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7), - TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a), - TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab), - TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8), - TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b), - TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef), - TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75), - TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72), - TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0), - TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79), - TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151), - TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21), - TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a), - TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc), - TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b), - TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f), - TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552), - TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb), - TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8), - TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95), - TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be), - TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387), - TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a), - TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de), - TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3), - TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e), - TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7), - TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57), - TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706), - TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d), - TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5), - TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7), - TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6), - TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d), - TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7), - TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f), - TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db), - TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291), - TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8), - TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080), - TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02), - TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12), - TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc), - TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397), - TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4), - TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba), - TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a), - TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd), - TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180), - TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678), - TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf), - TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f), - TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b), - TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a), - TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9), - TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c), - TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd), - TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011), - TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c), - TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde), - TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0), - TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357), - TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6), - TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719), - TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe), - TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996), - TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e), - TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3), - TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec), - TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44), - TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335), - TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba), - TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686), - TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e), - TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51), - TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c), - TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f), - TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b), - TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b), - TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792), - TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89), - TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2), - TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705), - TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3), - TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734), - TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3), - TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41), - TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075), - TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb), - TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d), - TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643), - TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83), - TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588), - TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127), - TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)}, - {TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c), - TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698), - TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81), - TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d), - TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7), - TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724), - TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac), - TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e), - TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0), - TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd), - TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031), - TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73), - TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e), - TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9), - TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a), - TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695), - TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466), - TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b), - TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15), - TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357), - TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97), - TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d), - TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6), - TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8), - TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da), - TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c), - TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8), - TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07), - TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0), - TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2), - TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5), - TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0), - TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c), - TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e), - TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07), - TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1), - TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8), - TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05), - TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b), - TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b), - TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8), - TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b), - TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821), - TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a), - TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc), - TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd), - TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f), - TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6), - TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461), - TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47), - TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04), - TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc), - TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4), - TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f), - TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040), - TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1), - TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564), - TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619), - TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a), - TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f), - TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b), - TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a), - TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560), - TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd), - TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a), - TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62), - TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880), - TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b), - TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943), - TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894), - TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f), - TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c), - TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290), - TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6), - TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f), - TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d), - TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c), - TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e), - TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342), - TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d), - TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078), - TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645), - TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e), - TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c), - TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9), - TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8), - TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7), - TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c), - TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596), - TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499), - TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b), - TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c), - TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a), - TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43), - TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a), - TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b), - TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0), - TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578), - TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f), - TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442), - TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17), - TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0), - TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271), - TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70), - TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f), - TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1), - TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93), - TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3), - TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232), - TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf), - TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4), - TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a), - TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17), - TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168), - TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d), - TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1), - TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811), - TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a), - TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0), - TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089), - TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682), - TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456), - TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b), - TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12), - TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69), - TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8), - TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e), - TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5), - TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d), - TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb), - TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1), - TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146), - TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c), - TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e), - TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6), - TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004), - TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9), - TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052), - TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219), - TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c), - TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd), - TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e), - TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a), - TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156), - TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b), - TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa), - TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9), - TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125), - TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3), - TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21), - TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643), - TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6), - TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb), - TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec), - TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac), - TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f), - TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d), - TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62), - TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2), - TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49), - TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044), - TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714), - TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1), - TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d), - TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d), - TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5), - TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73), - TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b), - TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb), - TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490), - TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d), - TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1), - TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6), - TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db), - TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44), - TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd), - TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee), - TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c), - TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a), - TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc), - TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726), - TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02), - TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692), - TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8), - TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b), - TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7), - TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22), - TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6), - TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5), - TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff), - TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0), - TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66), - TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c), - TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729), - TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da), - TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1), - TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049), - TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822), - TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40), - TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2), - TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469), - TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8), - TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14), - TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3), - TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18), - TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040), - TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d), - TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7), - TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7), - TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87), - TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988), - TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98), - TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3), - TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558), - TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1), - TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693), - TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363), - TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da), - TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e), - TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e), - TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9), - TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e), - TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10), - TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db), - TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e), - TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd), - TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9), - TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd), - TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083), - TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab), - TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4), - TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face), - TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd), - TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb), - TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d), - TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df), - TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3), - TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2), - TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8), - TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f), - TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d), - TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340), - TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0), - TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68), - TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df), - TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce), - TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d), - TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e), - TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288), - TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc), - TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274), - TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea), - TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410), - TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58), - TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b), - TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)}, - {TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686), - TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54), - TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964), - TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a), - TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef), - TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0), - TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717), - TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6), - TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729), - TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4), - TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05), - TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a), - TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf), - TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87), - TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264), - TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb), - TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94), - TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00), - TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0), - TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd), - TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84), - TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72), - TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1), - TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d), - TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b), - TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e), - TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca), - TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7), - TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624), - TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346), - TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3), - TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b), - TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620), - TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510), - TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac), - TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4), - TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4), - TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a), - TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627), - TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326), - TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e), - TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727), - TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2), - TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc), - TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223), - TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d), - TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168), - TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299), - TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934), - TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6), - TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028), - TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29), - TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108), - TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5), - TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140), - TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2), - TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63), - TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972), - TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42), - TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474), - TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9), - TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20), - TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2), - TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16), - TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6), - TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b), - TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a), - TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284), - TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80), - TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be), - TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd), - TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9), - TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0), - TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517), - TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7), - TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a), - TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27), - TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01), - TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6), - TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86), - TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27), - TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb), - TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6), - TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0), - TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f), - TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804), - TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592), - TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e), - TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab), - TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11), - TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95), - TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49), - TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0), - TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616), - TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c), - TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96), - TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652), - TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d), - TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10), - TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f), - TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144), - TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf), - TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417), - TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c), - TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66), - TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291), - TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e), - TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a), - TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229), - TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3), - TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef), - TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549), - TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032), - TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b), - TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575), - TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771), - TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e), - TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344), - TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae), - TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188), - TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91), - TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958), - TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598), - TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6), - TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496), - TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813), - TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d), - TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782), - TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02), - TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a), - TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410), - TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2), - TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c), - TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c), - TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8), - TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18), - TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b), - TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da), - TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8), - TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88), - TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4), - TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d), - TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac), - TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1), - TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e), - TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826), - TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215), - TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86), - TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333), - TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546), - TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7), - TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb), - TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749), - TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5), - TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b), - TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26), - TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b), - TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f), - TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981), - TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c), - TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760), - TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551), - TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1), - TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5), - TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f), - TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef), - TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df), - TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150), - TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214), - TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c), - TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e), - TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31), - TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393), - TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6), - TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be), - TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022), - TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65), - TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236), - TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188), - TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a), - TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d), - TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db), - TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349), - TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f), - TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697), - TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7), - TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3), - TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45), - TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401), - TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21), - TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1), - TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b), - TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb), - TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de), - TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388), - TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde), - TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9), - TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db), - TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c), - TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0), - TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342), - TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987), - TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb), - TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86), - TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74), - TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0), - TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce), - TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e), - TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6), - TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8), - TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620), - TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13), - TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821), - TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060), - TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901), - TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286), - TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7), - TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324), - TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012), - TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4), - TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2), - TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286), - TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160), - TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a), - TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d), - TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d), - TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057), - TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b), - TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf), - TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64), - TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b), - TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635), - TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091), - TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985), - TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6), - TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27), - TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b), - TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e), - TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32), - TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393), - TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5), - TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94), - TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357), - TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b), - TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1), - TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9), - TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af), - TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913), - TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e), - TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21), - TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659), - TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8), - TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2), - TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d), - TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef), - TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)}, - {TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8), - TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8), - TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98), - TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02), - TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499), - TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f), - TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192), - TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b), - TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869), - TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e), - TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411), - TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d), - TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a), - TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7), - TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426), - TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173), - TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74), - TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102), - TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2), - TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d), - TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7), - TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012), - TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21), - TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae), - TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e), - TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9), - TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652), - TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4), - TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770), - TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c), - TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b), - TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68), - TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69), - TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868), - TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54), - TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d), - TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b), - TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc), - TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208), - TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6), - TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc), - TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b), - TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8), - TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf), - TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce), - TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3), - TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0), - TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158), - TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d), - TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1), - TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e), - TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67), - TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61), - TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e), - TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875), - TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0), - TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94), - TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e), - TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822), - TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0), - TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b), - TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd), - TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f), - TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca), - TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247), - TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433), - TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8), - TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11), - TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741), - TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a), - TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6), - TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834), - TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938), - TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd), - TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35), - TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31), - TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f), - TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403), - TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4), - TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e), - TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e), - TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541), - TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02), - TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3), - TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf), - TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9), - TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52), - TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc), - TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b), - TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72), - TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70), - TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12), - TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1), - TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e), - TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2), - TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28), - TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd), - TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163), - TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce), - TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e), - TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3), - TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe), - TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a), - TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e), - TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98), - TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1), - TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700), - TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a), - TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971), - TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939), - TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2), - TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263), - TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7), - TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3), - TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2), - TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5), - TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09), - TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f), - TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392), - TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da), - TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665), - TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0), - TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c), - TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2), - TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe), - TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9), - TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097), - TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636), - TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f), - TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76), - TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7), - TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294), - TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62), - TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f), - TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d), - TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063), - TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b), - TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b), - TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42), - TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c), - TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e), - TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab), - TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52), - TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39), - TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91), - TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae), - TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b), - TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d), - TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588), - TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da), - TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1), - TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9), - TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35), - TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22), - TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081), - TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80), - TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2), - TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec), - TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7), - TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f), - TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66), - TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83), - TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce), - TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf), - TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902), - TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32), - TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660), - TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d), - TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d), - TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0), - TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46), - TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef), - TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9), - TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec), - TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be), - TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f), - TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293), - TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1), - TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0), - TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115), - TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c), - TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd), - TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d), - TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8), - TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419), - TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2), - TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234), - TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb), - TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350), - TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128), - TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf), - TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362), - TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b), - TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e), - TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573), - TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958), - TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595), - TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842), - TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a), - TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d), - TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171), - TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29), - TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6), - TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc), - TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779), - TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31), - TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a), - TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a), - TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd), - TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5), - TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d), - TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f), - TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274), - TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3), - TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9), - TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87), - TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1), - TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033), - TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3), - TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af), - TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da), - TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd), - TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391), - TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d), - TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a), - TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13), - TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05), - TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e), - TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7), - TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d), - TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4), - TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac), - TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38), - TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f), - TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f), - TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092), - TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70), - TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac), - TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31), - TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f), - TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461), - TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073), - TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811), - TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851), - TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418), - TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027), - TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330), - TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df), - TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f), - TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7), - TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0), - TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e), - TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868), - TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea), - TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff), - TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)}, - {TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb), - TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81), - TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a), - TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522), - TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd), - TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c), - TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea), - TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9), - TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf), - TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e), - TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4), - TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537), - TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f), - TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc), - TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205), - TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de), - TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab), - TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff), - TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8), - TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b), - TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3), - TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f), - TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524), - TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1), - TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8), - TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa), - TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8), - TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474), - TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549), - TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa), - TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd), - TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985), - TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa), - TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8), - TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5), - TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf), - TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c), - TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd), - TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb), - TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5), - TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c), - TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e), - TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca), - TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7), - TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958), - TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d), - TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a), - TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b), - TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e), - TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5), - TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7), - TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a), - TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8), - TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392), - TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4), - TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd), - TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c), - TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744), - TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459), - TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b), - TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379), - TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e), - TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483), - TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa), - TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9), - TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f), - TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a), - TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398), - TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16), - TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1), - TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5), - TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349), - TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d), - TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0), - TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d), - TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9), - TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe), - TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c), - TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4), - TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f), - TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754), - TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3), - TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a), - TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852), - TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac), - TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9), - TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa), - TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323), - TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455), - TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411), - TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435), - TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e), - TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18), - TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495), - TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400), - TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0), - TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210), - TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70), - TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42), - TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a), - TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773), - TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b), - TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832), - TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3), - TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97), - TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01), - TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5), - TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281), - TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc), - TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0), - TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c), - TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6), - TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be), - TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1), - TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e), - TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96), - TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45), - TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e), - TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1), - TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46), - TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863), - TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8), - TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2), - TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024), - TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb), - TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d), - TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4), - TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7), - TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148), - TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40), - TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d), - TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201), - TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41), - TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016), - TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e), - TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1), - TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88), - TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b), - TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443), - TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2), - TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4), - TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e), - TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57), - TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac), - TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b), - TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29), - TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79), - TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031), - TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a), - TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b), - TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752), - TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2), - TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d), - TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13), - TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6), - TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e), - TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165), - TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9), - TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e), - TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561), - TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40), - TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da), - TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02), - TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3), - TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b), - TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639), - TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8), - TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab), - TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10), - TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd), - TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b), - TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8), - TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66), - TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40), - TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd), - TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b), - TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb), - TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442), - TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0), - TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628), - TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be), - TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2), - TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d), - TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca), - TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed), - TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06), - TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57), - TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2), - TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7), - TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435), - TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3), - TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78), - TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c), - TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57), - TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f), - TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c), - TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5), - TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f), - TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7), - TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf), - TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c), - TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8), - TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12), - TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a), - TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919), - TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5), - TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154), - TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1), - TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285), - TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7), - TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c), - TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517), - TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523), - TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00), - TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63), - TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946), - TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1), - TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60), - TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d), - TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d), - TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438), - TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507), - TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2), - TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd), - TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3), - TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126), - TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba), - TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569), - TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b), - TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321), - TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff), - TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731), - TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd), - TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b), - TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1), - TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041), - TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7), - TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6), - TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6), - TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b), - TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5), - TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823), - TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5), - TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1), - TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306), - TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2), - TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df), - TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8), - TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18), - TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a), - TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5), - TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa), - TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640), - TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670), - TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed), - TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)}, - {TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7), - TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e), - TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d), - TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef), - TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090), - TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124), - TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3), - TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad), - TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46), - TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505), - TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33), - TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1), - TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0), - TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec), - TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00), - TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695), - TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a), - TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1), - TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1), - TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604), - TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094), - TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33), - TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773), - TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20), - TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0), - TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc), - TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5), - TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846), - TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d), - TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9), - TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2), - TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342), - TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e), - TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f), - TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb), - TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8), - TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c), - TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef), - TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485), - TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799), - TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c), - TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a), - TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374), - TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2), - TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1), - TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f), - TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0), - TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98), - TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa), - TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe), - TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568), - TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6), - TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db), - TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39), - TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed), - TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a), - TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97), - TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe), - TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116), - TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192), - TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e), - TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201), - TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66), - TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11), - TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819), - TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709), - TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671), - TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1), - TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2), - TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a), - TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9), - TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84), - TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f), - TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a), - TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e), - TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a), - TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e), - TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0), - TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f), - TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf), - TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05), - TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596), - TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674), - TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25), - TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825), - TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e), - TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6), - TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5), - TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e), - TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de), - TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7), - TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf), - TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd), - TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad), - TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced), - TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178), - TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547), - TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96), - TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0), - TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98), - TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994), - TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa), - TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa), - TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81), - TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a), - TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148), - TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab), - TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80), - TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3), - TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb), - TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41), - TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa), - TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a), - TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a), - TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd), - TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831), - TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe), - TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6), - TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810), - TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a), - TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a), - TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054), - TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9), - TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4), - TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604), - TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb), - TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff), - TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb), - TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa), - TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d), - TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c), - TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef), - TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857), - TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a), - TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6), - TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35), - TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302), - TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe), - TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f), - TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa), - TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9), - TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a), - TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515), - TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4), - TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642), - TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf), - TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3), - TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac), - TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1), - TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196), - TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77), - TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f), - TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374), - TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6), - TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131), - TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001), - TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd), - TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115), - TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617), - TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b), - TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1), - TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a), - TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c), - TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7), - TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178), - TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770), - TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a), - TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e), - TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b), - TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f), - TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef), - TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686), - TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff), - TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee), - TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2), - TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1), - TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1), - TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7), - TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9), - TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046), - TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6), - TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5), - TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644), - TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197), - TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17), - TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253), - TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be), - TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188), - TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e), - TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf), - TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397), - TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2), - TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571), - TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1), - TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9), - TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa), - TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4), - TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb), - TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575), - TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b), - TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c), - TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af), - TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a), - TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f), - TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900), - TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958), - TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7), - TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5), - TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23), - TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051), - TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0), - TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8), - TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656), - TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4), - TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16), - TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9), - TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57), - TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0), - TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817), - TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490), - TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f), - TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6), - TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637), - TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0), - TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047), - TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44), - TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b), - TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445), - TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8), - TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503), - TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71), - TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d), - TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993), - TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47), - TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203), - TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd), - TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480), - TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733), - TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9), - TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3), - TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1), - TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce), - TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa), - TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd), - TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5), - TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358), - TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b), - TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8), - TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b), - TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562), - TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b), - TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef), - TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9), - TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3), - TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952), - TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636)}, - {TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00), - TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28), - TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949), - TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742), - TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34), - TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5), - TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc), - TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f), - TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7), - TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3), - TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c), - TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f), - TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a), - TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620), - TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa), - TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6), - TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7), - TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999), - TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c), - TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327), - TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f), - TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb), - TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d), - TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390), - TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590), - TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d), - TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8), - TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015), - TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4), - TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6), - TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3), - TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b), - TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319), - TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e), - TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3), - TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414), - TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5), - TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e), - TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a), - TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f), - TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107), - TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159), - TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567), - TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc), - TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1), - TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b), - TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f), - TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b), - TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176), - TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e), - TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547), - TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707), - TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e), - TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d), - TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909), - TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442), - TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65), - TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b), - TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90), - TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24), - TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc), - TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f), - TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35), - TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98), - TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6), - TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1), - TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182), - TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6), - TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351), - TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491), - TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e), - TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4), - TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688), - TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4), - TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc), - TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c), - TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c), - TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4), - TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e), - TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f), - TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381), - TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7), - TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150), - TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422), - TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391), - TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035), - TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe), - TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9), - TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8), - TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7), - TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c), - TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80), - TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d), - TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e), - TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9), - TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199), - TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7), - TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1), - TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829), - TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97), - TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133), - TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba), - TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139), - TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b), - TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53), - TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60), - TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff), - TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d), - TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6), - TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305), - TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249), - TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8), - TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93), - TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4), - TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f), - TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b), - TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142), - TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5), - TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e), - TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31), - TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452), - TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca), - TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289), - TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37), - TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182), - TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f), - TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d), - TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe), - TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa), - TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409), - TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a), - TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1), - TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b), - TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf), - TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215), - TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b), - TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca), - TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79), - TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1), - TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd), - TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0), - TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06), - TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6), - TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf), - TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd), - TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb), - TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683), - TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208), - TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3), - TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7), - TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db), - TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a), - TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109), - TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32), - TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25), - TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856), - TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b), - TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c), - TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac), - TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d), - TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f), - TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4), - TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1), - TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff), - TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09), - TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc), - TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781), - TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5), - TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502), - TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8), - TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123), - TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112), - TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd), - TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3), - TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770), - TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d), - TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729), - TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b), - TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f), - TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4), - TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f), - TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26), - TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9), - TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf), - TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6), - TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59), - TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce), - TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc), - TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249), - TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d), - TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f), - TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475), - TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b), - TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb), - TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103), - TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9), - TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97), - TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674), - TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46), - TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6), - TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8), - TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337), - TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8), - TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f), - TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96), - TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56), - TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639), - TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a), - TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf), - TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051), - TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab), - TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530), - TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f), - TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96), - TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff), - TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034), - TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076), - TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b), - TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071), - TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b), - TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7), - TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44), - TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9), - TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c), - TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2), - TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1), - TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b), - TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d), - TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576), - TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95), - TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c), - TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f), - TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758), - TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016), - TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3), - TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85), - TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da), - TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3), - TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e), - TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0), - TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d), - TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b), - TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f), - TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8), - TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2), - TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b), - TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe), - TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd), - TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb), - TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b), - TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a), - TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd), - TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d), - TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3), - TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a), - TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)}, - {TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d), - TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04), - TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d), - TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152), - TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7), - TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc), - TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42), - TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036), - TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e), - TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83), - TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d), - TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3), - TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed), - TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32), - TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b), - TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc), - TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747), - TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f), - TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99), - TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a), - TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc), - TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5), - TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed), - TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533), - TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1), - TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493), - TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549), - TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5), - TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04), - TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d), - TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e), - TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44), - TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5), - TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b), - TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92), - TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e), - TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61), - TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a), - TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b), - TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253), - TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f), - TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1), - TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347), - TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b), - TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7), - TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819), - TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e), - TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6), - TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4), - TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070), - TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b), - TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b), - TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016), - TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a), - TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790), - TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0), - TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371), - TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba), - TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256), - TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6), - TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4), - TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc), - TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0), - TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711), - TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8), - TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c), - TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b), - TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4), - TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a), - TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a), - TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b), - TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5), - TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1), - TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3), - TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe), - TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45), - TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc), - TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6), - TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97), - TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e), - TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5), - TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1), - TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe), - TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc), - TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb), - TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd), - TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b), - TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db), - TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb), - TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048), - TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2), - TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46), - TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b), - TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0), - TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550), - TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418), - TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282), - TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c), - TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc), - TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a), - TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f), - TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4), - TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf), - TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90), - TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe), - TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab), - TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea), - TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b), - TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64), - TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b), - TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae), - TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc), - TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2), - TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6), - TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8), - TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe), - TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0), - TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f), - TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0), - TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6), - TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953), - TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1), - TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4), - TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094), - TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab), - TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831), - TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5), - TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f), - TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5), - TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce), - TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381), - TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897), - TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301), - TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699), - TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20), - TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9), - TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2), - TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910), - TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a), - TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242), - TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f), - TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98), - TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0), - TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6), - TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0), - TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc), - TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7), - TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3), - TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d), - TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e), - TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5), - TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f), - TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d), - TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c), - TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123), - TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c), - TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b), - TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa), - TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524), - TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820), - TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654), - TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c), - TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6), - TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1), - TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32), - TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234), - TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f), - TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8), - TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48), - TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2), - TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e), - TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6), - TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca), - TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55), - TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c), - TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385), - TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a), - TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc), - TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc), - TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce), - TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842), - TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0), - TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce), - TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365), - TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159), - TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181), - TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4), - TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb), - TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a), - TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b), - TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495), - TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95), - TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085), - TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e), - TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049), - TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538), - TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268), - TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff), - TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea), - TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711), - TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975), - TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875), - TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766), - TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c), - TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1), - TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e), - TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a), - TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a), - TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b), - TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025), - TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35), - TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d), - TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603), - TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9), - TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31), - TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934), - TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11), - TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c), - TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3), - TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125), - TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe), - TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920), - TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603), - TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2), - TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28), - TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083), - TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3), - TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0), - TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7), - TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6), - TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608), - TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33), - TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5), - TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066), - TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9), - TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb), - TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937), - TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9), - TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f), - TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c), - TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981), - TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163), - TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95), - TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9), - TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a), - TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831), - TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c), - TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d), - TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb), - TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe), - TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc), - TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a), - TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284), - TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7), - TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84), - TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a)}, - {TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34), - TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda), - TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7), - TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997), - TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e), - TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448), - TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9), - TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368), - TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc), - TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb), - TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302), - TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106), - TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce), - TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f), - TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7), - TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d), - TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff), - TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc), - TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac), - TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e), - TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3), - TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f), - TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323), - TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591), - TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9), - TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186), - TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0), - TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71), - TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac), - TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff), - TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5), - TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444), - TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8), - TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a), - TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a), - TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e), - TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062), - TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027), - TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3), - TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01), - TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b), - TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef), - TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f), - TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51), - TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745), - TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6), - TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2), - TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310), - TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22), - TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7), - TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8), - TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b), - TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934), - TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7), - TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2), - TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74), - TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df), - TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a), - TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62), - TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9), - TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e), - TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047), - TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9), - TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f), - TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b), - TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d), - TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db), - TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7), - TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1), - TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c), - TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449), - TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9), - TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080), - TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a), - TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785), - TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c), - TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728), - TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6), - TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777), - TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98), - TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d), - TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a), - TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92), - TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6), - TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f), - TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32), - TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6), - TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8), - TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5), - TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267), - TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5), - TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98), - TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b), - TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d), - TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724), - TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232), - TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61), - TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f), - TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43), - TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026), - TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e), - TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383), - TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d), - TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b), - TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91), - TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d), - TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d), - TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e), - TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1), - TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46), - TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67), - TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c), - TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1), - TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741), - TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194), - TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988), - TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85), - TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046), - TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301), - TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb), - TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27), - TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c), - TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29), - TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa), - TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78), - TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75), - TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6), - TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670), - TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988), - TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b), - TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e), - TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2), - TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc), - TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29), - TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee), - TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e), - TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4), - TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89), - TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9), - TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2), - TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1), - TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2), - TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e), - TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6), - TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1), - TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965), - TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97), - TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02), - TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be), - TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b), - TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e), - TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92), - TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f), - TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53), - TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320), - TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433), - TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3), - TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d), - TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f), - TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055), - TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd), - TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9), - TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284), - TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492), - TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f), - TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490), - TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119), - TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba), - TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9), - TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783), - TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c), - TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb), - TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630), - TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce), - TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a), - TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e), - TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331), - TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab), - TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f), - TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b), - TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f), - TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607), - TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5), - TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108), - TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1), - TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb), - TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0), - TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf), - TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d), - TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546), - TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b), - TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d), - TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3), - TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061), - TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f), - TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd), - TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6), - TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1), - TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d), - TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47), - TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29), - TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354), - TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996), - TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528), - TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4), - TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd), - TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb), - TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae), - TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660), - TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9), - TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76), - TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732), - TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082), - TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98), - TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61), - TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3), - TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73), - TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7), - TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297), - TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927), - TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93), - TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396), - TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2), - TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d), - TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74), - TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76), - TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65), - TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4), - TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea), - TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003), - TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783), - TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018), - TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297), - TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc), - TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8), - TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143), - TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167), - TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f), - TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda), - TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664), - TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2), - TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b), - TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab), - TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4), - TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3), - TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2), - TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942), - TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f), - TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097), - TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c), - TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa), - TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360), - TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150), - TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007), - TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5), - TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)}, - {TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b), - TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab), - TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f), - TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55), - TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2), - TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df), - TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c), - TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf), - TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410), - TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7), - TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c), - TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca), - TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b), - TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d), - TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450), - TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515), - TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e), - TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284), - TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6), - TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8), - TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4), - TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd), - TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3), - TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8), - TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08), - TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de), - TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b), - TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2), - TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8), - TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb), - TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e), - TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef), - TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd), - TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2), - TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334), - TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a), - TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea), - TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875), - TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b), - TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216), - TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0), - TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243), - TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26), - TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202), - TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7), - TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8), - TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99), - TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4), - TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16), - TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619), - TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a), - TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0), - TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943), - TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463), - TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa), - TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544), - TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986), - TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97), - TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5), - TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd), - TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6), - TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe), - TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19), - TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4), - TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db), - TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e), - TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53), - TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51), - TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd), - TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191), - TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5), - TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01), - TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475), - TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d), - TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e), - TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f), - TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce), - TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38), - TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd), - TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d), - TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9), - TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50), - TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994), - TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d), - TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd), - TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5), - TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8), - TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209), - TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8), - TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a), - TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633), - TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62), - TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c), - TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6), - TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2), - TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42), - TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151), - TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51), - TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d), - TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9), - TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7), - TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4), - TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c), - TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b), - TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5), - TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc), - TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c), - TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18), - TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29), - TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d), - TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c), - TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4), - TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f), - TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec), - TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14), - TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65), - TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d), - TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5), - TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090), - TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef), - TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee), - TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2), - TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4), - TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b), - TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166), - TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007), - TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2), - TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe), - TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f), - TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce), - TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a), - TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71), - TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6), - TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421), - TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a), - TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f), - TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd), - TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03), - TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca), - TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b), - TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e), - TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702), - TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007), - TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447), - TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f), - TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1), - TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172), - TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48), - TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00), - TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361), - TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446), - TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41), - TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224), - TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d), - TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937), - TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273), - TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221), - TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1), - TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc), - TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c), - TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca), - TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5), - TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02), - TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c), - TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169), - TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f), - TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d), - TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252), - TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879), - TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3), - TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4), - TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d), - TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927), - TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af), - TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97), - TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79), - TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03), - TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f), - TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca), - TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc), - TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062), - TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13), - TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e), - TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693), - TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf), - TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8), - TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6), - TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a), - TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad), - TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281), - TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4), - TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa), - TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9), - TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2), - TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63), - TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781), - TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c), - TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7), - TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da), - TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99), - TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8), - TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9), - TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c), - TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21), - TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608), - TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2), - TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89), - TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5), - TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88), - TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262), - TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3), - TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e), - TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d), - TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649), - TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c), - TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac), - TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c), - TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca), - TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1), - TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd), - TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1), - TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c), - TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a), - TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757), - TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029), - TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015), - TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5), - TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51), - TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9), - TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07), - TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a), - TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650), - TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba), - TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839), - TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc), - TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc), - TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292), - TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6), - TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e), - TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9), - TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5), - TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01), - TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3), - TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96), - TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd), - TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec), - TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd), - TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf), - TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8), - TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c), - TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f), - TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf), - TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a), - TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d), - TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2), - TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)}, - {TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78), - TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a), - TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051), - TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39), - TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c), - TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452), - TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4), - TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b), - TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c), - TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14), - TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0), - TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270), - TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205), - TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb), - TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e), - TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3), - TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8), - TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb), - TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8), - TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd), - TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb), - TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3), - TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9), - TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b), - TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5), - TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2), - TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61), - TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5), - TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd), - TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9), - TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846), - TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7), - TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c), - TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf), - TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996), - TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47), - TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66), - TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0), - TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4), - TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36), - TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be), - TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad), - TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760), - TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74), - TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154), - TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb), - TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56), - TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a), - TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568), - TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c), - TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d), - TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385), - TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1), - TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081), - TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91), - TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa), - TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316), - TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47), - TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4), - TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345), - TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954), - TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126), - TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24), - TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394), - TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb), - TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9), - TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76), - TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e), - TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5), - TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb), - TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb), - TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be), - TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597), - TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1), - TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09), - TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f), - TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7), - TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e), - TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08), - TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c), - TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03), - TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6), - TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48), - TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745), - TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082), - TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5), - TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f), - TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5), - TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947), - TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539), - TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a), - TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002), - TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb), - TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948), - TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73), - TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e), - TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647), - TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5), - TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490), - TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f), - TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea), - TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3), - TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e), - TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516), - TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e), - TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc), - TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d), - TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604), - TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b), - TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2), - TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2), - TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e), - TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290), - TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4), - TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638), - TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa), - TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307), - TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac), - TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8), - TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8), - TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2), - TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9), - TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095), - TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9), - TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2), - TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849), - TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e), - TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638), - TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506), - TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb), - TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d), - TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4), - TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14), - TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34), - TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10), - TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9), - TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79), - TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b), - TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57), - TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca), - TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb), - TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4), - TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591), - TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f), - TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6), - TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d), - TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d), - TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a), - TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1), - TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706), - TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055), - TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3), - TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810), - TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4), - TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762), - TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96), - TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655), - TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6), - TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f), - TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878), - TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9), - TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b), - TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21), - TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982), - TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13), - TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd), - TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7), - TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0), - TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea), - TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355), - TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901), - TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac), - TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965), - TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436), - TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315), - TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef), - TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a), - TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6), - TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0), - TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4), - TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0), - TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af), - TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271), - TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a), - TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5), - TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364), - TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b), - TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5), - TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66), - TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea), - TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726), - TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4), - TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d), - TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984), - TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc), - TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d), - TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7), - TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2), - TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10), - TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28), - TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b), - TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5), - TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33), - TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c), - TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810), - TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68), - TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e), - TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125), - TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f), - TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3), - TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979), - TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba), - TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c), - TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e), - TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737), - TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e), - TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525), - TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c), - TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64), - TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5), - TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d), - TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77), - TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85), - TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5), - TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e), - TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946), - TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498), - TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1), - TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477), - TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c), - TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642), - TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224), - TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3), - TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017), - TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421), - TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6), - TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319), - TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e), - TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc), - TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205), - TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402), - TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808), - TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff), - TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2), - TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1), - TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199), - TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51), - TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418), - TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145), - TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496), - TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a), - TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d), - TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c), - TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b), - TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2), - TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)}, - {TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6), - TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1), - TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866), - TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5), - TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760), - TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d), - TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251), - TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8), - TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8), - TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a), - TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a), - TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954), - TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915), - TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911), - TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc), - TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a), - TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49), - TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a), - TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11), - TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3), - TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593), - TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5), - TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83), - TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698), - TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729), - TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0), - TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e), - TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c), - TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982), - TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509), - TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268), - TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b), - TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf), - TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f), - TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295), - TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585), - TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d), - TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d), - TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db), - TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8), - TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823), - TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690), - TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec), - TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3), - TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217), - TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f), - TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074), - TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c), - TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511), - TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649), - TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0), - TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70), - TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea), - TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35), - TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686), - TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840), - TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7), - TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9), - TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a), - TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86), - TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53), - TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd), - TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190), - TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a), - TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683), - TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc), - TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524), - TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66), - TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5), - TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac), - TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766), - TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1), - TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1), - TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea), - TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2), - TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d), - TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e), - TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b), - TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261), - TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83), - TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02), - TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920), - TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540), - TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38), - TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17), - TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad), - TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e), - TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2), - TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08), - TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2), - TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b), - TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424), - TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99), - TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6), - TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453), - TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e), - TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6), - TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6), - TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea), - TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930), - TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272), - TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf), - TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1), - TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0), - TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af), - TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c), - TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e), - TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e), - TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82), - TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e), - TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c), - TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54), - TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f), - TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b), - TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369), - TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c), - TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b), - TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df), - TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af), - TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a), - TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469), - TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f), - TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f), - TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462), - TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca), - TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555), - TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204), - TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a), - TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8), - TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758), - TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5), - TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455), - TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972), - TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e), - TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd), - TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e), - TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9), - TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25), - TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d), - TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11), - TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31), - TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53), - TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44), - TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802), - TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71), - TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362), - TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c), - TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef), - TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320), - TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3), - TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6), - TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830), - TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432), - TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73), - TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49), - TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008), - TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57), - TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8), - TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065), - TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c), - TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89), - TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e), - TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6), - TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3), - TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b), - TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212), - TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78), - TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057), - TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316), - TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391), - TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd), - TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7), - TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392), - TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb), - TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69), - TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe), - TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154), - TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23), - TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149), - TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732), - TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0), - TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2), - TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95), - TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04), - TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599), - TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0), - TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696), - TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab), - TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d), - TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d), - TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1), - TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1), - TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4), - TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974), - TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0), - TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a), - TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf), - TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b), - TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9), - TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851), - TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a), - TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051), - TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78), - TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e), - TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5), - TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc), - TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a), - TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd), - TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453), - TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2), - TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6), - TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f), - TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7), - TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1), - TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f), - TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1), - TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c), - TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a), - TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9), - TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8), - TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169), - TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2), - TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452), - TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0), - TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8), - TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4), - TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93), - TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d), - TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7), - TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b), - TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c), - TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f), - TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7), - TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9), - TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96), - TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b), - TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c), - TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5), - TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c), - TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9), - TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0), - TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183), - TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e), - TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e), - TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76), - TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b), - TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167), - TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12), - TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6), - TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a), - TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963), - TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92), - TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235), - TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a), - TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d), - TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494)}, - {TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65), - TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860), - TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f), - TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50), - TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d), - TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6), - TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d), - TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee), - TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5), - TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca), - TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2), - TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf), - TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867), - TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6), - TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65), - TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe), - TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976), - TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3), - TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837), - TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1), - TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4), - TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6), - TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae), - TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4), - TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624), - TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c), - TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6), - TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f), - TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f), - TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d), - TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a), - TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011), - TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0), - TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854), - TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459), - TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3), - TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f), - TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c), - TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941), - TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe), - TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6), - TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c), - TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919), - TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce), - TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860), - TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa), - TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073), - TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd), - TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2), - TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a), - TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91), - TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615), - TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270), - TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f), - TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664), - TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d), - TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e), - TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a), - TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77), - TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32), - TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e), - TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c), - TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e), - TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517), - TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be), - TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664), - TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a), - TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700), - TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9), - TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152), - TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a), - TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb), - TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b), - TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db), - TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85), - TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad), - TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab), - TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662), - TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f), - TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02), - TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22), - TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e), - TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5), - TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70), - TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8), - TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993), - TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0), - TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c), - TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c), - TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682), - TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85), - TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb), - TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b), - TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef), - TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1), - TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59), - TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26), - TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e), - TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296), - TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb), - TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5), - TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d), - TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47), - TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87), - TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75), - TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130), - TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769), - TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5), - TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb), - TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5), - TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c), - TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed), - TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496), - TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7), - TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936), - TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e), - TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2), - TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d), - TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670), - TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade), - TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f), - TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252), - TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336), - TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597), - TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf), - TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11), - TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3), - TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7), - TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c), - TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4), - TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e), - TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075), - TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05), - TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493), - TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a), - TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6), - TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a), - TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1), - TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d), - TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc), - TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15), - TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77), - TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11), - TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9), - TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef), - TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f), - TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759), - TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0), - TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf), - TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee), - TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455), - TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408), - TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e), - TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954), - TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec), - TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626), - TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35), - TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c), - TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c), - TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e), - TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d), - TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80), - TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849), - TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11), - TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d), - TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47), - TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1), - TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4), - TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448), - TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9), - TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286), - TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f), - TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4), - TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521), - TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c), - TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4), - TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433), - TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8), - TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d), - TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092), - TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2), - TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7), - TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524), - TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71), - TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8), - TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816), - TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8), - TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c), - TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b), - TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b), - TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a), - TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063), - TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89), - TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb), - TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084), - TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef), - TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4), - TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab), - TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca), - TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0), - TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c), - TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675), - TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c), - TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014), - TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2), - TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52), - TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f), - TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964), - TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a), - TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed), - TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e), - TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1), - TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6), - TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c), - TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681), - TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f), - TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789), - TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885), - TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895), - TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e), - TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52), - TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8), - TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939), - TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6), - TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba), - TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04), - TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741), - TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb), - TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7), - TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4), - TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe), - TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b), - TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a), - TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480), - TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4), - TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c), - TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5), - TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08), - TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74), - TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4), - TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb), - TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a), - TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5), - TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816), - TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5), - TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5), - TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89), - TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b), - TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de), - TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d), - TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e), - TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b), - TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06), - TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d), - TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc), - TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b)}, - {TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5), - TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d), - TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e), - TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798), - TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1), - TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee), - TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153), - TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8), - TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83), - TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7), - TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae), - TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658), - TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704), - TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8), - TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6), - TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac), - TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84), - TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4), - TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b), - TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a), - TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f), - TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c), - TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59), - TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31), - TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6), - TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69), - TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723), - TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879), - TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0), - TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c), - TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca), - TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6), - TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f), - TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755), - TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9), - TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926), - TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2), - TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2), - TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7), - TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08), - TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c), - TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99), - TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4), - TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f), - TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144), - TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b), - TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5), - TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128), - TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08), - TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4), - TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9), - TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f), - TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de), - TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889), - TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca), - TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131), - TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6), - TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8), - TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120), - TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77), - TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82), - TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee), - TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6), - TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad), - TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5), - TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948), - TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc), - TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff), - TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a), - TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e), - TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62), - TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1), - TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45), - TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916), - TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd), - TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d), - TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015), - TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7), - TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5), - TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8), - TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8), - TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4), - TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666), - TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7), - TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21), - TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78), - TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066), - TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0), - TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7), - TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25), - TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686), - TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776), - TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5), - TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada), - TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99), - TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66), - TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2), - TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3), - TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2), - TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148), - TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd), - TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8), - TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a), - TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00), - TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02), - TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac), - TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb), - TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52), - TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027), - TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689), - TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac), - TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8), - TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18), - TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66), - TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff), - TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a), - TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513), - TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67), - TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822), - TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2), - TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24), - TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d), - TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4), - TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147), - TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18), - TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351), - TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694), - TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e), - TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301), - TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21), - TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c), - TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a), - TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1), - TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e), - TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d), - TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887), - TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a), - TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291), - TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9), - TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286), - TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff), - TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb), - TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce), - TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af), - TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463), - TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5), - TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3), - TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6), - TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2), - TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab), - TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d), - TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d), - TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4), - TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033), - TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226), - TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46), - TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997), - TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb), - TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f), - TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78), - TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8), - TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e), - TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506), - TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466), - TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b), - TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7), - TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40), - TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768), - TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b), - TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f), - TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071), - TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7), - TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae), - TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03), - TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b), - TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168), - TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49), - TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922), - TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e), - TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c), - TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547), - TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451), - TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c), - TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f), - TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754), - TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171), - TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e), - TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c), - TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8), - TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03), - TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6), - TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7), - TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375), - TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0), - TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911), - TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09), - TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7), - TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c), - TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64), - TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0), - TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416), - TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9), - TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791), - TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7), - TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877), - TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035), - TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79), - TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090), - TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622), - TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb), - TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe), - TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98), - TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10), - TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140), - TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166), - TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2), - TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b), - TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7), - TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380), - TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c), - TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c), - TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe), - TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2), - TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707), - TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0), - TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7), - TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6), - TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9), - TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db), - TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3), - TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d), - TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1), - TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149), - TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51), - TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28), - TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558), - TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e), - TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43), - TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b), - TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48), - TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6), - TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8), - TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c), - TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657), - TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55), - TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a), - TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d), - TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f), - TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d), - TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24), - TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c), - TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048), - TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43), - TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7), - TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b), - TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699)}, - {TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98), - TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021), - TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d), - TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3), - TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34), - TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da), - TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc), - TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4), - TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd), - TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc), - TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1), - TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952), - TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805), - TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19), - TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c), - TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655), - TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c), - TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69), - TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461), - TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4), - TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087), - TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268), - TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9), - TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e), - TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458), - TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb), - TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e), - TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446), - TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d), - TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637), - TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87), - TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5), - TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3), - TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2), - TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432), - TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24), - TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d), - TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c), - TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973), - TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b), - TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679), - TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873), - TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70), - TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a), - TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a), - TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1), - TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0), - TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d), - TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545), - TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13), - TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8), - TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684), - TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff), - TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161), - TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d), - TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1), - TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575), - TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b), - TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5), - TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e), - TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25), - TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca), - TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0), - TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8), - TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98), - TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da), - TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc), - TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a), - TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd), - TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc), - TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4), - TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253), - TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4), - TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7), - TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6), - TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8), - TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d), - TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c), - TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255), - TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce), - TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a), - TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc), - TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f), - TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6), - TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70), - TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1), - TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f), - TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f), - TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79), - TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472), - TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a), - TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2), - TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa), - TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656), - TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec), - TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa), - TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44), - TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8), - TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4), - TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a), - TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a), - TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d), - TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0), - TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f), - TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110), - TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1), - TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547), - TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351), - TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f), - TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef), - TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb), - TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced), - TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb), - TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4), - TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b), - TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c), - TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9), - TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32), - TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768), - TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6), - TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930), - TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38), - TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80), - TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634), - TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681), - TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3), - TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b), - TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a), - TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7), - TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb), - TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79), - TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c), - TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2), - TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b), - TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0), - TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718), - TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381), - TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d), - TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71), - TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b), - TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41), - TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a), - TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99), - TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636), - TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49), - TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce), - TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1), - TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049), - TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541), - TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb), - TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0), - TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40), - TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e), - TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086), - TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed), - TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34), - TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342), - TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51), - TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f), - TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3), - TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f), - TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60), - TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f), - TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4), - TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a), - TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2), - TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c), - TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8), - TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b), - TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247), - TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d), - TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c), - TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10), - TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0), - TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d), - TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a), - TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2), - TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097), - TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae), - TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc), - TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc), - TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58), - TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c), - TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141), - TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9), - TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8), - TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62), - TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9), - TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df), - TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5), - TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b), - TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535), - TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd), - TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112), - TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec), - TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe), - TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361), - TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77), - TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e), - TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e), - TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429), - TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc), - TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f), - TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e), - TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372), - TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332), - TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4), - TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29), - TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5), - TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04), - TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f), - TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc), - TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39), - TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29), - TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb), - TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04), - TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7), - TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61), - TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e), - TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961), - TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6), - TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc), - TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e), - TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af), - TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f), - TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab), - TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9), - TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204), - TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e), - TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2), - TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c), - TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03), - TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98), - TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42), - TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8), - TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43), - TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8), - TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86), - TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d), - TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79), - TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404), - TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9), - TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314), - TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5), - TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae), - TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357), - TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d), - TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477), - TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7), - TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80), - TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d), - TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527), - TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da), - TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad), - TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17), - TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25)}, - {TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58), - TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85), - TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e), - TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a), - TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc), - TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3), - TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2), - TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8), - TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2), - TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe), - TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d), - TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53), - TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be), - TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336), - TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933), - TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f), - TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe), - TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc), - TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326), - TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272), - TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e), - TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f), - TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c), - TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7), - TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9), - TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918), - TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457), - TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60), - TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44), - TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a), - TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017), - TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7), - TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03), - TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef), - TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1), - TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a), - TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b), - TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947), - TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b), - TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa), - TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599), - TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1), - TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492), - TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df), - TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556), - TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2), - TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f), - TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31), - TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0), - TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e), - TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6), - TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195), - TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f), - TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15), - TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4), - TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff), - TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1), - TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c), - TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9), - TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc), - TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0), - TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1), - TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8), - TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4), - TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5), - TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a), - TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0), - TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca), - TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f), - TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b), - TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37), - TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc), - TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1), - TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613), - TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6), - TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8), - TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc), - TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984), - TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18), - TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a), - TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895), - TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5), - TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d), - TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33), - TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44), - TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b), - TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7), - TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120), - TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b), - TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9), - TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a), - TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504), - TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801), - TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2), - TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e), - TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216), - TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924), - TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169), - TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8), - TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a), - TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0), - TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd), - TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8), - TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7), - TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c), - TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7), - TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556), - TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb), - TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091), - TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749), - TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6), - TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722), - TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1), - TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce), - TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863), - TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1), - TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5), - TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836), - TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf), - TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825), - TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99), - TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e), - TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3), - TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6), - TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7), - TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5), - TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99), - TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03), - TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f), - TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5), - TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516), - TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9), - TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f), - TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235), - TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674), - TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e), - TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf), - TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05), - TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748), - TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e), - TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d), - TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c), - TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601), - TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca), - TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f), - TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f), - TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf), - TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a), - TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564), - TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6), - TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695), - TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46), - TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e), - TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15), - TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955), - TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c), - TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154), - TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29), - TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840), - TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb), - TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451), - TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e), - TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece), - TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a), - TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c), - TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364), - TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8), - TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63), - TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35), - TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6), - TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d), - TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a), - TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f), - TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391), - TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230), - TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0), - TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8), - TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d), - TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801), - TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b), - TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b), - TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5), - TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009), - TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0), - TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427), - TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d), - TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840), - TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134), - TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0), - TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390), - TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9), - TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3), - TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d), - TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7), - TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d), - TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb), - TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1), - TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326), - TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d), - TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89), - TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90), - TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec), - TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df), - TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf), - TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2), - TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75), - TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e), - TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016), - TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd), - TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719), - TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700), - TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638), - TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50), - TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58), - TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0), - TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb), - TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef), - TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257), - TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a), - TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0), - TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609), - TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2), - TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6), - TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce), - TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f), - TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319), - TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb), - TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5), - TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed), - TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b), - TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2), - TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b), - TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25), - TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624), - TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79), - TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd), - TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b), - TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d), - TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442), - TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e), - TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5), - TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19), - TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57), - TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc), - TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f), - TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3), - TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0), - TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce), - TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1), - TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672), - TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d), - TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba), - TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97), - TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69), - TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81), - TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328)}, - {TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd), - TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5), - TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af), - TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82), - TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a), - TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3), - TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d), - TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755), - TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638), - TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f), - TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1), - TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23), - TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2), - TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4), - TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105), - TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329), - TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a), - TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897), - TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57), - TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2), - TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49), - TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69), - TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2), - TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3), - TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817), - TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164), - TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263), - TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32), - TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a), - TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f), - TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1), - TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94), - TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558), - TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9), - TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22), - TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f), - TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f), - TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b), - TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7), - TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0), - TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752), - TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf), - TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d), - TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6), - TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5), - TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58), - TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177), - TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477), - TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4), - TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6), - TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54), - TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c), - TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b), - TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b), - TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c), - TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4), - TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f), - TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e), - TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487), - TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a), - TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658), - TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6), - TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803), - TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f), - TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8), - TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893), - TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f), - TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7), - TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0), - TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794), - TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e), - TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee), - TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c), - TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989), - TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b), - TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84), - TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946), - TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc), - TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae), - TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb), - TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038), - TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0), - TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6), - TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba), - TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6), - TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25), - TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4), - TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8), - TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4), - TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d), - TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5), - TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b), - TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d), - TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8), - TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6), - TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae), - TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc), - TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40), - TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95), - TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913), - TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88), - TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e), - TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034), - TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334), - TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397), - TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2), - TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0), - TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd), - TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10), - TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8), - TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62), - TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8), - TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b), - TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075), - TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e), - TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312), - TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e), - TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d), - TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb), - TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a), - TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261), - TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d), - TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb), - TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c), - TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5), - TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0), - TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee), - TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28), - TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173), - TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f), - TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01), - TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40), - TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d), - TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5), - TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1), - TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574), - TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979), - TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d), - TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7), - TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d), - TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b), - TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638), - TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36), - TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a), - TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253), - TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467), - TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94), - TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311), - TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1), - TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea), - TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6), - TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a), - TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac), - TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d), - TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354), - TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9), - TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4), - TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b), - TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94), - TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074), - TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f), - TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60), - TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690), - TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431), - TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd), - TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e), - TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e), - TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828), - TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d), - TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe), - TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345), - TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d), - TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6), - TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8), - TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c), - TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d), - TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2), - TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126), - TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395), - TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64), - TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57), - TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9), - TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789), - TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7), - TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5), - TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced), - TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96), - TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554), - TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84), - TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0), - TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88), - TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0), - TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d), - TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9), - TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32), - TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351), - TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260), - TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8), - TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490), - TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d), - TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6), - TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec), - TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627), - TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed), - TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45), - TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1), - TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048), - TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597), - TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556), - TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577), - TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5), - TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094), - TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1), - TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f), - TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96), - TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56), - TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236), - TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2), - TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0), - TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a), - TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228), - TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa), - TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e), - TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48), - TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5), - TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77), - TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f), - TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e), - TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74), - TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a), - TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069), - TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436), - TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6), - TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd), - TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999), - TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9), - TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829), - TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8), - TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df), - TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae), - TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7), - TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70), - TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b), - TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f), - TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9), - TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7), - TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb), - TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6), - TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63), - TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da), - TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b), - TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79), - TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e), - TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860), - TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b), - TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745)}, - {TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d), - TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea), - TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151), - TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98), - TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e), - TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f), - TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260), - TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b), - TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371), - TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee), - TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3), - TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25), - TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df), - TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5), - TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27), - TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644), - TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d), - TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8), - TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5), - TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248), - TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f), - TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46), - TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6), - TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609), - TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd), - TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848), - TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb), - TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6), - TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863), - TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e), - TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456), - TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276), - TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077), - TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875), - TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481), - TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9), - TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19), - TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60), - TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995), - TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508), - TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e), - TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a), - TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803), - TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1), - TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d), - TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842), - TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e), - TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837), - TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5), - TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442), - TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca), - TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf), - TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5), - TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3), - TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6), - TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186), - TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa), - TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415), - TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115), - TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9), - TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9), - TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907), - TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f), - TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df), - TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826), - TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69), - TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48), - TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8), - TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02), - TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846), - TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4), - TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3), - TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9), - TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c), - TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac), - TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188), - TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262), - TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2), - TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971), - TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f), - TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b), - TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21), - TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41), - TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1), - TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57), - TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931), - TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc), - TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033), - TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180), - TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894), - TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c), - TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15), - TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a), - TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31), - TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186), - TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795), - TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9), - TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024), - TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d), - TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259), - TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc), - TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e), - TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8), - TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7), - TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4), - TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39), - TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190), - TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b), - TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b), - TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab), - TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790), - TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2), - TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7), - TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a), - TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854), - TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848), - TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1), - TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9), - TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd), - TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476), - TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3), - TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2), - TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d), - TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb), - TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77), - TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b), - TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3), - TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0), - TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b), - TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d), - TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8), - TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31), - TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b), - TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b), - TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb), - TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4), - TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641), - TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055), - TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5), - TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727), - TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e), - TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3), - TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55), - TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74), - TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7), - TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36), - TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369), - TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d), - TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8), - TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2), - TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26), - TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e), - TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366), - TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865), - TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf), - TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2), - TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923), - TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2), - TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1), - TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3), - TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863), - TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017), - TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e), - TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529), - TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac), - TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08), - TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475), - TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea), - TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd), - TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de), - TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a), - TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef), - TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58), - TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815), - TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4), - TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff), - TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc), - TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583), - TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe), - TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e), - TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9), - TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507), - TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0), - TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d), - TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997), - TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536), - TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680), - TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda), - TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b), - TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12), - TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d), - TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e), - TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a), - TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154), - TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b), - TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef), - TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e), - TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f), - TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2), - TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094), - TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5), - TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b), - TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a), - TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594), - TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d), - TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223), - TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06), - TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40), - TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd), - TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8), - TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249), - TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd), - TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1), - TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e), - TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e), - TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93), - TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42), - TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5), - TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60), - TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf), - TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f), - TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557), - TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8), - TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8), - TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99), - TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c), - TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd), - TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56), - TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd), - TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e), - TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d), - TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929), - TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660), - TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329), - TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299), - TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8), - TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf), - TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7), - TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27), - TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120), - TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939), - TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4), - TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880), - TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120), - TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546), - TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b), - TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27), - TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3), - TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36), - TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1), - TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142), - TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66), - TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd), - TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6), - TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366), - TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83)}, - {TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b), - TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325), - TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707), - TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174), - TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4), - TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea), - TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3), - TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad), - TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e), - TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9), - TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98), - TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9), - TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b), - TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394), - TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9), - TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0), - TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173), - TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb), - TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394), - TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7), - TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442), - TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b), - TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127), - TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35), - TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb), - TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b), - TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c), - TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c), - TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f), - TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7), - TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac), - TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818), - TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc), - TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a), - TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc), - TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0), - TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93), - TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de), - TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee), - TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7), - TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea), - TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9), - TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b), - TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5), - TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2), - TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe), - TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635), - TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2), - TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341), - TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b), - TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43), - TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27), - TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356), - TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b), - TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6), - TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714), - TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9), - TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc), - TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b), - TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f), - TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5), - TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f), - TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341), - TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7), - TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd), - TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf), - TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c), - TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa), - TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0), - TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd), - TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586), - TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817), - TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37), - TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51), - TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0), - TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c), - TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a), - TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b), - TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f), - TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f), - TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2), - TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1), - TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3), - TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50), - TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92), - TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca), - TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63), - TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8), - TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f), - TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f), - TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4), - TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0), - TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645), - TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed), - TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba), - TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2), - TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f), - TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933), - TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d), - TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063), - TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8), - TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8), - TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df), - TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff), - TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef), - TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d), - TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a), - TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938), - TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6), - TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92), - TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda), - TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65), - TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f), - TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4), - TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf), - TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87), - TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458), - TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d), - TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5), - TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469), - TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41), - TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee), - TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f), - TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3), - TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f), - TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2), - TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069), - TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5), - TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b), - TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047), - TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f), - TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f), - TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7), - TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0), - TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d), - TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4), - TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f), - TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472), - TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c), - TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2), - TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32), - TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a), - TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080), - TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8), - TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce), - TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796), - TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79), - TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b), - TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106), - TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433), - TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102), - TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b), - TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02), - TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f), - TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34), - TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724), - TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f), - TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd), - TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a), - TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc), - TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2), - TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a), - TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a), - TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f), - TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237), - TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9), - TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd), - TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62), - TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87), - TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd), - TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6), - TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f), - TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7), - TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886), - TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea), - TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a), - TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35), - TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db), - TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b), - TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7), - TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72), - TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25), - TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61), - TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d), - TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068), - TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53), - TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632), - TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f), - TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387), - TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e), - TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067), - TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f), - TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9), - TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c), - TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d), - TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748), - TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135), - TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631), - TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a), - TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d), - TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8), - TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad), - TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b), - TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0), - TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51), - TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05), - TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb), - TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c), - TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce), - TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9), - TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf), - TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1), - TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8), - TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624), - TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6), - TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4), - TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde), - TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13), - TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee), - TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710), - TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3), - TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100), - TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a), - TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d), - TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c), - TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df), - TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093), - TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6), - TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4), - TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2), - TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11), - TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c), - TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab), - TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c), - TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400), - TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79), - TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4), - TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d), - TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8), - TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930), - TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7), - TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303), - TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e), - TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade), - TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b), - TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b), - TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927), - TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20), - TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd), - TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6), - TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288), - TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e), - TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8), - TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d), - TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362), - TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b)}, - {TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2), - TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400), - TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e), - TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9), - TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7), - TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e), - TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a), - TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab), - TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e), - TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d), - TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1), - TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e), - TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07), - TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325), - TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386), - TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8), - TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90), - TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df), - TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64), - TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286), - TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04), - TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069), - TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf), - TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708), - TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299), - TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6), - TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32), - TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671), - TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370), - TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3), - TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103), - TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d), - TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea), - TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe), - TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b), - TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913), - TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a), - TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb), - TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e), - TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6), - TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a), - TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613), - TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129), - TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3), - TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026), - TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac), - TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7), - TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317), - TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5), - TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3), - TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a), - TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac), - TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed), - TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613), - TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16), - TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61), - TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992), - TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2), - TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e), - TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10), - TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd), - TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064), - TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2), - TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d), - TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57), - TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a), - TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21), - TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a), - TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580), - TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3), - TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f), - TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4), - TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311), - TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47), - TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f), - TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48), - TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06), - TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1), - TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2), - TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1), - TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2), - TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836), - TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686), - TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9), - TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4), - TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555), - TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f), - TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79), - TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905), - TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f), - TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8), - TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a), - TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269), - TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b), - TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22), - TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809), - TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a), - TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87), - TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36), - TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a), - TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf), - TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea), - TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10), - TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365), - TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127), - TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d), - TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299), - TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c), - TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1), - TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c), - TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8), - TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd), - TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd), - TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd), - TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27), - TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97), - TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb), - TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a), - TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43), - TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be), - TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09), - TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468), - TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1), - TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448), - TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5), - TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069), - TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9), - TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6), - TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3), - TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a), - TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4), - TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66), - TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d), - TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00), - TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4), - TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8), - TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586), - TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f), - TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8), - TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce), - TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141), - TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083), - TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1), - TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c), - TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc), - TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be), - TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3), - TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19), - TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d), - TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079), - TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d), - TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5), - TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868), - TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d), - TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80), - TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944), - TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137), - TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801), - TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c), - TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02), - TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e), - TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e), - TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681), - TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa), - TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98), - TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2), - TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92), - TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7), - TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5), - TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2), - TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef), - TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8), - TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a), - TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d), - TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f), - TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f), - TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220), - TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056), - TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28), - TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b), - TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a), - TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0), - TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54), - TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86), - TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f), - TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6), - TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751), - TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec), - TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654), - TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149), - TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3), - TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1), - TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae), - TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5), - TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062), - TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef), - TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f), - TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1), - TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c), - TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d), - TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373), - TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76), - TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a), - TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d), - TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0), - TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057), - TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24), - TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3), - TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922), - TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a), - TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4), - TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382), - TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318), - TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685), - TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a), - TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c), - TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d), - TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac), - TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc), - TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92), - TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b), - TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794), - TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38), - TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48), - TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791), - TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616), - TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f), - TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802), - TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb), - TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3), - TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5), - TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c), - TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb), - TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68), - TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157), - TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856), - TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783), - TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05), - TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd), - TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f), - TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e), - TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614), - TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d), - TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff), - TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004), - TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5), - TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1), - TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7), - TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993), - TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233), - TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552), - TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19), - TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8), - TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054), - TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3), - TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74)}, - {TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c), - TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f), - TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a), - TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1), - TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa), - TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068), - TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399), - TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2), - TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240), - TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd), - TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242), - TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de), - TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3), - TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6), - TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1), - TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234), - TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a), - TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52), - TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62), - TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9), - TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21), - TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00), - TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab), - TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c), - TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5), - TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863), - TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7), - TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87), - TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6), - TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3), - TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501), - TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b), - TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6), - TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52), - TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d), - TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd), - TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf), - TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e), - TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac), - TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0), - TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c), - TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d), - TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6), - TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6), - TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9), - TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e), - TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc), - TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d), - TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10), - TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9), - TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9), - TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499), - TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947), - TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f), - TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571), - TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369), - TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566), - TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5), - TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324), - TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3), - TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd), - TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969), - TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1), - TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c), - TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332), - TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8), - TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33), - TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7), - TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48), - TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f), - TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2), - TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b), - TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636), - TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5), - TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b), - TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc), - TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f), - TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c), - TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f), - TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116), - TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14), - TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289), - TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09), - TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388), - TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed), - TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e), - TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04), - TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b), - TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909), - TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c), - TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f), - TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480), - TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680), - TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9), - TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d), - TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21), - TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850), - TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc), - TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842), - TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc), - TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427), - TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b), - TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45), - TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130), - TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa), - TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692), - TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf), - TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b), - TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5), - TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a), - TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c), - TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156), - TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f), - TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b), - TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0), - TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5), - TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669), - TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc), - TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee), - TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b), - TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8), - TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8), - TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48), - TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841), - TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4), - TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad), - TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd), - TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443), - TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96), - TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb), - TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b), - TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d), - TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727), - TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff), - TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f), - TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf), - TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556), - TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361), - TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa), - TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140), - TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978), - TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e), - TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50), - TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e), - TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6), - TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0), - TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648), - TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174), - TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5), - TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc), - TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d), - TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914), - TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d), - TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb), - TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e), - TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17), - TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0), - TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f), - TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34), - TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366), - TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f), - TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178), - TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976), - TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932), - TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914), - TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a), - TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09), - TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6), - TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430), - TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450), - TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23), - TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481), - TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517), - TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932), - TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a), - TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853), - TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e), - TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b), - TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40), - TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494), - TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b), - TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c), - TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d), - TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135), - TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69), - TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd), - TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d), - TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0), - TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c), - TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e), - TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1), - TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f), - TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c), - TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab), - TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a), - TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f), - TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c), - TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80), - TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba), - TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599), - TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297), - TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c), - TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f), - TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54), - TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38), - TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d), - TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c), - TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a), - TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165), - TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8), - TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86), - TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038), - TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177), - TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b), - TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb), - TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0), - TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475), - TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3), - TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37), - TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a), - TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649), - TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d), - TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf), - TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9), - TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac), - TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a), - TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224), - TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3), - TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b), - TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe), - TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff), - TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353), - TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906), - TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743), - TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27), - TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd), - TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda), - TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2), - TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288), - TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a), - TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74), - TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710), - TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf), - TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5), - TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611), - TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10), - TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6), - TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29), - TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86), - TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279), - TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4), - TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318), - TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc), - TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc), - TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3), - TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762)}, - {TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f), - TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61), - TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20), - TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc), - TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235), - TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7), - TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60), - TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152), - TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e), - TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093), - TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8), - TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28), - TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573), - TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e), - TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16), - TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5), - TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3), - TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d), - TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6), - TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0), - TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6), - TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965), - TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123), - TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d), - TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7), - TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3), - TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d), - TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07), - TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a), - TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b), - TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f), - TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1), - TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce), - TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217), - TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d), - TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6), - TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6), - TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884), - TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682), - TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b), - TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2), - TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6), - TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4), - TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc), - TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680), - TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2), - TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142), - TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea), - TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6), - TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529), - TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925), - TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3), - TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10), - TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3), - TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6), - TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a), - TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b), - TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d), - TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05), - TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba), - TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65), - TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3), - TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3), - TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0), - TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118), - TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214), - TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b), - TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5), - TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f), - TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21), - TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb), - TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3), - TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab), - TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f), - TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1), - TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8), - TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3), - TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e), - TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0), - TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225), - TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41), - TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9), - TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad), - TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507), - TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb), - TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628), - TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b), - TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c), - TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039), - TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211), - TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005), - TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c), - TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36), - TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3), - TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371), - TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6), - TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795), - TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2), - TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a), - TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16), - TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584), - TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8), - TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b), - TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5), - TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c), - TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7), - TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee), - TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93), - TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699), - TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60), - TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e), - TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43), - TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a), - TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e), - TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1), - TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52), - TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd), - TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924), - TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4), - TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7), - TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0), - TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab), - TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08), - TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c), - TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3), - TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288), - TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f), - TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b), - TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646), - TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c), - TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda), - TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2), - TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df), - TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c), - TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df), - TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa), - TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348), - TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e), - TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59), - TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e), - TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c), - TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917), - TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357), - TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e), - TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5), - TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4), - TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f), - TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa), - TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357), - TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1), - TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805), - TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804), - TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d), - TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7), - TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a), - TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784), - TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310), - TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74), - TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51), - TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63), - TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559), - TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4), - TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a), - TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80), - TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca), - TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182), - TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860), - TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f), - TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70), - TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5), - TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd), - TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790), - TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4), - TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa), - TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685), - TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810), - TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5), - TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92), - TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21), - TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41), - TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe), - TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08), - TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1), - TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c), - TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47), - TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7), - TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a), - TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6), - TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e), - TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2), - TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b), - TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67), - TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca), - TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04), - TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a), - TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea), - TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b), - TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f), - TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815), - TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39), - TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749), - TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77), - TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61), - TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0), - TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54), - TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614), - TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28), - TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16), - TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb), - TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954), - TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998), - TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc), - TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934), - TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44), - TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a), - TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f), - TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e), - TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d), - TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f), - TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585), - TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239), - TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413), - TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e), - TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28), - TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4), - TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10), - TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33), - TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c), - TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8), - TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2), - TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815), - TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e), - TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c), - TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240), - TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3), - TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb), - TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5), - TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d), - TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f), - TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79), - TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1), - TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0), - TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3), - TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039), - TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab), - TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944), - TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb), - TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf), - TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6), - TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316), - TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789), - TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6), - TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51), - TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017), - TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722), - TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e)}, - {TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3), - TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb), - TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c), - TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b), - TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0), - TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b), - TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080), - TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600), - TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc), - TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026), - TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89), - TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731), - TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79), - TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0), - TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6), - TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668), - TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383), - TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee), - TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f), - TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a), - TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0), - TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa), - TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf), - TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9), - TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc), - TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745), - TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea), - TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a), - TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650), - TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b), - TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989), - TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5), - TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18), - TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c), - TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638), - TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293), - TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857), - TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5), - TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74), - TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582), - TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1), - TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c), - TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef), - TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8), - TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb), - TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f), - TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583), - TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739), - TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344), - TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c), - TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82), - TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba), - TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325), - TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0), - TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791), - TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655), - TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305), - TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6), - TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7), - TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd), - TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab), - TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350), - TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974), - TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1), - TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27), - TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78), - TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996), - TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da), - TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb), - TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77), - TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230), - TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449), - TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f), - TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e), - TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40), - TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2), - TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683), - TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83), - TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2), - TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c), - TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd), - TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804), - TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118), - TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4), - TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051), - TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec), - TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b), - TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493), - TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0), - TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b), - TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4), - TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00), - TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b), - TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953), - TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6), - TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf), - TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80), - TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328), - TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215), - TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61), - TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a), - TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497), - TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0), - TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4), - TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce), - TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56), - TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e), - TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb), - TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf), - TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961), - TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063), - TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c), - TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9), - TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb), - TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1), - TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264), - TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe), - TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0), - TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182), - TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33), - TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46), - TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78), - TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055), - TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90), - TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2), - TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5), - TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b), - TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14), - TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f), - TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0), - TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565), - TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d), - TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea), - TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2), - TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670), - TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d), - TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c), - TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c), - TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33), - TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad), - TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589), - TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd), - TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414), - TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675), - TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048), - TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f), - TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef), - TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97), - TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8), - TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b), - TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a), - TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9), - TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165), - TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da), - TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c), - TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d), - TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd), - TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11), - TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d), - TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb), - TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a), - TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000), - TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9), - TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27), - TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4), - TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193), - TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17), - TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067), - TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da), - TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449), - TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b), - TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943), - TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54), - TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f), - TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53), - TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104), - TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2), - TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903), - TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e), - TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc), - TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037), - TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22), - TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8), - TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e), - TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e), - TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39), - TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498), - TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf), - TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7), - TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a), - TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b), - TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e), - TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff), - TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8), - TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be), - TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c), - TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680), - TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef), - TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8), - TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e), - TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b), - TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201), - TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900), - TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c), - TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0), - TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191), - TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5), - TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89), - TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3), - TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12), - TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf), - TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe), - TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40), - TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936), - TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379), - TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531), - TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44), - TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15), - TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7), - TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7), - TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40), - TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c), - TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e), - TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b), - TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772), - TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47), - TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2), - TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07), - TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63), - TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5), - TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db), - TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e), - TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423), - TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b), - TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459), - TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699), - TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6), - TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777), - TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d), - TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08), - TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a), - TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e), - TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46), - TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22), - TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148), - TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f), - TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab), - TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef), - TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3), - TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91), - TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243), - TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e), - TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b), - TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b), - TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0), - TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d)}, - {TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828), - TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa), - TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17), - TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b), - TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2), - TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff), - TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6), - TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733), - TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35), - TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538), - TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b), - TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80), - TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665), - TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6), - TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c), - TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2), - TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3), - TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996), - TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7), - TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4), - TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde), - TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f), - TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f), - TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd), - TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd), - TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c), - TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6), - TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7), - TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71), - TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11), - TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1), - TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7), - TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29), - TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514), - TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5), - TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19), - TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613), - TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16), - TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5), - TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e), - TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1), - TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a), - TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b), - TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba), - TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee), - TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa), - TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1), - TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836), - TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878), - TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a), - TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f), - TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af), - TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22), - TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b), - TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c), - TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0), - TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634), - TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405), - TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65), - TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e), - TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b), - TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831), - TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029), - TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab), - TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77), - TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e), - TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5), - TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b), - TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a), - TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620), - TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4), - TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428), - TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48), - TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf), - TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584), - TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f), - TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298), - TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d), - TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85), - TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b), - TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26), - TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87), - TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811), - TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592), - TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043), - TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa), - TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82), - TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72), - TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2), - TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba), - TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1), - TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642), - TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce), - TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294), - TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c), - TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949), - TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03), - TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd), - TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd), - TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa), - TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8), - TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db), - TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff), - TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b), - TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75), - TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb), - TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999), - TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108), - TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8), - TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec), - TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229), - TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f), - TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a), - TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29), - TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053), - TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e), - TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df), - TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558), - TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b), - TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff), - TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a), - TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e), - TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43), - TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d), - TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0), - TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43), - TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904), - TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf), - TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4), - TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12), - TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460), - TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c), - TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c), - TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8), - TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4), - TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48), - TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11), - TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9), - TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c), - TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316), - TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c), - TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01), - TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101), - TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572), - TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5), - TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250), - TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c), - TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe), - TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95), - TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8), - TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb), - TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28), - TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96), - TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51), - TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233), - TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005), - TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217), - TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a), - TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f), - TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b), - TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb), - TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761), - TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db), - TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a), - TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06), - TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12), - TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4), - TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20), - TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e), - TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9), - TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad), - TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b), - TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f), - TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed), - TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c), - TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038), - TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536), - TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2), - TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea), - TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843), - TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210), - TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6), - TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff), - TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2), - TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5), - TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e), - TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6), - TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035), - TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04), - TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3), - TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd), - TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea), - TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843), - TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed), - TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e), - TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7), - TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b), - TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754), - TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385), - TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e), - TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed), - TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772), - TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e), - TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850), - TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3), - TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7), - TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354), - TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0), - TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad), - TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b), - TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5), - TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843), - TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4), - TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c), - TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18), - TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040), - TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4), - TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c), - TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963), - TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c), - TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0), - TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4), - TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84), - TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf), - TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17), - TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065), - TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178), - TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5), - TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485), - TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea), - TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea), - TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75), - TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed), - TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22), - TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff), - TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113), - TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b), - TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331), - TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08), - TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c), - TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8), - TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22), - TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295), - TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536), - TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae), - TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb), - TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc), - TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161), - TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98), - TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd), - TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a), - TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1), - TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246), - TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53), - TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707), - TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d)}, - {TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320), - TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae), - TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de), - TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5), - TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e), - TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2), - TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7), - TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f), - TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2), - TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0), - TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e), - TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f), - TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e), - TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef), - TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2), - TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81), - TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75), - TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663), - TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e), - TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e), - TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c), - TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951), - TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d), - TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651), - TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625), - TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a), - TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b), - TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506), - TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a), - TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be), - TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4), - TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13), - TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e), - TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c), - TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931), - TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b), - TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b), - TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d), - TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3), - TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456), - TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e), - TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce), - TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12), - TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16), - TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb), - TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7), - TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f), - TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991), - TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12), - TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2), - TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f), - TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f), - TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523), - TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b), - TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b), - TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5), - TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673), - TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2), - TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c), - TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b), - TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a), - TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540), - TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995), - TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268), - TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e), - TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3), - TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75), - TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6), - TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3), - TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382), - TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d), - TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b), - TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7), - TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061), - TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1), - TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069), - TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247), - TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0), - TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24), - TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da), - TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894), - TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b), - TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9), - TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a), - TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb), - TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05), - TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf), - TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c), - TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc), - TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd), - TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e), - TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1), - TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4), - TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e), - TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64), - TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574), - TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a), - TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae), - TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35), - TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f), - TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c), - TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed), - TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345), - TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c), - TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb), - TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87), - TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a), - TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3), - TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc), - TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c), - TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2), - TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf), - TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946), - TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5), - TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9), - TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52), - TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3), - TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad), - TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96), - TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459), - TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a), - TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7), - TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d), - TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa), - TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142), - TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec), - TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10), - TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1), - TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815), - TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5), - TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464), - TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6), - TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0), - TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963), - TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232), - TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a), - TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af), - TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7), - TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae), - TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981), - TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e), - TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a), - TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9), - TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2), - TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681), - TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9), - TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8), - TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04), - TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472), - TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7), - TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71), - TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954), - TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972), - TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8), - TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4), - TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812), - TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04), - TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e), - TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d), - TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46), - TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52), - TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7), - TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b), - TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2), - TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09), - TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef), - TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6), - TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5), - TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5), - TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac), - TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de), - TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421), - TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b), - TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d), - TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708), - TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df), - TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e), - TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c), - TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e), - TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0), - TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd), - TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27), - TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d), - TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457), - TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d), - TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9), - TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51), - TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f), - TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff), - TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc), - TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1), - TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8), - TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27), - TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566), - TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7), - TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36), - TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8), - TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4), - TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd), - TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256), - TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1), - TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175), - TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c), - TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987), - TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94), - TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240), - TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22), - TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf), - TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5), - TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894), - TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743), - TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb), - TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33), - TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b), - TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59), - TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d), - TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459), - TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278), - TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782), - TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006), - TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2), - TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f), - TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83), - TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c), - TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d), - TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161), - TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513), - TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5), - TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959), - TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f), - TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75), - TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9), - TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c), - TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231), - TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36), - TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e), - TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c), - TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49), - TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef), - TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca), - TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa), - TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c), - TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081), - TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47), - TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9), - TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96), - TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4), - TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847), - TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8), - TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72), - TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf), - TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011), - TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05), - TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58), - TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8), - TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691)}, - {TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da), - TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c), - TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa), - TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7), - TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e), - TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21), - TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025), - TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8), - TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607), - TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82), - TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0), - TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28), - TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562), - TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d), - TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0), - TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1), - TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c), - TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9), - TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085), - TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f), - TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6), - TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f), - TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9), - TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6), - TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1), - TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef), - TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13), - TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577), - TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae), - TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240), - TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39), - TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9), - TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291), - TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8), - TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d), - TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5), - TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e), - TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8), - TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f), - TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae), - TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05), - TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae), - TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced), - TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433), - TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8), - TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d), - TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1), - TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7), - TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6), - TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e), - TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994), - TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d), - TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5), - TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d), - TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b), - TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16), - TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc), - TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a), - TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5), - TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0), - TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7), - TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda), - TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2), - TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413), - TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12), - TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0), - TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65), - TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8), - TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e), - TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d), - TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da), - TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4), - TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f), - TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277), - TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec), - TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9), - TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385), - TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36), - TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a), - TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e), - TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef), - TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b), - TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f), - TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462), - TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd), - TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed), - TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f), - TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e), - TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b), - TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf), - TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2), - TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2), - TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456), - TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e), - TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a), - TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a), - TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57), - TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a), - TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42), - TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3), - TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32), - TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d), - TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909), - TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83), - TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead), - TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8), - TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd), - TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0), - TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d), - TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436), - TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179), - TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845), - TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97), - TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4), - TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d), - TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43), - TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b), - TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff), - TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb), - TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368), - TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26), - TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937), - TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8), - TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40), - TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf), - TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2), - TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a), - TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a), - TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3), - TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3), - TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002), - TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56), - TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7), - TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411), - TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b), - TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3), - TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848), - TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e), - TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72), - TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31), - TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e), - TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68), - TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf), - TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8), - TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b), - TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758), - TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533), - TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b), - TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515), - TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8), - TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885), - TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46), - TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98), - TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3), - TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72), - TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b), - TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477), - TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819), - TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b), - TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838), - TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4), - TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3), - TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718), - TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f), - TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e), - TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1), - TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c), - TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5), - TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1), - TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133), - TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3), - TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff), - TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e), - TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea), - TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec), - TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6), - TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c), - TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39), - TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39), - TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1), - TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921), - TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149), - TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e), - TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781), - TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0), - TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe), - TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30), - TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0), - TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98), - TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651), - TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521), - TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91), - TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2), - TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87), - TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41), - TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5), - TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469), - TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6), - TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8), - TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a), - TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee), - TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31), - TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e), - TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63), - TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8), - TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a), - TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7), - TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f), - TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29), - TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61), - TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e), - TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247), - TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210), - TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947), - TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c), - TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a), - TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793), - TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7), - TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c), - TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7), - TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5), - TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1), - TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da), - TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026), - TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9), - TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146), - TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22), - TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d), - TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771), - TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de), - TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049), - TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678), - TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f), - TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a), - TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c), - TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d), - TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28), - TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7), - TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7), - TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11), - TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd), - TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93), - TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb), - TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d), - TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3), - TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606), - TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89), - TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8), - TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9), - TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7), - TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276), - TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4), - TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454), - TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372), - TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e), - TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f)}, - {TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7), - TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943), - TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362), - TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297), - TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7), - TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0), - TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c), - TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc), - TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf), - TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858), - TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304), - TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900), - TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96), - TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304), - TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b), - TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651), - TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267), - TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65), - TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1), - TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6), - TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab), - TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d), - TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece), - TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac), - TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192), - TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046), - TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352), - TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667), - TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e), - TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57), - TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b), - TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3), - TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704), - TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7), - TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be), - TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291), - TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c), - TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d), - TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c), - TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e), - TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682), - TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799), - TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9), - TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756), - TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e), - TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8), - TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86), - TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836), - TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be), - TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1), - TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d), - TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b), - TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052), - TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48), - TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d), - TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43), - TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961), - TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17), - TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1), - TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed), - TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840), - TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644), - TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e), - TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c), - TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf), - TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867), - TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41), - TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67), - TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77), - TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a), - TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276), - TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b), - TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00), - TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d), - TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842), - TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6), - TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5), - TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544), - TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63), - TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854), - TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601), - TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487), - TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7), - TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f), - TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a), - TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f), - TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74), - TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091), - TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9), - TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63), - TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e), - TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44), - TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de), - TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7), - TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c), - TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28), - TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1), - TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92), - TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46), - TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93), - TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2), - TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056), - TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1), - TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660), - TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45), - TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b), - TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a), - TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac), - TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8), - TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab), - TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51), - TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca), - TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed), - TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3), - TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5), - TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9), - TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94), - TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a), - TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec), - TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491), - TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5), - TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd), - TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9), - TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e), - TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0), - TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f), - TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91), - TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb), - TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28), - TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0), - TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56), - TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49), - TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729), - TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3), - TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc), - TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8), - TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef), - TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2), - TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc), - TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc), - TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d), - TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee), - TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032), - TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812), - TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491), - TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1), - TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc), - TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c), - TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007), - TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d), - TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10), - TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940), - TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b), - TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1), - TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5), - TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d), - TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe), - TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318), - TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca), - TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a), - TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569), - TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e), - TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b), - TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d), - TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78), - TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a), - TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b), - TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4), - TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926), - TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5), - TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772), - TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab), - TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7), - TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b), - TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599), - TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6), - TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9), - TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67), - TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907), - TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad), - TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51), - TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0), - TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff), - TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b), - TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1), - TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a), - TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901), - TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e), - TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c), - TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3), - TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511), - TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d), - TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2), - TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511), - TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c), - TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e), - TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb), - TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249), - TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4), - TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53), - TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583), - TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5), - TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760), - TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1), - TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d), - TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b), - TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5), - TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188), - TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79), - TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef), - TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b), - TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7), - TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e), - TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf), - TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4), - TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341), - TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff), - TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00), - TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8), - TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571), - TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697), - TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd), - TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096), - TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7), - TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13), - TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522), - TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021), - TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff), - TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc), - TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f), - TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee), - TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605), - TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28), - TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0), - TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be), - TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246), - TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93), - TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c), - TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214), - TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04), - TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326), - TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499), - TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f), - TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434), - TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c), - TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532), - TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269), - TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f), - TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554), - TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f), - TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799), - TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12), - TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152), - TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458), - TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc), - TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89)}, - {TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e), - TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de), - TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56), - TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154), - TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078), - TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc), - TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0), - TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9), - TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259), - TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407), - TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f), - TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9), - TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240), - TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca), - TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228), - TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59), - TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88), - TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f), - TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26), - TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf), - TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382), - TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43), - TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4), - TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0), - TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633), - TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea), - TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a), - TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab), - TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27), - TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50), - TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e), - TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf), - TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c), - TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25), - TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5), - TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b), - TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe), - TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee), - TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7), - TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276), - TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a), - TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851), - TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba), - TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66), - TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c), - TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b), - TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61), - TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e), - TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4), - TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb), - TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75), - TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe), - TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80), - TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a), - TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4), - TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a), - TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee), - TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf), - TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1), - TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1), - TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a), - TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331), - TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625), - TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61), - TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4), - TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a), - TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360), - TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b), - TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f), - TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219), - TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5), - TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181), - TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8), - TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c), - TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c), - TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b), - TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7), - TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2), - TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e), - TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8), - TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782), - TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d), - TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4), - TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4), - TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402), - TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372), - TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa), - TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73), - TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167), - TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79), - TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04), - TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a), - TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd), - TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81), - TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1), - TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87), - TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb), - TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6), - TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33), - TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9), - TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55), - TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8), - TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a), - TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39), - TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e), - TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6), - TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d), - TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb), - TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8), - TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1), - TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888), - TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c), - TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41), - TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8), - TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d), - TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab), - TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3), - TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e), - TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4), - TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764), - TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce), - TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f), - TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38), - TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936), - TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93), - TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0), - TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58), - TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a), - TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe), - TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae), - TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28), - TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11), - TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7), - TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73), - TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823), - TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346), - TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256), - TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40), - TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7), - TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec), - TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5), - TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530), - TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac), - TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f), - TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63), - TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15), - TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20), - TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30), - TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba), - TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa), - TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8), - TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6), - TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa), - TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3), - TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa), - TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c), - TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e), - TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872), - TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618), - TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514), - TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79), - TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3), - TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8), - TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0), - TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc), - TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036), - TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7), - TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec), - TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911), - TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1), - TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27), - TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe), - TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d), - TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42), - TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05), - TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33), - TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0), - TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111), - TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007), - TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de), - TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6), - TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5), - TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7), - TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160), - TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32), - TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f), - TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112), - TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6), - TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54), - TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5), - TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe), - TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400), - TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed), - TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69), - TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1), - TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29), - TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771), - TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678), - TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5), - TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c), - TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b), - TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea), - TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99), - TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55), - TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15), - TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95), - TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa), - TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da), - TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce), - TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254), - TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855), - TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc), - TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762), - TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236), - TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979), - TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64), - TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309), - TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8), - TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672), - TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff), - TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4), - TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e), - TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4), - TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa), - TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328), - TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c), - TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014), - TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf), - TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f), - TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad), - TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08), - TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199), - TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b), - TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd), - TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14), - TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158), - TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1), - TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd), - TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a), - TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2), - TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150), - TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719), - TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb), - TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3), - TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b), - TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe), - TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7), - TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec), - TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646), - TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a), - TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66), - TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de), - TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24), - TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04), - TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81), - TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca)}, - {TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728), - TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d), - TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf), - TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2), - TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413), - TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7), - TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5), - TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089), - TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b), - TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07), - TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682), - TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6), - TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33), - TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd), - TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac), - TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c), - TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0), - TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241), - TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363), - TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3), - TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168), - TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02), - TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac), - TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d), - TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc), - TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649), - TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7), - TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef), - TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae), - TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c), - TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52), - TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558), - TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c), - TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c), - TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec), - TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4), - TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259), - TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1), - TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c), - TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c), - TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4), - TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3), - TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2), - TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a), - TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184), - TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00), - TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4), - TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828), - TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d), - TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478), - TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0), - TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8), - TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541), - TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be), - TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a), - TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216), - TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86), - TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128), - TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf), - TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2), - TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a), - TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84), - TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e), - TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0), - TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6), - TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16), - TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2), - TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849), - TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14), - TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644), - TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2), - TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5), - TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550), - TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1), - TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d), - TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8), - TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13), - TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d), - TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d), - TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af), - TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88), - TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d), - TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2), - TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984), - TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca), - TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40), - TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b), - TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239), - TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8), - TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe), - TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279), - TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae), - TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8), - TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab), - TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f), - TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e), - TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc), - TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e), - TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622), - TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2), - TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161), - TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6), - TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0), - TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34), - TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb), - TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b), - TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d), - TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567), - TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6), - TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff), - TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122), - TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942), - TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69), - TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa), - TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e), - TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326), - TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70), - TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1), - TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed), - TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331), - TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a), - TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7), - TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2), - TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993), - TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5), - TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d), - TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f), - TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887), - TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5), - TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56), - TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73), - TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a), - TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036), - TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162), - TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5), - TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5), - TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b), - TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1), - TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389), - TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde), - TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac), - TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768), - TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc), - TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279), - TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca), - TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba), - TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a), - TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb), - TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500), - TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476), - TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa), - TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c), - TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28), - TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34), - TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a), - TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e), - TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae), - TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f), - TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e), - TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf), - TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0), - TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854), - TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab), - TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f), - TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03), - TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720), - TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495), - TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef), - TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef), - TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349), - TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825), - TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a), - TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3), - TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5), - TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7), - TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c), - TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792), - TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2), - TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d), - TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9), - TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad), - TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854), - TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4), - TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70), - TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997), - TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52), - TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2), - TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2), - TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232), - TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca), - TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8), - TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72), - TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905), - TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42), - TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642), - TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b), - TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c), - TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed), - TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e), - TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd), - TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693), - TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f), - TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3), - TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130), - TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895), - TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b), - TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9), - TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5), - TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45), - TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df), - TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25), - TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1), - TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5), - TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf), - TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54), - TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384), - TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75), - TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb), - TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9), - TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844), - TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66), - TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6), - TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f), - TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a), - TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511), - TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee), - TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9), - TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff), - TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3), - TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12), - TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16), - TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36), - TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f), - TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429), - TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c), - TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2), - TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f), - TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843), - TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622), - TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37), - TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f), - TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f), - TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a), - TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7), - TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335), - TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9), - TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0), - TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49), - TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244), - TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd), - TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6), - TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978), - TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7), - TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4), - TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac), - TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63)}, - {TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046), - TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d), - TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa), - TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746), - TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e), - TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19), - TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2), - TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d), - TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427), - TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77), - TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9), - TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0), - TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8), - TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0), - TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05), - TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1), - TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62), - TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99), - TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61), - TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1), - TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5), - TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685), - TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771), - TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81), - TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898), - TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11), - TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4), - TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b), - TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e), - TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26), - TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f), - TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab), - TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603), - TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77), - TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2), - TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980), - TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee), - TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326), - TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6), - TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5), - TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e), - TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9), - TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591), - TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d), - TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb), - TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac), - TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e), - TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b), - TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc), - TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3), - TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c), - TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8), - TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174), - TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081), - TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2), - TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53), - TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be), - TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf), - TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6), - TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464), - TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63), - TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d), - TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c), - TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f), - TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a), - TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222), - TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea), - TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac), - TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886), - TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8), - TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e), - TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a), - TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5), - TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800), - TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494), - TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203), - TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375), - TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d), - TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b), - TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3), - TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb), - TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b), - TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac), - TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739), - TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f), - TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee), - TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7), - TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a), - TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814), - TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5), - TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe), - TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885), - TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6), - TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8), - TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70), - TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef), - TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96), - TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d), - TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e), - TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61), - TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976), - TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe), - TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d), - TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5), - TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a), - TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447), - TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2), - TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c), - TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746), - TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4), - TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985), - TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e), - TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9), - TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef), - TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6), - TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4), - TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda), - TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960), - TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7), - TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327), - TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1), - TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc), - TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e), - TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07), - TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e), - TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0), - TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8), - TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b), - TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e), - TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33), - TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa), - TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b), - TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690), - TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7), - TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc), - TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9), - TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059), - TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b), - TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1), - TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b), - TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56), - TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed), - TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af), - TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a), - TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a), - TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd), - TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e), - TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4), - TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248), - TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382), - TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9), - TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f), - TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d), - TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9), - TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506), - TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce), - TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91), - TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8), - TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4), - TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b), - TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be), - TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41), - TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a), - TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35), - TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478), - TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8), - TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0), - TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832), - TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b), - TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047), - TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423), - TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac), - TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb), - TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734), - TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493), - TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf), - TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7), - TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f), - TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc), - TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47), - TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea), - TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62), - TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993), - TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8), - TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab), - TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2), - TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d), - TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f), - TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c), - TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067), - TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097), - TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e), - TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0), - TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162), - TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042), - TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5), - TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c), - TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0), - TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2), - TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711), - TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d), - TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a), - TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d), - TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548), - TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba), - TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827), - TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a), - TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1), - TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4), - TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195), - TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65), - TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07), - TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b), - TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1), - TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4), - TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea), - TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7), - TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22), - TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60), - TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c), - TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21), - TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676), - TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b), - TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee), - TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1), - TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98), - TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb), - TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06), - TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9), - TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f), - TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1), - TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6), - TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3), - TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635), - TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120), - TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3), - TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520), - TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf), - TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a), - TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848), - TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6), - TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc), - TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc), - TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6), - TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae), - TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d), - TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317), - TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a), - TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee), - TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7), - TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b), - TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8), - TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e), - TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792), - TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5), - TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4)}, - {TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603), - TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129), - TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c), - TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca), - TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e), - TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8), - TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8), - TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038), - TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a), - TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109), - TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43), - TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3), - TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc), - TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4), - TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3), - TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97), - TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9), - TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb), - TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b), - TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e), - TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07), - TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270), - TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b), - TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f), - TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb), - TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997), - TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a), - TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5), - TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb), - TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a), - TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586), - TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018), - TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b), - TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739), - TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962), - TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b), - TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257), - TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8), - TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f), - TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa), - TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467), - TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665), - TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a), - TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f), - TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a), - TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8), - TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3), - TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00), - TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b), - TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52), - TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f), - TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975), - TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc), - TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323), - TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9), - TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35), - TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1), - TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d), - TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb), - TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c), - TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266), - TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf), - TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf), - TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd), - TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1), - TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110), - TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3), - TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28), - TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531), - TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8), - TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a), - TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83), - TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a), - TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d), - TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783), - TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4), - TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203), - TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc), - TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a), - TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7), - TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287), - TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c), - TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70), - TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c), - TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8), - TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4), - TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f), - TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9), - TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366), - TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b), - TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01), - TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd), - TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da), - TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e), - TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465), - TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5), - TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1), - TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c), - TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217), - TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955), - TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124), - TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775), - TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a), - TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29), - TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800), - TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194), - TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6), - TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c), - TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26), - TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724), - TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026), - TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114), - TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0), - TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262), - TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b), - TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd), - TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26), - TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f), - TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909), - TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc), - TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078), - TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b), - TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406), - TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f), - TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8), - TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b), - TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22), - TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af), - TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859), - TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a), - TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819), - TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d), - TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313), - TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408), - TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed), - TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69), - TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f), - TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00), - TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7), - TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f), - TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534), - TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78), - TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125), - TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7), - TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08), - TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd), - TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b), - TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f), - TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235), - TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28), - TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2), - TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed), - TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45), - TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744), - TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a), - TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c), - TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd), - TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312), - TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830), - TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5), - TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345), - TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462), - TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe), - TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79), - TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f), - TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a), - TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c), - TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d), - TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889), - TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f), - TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182), - TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736), - TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65), - TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747), - TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68), - TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb), - TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497), - TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d), - TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416), - TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272), - TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db), - TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57), - TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104), - TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc), - TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6), - TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0), - TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e), - TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2), - TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e), - TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e), - TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04), - TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614), - TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09), - TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b), - TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f), - TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd), - TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e), - TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd), - TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6), - TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0), - TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623), - TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01), - TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92), - TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804), - TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a), - TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d), - TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe), - TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a), - TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4), - TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e), - TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4), - TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489), - TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5), - TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62), - TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643), - TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e), - TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a), - TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3), - TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398), - TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7), - TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74), - TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799), - TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d), - TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280), - TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28), - TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c), - TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b), - TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c), - TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0), - TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae), - TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10), - TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e), - TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae), - TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e), - TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15), - TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8), - TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c), - TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2), - TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b), - TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1), - TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb), - TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670), - TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef), - TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb), - TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49), - TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a), - TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e), - TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa), - TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335), - TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632), - TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660), - TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c), - TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99), - TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4), - TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e), - TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)}}; diff --git a/crypto/fipsmodule/ec/ecp_nistz384.inl b/crypto/fipsmodule/ec/ecp_nistz384.inl index 12fc9d9..c686547 100644 --- a/crypto/fipsmodule/ec/ecp_nistz384.inl +++ b/crypto/fipsmodule/ec/ecp_nistz384.inl @@ -29,7 +29,7 @@ #endif /* Point double: r = 2*a */ -void GFp_nistz384_point_double(P384_POINT *r, const P384_POINT *a) { +void nistz384_point_double(P384_POINT *r, const P384_POINT *a) { BN_ULONG S[P384_LIMBS]; BN_ULONG M[P384_LIMBS]; BN_ULONG Zsqr[P384_LIMBS]; @@ -74,7 +74,7 @@ void GFp_nistz384_point_double(P384_POINT *r, const P384_POINT *a) { } /* Point addition: r = a+b */ -void GFp_nistz384_point_add(P384_POINT *r, const P384_POINT *a, +void nistz384_point_add(P384_POINT *r, const P384_POINT *a, const P384_POINT *b) { BN_ULONG U2[P384_LIMBS], S2[P384_LIMBS]; BN_ULONG U1[P384_LIMBS], S1[P384_LIMBS]; @@ -117,7 +117,7 @@ void GFp_nistz384_point_add(P384_POINT *r, const P384_POINT *a, BN_ULONG is_exceptional = is_equal(U1, U2) & ~in1infty & ~in2infty; if (is_exceptional) { if (is_equal(S1, S2)) { - GFp_nistz384_point_double(r, a); + nistz384_point_double(r, a); } else { limbs_zero(r->X, P384_LIMBS); limbs_zero(r->Y, P384_LIMBS); @@ -164,25 +164,25 @@ static void add_precomputed_w5(P384_POINT *r, crypto_word wvalue, booth_recode(&recoded_is_negative, &recoded, wvalue, 5); alignas(64) P384_POINT h; - gfp_p384_point_select_w5(&h, table, recoded); + p384_point_select_w5(&h, table, recoded); alignas(64) BN_ULONG tmp[P384_LIMBS]; - GFp_p384_elem_neg(tmp, h.Y); + p384_elem_neg(tmp, h.Y); copy_conditional(h.Y, tmp, recoded_is_negative); - GFp_nistz384_point_add(r, r, &h); + nistz384_point_add(r, r, &h); } /* r = p * p_scalar */ -void GFp_nistz384_point_mul(P384_POINT *r, const BN_ULONG p_scalar[P384_LIMBS], +void nistz384_point_mul(P384_POINT *r, const BN_ULONG p_scalar[P384_LIMBS], const BN_ULONG p_x[P384_LIMBS], const BN_ULONG p_y[P384_LIMBS]) { static const size_t kWindowSize = 5; static const crypto_word kMask = (1 << (5 /* kWindowSize */ + 1)) - 1; uint8_t p_str[(P384_LIMBS * sizeof(Limb)) + 1]; - gfp_little_endian_bytes_from_scalar(p_str, sizeof(p_str) / sizeof(p_str[0]), - p_scalar, P384_LIMBS); + little_endian_bytes_from_scalar(p_str, sizeof(p_str) / sizeof(p_str[0]), + p_scalar, P384_LIMBS); /* A |P384_POINT| is (3 * 48) = 144 bytes, and the 64-byte alignment should * add no more than 63 bytes of overhead. Thus, |table| should require @@ -198,21 +198,21 @@ void GFp_nistz384_point_mul(P384_POINT *r, const BN_ULONG p_scalar[P384_LIMBS], limbs_copy(row[1 - 1].Y, p_y, P384_LIMBS); limbs_copy(row[1 - 1].Z, ONE, P384_LIMBS); - GFp_nistz384_point_double(&row[2 - 1], &row[1 - 1]); - GFp_nistz384_point_add(&row[3 - 1], &row[2 - 1], &row[1 - 1]); - GFp_nistz384_point_double(&row[4 - 1], &row[2 - 1]); - GFp_nistz384_point_double(&row[6 - 1], &row[3 - 1]); - GFp_nistz384_point_double(&row[8 - 1], &row[4 - 1]); - GFp_nistz384_point_double(&row[12 - 1], &row[6 - 1]); - GFp_nistz384_point_add(&row[5 - 1], &row[4 - 1], &row[1 - 1]); - GFp_nistz384_point_add(&row[7 - 1], &row[6 - 1], &row[1 - 1]); - GFp_nistz384_point_add(&row[9 - 1], &row[8 - 1], &row[1 - 1]); - GFp_nistz384_point_add(&row[13 - 1], &row[12 - 1], &row[1 - 1]); - GFp_nistz384_point_double(&row[14 - 1], &row[7 - 1]); - GFp_nistz384_point_double(&row[10 - 1], &row[5 - 1]); - GFp_nistz384_point_add(&row[15 - 1], &row[14 - 1], &row[1 - 1]); - GFp_nistz384_point_add(&row[11 - 1], &row[10 - 1], &row[1 - 1]); - GFp_nistz384_point_double(&row[16 - 1], &row[8 - 1]); + nistz384_point_double(&row[2 - 1], &row[1 - 1]); + nistz384_point_add(&row[3 - 1], &row[2 - 1], &row[1 - 1]); + nistz384_point_double(&row[4 - 1], &row[2 - 1]); + nistz384_point_double(&row[6 - 1], &row[3 - 1]); + nistz384_point_double(&row[8 - 1], &row[4 - 1]); + nistz384_point_double(&row[12 - 1], &row[6 - 1]); + nistz384_point_add(&row[5 - 1], &row[4 - 1], &row[1 - 1]); + nistz384_point_add(&row[7 - 1], &row[6 - 1], &row[1 - 1]); + nistz384_point_add(&row[9 - 1], &row[8 - 1], &row[1 - 1]); + nistz384_point_add(&row[13 - 1], &row[12 - 1], &row[1 - 1]); + nistz384_point_double(&row[14 - 1], &row[7 - 1]); + nistz384_point_double(&row[10 - 1], &row[5 - 1]); + nistz384_point_add(&row[15 - 1], &row[14 - 1], &row[1 - 1]); + nistz384_point_add(&row[11 - 1], &row[10 - 1], &row[1 - 1]); + nistz384_point_double(&row[16 - 1], &row[8 - 1]); static const size_t START_INDEX = 384 - 4; size_t index = START_INDEX; @@ -226,7 +226,7 @@ void GFp_nistz384_point_mul(P384_POINT *r, const BN_ULONG p_scalar[P384_LIMBS], booth_recode(&recoded_is_negative, &recoded, wvalue, 5); dev_assert_secret(!recoded_is_negative); - gfp_p384_point_select_w5(r, table, recoded); + p384_point_select_w5(r, table, recoded); while (index >= kWindowSize) { if (index != START_INDEX) { @@ -239,11 +239,11 @@ void GFp_nistz384_point_mul(P384_POINT *r, const BN_ULONG p_scalar[P384_LIMBS], index -= kWindowSize; - GFp_nistz384_point_double(r, r); - GFp_nistz384_point_double(r, r); - GFp_nistz384_point_double(r, r); - GFp_nistz384_point_double(r, r); - GFp_nistz384_point_double(r, r); + nistz384_point_double(r, r); + nistz384_point_double(r, r); + nistz384_point_double(r, r); + nistz384_point_double(r, r); + nistz384_point_double(r, r); } /* Final window */ diff --git a/crypto/fipsmodule/ec/gfp_p256.c b/crypto/fipsmodule/ec/gfp_p256.c index 60678ec..35cddb5 100644 --- a/crypto/fipsmodule/ec/gfp_p256.c +++ b/crypto/fipsmodule/ec/gfp_p256.c @@ -12,28 +12,18 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "ecp_nistz256.h" +#include "./p256_shared.h" + #include "../../limbs/limbs.h" -#include "../../internal.h" -#include "../bn/internal.h" -#include "../../limbs/limbs.inl" +#if !defined(OPENSSL_USE_NISTZ256) -typedef Limb Elem[P256_LIMBS]; typedef Limb ScalarMont[P256_LIMBS]; typedef Limb Scalar[P256_LIMBS]; -void GFp_p256_scalar_sqr_rep_mont(ScalarMont r, const ScalarMont a, Limb rep); - -#if defined(OPENSSL_ARM) || defined(OPENSSL_X86) -void GFp_nistz256_sqr_mont(Elem r, const Elem a) { - /* XXX: Inefficient. TODO: optimize with dedicated squaring routine. */ - GFp_nistz256_mul_mont(r, a, a); -} -#endif +#include "../bn/internal.h" -#if !defined(OPENSSL_X86_64) -void GFp_p256_scalar_mul_mont(ScalarMont r, const ScalarMont a, +void p256_scalar_mul_mont(ScalarMont r, const ScalarMont a, const ScalarMont b) { static const BN_ULONG N[] = { TOBN(0xf3b9cac2, 0xfc632551), @@ -45,64 +35,16 @@ void GFp_p256_scalar_mul_mont(ScalarMont r, const ScalarMont a, BN_MONT_CTX_N0(0xccd1c8aa, 0xee00bc4f) }; /* XXX: Inefficient. TODO: optimize with dedicated multiplication routine. */ - GFp_bn_mul_mont(r, a, b, N, N_N0, P256_LIMBS); -} -#endif - -#if defined(OPENSSL_X86_64) -void GFp_p256_scalar_sqr_mont(ScalarMont r, const ScalarMont a) { - GFp_p256_scalar_sqr_rep_mont(r, a, 1); -} -#else -void GFp_p256_scalar_sqr_mont(ScalarMont r, const ScalarMont a) { - GFp_p256_scalar_mul_mont(r, a, a); + bn_mul_mont(r, a, b, N, N_N0, P256_LIMBS); } -void GFp_p256_scalar_sqr_rep_mont(ScalarMont r, const ScalarMont a, Limb rep) { +/* XXX: Inefficient. TODO: optimize with dedicated squaring routine. */ +void p256_scalar_sqr_rep_mont(ScalarMont r, const ScalarMont a, Limb rep) { dev_assert_secret(rep >= 1); - GFp_p256_scalar_sqr_mont(r, a); + p256_scalar_mul_mont(r, a, a); for (Limb i = 1; i < rep; ++i) { - GFp_p256_scalar_sqr_mont(r, r); + p256_scalar_mul_mont(r, r, r); } } -#endif - - -#if !defined(OPENSSL_X86_64) - -/* TODO(perf): Optimize these. */ - -void GFp_nistz256_select_w5(P256_POINT *out, const P256_POINT table[16], - crypto_word index) { - dev_assert_secret(index >= 0); - - alignas(32) Elem x; limbs_zero(x, P256_LIMBS); - alignas(32) Elem y; limbs_zero(y, P256_LIMBS); - alignas(32) Elem z; limbs_zero(z, P256_LIMBS); - - // TODO: Rewrite in terms of |limbs_select|. - for (size_t i = 0; i < 16; ++i) { - crypto_word equal = constant_time_eq_w(index, (crypto_word)i + 1); - for (size_t j = 0; j < P256_LIMBS; ++j) { - x[j] = constant_time_select_w(equal, table[i].X[j], x[j]); - y[j] = constant_time_select_w(equal, table[i].Y[j], y[j]); - z[j] = constant_time_select_w(equal, table[i].Z[j], z[j]); - } - } - - limbs_copy(out->X, x, P256_LIMBS); - limbs_copy(out->Y, y, P256_LIMBS); - limbs_copy(out->Z, z, P256_LIMBS); -} - -#if defined GFp_USE_LARGE_TABLE -void GFp_nistz256_select_w7(P256_POINT_AFFINE *out, - const PRECOMP256_ROW table, crypto_word index) { - alignas(32) Limb xy[P256_LIMBS * 2]; - limbs_select(xy, table, P256_LIMBS * 2, 64, index - 1); - limbs_copy(out->X, &xy[0], P256_LIMBS); - limbs_copy(out->Y, &xy[P256_LIMBS], P256_LIMBS); -} -#endif #endif diff --git a/crypto/fipsmodule/ec/gfp_p384.c b/crypto/fipsmodule/ec/gfp_p384.c index 820fac4..a03c4ed 100644 --- a/crypto/fipsmodule/ec/gfp_p384.c +++ b/crypto/fipsmodule/ec/gfp_p384.c @@ -159,7 +159,7 @@ static inline void elem_mul_mont(Elem r, const Elem a, const Elem b) { BN_MONT_CTX_N0(0x1, 0x1) }; /* XXX: Not (clearly) constant-time; inefficient.*/ - GFp_bn_mul_mont(r, a, b, Q, Q_N0, P384_LIMBS); + bn_mul_mont(r, a, b, Q, Q_N0, P384_LIMBS); } static inline void elem_mul_by_2(Elem r, const Elem a) { @@ -178,23 +178,19 @@ static inline void elem_sqr_mont(Elem r, const Elem a) { elem_mul_mont(r, a, a); } -void GFp_p384_elem_add(Elem r, const Elem a, const Elem b) { - elem_add(r, a, b); -} - -void GFp_p384_elem_sub(Elem r, const Elem a, const Elem b) { +void p384_elem_sub(Elem r, const Elem a, const Elem b) { elem_sub(r, a, b); } -void GFp_p384_elem_div_by_2(Elem r, const Elem a) { +void p384_elem_div_by_2(Elem r, const Elem a) { elem_div_by_2(r, a); } -void GFp_p384_elem_mul_mont(Elem r, const Elem a, const Elem b) { +void p384_elem_mul_mont(Elem r, const Elem a, const Elem b) { elem_mul_mont(r, a, b); } -void GFp_p384_elem_neg(Elem r, const Elem a) { +void p384_elem_neg(Elem r, const Elem a) { Limb is_zero = LIMBS_are_zero(a, P384_LIMBS); Carry borrow = limbs_sub(r, Q, a, P384_LIMBS); dev_assert_secret(borrow == 0); @@ -205,19 +201,19 @@ void GFp_p384_elem_neg(Elem r, const Elem a) { } -void GFp_p384_scalar_mul_mont(ScalarMont r, const ScalarMont a, +void p384_scalar_mul_mont(ScalarMont r, const ScalarMont a, const ScalarMont b) { static const BN_ULONG N_N0[] = { BN_MONT_CTX_N0(0x6ed46089, 0xe88fdc45) }; /* XXX: Inefficient. TODO: Add dedicated multiplication routine. */ - GFp_bn_mul_mont(r, a, b, N, N_N0, P384_LIMBS); + bn_mul_mont(r, a, b, N, N_N0, P384_LIMBS); } /* TODO(perf): Optimize this. */ -static void gfp_p384_point_select_w5(P384_POINT *out, +static void p384_point_select_w5(P384_POINT *out, const P384_POINT table[16], size_t index) { Elem x; limbs_zero(x, P384_LIMBS); Elem y; limbs_zero(y, P384_LIMBS); diff --git a/crypto/fipsmodule/ec/p256-x86_64-table.h b/crypto/fipsmodule/ec/p256-x86_64-table.h new file mode 100644 index 0000000..3af0b01 --- /dev/null +++ b/crypto/fipsmodule/ec/p256-x86_64-table.h @@ -0,0 +1,9497 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2015, Intel Inc. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +// This is the precomputed constant time access table for the code in +// p256-x86_64.c, for the default generator. The table consists of 37 +// subtables, each subtable contains 64 affine points. The affine points are +// encoded as eight uint64's, four for the x coordinate and four for the y. +// Both values are in little-endian order. There are 37 tables because a +// signed, 6-bit wNAF form of the scalar is used and ceil(256/(6 + 1)) = 37. +// Within each table there are 64 values because the 6-bit wNAF value can take +// 64 values, ignoring the sign bit, which is implemented by performing a +// negation of the affine point when required. We would like to align it to 2MB +// in order to increase the chances of using a large page but that appears to +// lead to invalid ELF files being produced. + +// This file is generated by make_tables.go. + +static const alignas(4096) PRECOMP256_ROW ecp_nistz256_precomputed[37] = { + {{{TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), + TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)}, + {TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), + TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85)}}, + {{TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d), + TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b)}, + {TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8), + TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b)}}, + {{TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb), + TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e)}, + {TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a), + TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07)}}, + {{TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173), + TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b)}, + {TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447), + TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863)}}, + {{TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d), + TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8)}, + {TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b), + TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916)}}, + {{TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e), + TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673)}, + {TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5), + TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f)}}, + {{TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7), + TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03)}, + {TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd), + TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867)}}, + {{TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455), + TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d)}, + {TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15), + TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76)}}, + {{TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841), + TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b)}, + {TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3), + TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b)}}, + {{TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139), + TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f)}, + {TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08), + TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5)}}, + {{TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0), + TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073)}, + {TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8), + TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e)}}, + {{TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33), + TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156)}, + {TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637), + TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca)}}, + {{TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d), + TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759)}, + {TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3), + TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797)}}, + {{TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3), + TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e)}, + {TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2), + TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb)}}, + {{TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b), + TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09)}, + {TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25), + TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4)}}, + {{TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b), + TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723)}, + {TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587), + TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220)}}, + {{TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b), + TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e)}, + {TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e), + TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0)}}, + {{TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e), + TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda)}, + {TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c), + TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d)}}, + {{TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e), + TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc)}, + {TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5), + TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b)}}, + {{TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc), + TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e)}, + {TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae), + TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0)}}, + {{TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d), + TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc)}, + {TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61), + TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3)}}, + {{TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a), + TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4)}, + {TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4), + TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074)}}, + {{TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e), + TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42)}, + {TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a), + TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f)}}, + {{TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35), + TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115)}, + {TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356), + TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a)}}, + {{TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0), + TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e)}, + {TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950), + TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968)}}, + {{TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538), + TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10)}, + {TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508), + TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7)}}, + {{TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313), + TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a)}, + {TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58), + TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31)}}, + {{TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892), + TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97)}, + {TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68), + TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278)}}, + {{TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880), + TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48)}, + {TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3), + TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b)}}, + {{TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1), + TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c)}, + {TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a), + TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72)}}, + {{TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6), + TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4)}, + {TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028), + TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745)}}, + {{TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf), + TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4)}, + {TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908), + TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4)}}, + {{TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103), + TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c)}, + {TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef), + TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4)}}, + {{TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d), + TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64)}, + {TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92), + TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8)}}, + {{TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7), + TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521)}, + {TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5), + TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8)}}, + {{TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f), + TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3)}, + {TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13), + TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526)}}, + {{TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55), + TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb)}, + {TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850), + TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8)}}, + {{TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce), + TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c)}, + {TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409), + TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d)}}, + {{TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346), + TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac)}, + {TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876), + TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408)}}, + {{TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c), + TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227)}, + {TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34), + TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f)}}, + {{TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822), + TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f)}, + {TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47), + TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b)}}, + {{TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7), + TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43)}, + {TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae), + TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d)}}, + {{TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa), + TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994)}, + {TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8), + TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0)}}, + {{TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb), + TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291)}, + {TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f), + TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a)}}, + {{TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18), + TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278)}, + {TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5), + TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5)}}, + {{TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba), + TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc)}, + {TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b), + TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865)}}, + {{TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906), + TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd)}, + {TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13), + TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27)}}, + {{TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0), + TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad)}, + {TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7), + TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2)}}, + {{TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909), + TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b)}, + {TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a), + TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36)}}, + {{TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278), + TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7)}, + {TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96), + TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13)}}, + {{TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f), + TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443)}, + {TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65), + TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d)}}, + {{TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0), + TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542)}, + {TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562), + TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d)}}, + {{TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679), + TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0)}, + {TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2), + TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283)}}, + {{TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f), + TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851)}, + {TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa), + TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb)}}, + {{TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6), + TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd)}, + {TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4), + TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4)}}, + {{TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a), + TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63)}, + {TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b), + TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08)}}, + {{TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29), + TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc)}, + {TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a), + TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626)}}, + {{TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf), + TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd)}, + {TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad), + TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741)}}, + {{TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1), + TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7)}, + {TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea), + TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b)}}, + {{TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7), + TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915)}, + {TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c), + TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832)}}, + {{TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84), + TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa)}, + {TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d), + TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3)}}, + {{TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7), + TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413)}, + {TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e), + TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009)}}, + {{TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed), + TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d)}, + {TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197), + TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70)}}, + {{TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9), + TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7)}, + {TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82), + TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)}}}, + {{{TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54), + TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617)}, + {TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff), + TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188)}}, + {{TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d), + TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c)}, + {TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5), + TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53)}}, + {{TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5), + TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6)}, + {TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3), + TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656)}}, + {{TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5), + TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290)}, + {TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d), + TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108)}}, + {{TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be), + TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502)}, + {TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220), + TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a)}}, + {{TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3), + TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4)}, + {TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd), + TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2)}}, + {{TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95), + TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0)}, + {TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda), + TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232)}}, + {{TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf), + TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863)}, + {TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd), + TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f)}}, + {{TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298), + TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c)}, + {TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78), + TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2)}}, + {{TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8), + TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014)}, + {TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30), + TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb)}}, + {{TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638), + TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec)}, + {TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314), + TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868)}}, + {{TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146), + TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e)}, + {TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f), + TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435)}}, + {{TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2), + TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808)}, + {TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3), + TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd)}}, + {{TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90), + TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60)}, + {TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347), + TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2)}}, + {{TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957), + TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec)}, + {TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3), + TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e)}}, + {{TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509), + TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45)}, + {TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d), + TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f)}}, + {{TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f), + TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85)}, + {TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54), + TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f)}}, + {{TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0), + TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6)}, + {TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787), + TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8)}}, + {{TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d), + TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176)}, + {TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc), + TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1)}}, + {{TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701), + TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442)}, + {TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30), + TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959)}}, + {{TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f), + TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f)}, + {TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be), + TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac)}}, + {{TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295), + TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c)}, + {TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241), + TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97)}}, + {{TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a), + TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f)}, + {TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0), + TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f)}}, + {{TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678), + TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48)}, + {TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948), + TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184)}}, + {{TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6), + TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f)}, + {TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52), + TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369)}}, + {{TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd), + TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887)}, + {TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682), + TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6)}}, + {{TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901), + TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef)}, + {TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549), + TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9)}}, + {{TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f), + TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c)}, + {TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278), + TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f)}}, + {{TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd), + TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04)}, + {TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad), + TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084)}}, + {{TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5), + TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723)}, + {TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd), + TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9)}}, + {{TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2), + TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c)}, + {TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24), + TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2)}}, + {{TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf), + TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da)}, + {TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad), + TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9)}}, + {{TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254), + TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39)}, + {TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6), + TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09)}}, + {{TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3), + TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc)}, + {TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1), + TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6)}}, + {{TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b), + TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec)}, + {TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14), + TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1)}}, + {{TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1), + TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09)}, + {TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e), + TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331)}}, + {{TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830), + TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da)}, + {TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0), + TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7)}}, + {{TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be), + TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb)}, + {TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1), + TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a)}}, + {{TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d), + TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b)}, + {TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d), + TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8)}}, + {{TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a), + TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272)}, + {TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82), + TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525)}}, + {{TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3), + TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a)}, + {TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159), + TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32)}}, + {{TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb), + TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4)}, + {TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01), + TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f)}}, + {{TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a), + TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120)}, + {TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b), + TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1)}}, + {{TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17), + TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c)}, + {TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3), + TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7)}}, + {{TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043), + TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2)}, + {TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4), + TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084)}}, + {{TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546), + TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd)}, + {TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7), + TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715)}}, + {{TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93), + TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e)}, + {TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26), + TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa)}}, + {{TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681), + TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663)}, + {TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce), + TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607)}}, + {{TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c), + TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72)}, + {TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992), + TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8)}}, + {{TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485), + TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7)}, + {TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50), + TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253)}}, + {{TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04), + TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1)}, + {TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13), + TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce)}}, + {{TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13), + TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe)}, + {TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747), + TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a)}}, + {{TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da), + TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b)}, + {TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0), + TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26)}}, + {{TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4), + TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621)}, + {TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3), + TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0)}}, + {{TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de), + TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228)}, + {TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa), + TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d)}}, + {{TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381), + TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb)}, + {TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9), + TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407)}}, + {{TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748), + TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb)}, + {TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661), + TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f)}}, + {{TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c), + TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45)}, + {TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19), + TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45)}}, + {{TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc), + TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131)}, + {TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980), + TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663)}}, + {{TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42), + TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589)}, + {TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212), + TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76)}}, + {{TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e), + TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5)}, + {TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee), + TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd)}}, + {{TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d), + TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e)}, + {TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773), + TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3)}}, + {{TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c), + TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0)}, + {TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545), + TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4)}}, + {{TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182), + TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085)}, + {TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b), + TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)}}}, + {{{TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8), + TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551)}, + {TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164), + TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38)}}, + {{TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0), + TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825)}, + {TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b), + TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a)}}, + {{TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35), + TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699)}, + {TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562), + TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6)}}, + {{TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e), + TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219)}, + {TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf), + TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415)}}, + {{TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012), + TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d)}, + {TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334), + TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f)}}, + {{TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18), + TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7)}, + {TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0), + TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151)}}, + {{TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af), + TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3)}, + {TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5), + TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514)}}, + {{TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142), + TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922)}, + {TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1), + TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b)}}, + {{TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d), + TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8)}, + {TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69), + TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1)}}, + {{TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5), + TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41)}, + {TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9), + TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63)}}, + {{TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b), + TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f)}, + {TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b), + TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440)}}, + {{TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72), + TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5)}, + {TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900), + TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a)}}, + {{TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c), + TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf)}, + {TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981), + TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe)}}, + {{TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031), + TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d)}, + {TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4), + TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88)}}, + {{TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8), + TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6)}, + {TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03), + TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51)}}, + {{TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f), + TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f)}, + {TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e), + TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53)}}, + {{TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c), + TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e)}, + {TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef), + TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d)}}, + {{TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de), + TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36)}, + {TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8), + TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82)}}, + {{TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e), + TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee)}, + {TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26), + TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e)}}, + {{TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337), + TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590)}, + {TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249), + TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b)}}, + {{TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6), + TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823)}, + {TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71), + TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91)}}, + {{TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273), + TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067)}, + {TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e), + TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530)}}, + {{TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606), + TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303)}, + {TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd), + TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a)}}, + {{TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7), + TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb)}, + {TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976), + TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609)}}, + {{TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90), + TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3)}, + {TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2), + TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec)}}, + {{TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43), + TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af)}, + {TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538), + TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6)}}, + {{TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79), + TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4)}, + {TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225), + TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153)}}, + {{TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99), + TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8)}, + {TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f), + TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10)}}, + {{TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864), + TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822)}, + {TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92), + TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87)}}, + {{TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1), + TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f)}, + {TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3), + TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba)}}, + {{TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917), + TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8)}, + {TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf), + TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234)}}, + {{TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1), + TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e)}, + {TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb), + TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f)}}, + {{TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43), + TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94)}, + {TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3), + TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a)}}, + {{TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d), + TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf)}, + {TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129), + TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7)}}, + {{TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4), + TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13)}, + {TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137), + TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85)}}, + {{TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390), + TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9)}, + {TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06), + TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331)}}, + {{TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50), + TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f)}, + {TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5), + TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77)}}, + {{TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2), + TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17)}, + {TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2), + TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76)}}, + {{TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc), + TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722)}, + {TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b), + TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba)}}, + {{TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b), + TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c)}, + {TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8), + TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855)}}, + {{TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73), + TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793)}, + {TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd), + TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07)}}, + {{TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749), + TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b)}, + {TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55), + TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b)}}, + {{TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e), + TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f)}, + {TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2), + TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80)}}, + {{TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114), + TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760)}, + {TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f), + TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d)}}, + {{TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c), + TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a)}, + {TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5), + TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14)}}, + {{TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649), + TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd)}, + {TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5), + TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523)}}, + {{TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92), + TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa)}, + {TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934), + TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50)}}, + {{TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05), + TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f)}, + {TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32), + TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef)}}, + {{TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e), + TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6)}, + {TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1), + TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207)}}, + {{TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c), + TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043)}, + {TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0), + TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391)}}, + {{TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da), + TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545)}, + {TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92), + TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5)}}, + {{TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7), + TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1)}, + {TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b), + TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71)}}, + {{TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18), + TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a)}, + {TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c), + TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a)}}, + {{TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0), + TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95)}, + {TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee), + TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55)}}, + {{TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc), + TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21)}, + {TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f), + TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44)}}, + {{TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea), + TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06)}, + {TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48), + TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d)}}, + {{TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4), + TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52)}, + {TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840), + TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf)}}, + {{TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32), + TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd)}, + {TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b), + TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6)}}, + {{TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958), + TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658)}, + {TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1), + TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab)}}, + {{TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7), + TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656)}, + {TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945), + TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de)}}, + {{TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd), + TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984)}, + {TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09), + TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c)}}, + {{TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e), + TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156)}, + {TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f), + TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd)}}, + {{TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca), + TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36)}, + {TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af), + TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0)}}, + {{TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035), + TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3)}, + {TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc), + TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)}}}, + {{{TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6), + TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829)}, + {TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8), + TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca)}}, + {{TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e), + TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db)}, + {TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3), + TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c)}}, + {{TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b), + TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a)}, + {TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042), + TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f)}}, + {{TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f), + TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e)}, + {TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509), + TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837)}}, + {{TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758), + TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68)}, + {TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5), + TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453)}}, + {{TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6), + TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4)}, + {TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881), + TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6)}}, + {{TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f), + TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89)}, + {TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34), + TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50)}}, + {{TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea), + TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed)}, + {TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6), + TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082)}}, + {{TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e), + TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10)}, + {TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9), + TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a)}}, + {{TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783), + TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8)}, + {TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60), + TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a)}}, + {{TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e), + TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346)}, + {TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9), + TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b)}}, + {{TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3), + TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7)}, + {TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef), + TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3)}}, + {{TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc), + TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9)}, + {TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e), + TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52)}}, + {{TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544), + TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f)}, + {TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d), + TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e)}}, + {{TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755), + TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d)}, + {TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5), + TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f)}}, + {{TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3), + TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142)}, + {TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942), + TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4)}}, + {{TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7), + TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0)}, + {TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e), + TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864)}}, + {{TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024), + TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d)}, + {TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279), + TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab)}}, + {{TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19), + TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc)}, + {TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d), + TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940)}}, + {{TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea), + TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d)}, + {TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b), + TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821)}}, + {{TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b), + TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d)}, + {TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2), + TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d)}}, + {{TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18), + TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8)}, + {TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246), + TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7)}}, + {{TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1), + TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006)}, + {TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d), + TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20)}}, + {{TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318), + TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a)}, + {TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb), + TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b)}}, + {{TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f), + TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9)}, + {TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88), + TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3)}}, + {{TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221), + TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb)}, + {TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84), + TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f)}}, + {{TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267), + TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397)}, + {TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f), + TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec)}}, + {{TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373), + TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7)}, + {TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead), + TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b)}}, + {{TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032), + TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db)}, + {TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460), + TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3)}}, + {{TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e), + TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124)}, + {TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069), + TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431)}}, + {{TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431), + TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b)}, + {TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57), + TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460)}}, + {{TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869), + TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc)}, + {TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49), + TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251)}}, + {{TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205), + TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149)}, + {TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33), + TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e)}}, + {{TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40), + TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292)}, + {TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4), + TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6)}}, + {{TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79), + TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d)}, + {TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd), + TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968)}}, + {{TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c), + TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280)}, + {TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe), + TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac)}}, + {{TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305), + TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8)}, + {TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010), + TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae)}}, + {{TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13), + TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed)}, + {TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65), + TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee)}}, + {{TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd), + TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257)}, + {TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65), + TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d)}}, + {{TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750), + TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7)}, + {TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251), + TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28)}}, + {{TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea), + TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e)}, + {TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af), + TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b)}}, + {{TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa), + TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582)}, + {TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468), + TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0)}}, + {{TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2), + TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed)}, + {TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0), + TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7)}}, + {{TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426), + TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241)}, + {TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace), + TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885)}}, + {{TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2), + TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8)}, + {TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd), + TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab)}}, + {{TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533), + TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd)}, + {TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1), + TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95)}}, + {{TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff), + TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71)}, + {TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e), + TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba)}}, + {{TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734), + TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9)}, + {TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703), + TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953)}}, + {{TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d), + TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5)}, + {TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1), + TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c)}}, + {{TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da), + TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311)}, + {TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f), + TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0)}}, + {{TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877), + TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352)}, + {TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba), + TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8)}}, + {{TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27), + TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd)}, + {TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f), + TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16)}}, + {{TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0), + TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e)}, + {TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136), + TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f)}}, + {{TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7), + TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4)}, + {TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca), + TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42)}}, + {{TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6), + TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1)}, + {TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed), + TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301)}}, + {{TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b), + TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02)}, + {TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720), + TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef)}}, + {{TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e), + TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7)}, + {TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795), + TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900)}}, + {{TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd), + TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54)}, + {TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa), + TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32)}}, + {{TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db), + TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c)}, + {TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff), + TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544)}}, + {{TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892), + TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc)}, + {TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c), + TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e)}}, + {{TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948), + TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37)}, + {TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65), + TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141)}}, + {{TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a), + TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f)}, + {TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8), + TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9)}}, + {{TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d), + TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe)}, + {TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1), + TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805)}}, + {{TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952), + TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37)}, + {TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b), + TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)}}}, + {{{TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206), + TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec)}, + {TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3), + TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c)}}, + {{TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5), + TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529)}, + {TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80), + TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be)}}, + {{TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c), + TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436)}, + {TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4), + TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a)}}, + {{TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc), + TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc)}, + {TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56), + TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba)}}, + {{TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74), + TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439)}, + {TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a), + TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158)}}, + {{TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e), + TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4)}, + {TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a), + TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321)}}, + {{TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493), + TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c)}, + {TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9), + TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b)}}, + {{TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb), + TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f)}, + {TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca), + TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3)}}, + {{TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27), + TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6)}, + {TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5), + TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d)}}, + {{TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7), + TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4)}, + {TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0), + TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080)}}, + {{TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b), + TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc)}, + {TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186), + TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610)}}, + {{TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3), + TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297)}, + {TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7), + TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76)}}, + {{TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef), + TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521)}, + {TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da), + TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370)}}, + {{TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146), + TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5)}, + {TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980), + TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de)}}, + {{TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8), + TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519)}, + {TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f), + TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f)}}, + {{TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0), + TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9)}, + {TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917), + TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3)}}, + {{TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358), + TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a)}, + {TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61), + TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207)}}, + {{TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c), + TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60)}, + {TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca), + TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493)}}, + {{TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0), + TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d)}, + {TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24), + TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01)}}, + {{TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665), + TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839)}, + {TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b), + TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0)}}, + {{TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09), + TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c)}, + {TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6), + TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4)}}, + {{TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484), + TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31)}, + {TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9), + TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9)}}, + {{TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7), + TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4)}, + {TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324), + TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d)}}, + {{TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e), + TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43)}, + {TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5), + TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60)}}, + {{TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba), + TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376)}, + {TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a), + TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d)}}, + {{TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551), + TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba)}, + {TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628), + TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108)}}, + {{TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9), + TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510)}, + {TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742), + TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207)}}, + {{TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4), + TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9)}, + {TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32), + TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4)}}, + {{TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753), + TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f)}, + {TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f), + TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d)}}, + {{TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20), + TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975)}, + {TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b), + TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b)}}, + {{TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7), + TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a)}, + {TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade), + TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b)}}, + {{TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620), + TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6)}, + {TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44), + TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c)}}, + {{TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585), + TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d)}, + {TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930), + TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a)}}, + {{TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493), + TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502)}, + {TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed), + TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58)}}, + {{TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b), + TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788)}, + {TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669), + TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865)}}, + {{TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3), + TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d)}, + {TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63), + TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e)}}, + {{TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42), + TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5)}, + {TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07), + TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129)}}, + {{TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93), + TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f)}, + {TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f), + TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1)}}, + {{TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b), + TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91)}, + {TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca), + TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824)}}, + {{TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522), + TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61)}, + {TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b), + TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2)}}, + {{TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c), + TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e)}, + {TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02), + TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631)}}, + {{TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d), + TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432)}, + {TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea), + TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb)}}, + {{TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522), + TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec)}, + {TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e), + TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7)}}, + {{TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076), + TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5)}, + {TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef), + TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad)}}, + {{TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf), + TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3)}, + {TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527), + TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0)}}, + {{TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde), + TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4)}, + {TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d), + TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650)}}, + {{TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a), + TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265)}, + {TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176), + TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e)}}, + {{TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1), + TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7)}, + {TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132), + TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025)}}, + {{TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76), + TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e)}, + {TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2), + TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b)}}, + {{TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea), + TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b)}, + {TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81), + TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375)}}, + {{TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65), + TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a)}, + {TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d), + TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5)}}, + {{TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20), + TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f)}, + {TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03), + TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82)}}, + {{TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f), + TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122)}, + {TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a), + TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88)}}, + {{TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e), + TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431)}, + {TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7), + TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c)}}, + {{TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb), + TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71)}, + {TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d), + TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68)}}, + {{TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85), + TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f)}, + {TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928), + TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514)}}, + {{TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd), + TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1)}, + {TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07), + TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c)}}, + {{TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573), + TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f)}, + {TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403), + TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728)}}, + {{TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43), + TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b)}, + {TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c), + TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2)}}, + {{TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8), + TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904)}, + {TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065), + TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6)}}, + {{TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0), + TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588)}, + {TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73), + TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493)}}, + {{TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3), + TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9)}, + {TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58), + TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314)}}, + {{TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a), + TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288)}, + {TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26), + TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3)}}, + {{TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5), + TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967)}, + {TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6), + TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)}}}, + {{{TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366), + TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5)}, + {TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576), + TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7)}}, + {{TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957), + TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4)}, + {TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682), + TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae)}}, + {{TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf), + TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9)}, + {TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4), + TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402)}}, + {{TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06), + TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381)}, + {TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b), + TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa)}}, + {{TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784), + TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228)}, + {TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118), + TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e)}}, + {{TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550), + TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048)}, + {TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7), + TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d)}}, + {{TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5), + TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f)}, + {TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68), + TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3)}}, + {{TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67), + TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0)}, + {TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19), + TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077)}}, + {{TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494), + TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4)}, + {TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7), + TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67)}}, + {{TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6), + TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8)}, + {TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27), + TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0)}}, + {{TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096), + TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d)}, + {TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21), + TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb)}}, + {{TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2), + TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc)}, + {TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c), + TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84)}}, + {{TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a), + TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b)}, + {TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0), + TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69)}}, + {{TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937), + TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3)}, + {TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422), + TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6)}}, + {{TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06), + TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce)}, + {TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598), + TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05)}}, + {{TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d), + TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08)}, + {TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158), + TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4)}}, + {{TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221), + TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85)}, + {TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5), + TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284)}}, + {{TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2), + TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73)}, + {TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90), + TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3)}}, + {{TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e), + TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a)}, + {TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80), + TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e)}}, + {{TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4), + TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064)}, + {TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab), + TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02)}}, + {{TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7), + TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc)}, + {TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1), + TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c)}}, + {{TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb), + TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8)}, + {TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe), + TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b)}}, + {{TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736), + TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0)}, + {TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83), + TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393)}}, + {{TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b), + TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae)}, + {TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5), + TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30)}}, + {{TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3), + TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a)}, + {TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066), + TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e)}}, + {{TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3), + TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf)}, + {TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6), + TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289)}}, + {{TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684), + TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5)}, + {TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e), + TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c)}}, + {{TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0), + TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f)}, + {TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2), + TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7)}}, + {{TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a), + TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45)}, + {TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9), + TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5)}}, + {{TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531), + TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af)}, + {TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f), + TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e)}}, + {{TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db), + TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7)}, + {TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073), + TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa)}}, + {{TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87), + TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f)}, + {TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace), + TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58)}}, + {{TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9), + TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41)}, + {TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f), + TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59)}}, + {{TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0), + TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961)}, + {TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c), + TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225)}}, + {{TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef), + TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734)}, + {TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6), + TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6)}}, + {{TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06), + TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08)}, + {TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de), + TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff)}}, + {{TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe), + TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e)}, + {TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee), + TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056)}}, + {{TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0), + TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709)}, + {TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0), + TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a)}}, + {{TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a), + TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d)}, + {TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6), + TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a)}}, + {{TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32), + TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d)}, + {TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a), + TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870)}}, + {{TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653), + TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea)}, + {TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc), + TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf)}}, + {{TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4), + TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390)}, + {TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc), + TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88)}}, + {{TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041), + TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe)}, + {TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0), + TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020)}}, + {{TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079), + TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662)}, + {TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53), + TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d)}}, + {{TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b), + TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c)}, + {TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c), + TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251)}}, + {{TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7), + TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238)}, + {TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce), + TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e)}}, + {{TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c), + TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592)}, + {TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8), + TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08)}}, + {{TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7), + TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7)}, + {TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc), + TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13)}}, + {{TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c), + TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63)}, + {TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea), + TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26)}}, + {{TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1), + TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa)}, + {TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483), + TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c)}}, + {{TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea), + TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103)}, + {TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4), + TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d)}}, + {{TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61), + TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80)}, + {TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e), + TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88)}}, + {{TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3), + TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10)}, + {TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69), + TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413)}}, + {{TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475), + TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4)}, + {TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d), + TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e)}}, + {{TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac), + TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553)}, + {TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290), + TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732)}}, + {{TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f), + TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46)}, + {TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486), + TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a)}}, + {{TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392), + TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b)}, + {TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa), + TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6)}}, + {{TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475), + TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644)}, + {TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3), + TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17)}}, + {{TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44), + TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688)}, + {TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b), + TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c)}}, + {{TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958), + TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea)}, + {TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb), + TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb)}}, + {{TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a), + TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50)}, + {TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588), + TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4)}}, + {{TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420), + TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6)}, + {TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2), + TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd)}}, + {{TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4), + TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82)}, + {TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8), + TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a)}}, + {{TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20), + TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8)}, + {TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27), + TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)}}}, + {{{TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350), + TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e)}, + {TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b), + TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78)}}, + {{TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c), + TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893)}, + {TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3), + TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07)}}, + {{TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325), + TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3)}, + {TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64), + TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614)}}, + {{TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63), + TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b)}, + {TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71), + TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f)}}, + {{TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2), + TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad)}, + {TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498), + TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3)}}, + {{TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6), + TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24)}, + {TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb), + TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4)}}, + {{TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b), + TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17)}, + {TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621), + TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c)}}, + {{TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef), + TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39)}, + {TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665), + TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69)}}, + {{TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9), + TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0)}, + {TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0), + TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8)}}, + {{TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1), + TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe)}, + {TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c), + TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615)}}, + {{TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef), + TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba)}, + {TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030), + TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725)}}, + {{TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362), + TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990)}, + {TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd), + TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca)}}, + {{TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581), + TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5)}, + {TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51), + TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76)}}, + {{TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97), + TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd)}, + {TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b), + TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715)}}, + {{TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51), + TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b)}, + {TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3), + TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924)}}, + {{TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49), + TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4)}, + {TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb), + TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d)}}, + {{TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369), + TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae)}, + {TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1), + TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed)}}, + {{TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3), + TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac)}, + {TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933), + TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369)}}, + {{TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13), + TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6)}, + {TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956), + TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a)}}, + {{TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c), + TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55)}, + {TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e), + TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5)}}, + {{TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a), + TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72)}, + {TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0), + TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704)}}, + {{TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0), + TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e)}, + {TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092), + TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2)}}, + {{TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164), + TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0)}, + {TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f), + TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b)}}, + {{TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b), + TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512)}, + {TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b), + TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd)}}, + {{TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e), + TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32)}, + {TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963), + TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a)}}, + {{TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48), + TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a)}, + {TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a), + TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2)}}, + {{TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925), + TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd)}, + {TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c), + TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae)}}, + {{TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b), + TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a)}, + {TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb), + TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504)}}, + {{TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34), + TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f)}, + {TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1), + TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51)}}, + {{TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9), + TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867)}, + {TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac), + TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85)}}, + {{TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee), + TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6)}, + {TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c), + TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b)}}, + {{TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241), + TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df)}, + {TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0), + TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b)}}, + {{TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034), + TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6)}, + {TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e), + TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0)}}, + {{TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb), + TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111)}, + {TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7), + TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f)}}, + {{TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e), + TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02)}, + {TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b), + TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d)}}, + {{TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d), + TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5)}, + {TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2), + TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc)}}, + {{TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c), + TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384)}, + {TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752), + TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0)}}, + {{TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc), + TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc)}, + {TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062), + TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7)}}, + {{TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8), + TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d)}, + {TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8), + TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19)}}, + {{TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf), + TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536)}, + {TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837), + TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740)}}, + {{TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7), + TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7)}, + {TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a), + TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab)}}, + {{TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8), + TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b)}, + {TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef), + TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75)}}, + {{TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72), + TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0)}, + {TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79), + TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151)}}, + {{TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21), + TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a)}, + {TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc), + TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b)}}, + {{TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f), + TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552)}, + {TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb), + TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8)}}, + {{TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95), + TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be)}, + {TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387), + TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a)}}, + {{TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de), + TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3)}, + {TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e), + TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7)}}, + {{TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57), + TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706)}, + {TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d), + TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5)}}, + {{TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7), + TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6)}, + {TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d), + TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7)}}, + {{TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f), + TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db)}, + {TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291), + TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8)}}, + {{TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080), + TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02)}, + {TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12), + TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc)}}, + {{TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397), + TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4)}, + {TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba), + TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a)}}, + {{TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd), + TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180)}, + {TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678), + TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf)}}, + {{TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f), + TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b)}, + {TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a), + TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9)}}, + {{TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c), + TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd)}, + {TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011), + TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c)}}, + {{TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde), + TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0)}, + {TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357), + TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6)}}, + {{TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719), + TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe)}, + {TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996), + TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e)}}, + {{TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3), + TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec)}, + {TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44), + TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335)}}, + {{TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba), + TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686)}, + {TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e), + TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51)}}, + {{TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c), + TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f)}, + {TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b), + TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b)}}, + {{TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792), + TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89)}, + {TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2), + TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705)}}, + {{TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3), + TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734)}, + {TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3), + TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41)}}, + {{TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075), + TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb)}, + {TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d), + TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643)}}, + {{TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83), + TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588)}, + {TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127), + TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)}}}, + {{{TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c), + TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698)}, + {TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81), + TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d)}}, + {{TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7), + TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724)}, + {TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac), + TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e)}}, + {{TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0), + TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd)}, + {TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031), + TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73)}}, + {{TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e), + TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9)}, + {TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a), + TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695)}}, + {{TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466), + TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b)}, + {TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15), + TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357)}}, + {{TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97), + TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d)}, + {TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6), + TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8)}}, + {{TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da), + TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c)}, + {TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8), + TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07)}}, + {{TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0), + TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2)}, + {TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5), + TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0)}}, + {{TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c), + TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e)}, + {TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07), + TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1)}}, + {{TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8), + TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05)}, + {TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b), + TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b)}}, + {{TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8), + TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b)}, + {TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821), + TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a)}}, + {{TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc), + TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd)}, + {TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f), + TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6)}}, + {{TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461), + TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47)}, + {TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04), + TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc)}}, + {{TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4), + TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f)}, + {TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040), + TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1)}}, + {{TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564), + TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619)}, + {TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a), + TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f)}}, + {{TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b), + TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a)}, + {TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560), + TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd)}}, + {{TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a), + TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62)}, + {TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880), + TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b)}}, + {{TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943), + TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894)}, + {TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f), + TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c)}}, + {{TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290), + TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6)}, + {TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f), + TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d)}}, + {{TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c), + TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e)}, + {TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342), + TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d)}}, + {{TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078), + TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645)}, + {TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e), + TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c)}}, + {{TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9), + TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8)}, + {TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7), + TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c)}}, + {{TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596), + TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499)}, + {TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b), + TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c)}}, + {{TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a), + TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43)}, + {TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a), + TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b)}}, + {{TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0), + TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578)}, + {TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f), + TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442)}}, + {{TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17), + TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0)}, + {TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271), + TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70)}}, + {{TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f), + TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1)}, + {TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93), + TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3)}}, + {{TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232), + TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf)}, + {TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4), + TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a)}}, + {{TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17), + TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168)}, + {TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d), + TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1)}}, + {{TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811), + TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a)}, + {TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0), + TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089)}}, + {{TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682), + TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456)}, + {TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b), + TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12)}}, + {{TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69), + TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8)}, + {TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e), + TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5)}}, + {{TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d), + TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb)}, + {TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1), + TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146)}}, + {{TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c), + TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e)}, + {TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6), + TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004)}}, + {{TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9), + TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052)}, + {TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219), + TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c)}}, + {{TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd), + TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e)}, + {TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a), + TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156)}}, + {{TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b), + TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa)}, + {TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9), + TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125)}}, + {{TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3), + TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21)}, + {TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643), + TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6)}}, + {{TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb), + TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec)}, + {TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac), + TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f)}}, + {{TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d), + TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62)}, + {TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2), + TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49)}}, + {{TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044), + TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714)}, + {TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1), + TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d)}}, + {{TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d), + TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5)}, + {TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73), + TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b)}}, + {{TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb), + TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490)}, + {TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d), + TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1)}}, + {{TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6), + TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db)}, + {TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44), + TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd)}}, + {{TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee), + TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c)}, + {TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a), + TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc)}}, + {{TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726), + TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02)}, + {TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692), + TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8)}}, + {{TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b), + TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7)}, + {TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22), + TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6)}}, + {{TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5), + TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff)}, + {TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0), + TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66)}}, + {{TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c), + TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729)}, + {TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da), + TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1)}}, + {{TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049), + TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822)}, + {TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40), + TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2)}}, + {{TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469), + TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8)}, + {TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14), + TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3)}}, + {{TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18), + TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040)}, + {TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d), + TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7)}}, + {{TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7), + TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87)}, + {TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988), + TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98)}}, + {{TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3), + TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558)}, + {TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1), + TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693)}}, + {{TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363), + TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da)}, + {TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e), + TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e)}}, + {{TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9), + TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e)}, + {TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10), + TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db)}}, + {{TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e), + TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd)}, + {TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9), + TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd)}}, + {{TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083), + TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab)}, + {TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4), + TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face)}}, + {{TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd), + TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb)}, + {TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d), + TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df)}}, + {{TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3), + TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2)}, + {TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8), + TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f)}}, + {{TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d), + TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340)}, + {TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0), + TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68)}}, + {{TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df), + TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce)}, + {TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d), + TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e)}}, + {{TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288), + TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc)}, + {TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274), + TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea)}}, + {{TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410), + TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58)}, + {TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b), + TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)}}}, + {{{TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686), + TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54)}, + {TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964), + TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a)}}, + {{TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef), + TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0)}, + {TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717), + TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6)}}, + {{TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729), + TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4)}, + {TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05), + TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a)}}, + {{TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf), + TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87)}, + {TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264), + TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb)}}, + {{TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94), + TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00)}, + {TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0), + TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd)}}, + {{TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84), + TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72)}, + {TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1), + TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d)}}, + {{TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b), + TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e)}, + {TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca), + TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7)}}, + {{TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624), + TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346)}, + {TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3), + TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b)}}, + {{TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620), + TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510)}, + {TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac), + TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4)}}, + {{TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4), + TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a)}, + {TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627), + TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326)}}, + {{TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e), + TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727)}, + {TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2), + TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc)}}, + {{TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223), + TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d)}, + {TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168), + TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299)}}, + {{TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934), + TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6)}, + {TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028), + TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29)}}, + {{TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108), + TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5)}, + {TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140), + TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2)}}, + {{TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63), + TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972)}, + {TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42), + TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474)}}, + {{TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9), + TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20)}, + {TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2), + TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16)}}, + {{TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6), + TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b)}, + {TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a), + TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284)}}, + {{TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80), + TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be)}, + {TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd), + TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9)}}, + {{TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0), + TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517)}, + {TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7), + TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a)}}, + {{TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27), + TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01)}, + {TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6), + TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86)}}, + {{TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27), + TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb)}, + {TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6), + TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0)}}, + {{TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f), + TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804)}, + {TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592), + TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e)}}, + {{TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab), + TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11)}, + {TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95), + TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49)}}, + {{TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0), + TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616)}, + {TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c), + TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96)}}, + {{TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652), + TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d)}, + {TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10), + TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f)}}, + {{TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144), + TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf)}, + {TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417), + TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c)}}, + {{TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66), + TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291)}, + {TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e), + TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a)}}, + {{TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229), + TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3)}, + {TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef), + TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549)}}, + {{TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032), + TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b)}, + {TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575), + TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771)}}, + {{TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e), + TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344)}, + {TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae), + TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188)}}, + {{TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91), + TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958)}, + {TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598), + TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6)}}, + {{TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496), + TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813)}, + {TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d), + TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782)}}, + {{TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02), + TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a)}, + {TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410), + TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2)}}, + {{TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c), + TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c)}, + {TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8), + TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18)}}, + {{TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b), + TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da)}, + {TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8), + TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88)}}, + {{TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4), + TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d)}, + {TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac), + TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1)}}, + {{TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e), + TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826)}, + {TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215), + TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86)}}, + {{TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333), + TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546)}, + {TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7), + TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb)}}, + {{TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749), + TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5)}, + {TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b), + TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26)}}, + {{TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b), + TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f)}, + {TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981), + TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c)}}, + {{TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760), + TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551)}, + {TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1), + TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5)}}, + {{TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f), + TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef)}, + {TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df), + TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150)}}, + {{TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214), + TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c)}, + {TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e), + TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31)}}, + {{TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393), + TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6)}, + {TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be), + TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022)}}, + {{TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65), + TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236)}, + {TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188), + TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a)}}, + {{TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d), + TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db)}, + {TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349), + TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f)}}, + {{TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697), + TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7)}, + {TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3), + TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45)}}, + {{TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401), + TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21)}, + {TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1), + TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b)}}, + {{TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb), + TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de)}, + {TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388), + TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde)}}, + {{TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9), + TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db)}, + {TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c), + TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0)}}, + {{TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342), + TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987)}, + {TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb), + TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86)}}, + {{TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74), + TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0)}, + {TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce), + TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e)}}, + {{TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6), + TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8)}, + {TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620), + TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13)}}, + {{TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821), + TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060)}, + {TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901), + TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286)}}, + {{TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7), + TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324)}, + {TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012), + TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4)}}, + {{TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2), + TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286)}, + {TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160), + TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a)}}, + {{TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d), + TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d)}, + {TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057), + TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b)}}, + {{TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf), + TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64)}, + {TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b), + TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635)}}, + {{TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091), + TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985)}, + {TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6), + TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27)}}, + {{TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b), + TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e)}, + {TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32), + TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393)}}, + {{TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5), + TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94)}, + {TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357), + TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b)}}, + {{TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1), + TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9)}, + {TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af), + TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913)}}, + {{TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e), + TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21)}, + {TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659), + TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8)}}, + {{TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2), + TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d)}, + {TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef), + TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)}}}, + {{{TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8), + TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8)}, + {TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98), + TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02)}}, + {{TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499), + TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f)}, + {TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192), + TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b)}}, + {{TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869), + TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e)}, + {TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411), + TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d)}}, + {{TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a), + TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7)}, + {TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426), + TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173)}}, + {{TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74), + TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102)}, + {TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2), + TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d)}}, + {{TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7), + TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012)}, + {TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21), + TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae)}}, + {{TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e), + TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9)}, + {TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652), + TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4)}}, + {{TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770), + TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c)}, + {TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b), + TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68)}}, + {{TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69), + TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868)}, + {TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54), + TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d)}}, + {{TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b), + TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc)}, + {TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208), + TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6)}}, + {{TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc), + TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b)}, + {TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8), + TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf)}}, + {{TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce), + TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3)}, + {TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0), + TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158)}}, + {{TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d), + TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1)}, + {TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e), + TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67)}}, + {{TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61), + TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e)}, + {TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875), + TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0)}}, + {{TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94), + TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e)}, + {TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822), + TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0)}}, + {{TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b), + TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd)}, + {TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f), + TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca)}}, + {{TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247), + TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433)}, + {TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8), + TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11)}}, + {{TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741), + TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a)}, + {TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6), + TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834)}}, + {{TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938), + TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd)}, + {TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35), + TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31)}}, + {{TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f), + TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403)}, + {TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4), + TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e)}}, + {{TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e), + TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541)}, + {TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02), + TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3)}}, + {{TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf), + TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9)}, + {TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52), + TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc)}}, + {{TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b), + TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72)}, + {TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70), + TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12)}}, + {{TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1), + TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e)}, + {TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2), + TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28)}}, + {{TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd), + TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163)}, + {TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce), + TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e)}}, + {{TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3), + TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe)}, + {TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a), + TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e)}}, + {{TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98), + TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1)}, + {TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700), + TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a)}}, + {{TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971), + TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939)}, + {TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2), + TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263)}}, + {{TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7), + TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3)}, + {TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2), + TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5)}}, + {{TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09), + TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f)}, + {TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392), + TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da)}}, + {{TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665), + TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0)}, + {TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c), + TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2)}}, + {{TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe), + TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9)}, + {TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097), + TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636)}}, + {{TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f), + TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76)}, + {TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7), + TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294)}}, + {{TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62), + TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f)}, + {TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d), + TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063)}}, + {{TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b), + TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b)}, + {TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42), + TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c)}}, + {{TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e), + TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab)}, + {TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52), + TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39)}}, + {{TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91), + TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae)}, + {TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b), + TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d)}}, + {{TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588), + TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da)}, + {TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1), + TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9)}}, + {{TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35), + TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22)}, + {TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081), + TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80)}}, + {{TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2), + TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec)}, + {TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7), + TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f)}}, + {{TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66), + TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83)}, + {TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce), + TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf)}}, + {{TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902), + TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32)}, + {TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660), + TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d)}}, + {{TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d), + TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0)}, + {TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46), + TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef)}}, + {{TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9), + TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec)}, + {TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be), + TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f)}}, + {{TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293), + TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1)}, + {TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0), + TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115)}}, + {{TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c), + TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd)}, + {TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d), + TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8)}}, + {{TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419), + TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2)}, + {TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234), + TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb)}}, + {{TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350), + TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128)}, + {TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf), + TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362)}}, + {{TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b), + TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e)}, + {TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573), + TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958)}}, + {{TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595), + TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842)}, + {TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a), + TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d)}}, + {{TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171), + TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29)}, + {TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6), + TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc)}}, + {{TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779), + TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31)}, + {TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a), + TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a)}}, + {{TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd), + TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5)}, + {TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d), + TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f)}}, + {{TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274), + TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3)}, + {TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9), + TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87)}}, + {{TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1), + TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033)}, + {TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3), + TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af)}}, + {{TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da), + TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd)}, + {TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391), + TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d)}}, + {{TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a), + TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13)}, + {TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05), + TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e)}}, + {{TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7), + TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d)}, + {TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4), + TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac)}}, + {{TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38), + TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f)}, + {TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f), + TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092)}}, + {{TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70), + TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac)}, + {TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31), + TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f)}}, + {{TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461), + TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073)}, + {TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811), + TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851)}}, + {{TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418), + TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027)}, + {TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330), + TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df)}}, + {{TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f), + TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7)}, + {TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0), + TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e)}}, + {{TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868), + TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea)}, + {TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff), + TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)}}}, + {{{TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb), + TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81)}, + {TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a), + TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522)}}, + {{TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd), + TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c)}, + {TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea), + TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9)}}, + {{TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf), + TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e)}, + {TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4), + TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537)}}, + {{TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f), + TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc)}, + {TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205), + TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de)}}, + {{TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab), + TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff)}, + {TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8), + TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b)}}, + {{TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3), + TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f)}, + {TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524), + TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1)}}, + {{TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8), + TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa)}, + {TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8), + TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474)}}, + {{TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549), + TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa)}, + {TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd), + TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985)}}, + {{TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa), + TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8)}, + {TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5), + TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf)}}, + {{TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c), + TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd)}, + {TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb), + TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5)}}, + {{TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c), + TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e)}, + {TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca), + TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7)}}, + {{TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958), + TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d)}, + {TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a), + TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b)}}, + {{TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e), + TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5)}, + {TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7), + TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a)}}, + {{TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8), + TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392)}, + {TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4), + TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd)}}, + {{TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c), + TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744)}, + {TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459), + TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b)}}, + {{TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379), + TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e)}, + {TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483), + TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa)}}, + {{TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9), + TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f)}, + {TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a), + TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398)}}, + {{TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16), + TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1)}, + {TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5), + TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349)}}, + {{TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d), + TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0)}, + {TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d), + TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9)}}, + {{TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe), + TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c)}, + {TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4), + TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f)}}, + {{TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754), + TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3)}, + {TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a), + TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852)}}, + {{TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac), + TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9)}, + {TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa), + TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323)}}, + {{TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455), + TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411)}, + {TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435), + TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e)}}, + {{TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18), + TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495)}, + {TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400), + TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0)}}, + {{TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210), + TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70)}, + {TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42), + TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a)}}, + {{TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773), + TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b)}, + {TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832), + TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3)}}, + {{TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97), + TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01)}, + {TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5), + TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281)}}, + {{TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc), + TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0)}, + {TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c), + TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6)}}, + {{TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be), + TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1)}, + {TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e), + TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96)}}, + {{TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45), + TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e)}, + {TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1), + TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46)}}, + {{TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863), + TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8)}, + {TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2), + TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024)}}, + {{TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb), + TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d)}, + {TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4), + TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7)}}, + {{TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148), + TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40)}, + {TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d), + TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201)}}, + {{TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41), + TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016)}, + {TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e), + TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1)}}, + {{TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88), + TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b)}, + {TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443), + TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2)}}, + {{TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4), + TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e)}, + {TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57), + TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac)}}, + {{TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b), + TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29)}, + {TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79), + TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031)}}, + {{TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a), + TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b)}, + {TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752), + TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2)}}, + {{TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d), + TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13)}, + {TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6), + TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e)}}, + {{TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165), + TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9)}, + {TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e), + TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561)}}, + {{TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40), + TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da)}, + {TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02), + TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3)}}, + {{TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b), + TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639)}, + {TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8), + TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab)}}, + {{TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10), + TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd)}, + {TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b), + TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8)}}, + {{TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66), + TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40)}, + {TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd), + TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b)}}, + {{TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb), + TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442)}, + {TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0), + TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628)}}, + {{TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be), + TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2)}, + {TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d), + TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca)}}, + {{TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed), + TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06)}, + {TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57), + TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2)}}, + {{TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7), + TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435)}, + {TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3), + TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78)}}, + {{TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c), + TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57)}, + {TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f), + TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c)}}, + {{TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5), + TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f)}, + {TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7), + TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf)}}, + {{TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c), + TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8)}, + {TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12), + TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a)}}, + {{TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919), + TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5)}, + {TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154), + TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1)}}, + {{TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285), + TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7)}, + {TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c), + TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517)}}, + {{TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523), + TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00)}, + {TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63), + TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946)}}, + {{TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1), + TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60)}, + {TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d), + TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d)}}, + {{TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438), + TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507)}, + {TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2), + TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd)}}, + {{TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3), + TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126)}, + {TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba), + TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569)}}, + {{TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b), + TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321)}, + {TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff), + TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731)}}, + {{TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd), + TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b)}, + {TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1), + TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041)}}, + {{TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7), + TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6)}, + {TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6), + TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b)}}, + {{TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5), + TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823)}, + {TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5), + TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1)}}, + {{TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306), + TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2)}, + {TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df), + TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8)}}, + {{TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18), + TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a)}, + {TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5), + TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa)}}, + {{TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640), + TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670)}, + {TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed), + TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)}}}, + {{{TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7), + TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e)}, + {TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d), + TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef)}}, + {{TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090), + TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124)}, + {TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3), + TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad)}}, + {{TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46), + TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505)}, + {TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33), + TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1)}}, + {{TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0), + TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec)}, + {TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00), + TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695)}}, + {{TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a), + TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1)}, + {TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1), + TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604)}}, + {{TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094), + TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33)}, + {TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773), + TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20)}}, + {{TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0), + TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc)}, + {TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5), + TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846)}}, + {{TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d), + TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9)}, + {TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2), + TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342)}}, + {{TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e), + TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f)}, + {TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb), + TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8)}}, + {{TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c), + TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef)}, + {TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485), + TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799)}}, + {{TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c), + TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a)}, + {TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374), + TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2)}}, + {{TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1), + TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f)}, + {TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0), + TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98)}}, + {{TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa), + TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe)}, + {TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568), + TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6)}}, + {{TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db), + TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39)}, + {TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed), + TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a)}}, + {{TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97), + TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe)}, + {TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116), + TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192)}}, + {{TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e), + TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201)}, + {TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66), + TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11)}}, + {{TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819), + TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709)}, + {TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671), + TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1)}}, + {{TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2), + TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a)}, + {TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9), + TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84)}}, + {{TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f), + TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a)}, + {TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e), + TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a)}}, + {{TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e), + TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0)}, + {TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f), + TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf)}}, + {{TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05), + TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596)}, + {TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674), + TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25)}}, + {{TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825), + TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e)}, + {TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6), + TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5)}}, + {{TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e), + TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de)}, + {TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7), + TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf)}}, + {{TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd), + TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad)}, + {TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced), + TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178)}}, + {{TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547), + TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96)}, + {TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0), + TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98)}}, + {{TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994), + TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa)}, + {TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa), + TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81)}}, + {{TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a), + TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148)}, + {TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab), + TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80)}}, + {{TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3), + TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb)}, + {TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41), + TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa)}}, + {{TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a), + TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a)}, + {TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd), + TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831)}}, + {{TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe), + TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6)}, + {TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810), + TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a)}}, + {{TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a), + TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054)}, + {TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9), + TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4)}}, + {{TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604), + TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb)}, + {TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff), + TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb)}}, + {{TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa), + TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d)}, + {TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c), + TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef)}}, + {{TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857), + TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a)}, + {TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6), + TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35)}}, + {{TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302), + TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe)}, + {TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f), + TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa)}}, + {{TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9), + TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a)}, + {TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515), + TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4)}}, + {{TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642), + TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf)}, + {TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3), + TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac)}}, + {{TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1), + TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196)}, + {TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77), + TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f)}}, + {{TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374), + TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6)}, + {TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131), + TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001)}}, + {{TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd), + TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115)}, + {TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617), + TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b)}}, + {{TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1), + TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a)}, + {TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c), + TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7)}}, + {{TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178), + TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770)}, + {TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a), + TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e)}}, + {{TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b), + TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f)}, + {TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef), + TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686)}}, + {{TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff), + TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee)}, + {TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2), + TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1)}}, + {{TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1), + TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7)}, + {TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9), + TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046)}}, + {{TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6), + TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5)}, + {TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644), + TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197)}}, + {{TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17), + TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253)}, + {TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be), + TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188)}}, + {{TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e), + TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf)}, + {TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397), + TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2)}}, + {{TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571), + TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1)}, + {TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9), + TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa)}}, + {{TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4), + TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb)}, + {TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575), + TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b)}}, + {{TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c), + TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af)}, + {TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a), + TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f)}}, + {{TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900), + TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958)}, + {TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7), + TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5)}}, + {{TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23), + TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051)}, + {TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0), + TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8)}}, + {{TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656), + TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4)}, + {TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16), + TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9)}}, + {{TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57), + TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0)}, + {TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817), + TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490)}}, + {{TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f), + TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6)}, + {TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637), + TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0)}}, + {{TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047), + TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44)}, + {TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b), + TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445)}}, + {{TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8), + TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503)}, + {TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71), + TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d)}}, + {{TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993), + TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47)}, + {TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203), + TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd)}}, + {{TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480), + TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733)}, + {TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9), + TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3)}}, + {{TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1), + TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce)}, + {TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa), + TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd)}}, + {{TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5), + TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358)}, + {TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b), + TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8)}}, + {{TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b), + TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562)}, + {TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b), + TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef)}}, + {{TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9), + TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3)}, + {TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952), + TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636)}}}, + {{{TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00), + TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28)}, + {TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949), + TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742)}}, + {{TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34), + TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5)}, + {TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc), + TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f)}}, + {{TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7), + TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3)}, + {TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c), + TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f)}}, + {{TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a), + TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620)}, + {TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa), + TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6)}}, + {{TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7), + TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999)}, + {TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c), + TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327)}}, + {{TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f), + TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb)}, + {TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d), + TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390)}}, + {{TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590), + TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d)}, + {TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8), + TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015)}}, + {{TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4), + TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6)}, + {TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3), + TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b)}}, + {{TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319), + TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e)}, + {TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3), + TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414)}}, + {{TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5), + TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e)}, + {TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a), + TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f)}}, + {{TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107), + TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159)}, + {TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567), + TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc)}}, + {{TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1), + TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b)}, + {TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f), + TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b)}}, + {{TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176), + TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e)}, + {TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547), + TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707)}}, + {{TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e), + TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d)}, + {TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909), + TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442)}}, + {{TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65), + TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b)}, + {TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90), + TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24)}}, + {{TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc), + TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f)}, + {TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35), + TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98)}}, + {{TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6), + TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1)}, + {TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182), + TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6)}}, + {{TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351), + TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491)}, + {TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e), + TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4)}}, + {{TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688), + TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4)}, + {TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc), + TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c)}}, + {{TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c), + TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4)}, + {TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e), + TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f)}}, + {{TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381), + TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7)}, + {TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150), + TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422)}}, + {{TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391), + TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035)}, + {TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe), + TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9)}}, + {{TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8), + TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7)}, + {TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c), + TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80)}}, + {{TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d), + TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e)}, + {TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9), + TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199)}}, + {{TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7), + TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1)}, + {TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829), + TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97)}}, + {{TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133), + TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba)}, + {TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139), + TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b)}}, + {{TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53), + TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60)}, + {TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff), + TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d)}}, + {{TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6), + TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305)}, + {TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249), + TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8)}}, + {{TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93), + TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4)}, + {TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f), + TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b)}}, + {{TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142), + TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5)}, + {TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e), + TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31)}}, + {{TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452), + TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca)}, + {TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289), + TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37)}}, + {{TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182), + TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f)}, + {TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d), + TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe)}}, + {{TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa), + TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409)}, + {TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a), + TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1)}}, + {{TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b), + TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf)}, + {TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215), + TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b)}}, + {{TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca), + TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79)}, + {TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1), + TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd)}}, + {{TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0), + TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06)}, + {TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6), + TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf)}}, + {{TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd), + TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb)}, + {TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683), + TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208)}}, + {{TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3), + TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7)}, + {TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db), + TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a)}}, + {{TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109), + TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32)}, + {TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25), + TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856)}}, + {{TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b), + TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c)}, + {TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac), + TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d)}}, + {{TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f), + TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4)}, + {TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1), + TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff)}}, + {{TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09), + TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc)}, + {TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781), + TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5)}}, + {{TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502), + TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8)}, + {TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123), + TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112)}}, + {{TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd), + TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3)}, + {TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770), + TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d)}}, + {{TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729), + TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b)}, + {TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f), + TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4)}}, + {{TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f), + TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26)}, + {TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9), + TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf)}}, + {{TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6), + TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59)}, + {TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce), + TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc)}}, + {{TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249), + TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d)}, + {TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f), + TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475)}}, + {{TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b), + TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb)}, + {TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103), + TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9)}}, + {{TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97), + TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674)}, + {TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46), + TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6)}}, + {{TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8), + TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337)}, + {TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8), + TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f)}}, + {{TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96), + TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56)}, + {TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639), + TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a)}}, + {{TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf), + TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051)}, + {TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab), + TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530)}}, + {{TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f), + TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96)}, + {TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff), + TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034)}}, + {{TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076), + TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b)}, + {TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071), + TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b)}}, + {{TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7), + TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44)}, + {TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9), + TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c)}}, + {{TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2), + TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1)}, + {TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b), + TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d)}}, + {{TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576), + TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95)}, + {TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c), + TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f)}}, + {{TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758), + TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016)}, + {TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3), + TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85)}}, + {{TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da), + TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3)}, + {TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e), + TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0)}}, + {{TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d), + TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b)}, + {TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f), + TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8)}}, + {{TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2), + TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b)}, + {TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe), + TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd)}}, + {{TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb), + TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b)}, + {TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a), + TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd)}}, + {{TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d), + TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3)}, + {TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a), + TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)}}}, + {{{TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d), + TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04)}, + {TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d), + TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152)}}, + {{TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7), + TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc)}, + {TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42), + TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036)}}, + {{TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e), + TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83)}, + {TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d), + TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3)}}, + {{TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed), + TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32)}, + {TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b), + TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc)}}, + {{TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747), + TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f)}, + {TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99), + TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a)}}, + {{TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc), + TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5)}, + {TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed), + TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533)}}, + {{TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1), + TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493)}, + {TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549), + TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5)}}, + {{TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04), + TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d)}, + {TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e), + TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44)}}, + {{TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5), + TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b)}, + {TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92), + TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e)}}, + {{TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61), + TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a)}, + {TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b), + TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253)}}, + {{TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f), + TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1)}, + {TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347), + TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b)}}, + {{TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7), + TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819)}, + {TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e), + TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6)}}, + {{TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4), + TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070)}, + {TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b), + TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b)}}, + {{TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016), + TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a)}, + {TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790), + TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0)}}, + {{TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371), + TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba)}, + {TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256), + TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6)}}, + {{TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4), + TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc)}, + {TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0), + TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711)}}, + {{TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8), + TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c)}, + {TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b), + TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4)}}, + {{TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a), + TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a)}, + {TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b), + TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5)}}, + {{TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1), + TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3)}, + {TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe), + TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45)}}, + {{TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc), + TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6)}, + {TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97), + TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e)}}, + {{TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5), + TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1)}, + {TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe), + TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc)}}, + {{TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb), + TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd)}, + {TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b), + TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db)}}, + {{TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb), + TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048)}, + {TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2), + TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46)}}, + {{TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b), + TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0)}, + {TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550), + TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418)}}, + {{TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282), + TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c)}, + {TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc), + TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a)}}, + {{TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f), + TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4)}, + {TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf), + TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90)}}, + {{TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe), + TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab)}, + {TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea), + TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b)}}, + {{TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64), + TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b)}, + {TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae), + TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc)}}, + {{TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2), + TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6)}, + {TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8), + TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe)}}, + {{TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0), + TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f)}, + {TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0), + TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6)}}, + {{TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953), + TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1)}, + {TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4), + TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094)}}, + {{TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab), + TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831)}, + {TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5), + TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f)}}, + {{TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5), + TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce)}, + {TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381), + TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897)}}, + {{TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301), + TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699)}, + {TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20), + TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9)}}, + {{TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2), + TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910)}, + {TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a), + TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242)}}, + {{TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f), + TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98)}, + {TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0), + TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6)}}, + {{TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0), + TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc)}, + {TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7), + TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3)}}, + {{TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d), + TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e)}, + {TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5), + TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f)}}, + {{TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d), + TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c)}, + {TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123), + TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c)}}, + {{TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b), + TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa)}, + {TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524), + TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820)}}, + {{TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654), + TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c)}, + {TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6), + TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1)}}, + {{TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32), + TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234)}, + {TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f), + TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8)}}, + {{TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48), + TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2)}, + {TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e), + TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6)}}, + {{TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca), + TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55)}, + {TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c), + TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385)}}, + {{TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a), + TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc)}, + {TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc), + TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce)}}, + {{TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842), + TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0)}, + {TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce), + TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365)}}, + {{TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159), + TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181)}, + {TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4), + TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb)}}, + {{TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a), + TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b)}, + {TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495), + TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95)}}, + {{TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085), + TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e)}, + {TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049), + TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538)}}, + {{TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268), + TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff)}, + {TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea), + TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711)}}, + {{TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975), + TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875)}, + {TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766), + TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c)}}, + {{TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1), + TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e)}, + {TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a), + TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a)}}, + {{TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b), + TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025)}, + {TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35), + TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d)}}, + {{TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603), + TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9)}, + {TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31), + TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934)}}, + {{TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11), + TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c)}, + {TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3), + TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125)}}, + {{TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe), + TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920)}, + {TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603), + TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2)}}, + {{TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28), + TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083)}, + {TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3), + TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0)}}, + {{TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7), + TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6)}, + {TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608), + TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33)}}, + {{TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5), + TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066)}, + {TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9), + TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb)}}, + {{TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937), + TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9)}, + {TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f), + TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c)}}, + {{TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981), + TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163)}, + {TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95), + TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9)}}, + {{TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a), + TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831)}, + {TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c), + TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d)}}, + {{TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb), + TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe)}, + {TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc), + TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a)}}, + {{TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284), + TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7)}, + {TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84), + TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a)}}}, + {{{TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34), + TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda)}, + {TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7), + TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997)}}, + {{TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e), + TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448)}, + {TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9), + TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368)}}, + {{TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc), + TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb)}, + {TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302), + TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106)}}, + {{TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce), + TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f)}, + {TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7), + TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d)}}, + {{TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff), + TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc)}, + {TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac), + TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e)}}, + {{TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3), + TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f)}, + {TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323), + TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591)}}, + {{TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9), + TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186)}, + {TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0), + TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71)}}, + {{TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac), + TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff)}, + {TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5), + TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444)}}, + {{TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8), + TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a)}, + {TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a), + TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e)}}, + {{TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062), + TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027)}, + {TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3), + TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01)}}, + {{TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b), + TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef)}, + {TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f), + TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51)}}, + {{TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745), + TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6)}, + {TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2), + TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310)}}, + {{TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22), + TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7)}, + {TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8), + TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b)}}, + {{TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934), + TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7)}, + {TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2), + TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74)}}, + {{TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df), + TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a)}, + {TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62), + TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9)}}, + {{TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e), + TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047)}, + {TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9), + TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f)}}, + {{TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b), + TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d)}, + {TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db), + TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7)}}, + {{TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1), + TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c)}, + {TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449), + TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9)}}, + {{TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080), + TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a)}, + {TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785), + TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c)}}, + {{TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728), + TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6)}, + {TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777), + TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98)}}, + {{TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d), + TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a)}, + {TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92), + TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6)}}, + {{TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f), + TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32)}, + {TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6), + TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8)}}, + {{TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5), + TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267)}, + {TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5), + TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98)}}, + {{TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b), + TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d)}, + {TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724), + TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232)}}, + {{TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61), + TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f)}, + {TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43), + TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026)}}, + {{TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e), + TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383)}, + {TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d), + TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b)}}, + {{TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91), + TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d)}, + {TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d), + TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e)}}, + {{TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1), + TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46)}, + {TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67), + TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c)}}, + {{TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1), + TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741)}, + {TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194), + TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988)}}, + {{TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85), + TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046)}, + {TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301), + TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb)}}, + {{TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27), + TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c)}, + {TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29), + TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa)}}, + {{TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78), + TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75)}, + {TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6), + TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670)}}, + {{TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988), + TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b)}, + {TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e), + TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2)}}, + {{TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc), + TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29)}, + {TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee), + TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e)}}, + {{TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4), + TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89)}, + {TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9), + TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2)}}, + {{TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1), + TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2)}, + {TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e), + TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6)}}, + {{TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1), + TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965)}, + {TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97), + TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02)}}, + {{TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be), + TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b)}, + {TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e), + TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92)}}, + {{TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f), + TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53)}, + {TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320), + TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433)}}, + {{TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3), + TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d)}, + {TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f), + TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055)}}, + {{TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd), + TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9)}, + {TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284), + TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492)}}, + {{TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f), + TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490)}, + {TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119), + TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba)}}, + {{TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9), + TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783)}, + {TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c), + TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb)}}, + {{TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630), + TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce)}, + {TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a), + TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e)}}, + {{TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331), + TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab)}, + {TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f), + TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b)}}, + {{TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f), + TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607)}, + {TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5), + TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108)}}, + {{TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1), + TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb)}, + {TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0), + TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf)}}, + {{TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d), + TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546)}, + {TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b), + TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d)}}, + {{TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3), + TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061)}, + {TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f), + TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd)}}, + {{TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6), + TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1)}, + {TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d), + TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47)}}, + {{TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29), + TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354)}, + {TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996), + TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528)}}, + {{TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4), + TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd)}, + {TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb), + TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae)}}, + {{TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660), + TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9)}, + {TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76), + TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732)}}, + {{TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082), + TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98)}, + {TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61), + TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3)}}, + {{TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73), + TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7)}, + {TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297), + TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927)}}, + {{TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93), + TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396)}, + {TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2), + TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d)}}, + {{TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74), + TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76)}, + {TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65), + TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4)}}, + {{TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea), + TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003)}, + {TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783), + TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018)}}, + {{TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297), + TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc)}, + {TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8), + TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143)}}, + {{TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167), + TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f)}, + {TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda), + TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664)}}, + {{TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2), + TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b)}, + {TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab), + TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4)}}, + {{TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3), + TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2)}, + {TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942), + TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f)}}, + {{TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097), + TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c)}, + {TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa), + TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360)}}, + {{TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150), + TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007)}, + {TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5), + TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)}}}, + {{{TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b), + TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab)}, + {TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f), + TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55)}}, + {{TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2), + TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df)}, + {TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c), + TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf)}}, + {{TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410), + TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7)}, + {TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c), + TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca)}}, + {{TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b), + TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d)}, + {TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450), + TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515)}}, + {{TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e), + TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284)}, + {TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6), + TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8)}}, + {{TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4), + TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd)}, + {TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3), + TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8)}}, + {{TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08), + TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de)}, + {TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b), + TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2)}}, + {{TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8), + TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb)}, + {TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e), + TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef)}}, + {{TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd), + TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2)}, + {TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334), + TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a)}}, + {{TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea), + TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875)}, + {TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b), + TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216)}}, + {{TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0), + TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243)}, + {TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26), + TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202)}}, + {{TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7), + TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8)}, + {TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99), + TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4)}}, + {{TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16), + TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619)}, + {TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a), + TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0)}}, + {{TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943), + TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463)}, + {TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa), + TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544)}}, + {{TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986), + TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97)}, + {TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5), + TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd)}}, + {{TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6), + TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe)}, + {TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19), + TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4)}}, + {{TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db), + TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e)}, + {TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53), + TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51)}}, + {{TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd), + TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191)}, + {TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5), + TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01)}}, + {{TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475), + TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d)}, + {TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e), + TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f)}}, + {{TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce), + TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38)}, + {TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd), + TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d)}}, + {{TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9), + TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50)}, + {TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994), + TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d)}}, + {{TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd), + TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5)}, + {TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8), + TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209)}}, + {{TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8), + TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a)}, + {TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633), + TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62)}}, + {{TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c), + TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6)}, + {TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2), + TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42)}}, + {{TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151), + TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51)}, + {TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d), + TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9)}}, + {{TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7), + TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4)}, + {TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c), + TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b)}}, + {{TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5), + TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc)}, + {TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c), + TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18)}}, + {{TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29), + TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d)}, + {TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c), + TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4)}}, + {{TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f), + TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec)}, + {TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14), + TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65)}}, + {{TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d), + TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5)}, + {TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090), + TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef)}}, + {{TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee), + TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2)}, + {TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4), + TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b)}}, + {{TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166), + TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007)}, + {TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2), + TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe)}}, + {{TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f), + TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce)}, + {TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a), + TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71)}}, + {{TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6), + TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421)}, + {TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a), + TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f)}}, + {{TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd), + TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03)}, + {TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca), + TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b)}}, + {{TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e), + TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702)}, + {TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007), + TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447)}}, + {{TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f), + TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1)}, + {TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172), + TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48)}}, + {{TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00), + TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361)}, + {TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446), + TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41)}}, + {{TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224), + TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d)}, + {TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937), + TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273)}}, + {{TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221), + TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1)}, + {TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc), + TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c)}}, + {{TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca), + TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5)}, + {TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02), + TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c)}}, + {{TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169), + TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f)}, + {TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d), + TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252)}}, + {{TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879), + TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3)}, + {TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4), + TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d)}}, + {{TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927), + TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af)}, + {TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97), + TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79)}}, + {{TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03), + TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f)}, + {TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca), + TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc)}}, + {{TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062), + TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13)}, + {TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e), + TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693)}}, + {{TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf), + TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8)}, + {TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6), + TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a)}}, + {{TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad), + TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281)}, + {TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4), + TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa)}}, + {{TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9), + TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2)}, + {TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63), + TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781)}}, + {{TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c), + TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7)}, + {TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da), + TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99)}}, + {{TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8), + TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9)}, + {TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c), + TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21)}}, + {{TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608), + TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2)}, + {TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89), + TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5)}}, + {{TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88), + TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262)}, + {TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3), + TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e)}}, + {{TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d), + TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649)}, + {TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c), + TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac)}}, + {{TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c), + TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca)}, + {TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1), + TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd)}}, + {{TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1), + TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c)}, + {TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a), + TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757)}}, + {{TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029), + TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015)}, + {TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5), + TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51)}}, + {{TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9), + TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07)}, + {TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a), + TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650)}}, + {{TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba), + TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839)}, + {TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc), + TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc)}}, + {{TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292), + TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6)}, + {TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e), + TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9)}}, + {{TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5), + TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01)}, + {TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3), + TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96)}}, + {{TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd), + TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec)}, + {TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd), + TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf)}}, + {{TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8), + TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c)}, + {TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f), + TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf)}}, + {{TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a), + TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d)}, + {TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2), + TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)}}}, + {{{TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78), + TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a)}, + {TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051), + TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39)}}, + {{TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c), + TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452)}, + {TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4), + TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b)}}, + {{TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c), + TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14)}, + {TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0), + TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270)}}, + {{TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205), + TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb)}, + {TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e), + TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3)}}, + {{TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8), + TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb)}, + {TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8), + TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd)}}, + {{TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb), + TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3)}, + {TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9), + TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b)}}, + {{TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5), + TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2)}, + {TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61), + TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5)}}, + {{TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd), + TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9)}, + {TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846), + TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7)}}, + {{TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c), + TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf)}, + {TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996), + TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47)}}, + {{TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66), + TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0)}, + {TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4), + TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36)}}, + {{TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be), + TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad)}, + {TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760), + TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74)}}, + {{TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154), + TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb)}, + {TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56), + TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a)}}, + {{TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568), + TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c)}, + {TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d), + TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385)}}, + {{TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1), + TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081)}, + {TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91), + TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa)}}, + {{TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316), + TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47)}, + {TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4), + TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345)}}, + {{TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954), + TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126)}, + {TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24), + TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394)}}, + {{TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb), + TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9)}, + {TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76), + TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e)}}, + {{TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5), + TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb)}, + {TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb), + TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be)}}, + {{TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597), + TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1)}, + {TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09), + TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f)}}, + {{TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7), + TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e)}, + {TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08), + TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c)}}, + {{TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03), + TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6)}, + {TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48), + TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745)}}, + {{TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082), + TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5)}, + {TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f), + TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5)}}, + {{TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947), + TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539)}, + {TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a), + TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002)}}, + {{TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb), + TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948)}, + {TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73), + TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e)}}, + {{TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647), + TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5)}, + {TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490), + TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f)}}, + {{TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea), + TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3)}, + {TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e), + TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516)}}, + {{TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e), + TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc)}, + {TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d), + TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604)}}, + {{TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b), + TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2)}, + {TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2), + TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e)}}, + {{TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290), + TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4)}, + {TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638), + TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa)}}, + {{TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307), + TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac)}, + {TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8), + TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8)}}, + {{TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2), + TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9)}, + {TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095), + TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9)}}, + {{TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2), + TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849)}, + {TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e), + TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638)}}, + {{TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506), + TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb)}, + {TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d), + TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4)}}, + {{TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14), + TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34)}, + {TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10), + TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9)}}, + {{TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79), + TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b)}, + {TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57), + TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca)}}, + {{TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb), + TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4)}, + {TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591), + TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f)}}, + {{TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6), + TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d)}, + {TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d), + TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a)}}, + {{TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1), + TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706)}, + {TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055), + TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3)}}, + {{TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810), + TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4)}, + {TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762), + TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96)}}, + {{TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655), + TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6)}, + {TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f), + TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878)}}, + {{TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9), + TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b)}, + {TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21), + TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982)}}, + {{TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13), + TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd)}, + {TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7), + TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0)}}, + {{TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea), + TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355)}, + {TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901), + TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac)}}, + {{TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965), + TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436)}, + {TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315), + TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef)}}, + {{TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a), + TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6)}, + {TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0), + TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4)}}, + {{TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0), + TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af)}, + {TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271), + TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a)}}, + {{TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5), + TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364)}, + {TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b), + TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5)}}, + {{TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66), + TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea)}, + {TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726), + TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4)}}, + {{TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d), + TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984)}, + {TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc), + TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d)}}, + {{TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7), + TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2)}, + {TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10), + TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28)}}, + {{TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b), + TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5)}, + {TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33), + TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c)}}, + {{TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810), + TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68)}, + {TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e), + TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125)}}, + {{TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f), + TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3)}, + {TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979), + TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba)}}, + {{TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c), + TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e)}, + {TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737), + TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e)}}, + {{TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525), + TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c)}, + {TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64), + TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5)}}, + {{TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d), + TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77)}, + {TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85), + TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5)}}, + {{TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e), + TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946)}, + {TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498), + TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1)}}, + {{TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477), + TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c)}, + {TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642), + TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224)}}, + {{TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3), + TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017)}, + {TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421), + TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6)}}, + {{TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319), + TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e)}, + {TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc), + TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205)}}, + {{TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402), + TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808)}, + {TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff), + TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2)}}, + {{TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1), + TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199)}, + {TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51), + TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418)}}, + {{TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145), + TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496)}, + {TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a), + TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d)}}, + {{TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c), + TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b)}, + {TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2), + TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)}}}, + {{{TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6), + TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1)}, + {TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866), + TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5)}}, + {{TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760), + TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d)}, + {TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251), + TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8)}}, + {{TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8), + TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a)}, + {TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a), + TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954)}}, + {{TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915), + TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911)}, + {TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc), + TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a)}}, + {{TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49), + TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a)}, + {TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11), + TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3)}}, + {{TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593), + TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5)}, + {TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83), + TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698)}}, + {{TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729), + TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0)}, + {TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e), + TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c)}}, + {{TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982), + TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509)}, + {TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268), + TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b)}}, + {{TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf), + TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f)}, + {TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295), + TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585)}}, + {{TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d), + TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d)}, + {TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db), + TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8)}}, + {{TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823), + TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690)}, + {TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec), + TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3)}}, + {{TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217), + TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f)}, + {TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074), + TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c)}}, + {{TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511), + TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649)}, + {TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0), + TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70)}}, + {{TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea), + TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35)}, + {TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686), + TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840)}}, + {{TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7), + TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9)}, + {TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a), + TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86)}}, + {{TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53), + TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd)}, + {TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190), + TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a)}}, + {{TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683), + TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc)}, + {TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524), + TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66)}}, + {{TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5), + TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac)}, + {TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766), + TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1)}}, + {{TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1), + TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea)}, + {TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2), + TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d)}}, + {{TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e), + TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b)}, + {TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261), + TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83)}}, + {{TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02), + TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920)}, + {TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540), + TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38)}}, + {{TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17), + TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad)}, + {TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e), + TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2)}}, + {{TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08), + TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2)}, + {TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b), + TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424)}}, + {{TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99), + TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6)}, + {TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453), + TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e)}}, + {{TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6), + TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6)}, + {TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea), + TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930)}}, + {{TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272), + TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf)}, + {TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1), + TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0)}}, + {{TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af), + TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c)}, + {TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e), + TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e)}}, + {{TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82), + TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e)}, + {TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c), + TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54)}}, + {{TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f), + TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b)}, + {TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369), + TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c)}}, + {{TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b), + TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df)}, + {TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af), + TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a)}}, + {{TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469), + TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f)}, + {TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f), + TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462)}}, + {{TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca), + TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555)}, + {TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204), + TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a)}}, + {{TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8), + TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758)}, + {TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5), + TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455)}}, + {{TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972), + TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e)}, + {TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd), + TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e)}}, + {{TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9), + TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25)}, + {TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d), + TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11)}}, + {{TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31), + TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53)}, + {TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44), + TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802)}}, + {{TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71), + TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362)}, + {TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c), + TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef)}}, + {{TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320), + TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3)}, + {TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6), + TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830)}}, + {{TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432), + TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73)}, + {TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49), + TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008)}}, + {{TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57), + TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8)}, + {TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065), + TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c)}}, + {{TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89), + TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e)}, + {TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6), + TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3)}}, + {{TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b), + TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212)}, + {TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78), + TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057)}}, + {{TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316), + TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391)}, + {TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd), + TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7)}}, + {{TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392), + TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb)}, + {TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69), + TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe)}}, + {{TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154), + TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23)}, + {TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149), + TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732)}}, + {{TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0), + TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2)}, + {TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95), + TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04)}}, + {{TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599), + TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0)}, + {TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696), + TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab)}}, + {{TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d), + TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d)}, + {TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1), + TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1)}}, + {{TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4), + TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974)}, + {TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0), + TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a)}}, + {{TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf), + TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b)}, + {TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9), + TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851)}}, + {{TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a), + TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051)}, + {TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78), + TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e)}}, + {{TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5), + TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc)}, + {TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a), + TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd)}}, + {{TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453), + TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2)}, + {TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6), + TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f)}}, + {{TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7), + TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1)}, + {TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f), + TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1)}}, + {{TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c), + TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a)}, + {TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9), + TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8)}}, + {{TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169), + TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2)}, + {TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452), + TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0)}}, + {{TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8), + TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4)}, + {TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93), + TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d)}}, + {{TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7), + TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b)}, + {TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c), + TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f)}}, + {{TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7), + TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9)}, + {TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96), + TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b)}}, + {{TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c), + TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5)}, + {TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c), + TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9)}}, + {{TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0), + TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183)}, + {TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e), + TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e)}}, + {{TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76), + TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b)}, + {TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167), + TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12)}}, + {{TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6), + TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a)}, + {TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963), + TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92)}}, + {{TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235), + TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a)}, + {TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d), + TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494)}}}, + {{{TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65), + TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860)}, + {TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f), + TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50)}}, + {{TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d), + TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6)}, + {TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d), + TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee)}}, + {{TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5), + TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca)}, + {TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2), + TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf)}}, + {{TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867), + TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6)}, + {TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65), + TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe)}}, + {{TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976), + TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3)}, + {TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837), + TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1)}}, + {{TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4), + TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6)}, + {TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae), + TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4)}}, + {{TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624), + TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c)}, + {TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6), + TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f)}}, + {{TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f), + TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d)}, + {TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a), + TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011)}}, + {{TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0), + TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854)}, + {TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459), + TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3)}}, + {{TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f), + TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c)}, + {TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941), + TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe)}}, + {{TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6), + TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c)}, + {TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919), + TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce)}}, + {{TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860), + TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa)}, + {TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073), + TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd)}}, + {{TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2), + TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a)}, + {TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91), + TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615)}}, + {{TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270), + TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f)}, + {TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664), + TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d)}}, + {{TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e), + TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a)}, + {TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77), + TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32)}}, + {{TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e), + TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c)}, + {TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e), + TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517)}}, + {{TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be), + TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664)}, + {TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a), + TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700)}}, + {{TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9), + TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152)}, + {TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a), + TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb)}}, + {{TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b), + TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db)}, + {TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85), + TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad)}}, + {{TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab), + TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662)}, + {TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f), + TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02)}}, + {{TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22), + TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e)}, + {TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5), + TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70)}}, + {{TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8), + TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993)}, + {TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0), + TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c)}}, + {{TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c), + TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682)}, + {TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85), + TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb)}}, + {{TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b), + TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef)}, + {TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1), + TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59)}}, + {{TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26), + TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e)}, + {TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296), + TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb)}}, + {{TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5), + TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d)}, + {TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47), + TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87)}}, + {{TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75), + TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130)}, + {TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769), + TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5)}}, + {{TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb), + TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5)}, + {TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c), + TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed)}}, + {{TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496), + TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7)}, + {TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936), + TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e)}}, + {{TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2), + TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d)}, + {TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670), + TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade)}}, + {{TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f), + TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252)}, + {TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336), + TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597)}}, + {{TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf), + TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11)}, + {TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3), + TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7)}}, + {{TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c), + TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4)}, + {TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e), + TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075)}}, + {{TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05), + TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493)}, + {TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a), + TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6)}}, + {{TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a), + TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1)}, + {TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d), + TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc)}}, + {{TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15), + TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77)}, + {TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11), + TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9)}}, + {{TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef), + TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f)}, + {TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759), + TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0)}}, + {{TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf), + TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee)}, + {TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455), + TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408)}}, + {{TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e), + TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954)}, + {TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec), + TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626)}}, + {{TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35), + TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c)}, + {TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c), + TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e)}}, + {{TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d), + TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80)}, + {TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849), + TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11)}}, + {{TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d), + TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47)}, + {TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1), + TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4)}}, + {{TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448), + TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9)}, + {TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286), + TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f)}}, + {{TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4), + TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521)}, + {TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c), + TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4)}}, + {{TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433), + TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8)}, + {TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d), + TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092)}}, + {{TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2), + TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7)}, + {TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524), + TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71)}}, + {{TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8), + TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816)}, + {TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8), + TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c)}}, + {{TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b), + TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b)}, + {TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a), + TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063)}}, + {{TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89), + TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb)}, + {TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084), + TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef)}}, + {{TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4), + TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab)}, + {TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca), + TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0)}}, + {{TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c), + TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675)}, + {TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c), + TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014)}}, + {{TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2), + TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52)}, + {TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f), + TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964)}}, + {{TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a), + TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed)}, + {TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e), + TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1)}}, + {{TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6), + TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c)}, + {TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681), + TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f)}}, + {{TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789), + TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885)}, + {TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895), + TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e)}}, + {{TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52), + TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8)}, + {TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939), + TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6)}}, + {{TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba), + TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04)}, + {TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741), + TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb)}}, + {{TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7), + TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4)}, + {TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe), + TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b)}}, + {{TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a), + TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480)}, + {TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4), + TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c)}}, + {{TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5), + TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08)}, + {TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74), + TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4)}}, + {{TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb), + TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a)}, + {TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5), + TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816)}}, + {{TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5), + TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5)}, + {TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89), + TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b)}}, + {{TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de), + TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d)}, + {TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e), + TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b)}}, + {{TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06), + TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d)}, + {TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc), + TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b)}}}, + {{{TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5), + TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d)}, + {TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e), + TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798)}}, + {{TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1), + TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee)}, + {TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153), + TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8)}}, + {{TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83), + TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7)}, + {TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae), + TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658)}}, + {{TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704), + TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8)}, + {TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6), + TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac)}}, + {{TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84), + TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4)}, + {TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b), + TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a)}}, + {{TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f), + TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c)}, + {TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59), + TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31)}}, + {{TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6), + TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69)}, + {TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723), + TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879)}}, + {{TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0), + TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c)}, + {TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca), + TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6)}}, + {{TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f), + TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755)}, + {TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9), + TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926)}}, + {{TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2), + TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2)}, + {TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7), + TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08)}}, + {{TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c), + TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99)}, + {TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4), + TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f)}}, + {{TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144), + TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b)}, + {TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5), + TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128)}}, + {{TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08), + TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4)}, + {TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9), + TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f)}}, + {{TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de), + TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889)}, + {TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca), + TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131)}}, + {{TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6), + TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8)}, + {TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120), + TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77)}}, + {{TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82), + TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee)}, + {TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6), + TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad)}}, + {{TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5), + TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948)}, + {TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc), + TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff)}}, + {{TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a), + TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e)}, + {TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62), + TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1)}}, + {{TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45), + TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916)}, + {TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd), + TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d)}}, + {{TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015), + TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7)}, + {TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5), + TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8)}}, + {{TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8), + TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4)}, + {TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666), + TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7)}}, + {{TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21), + TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78)}, + {TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066), + TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0)}}, + {{TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7), + TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25)}, + {TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686), + TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776)}}, + {{TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5), + TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada)}, + {TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99), + TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66)}}, + {{TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2), + TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3)}, + {TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2), + TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148)}}, + {{TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd), + TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8)}, + {TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a), + TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00)}}, + {{TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02), + TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac)}, + {TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb), + TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52)}}, + {{TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027), + TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689)}, + {TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac), + TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8)}}, + {{TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18), + TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66)}, + {TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff), + TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a)}}, + {{TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513), + TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67)}, + {TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822), + TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2)}}, + {{TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24), + TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d)}, + {TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4), + TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147)}}, + {{TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18), + TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351)}, + {TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694), + TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e)}}, + {{TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301), + TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21)}, + {TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c), + TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a)}}, + {{TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1), + TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e)}, + {TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d), + TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887)}}, + {{TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a), + TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291)}, + {TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9), + TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286)}}, + {{TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff), + TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb)}, + {TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce), + TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af)}}, + {{TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463), + TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5)}, + {TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3), + TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6)}}, + {{TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2), + TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab)}, + {TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d), + TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d)}}, + {{TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4), + TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033)}, + {TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226), + TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46)}}, + {{TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997), + TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb)}, + {TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f), + TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78)}}, + {{TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8), + TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e)}, + {TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506), + TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466)}}, + {{TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b), + TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7)}, + {TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40), + TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768)}}, + {{TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b), + TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f)}, + {TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071), + TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7)}}, + {{TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae), + TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03)}, + {TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b), + TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168)}}, + {{TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49), + TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922)}, + {TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e), + TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c)}}, + {{TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547), + TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451)}, + {TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c), + TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f)}}, + {{TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754), + TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171)}, + {TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e), + TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c)}}, + {{TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8), + TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03)}, + {TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6), + TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7)}}, + {{TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375), + TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0)}, + {TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911), + TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09)}}, + {{TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7), + TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c)}, + {TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64), + TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0)}}, + {{TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416), + TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9)}, + {TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791), + TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7)}}, + {{TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877), + TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035)}, + {TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79), + TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090)}}, + {{TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622), + TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb)}, + {TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe), + TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98)}}, + {{TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10), + TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140)}, + {TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166), + TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2)}}, + {{TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b), + TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7)}, + {TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380), + TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c)}}, + {{TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c), + TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe)}, + {TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2), + TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707)}}, + {{TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0), + TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7)}, + {TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6), + TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9)}}, + {{TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db), + TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3)}, + {TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d), + TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1)}}, + {{TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149), + TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51)}, + {TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28), + TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558)}}, + {{TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e), + TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43)}, + {TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b), + TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48)}}, + {{TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6), + TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8)}, + {TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c), + TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657)}}, + {{TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55), + TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a)}, + {TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d), + TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f)}}, + {{TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d), + TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24)}, + {TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c), + TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048)}}, + {{TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43), + TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7)}, + {TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b), + TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699)}}}, + {{{TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98), + TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021)}, + {TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d), + TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3)}}, + {{TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34), + TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da)}, + {TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc), + TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4)}}, + {{TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd), + TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc)}, + {TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1), + TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952)}}, + {{TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805), + TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19)}, + {TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c), + TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655)}}, + {{TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c), + TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69)}, + {TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461), + TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4)}}, + {{TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087), + TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268)}, + {TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9), + TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e)}}, + {{TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458), + TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb)}, + {TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e), + TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446)}}, + {{TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d), + TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637)}, + {TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87), + TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5)}}, + {{TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3), + TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2)}, + {TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432), + TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24)}}, + {{TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d), + TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c)}, + {TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973), + TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b)}}, + {{TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679), + TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873)}, + {TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70), + TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a)}}, + {{TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a), + TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1)}, + {TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0), + TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d)}}, + {{TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545), + TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13)}, + {TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8), + TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684)}}, + {{TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff), + TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161)}, + {TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d), + TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1)}}, + {{TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575), + TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b)}, + {TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5), + TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e)}}, + {{TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25), + TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca)}, + {TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0), + TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8)}}, + {{TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98), + TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da)}, + {TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc), + TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a)}}, + {{TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd), + TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc)}, + {TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4), + TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253)}}, + {{TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4), + TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7)}, + {TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6), + TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8)}}, + {{TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d), + TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c)}, + {TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255), + TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce)}}, + {{TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a), + TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc)}, + {TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f), + TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6)}}, + {{TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70), + TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1)}, + {TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f), + TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f)}}, + {{TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79), + TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472)}, + {TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a), + TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2)}}, + {{TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa), + TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656)}, + {TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec), + TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa)}}, + {{TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44), + TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8)}, + {TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4), + TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a)}}, + {{TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a), + TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d)}, + {TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0), + TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f)}}, + {{TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110), + TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1)}, + {TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547), + TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351)}}, + {{TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f), + TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef)}, + {TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb), + TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced)}}, + {{TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb), + TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4)}, + {TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b), + TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c)}}, + {{TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9), + TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32)}, + {TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768), + TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6)}}, + {{TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930), + TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38)}, + {TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80), + TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634)}}, + {{TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681), + TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3)}, + {TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b), + TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a)}}, + {{TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7), + TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb)}, + {TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79), + TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c)}}, + {{TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2), + TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b)}, + {TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0), + TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718)}}, + {{TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381), + TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d)}, + {TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71), + TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b)}}, + {{TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41), + TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a)}, + {TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99), + TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636)}}, + {{TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49), + TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce)}, + {TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1), + TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049)}}, + {{TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541), + TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb)}, + {TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0), + TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40)}}, + {{TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e), + TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086)}, + {TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed), + TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34)}}, + {{TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342), + TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51)}, + {TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f), + TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3)}}, + {{TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f), + TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60)}, + {TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f), + TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4)}}, + {{TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a), + TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2)}, + {TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c), + TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8)}}, + {{TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b), + TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247)}, + {TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d), + TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c)}}, + {{TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10), + TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0)}, + {TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d), + TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a)}}, + {{TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2), + TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097)}, + {TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae), + TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc)}}, + {{TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc), + TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58)}, + {TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c), + TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141)}}, + {{TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9), + TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8)}, + {TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62), + TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9)}}, + {{TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df), + TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5)}, + {TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b), + TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535)}}, + {{TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd), + TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112)}, + {TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec), + TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe)}}, + {{TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361), + TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77)}, + {TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e), + TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e)}}, + {{TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429), + TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc)}, + {TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f), + TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e)}}, + {{TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372), + TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332)}, + {TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4), + TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29)}}, + {{TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5), + TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04)}, + {TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f), + TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc)}}, + {{TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39), + TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29)}, + {TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb), + TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04)}}, + {{TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7), + TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61)}, + {TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e), + TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961)}}, + {{TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6), + TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc)}, + {TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e), + TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af)}}, + {{TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f), + TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab)}, + {TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9), + TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204)}}, + {{TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e), + TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2)}, + {TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c), + TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03)}}, + {{TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98), + TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42)}, + {TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8), + TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43)}}, + {{TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8), + TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86)}, + {TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d), + TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79)}}, + {{TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404), + TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9)}, + {TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314), + TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5)}}, + {{TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae), + TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357)}, + {TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d), + TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477)}}, + {{TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7), + TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80)}, + {TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d), + TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527)}}, + {{TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da), + TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad)}, + {TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17), + TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25)}}}, + {{{TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58), + TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85)}, + {TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e), + TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a)}}, + {{TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc), + TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3)}, + {TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2), + TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8)}}, + {{TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2), + TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe)}, + {TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d), + TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53)}}, + {{TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be), + TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336)}, + {TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933), + TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f)}}, + {{TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe), + TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc)}, + {TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326), + TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272)}}, + {{TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e), + TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f)}, + {TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c), + TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7)}}, + {{TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9), + TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918)}, + {TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457), + TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60)}}, + {{TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44), + TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a)}, + {TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017), + TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7)}}, + {{TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03), + TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef)}, + {TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1), + TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a)}}, + {{TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b), + TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947)}, + {TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b), + TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa)}}, + {{TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599), + TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1)}, + {TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492), + TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df)}}, + {{TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556), + TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2)}, + {TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f), + TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31)}}, + {{TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0), + TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e)}, + {TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6), + TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195)}}, + {{TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f), + TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15)}, + {TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4), + TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff)}}, + {{TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1), + TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c)}, + {TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9), + TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc)}}, + {{TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0), + TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1)}, + {TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8), + TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4)}}, + {{TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5), + TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a)}, + {TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0), + TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca)}}, + {{TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f), + TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b)}, + {TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37), + TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc)}}, + {{TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1), + TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613)}, + {TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6), + TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8)}}, + {{TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc), + TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984)}, + {TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18), + TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a)}}, + {{TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895), + TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5)}, + {TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d), + TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33)}}, + {{TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44), + TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b)}, + {TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7), + TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120)}}, + {{TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b), + TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9)}, + {TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a), + TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504)}}, + {{TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801), + TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2)}, + {TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e), + TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216)}}, + {{TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924), + TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169)}, + {TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8), + TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a)}}, + {{TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0), + TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd)}, + {TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8), + TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7)}}, + {{TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c), + TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7)}, + {TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556), + TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb)}}, + {{TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091), + TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749)}, + {TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6), + TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722)}}, + {{TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1), + TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce)}, + {TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863), + TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1)}}, + {{TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5), + TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836)}, + {TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf), + TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825)}}, + {{TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99), + TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e)}, + {TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3), + TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6)}}, + {{TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7), + TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5)}, + {TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99), + TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03)}}, + {{TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f), + TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5)}, + {TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516), + TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9)}}, + {{TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f), + TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235)}, + {TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674), + TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e)}}, + {{TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf), + TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05)}, + {TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748), + TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e)}}, + {{TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d), + TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c)}, + {TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601), + TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca)}}, + {{TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f), + TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f)}, + {TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf), + TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a)}}, + {{TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564), + TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6)}, + {TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695), + TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46)}}, + {{TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e), + TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15)}, + {TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955), + TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c)}}, + {{TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154), + TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29)}, + {TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840), + TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb)}}, + {{TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451), + TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e)}, + {TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece), + TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a)}}, + {{TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c), + TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364)}, + {TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8), + TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63)}}, + {{TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35), + TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6)}, + {TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d), + TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a)}}, + {{TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f), + TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391)}, + {TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230), + TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0)}}, + {{TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8), + TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d)}, + {TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801), + TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b)}}, + {{TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b), + TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5)}, + {TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009), + TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0)}}, + {{TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427), + TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d)}, + {TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840), + TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134)}}, + {{TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0), + TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390)}, + {TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9), + TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3)}}, + {{TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d), + TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7)}, + {TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d), + TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb)}}, + {{TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1), + TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326)}, + {TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d), + TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89)}}, + {{TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90), + TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec)}, + {TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df), + TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf)}}, + {{TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2), + TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75)}, + {TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e), + TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016)}}, + {{TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd), + TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719)}, + {TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700), + TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638)}}, + {{TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50), + TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58)}, + {TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0), + TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb)}}, + {{TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef), + TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257)}, + {TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a), + TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0)}}, + {{TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609), + TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2)}, + {TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6), + TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce)}}, + {{TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f), + TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319)}, + {TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb), + TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5)}}, + {{TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed), + TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b)}, + {TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2), + TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b)}}, + {{TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25), + TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624)}, + {TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79), + TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd)}}, + {{TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b), + TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d)}, + {TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442), + TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e)}}, + {{TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5), + TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19)}, + {TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57), + TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc)}}, + {{TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f), + TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3)}, + {TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0), + TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce)}}, + {{TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1), + TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672)}, + {TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d), + TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba)}}, + {{TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97), + TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69)}, + {TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81), + TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328)}}}, + {{{TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd), + TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5)}, + {TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af), + TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82)}}, + {{TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a), + TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3)}, + {TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d), + TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755)}}, + {{TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638), + TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f)}, + {TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1), + TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23)}}, + {{TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2), + TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4)}, + {TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105), + TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329)}}, + {{TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a), + TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897)}, + {TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57), + TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2)}}, + {{TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49), + TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69)}, + {TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2), + TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3)}}, + {{TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817), + TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164)}, + {TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263), + TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32)}}, + {{TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a), + TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f)}, + {TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1), + TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94)}}, + {{TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558), + TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9)}, + {TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22), + TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f)}}, + {{TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f), + TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b)}, + {TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7), + TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0)}}, + {{TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752), + TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf)}, + {TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d), + TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6)}}, + {{TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5), + TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58)}, + {TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177), + TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477)}}, + {{TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4), + TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6)}, + {TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54), + TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c)}}, + {{TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b), + TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b)}, + {TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c), + TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4)}}, + {{TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f), + TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e)}, + {TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487), + TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a)}}, + {{TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658), + TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6)}, + {TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803), + TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f)}}, + {{TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8), + TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893)}, + {TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f), + TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7)}}, + {{TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0), + TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794)}, + {TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e), + TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee)}}, + {{TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c), + TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989)}, + {TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b), + TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84)}}, + {{TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946), + TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc)}, + {TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae), + TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb)}}, + {{TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038), + TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0)}, + {TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6), + TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba)}}, + {{TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6), + TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25)}, + {TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4), + TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8)}}, + {{TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4), + TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d)}, + {TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5), + TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b)}}, + {{TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d), + TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8)}, + {TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6), + TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae)}}, + {{TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc), + TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40)}, + {TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95), + TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913)}}, + {{TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88), + TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e)}, + {TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034), + TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334)}}, + {{TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397), + TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2)}, + {TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0), + TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd)}}, + {{TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10), + TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8)}, + {TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62), + TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8)}}, + {{TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b), + TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075)}, + {TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e), + TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312)}}, + {{TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e), + TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d)}, + {TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb), + TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a)}}, + {{TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261), + TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d)}, + {TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb), + TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c)}}, + {{TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5), + TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0)}, + {TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee), + TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28)}}, + {{TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173), + TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f)}, + {TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01), + TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40)}}, + {{TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d), + TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5)}, + {TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1), + TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574)}}, + {{TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979), + TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d)}, + {TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7), + TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d)}}, + {{TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b), + TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638)}, + {TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36), + TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a)}}, + {{TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253), + TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467)}, + {TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94), + TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311)}}, + {{TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1), + TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea)}, + {TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6), + TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a)}}, + {{TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac), + TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d)}, + {TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354), + TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9)}}, + {{TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4), + TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b)}, + {TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94), + TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074)}}, + {{TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f), + TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60)}, + {TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690), + TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431)}}, + {{TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd), + TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e)}, + {TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e), + TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828)}}, + {{TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d), + TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe)}, + {TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345), + TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d)}}, + {{TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6), + TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8)}, + {TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c), + TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d)}}, + {{TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2), + TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126)}, + {TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395), + TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64)}}, + {{TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57), + TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9)}, + {TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789), + TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7)}}, + {{TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5), + TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced)}, + {TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96), + TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554)}}, + {{TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84), + TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0)}, + {TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88), + TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0)}}, + {{TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d), + TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9)}, + {TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32), + TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351)}}, + {{TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260), + TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8)}, + {TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490), + TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d)}}, + {{TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6), + TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec)}, + {TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627), + TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed)}}, + {{TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45), + TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1)}, + {TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048), + TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597)}}, + {{TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556), + TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577)}, + {TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5), + TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094)}}, + {{TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1), + TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f)}, + {TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96), + TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56)}}, + {{TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236), + TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2)}, + {TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0), + TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a)}}, + {{TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228), + TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa)}, + {TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e), + TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48)}}, + {{TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5), + TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77)}, + {TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f), + TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e)}}, + {{TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74), + TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a)}, + {TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069), + TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436)}}, + {{TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6), + TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd)}, + {TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999), + TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9)}}, + {{TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829), + TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8)}, + {TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df), + TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae)}}, + {{TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7), + TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70)}, + {TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b), + TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f)}}, + {{TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9), + TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7)}, + {TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb), + TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6)}}, + {{TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63), + TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da)}, + {TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b), + TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79)}}, + {{TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e), + TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860)}, + {TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b), + TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745)}}}, + {{{TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d), + TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea)}, + {TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151), + TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98)}}, + {{TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e), + TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f)}, + {TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260), + TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b)}}, + {{TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371), + TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee)}, + {TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3), + TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25)}}, + {{TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df), + TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5)}, + {TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27), + TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644)}}, + {{TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d), + TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8)}, + {TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5), + TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248)}}, + {{TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f), + TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46)}, + {TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6), + TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609)}}, + {{TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd), + TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848)}, + {TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb), + TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6)}}, + {{TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863), + TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e)}, + {TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456), + TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276)}}, + {{TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077), + TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875)}, + {TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481), + TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9)}}, + {{TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19), + TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60)}, + {TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995), + TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508)}}, + {{TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e), + TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a)}, + {TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803), + TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1)}}, + {{TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d), + TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842)}, + {TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e), + TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837)}}, + {{TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5), + TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442)}, + {TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca), + TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf)}}, + {{TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5), + TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3)}, + {TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6), + TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186)}}, + {{TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa), + TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415)}, + {TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115), + TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9)}}, + {{TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9), + TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907)}, + {TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f), + TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df)}}, + {{TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826), + TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69)}, + {TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48), + TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8)}}, + {{TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02), + TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846)}, + {TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4), + TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3)}}, + {{TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9), + TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c)}, + {TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac), + TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188)}}, + {{TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262), + TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2)}, + {TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971), + TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f)}}, + {{TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b), + TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21)}, + {TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41), + TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1)}}, + {{TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57), + TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931)}, + {TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc), + TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033)}}, + {{TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180), + TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894)}, + {TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c), + TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15)}}, + {{TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a), + TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31)}, + {TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186), + TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795)}}, + {{TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9), + TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024)}, + {TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d), + TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259)}}, + {{TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc), + TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e)}, + {TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8), + TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7)}}, + {{TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4), + TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39)}, + {TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190), + TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b)}}, + {{TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b), + TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab)}, + {TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790), + TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2)}}, + {{TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7), + TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a)}, + {TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854), + TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848)}}, + {{TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1), + TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9)}, + {TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd), + TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476)}}, + {{TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3), + TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2)}, + {TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d), + TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb)}}, + {{TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77), + TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b)}, + {TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3), + TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0)}}, + {{TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b), + TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d)}, + {TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8), + TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31)}}, + {{TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b), + TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b)}, + {TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb), + TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4)}}, + {{TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641), + TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055)}, + {TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5), + TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727)}}, + {{TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e), + TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3)}, + {TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55), + TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74)}}, + {{TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7), + TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36)}, + {TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369), + TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d)}}, + {{TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8), + TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2)}, + {TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26), + TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e)}}, + {{TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366), + TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865)}, + {TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf), + TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2)}}, + {{TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923), + TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2)}, + {TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1), + TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3)}}, + {{TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863), + TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017)}, + {TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e), + TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529)}}, + {{TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac), + TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08)}, + {TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475), + TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea)}}, + {{TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd), + TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de)}, + {TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a), + TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef)}}, + {{TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58), + TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815)}, + {TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4), + TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff)}}, + {{TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc), + TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583)}, + {TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe), + TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e)}}, + {{TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9), + TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507)}, + {TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0), + TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d)}}, + {{TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997), + TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536)}, + {TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680), + TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda)}}, + {{TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b), + TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12)}, + {TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d), + TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e)}}, + {{TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a), + TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154)}, + {TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b), + TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef)}}, + {{TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e), + TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f)}, + {TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2), + TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094)}}, + {{TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5), + TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b)}, + {TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a), + TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594)}}, + {{TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d), + TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223)}, + {TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06), + TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40)}}, + {{TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd), + TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8)}, + {TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249), + TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd)}}, + {{TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1), + TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e)}, + {TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e), + TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93)}}, + {{TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42), + TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5)}, + {TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60), + TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf)}}, + {{TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f), + TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557)}, + {TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8), + TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8)}}, + {{TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99), + TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c)}, + {TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd), + TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56)}}, + {{TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd), + TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e)}, + {TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d), + TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929)}}, + {{TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660), + TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329)}, + {TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299), + TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8)}}, + {{TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf), + TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7)}, + {TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27), + TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120)}}, + {{TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939), + TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4)}, + {TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880), + TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120)}}, + {{TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546), + TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b)}, + {TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27), + TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3)}}, + {{TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36), + TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1)}, + {TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142), + TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66)}}, + {{TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd), + TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6)}, + {TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366), + TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83)}}}, + {{{TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b), + TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325)}, + {TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707), + TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174)}}, + {{TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4), + TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea)}, + {TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3), + TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad)}}, + {{TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e), + TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9)}, + {TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98), + TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9)}}, + {{TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b), + TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394)}, + {TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9), + TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0)}}, + {{TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173), + TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb)}, + {TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394), + TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7)}}, + {{TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442), + TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b)}, + {TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127), + TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35)}}, + {{TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb), + TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b)}, + {TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c), + TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c)}}, + {{TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f), + TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7)}, + {TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac), + TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818)}}, + {{TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc), + TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a)}, + {TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc), + TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0)}}, + {{TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93), + TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de)}, + {TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee), + TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7)}}, + {{TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea), + TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9)}, + {TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b), + TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5)}}, + {{TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2), + TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe)}, + {TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635), + TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2)}}, + {{TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341), + TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b)}, + {TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43), + TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27)}}, + {{TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356), + TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b)}, + {TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6), + TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714)}}, + {{TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9), + TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc)}, + {TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b), + TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f)}}, + {{TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5), + TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f)}, + {TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341), + TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7)}}, + {{TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd), + TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf)}, + {TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c), + TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa)}}, + {{TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0), + TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd)}, + {TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586), + TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817)}}, + {{TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37), + TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51)}, + {TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0), + TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c)}}, + {{TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a), + TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b)}, + {TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f), + TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f)}}, + {{TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2), + TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1)}, + {TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3), + TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50)}}, + {{TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92), + TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca)}, + {TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63), + TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8)}}, + {{TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f), + TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f)}, + {TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4), + TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0)}}, + {{TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645), + TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed)}, + {TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba), + TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2)}}, + {{TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f), + TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933)}, + {TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d), + TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063)}}, + {{TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8), + TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8)}, + {TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df), + TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff)}}, + {{TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef), + TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d)}, + {TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a), + TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938)}}, + {{TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6), + TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92)}, + {TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda), + TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65)}}, + {{TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f), + TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4)}, + {TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf), + TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87)}}, + {{TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458), + TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d)}, + {TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5), + TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469)}}, + {{TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41), + TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee)}, + {TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f), + TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3)}}, + {{TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f), + TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2)}, + {TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069), + TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5)}}, + {{TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b), + TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047)}, + {TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f), + TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f)}}, + {{TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7), + TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0)}, + {TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d), + TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4)}}, + {{TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f), + TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472)}, + {TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c), + TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2)}}, + {{TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32), + TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a)}, + {TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080), + TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8)}}, + {{TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce), + TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796)}, + {TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79), + TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b)}}, + {{TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106), + TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433)}, + {TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102), + TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b)}}, + {{TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02), + TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f)}, + {TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34), + TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724)}}, + {{TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f), + TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd)}, + {TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a), + TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc)}}, + {{TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2), + TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a)}, + {TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a), + TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f)}}, + {{TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237), + TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9)}, + {TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd), + TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62)}}, + {{TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87), + TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd)}, + {TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6), + TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f)}}, + {{TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7), + TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886)}, + {TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea), + TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a)}}, + {{TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35), + TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db)}, + {TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b), + TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7)}}, + {{TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72), + TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25)}, + {TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61), + TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d)}}, + {{TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068), + TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53)}, + {TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632), + TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f)}}, + {{TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387), + TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e)}, + {TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067), + TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f)}}, + {{TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9), + TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c)}, + {TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d), + TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748)}}, + {{TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135), + TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631)}, + {TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a), + TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d)}}, + {{TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8), + TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad)}, + {TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b), + TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0)}}, + {{TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51), + TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05)}, + {TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb), + TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c)}}, + {{TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce), + TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9)}, + {TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf), + TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1)}}, + {{TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8), + TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624)}, + {TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6), + TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4)}}, + {{TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde), + TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13)}, + {TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee), + TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710)}}, + {{TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3), + TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100)}, + {TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a), + TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d)}}, + {{TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c), + TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df)}, + {TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093), + TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6)}}, + {{TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4), + TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2)}, + {TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11), + TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c)}}, + {{TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab), + TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c)}, + {TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400), + TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79)}}, + {{TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4), + TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d)}, + {TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8), + TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930)}}, + {{TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7), + TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303)}, + {TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e), + TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade)}}, + {{TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b), + TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b)}, + {TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927), + TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20)}}, + {{TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd), + TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6)}, + {TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288), + TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e)}}, + {{TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8), + TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d)}, + {TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362), + TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b)}}}, + {{{TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2), + TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400)}, + {TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e), + TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9)}}, + {{TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7), + TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e)}, + {TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a), + TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab)}}, + {{TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e), + TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d)}, + {TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1), + TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e)}}, + {{TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07), + TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325)}, + {TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386), + TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8)}}, + {{TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90), + TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df)}, + {TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64), + TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286)}}, + {{TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04), + TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069)}, + {TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf), + TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708)}}, + {{TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299), + TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6)}, + {TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32), + TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671)}}, + {{TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370), + TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3)}, + {TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103), + TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d)}}, + {{TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea), + TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe)}, + {TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b), + TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913)}}, + {{TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a), + TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb)}, + {TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e), + TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6)}}, + {{TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a), + TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613)}, + {TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129), + TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3)}}, + {{TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026), + TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac)}, + {TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7), + TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317)}}, + {{TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5), + TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3)}, + {TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a), + TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac)}}, + {{TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed), + TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613)}, + {TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16), + TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61)}}, + {{TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992), + TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2)}, + {TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e), + TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10)}}, + {{TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd), + TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064)}, + {TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2), + TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d)}}, + {{TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57), + TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a)}, + {TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21), + TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a)}}, + {{TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580), + TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3)}, + {TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f), + TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4)}}, + {{TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311), + TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47)}, + {TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f), + TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48)}}, + {{TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06), + TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1)}, + {TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2), + TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1)}}, + {{TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2), + TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836)}, + {TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686), + TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9)}}, + {{TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4), + TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555)}, + {TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f), + TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79)}}, + {{TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905), + TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f)}, + {TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8), + TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a)}}, + {{TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269), + TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b)}, + {TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22), + TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809)}}, + {{TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a), + TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87)}, + {TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36), + TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a)}}, + {{TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf), + TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea)}, + {TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10), + TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365)}}, + {{TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127), + TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d)}, + {TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299), + TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c)}}, + {{TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1), + TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c)}, + {TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8), + TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd)}}, + {{TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd), + TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd)}, + {TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27), + TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97)}}, + {{TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb), + TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a)}, + {TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43), + TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be)}}, + {{TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09), + TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468)}, + {TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1), + TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448)}}, + {{TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5), + TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069)}, + {TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9), + TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6)}}, + {{TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3), + TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a)}, + {TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4), + TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66)}}, + {{TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d), + TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00)}, + {TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4), + TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8)}}, + {{TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586), + TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f)}, + {TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8), + TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce)}}, + {{TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141), + TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083)}, + {TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1), + TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c)}}, + {{TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc), + TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be)}, + {TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3), + TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19)}}, + {{TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d), + TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079)}, + {TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d), + TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5)}}, + {{TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868), + TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d)}, + {TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80), + TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944)}}, + {{TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137), + TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801)}, + {TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c), + TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02)}}, + {{TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e), + TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e)}, + {TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681), + TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa)}}, + {{TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98), + TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2)}, + {TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92), + TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7)}}, + {{TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5), + TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2)}, + {TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef), + TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8)}}, + {{TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a), + TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d)}, + {TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f), + TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f)}}, + {{TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220), + TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056)}, + {TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28), + TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b)}}, + {{TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a), + TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0)}, + {TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54), + TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86)}}, + {{TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f), + TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6)}, + {TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751), + TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec)}}, + {{TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654), + TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149)}, + {TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3), + TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1)}}, + {{TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae), + TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5)}, + {TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062), + TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef)}}, + {{TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f), + TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1)}, + {TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c), + TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d)}}, + {{TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373), + TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76)}, + {TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a), + TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d)}}, + {{TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0), + TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057)}, + {TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24), + TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3)}}, + {{TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922), + TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a)}, + {TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4), + TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382)}}, + {{TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318), + TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685)}, + {TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a), + TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c)}}, + {{TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d), + TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac)}, + {TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc), + TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92)}}, + {{TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b), + TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794)}, + {TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38), + TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48)}}, + {{TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791), + TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616)}, + {TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f), + TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802)}}, + {{TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb), + TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3)}, + {TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5), + TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c)}}, + {{TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb), + TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68)}, + {TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157), + TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856)}}, + {{TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783), + TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05)}, + {TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd), + TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f)}}, + {{TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e), + TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614)}, + {TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d), + TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff)}}, + {{TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004), + TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5)}, + {TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1), + TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7)}}, + {{TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993), + TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233)}, + {TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552), + TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19)}}, + {{TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8), + TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054)}, + {TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3), + TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74)}}}, + {{{TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c), + TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f)}, + {TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a), + TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1)}}, + {{TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa), + TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068)}, + {TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399), + TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2)}}, + {{TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240), + TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd)}, + {TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242), + TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de)}}, + {{TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3), + TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6)}, + {TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1), + TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234)}}, + {{TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a), + TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52)}, + {TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62), + TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9)}}, + {{TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21), + TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00)}, + {TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab), + TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c)}}, + {{TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5), + TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863)}, + {TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7), + TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87)}}, + {{TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6), + TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3)}, + {TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501), + TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b)}}, + {{TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6), + TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52)}, + {TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d), + TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd)}}, + {{TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf), + TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e)}, + {TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac), + TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0)}}, + {{TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c), + TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d)}, + {TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6), + TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6)}}, + {{TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9), + TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e)}, + {TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc), + TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d)}}, + {{TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10), + TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9)}, + {TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9), + TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499)}}, + {{TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947), + TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f)}, + {TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571), + TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369)}}, + {{TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566), + TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5)}, + {TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324), + TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3)}}, + {{TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd), + TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969)}, + {TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1), + TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c)}}, + {{TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332), + TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8)}, + {TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33), + TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7)}}, + {{TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48), + TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f)}, + {TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2), + TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b)}}, + {{TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636), + TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5)}, + {TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b), + TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc)}}, + {{TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f), + TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c)}, + {TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f), + TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116)}}, + {{TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14), + TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289)}, + {TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09), + TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388)}}, + {{TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed), + TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e)}, + {TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04), + TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b)}}, + {{TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909), + TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c)}, + {TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f), + TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480)}}, + {{TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680), + TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9)}, + {TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d), + TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21)}}, + {{TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850), + TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc)}, + {TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842), + TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc)}}, + {{TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427), + TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b)}, + {TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45), + TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130)}}, + {{TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa), + TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692)}, + {TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf), + TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b)}}, + {{TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5), + TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a)}, + {TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c), + TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156)}}, + {{TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f), + TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b)}, + {TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0), + TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5)}}, + {{TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669), + TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc)}, + {TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee), + TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b)}}, + {{TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8), + TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8)}, + {TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48), + TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841)}}, + {{TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4), + TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad)}, + {TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd), + TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443)}}, + {{TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96), + TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb)}, + {TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b), + TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d)}}, + {{TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727), + TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff)}, + {TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f), + TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf)}}, + {{TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556), + TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361)}, + {TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa), + TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140)}}, + {{TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978), + TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e)}, + {TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50), + TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e)}}, + {{TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6), + TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0)}, + {TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648), + TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174)}}, + {{TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5), + TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc)}, + {TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d), + TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914)}}, + {{TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d), + TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb)}, + {TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e), + TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17)}}, + {{TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0), + TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f)}, + {TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34), + TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366)}}, + {{TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f), + TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178)}, + {TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976), + TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932)}}, + {{TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914), + TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a)}, + {TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09), + TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6)}}, + {{TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430), + TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450)}, + {TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23), + TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481)}}, + {{TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517), + TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932)}, + {TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a), + TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853)}}, + {{TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e), + TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b)}, + {TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40), + TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494)}}, + {{TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b), + TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c)}, + {TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d), + TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135)}}, + {{TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69), + TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd)}, + {TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d), + TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0)}}, + {{TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c), + TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e)}, + {TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1), + TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f)}}, + {{TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c), + TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab)}, + {TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a), + TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f)}}, + {{TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c), + TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80)}, + {TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba), + TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599)}}, + {{TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297), + TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c)}, + {TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f), + TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54)}}, + {{TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38), + TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d)}, + {TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c), + TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a)}}, + {{TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165), + TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8)}, + {TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86), + TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038)}}, + {{TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177), + TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b)}, + {TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb), + TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0)}}, + {{TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475), + TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3)}, + {TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37), + TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a)}}, + {{TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649), + TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d)}, + {TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf), + TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9)}}, + {{TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac), + TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a)}, + {TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224), + TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3)}}, + {{TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b), + TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe)}, + {TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff), + TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353)}}, + {{TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906), + TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743)}, + {TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27), + TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd)}}, + {{TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda), + TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2)}, + {TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288), + TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a)}}, + {{TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74), + TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710)}, + {TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf), + TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5)}}, + {{TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611), + TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10)}, + {TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6), + TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29)}}, + {{TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86), + TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279)}, + {TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4), + TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318)}}, + {{TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc), + TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc)}, + {TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3), + TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762)}}}, + {{{TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f), + TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61)}, + {TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20), + TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc)}}, + {{TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235), + TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7)}, + {TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60), + TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152)}}, + {{TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e), + TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093)}, + {TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8), + TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28)}}, + {{TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573), + TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e)}, + {TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16), + TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5)}}, + {{TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3), + TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d)}, + {TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6), + TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0)}}, + {{TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6), + TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965)}, + {TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123), + TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d)}}, + {{TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7), + TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3)}, + {TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d), + TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07)}}, + {{TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a), + TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b)}, + {TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f), + TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1)}}, + {{TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce), + TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217)}, + {TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d), + TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6)}}, + {{TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6), + TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884)}, + {TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682), + TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b)}}, + {{TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2), + TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6)}, + {TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4), + TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc)}}, + {{TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680), + TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2)}, + {TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142), + TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea)}}, + {{TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6), + TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529)}, + {TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925), + TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3)}}, + {{TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10), + TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3)}, + {TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6), + TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a)}}, + {{TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b), + TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d)}, + {TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05), + TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba)}}, + {{TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65), + TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3)}, + {TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3), + TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0)}}, + {{TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118), + TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214)}, + {TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b), + TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5)}}, + {{TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f), + TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21)}, + {TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb), + TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3)}}, + {{TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab), + TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f)}, + {TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1), + TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8)}}, + {{TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3), + TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e)}, + {TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0), + TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225)}}, + {{TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41), + TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9)}, + {TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad), + TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507)}}, + {{TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb), + TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628)}, + {TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b), + TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c)}}, + {{TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039), + TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211)}, + {TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005), + TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c)}}, + {{TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36), + TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3)}, + {TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371), + TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6)}}, + {{TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795), + TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2)}, + {TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a), + TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16)}}, + {{TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584), + TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8)}, + {TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b), + TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5)}}, + {{TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c), + TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7)}, + {TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee), + TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93)}}, + {{TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699), + TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60)}, + {TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e), + TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43)}}, + {{TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a), + TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e)}, + {TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1), + TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52)}}, + {{TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd), + TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924)}, + {TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4), + TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7)}}, + {{TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0), + TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab)}, + {TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08), + TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c)}}, + {{TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3), + TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288)}, + {TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f), + TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b)}}, + {{TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646), + TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c)}, + {TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda), + TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2)}}, + {{TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df), + TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c)}, + {TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df), + TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa)}}, + {{TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348), + TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e)}, + {TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59), + TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e)}}, + {{TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c), + TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917)}, + {TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357), + TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e)}}, + {{TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5), + TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4)}, + {TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f), + TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa)}}, + {{TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357), + TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1)}, + {TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805), + TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804)}}, + {{TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d), + TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7)}, + {TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a), + TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784)}}, + {{TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310), + TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74)}, + {TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51), + TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63)}}, + {{TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559), + TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4)}, + {TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a), + TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80)}}, + {{TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca), + TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182)}, + {TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860), + TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f)}}, + {{TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70), + TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5)}, + {TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd), + TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790)}}, + {{TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4), + TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa)}, + {TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685), + TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810)}}, + {{TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5), + TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92)}, + {TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21), + TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41)}}, + {{TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe), + TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08)}, + {TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1), + TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c)}}, + {{TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47), + TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7)}, + {TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a), + TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6)}}, + {{TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e), + TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2)}, + {TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b), + TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67)}}, + {{TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca), + TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04)}, + {TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a), + TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea)}}, + {{TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b), + TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f)}, + {TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815), + TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39)}}, + {{TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749), + TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77)}, + {TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61), + TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0)}}, + {{TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54), + TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614)}, + {TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28), + TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16)}}, + {{TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb), + TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954)}, + {TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998), + TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc)}}, + {{TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934), + TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44)}, + {TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a), + TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f)}}, + {{TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e), + TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d)}, + {TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f), + TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585)}}, + {{TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239), + TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413)}, + {TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e), + TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28)}}, + {{TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4), + TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10)}, + {TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33), + TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c)}}, + {{TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8), + TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2)}, + {TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815), + TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e)}}, + {{TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c), + TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240)}, + {TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3), + TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb)}}, + {{TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5), + TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d)}, + {TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f), + TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79)}}, + {{TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1), + TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0)}, + {TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3), + TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039)}}, + {{TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab), + TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944)}, + {TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb), + TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf)}}, + {{TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6), + TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316)}, + {TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789), + TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6)}}, + {{TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51), + TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017)}, + {TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722), + TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e)}}}, + {{{TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3), + TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb)}, + {TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c), + TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b)}}, + {{TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0), + TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b)}, + {TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080), + TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600)}}, + {{TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc), + TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026)}, + {TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89), + TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731)}}, + {{TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79), + TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0)}, + {TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6), + TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668)}}, + {{TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383), + TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee)}, + {TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f), + TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a)}}, + {{TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0), + TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa)}, + {TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf), + TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9)}}, + {{TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc), + TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745)}, + {TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea), + TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a)}}, + {{TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650), + TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b)}, + {TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989), + TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5)}}, + {{TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18), + TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c)}, + {TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638), + TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293)}}, + {{TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857), + TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5)}, + {TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74), + TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582)}}, + {{TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1), + TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c)}, + {TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef), + TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8)}}, + {{TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb), + TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f)}, + {TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583), + TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739)}}, + {{TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344), + TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c)}, + {TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82), + TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba)}}, + {{TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325), + TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0)}, + {TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791), + TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655)}}, + {{TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305), + TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6)}, + {TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7), + TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd)}}, + {{TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab), + TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350)}, + {TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974), + TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1)}}, + {{TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27), + TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78)}, + {TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996), + TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da)}}, + {{TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb), + TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77)}, + {TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230), + TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449)}}, + {{TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f), + TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e)}, + {TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40), + TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2)}}, + {{TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683), + TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83)}, + {TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2), + TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c)}}, + {{TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd), + TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804)}, + {TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118), + TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4)}}, + {{TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051), + TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec)}, + {TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b), + TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493)}}, + {{TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0), + TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b)}, + {TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4), + TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00)}}, + {{TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b), + TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953)}, + {TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6), + TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf)}}, + {{TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80), + TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328)}, + {TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215), + TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61)}}, + {{TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a), + TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497)}, + {TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0), + TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4)}}, + {{TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce), + TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56)}, + {TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e), + TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb)}}, + {{TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf), + TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961)}, + {TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063), + TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c)}}, + {{TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9), + TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb)}, + {TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1), + TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264)}}, + {{TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe), + TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0)}, + {TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182), + TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33)}}, + {{TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46), + TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78)}, + {TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055), + TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90)}}, + {{TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2), + TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5)}, + {TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b), + TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14)}}, + {{TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f), + TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0)}, + {TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565), + TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d)}}, + {{TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea), + TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2)}, + {TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670), + TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d)}}, + {{TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c), + TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c)}, + {TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33), + TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad)}}, + {{TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589), + TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd)}, + {TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414), + TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675)}}, + {{TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048), + TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f)}, + {TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef), + TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97)}}, + {{TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8), + TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b)}, + {TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a), + TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9)}}, + {{TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165), + TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da)}, + {TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c), + TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d)}}, + {{TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd), + TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11)}, + {TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d), + TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb)}}, + {{TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a), + TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000)}, + {TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9), + TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27)}}, + {{TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4), + TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193)}, + {TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17), + TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067)}}, + {{TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da), + TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449)}, + {TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b), + TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943)}}, + {{TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54), + TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f)}, + {TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53), + TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104)}}, + {{TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2), + TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903)}, + {TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e), + TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc)}}, + {{TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037), + TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22)}, + {TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8), + TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e)}}, + {{TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e), + TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39)}, + {TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498), + TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf)}}, + {{TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7), + TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a)}, + {TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b), + TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e)}}, + {{TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff), + TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8)}, + {TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be), + TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c)}}, + {{TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680), + TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef)}, + {TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8), + TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e)}}, + {{TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b), + TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201)}, + {TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900), + TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c)}}, + {{TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0), + TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191)}, + {TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5), + TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89)}}, + {{TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3), + TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12)}, + {TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf), + TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe)}}, + {{TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40), + TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936)}, + {TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379), + TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531)}}, + {{TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44), + TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15)}, + {TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7), + TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7)}}, + {{TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40), + TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c)}, + {TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e), + TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b)}}, + {{TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772), + TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47)}, + {TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2), + TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07)}}, + {{TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63), + TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5)}, + {TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db), + TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e)}}, + {{TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423), + TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b)}, + {TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459), + TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699)}}, + {{TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6), + TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777)}, + {TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d), + TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08)}}, + {{TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a), + TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e)}, + {TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46), + TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22)}}, + {{TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148), + TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f)}, + {TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab), + TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef)}}, + {{TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3), + TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91)}, + {TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243), + TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e)}}, + {{TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b), + TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b)}, + {TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0), + TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d)}}}, + {{{TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828), + TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa)}, + {TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17), + TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b)}}, + {{TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2), + TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff)}, + {TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6), + TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733)}}, + {{TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35), + TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538)}, + {TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b), + TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80)}}, + {{TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665), + TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6)}, + {TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c), + TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2)}}, + {{TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3), + TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996)}, + {TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7), + TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4)}}, + {{TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde), + TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f)}, + {TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f), + TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd)}}, + {{TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd), + TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c)}, + {TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6), + TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7)}}, + {{TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71), + TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11)}, + {TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1), + TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7)}}, + {{TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29), + TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514)}, + {TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5), + TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19)}}, + {{TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613), + TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16)}, + {TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5), + TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e)}}, + {{TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1), + TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a)}, + {TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b), + TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba)}}, + {{TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee), + TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa)}, + {TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1), + TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836)}}, + {{TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878), + TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a)}, + {TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f), + TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af)}}, + {{TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22), + TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b)}, + {TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c), + TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0)}}, + {{TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634), + TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405)}, + {TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65), + TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e)}}, + {{TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b), + TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831)}, + {TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029), + TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab)}}, + {{TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77), + TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e)}, + {TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5), + TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b)}}, + {{TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a), + TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620)}, + {TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4), + TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428)}}, + {{TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48), + TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf)}, + {TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584), + TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f)}}, + {{TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298), + TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d)}, + {TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85), + TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b)}}, + {{TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26), + TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87)}, + {TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811), + TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592)}}, + {{TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043), + TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa)}, + {TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82), + TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72)}}, + {{TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2), + TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba)}, + {TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1), + TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642)}}, + {{TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce), + TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294)}, + {TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c), + TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949)}}, + {{TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03), + TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd)}, + {TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd), + TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa)}}, + {{TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8), + TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db)}, + {TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff), + TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b)}}, + {{TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75), + TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb)}, + {TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999), + TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108)}}, + {{TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8), + TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec)}, + {TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229), + TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f)}}, + {{TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a), + TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29)}, + {TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053), + TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e)}}, + {{TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df), + TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558)}, + {TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b), + TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff)}}, + {{TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a), + TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e)}, + {TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43), + TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d)}}, + {{TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0), + TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43)}, + {TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904), + TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf)}}, + {{TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4), + TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12)}, + {TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460), + TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c)}}, + {{TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c), + TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8)}, + {TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4), + TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48)}}, + {{TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11), + TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9)}, + {TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c), + TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316)}}, + {{TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c), + TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01)}, + {TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101), + TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572)}}, + {{TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5), + TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250)}, + {TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c), + TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe)}}, + {{TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95), + TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8)}, + {TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb), + TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28)}}, + {{TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96), + TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51)}, + {TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233), + TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005)}}, + {{TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217), + TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a)}, + {TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f), + TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b)}}, + {{TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb), + TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761)}, + {TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db), + TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a)}}, + {{TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06), + TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12)}, + {TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4), + TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20)}}, + {{TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e), + TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9)}, + {TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad), + TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b)}}, + {{TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f), + TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed)}, + {TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c), + TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038)}}, + {{TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536), + TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2)}, + {TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea), + TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843)}}, + {{TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210), + TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6)}, + {TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff), + TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2)}}, + {{TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5), + TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e)}, + {TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6), + TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035)}}, + {{TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04), + TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3)}, + {TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd), + TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea)}}, + {{TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843), + TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed)}, + {TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e), + TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7)}}, + {{TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b), + TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754)}, + {TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385), + TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e)}}, + {{TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed), + TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772)}, + {TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e), + TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850)}}, + {{TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3), + TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7)}, + {TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354), + TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0)}}, + {{TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad), + TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b)}, + {TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5), + TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843)}}, + {{TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4), + TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c)}, + {TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18), + TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040)}}, + {{TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4), + TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c)}, + {TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963), + TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c)}}, + {{TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0), + TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4)}, + {TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84), + TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf)}}, + {{TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17), + TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065)}, + {TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178), + TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5)}}, + {{TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485), + TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea)}, + {TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea), + TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75)}}, + {{TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed), + TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22)}, + {TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff), + TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113)}}, + {{TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b), + TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331)}, + {TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08), + TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c)}}, + {{TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8), + TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22)}, + {TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295), + TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536)}}, + {{TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae), + TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb)}, + {TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc), + TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161)}}, + {{TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98), + TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd)}, + {TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a), + TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1)}}, + {{TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246), + TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53)}, + {TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707), + TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d)}}}, + {{{TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320), + TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae)}, + {TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de), + TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5)}}, + {{TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e), + TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2)}, + {TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7), + TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f)}}, + {{TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2), + TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0)}, + {TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e), + TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f)}}, + {{TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e), + TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef)}, + {TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2), + TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81)}}, + {{TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75), + TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663)}, + {TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e), + TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e)}}, + {{TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c), + TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951)}, + {TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d), + TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651)}}, + {{TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625), + TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a)}, + {TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b), + TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506)}}, + {{TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a), + TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be)}, + {TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4), + TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13)}}, + {{TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e), + TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c)}, + {TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931), + TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b)}}, + {{TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b), + TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d)}, + {TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3), + TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456)}}, + {{TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e), + TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce)}, + {TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12), + TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16)}}, + {{TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb), + TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7)}, + {TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f), + TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991)}}, + {{TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12), + TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2)}, + {TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f), + TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f)}}, + {{TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523), + TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b)}, + {TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b), + TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5)}}, + {{TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673), + TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2)}, + {TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c), + TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b)}}, + {{TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a), + TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540)}, + {TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995), + TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268)}}, + {{TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e), + TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3)}, + {TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75), + TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6)}}, + {{TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3), + TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382)}, + {TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d), + TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b)}}, + {{TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7), + TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061)}, + {TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1), + TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069)}}, + {{TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247), + TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0)}, + {TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24), + TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da)}}, + {{TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894), + TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b)}, + {TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9), + TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a)}}, + {{TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb), + TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05)}, + {TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf), + TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c)}}, + {{TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc), + TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd)}, + {TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e), + TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1)}}, + {{TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4), + TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e)}, + {TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64), + TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574)}}, + {{TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a), + TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae)}, + {TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35), + TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f)}}, + {{TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c), + TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed)}, + {TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345), + TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c)}}, + {{TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb), + TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87)}, + {TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a), + TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3)}}, + {{TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc), + TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c)}, + {TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2), + TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf)}}, + {{TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946), + TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5)}, + {TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9), + TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52)}}, + {{TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3), + TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad)}, + {TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96), + TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459)}}, + {{TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a), + TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7)}, + {TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d), + TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa)}}, + {{TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142), + TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec)}, + {TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10), + TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1)}}, + {{TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815), + TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5)}, + {TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464), + TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6)}}, + {{TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0), + TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963)}, + {TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232), + TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a)}}, + {{TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af), + TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7)}, + {TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae), + TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981)}}, + {{TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e), + TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a)}, + {TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9), + TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2)}}, + {{TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681), + TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9)}, + {TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8), + TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04)}}, + {{TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472), + TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7)}, + {TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71), + TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954)}}, + {{TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972), + TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8)}, + {TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4), + TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812)}}, + {{TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04), + TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e)}, + {TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d), + TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46)}}, + {{TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52), + TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7)}, + {TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b), + TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2)}}, + {{TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09), + TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef)}, + {TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6), + TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5)}}, + {{TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5), + TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac)}, + {TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de), + TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421)}}, + {{TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b), + TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d)}, + {TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708), + TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df)}}, + {{TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e), + TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c)}, + {TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e), + TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0)}}, + {{TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd), + TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27)}, + {TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d), + TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457)}}, + {{TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d), + TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9)}, + {TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51), + TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f)}}, + {{TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff), + TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc)}, + {TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1), + TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8)}}, + {{TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27), + TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566)}, + {TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7), + TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36)}}, + {{TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8), + TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4)}, + {TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd), + TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256)}}, + {{TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1), + TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175)}, + {TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c), + TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987)}}, + {{TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94), + TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240)}, + {TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22), + TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf)}}, + {{TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5), + TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894)}, + {TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743), + TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb)}}, + {{TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33), + TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b)}, + {TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59), + TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d)}}, + {{TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459), + TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278)}, + {TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782), + TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006)}}, + {{TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2), + TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f)}, + {TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83), + TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c)}}, + {{TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d), + TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161)}, + {TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513), + TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5)}}, + {{TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959), + TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f)}, + {TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75), + TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9)}}, + {{TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c), + TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231)}, + {TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36), + TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e)}}, + {{TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c), + TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49)}, + {TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef), + TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca)}}, + {{TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa), + TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c)}, + {TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081), + TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47)}}, + {{TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9), + TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96)}, + {TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4), + TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847)}}, + {{TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8), + TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72)}, + {TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf), + TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011)}}, + {{TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05), + TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58)}, + {TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8), + TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691)}}}, + {{{TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da), + TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c)}, + {TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa), + TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7)}}, + {{TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e), + TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21)}, + {TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025), + TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8)}}, + {{TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607), + TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82)}, + {TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0), + TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28)}}, + {{TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562), + TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d)}, + {TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0), + TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1)}}, + {{TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c), + TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9)}, + {TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085), + TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f)}}, + {{TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6), + TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f)}, + {TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9), + TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6)}}, + {{TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1), + TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef)}, + {TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13), + TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577)}}, + {{TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae), + TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240)}, + {TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39), + TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9)}}, + {{TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291), + TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8)}, + {TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d), + TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5)}}, + {{TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e), + TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8)}, + {TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f), + TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae)}}, + {{TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05), + TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae)}, + {TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced), + TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433)}}, + {{TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8), + TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d)}, + {TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1), + TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7)}}, + {{TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6), + TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e)}, + {TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994), + TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d)}}, + {{TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5), + TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d)}, + {TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b), + TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16)}}, + {{TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc), + TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a)}, + {TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5), + TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0)}}, + {{TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7), + TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda)}, + {TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2), + TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413)}}, + {{TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12), + TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0)}, + {TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65), + TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8)}}, + {{TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e), + TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d)}, + {TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da), + TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4)}}, + {{TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f), + TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277)}, + {TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec), + TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9)}}, + {{TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385), + TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36)}, + {TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a), + TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e)}}, + {{TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef), + TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b)}, + {TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f), + TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462)}}, + {{TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd), + TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed)}, + {TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f), + TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e)}}, + {{TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b), + TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf)}, + {TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2), + TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2)}}, + {{TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456), + TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e)}, + {TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a), + TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a)}}, + {{TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57), + TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a)}, + {TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42), + TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3)}}, + {{TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32), + TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d)}, + {TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909), + TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83)}}, + {{TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead), + TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8)}, + {TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd), + TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0)}}, + {{TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d), + TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436)}, + {TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179), + TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845)}}, + {{TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97), + TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4)}, + {TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d), + TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43)}}, + {{TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b), + TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff)}, + {TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb), + TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368)}}, + {{TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26), + TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937)}, + {TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8), + TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40)}}, + {{TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf), + TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2)}, + {TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a), + TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a)}}, + {{TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3), + TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3)}, + {TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002), + TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56)}}, + {{TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7), + TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411)}, + {TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b), + TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3)}}, + {{TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848), + TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e)}, + {TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72), + TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31)}}, + {{TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e), + TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68)}, + {TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf), + TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8)}}, + {{TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b), + TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758)}, + {TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533), + TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b)}}, + {{TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515), + TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8)}, + {TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885), + TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46)}}, + {{TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98), + TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3)}, + {TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72), + TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b)}}, + {{TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477), + TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819)}, + {TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b), + TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838)}}, + {{TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4), + TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3)}, + {TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718), + TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f)}}, + {{TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e), + TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1)}, + {TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c), + TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5)}}, + {{TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1), + TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133)}, + {TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3), + TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff)}}, + {{TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e), + TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea)}, + {TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec), + TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6)}}, + {{TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c), + TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39)}, + {TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39), + TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1)}}, + {{TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921), + TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149)}, + {TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e), + TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781)}}, + {{TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0), + TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe)}, + {TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30), + TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0)}}, + {{TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98), + TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651)}, + {TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521), + TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91)}}, + {{TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2), + TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87)}, + {TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41), + TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5)}}, + {{TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469), + TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6)}, + {TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8), + TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a)}}, + {{TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee), + TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31)}, + {TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e), + TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63)}}, + {{TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8), + TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a)}, + {TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7), + TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f)}}, + {{TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29), + TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61)}, + {TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e), + TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247)}}, + {{TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210), + TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947)}, + {TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c), + TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a)}}, + {{TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793), + TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7)}, + {TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c), + TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7)}}, + {{TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5), + TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1)}, + {TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da), + TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026)}}, + {{TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9), + TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146)}, + {TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22), + TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d)}}, + {{TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771), + TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de)}, + {TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049), + TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678)}}, + {{TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f), + TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a)}, + {TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c), + TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d)}}, + {{TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28), + TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7)}, + {TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7), + TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11)}}, + {{TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd), + TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93)}, + {TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb), + TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d)}}, + {{TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3), + TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606)}, + {TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89), + TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8)}}, + {{TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9), + TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7)}, + {TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276), + TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4)}}, + {{TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454), + TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372)}, + {TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e), + TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f)}}}, + {{{TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7), + TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943)}, + {TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362), + TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297)}}, + {{TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7), + TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0)}, + {TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c), + TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc)}}, + {{TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf), + TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858)}, + {TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304), + TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900)}}, + {{TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96), + TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304)}, + {TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b), + TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651)}}, + {{TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267), + TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65)}, + {TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1), + TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6)}}, + {{TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab), + TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d)}, + {TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece), + TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac)}}, + {{TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192), + TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046)}, + {TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352), + TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667)}}, + {{TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e), + TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57)}, + {TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b), + TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3)}}, + {{TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704), + TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7)}, + {TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be), + TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291)}}, + {{TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c), + TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d)}, + {TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c), + TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e)}}, + {{TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682), + TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799)}, + {TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9), + TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756)}}, + {{TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e), + TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8)}, + {TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86), + TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836)}}, + {{TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be), + TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1)}, + {TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d), + TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b)}}, + {{TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052), + TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48)}, + {TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d), + TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43)}}, + {{TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961), + TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17)}, + {TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1), + TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed)}}, + {{TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840), + TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644)}, + {TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e), + TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c)}}, + {{TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf), + TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867)}, + {TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41), + TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67)}}, + {{TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77), + TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a)}, + {TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276), + TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b)}}, + {{TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00), + TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d)}, + {TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842), + TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6)}}, + {{TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5), + TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544)}, + {TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63), + TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854)}}, + {{TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601), + TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487)}, + {TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7), + TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f)}}, + {{TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a), + TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f)}, + {TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74), + TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091)}}, + {{TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9), + TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63)}, + {TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e), + TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44)}}, + {{TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de), + TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7)}, + {TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c), + TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28)}}, + {{TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1), + TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92)}, + {TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46), + TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93)}}, + {{TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2), + TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056)}, + {TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1), + TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660)}}, + {{TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45), + TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b)}, + {TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a), + TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac)}}, + {{TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8), + TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab)}, + {TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51), + TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca)}}, + {{TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed), + TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3)}, + {TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5), + TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9)}}, + {{TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94), + TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a)}, + {TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec), + TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491)}}, + {{TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5), + TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd)}, + {TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9), + TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e)}}, + {{TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0), + TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f)}, + {TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91), + TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb)}}, + {{TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28), + TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0)}, + {TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56), + TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49)}}, + {{TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729), + TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3)}, + {TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc), + TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8)}}, + {{TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef), + TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2)}, + {TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc), + TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc)}}, + {{TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d), + TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee)}, + {TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032), + TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812)}}, + {{TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491), + TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1)}, + {TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc), + TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c)}}, + {{TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007), + TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d)}, + {TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10), + TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940)}}, + {{TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b), + TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1)}, + {TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5), + TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d)}}, + {{TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe), + TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318)}, + {TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca), + TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a)}}, + {{TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569), + TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e)}, + {TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b), + TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d)}}, + {{TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78), + TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a)}, + {TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b), + TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4)}}, + {{TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926), + TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5)}, + {TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772), + TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab)}}, + {{TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7), + TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b)}, + {TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599), + TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6)}}, + {{TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9), + TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67)}, + {TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907), + TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad)}}, + {{TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51), + TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0)}, + {TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff), + TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b)}}, + {{TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1), + TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a)}, + {TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901), + TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e)}}, + {{TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c), + TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3)}, + {TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511), + TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d)}}, + {{TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2), + TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511)}, + {TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c), + TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e)}}, + {{TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb), + TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249)}, + {TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4), + TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53)}}, + {{TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583), + TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5)}, + {TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760), + TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1)}}, + {{TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d), + TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b)}, + {TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5), + TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188)}}, + {{TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79), + TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef)}, + {TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b), + TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7)}}, + {{TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e), + TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf)}, + {TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4), + TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341)}}, + {{TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff), + TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00)}, + {TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8), + TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571)}}, + {{TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697), + TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd)}, + {TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096), + TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7)}}, + {{TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13), + TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522)}, + {TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021), + TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff)}}, + {{TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc), + TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f)}, + {TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee), + TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605)}}, + {{TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28), + TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0)}, + {TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be), + TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246)}}, + {{TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93), + TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c)}, + {TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214), + TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04)}}, + {{TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326), + TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499)}, + {TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f), + TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434)}}, + {{TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c), + TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532)}, + {TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269), + TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f)}}, + {{TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554), + TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f)}, + {TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799), + TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12)}}, + {{TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152), + TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458)}, + {TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc), + TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89)}}}, + {{{TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e), + TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de)}, + {TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56), + TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154)}}, + {{TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078), + TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc)}, + {TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0), + TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9)}}, + {{TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259), + TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407)}, + {TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f), + TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9)}}, + {{TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240), + TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca)}, + {TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228), + TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59)}}, + {{TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88), + TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f)}, + {TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26), + TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf)}}, + {{TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382), + TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43)}, + {TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4), + TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0)}}, + {{TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633), + TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea)}, + {TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a), + TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab)}}, + {{TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27), + TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50)}, + {TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e), + TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf)}}, + {{TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c), + TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25)}, + {TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5), + TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b)}}, + {{TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe), + TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee)}, + {TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7), + TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276)}}, + {{TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a), + TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851)}, + {TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba), + TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66)}}, + {{TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c), + TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b)}, + {TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61), + TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e)}}, + {{TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4), + TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb)}, + {TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75), + TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe)}}, + {{TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80), + TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a)}, + {TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4), + TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a)}}, + {{TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee), + TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf)}, + {TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1), + TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1)}}, + {{TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a), + TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331)}, + {TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625), + TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61)}}, + {{TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4), + TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a)}, + {TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360), + TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b)}}, + {{TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f), + TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219)}, + {TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5), + TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181)}}, + {{TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8), + TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c)}, + {TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c), + TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b)}}, + {{TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7), + TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2)}, + {TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e), + TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8)}}, + {{TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782), + TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d)}, + {TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4), + TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4)}}, + {{TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402), + TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372)}, + {TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa), + TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73)}}, + {{TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167), + TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79)}, + {TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04), + TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a)}}, + {{TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd), + TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81)}, + {TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1), + TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87)}}, + {{TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb), + TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6)}, + {TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33), + TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9)}}, + {{TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55), + TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8)}, + {TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a), + TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39)}}, + {{TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e), + TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6)}, + {TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d), + TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb)}}, + {{TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8), + TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1)}, + {TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888), + TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c)}}, + {{TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41), + TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8)}, + {TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d), + TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab)}}, + {{TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3), + TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e)}, + {TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4), + TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764)}}, + {{TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce), + TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f)}, + {TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38), + TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936)}}, + {{TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93), + TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0)}, + {TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58), + TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a)}}, + {{TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe), + TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae)}, + {TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28), + TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11)}}, + {{TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7), + TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73)}, + {TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823), + TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346)}}, + {{TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256), + TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40)}, + {TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7), + TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec)}}, + {{TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5), + TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530)}, + {TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac), + TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f)}}, + {{TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63), + TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15)}, + {TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20), + TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30)}}, + {{TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba), + TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa)}, + {TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8), + TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6)}}, + {{TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa), + TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3)}, + {TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa), + TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c)}}, + {{TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e), + TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872)}, + {TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618), + TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514)}}, + {{TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79), + TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3)}, + {TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8), + TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0)}}, + {{TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc), + TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036)}, + {TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7), + TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec)}}, + {{TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911), + TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1)}, + {TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27), + TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe)}}, + {{TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d), + TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42)}, + {TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05), + TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33)}}, + {{TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0), + TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111)}, + {TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007), + TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de)}}, + {{TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6), + TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5)}, + {TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7), + TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160)}}, + {{TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32), + TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f)}, + {TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112), + TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6)}}, + {{TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54), + TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5)}, + {TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe), + TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400)}}, + {{TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed), + TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69)}, + {TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1), + TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29)}}, + {{TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771), + TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678)}, + {TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5), + TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c)}}, + {{TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b), + TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea)}, + {TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99), + TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55)}}, + {{TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15), + TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95)}, + {TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa), + TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da)}}, + {{TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce), + TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254)}, + {TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855), + TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc)}}, + {{TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762), + TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236)}, + {TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979), + TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64)}}, + {{TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309), + TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8)}, + {TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672), + TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff)}}, + {{TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4), + TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e)}, + {TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4), + TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa)}}, + {{TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328), + TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c)}, + {TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014), + TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf)}}, + {{TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f), + TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad)}, + {TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08), + TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199)}}, + {{TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b), + TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd)}, + {TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14), + TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158)}}, + {{TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1), + TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd)}, + {TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a), + TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2)}}, + {{TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150), + TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719)}, + {TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb), + TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3)}}, + {{TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b), + TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe)}, + {TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7), + TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec)}}, + {{TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646), + TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a)}, + {TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66), + TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de)}}, + {{TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24), + TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04)}, + {TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81), + TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca)}}}, + {{{TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728), + TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d)}, + {TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf), + TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2)}}, + {{TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413), + TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7)}, + {TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5), + TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089)}}, + {{TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b), + TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07)}, + {TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682), + TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6)}}, + {{TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33), + TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd)}, + {TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac), + TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c)}}, + {{TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0), + TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241)}, + {TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363), + TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3)}}, + {{TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168), + TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02)}, + {TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac), + TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d)}}, + {{TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc), + TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649)}, + {TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7), + TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef)}}, + {{TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae), + TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c)}, + {TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52), + TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558)}}, + {{TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c), + TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c)}, + {TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec), + TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4)}}, + {{TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259), + TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1)}, + {TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c), + TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c)}}, + {{TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4), + TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3)}, + {TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2), + TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a)}}, + {{TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184), + TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00)}, + {TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4), + TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828)}}, + {{TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d), + TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478)}, + {TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0), + TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8)}}, + {{TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541), + TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be)}, + {TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a), + TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216)}}, + {{TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86), + TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128)}, + {TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf), + TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2)}}, + {{TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a), + TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84)}, + {TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e), + TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0)}}, + {{TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6), + TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16)}, + {TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2), + TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849)}}, + {{TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14), + TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644)}, + {TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2), + TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5)}}, + {{TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550), + TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1)}, + {TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d), + TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8)}}, + {{TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13), + TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d)}, + {TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d), + TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af)}}, + {{TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88), + TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d)}, + {TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2), + TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984)}}, + {{TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca), + TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40)}, + {TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b), + TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239)}}, + {{TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8), + TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe)}, + {TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279), + TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae)}}, + {{TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8), + TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab)}, + {TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f), + TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e)}}, + {{TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc), + TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e)}, + {TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622), + TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2)}}, + {{TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161), + TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6)}, + {TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0), + TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34)}}, + {{TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb), + TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b)}, + {TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d), + TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567)}}, + {{TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6), + TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff)}, + {TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122), + TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942)}}, + {{TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69), + TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa)}, + {TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e), + TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326)}}, + {{TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70), + TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1)}, + {TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed), + TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331)}}, + {{TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a), + TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7)}, + {TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2), + TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993)}}, + {{TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5), + TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d)}, + {TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f), + TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887)}}, + {{TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5), + TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56)}, + {TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73), + TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a)}}, + {{TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036), + TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162)}, + {TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5), + TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5)}}, + {{TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b), + TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1)}, + {TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389), + TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde)}}, + {{TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac), + TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768)}, + {TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc), + TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279)}}, + {{TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca), + TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba)}, + {TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a), + TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb)}}, + {{TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500), + TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476)}, + {TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa), + TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c)}}, + {{TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28), + TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34)}, + {TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a), + TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e)}}, + {{TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae), + TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f)}, + {TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e), + TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf)}}, + {{TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0), + TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854)}, + {TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab), + TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f)}}, + {{TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03), + TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720)}, + {TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495), + TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef)}}, + {{TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef), + TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349)}, + {TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825), + TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a)}}, + {{TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3), + TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5)}, + {TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7), + TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c)}}, + {{TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792), + TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2)}, + {TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d), + TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9)}}, + {{TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad), + TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854)}, + {TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4), + TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70)}}, + {{TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997), + TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52)}, + {TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2), + TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2)}}, + {{TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232), + TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca)}, + {TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8), + TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72)}}, + {{TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905), + TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42)}, + {TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642), + TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b)}}, + {{TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c), + TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed)}, + {TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e), + TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd)}}, + {{TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693), + TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f)}, + {TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3), + TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130)}}, + {{TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895), + TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b)}, + {TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9), + TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5)}}, + {{TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45), + TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df)}, + {TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25), + TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1)}}, + {{TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5), + TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf)}, + {TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54), + TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384)}}, + {{TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75), + TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb)}, + {TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9), + TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844)}}, + {{TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66), + TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6)}, + {TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f), + TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a)}}, + {{TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511), + TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee)}, + {TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9), + TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff)}}, + {{TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3), + TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12)}, + {TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16), + TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36)}}, + {{TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f), + TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429)}, + {TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c), + TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2)}}, + {{TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f), + TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843)}, + {TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622), + TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37)}}, + {{TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f), + TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f)}, + {TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a), + TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7)}}, + {{TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335), + TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9)}, + {TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0), + TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49)}}, + {{TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244), + TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd)}, + {TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6), + TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978)}}, + {{TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7), + TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4)}, + {TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac), + TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63)}}}, + {{{TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046), + TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d)}, + {TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa), + TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746)}}, + {{TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e), + TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19)}, + {TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2), + TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d)}}, + {{TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427), + TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77)}, + {TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9), + TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0)}}, + {{TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8), + TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0)}, + {TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05), + TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1)}}, + {{TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62), + TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99)}, + {TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61), + TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1)}}, + {{TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5), + TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685)}, + {TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771), + TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81)}}, + {{TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898), + TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11)}, + {TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4), + TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b)}}, + {{TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e), + TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26)}, + {TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f), + TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab)}}, + {{TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603), + TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77)}, + {TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2), + TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980)}}, + {{TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee), + TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326)}, + {TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6), + TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5)}}, + {{TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e), + TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9)}, + {TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591), + TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d)}}, + {{TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb), + TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac)}, + {TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e), + TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b)}}, + {{TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc), + TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3)}, + {TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c), + TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8)}}, + {{TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174), + TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081)}, + {TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2), + TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53)}}, + {{TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be), + TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf)}, + {TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6), + TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464)}}, + {{TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63), + TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d)}, + {TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c), + TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f)}}, + {{TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a), + TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222)}, + {TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea), + TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac)}}, + {{TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886), + TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8)}, + {TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e), + TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a)}}, + {{TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5), + TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800)}, + {TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494), + TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203)}}, + {{TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375), + TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d)}, + {TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b), + TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3)}}, + {{TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb), + TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b)}, + {TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac), + TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739)}}, + {{TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f), + TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee)}, + {TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7), + TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a)}}, + {{TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814), + TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5)}, + {TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe), + TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885)}}, + {{TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6), + TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8)}, + {TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70), + TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef)}}, + {{TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96), + TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d)}, + {TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e), + TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61)}}, + {{TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976), + TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe)}, + {TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d), + TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5)}}, + {{TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a), + TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447)}, + {TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2), + TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c)}}, + {{TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746), + TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4)}, + {TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985), + TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e)}}, + {{TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9), + TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef)}, + {TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6), + TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4)}}, + {{TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda), + TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960)}, + {TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7), + TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327)}}, + {{TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1), + TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc)}, + {TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e), + TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07)}}, + {{TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e), + TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0)}, + {TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8), + TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b)}}, + {{TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e), + TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33)}, + {TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa), + TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b)}}, + {{TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690), + TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7)}, + {TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc), + TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9)}}, + {{TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059), + TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b)}, + {TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1), + TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b)}}, + {{TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56), + TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed)}, + {TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af), + TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a)}}, + {{TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a), + TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd)}, + {TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e), + TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4)}}, + {{TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248), + TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382)}, + {TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9), + TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f)}}, + {{TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d), + TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9)}, + {TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506), + TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce)}}, + {{TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91), + TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8)}, + {TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4), + TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b)}}, + {{TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be), + TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41)}, + {TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a), + TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35)}}, + {{TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478), + TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8)}, + {TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0), + TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832)}}, + {{TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b), + TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047)}, + {TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423), + TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac)}}, + {{TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb), + TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734)}, + {TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493), + TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf)}}, + {{TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7), + TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f)}, + {TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc), + TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47)}}, + {{TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea), + TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62)}, + {TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993), + TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8)}}, + {{TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab), + TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2)}, + {TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d), + TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f)}}, + {{TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c), + TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067)}, + {TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097), + TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e)}}, + {{TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0), + TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162)}, + {TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042), + TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5)}}, + {{TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c), + TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0)}, + {TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2), + TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711)}}, + {{TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d), + TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a)}, + {TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d), + TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548)}}, + {{TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba), + TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827)}, + {TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a), + TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1)}}, + {{TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4), + TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195)}, + {TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65), + TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07)}}, + {{TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b), + TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1)}, + {TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4), + TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea)}}, + {{TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7), + TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22)}, + {TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60), + TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c)}}, + {{TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21), + TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676)}, + {TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b), + TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee)}}, + {{TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1), + TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98)}, + {TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb), + TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06)}}, + {{TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9), + TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f)}, + {TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1), + TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6)}}, + {{TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3), + TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635)}, + {TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120), + TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3)}}, + {{TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520), + TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf)}, + {TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a), + TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848)}}, + {{TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6), + TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc)}, + {TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc), + TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6)}}, + {{TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae), + TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d)}, + {TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317), + TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a)}}, + {{TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee), + TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7)}, + {TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b), + TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8)}}, + {{TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e), + TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792)}, + {TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5), + TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4)}}}, + {{{TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603), + TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129)}, + {TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c), + TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca)}}, + {{TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e), + TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8)}, + {TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8), + TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038)}}, + {{TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a), + TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109)}, + {TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43), + TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3)}}, + {{TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc), + TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4)}, + {TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3), + TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97)}}, + {{TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9), + TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb)}, + {TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b), + TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e)}}, + {{TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07), + TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270)}, + {TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b), + TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f)}}, + {{TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb), + TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997)}, + {TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a), + TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5)}}, + {{TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb), + TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a)}, + {TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586), + TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018)}}, + {{TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b), + TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739)}, + {TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962), + TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b)}}, + {{TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257), + TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8)}, + {TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f), + TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa)}}, + {{TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467), + TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665)}, + {TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a), + TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f)}}, + {{TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a), + TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8)}, + {TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3), + TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00)}}, + {{TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b), + TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52)}, + {TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f), + TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975)}}, + {{TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc), + TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323)}, + {TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9), + TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35)}}, + {{TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1), + TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d)}, + {TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb), + TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c)}}, + {{TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266), + TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf)}, + {TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf), + TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd)}}, + {{TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1), + TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110)}, + {TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3), + TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28)}}, + {{TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531), + TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8)}, + {TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a), + TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83)}}, + {{TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a), + TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d)}, + {TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783), + TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4)}}, + {{TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203), + TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc)}, + {TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a), + TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7)}}, + {{TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287), + TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c)}, + {TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70), + TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c)}}, + {{TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8), + TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4)}, + {TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f), + TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9)}}, + {{TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366), + TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b)}, + {TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01), + TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd)}}, + {{TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da), + TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e)}, + {TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465), + TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5)}}, + {{TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1), + TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c)}, + {TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217), + TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955)}}, + {{TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124), + TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775)}, + {TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a), + TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29)}}, + {{TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800), + TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194)}, + {TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6), + TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c)}}, + {{TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26), + TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724)}, + {TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026), + TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114)}}, + {{TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0), + TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262)}, + {TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b), + TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd)}}, + {{TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26), + TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f)}, + {TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909), + TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc)}}, + {{TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078), + TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b)}, + {TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406), + TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f)}}, + {{TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8), + TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b)}, + {TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22), + TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af)}}, + {{TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859), + TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a)}, + {TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819), + TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d)}}, + {{TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313), + TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408)}, + {TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed), + TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69)}}, + {{TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f), + TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00)}, + {TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7), + TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f)}}, + {{TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534), + TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78)}, + {TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125), + TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7)}}, + {{TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08), + TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd)}, + {TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b), + TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f)}}, + {{TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235), + TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28)}, + {TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2), + TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed)}}, + {{TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45), + TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744)}, + {TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a), + TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c)}}, + {{TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd), + TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312)}, + {TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830), + TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5)}}, + {{TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345), + TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462)}, + {TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe), + TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79)}}, + {{TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f), + TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a)}, + {TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c), + TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d)}}, + {{TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889), + TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f)}, + {TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182), + TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736)}}, + {{TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65), + TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747)}, + {TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68), + TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb)}}, + {{TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497), + TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d)}, + {TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416), + TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272)}}, + {{TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db), + TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57)}, + {TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104), + TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc)}}, + {{TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6), + TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0)}, + {TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e), + TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2)}}, + {{TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e), + TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e)}, + {TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04), + TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614)}}, + {{TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09), + TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b)}, + {TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f), + TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd)}}, + {{TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e), + TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd)}, + {TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6), + TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0)}}, + {{TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623), + TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01)}, + {TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92), + TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804)}}, + {{TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a), + TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d)}, + {TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe), + TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a)}}, + {{TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4), + TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e)}, + {TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4), + TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489)}}, + {{TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5), + TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62)}, + {TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643), + TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e)}}, + {{TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a), + TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3)}, + {TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398), + TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7)}}, + {{TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74), + TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799)}, + {TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d), + TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280)}}, + {{TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28), + TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c)}, + {TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b), + TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c)}}, + {{TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0), + TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae)}, + {TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10), + TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e)}}, + {{TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae), + TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e)}, + {TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15), + TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8)}}, + {{TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c), + TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2)}, + {TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b), + TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1)}}, + {{TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb), + TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670)}, + {TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef), + TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb)}}, + {{TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49), + TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a)}, + {TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e), + TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa)}}, + {{TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335), + TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632)}, + {TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660), + TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c)}}, + {{TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99), + TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4)}, + {TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e), + TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)}}}}; diff --git a/crypto/fipsmodule/ec/p256-x86_64.c b/crypto/fipsmodule/ec/p256-x86_64.c new file mode 100644 index 0000000..3ddfeb2 --- /dev/null +++ b/crypto/fipsmodule/ec/p256-x86_64.c @@ -0,0 +1,279 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2014, Intel Corporation. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) + * (1) Intel Corporation, Israel Development Center, Haifa, Israel + * (2) University of Haifa, Israel + * + * Reference: + * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with + * 256 Bit Primes" + */ + +#include <ring-core/base.h> + +#include "../../limbs/limbs.inl" + +#include <stdint.h> + +#include "p256-x86_64.h" + +#if defined(OPENSSL_USE_NISTZ256) + +typedef P256_POINT_AFFINE PRECOMP256_ROW[64]; + +// One converted into the Montgomery domain +static const BN_ULONG ONE[P256_LIMBS] = { + TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000), + TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe), +}; + +// Precomputed tables for the default generator +#include "p256-x86_64-table.h" + +// Recode window to a signed digit, see |nistp_recode_scalar_bits| in +// util.c for details +static crypto_word booth_recode_w5(crypto_word in) { + crypto_word s, d; + + s = ~((in >> 5) - 1); + d = (1 << 6) - in - 1; + d = (d & s) | (in & ~s); + d = (d >> 1) + (d & 1); + + return (d << 1) + (s & 1); +} + +static crypto_word booth_recode_w7(crypto_word in) { + crypto_word s, d; + + s = ~((in >> 7) - 1); + d = (1 << 8) - in - 1; + d = (d & s) | (in & ~s); + d = (d >> 1) + (d & 1); + + return (d << 1) + (s & 1); +} + +// copy_conditional copies |src| to |dst| if |move| is one and leaves it as-is +// if |move| is zero. +// +// WARNING: this breaks the usual convention of constant-time functions +// returning masks. +static void copy_conditional(BN_ULONG dst[P256_LIMBS], + const BN_ULONG src[P256_LIMBS], BN_ULONG move) { + BN_ULONG mask1 = ((BN_ULONG)0) - move; + BN_ULONG mask2 = ~mask1; + + dst[0] = (src[0] & mask1) ^ (dst[0] & mask2); + dst[1] = (src[1] & mask1) ^ (dst[1] & mask2); + dst[2] = (src[2] & mask1) ^ (dst[2] & mask2); + dst[3] = (src[3] & mask1) ^ (dst[3] & mask2); + if (P256_LIMBS == 8) { + dst[4] = (src[4] & mask1) ^ (dst[4] & mask2); + dst[5] = (src[5] & mask1) ^ (dst[5] & mask2); + dst[6] = (src[6] & mask1) ^ (dst[6] & mask2); + dst[7] = (src[7] & mask1) ^ (dst[7] & mask2); + } +} + +// is_not_zero returns one iff in != 0 and zero otherwise. +// +// WARNING: this breaks the usual convention of constant-time functions +// returning masks. +// +// (define-fun is_not_zero ((in (_ BitVec 64))) (_ BitVec 64) +// (bvlshr (bvor in (bvsub #x0000000000000000 in)) #x000000000000003f) +// ) +// +// (declare-fun x () (_ BitVec 64)) +// +// (assert (and (= x #x0000000000000000) (= (is_not_zero x) #x0000000000000001))) +// (check-sat) +// +// (assert (and (not (= x #x0000000000000000)) (= (is_not_zero x) #x0000000000000000))) +// (check-sat) +// +static BN_ULONG is_not_zero(BN_ULONG in) { + in |= (0 - in); + in >>= BN_BITS2 - 1; + return in; +} + + +// r = p * p_scalar +static void ecp_nistz256_windowed_mul(P256_POINT *r, + const BN_ULONG p_scalar[P256_LIMBS], + const BN_ULONG p_x[P256_LIMBS], + const BN_ULONG p_y[P256_LIMBS]) { + debug_assert_nonsecret(r != NULL); + debug_assert_nonsecret(p_scalar != NULL); + debug_assert_nonsecret(p_x != NULL); + debug_assert_nonsecret(p_y != NULL); + + static const size_t kWindowSize = 5; + static const crypto_word kMask = (1 << (5 /* kWindowSize */ + 1)) - 1; + + // A |P256_POINT| is (3 * 32) = 96 bytes, and the 64-byte alignment should + // add no more than 63 bytes of overhead. Thus, |table| should require + // ~1599 ((96 * 16) + 63) bytes of stack space. + alignas(64) P256_POINT table[16]; + P256_SCALAR_BYTES p_str; + p256_scalar_bytes_from_limbs(p_str, p_scalar); + + // table[0] is implicitly (0,0,0) (the point at infinity), therefore it is + // not stored. All other values are actually stored with an offset of -1 in + // table. + P256_POINT *row = table; + + limbs_copy(row[1 - 1].X, p_x, P256_LIMBS); + limbs_copy(row[1 - 1].Y, p_y, P256_LIMBS); + limbs_copy(row[1 - 1].Z, ONE, P256_LIMBS); + + ecp_nistz256_point_double(&row[2 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[3 - 1], &row[2 - 1], &row[1 - 1]); + ecp_nistz256_point_double(&row[4 - 1], &row[2 - 1]); + ecp_nistz256_point_double(&row[6 - 1], &row[3 - 1]); + ecp_nistz256_point_double(&row[8 - 1], &row[4 - 1]); + ecp_nistz256_point_double(&row[12 - 1], &row[6 - 1]); + ecp_nistz256_point_add(&row[5 - 1], &row[4 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[7 - 1], &row[6 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[9 - 1], &row[8 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[13 - 1], &row[12 - 1], &row[1 - 1]); + ecp_nistz256_point_double(&row[14 - 1], &row[7 - 1]); + ecp_nistz256_point_double(&row[10 - 1], &row[5 - 1]); + ecp_nistz256_point_add(&row[15 - 1], &row[14 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[11 - 1], &row[10 - 1], &row[1 - 1]); + ecp_nistz256_point_double(&row[16 - 1], &row[8 - 1]); + + BN_ULONG tmp[P256_LIMBS]; + alignas(32) P256_POINT h; + size_t index = 255; + crypto_word wvalue = p_str[(index - 1) / 8]; + wvalue = (wvalue >> ((index - 1) % 8)) & kMask; + + ecp_nistz256_select_w5(r, table, booth_recode_w5(wvalue) >> 1); + + while (index >= 5) { + if (index != 255) { + size_t off = (index - 1) / 8; + + wvalue = (crypto_word)p_str[off] | (crypto_word)p_str[off + 1] << 8; + wvalue = (wvalue >> ((index - 1) % 8)) & kMask; + + wvalue = booth_recode_w5(wvalue); + + ecp_nistz256_select_w5(&h, table, wvalue >> 1); + + ecp_nistz256_neg(tmp, h.Y); + copy_conditional(h.Y, tmp, (wvalue & 1)); + + ecp_nistz256_point_add(r, r, &h); + } + + index -= kWindowSize; + + ecp_nistz256_point_double(r, r); + ecp_nistz256_point_double(r, r); + ecp_nistz256_point_double(r, r); + ecp_nistz256_point_double(r, r); + ecp_nistz256_point_double(r, r); + } + + // Final window + wvalue = p_str[0]; + wvalue = (wvalue << 1) & kMask; + + wvalue = booth_recode_w5(wvalue); + + ecp_nistz256_select_w5(&h, table, wvalue >> 1); + + ecp_nistz256_neg(tmp, h.Y); + copy_conditional(h.Y, tmp, wvalue & 1); + + ecp_nistz256_point_add(r, r, &h); +} + +typedef union { + P256_POINT p; + P256_POINT_AFFINE a; +} p256_point_union_t; + +static crypto_word calc_first_wvalue(size_t *index, const uint8_t p_str[33]) { + static const size_t kWindowSize = 7; + static const crypto_word kMask = (1 << (7 /* kWindowSize */ + 1)) - 1; + *index = kWindowSize; + + crypto_word wvalue = ((crypto_word)p_str[0] << 1) & kMask; + return booth_recode_w7(wvalue); +} + +static crypto_word calc_wvalue(size_t *index, const uint8_t p_str[33]) { + static const size_t kWindowSize = 7; + static const crypto_word kMask = (1 << (7 /* kWindowSize */ + 1)) - 1; + + const size_t off = (*index - 1) / 8; + crypto_word wvalue = + (crypto_word)p_str[off] | (crypto_word)p_str[off + 1] << 8; + wvalue = (wvalue >> ((*index - 1) % 8)) & kMask; + *index += kWindowSize; + + return booth_recode_w7(wvalue); +} + +void p256_point_mul(P256_POINT *r, const Limb p_scalar[P256_LIMBS], + const Limb p_x[P256_LIMBS], + const Limb p_y[P256_LIMBS]) { + alignas(32) P256_POINT out; + ecp_nistz256_windowed_mul(&out, p_scalar, p_x, p_y); + + limbs_copy(r->X, out.X, P256_LIMBS); + limbs_copy(r->Y, out.Y, P256_LIMBS); + limbs_copy(r->Z, out.Z, P256_LIMBS); +} + +void p256_point_mul_base(P256_POINT *r, const Limb scalar[P256_LIMBS]) { + alignas(32) p256_point_union_t t, p; + + P256_SCALAR_BYTES p_str; + p256_scalar_bytes_from_limbs(p_str, scalar); + + // First window + size_t index = 0; + crypto_word wvalue = calc_first_wvalue(&index, p_str); + + ecp_nistz256_select_w7(&p.a, ecp_nistz256_precomputed[0], wvalue >> 1); + ecp_nistz256_neg(p.p.Z, p.p.Y); + copy_conditional(p.p.Y, p.p.Z, wvalue & 1); + + // Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p| + // is infinity and |ONE| otherwise. |p| was computed from the table, so it + // is infinity iff |wvalue >> 1| is zero. + OPENSSL_memset(p.p.Z, 0, sizeof(p.p.Z)); + copy_conditional(p.p.Z, ONE, is_not_zero(wvalue >> 1)); + + for (int i = 1; i < 37; i++) { + wvalue = calc_wvalue(&index, p_str); + + ecp_nistz256_select_w7(&t.a, ecp_nistz256_precomputed[i], wvalue >> 1); + + ecp_nistz256_neg(t.p.Z, t.a.Y); + copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + + // Note |ecp_nistz256_point_add_affine| does not work if |p.p| and |t.a| + // are the same non-infinity point. + ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); + } + + limbs_copy(r->X, p.p.X, P256_LIMBS); + limbs_copy(r->Y, p.p.Y, P256_LIMBS); + limbs_copy(r->Z, p.p.Z, P256_LIMBS); +} + +#endif /* defined(OPENSSL_USE_NISTZ256) */ diff --git a/crypto/fipsmodule/ec/p256-x86_64.h b/crypto/fipsmodule/ec/p256-x86_64.h new file mode 100644 index 0000000..d76e11a --- /dev/null +++ b/crypto/fipsmodule/ec/p256-x86_64.h @@ -0,0 +1,109 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2014, Intel Corporation. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) + * (1) Intel Corporation, Israel Development Center, Haifa, Israel + * (2) University of Haifa, Israel + * + * Reference: + * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with + * 256 Bit Primes" + */ + +#ifndef OPENSSL_HEADER_EC_P256_X86_64_H +#define OPENSSL_HEADER_EC_P256_X86_64_H + +#include <ring-core/base.h> + +#include "p256_shared.h" + +#include "../bn/internal.h" + +#if defined(OPENSSL_USE_NISTZ256) + +#define ecp_nistz256_neg nistz256_neg +#define ecp_nistz256_select_w5 nistz256_select_w5 +#define ecp_nistz256_select_w7 nistz256_select_w7 +#define ecp_nistz256_point_double p256_point_double +#define ecp_nistz256_point_add p256_point_add +#define ecp_nistz256_point_add_affine p256_point_add_affine + +// ecp_nistz256_neg sets |res| to -|a| mod P. +void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]); + +// ecp_nistz256_mul_mont sets |res| to |a| * |b| * 2^-256 mod P. +void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS], + const BN_ULONG b[P256_LIMBS]); + +// ecp_nistz256_sqr_mont sets |res| to |a| * |a| * 2^-256 mod P. +void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS]); + + +// P-256 scalar operations. +// +// The following functions compute modulo N, where N is the order of P-256. They +// take fully-reduced inputs and give fully-reduced outputs. + +// ecp_nistz256_ord_mul_mont sets |res| to |a| * |b| where inputs and outputs +// are in Montgomery form. That is, |res| is |a| * |b| * 2^-256 mod N. +void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS], + const BN_ULONG b[P256_LIMBS]); + +// ecp_nistz256_ord_sqr_mont sets |res| to |a|^(2*|rep|) where inputs and +// outputs are in Montgomery form. That is, |res| is +// (|a| * 2^-256)^(2*|rep|) * 2^256 mod N. +void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS], BN_ULONG rep); + + + +// P-256 point operations. +// +// The following functions may be used in-place. All coordinates are in the +// Montgomery domain. + +// A P256_POINT_AFFINE represents a P-256 point in affine coordinates. Infinity +// is encoded as (0, 0). +typedef struct { + BN_ULONG X[P256_LIMBS]; + BN_ULONG Y[P256_LIMBS]; +} P256_POINT_AFFINE; + +// ecp_nistz256_select_w5 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 16 +// and all zeros (the point at infinity) if |index| is 0. This is done in +// constant time. +void ecp_nistz256_select_w5(P256_POINT *val, const P256_POINT in_t[16], + crypto_word index); + +// ecp_nistz256_select_w7 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 64 +// and all zeros (the point at infinity) if |index| is 0. This is done in +// constant time. +void ecp_nistz256_select_w7(P256_POINT_AFFINE *val, + const P256_POINT_AFFINE in_t[64], + crypto_word index); + +// ecp_nistz256_point_double sets |r| to |a| doubled. +void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); + +// ecp_nistz256_point_add adds |a| to |b| and places the result in |r|. +void ecp_nistz256_point_add(P256_POINT *r, const P256_POINT *a, + const P256_POINT *b); + +// ecp_nistz256_point_add_affine adds |a| to |b| and places the result in +// |r|. |a| and |b| must not represent the same point unless they are both +// infinity. +void ecp_nistz256_point_add_affine(P256_POINT *r, const P256_POINT *a, + const P256_POINT_AFFINE *b); + +#endif /* defined(OPENSSL_USE_NISTZ256) */ + +#endif // OPENSSL_HEADER_EC_P256_X86_64_H diff --git a/crypto/fipsmodule/ec/p256.c b/crypto/fipsmodule/ec/p256.c new file mode 100644 index 0000000..9176367 --- /dev/null +++ b/crypto/fipsmodule/ec/p256.c @@ -0,0 +1,494 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +// An implementation of the NIST P-256 elliptic curve point multiplication. +// 256-bit Montgomery form for 64 and 32-bit. Field operations are generated by +// Fiat, which lives in //third_party/fiat. + +#include <ring-core/base.h> + +#include "../../limbs/limbs.h" +#include "../../limbs/limbs.inl" + +#include "p256_shared.h" + +#include "../../internal.h" +#include "./util.h" + +#if !defined(OPENSSL_USE_NISTZ256) + +#if defined(_MSC_VER) && !defined(__clang__) +// '=': conversion from 'int64_t' to 'int32_t', possible loss of data +#pragma warning(disable: 4242) +// '=': conversion from 'int32_t' to 'uint8_t', possible loss of data +#pragma warning(disable: 4244) +// 'initializing': conversion from 'size_t' to 'fiat_p256_limb_t' +#pragma warning(disable: 4267) +#endif + +#if defined(__GNUC__) +#pragma GCC diagnostic ignored "-Wconversion" +#pragma GCC diagnostic ignored "-Wsign-conversion" +#endif + +// MSVC does not implement uint128_t, and crashes with intrinsics +#if defined(BORINGSSL_HAS_UINT128) +#if defined(__GNUC__) +#pragma GCC diagnostic ignored "-Wpedantic" +#endif +#define BORINGSSL_NISTP256_64BIT 1 +#include "../../../third_party/fiat/p256_64.h" +#else +#include "../../../third_party/fiat/p256_32.h" +#endif + + +// utility functions, handwritten + +#if defined(BORINGSSL_NISTP256_64BIT) +#define FIAT_P256_NLIMBS 4 +typedef uint64_t fiat_p256_limb_t; +typedef uint64_t fiat_p256_felem[FIAT_P256_NLIMBS]; +static const fiat_p256_felem fiat_p256_one = {0x1, 0xffffffff00000000, + 0xffffffffffffffff, 0xfffffffe}; +#else // 64BIT; else 32BIT +#define FIAT_P256_NLIMBS 8 +typedef uint32_t fiat_p256_limb_t; +typedef uint32_t fiat_p256_felem[FIAT_P256_NLIMBS]; +static const fiat_p256_felem fiat_p256_one = { + 0x1, 0x0, 0x0, 0xffffffff, 0xffffffff, 0xffffffff, 0xfffffffe, 0x0}; +#endif // 64BIT + + +static fiat_p256_limb_t fiat_p256_nz( + const fiat_p256_limb_t in1[FIAT_P256_NLIMBS]) { + fiat_p256_limb_t ret; + fiat_p256_nonzero(&ret, in1); + return ret; +} + +static void fiat_p256_copy(fiat_p256_limb_t out[FIAT_P256_NLIMBS], + const fiat_p256_limb_t in1[FIAT_P256_NLIMBS]) { + for (size_t i = 0; i < FIAT_P256_NLIMBS; i++) { + out[i] = in1[i]; + } +} + +static void fiat_p256_cmovznz(fiat_p256_limb_t out[FIAT_P256_NLIMBS], + fiat_p256_limb_t t, + const fiat_p256_limb_t z[FIAT_P256_NLIMBS], + const fiat_p256_limb_t nz[FIAT_P256_NLIMBS]) { + fiat_p256_selectznz(out, !!t, z, nz); +} + +// Group operations +// ---------------- +// +// Building on top of the field operations we have the operations on the +// elliptic curve group itself. Points on the curve are represented in Jacobian +// coordinates. +// +// Both operations were transcribed to Coq and proven to correspond to naive +// implementations using Affine coordinates, for all suitable fields. In the +// Coq proofs, issues of constant-time execution and memory layout (aliasing) +// conventions were not considered. Specification of affine coordinates: +// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Spec/WeierstrassCurve.v#L28> +// As a sanity check, a proof that these points form a commutative group: +// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/AffineProofs.v#L33> + +// fiat_p256_point_double calculates 2*(x_in, y_in, z_in) +// +// The method is taken from: +// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b +// +// Coq transcription and correctness proof: +// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L93> +// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L201> +// +// Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. +// while x_out == y_in is not (maybe this works, but it's not tested). +static void fiat_p256_point_double(fiat_p256_felem x_out, fiat_p256_felem y_out, + fiat_p256_felem z_out, + const fiat_p256_felem x_in, + const fiat_p256_felem y_in, + const fiat_p256_felem z_in) { + fiat_p256_felem delta, gamma, beta, ftmp, ftmp2, tmptmp, alpha, fourbeta; + // delta = z^2 + fiat_p256_square(delta, z_in); + // gamma = y^2 + fiat_p256_square(gamma, y_in); + // beta = x*gamma + fiat_p256_mul(beta, x_in, gamma); + + // alpha = 3*(x-delta)*(x+delta) + fiat_p256_sub(ftmp, x_in, delta); + fiat_p256_add(ftmp2, x_in, delta); + + fiat_p256_add(tmptmp, ftmp2, ftmp2); + fiat_p256_add(ftmp2, ftmp2, tmptmp); + fiat_p256_mul(alpha, ftmp, ftmp2); + + // x' = alpha^2 - 8*beta + fiat_p256_square(x_out, alpha); + fiat_p256_add(fourbeta, beta, beta); + fiat_p256_add(fourbeta, fourbeta, fourbeta); + fiat_p256_add(tmptmp, fourbeta, fourbeta); + fiat_p256_sub(x_out, x_out, tmptmp); + + // z' = (y + z)^2 - gamma - delta + fiat_p256_add(delta, gamma, delta); + fiat_p256_add(ftmp, y_in, z_in); + fiat_p256_square(z_out, ftmp); + fiat_p256_sub(z_out, z_out, delta); + + // y' = alpha*(4*beta - x') - 8*gamma^2 + fiat_p256_sub(y_out, fourbeta, x_out); + fiat_p256_add(gamma, gamma, gamma); + fiat_p256_square(gamma, gamma); + fiat_p256_mul(y_out, alpha, y_out); + fiat_p256_add(gamma, gamma, gamma); + fiat_p256_sub(y_out, y_out, gamma); +} + +// fiat_p256_point_add calculates (x1, y1, z1) + (x2, y2, z2) +// +// The method is taken from: +// http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl, +// adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity). +// +// Coq transcription and correctness proof: +// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L135> +// <https://github.com/mit-plv/fiat-crypto/blob/79f8b5f39ed609339f0233098dee1a3c4e6b3080/src/Curves/Weierstrass/Jacobian.v#L205> +// +// This function includes a branch for checking whether the two input points +// are equal, (while not equal to the point at infinity). This case never +// happens during single point multiplication, so there is no timing leak for +// ECDH or ECDSA signing. +static void fiat_p256_point_add(fiat_p256_felem x3, fiat_p256_felem y3, + fiat_p256_felem z3, const fiat_p256_felem x1, + const fiat_p256_felem y1, + const fiat_p256_felem z1, const int mixed, + const fiat_p256_felem x2, + const fiat_p256_felem y2, + const fiat_p256_felem z2) { + fiat_p256_felem x_out, y_out, z_out; + fiat_p256_limb_t z1nz = fiat_p256_nz(z1); + fiat_p256_limb_t z2nz = fiat_p256_nz(z2); + + // z1z1 = z1z1 = z1**2 + fiat_p256_felem z1z1; + fiat_p256_square(z1z1, z1); + + fiat_p256_felem u1, s1, two_z1z2; + if (!mixed) { + // z2z2 = z2**2 + fiat_p256_felem z2z2; + fiat_p256_square(z2z2, z2); + + // u1 = x1*z2z2 + fiat_p256_mul(u1, x1, z2z2); + + // two_z1z2 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2 + fiat_p256_add(two_z1z2, z1, z2); + fiat_p256_square(two_z1z2, two_z1z2); + fiat_p256_sub(two_z1z2, two_z1z2, z1z1); + fiat_p256_sub(two_z1z2, two_z1z2, z2z2); + + // s1 = y1 * z2**3 + fiat_p256_mul(s1, z2, z2z2); + fiat_p256_mul(s1, s1, y1); + } else { + // We'll assume z2 = 1 (special case z2 = 0 is handled later). + + // u1 = x1*z2z2 + fiat_p256_copy(u1, x1); + // two_z1z2 = 2z1z2 + fiat_p256_add(two_z1z2, z1, z1); + // s1 = y1 * z2**3 + fiat_p256_copy(s1, y1); + } + + // u2 = x2*z1z1 + fiat_p256_felem u2; + fiat_p256_mul(u2, x2, z1z1); + + // h = u2 - u1 + fiat_p256_felem h; + fiat_p256_sub(h, u2, u1); + + fiat_p256_limb_t xneq = fiat_p256_nz(h); + + // z_out = two_z1z2 * h + fiat_p256_mul(z_out, h, two_z1z2); + + // z1z1z1 = z1 * z1z1 + fiat_p256_felem z1z1z1; + fiat_p256_mul(z1z1z1, z1, z1z1); + + // s2 = y2 * z1**3 + fiat_p256_felem s2; + fiat_p256_mul(s2, y2, z1z1z1); + + // r = (s2 - s1)*2 + fiat_p256_felem r; + fiat_p256_sub(r, s2, s1); + fiat_p256_add(r, r, r); + + fiat_p256_limb_t yneq = fiat_p256_nz(r); + + fiat_p256_limb_t is_nontrivial_double = constant_time_is_zero_w(xneq | yneq) & + ~constant_time_is_zero_w(z1nz) & + ~constant_time_is_zero_w(z2nz); + if (is_nontrivial_double) { + fiat_p256_point_double(x3, y3, z3, x1, y1, z1); + return; + } + + // I = (2h)**2 + fiat_p256_felem i; + fiat_p256_add(i, h, h); + fiat_p256_square(i, i); + + // J = h * I + fiat_p256_felem j; + fiat_p256_mul(j, h, i); + + // V = U1 * I + fiat_p256_felem v; + fiat_p256_mul(v, u1, i); + + // x_out = r**2 - J - 2V + fiat_p256_square(x_out, r); + fiat_p256_sub(x_out, x_out, j); + fiat_p256_sub(x_out, x_out, v); + fiat_p256_sub(x_out, x_out, v); + + // y_out = r(V-x_out) - 2 * s1 * J + fiat_p256_sub(y_out, v, x_out); + fiat_p256_mul(y_out, y_out, r); + fiat_p256_felem s1j; + fiat_p256_mul(s1j, s1, j); + fiat_p256_sub(y_out, y_out, s1j); + fiat_p256_sub(y_out, y_out, s1j); + + fiat_p256_cmovznz(x_out, z1nz, x2, x_out); + fiat_p256_cmovznz(x3, z2nz, x1, x_out); + fiat_p256_cmovznz(y_out, z1nz, y2, y_out); + fiat_p256_cmovznz(y3, z2nz, y1, y_out); + fiat_p256_cmovznz(z_out, z1nz, z2, z_out); + fiat_p256_cmovznz(z3, z2nz, z1, z_out); +} + +#include "./p256_table.h" + +// fiat_p256_select_point_affine selects the |idx-1|th point from a +// precomputation table and copies it to out. If |idx| is zero, the output is +// the point at infinity. +static void fiat_p256_select_point_affine( + const fiat_p256_limb_t idx, size_t size, + const fiat_p256_felem pre_comp[/*size*/][2], fiat_p256_felem out[3]) { + OPENSSL_memset(out, 0, sizeof(fiat_p256_felem) * 3); + for (size_t i = 0; i < size; i++) { + fiat_p256_limb_t mismatch = i ^ (idx - 1); + fiat_p256_cmovznz(out[0], mismatch, pre_comp[i][0], out[0]); + fiat_p256_cmovznz(out[1], mismatch, pre_comp[i][1], out[1]); + } + fiat_p256_cmovznz(out[2], idx, out[2], fiat_p256_one); +} + +// fiat_p256_select_point selects the |idx|th point from a precomputation table +// and copies it to out. +static void fiat_p256_select_point(const fiat_p256_limb_t idx, size_t size, + const fiat_p256_felem pre_comp[/*size*/][3], + fiat_p256_felem out[3]) { + OPENSSL_memset(out, 0, sizeof(fiat_p256_felem) * 3); + for (size_t i = 0; i < size; i++) { + fiat_p256_limb_t mismatch = i ^ idx; + fiat_p256_cmovznz(out[0], mismatch, pre_comp[i][0], out[0]); + fiat_p256_cmovznz(out[1], mismatch, pre_comp[i][1], out[1]); + fiat_p256_cmovznz(out[2], mismatch, pre_comp[i][2], out[2]); + } +} + +// fiat_p256_get_bit returns the |i|th bit in |in| +static crypto_word fiat_p256_get_bit(const uint8_t *in, int i) { + if (i < 0 || i >= 256) { + return 0; + } + return (in[i >> 3] >> (i & 7)) & 1; +} + +void p256_point_mul(P256_POINT *r, const Limb scalar[P256_LIMBS], + const Limb p_x[P256_LIMBS], const Limb p_y[P256_LIMBS]) { + debug_assert_nonsecret(r != NULL); + debug_assert_nonsecret(scalar != NULL); + debug_assert_nonsecret(p_x != NULL); + debug_assert_nonsecret(p_y != NULL); + + P256_SCALAR_BYTES scalar_bytes; + p256_scalar_bytes_from_limbs(scalar_bytes, scalar); + + fiat_p256_felem p_pre_comp[17][3]; + OPENSSL_memset(&p_pre_comp, 0, sizeof(p_pre_comp)); + + // Precompute multiples. + limbs_copy(&p_pre_comp[1][0][0], p_x, P256_LIMBS); + limbs_copy(&p_pre_comp[1][1][0], p_y, P256_LIMBS); + limbs_copy(&p_pre_comp[1][2][0], fiat_p256_one, P256_LIMBS); + + for (size_t j = 2; j <= 16; ++j) { + if (j & 1) { + fiat_p256_point_add(p_pre_comp[j][0], p_pre_comp[j][1], p_pre_comp[j][2], + p_pre_comp[1][0], p_pre_comp[1][1], p_pre_comp[1][2], + 0, p_pre_comp[j - 1][0], p_pre_comp[j - 1][1], + p_pre_comp[j - 1][2]); + } else { + fiat_p256_point_double(p_pre_comp[j][0], p_pre_comp[j][1], + p_pre_comp[j][2], p_pre_comp[j / 2][0], + p_pre_comp[j / 2][1], p_pre_comp[j / 2][2]); + } + } + + // Set nq to the point at infinity. + fiat_p256_felem nq[3] = {{0}, {0}, {0}}, ftmp, tmp[3]; + + // Loop over |scalar| msb-to-lsb, incorporating |p_pre_comp| every 5th round. + int skip = 1; // Save two point operations in the first round. + for (size_t i = 255; i < 256; i--) { + // double + if (!skip) { + fiat_p256_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); + } + + // do other additions every 5 doublings + if (i % 5 == 0) { + crypto_word bits = fiat_p256_get_bit(scalar_bytes, i + 4) << 5; + bits |= fiat_p256_get_bit(scalar_bytes, i + 3) << 4; + bits |= fiat_p256_get_bit(scalar_bytes, i + 2) << 3; + bits |= fiat_p256_get_bit(scalar_bytes, i + 1) << 2; + bits |= fiat_p256_get_bit(scalar_bytes, i) << 1; + bits |= fiat_p256_get_bit(scalar_bytes, i - 1); + crypto_word sign, digit; + recode_scalar_bits(&sign, &digit, bits); + + // select the point to add or subtract, in constant time. + fiat_p256_select_point(digit, 17, + RING_CORE_POINTLESS_ARRAY_CONST_CAST((const fiat_p256_felem(*)[3]))p_pre_comp, + tmp); + fiat_p256_opp(ftmp, tmp[1]); // (X, -Y, Z) is the negative point. + fiat_p256_cmovznz(tmp[1], sign, tmp[1], ftmp); + + if (!skip) { + fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], + 0 /* mixed */, tmp[0], tmp[1], tmp[2]); + } else { + fiat_p256_copy(nq[0], tmp[0]); + fiat_p256_copy(nq[1], tmp[1]); + fiat_p256_copy(nq[2], tmp[2]); + skip = 0; + } + } + } + + limbs_copy(r->X, nq[0], P256_LIMBS); + limbs_copy(r->Y, nq[1], P256_LIMBS); + limbs_copy(r->Z, nq[2], P256_LIMBS); +} + +void p256_point_mul_base(P256_POINT *r, const Limb scalar[P256_LIMBS]) { + P256_SCALAR_BYTES scalar_bytes; + p256_scalar_bytes_from_limbs(scalar_bytes, scalar); + + // Set nq to the point at infinity. + fiat_p256_felem nq[3] = {{0}, {0}, {0}}, tmp[3]; + + int skip = 1; // Save two point operations in the first round. + for (size_t i = 31; i < 32; i--) { + if (!skip) { + fiat_p256_point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); + } + + // First, look 32 bits upwards. + crypto_word bits = fiat_p256_get_bit(scalar_bytes, i + 224) << 3; + bits |= fiat_p256_get_bit(scalar_bytes, i + 160) << 2; + bits |= fiat_p256_get_bit(scalar_bytes, i + 96) << 1; + bits |= fiat_p256_get_bit(scalar_bytes, i + 32); + // Select the point to add, in constant time. + fiat_p256_select_point_affine(bits, 15, fiat_p256_g_pre_comp[1], tmp); + + if (!skip) { + fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], + 1 /* mixed */, tmp[0], tmp[1], tmp[2]); + } else { + fiat_p256_copy(nq[0], tmp[0]); + fiat_p256_copy(nq[1], tmp[1]); + fiat_p256_copy(nq[2], tmp[2]); + skip = 0; + } + + // Second, look at the current position. + bits = fiat_p256_get_bit(scalar_bytes, i + 192) << 3; + bits |= fiat_p256_get_bit(scalar_bytes, i + 128) << 2; + bits |= fiat_p256_get_bit(scalar_bytes, i + 64) << 1; + bits |= fiat_p256_get_bit(scalar_bytes, i); + // Select the point to add, in constant time. + fiat_p256_select_point_affine(bits, 15, fiat_p256_g_pre_comp[0], tmp); + fiat_p256_point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */, + tmp[0], tmp[1], tmp[2]); + } + + limbs_copy(r->X, nq[0], P256_LIMBS); + limbs_copy(r->Y, nq[1], P256_LIMBS); + limbs_copy(r->Z, nq[2], P256_LIMBS); +} + +void p256_mul_mont(Limb r[P256_LIMBS], const Limb a[P256_LIMBS], + const Limb b[P256_LIMBS]) { + fiat_p256_mul(r, a, b); +} + +void p256_sqr_mont(Limb r[P256_LIMBS], const Limb a[P256_LIMBS]) { + fiat_p256_square(r, a); +} + +void p256_point_add(P256_POINT *r, const P256_POINT *a, const P256_POINT *b) { + fiat_p256_point_add(r->X, r->Y, r->Z, + a->X, a->Y, a->Z, + 0, + b->X, b->Y, b->Z); +} + +void p256_point_double(P256_POINT *r, const P256_POINT *a) { + fiat_p256_point_double(r->X, r->Y, r->Z, + a->X, a->Y, a->Z); +} + +// For testing only. +void p256_point_add_affine(P256_POINT *r, const P256_POINT *a, + const BN_ULONG b[P256_LIMBS * 2]) { + const Limb *b_x = &b[0]; + const Limb *b_y = &b[P256_LIMBS]; + fiat_p256_felem b_z = {0}; + crypto_word b_is_inf = constant_time_select_w( + LIMBS_are_zero(b_x, P256_LIMBS), LIMBS_are_zero(b_y, P256_LIMBS), 0); + fiat_p256_cmovznz(b_z, constant_time_is_zero_w(b_is_inf), b_z, fiat_p256_one); + fiat_p256_point_add(r->X, r->Y, r->Z, + a->X, a->Y, a->Z, + 1, + b_x, b_y, b_z); +} + +#undef BORINGSSL_NISTP256_64BIT + +#endif /* !defined(OPENSSL_USE_NISTZ256) */ diff --git a/crypto/fipsmodule/ec/p256_shared.h b/crypto/fipsmodule/ec/p256_shared.h new file mode 100644 index 0000000..4dd325b --- /dev/null +++ b/crypto/fipsmodule/ec/p256_shared.h @@ -0,0 +1,57 @@ +/* + * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2014, Intel Corporation. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) + * (1) Intel Corporation, Israel Development Center, Haifa, Israel + * (2) University of Haifa, Israel + * + * Reference: + * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with + * 256 Bit Primes" + */ + +#ifndef OPENSSL_HEADER_EC_P256_SHARED_H +#define OPENSSL_HEADER_EC_P256_SHARED_H + +#include "ring-core/base.h" + +#include "../bn/internal.h" + +#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \ + !defined(OPENSSL_SMALL) +# define OPENSSL_USE_NISTZ256 +#endif + +// P-256 field operations. +// +// An element mod P in P-256 is represented as a little-endian array of +// |P256_LIMBS| |BN_ULONG|s, spanning the full range of values. +// +// The following functions take fully-reduced inputs mod P and give +// fully-reduced outputs. They may be used in-place. + +#define P256_LIMBS (256 / BN_BITS2) + +// A P256_POINT represents a P-256 point in Jacobian coordinates. +// All coordinates are in the Montgomery domain. +typedef struct { + BN_ULONG X[P256_LIMBS]; + BN_ULONG Y[P256_LIMBS]; + BN_ULONG Z[P256_LIMBS]; +} P256_POINT; + +typedef unsigned char P256_SCALAR_BYTES[33]; + +static inline void p256_scalar_bytes_from_limbs( + P256_SCALAR_BYTES bytes_out, const BN_ULONG limbs[P256_LIMBS]) { + OPENSSL_memcpy(bytes_out, limbs, 32); + bytes_out[32] = 0; +} + +#endif diff --git a/crypto/fipsmodule/ec/p256_table.h b/crypto/fipsmodule/ec/p256_table.h new file mode 100644 index 0000000..14129a3 --- /dev/null +++ b/crypto/fipsmodule/ec/p256_table.h @@ -0,0 +1,297 @@ +/* Copyright (c) 2020, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +// This file is generated by make_tables.go. + +// Base point pre computation +// -------------------------- +// +// Two different sorts of precomputed tables are used in the following code. +// Each contain various points on the curve, where each point is three field +// elements (x, y, z). +// +// For the base point table, z is usually 1 (0 for the point at infinity). +// This table has 2 * 16 elements, starting with the following: +// index | bits | point +// ------+---------+------------------------------ +// 0 | 0 0 0 0 | 0G +// 1 | 0 0 0 1 | 1G +// 2 | 0 0 1 0 | 2^64G +// 3 | 0 0 1 1 | (2^64 + 1)G +// 4 | 0 1 0 0 | 2^128G +// 5 | 0 1 0 1 | (2^128 + 1)G +// 6 | 0 1 1 0 | (2^128 + 2^64)G +// 7 | 0 1 1 1 | (2^128 + 2^64 + 1)G +// 8 | 1 0 0 0 | 2^192G +// 9 | 1 0 0 1 | (2^192 + 1)G +// 10 | 1 0 1 0 | (2^192 + 2^64)G +// 11 | 1 0 1 1 | (2^192 + 2^64 + 1)G +// 12 | 1 1 0 0 | (2^192 + 2^128)G +// 13 | 1 1 0 1 | (2^192 + 2^128 + 1)G +// 14 | 1 1 1 0 | (2^192 + 2^128 + 2^64)G +// 15 | 1 1 1 1 | (2^192 + 2^128 + 2^64 + 1)G +// followed by a copy of this with each element multiplied by 2^32. +// +// The reason for this is so that we can clock bits into four different +// locations when doing simple scalar multiplies against the base point, +// and then another four locations using the second 16 elements. +// +// Tables for other points have table[i] = iG for i in 0 .. 16. + +// fiat_p256_g_pre_comp is the table of precomputed base points +#if defined(BORINGSSL_NISTP256_64BIT) +static const fiat_p256_felem fiat_p256_g_pre_comp[2][15][2] = { + {{{0x79e730d418a9143c, 0x75ba95fc5fedb601, 0x79fb732b77622510, + 0x18905f76a53755c6}, + {0xddf25357ce95560a, 0x8b4ab8e4ba19e45c, 0xd2e88688dd21f325, + 0x8571ff1825885d85}}, + {{0x4f922fc516a0d2bb, 0x0d5cc16c1a623499, 0x9241cf3a57c62c8b, + 0x2f5e6961fd1b667f}, + {0x5c15c70bf5a01797, 0x3d20b44d60956192, 0x04911b37071fdb52, + 0xf648f9168d6f0f7b}}, + {{0x9e566847e137bbbc, 0xe434469e8a6a0bec, 0xb1c4276179d73463, + 0x5abe0285133d0015}, + {0x92aa837cc04c7dab, 0x573d9f4c43260c07, 0x0c93156278e6cc37, + 0x94bb725b6b6f7383}}, + {{0x62a8c244bfe20925, 0x91c19ac38fdce867, 0x5a96a5d5dd387063, + 0x61d587d421d324f6}, + {0xe87673a2a37173ea, 0x2384800853778b65, 0x10f8441e05bab43e, + 0xfa11fe124621efbe}}, + {{0x1c891f2b2cb19ffd, 0x01ba8d5bb1923c23, 0xb6d03d678ac5ca8e, + 0x586eb04c1f13bedc}, + {0x0c35c6e527e8ed09, 0x1e81a33c1819ede2, 0x278fd6c056c652fa, + 0x19d5ac0870864f11}}, + {{0x62577734d2b533d5, 0x673b8af6a1bdddc0, 0x577e7c9aa79ec293, + 0xbb6de651c3b266b1}, + {0xe7e9303ab65259b3, 0xd6a0afd3d03a7480, 0xc5ac83d19b3cfc27, + 0x60b4619a5d18b99b}}, + {{0xbd6a38e11ae5aa1c, 0xb8b7652b49e73658, 0x0b130014ee5f87ed, + 0x9d0f27b2aeebffcd}, + {0xca9246317a730a55, 0x9c955b2fddbbc83a, 0x07c1dfe0ac019a71, + 0x244a566d356ec48d}}, + {{0x56f8410ef4f8b16a, 0x97241afec47b266a, 0x0a406b8e6d9c87c1, + 0x803f3e02cd42ab1b}, + {0x7f0309a804dbec69, 0xa83b85f73bbad05f, 0xc6097273ad8e197f, + 0xc097440e5067adc1}}, + {{0x846a56f2c379ab34, 0xa8ee068b841df8d1, 0x20314459176c68ef, + 0xf1af32d5915f1f30}, + {0x99c375315d75bd50, 0x837cffbaf72f67bc, 0x0613a41848d7723f, + 0x23d0f130e2d41c8b}}, + {{0xed93e225d5be5a2b, 0x6fe799835934f3c6, 0x4314092622626ffc, + 0x50bbb4d97990216a}, + {0x378191c6e57ec63e, 0x65422c40181dcdb2, 0x41a8099b0236e0f6, + 0x2b10011801fe49c3}}, + {{0xfc68b5c59b391593, 0xc385f5a2598270fc, 0x7144f3aad19adcbb, + 0xdd55899983fbae0c}, + {0x93b88b8e74b82ff4, 0xd2e03c4071e734c9, 0x9a7a9eaf43c0322a, + 0xe6e4c551149d6041}}, + {{0x5fe14bfe80ec21fe, 0xf6ce116ac255be82, 0x98bc5a072f4a5d67, + 0xfad27148db7e63af}, + {0x90c0b6ac29ab05b3, 0x37a9a83c4e251ae6, 0x0a7dc875c2aade7d, + 0x77387de39f0e1a84}}, + {{0x1e9ecc49a56c0dd7, 0xa5cffcd846086c74, 0x8f7a1408f505aece, + 0xb37b85c0bef0c47e}, + {0x3596b6e4cc0e6a8f, 0xfd6d4bbf6b388f23, 0xaba453fac39cef4e, + 0x9c135ac8f9f628d5}}, + {{0x0a1c729495c8f8be, 0x2961c4803bf362bf, 0x9e418403df63d4ac, + 0xc109f9cb91ece900}, + {0xc2d095d058945705, 0xb9083d96ddeb85c0, 0x84692b8d7a40449b, + 0x9bc3344f2eee1ee1}}, + {{0x0d5ae35642913074, 0x55491b2748a542b1, 0x469ca665b310732a, + 0x29591d525f1a4cc1}, + {0xe76f5b6bb84f983f, 0xbe7eef419f5f84e1, 0x1200d49680baa189, + 0x6376551f18ef332c}}}, + {{{0x202886024147519a, 0xd0981eac26b372f0, 0xa9d4a7caa785ebc8, + 0xd953c50ddbdf58e9}, + {0x9d6361ccfd590f8f, 0x72e9626b44e6c917, 0x7fd9611022eb64cf, + 0x863ebb7e9eb288f3}}, + {{0x4fe7ee31b0e63d34, 0xf4600572a9e54fab, 0xc0493334d5e7b5a4, + 0x8589fb9206d54831}, + {0xaa70f5cc6583553a, 0x0879094ae25649e5, 0xcc90450710044652, + 0xebb0696d02541c4f}}, + {{0xabbaa0c03b89da99, 0xa6f2d79eb8284022, 0x27847862b81c05e8, + 0x337a4b5905e54d63}, + {0x3c67500d21f7794a, 0x207005b77d6d7f61, 0x0a5a378104cfd6e8, + 0x0d65e0d5f4c2fbd6}}, + {{0xd433e50f6d3549cf, 0x6f33696ffacd665e, 0x695bfdacce11fcb4, + 0x810ee252af7c9860}, + {0x65450fe17159bb2c, 0xf7dfbebe758b357b, 0x2b057e74d69fea72, + 0xd485717a92731745}}, + {{0xce1f69bbe83f7669, 0x09f8ae8272877d6b, 0x9548ae543244278d, + 0x207755dee3c2c19c}, + {0x87bd61d96fef1945, 0x18813cefb12d28c3, 0x9fbcd1d672df64aa, + 0x48dc5ee57154b00d}}, + {{0xef0f469ef49a3154, 0x3e85a5956e2b2e9a, 0x45aaec1eaa924a9c, + 0xaa12dfc8a09e4719}, + {0x26f272274df69f1d, 0xe0e4c82ca2ff5e73, 0xb9d8ce73b7a9dd44, + 0x6c036e73e48ca901}}, + {{0xe1e421e1a47153f0, 0xb86c3b79920418c9, 0x93bdce87705d7672, + 0xf25ae793cab79a77}, + {0x1f3194a36d869d0c, 0x9d55c8824986c264, 0x49fb5ea3096e945e, + 0x39b8e65313db0a3e}}, + {{0xe3417bc035d0b34a, 0x440b386b8327c0a7, 0x8fb7262dac0362d1, + 0x2c41114ce0cdf943}, + {0x2ba5cef1ad95a0b1, 0xc09b37a867d54362, 0x26d6cdd201e486c9, + 0x20477abf42ff9297}}, + {{0x0f121b41bc0a67d2, 0x62d4760a444d248a, 0x0e044f1d659b4737, + 0x08fde365250bb4a8}, + {0xaceec3da848bf287, 0xc2a62182d3369d6e, 0x3582dfdc92449482, + 0x2f7e2fd2565d6cd7}}, + {{0x0a0122b5178a876b, 0x51ff96ff085104b4, 0x050b31ab14f29f76, + 0x84abb28b5f87d4e6}, + {0xd5ed439f8270790a, 0x2d6cb59d85e3f46b, 0x75f55c1b6c1e2212, + 0xe5436f6717655640}}, + {{0xc2965ecc9aeb596d, 0x01ea03e7023c92b4, 0x4704b4b62e013961, + 0x0ca8fd3f905ea367}, + {0x92523a42551b2b61, 0x1eb7a89c390fcd06, 0xe7f1d2be0392a63e, + 0x96dca2644ddb0c33}}, + {{0x231c210e15339848, 0xe87a28e870778c8d, 0x9d1de6616956e170, + 0x4ac3c9382bb09c0b}, + {0x19be05516998987d, 0x8b2376c4ae09f4d6, 0x1de0b7651a3f933d, + 0x380d94c7e39705f4}}, + {{0x3685954b8c31c31d, 0x68533d005bf21a0c, 0x0bd7626e75c79ec9, + 0xca17754742c69d54}, + {0xcc6edafff6d2dbb2, 0xfd0d8cbd174a9d18, 0x875e8793aa4578e8, + 0xa976a7139cab2ce6}}, + {{0xce37ab11b43ea1db, 0x0a7ff1a95259d292, 0x851b02218f84f186, + 0xa7222beadefaad13}, + {0xa2ac78ec2b0a9144, 0x5a024051f2fa59c5, 0x91d1eca56147ce38, + 0xbe94d523bc2ac690}}, + {{0x2d8daefd79ec1a0f, 0x3bbcd6fdceb39c97, 0xf5575ffc58f61a95, + 0xdbd986c4adf7b420}, + {0x81aa881415f39eb7, 0x6ee2fcf5b98d976c, 0x5465475dcf2f717d, + 0x8e24d3c46860bbd0}}}}; +#else +static const fiat_p256_felem fiat_p256_g_pre_comp[2][15][2] = { + {{{0x18a9143c, 0x79e730d4, 0x5fedb601, 0x75ba95fc, 0x77622510, 0x79fb732b, + 0xa53755c6, 0x18905f76}, + {0xce95560a, 0xddf25357, 0xba19e45c, 0x8b4ab8e4, 0xdd21f325, 0xd2e88688, + 0x25885d85, 0x8571ff18}}, + {{0x16a0d2bb, 0x4f922fc5, 0x1a623499, 0x0d5cc16c, 0x57c62c8b, 0x9241cf3a, + 0xfd1b667f, 0x2f5e6961}, + {0xf5a01797, 0x5c15c70b, 0x60956192, 0x3d20b44d, 0x071fdb52, 0x04911b37, + 0x8d6f0f7b, 0xf648f916}}, + {{0xe137bbbc, 0x9e566847, 0x8a6a0bec, 0xe434469e, 0x79d73463, 0xb1c42761, + 0x133d0015, 0x5abe0285}, + {0xc04c7dab, 0x92aa837c, 0x43260c07, 0x573d9f4c, 0x78e6cc37, 0x0c931562, + 0x6b6f7383, 0x94bb725b}}, + {{0xbfe20925, 0x62a8c244, 0x8fdce867, 0x91c19ac3, 0xdd387063, 0x5a96a5d5, + 0x21d324f6, 0x61d587d4}, + {0xa37173ea, 0xe87673a2, 0x53778b65, 0x23848008, 0x05bab43e, 0x10f8441e, + 0x4621efbe, 0xfa11fe12}}, + {{0x2cb19ffd, 0x1c891f2b, 0xb1923c23, 0x01ba8d5b, 0x8ac5ca8e, 0xb6d03d67, + 0x1f13bedc, 0x586eb04c}, + {0x27e8ed09, 0x0c35c6e5, 0x1819ede2, 0x1e81a33c, 0x56c652fa, 0x278fd6c0, + 0x70864f11, 0x19d5ac08}}, + {{0xd2b533d5, 0x62577734, 0xa1bdddc0, 0x673b8af6, 0xa79ec293, 0x577e7c9a, + 0xc3b266b1, 0xbb6de651}, + {0xb65259b3, 0xe7e9303a, 0xd03a7480, 0xd6a0afd3, 0x9b3cfc27, 0xc5ac83d1, + 0x5d18b99b, 0x60b4619a}}, + {{0x1ae5aa1c, 0xbd6a38e1, 0x49e73658, 0xb8b7652b, 0xee5f87ed, 0x0b130014, + 0xaeebffcd, 0x9d0f27b2}, + {0x7a730a55, 0xca924631, 0xddbbc83a, 0x9c955b2f, 0xac019a71, 0x07c1dfe0, + 0x356ec48d, 0x244a566d}}, + {{0xf4f8b16a, 0x56f8410e, 0xc47b266a, 0x97241afe, 0x6d9c87c1, 0x0a406b8e, + 0xcd42ab1b, 0x803f3e02}, + {0x04dbec69, 0x7f0309a8, 0x3bbad05f, 0xa83b85f7, 0xad8e197f, 0xc6097273, + 0x5067adc1, 0xc097440e}}, + {{0xc379ab34, 0x846a56f2, 0x841df8d1, 0xa8ee068b, 0x176c68ef, 0x20314459, + 0x915f1f30, 0xf1af32d5}, + {0x5d75bd50, 0x99c37531, 0xf72f67bc, 0x837cffba, 0x48d7723f, 0x0613a418, + 0xe2d41c8b, 0x23d0f130}}, + {{0xd5be5a2b, 0xed93e225, 0x5934f3c6, 0x6fe79983, 0x22626ffc, 0x43140926, + 0x7990216a, 0x50bbb4d9}, + {0xe57ec63e, 0x378191c6, 0x181dcdb2, 0x65422c40, 0x0236e0f6, 0x41a8099b, + 0x01fe49c3, 0x2b100118}}, + {{0x9b391593, 0xfc68b5c5, 0x598270fc, 0xc385f5a2, 0xd19adcbb, 0x7144f3aa, + 0x83fbae0c, 0xdd558999}, + {0x74b82ff4, 0x93b88b8e, 0x71e734c9, 0xd2e03c40, 0x43c0322a, 0x9a7a9eaf, + 0x149d6041, 0xe6e4c551}}, + {{0x80ec21fe, 0x5fe14bfe, 0xc255be82, 0xf6ce116a, 0x2f4a5d67, 0x98bc5a07, + 0xdb7e63af, 0xfad27148}, + {0x29ab05b3, 0x90c0b6ac, 0x4e251ae6, 0x37a9a83c, 0xc2aade7d, 0x0a7dc875, + 0x9f0e1a84, 0x77387de3}}, + {{0xa56c0dd7, 0x1e9ecc49, 0x46086c74, 0xa5cffcd8, 0xf505aece, 0x8f7a1408, + 0xbef0c47e, 0xb37b85c0}, + {0xcc0e6a8f, 0x3596b6e4, 0x6b388f23, 0xfd6d4bbf, 0xc39cef4e, 0xaba453fa, + 0xf9f628d5, 0x9c135ac8}}, + {{0x95c8f8be, 0x0a1c7294, 0x3bf362bf, 0x2961c480, 0xdf63d4ac, 0x9e418403, + 0x91ece900, 0xc109f9cb}, + {0x58945705, 0xc2d095d0, 0xddeb85c0, 0xb9083d96, 0x7a40449b, 0x84692b8d, + 0x2eee1ee1, 0x9bc3344f}}, + {{0x42913074, 0x0d5ae356, 0x48a542b1, 0x55491b27, 0xb310732a, 0x469ca665, + 0x5f1a4cc1, 0x29591d52}, + {0xb84f983f, 0xe76f5b6b, 0x9f5f84e1, 0xbe7eef41, 0x80baa189, 0x1200d496, + 0x18ef332c, 0x6376551f}}}, + {{{0x4147519a, 0x20288602, 0x26b372f0, 0xd0981eac, 0xa785ebc8, 0xa9d4a7ca, + 0xdbdf58e9, 0xd953c50d}, + {0xfd590f8f, 0x9d6361cc, 0x44e6c917, 0x72e9626b, 0x22eb64cf, 0x7fd96110, + 0x9eb288f3, 0x863ebb7e}}, + {{0xb0e63d34, 0x4fe7ee31, 0xa9e54fab, 0xf4600572, 0xd5e7b5a4, 0xc0493334, + 0x06d54831, 0x8589fb92}, + {0x6583553a, 0xaa70f5cc, 0xe25649e5, 0x0879094a, 0x10044652, 0xcc904507, + 0x02541c4f, 0xebb0696d}}, + {{0x3b89da99, 0xabbaa0c0, 0xb8284022, 0xa6f2d79e, 0xb81c05e8, 0x27847862, + 0x05e54d63, 0x337a4b59}, + {0x21f7794a, 0x3c67500d, 0x7d6d7f61, 0x207005b7, 0x04cfd6e8, 0x0a5a3781, + 0xf4c2fbd6, 0x0d65e0d5}}, + {{0x6d3549cf, 0xd433e50f, 0xfacd665e, 0x6f33696f, 0xce11fcb4, 0x695bfdac, + 0xaf7c9860, 0x810ee252}, + {0x7159bb2c, 0x65450fe1, 0x758b357b, 0xf7dfbebe, 0xd69fea72, 0x2b057e74, + 0x92731745, 0xd485717a}}, + {{0xe83f7669, 0xce1f69bb, 0x72877d6b, 0x09f8ae82, 0x3244278d, 0x9548ae54, + 0xe3c2c19c, 0x207755de}, + {0x6fef1945, 0x87bd61d9, 0xb12d28c3, 0x18813cef, 0x72df64aa, 0x9fbcd1d6, + 0x7154b00d, 0x48dc5ee5}}, + {{0xf49a3154, 0xef0f469e, 0x6e2b2e9a, 0x3e85a595, 0xaa924a9c, 0x45aaec1e, + 0xa09e4719, 0xaa12dfc8}, + {0x4df69f1d, 0x26f27227, 0xa2ff5e73, 0xe0e4c82c, 0xb7a9dd44, 0xb9d8ce73, + 0xe48ca901, 0x6c036e73}}, + {{0xa47153f0, 0xe1e421e1, 0x920418c9, 0xb86c3b79, 0x705d7672, 0x93bdce87, + 0xcab79a77, 0xf25ae793}, + {0x6d869d0c, 0x1f3194a3, 0x4986c264, 0x9d55c882, 0x096e945e, 0x49fb5ea3, + 0x13db0a3e, 0x39b8e653}}, + {{0x35d0b34a, 0xe3417bc0, 0x8327c0a7, 0x440b386b, 0xac0362d1, 0x8fb7262d, + 0xe0cdf943, 0x2c41114c}, + {0xad95a0b1, 0x2ba5cef1, 0x67d54362, 0xc09b37a8, 0x01e486c9, 0x26d6cdd2, + 0x42ff9297, 0x20477abf}}, + {{0xbc0a67d2, 0x0f121b41, 0x444d248a, 0x62d4760a, 0x659b4737, 0x0e044f1d, + 0x250bb4a8, 0x08fde365}, + {0x848bf287, 0xaceec3da, 0xd3369d6e, 0xc2a62182, 0x92449482, 0x3582dfdc, + 0x565d6cd7, 0x2f7e2fd2}}, + {{0x178a876b, 0x0a0122b5, 0x085104b4, 0x51ff96ff, 0x14f29f76, 0x050b31ab, + 0x5f87d4e6, 0x84abb28b}, + {0x8270790a, 0xd5ed439f, 0x85e3f46b, 0x2d6cb59d, 0x6c1e2212, 0x75f55c1b, + 0x17655640, 0xe5436f67}}, + {{0x9aeb596d, 0xc2965ecc, 0x023c92b4, 0x01ea03e7, 0x2e013961, 0x4704b4b6, + 0x905ea367, 0x0ca8fd3f}, + {0x551b2b61, 0x92523a42, 0x390fcd06, 0x1eb7a89c, 0x0392a63e, 0xe7f1d2be, + 0x4ddb0c33, 0x96dca264}}, + {{0x15339848, 0x231c210e, 0x70778c8d, 0xe87a28e8, 0x6956e170, 0x9d1de661, + 0x2bb09c0b, 0x4ac3c938}, + {0x6998987d, 0x19be0551, 0xae09f4d6, 0x8b2376c4, 0x1a3f933d, 0x1de0b765, + 0xe39705f4, 0x380d94c7}}, + {{0x8c31c31d, 0x3685954b, 0x5bf21a0c, 0x68533d00, 0x75c79ec9, 0x0bd7626e, + 0x42c69d54, 0xca177547}, + {0xf6d2dbb2, 0xcc6edaff, 0x174a9d18, 0xfd0d8cbd, 0xaa4578e8, 0x875e8793, + 0x9cab2ce6, 0xa976a713}}, + {{0xb43ea1db, 0xce37ab11, 0x5259d292, 0x0a7ff1a9, 0x8f84f186, 0x851b0221, + 0xdefaad13, 0xa7222bea}, + {0x2b0a9144, 0xa2ac78ec, 0xf2fa59c5, 0x5a024051, 0x6147ce38, 0x91d1eca5, + 0xbc2ac690, 0xbe94d523}}, + {{0x79ec1a0f, 0x2d8daefd, 0xceb39c97, 0x3bbcd6fd, 0x58f61a95, 0xf5575ffc, + 0xadf7b420, 0xdbd986c4}, + {0x15f39eb7, 0x81aa8814, 0xb98d976c, 0x6ee2fcf5, 0xcf2f717d, 0x5465475d, + 0x6860bbd0, 0x8e24d3c4}}}}; +#endif diff --git a/crypto/fipsmodule/ec/util.h b/crypto/fipsmodule/ec/util.h new file mode 100644 index 0000000..ee64a06 --- /dev/null +++ b/crypto/fipsmodule/ec/util.h @@ -0,0 +1,258 @@ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <ring-core/base.h> + +#include "../../internal.h" + +#if defined(__GNUC__) +#pragma GCC diagnostic ignored "-Wconversion" +#pragma GCC diagnostic ignored "-Wsign-conversion" +#endif + + +// This function looks at 5+1 scalar bits (5 current, 1 adjacent less +// significant bit), and recodes them into a signed digit for use in fast point +// multiplication: the use of signed rather than unsigned digits means that +// fewer points need to be precomputed, given that point inversion is easy (a +// precomputed point dP makes -dP available as well). +// +// BACKGROUND: +// +// Signed digits for multiplication were introduced by Booth ("A signed binary +// multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV, +// pt. 2 (1951), pp. 236-240), in that case for multiplication of integers. +// Booth's original encoding did not generally improve the density of nonzero +// digits over the binary representation, and was merely meant to simplify the +// handling of signed factors given in two's complement; but it has since been +// shown to be the basis of various signed-digit representations that do have +// further advantages, including the wNAF, using the following general +// approach: +// +// (1) Given a binary representation +// +// b_k ... b_2 b_1 b_0, +// +// of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1 +// by using bit-wise subtraction as follows: +// +// b_k b_(k-1) ... b_2 b_1 b_0 +// - b_k ... b_3 b_2 b_1 b_0 +// ----------------------------------------- +// s_(k+1) s_k ... s_3 s_2 s_1 s_0 +// +// A left-shift followed by subtraction of the original value yields a new +// representation of the same value, using signed bits s_i = b_(i-1) - b_i. +// This representation from Booth's paper has since appeared in the +// literature under a variety of different names including "reversed binary +// form", "alternating greedy expansion", "mutual opposite form", and +// "sign-alternating {+-1}-representation". +// +// An interesting property is that among the nonzero bits, values 1 and -1 +// strictly alternate. +// +// (2) Various window schemes can be applied to the Booth representation of +// integers: for example, right-to-left sliding windows yield the wNAF +// (a signed-digit encoding independently discovered by various researchers +// in the 1990s), and left-to-right sliding windows yield a left-to-right +// equivalent of the wNAF (independently discovered by various researchers +// around 2004). +// +// To prevent leaking information through side channels in point multiplication, +// we need to recode the given integer into a regular pattern: sliding windows +// as in wNAFs won't do, we need their fixed-window equivalent -- which is a few +// decades older: we'll be using the so-called "modified Booth encoding" due to +// MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49 +// (1961), pp. 67-91), in a radix-2^5 setting. That is, we always combine five +// signed bits into a signed digit: +// +// s_(5j + 4) s_(5j + 3) s_(5j + 2) s_(5j + 1) s_(5j) +// +// The sign-alternating property implies that the resulting digit values are +// integers from -16 to 16. +// +// Of course, we don't actually need to compute the signed digits s_i as an +// intermediate step (that's just a nice way to see how this scheme relates +// to the wNAF): a direct computation obtains the recoded digit from the +// six bits b_(5j + 4) ... b_(5j - 1). +// +// This function takes those six bits as an integer (0 .. 63), writing the +// recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute +// value, in the range 0 .. 16). Note that this integer essentially provides +// the input bits "shifted to the left" by one position: for example, the input +// to compute the least significant recoded digit, given that there's no bit +// b_-1, has to be b_4 b_3 b_2 b_1 b_0 0. +// +// DOUBLING CASE: +// +// Point addition formulas for short Weierstrass curves are often incomplete. +// Edge cases such as P + P or P + ∞ must be handled separately. This +// complicates constant-time requirements. P + ∞ cannot be avoided (any window +// may be zero) and is handled with constant-time selects. P + P (where P is not +// ∞) usually is not. Instead, windowing strategies are chosen to avoid this +// case. Whether this happens depends on the group order. +// +// Let w be the window width (in this function, w = 5). The non-trivial doubling +// case in single-point scalar multiplication may occur if and only if the +// 2^(w-1) bit of the group order is zero. +// +// Note the above only holds if the scalar is fully reduced and the group order +// is a prime that is much larger than 2^w. It also only holds when windows +// are applied from most significant to least significant, doubling between each +// window. It does not apply to more complex table strategies such as +// |EC_nistz256_method|. +// +// PROOF: +// +// Let n be the group order. Let l be the number of bits needed to represent n. +// Assume there exists some 0 <= k < n such that signed w-bit windowed +// multiplication hits the doubling case. +// +// Windowed multiplication consists of iterating over groups of s_i (defined +// above based on k's binary representation) from most to least significant. At +// iteration i (for i = ..., 3w, 2w, w, 0, starting from the most significant +// window), we: +// +// 1. Double the accumulator A, w times. Let A_i be the value of A at this +// point. +// +// 2. Set A to T_i + A_i, where T_i is a precomputed multiple of P +// corresponding to the window s_(i+w-1) ... s_i. +// +// Let j be the index such that A_j = T_j ≠ ∞. Looking at A_i and T_i as +// multiples of P, define a_i and t_i to be scalar coefficients of A_i and T_i. +// Thus a_j = t_j ≠ 0 (mod n). Note a_i and t_i may not be reduced mod n. t_i is +// the value of the w signed bits s_(i+w-1) ... s_i. a_i is computed as a_i = +// 2^w * (a_(i+w) + t_(i+w)). +// +// t_i is bounded by -2^(w-1) <= t_i <= 2^(w-1). Additionally, we may write it +// in terms of unsigned bits b_i. t_i consists of signed bits s_(i+w-1) ... s_i. +// This is computed as: +// +// b_(i+w-2) b_(i+w-3) ... b_i b_(i-1) +// - b_(i+w-1) b_(i+w-2) ... b_(i+1) b_i +// -------------------------------------------- +// t_i = s_(i+w-1) s_(i+w-2) ... s_(i+1) s_i +// +// Observe that b_(i+w-2) through b_i occur in both terms. Let x be the integer +// represented by that bit string, i.e. 2^(w-2)*b_(i+w-2) + ... + b_i. +// +// t_i = (2*x + b_(i-1)) - (2^(w-1)*b_(i+w-1) + x) +// = x - 2^(w-1)*b_(i+w-1) + b_(i-1) +// +// Or, using C notation for bit operations: +// +// t_i = (k>>i) & ((1<<(w-1)) - 1) - (k>>i) & (1<<(w-1)) + (k>>(i-1)) & 1 +// +// Note b_(i-1) is added in left-shifted by one (or doubled) from its place. +// This is compensated by t_(i-w)'s subtraction term. Thus, a_i may be computed +// by adding b_l b_(l-1) ... b_(i+1) b_i and an extra copy of b_(i-1). In C +// notation, this is: +// +// a_i = (k>>(i+w)) << w + ((k>>(i+w-1)) & 1) << w +// +// Observe that, while t_i may be positive or negative, a_i is bounded by +// 0 <= a_i < n + 2^w. Additionally, a_i can only be zero if b_(i+w-1) and up +// are all zero. (Note this implies a non-trivial P + (-P) is unreachable for +// all groups. That would imply the subsequent a_i is zero, which means all +// terms thus far were zero.) +// +// Returning to our doubling position, we have a_j = t_j (mod n). We now +// determine the value of a_j - t_j, which must be divisible by n. Our bounds on +// a_j and t_j imply a_j - t_j is 0 or n. If it is 0, a_j = t_j. However, 2^w +// divides a_j and -2^(w-1) <= t_j <= 2^(w-1), so this can only happen if +// a_j = t_j = 0, which is a trivial doubling. Therefore, a_j - t_j = n. +// +// Now we determine j. Suppose j > 0. w divides j, so j >= w. Then, +// +// n = a_j - t_j = (k>>(j+w)) << w + ((k>>(j+w-1)) & 1) << w - t_j +// <= k/2^j + 2^w - t_j +// < n/2^w + 2^w + 2^(w-1) +// +// n is much larger than 2^w, so this is impossible. Thus, j = 0: only the final +// addition may hit the doubling case. +// +// Finally, we consider bit patterns for n and k. Divide k into k_H + k_M + k_L +// such that k_H is the contribution from b_(l-1) .. b_w, k_M is the +// contribution from b_(w-1), and k_L is the contribution from b_(w-2) ... b_0. +// That is: +// +// - 2^w divides k_H +// - k_M is 0 or 2^(w-1) +// - 0 <= k_L < 2^(w-1) +// +// Divide n into n_H + n_M + n_L similarly. We thus have: +// +// t_0 = (k>>0) & ((1<<(w-1)) - 1) - (k>>0) & (1<<(w-1)) + (k>>(0-1)) & 1 +// = k & ((1<<(w-1)) - 1) - k & (1<<(w-1)) +// = k_L - k_M +// +// a_0 = (k>>(0+w)) << w + ((k>>(0+w-1)) & 1) << w +// = (k>>w) << w + ((k>>(w-1)) & 1) << w +// = k_H + 2*k_M +// +// n = a_0 - t_0 +// n_H + n_M + n_L = (k_H + 2*k_M) - (k_L - k_M) +// = k_H + 3*k_M - k_L +// +// k_H - k_L < k and k < n, so k_H - k_L ≠ n. Therefore k_M is not 0 and must be +// 2^(w-1). Now we consider k_H and n_H. We know k_H <= n_H. Suppose k_H = n_H. +// Then, +// +// n_M + n_L = 3*(2^(w-1)) - k_L +// > 3*(2^(w-1)) - 2^(w-1) +// = 2^w +// +// Contradiction (n_M + n_L is the bottom w bits of n). Thus k_H < n_H. Suppose +// k_H < n_H - 2*2^w. Then, +// +// n_H + n_M + n_L = k_H + 3*(2^(w-1)) - k_L +// < n_H - 2*2^w + 3*(2^(w-1)) - k_L +// n_M + n_L < -2^(w-1) - k_L +// +// Contradiction. Thus, k_H = n_H - 2^w. (Note 2^w divides n_H and k_H.) Thus, +// +// n_H + n_M + n_L = k_H + 3*(2^(w-1)) - k_L +// = n_H - 2^w + 3*(2^(w-1)) - k_L +// n_M + n_L = 2^(w-1) - k_L +// <= 2^(w-1) +// +// Equality would mean 2^(w-1) divides n, which is impossible if n is prime. +// Thus n_M + n_L < 2^(w-1), so n_M is zero, proving our condition. +// +// This proof constructs k, so, to show the converse, let k_H = n_H - 2^w, +// k_M = 2^(w-1), k_L = 2^(w-1) - n_L. This will result in a non-trivial point +// doubling in the final addition and is the only such scalar. +// +// COMMON CURVES: +// +// The group orders for common curves end in the following bit patterns: +// +// P-521: ...00001001; w = 4 is okay +// P-384: ...01110011; w = 2, 5, 6, 7 are okay +// P-256: ...01010001; w = 5, 7 are okay +// P-224: ...00111101; w = 3, 4, 5, 6 are okay +static inline void recode_scalar_bits(crypto_word *sign, crypto_word *digit, + crypto_word in) { + crypto_word s, d; + + s = ~((in >> 5) - 1); /* sets all bits to MSB(in), 'in' seen as + * 6-bit value */ + d = (1 << 6) - in - 1; + d = (d & s) | (in & ~s); + d = (d >> 1) + (d & 1); + + *sign = s & 1; + *digit = d; +} diff --git a/crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl b/crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl index d224f80..324aec9 100644 --- a/crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl +++ b/crypto/fipsmodule/modes/asm/aesni-gcm-x86_64.pl @@ -416,14 +416,14 @@ _aesni_ctr32_ghash_6x: ___ ###################################################################### # -# size_t GFp_aesni_gcm_[en|de]crypt(const void *inp, void *out, size_t len, +# size_t aesni_gcm_[en|de]crypt(const void *inp, void *out, size_t len, # const AES_KEY *key, unsigned char iv[16], # struct { u128 Xi,H,Htbl[9]; } *Xip); $code.=<<___; -.globl GFp_aesni_gcm_decrypt -.type GFp_aesni_gcm_decrypt,\@function,6 +.globl aesni_gcm_decrypt +.type aesni_gcm_decrypt,\@function,6 .align 32 -GFp_aesni_gcm_decrypt: +aesni_gcm_decrypt: .cfi_startproc xor $ret,$ret @@ -562,7 +562,7 @@ $code.=<<___; mov $ret,%rax # return value ret .cfi_endproc -.size GFp_aesni_gcm_decrypt,.-GFp_aesni_gcm_decrypt +.size aesni_gcm_decrypt,.-aesni_gcm_decrypt ___ $code.=<<___; @@ -659,10 +659,10 @@ _aesni_ctr32_6x: .cfi_endproc .size _aesni_ctr32_6x,.-_aesni_ctr32_6x -.globl GFp_aesni_gcm_encrypt -.type GFp_aesni_gcm_encrypt,\@function,6 +.globl aesni_gcm_encrypt +.type aesni_gcm_encrypt,\@function,6 .align 32 -GFp_aesni_gcm_encrypt: +aesni_gcm_encrypt: .cfi_startproc xor $ret,$ret @@ -974,7 +974,7 @@ $code.=<<___; mov $ret,%rax # return value ret .cfi_endproc -.size GFp_aesni_gcm_encrypt,.-GFp_aesni_gcm_encrypt +.size aesni_gcm_encrypt,.-aesni_gcm_encrypt ___ $code.=<<___; @@ -1094,20 +1094,20 @@ gcm_se_handler: .section .pdata .align 4 - .rva .LSEH_begin_GFp_aesni_gcm_decrypt - .rva .LSEH_end_GFp_aesni_gcm_decrypt + .rva .LSEH_begin_aesni_gcm_decrypt + .rva .LSEH_end_aesni_gcm_decrypt .rva .LSEH_gcm_dec_info - .rva .LSEH_begin_GFp_aesni_gcm_encrypt - .rva .LSEH_end_GFp_aesni_gcm_encrypt - .rva .LSEH_GFp_gcm_enc_info + .rva .LSEH_begin_aesni_gcm_encrypt + .rva .LSEH_end_aesni_gcm_encrypt + .rva .LSEH_gcm_enc_info .section .xdata .align 8 .LSEH_gcm_dec_info: .byte 9,0,0,0 .rva gcm_se_handler .rva .Lgcm_dec_body,.Lgcm_dec_abort -.LSEH_GFp_gcm_enc_info: +.LSEH_gcm_enc_info: .byte 9,0,0,0 .rva gcm_se_handler .rva .Lgcm_enc_body,.Lgcm_enc_abort diff --git a/crypto/fipsmodule/modes/asm/ghash-armv4.pl b/crypto/fipsmodule/modes/asm/ghash-armv4.pl index 67574a2..9d2f809 100644 --- a/crypto/fipsmodule/modes/asm/ghash-armv4.pl +++ b/crypto/fipsmodule/modes/asm/ghash-armv4.pl @@ -104,7 +104,7 @@ $inp="r2"; $len="r3"; $code=<<___; -#include <GFp/arm_arch.h> +#include <ring-core/arm_arch.h> @ Silence ARMv8 deprecated IT instruction warnings. This file is used by both @ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 PMULL @@ -176,10 +176,10 @@ $code.=<<___; .arch armv7-a .fpu neon -.global GFp_gcm_init_neon -.type GFp_gcm_init_neon,%function +.global gcm_init_neon +.type gcm_init_neon,%function .align 4 -GFp_gcm_init_neon: +gcm_init_neon: vld1.64 $IN#hi,[r1]! @ load H vmov.i8 $t0,#0xe1 vld1.64 $IN#lo,[r1] @@ -195,12 +195,12 @@ GFp_gcm_init_neon: vstmia r0,{$IN} ret @ bx lr -.size GFp_gcm_init_neon,.-GFp_gcm_init_neon +.size gcm_init_neon,.-gcm_init_neon -.global GFp_gcm_gmult_neon -.type GFp_gcm_gmult_neon,%function +.global gcm_gmult_neon +.type gcm_gmult_neon,%function .align 4 -GFp_gcm_gmult_neon: +gcm_gmult_neon: vld1.64 $IN#hi,[$Xi]! @ load Xi vld1.64 $IN#lo,[$Xi]! vmov.i64 $k48,#0x0000ffffffffffff @@ -213,12 +213,12 @@ GFp_gcm_gmult_neon: veor $Hhl,$Hlo,$Hhi @ Karatsuba pre-processing mov $len,#16 b .Lgmult_neon -.size GFp_gcm_gmult_neon,.-GFp_gcm_gmult_neon +.size gcm_gmult_neon,.-gcm_gmult_neon -.global GFp_gcm_ghash_neon -.type GFp_gcm_ghash_neon,%function +.global gcm_ghash_neon +.type gcm_ghash_neon,%function .align 4 -GFp_gcm_ghash_neon: +gcm_ghash_neon: vld1.64 $Xl#hi,[$Xi]! @ load Xi vld1.64 $Xl#lo,[$Xi]! vmov.i64 $k48,#0x0000ffffffffffff @@ -279,7 +279,7 @@ $code.=<<___; vst1.64 $Xl#lo,[$Xi] ret @ bx lr -.size GFp_gcm_ghash_neon,.-GFp_gcm_ghash_neon +.size gcm_ghash_neon,.-gcm_ghash_neon #endif ___ } diff --git a/crypto/fipsmodule/modes/asm/ghash-x86.pl b/crypto/fipsmodule/modes/asm/ghash-x86.pl index 39c2951..0c44099 100644 --- a/crypto/fipsmodule/modes/asm/ghash-x86.pl +++ b/crypto/fipsmodule/modes/asm/ghash-x86.pl @@ -185,7 +185,7 @@ my ($Xhi,$Xi,$Hkey,$HK)=@_; sub clmul64x64_T3 { # Even though this subroutine offers visually better ILP, it # was empirically found to be a tad slower than above version. -# At least in GFp_gcm_ghash_clmul context. But it's just as well, +# At least in gcm_ghash_clmul context. But it's just as well, # because loop modulo-scheduling is possible only thanks to # minimized "register" pressure... my ($Xhi,$Xi,$Hkey)=@_; @@ -246,7 +246,7 @@ my ($Xhi,$Xi) = @_; &pxor ($Xi,$Xhi) # } -&function_begin_B("GFp_gcm_init_clmul"); +&function_begin_B("gcm_init_clmul"); &mov ($Htbl,&wparam(0)); &mov ($Xip,&wparam(1)); @@ -287,9 +287,9 @@ my ($Xhi,$Xi) = @_; &movdqu (&QWP(32,$Htbl),$T2); # save Karatsuba "salt" &ret (); -&function_end_B("GFp_gcm_init_clmul"); +&function_end_B("gcm_init_clmul"); -&function_begin_B("GFp_gcm_gmult_clmul"); +&function_begin_B("gcm_gmult_clmul"); &mov ($Xip,&wparam(0)); &mov ($Htbl,&wparam(1)); @@ -311,9 +311,9 @@ my ($Xhi,$Xi) = @_; &movdqu (&QWP(0,$Xip),$Xi); &ret (); -&function_end_B("GFp_gcm_gmult_clmul"); +&function_end_B("gcm_gmult_clmul"); -&function_begin("GFp_gcm_ghash_clmul"); +&function_begin("gcm_ghash_clmul"); &mov ($Xip,&wparam(0)); &mov ($Htbl,&wparam(1)); &mov ($inp,&wparam(2)); @@ -462,7 +462,7 @@ my ($Xhi,$Xi) = @_; &set_label("done"); &pshufb ($Xi,$T3); &movdqu (&QWP(0,$Xip),$Xi); -&function_end("GFp_gcm_ghash_clmul"); +&function_end("gcm_ghash_clmul"); } else { # Algorithm 5. Kept for reference purposes. @@ -511,7 +511,7 @@ my ($Xhi,$Xi)=@_; &pxor ($Xi,$Xhi); # } -&function_begin_B("GFp_gcm_init_clmul"); +&function_begin_B("gcm_init_clmul"); &mov ($Htbl,&wparam(0)); &mov ($Xip,&wparam(1)); @@ -532,9 +532,9 @@ my ($Xhi,$Xi)=@_; &movdqu (&QWP(16,$Htbl),$Xi); # save H^2 &ret (); -&function_end_B("GFp_gcm_init_clmul"); +&function_end_B("gcm_init_clmul"); -&function_begin_B("GFp_gcm_gmult_clmul"); +&function_begin_B("gcm_gmult_clmul"); &mov ($Xip,&wparam(0)); &mov ($Htbl,&wparam(1)); @@ -555,9 +555,9 @@ my ($Xhi,$Xi)=@_; &movdqu (&QWP(0,$Xip),$Xi); &ret (); -&function_end_B("GFp_gcm_gmult_clmul"); +&function_end_B("gcm_gmult_clmul"); -&function_begin("GFp_gcm_ghash_clmul"); +&function_begin("gcm_ghash_clmul"); &mov ($Xip,&wparam(0)); &mov ($Htbl,&wparam(1)); &mov ($inp,&wparam(2)); @@ -643,7 +643,7 @@ my ($Xhi,$Xi)=@_; &set_label("done"); &pshufb ($Xi,$T3); &movdqu (&QWP(0,$Xip),$Xi); -&function_end("GFp_gcm_ghash_clmul"); +&function_end("gcm_ghash_clmul"); } diff --git a/crypto/fipsmodule/modes/asm/ghash-x86_64.pl b/crypto/fipsmodule/modes/asm/ghash-x86_64.pl index 3a89b8e..141e537 100644 --- a/crypto/fipsmodule/modes/asm/ghash-x86_64.pl +++ b/crypto/fipsmodule/modes/asm/ghash-x86_64.pl @@ -120,7 +120,7 @@ $do4xaggr=1; $code=<<___; .text -.extern GFp_ia32cap_P +.extern OPENSSL_ia32cap_P ___ @@ -200,15 +200,15 @@ ___ my $HK="%xmm6"; $code.=<<___; -.globl GFp_gcm_init_clmul -.type GFp_gcm_init_clmul,\@abi-omnipotent +.globl gcm_init_clmul +.type gcm_init_clmul,\@abi-omnipotent .align 16 -GFp_gcm_init_clmul: +gcm_init_clmul: .cfi_startproc .L_init_clmul: ___ $code.=<<___ if ($win64); -.LSEH_begin_GFp_gcm_init_clmul: +.LSEH_begin_gcm_init_clmul: # I can't trust assembler to use specific encoding:-( .byte 0x48,0x83,0xec,0x18 #sub $0x18,%rsp .byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp) @@ -270,22 +270,22 @@ ___ $code.=<<___ if ($win64); movaps (%rsp),%xmm6 lea 0x18(%rsp),%rsp -.LSEH_end_GFp_gcm_init_clmul: +.LSEH_end_gcm_init_clmul: ___ $code.=<<___; ret .cfi_endproc -.size GFp_gcm_init_clmul,.-GFp_gcm_init_clmul +.size gcm_init_clmul,.-gcm_init_clmul ___ } { my ($Xip,$Htbl)=@_4args; $code.=<<___; -.globl GFp_gcm_gmult_clmul -.type GFp_gcm_gmult_clmul,\@abi-omnipotent +.globl gcm_gmult_clmul +.type gcm_gmult_clmul,\@abi-omnipotent .align 16 -GFp_gcm_gmult_clmul: +gcm_gmult_clmul: .cfi_startproc .L_gmult_clmul: movdqu ($Xip),$Xi @@ -324,7 +324,7 @@ $code.=<<___; movdqu $Xi,($Xip) ret .cfi_endproc -.size GFp_gcm_gmult_clmul,.-GFp_gcm_gmult_clmul +.size gcm_gmult_clmul,.-gcm_gmult_clmul ___ } @@ -333,16 +333,16 @@ ___ my ($T1,$T2,$T3)=map("%xmm$_",(8..10)); $code.=<<___; -.globl GFp_gcm_ghash_clmul -.type GFp_gcm_ghash_clmul,\@abi-omnipotent +.globl gcm_ghash_clmul +.type gcm_ghash_clmul,\@abi-omnipotent .align 32 -GFp_gcm_ghash_clmul: +gcm_ghash_clmul: .cfi_startproc .L_ghash_clmul: ___ $code.=<<___ if ($win64); lea -0x88(%rsp),%rax -.LSEH_begin_GFp_gcm_ghash_clmul: +.LSEH_begin_gcm_ghash_clmul: # I can't trust assembler to use specific encoding:-( .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax),%rsp .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6,-0x20(%rax) @@ -373,7 +373,7 @@ if ($do4xaggr) { my ($Xl,$Xm,$Xh,$Hkey3,$Hkey4)=map("%xmm$_",(11..15)); $code.=<<___; - leaq GFp_ia32cap_P(%rip),%rax + leaq OPENSSL_ia32cap_P(%rip),%rax mov 4(%rax),%eax cmp \$0x30,$len jb .Lskip4x @@ -682,20 +682,20 @@ $code.=<<___ if ($win64); movaps 0x80(%rsp),%xmm14 movaps 0x90(%rsp),%xmm15 lea 0xa8(%rsp),%rsp -.LSEH_end_GFp_gcm_ghash_clmul: +.LSEH_end_gcm_ghash_clmul: ___ $code.=<<___; ret .cfi_endproc -.size GFp_gcm_ghash_clmul,.-GFp_gcm_ghash_clmul +.size gcm_ghash_clmul,.-gcm_ghash_clmul ___ } $code.=<<___; -.globl GFp_gcm_init_avx -.type GFp_gcm_init_avx,\@abi-omnipotent +.globl gcm_init_avx +.type gcm_init_avx,\@abi-omnipotent .align 32 -GFp_gcm_init_avx: +gcm_init_avx: .cfi_startproc ___ if ($avx) { @@ -703,7 +703,7 @@ my ($Htbl,$Xip)=@_4args; my $HK="%xmm6"; $code.=<<___ if ($win64); -.LSEH_begin_GFp_gcm_init_avx: +.LSEH_begin_gcm_init_avx: # I can't trust assembler to use specific encoding:-( .byte 0x48,0x83,0xec,0x18 #sub $0x18,%rsp .byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp) @@ -821,25 +821,25 @@ ___ $code.=<<___ if ($win64); movaps (%rsp),%xmm6 lea 0x18(%rsp),%rsp -.LSEH_end_GFp_gcm_init_avx: +.LSEH_end_gcm_init_avx: ___ $code.=<<___; ret .cfi_endproc -.size GFp_gcm_init_avx,.-GFp_gcm_init_avx +.size gcm_init_avx,.-gcm_init_avx ___ } else { $code.=<<___; jmp .L_init_clmul -.size GFp_gcm_init_avx,.-GFp_gcm_init_avx +.size gcm_init_avx,.-gcm_init_avx ___ } $code.=<<___; -.globl GFp_gcm_ghash_avx -.type GFp_gcm_ghash_avx,\@abi-omnipotent +.globl gcm_ghash_avx +.type gcm_ghash_avx,\@abi-omnipotent .align 32 -GFp_gcm_ghash_avx: +gcm_ghash_avx: .cfi_startproc ___ if ($avx) { @@ -851,7 +851,7 @@ my ($Xlo,$Xhi,$Xmi, $code.=<<___ if ($win64); lea -0x88(%rsp),%rax -.LSEH_begin_GFp_gcm_ghash_avx: +.LSEH_begin_gcm_ghash_avx: # I can't trust assembler to use specific encoding:-( .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax),%rsp .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6,-0x20(%rax) @@ -1249,17 +1249,17 @@ $code.=<<___ if ($win64); movaps 0x80(%rsp),%xmm14 movaps 0x90(%rsp),%xmm15 lea 0xa8(%rsp),%rsp -.LSEH_end_GFp_gcm_ghash_avx: +.LSEH_end_gcm_ghash_avx: ___ $code.=<<___; ret .cfi_endproc -.size GFp_gcm_ghash_avx,.-GFp_gcm_ghash_avx +.size gcm_ghash_avx,.-gcm_ghash_avx ___ } else { $code.=<<___; jmp .L_ghash_clmul -.size GFp_gcm_ghash_avx,.-GFp_gcm_ghash_avx +.size gcm_ghash_avx,.-gcm_ghash_avx ___ } @@ -1281,31 +1281,31 @@ if ($win64) { $code.=<<___; .section .pdata .align 4 - .rva .LSEH_begin_GFp_gcm_init_clmul - .rva .LSEH_end_GFp_gcm_init_clmul - .rva .LSEH_info_GFp_gcm_init_clmul + .rva .LSEH_begin_gcm_init_clmul + .rva .LSEH_end_gcm_init_clmul + .rva .LSEH_info_gcm_init_clmul - .rva .LSEH_begin_GFp_gcm_ghash_clmul - .rva .LSEH_end_GFp_gcm_ghash_clmul - .rva .LSEH_info_GFp_gcm_ghash_clmul + .rva .LSEH_begin_gcm_ghash_clmul + .rva .LSEH_end_gcm_ghash_clmul + .rva .LSEH_info_gcm_ghash_clmul ___ $code.=<<___ if ($avx); - .rva .LSEH_begin_GFp_gcm_init_avx - .rva .LSEH_end_GFp_gcm_init_avx - .rva .LSEH_info_GFp_gcm_init_clmul + .rva .LSEH_begin_gcm_init_avx + .rva .LSEH_end_gcm_init_avx + .rva .LSEH_info_gcm_init_clmul - .rva .LSEH_begin_GFp_gcm_ghash_avx - .rva .LSEH_end_GFp_gcm_ghash_avx - .rva .LSEH_info_GFp_gcm_ghash_clmul + .rva .LSEH_begin_gcm_ghash_avx + .rva .LSEH_end_gcm_ghash_avx + .rva .LSEH_info_gcm_ghash_clmul ___ $code.=<<___; .section .xdata .align 8 -.LSEH_info_GFp_gcm_init_clmul: +.LSEH_info_gcm_init_clmul: .byte 0x01,0x08,0x03,0x00 .byte 0x08,0x68,0x00,0x00 #movaps 0x00(rsp),xmm6 .byte 0x04,0x22,0x00,0x00 #sub rsp,0x18 -.LSEH_info_GFp_gcm_ghash_clmul: +.LSEH_info_gcm_ghash_clmul: .byte 0x01,0x33,0x16,0x00 .byte 0x33,0xf8,0x09,0x00 #movaps 0x90(rsp),xmm15 .byte 0x2e,0xe8,0x08,0x00 #movaps 0x80(rsp),xmm14 diff --git a/crypto/fipsmodule/modes/asm/ghashv8-armx.pl b/crypto/fipsmodule/modes/asm/ghashv8-armx.pl index 3a551c2..03cd322 100644 --- a/crypto/fipsmodule/modes/asm/ghashv8-armx.pl +++ b/crypto/fipsmodule/modes/asm/ghashv8-armx.pl @@ -60,7 +60,7 @@ my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3)); my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14)); $code=<<___; -#include <GFp/arm_arch.h> +#include <ring-core/arm_arch.h> .text ___ @@ -72,7 +72,7 @@ $code.=<<___ if ($flavour !~ /64/); ___ ################################################################################ -# void GFp_gcm_init_clmul(u128 Htable[16],const u64 H[2]); +# void gcm_init_clmul(u128 Htable[16],const u64 H[2]); # # input: 128-bit H - secret parameter E(K,0^128) # output: precomputed table filled with degrees of twisted H; @@ -82,10 +82,10 @@ ___ # optimize the code independently); # $code.=<<___; -.global GFp_gcm_init_clmul -.type GFp_gcm_init_clmul,%function +.global gcm_init_clmul +.type gcm_init_clmul,%function .align 4 -GFp_gcm_init_clmul: +gcm_init_clmul: AARCH64_VALID_CALL_TARGET vld1.64 {$t1},[x1] @ load input H vmov.i8 $xC2,#0xe1 @@ -132,20 +132,20 @@ GFp_gcm_init_clmul: vst1.64 {$Hhl-$H2},[x0] @ store Htable[1..2] ret -.size GFp_gcm_init_clmul,.-GFp_gcm_init_clmul +.size gcm_init_clmul,.-gcm_init_clmul ___ ################################################################################ -# void GFp_gcm_gmult_clmul(u64 Xi[2],const u128 Htable[16]); +# void gcm_gmult_clmul(u64 Xi[2],const u128 Htable[16]); # # input: Xi - current hash value; -# Htable - table precomputed in GFp_gcm_init_clmul; +# Htable - table precomputed in gcm_init_clmul; # output: Xi - next hash value Xi; # $code.=<<___; -.global GFp_gcm_gmult_clmul -.type GFp_gcm_gmult_clmul,%function +.global gcm_gmult_clmul +.type gcm_gmult_clmul,%function .align 4 -GFp_gcm_gmult_clmul: +gcm_gmult_clmul: AARCH64_VALID_CALL_TARGET vld1.64 {$t1},[$Xi] @ load Xi vmov.i8 $xC2,#0xe1 @@ -183,23 +183,23 @@ GFp_gcm_gmult_clmul: vst1.64 {$Xl},[$Xi] @ write out Xi ret -.size GFp_gcm_gmult_clmul,.-GFp_gcm_gmult_clmul +.size gcm_gmult_clmul,.-gcm_gmult_clmul ___ ################################################################################ -# void GFp_gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp, +# void gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp, # size_t len); # -# input: table precomputed in GFp_gcm_init_clmul; +# input: table precomputed in gcm_init_clmul; # current hash value Xi; # pointer to input data; # length of input data in bytes, but divisible by block size; # output: next hash value Xi; # $code.=<<___; -.global GFp_gcm_ghash_clmul -.type GFp_gcm_ghash_clmul,%function +.global gcm_ghash_clmul +.type gcm_ghash_clmul,%function .align 4 -GFp_gcm_ghash_clmul: +gcm_ghash_clmul: AARCH64_VALID_CALL_TARGET ___ $code.=<<___ if ($flavour !~ /64/); @@ -347,7 +347,7 @@ $code.=<<___ if ($flavour !~ /64/); ___ $code.=<<___; ret -.size GFp_gcm_ghash_clmul,.-GFp_gcm_ghash_clmul +.size gcm_ghash_clmul,.-gcm_ghash_clmul ___ } $code.=<<___; diff --git a/crypto/fipsmodule/rsa/padding.c b/crypto/fipsmodule/rsa/padding.c new file mode 100644 index 0000000..a281f5f --- /dev/null +++ b/crypto/fipsmodule/rsa/padding.c @@ -0,0 +1,93 @@ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). */ + +#include "../../internal.h" + +#include <ring-core/mem.h> + +int RSA_padding_check_oaep(size_t *out_len, uint8_t y, const uint8_t db[], + size_t dblen, const uint8_t phash[], + size_t mdlen) { + crypto_word bad = ~constant_time_is_zero_w(OPENSSL_memcmp(db, phash, mdlen)); + bad |= ~constant_time_is_zero_w(y); + + crypto_word looking_for_one_byte = CONSTTIME_TRUE_W; + size_t one_index = 0; + for (size_t i = mdlen; i < dblen; i++) { + crypto_word equals1 = constant_time_eq_w(db[i], 1); + crypto_word equals0 = constant_time_eq_w(db[i], 0); + one_index = + constant_time_select_w(looking_for_one_byte & equals1, i, one_index); + looking_for_one_byte = + constant_time_select_w(equals1, 0, looking_for_one_byte); + bad |= looking_for_one_byte & ~equals0; + } + + bad |= looking_for_one_byte; + + if (bad) { + goto decoding_err; + } + + one_index++; + size_t mlen = dblen - one_index; + + *out_len = mlen; + + return 1; + +decoding_err: + return 0; +} diff --git a/crypto/fipsmodule/sha/asm/sha256-armv4.pl b/crypto/fipsmodule/sha/asm/sha256-armv4.pl index d8661a0..63e359a 100644 --- a/crypto/fipsmodule/sha/asm/sha256-armv4.pl +++ b/crypto/fipsmodule/sha/asm/sha256-armv4.pl @@ -177,7 +177,7 @@ ___ $code=<<___; #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> #else # define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 @@ -218,25 +218,25 @@ K256: .size K256,.-K256 .word 0 @ terminator #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.extern GFp_armcap_P -.hidden GFp_armcap_P +.extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .LOPENSSL_armcap: -.word GFp_armcap_P-.Lsha256_block_data_order +.word OPENSSL_armcap_P-.Lsha256_block_data_order #endif .align 5 -.global GFp_sha256_block_data_order -.type GFp_sha256_block_data_order,%function -GFp_sha256_block_data_order: +.global sha256_block_data_order +.type sha256_block_data_order,%function +sha256_block_data_order: .Lsha256_block_data_order: #if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r3,pc,#8 @ GFp_sha256_block_data_order + sub r3,pc,#8 @ sha256_block_data_order #else adr r3,.Lsha256_block_data_order #endif #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap - ldr r12,[r3,r12] @ GFp_armcap_P + ldr r12,[r3,r12] @ OPENSSL_armcap_P #ifdef __APPLE__ ldr r12,[r12] #endif @@ -302,7 +302,7 @@ $code.=<<___; moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif -.size GFp_sha256_block_data_order,.-GFp_sha256_block_data_order +.size sha256_block_data_order,.-sha256_block_data_order ___ ###################################################################### # NEON stuff diff --git a/crypto/fipsmodule/sha/asm/sha512-armv4.pl b/crypto/fipsmodule/sha/asm/sha512-armv4.pl index 21c7ebd..df59ef5 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv4.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv4.pl @@ -200,7 +200,7 @@ ___ } $code=<<___; #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} #else @@ -278,27 +278,27 @@ WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .size K512,.-K512 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.extern GFp_armcap_P -.hidden GFp_armcap_P +.extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .LOPENSSL_armcap: -.word GFp_armcap_P-.Lsha512_block_data_order +.word OPENSSL_armcap_P-.Lsha512_block_data_order .skip 32-4 #else .skip 32 #endif -.global GFp_sha512_block_data_order -.type GFp_sha512_block_data_order,%function -GFp_sha512_block_data_order: +.global sha512_block_data_order +.type sha512_block_data_order,%function +sha512_block_data_order: .Lsha512_block_data_order: #if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r3,pc,#8 @ GFp_sha512_block_data_order + sub r3,pc,#8 @ sha512_block_data_order #else adr r3,.Lsha512_block_data_order #endif #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap - ldr r12,[r3,r12] @ GFp_armcap_P + ldr r12,[r3,r12] @ OPENSSL_armcap_P #ifdef __APPLE__ ldr r12,[r12] #endif @@ -506,7 +506,7 @@ $code.=<<___; moveq pc,lr @ be binary compatible with V4, yet bx lr @ interoperable with Thumb ISA:-) #endif -.size GFp_sha512_block_data_order,.-GFp_sha512_block_data_order +.size sha512_block_data_order,.-sha512_block_data_order ___ { diff --git a/crypto/fipsmodule/sha/asm/sha512-armv8.pl b/crypto/fipsmodule/sha/asm/sha512-armv8.pl index bb80b7c..5211d28 100644 --- a/crypto/fipsmodule/sha/asm/sha512-armv8.pl +++ b/crypto/fipsmodule/sha/asm/sha512-armv8.pl @@ -74,7 +74,7 @@ if ($output =~ /sha512-armv8/) { $reg_t="w"; } -$func="GFp_sha${BITS}_block_data_order"; +$func="sha${BITS}_block_data_order"; ($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30)); @@ -173,13 +173,13 @@ ___ $code.=<<___; #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> #endif .text -.extern GFp_armcap_P -.hidden GFp_armcap_P +.extern OPENSSL_armcap_P +.hidden OPENSSL_armcap_P .globl $func .type $func,%function .align 6 @@ -189,11 +189,11 @@ $code.=<<___ if ($SZ==4); AARCH64_VALID_CALL_TARGET #ifndef __KERNEL__ #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 - adrp x16,:pg_hi21_nc:GFp_armcap_P + adrp x16,:pg_hi21_nc:OPENSSL_armcap_P #else - adrp x16,:pg_hi21:GFp_armcap_P + adrp x16,:pg_hi21:OPENSSL_armcap_P #endif - ldr w16,[x16,:lo12:GFp_armcap_P] + ldr w16,[x16,:lo12:OPENSSL_armcap_P] tst w16,#ARMV8_SHA256 b.ne .Lv8_entry #endif diff --git a/crypto/fipsmodule/sha/asm/sha512-x86_64.pl b/crypto/fipsmodule/sha/asm/sha512-x86_64.pl index a0ba06b..05ad80f 100644 --- a/crypto/fipsmodule/sha/asm/sha512-x86_64.pl +++ b/crypto/fipsmodule/sha/asm/sha512-x86_64.pl @@ -142,7 +142,7 @@ open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; *STDOUT=*OUT; if ($output =~ /sha512-x86_64/) { - $func="GFp_sha512_block_data_order"; + $func="sha512_block_data_order"; $TABLE="K512"; $SZ=8; @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx", @@ -154,7 +154,7 @@ if ($output =~ /sha512-x86_64/) { @sigma1=(19,61, 6); $rounds=80; } else { - $func="GFp_sha256_block_data_order"; + $func="sha256_block_data_order"; $TABLE="K256"; $SZ=4; @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx", @@ -262,7 +262,7 @@ ___ $code=<<___; .text -.extern GFp_ia32cap_P +.extern OPENSSL_ia32cap_P .globl $func .type $func,\@function,3 .align 16 @@ -270,7 +270,7 @@ $func: .cfi_startproc ___ $code.=<<___ if ($SZ==4 || $avx); - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 mov 0(%r11),%r9d mov 4(%r11),%r10d mov 8(%r11),%r11d @@ -558,9 +558,9 @@ my ($Wi,$ABEF,$CDGH,$TMP,$BSWAP,$ABEF_SAVE,$CDGH_SAVE)=map("%xmm$_",(0..2,7..10) my @MSG=map("%xmm$_",(3..6)); $code.=<<___; -.type GFp_sha256_block_data_order_shaext,\@function,3 +.type sha256_block_data_order_shaext,\@function,3 .align 64 -GFp_sha256_block_data_order_shaext: +sha256_block_data_order_shaext: _shaext_shortcut: ___ $code.=<<___ if ($win64); @@ -705,7 +705,7 @@ $code.=<<___ if ($win64); ___ $code.=<<___; ret -.size GFp_sha256_block_data_order_shaext,.-GFp_sha256_block_data_order_shaext +.size sha256_block_data_order_shaext,.-sha256_block_data_order_shaext ___ }}} {{{ diff --git a/crypto/internal.h b/crypto/internal.h index 1877bec..b975c0b 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -109,9 +109,9 @@ #ifndef OPENSSL_HEADER_CRYPTO_INTERNAL_H #define OPENSSL_HEADER_CRYPTO_INTERNAL_H -#include <GFp/base.h> // Must be first. +#include <ring-core/base.h> // Must be first. -#include "GFp/check.h" +#include "ring-core/check.h" #if defined(__GNUC__) && \ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) < 40800 @@ -125,6 +125,15 @@ #include <stdalign.h> #endif +// Some C compilers require a useless cast when dealing with arrays for the +// reason explained in +// https://gustedt.wordpress.com/2011/02/12/const-and-arrays/ +#if defined(__clang__) || defined(_MSC_VER) +#define RING_CORE_POINTLESS_ARRAY_CONST_CAST(cast) +#else +#define RING_CORE_POINTLESS_ARRAY_CONST_CAST(cast) cast +#endif + #if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT) #define BORINGSSL_HAS_UINT128 typedef __int128_t int128_t; @@ -259,12 +268,12 @@ static inline uint32_t CRYPTO_bswap4(uint32_t x) { } #endif -#if !defined(GFp_NOSTDLIBINC) +#if !defined(RING_CORE_NOSTDLIBINC) #include <string.h> #endif -static inline void *GFp_memcpy(void *dst, const void *src, size_t n) { -#if !defined(GFp_NOSTDLIBINC) +static inline void *OPENSSL_memcpy(void *dst, const void *src, size_t n) { +#if !defined(RING_CORE_NOSTDLIBINC) if (n == 0) { return dst; } @@ -279,8 +288,8 @@ static inline void *GFp_memcpy(void *dst, const void *src, size_t n) { #endif } -static inline void *GFp_memset(void *dst, int c, size_t n) { -#if !defined(GFp_NOSTDLIBINC) +static inline void *OPENSSL_memset(void *dst, int c, size_t n) { +#if !defined(RING_CORE_NOSTDLIBINC) if (n == 0) { return dst; } diff --git a/crypto/limbs/limbs.c b/crypto/limbs/limbs.c index 7a0e791..7b0b48e 100644 --- a/crypto/limbs/limbs.c +++ b/crypto/limbs/limbs.c @@ -179,7 +179,7 @@ Limb LIMB_shr(Limb a, size_t shift) { return a >> shift; } -Limb GFp_limbs_mul_add_limb(Limb r[], const Limb a[], Limb b, size_t num_limbs) { +Limb limbs_mul_add_limb(Limb r[], const Limb a[], Limb b, size_t num_limbs) { Limb carried = 0; for (size_t i = 0; i < num_limbs; ++i) { Limb lo; diff --git a/crypto/limbs/limbs.h b/crypto/limbs/limbs.h index 8296a9a..e51343b 100644 --- a/crypto/limbs/limbs.h +++ b/crypto/limbs/limbs.h @@ -15,7 +15,7 @@ #ifndef RING_LIMBS_H #define RING_LIMBS_H -#include <GFp/base.h> +#include <ring-core/base.h> #include "../internal.h" @@ -35,6 +35,6 @@ void LIMBS_add_mod(Limb r[], const Limb a[], const Limb b[], const Limb m[], void LIMBS_sub_mod(Limb r[], const Limb a[], const Limb b[], const Limb m[], size_t num_limbs); void LIMBS_shl_mod(Limb r[], const Limb a[], const Limb m[], size_t num_limbs); -Limb GFp_limbs_mul_add_limb(Limb r[], const Limb a[], Limb b, size_t num_limbs); +Limb limbs_mul_add_limb(Limb r[], const Limb a[], Limb b, size_t num_limbs); #endif /* RING_LIMBS_H */ diff --git a/crypto/limbs/limbs.inl b/crypto/limbs/limbs.inl index b5c1d75..f8d270a 100644 --- a/crypto/limbs/limbs.inl +++ b/crypto/limbs/limbs.inl @@ -13,7 +13,7 @@ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "limbs.h" -#include "GFp/check.h" +#include "ring-core/check.h" #if defined(_MSC_VER) && !defined(__clang__) #pragma warning(push, 3) @@ -36,12 +36,12 @@ typedef uint8_t Carry; #if LIMB_BITS == 64 #pragma intrinsic(_addcarry_u64, _subborrow_u64) -#define GFp_ADDCARRY_INTRINSIC _addcarry_u64 -#define GFp_SUBBORROW_INTRINSIC _subborrow_u64 +#define RING_CORE_ADDCARRY_INTRINSIC _addcarry_u64 +#define RING_CORE_SUBBORROW_INTRINSIC _subborrow_u64 #elif LIMB_BITS == 32 #pragma intrinsic(_addcarry_u32, _subborrow_u32) -#define GFp_ADDCARRY_INTRINSIC _addcarry_u32 -#define GFp_SUBBORROW_INTRINSIC _subborrow_u32 +#define RING_CORE_ADDCARRY_INTRINSIC _addcarry_u32 +#define RING_CORE_SUBBORROW_INTRINSIC _subborrow_u32 typedef uint64_t DoubleLimb; #endif #else @@ -58,8 +58,8 @@ typedef uint64_t DoubleLimb; static inline Carry limb_adc(Limb *r, Limb a, Limb b, Carry carry_in) { dev_assert_secret(carry_in == 0 || carry_in == 1); Carry ret; -#if defined(GFp_ADDCARRY_INTRINSIC) - ret = GFp_ADDCARRY_INTRINSIC(carry_in, a, b, r); +#if defined(RING_CORE_ADDCARRY_INTRINSIC) + ret = RING_CORE_ADDCARRY_INTRINSIC(carry_in, a, b, r); #else DoubleLimb x = (DoubleLimb)a + b + carry_in; *r = (Limb)x; @@ -72,8 +72,8 @@ static inline Carry limb_adc(Limb *r, Limb a, Limb b, Carry carry_in) { /* |*r = a + b|, returning carry bit. */ static inline Carry limb_add(Limb *r, Limb a, Limb b) { Carry ret; -#if defined(GFp_ADDCARRY_INTRINSIC) - ret = GFp_ADDCARRY_INTRINSIC(0, a, b, r); +#if defined(RING_CORE_ADDCARRY_INTRINSIC) + ret = RING_CORE_ADDCARRY_INTRINSIC(0, a, b, r); #else DoubleLimb x = (DoubleLimb)a + b; *r = (Limb)x; @@ -88,8 +88,8 @@ static inline Carry limb_add(Limb *r, Limb a, Limb b) { static inline Carry limb_sbb(Limb *r, Limb a, Limb b, Carry borrow_in) { dev_assert_secret(borrow_in == 0 || borrow_in == 1); Carry ret; -#if defined(GFp_SUBBORROW_INTRINSIC) - ret = GFp_SUBBORROW_INTRINSIC(borrow_in, a, b, r); +#if defined(RING_CORE_SUBBORROW_INTRINSIC) + ret = RING_CORE_SUBBORROW_INTRINSIC(borrow_in, a, b, r); #else DoubleLimb x = (DoubleLimb)a - b - borrow_in; *r = (Limb)x; @@ -102,8 +102,8 @@ static inline Carry limb_sbb(Limb *r, Limb a, Limb b, Carry borrow_in) { /* |*r = a - b|, returning borrow bit. */ static inline Carry limb_sub(Limb *r, Limb a, Limb b) { Carry ret; -#if defined(GFp_SUBBORROW_INTRINSIC) - ret = GFp_SUBBORROW_INTRINSIC(0, a, b, r); +#if defined(RING_CORE_SUBBORROW_INTRINSIC) + ret = RING_CORE_SUBBORROW_INTRINSIC(0, a, b, r); #else DoubleLimb x = (DoubleLimb)a - b; *r = (Limb)x; diff --git a/crypto/mem.c b/crypto/mem.c index 5ce8489..e26903e 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -54,9 +54,9 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include <GFp/mem.h> +#include <ring-core/mem.h> -int GFp_memcmp(const uint8_t *a, const uint8_t *b, size_t len) { +size_t OPENSSL_memcmp(const uint8_t *a, const uint8_t *b, size_t len) { uint8_t x = 0; for (size_t i = 0; i < len; i++) { x |= a[i] ^ b[i]; diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl index b46db26..7b88c6c 100644 --- a/crypto/perlasm/arm-xlate.pl +++ b/crypto/perlasm/arm-xlate.pl @@ -22,6 +22,7 @@ my $dotinlocallabels=($flavour=~/linux/)?1:0; ################################################################ my $arch = sub { if ($flavour =~ /linux/) { ".arch\t".join(',',@_); } + elsif ($flavour =~ /win64/) { ".arch\t".join(',',@_); } else { ""; } }; my $fpu = sub { @@ -30,6 +31,7 @@ my $fpu = sub { }; my $hidden = sub { if ($flavour =~ /ios/) { ".private_extern\t".join(',',@_); } + elsif ($flavour =~ /win64/) { ""; } else { ".hidden\t".join(',',@_); } }; my $comm = sub { @@ -80,6 +82,15 @@ my $type = sub { "#endif"; } } + elsif ($flavour =~ /win64/) { if (join(',',@_) =~ /(\w+),%function/) { + # See https://sourceware.org/binutils/docs/as/Pseudo-Ops.html + # Per https://docs.microsoft.com/en-us/windows/win32/debug/pe-format#coff-symbol-table, + # the type for functions is 0x20, or 32. + ".def $1\n". + " .type 32\n". + ".endef"; + } + } else { ""; } }; my $size = sub { @@ -155,7 +166,11 @@ print <<___; ___ print "#if defined(__arm__)\n" if ($flavour eq "linux32"); -print "#if defined(__aarch64__)\n" if ($flavour eq "linux64"); +print "#if defined(__aarch64__)\n" if ($flavour eq "linux64" || $flavour eq "win64"); + +print <<___; +#include "ring_core_generated/prefix_symbols_asm.h" +___ while(my $line=<>) { @@ -224,7 +239,7 @@ while(my $line=<>) { print "\n"; } -print "#endif\n" if ($flavour eq "linux32" || $flavour eq "linux64"); +print "#endif\n" if ($flavour eq "linux32" || $flavour eq "linux64" || $flavour eq "win64"); print "#endif // !OPENSSL_NO_ASM\n"; # See https://www.airs.com/blog/archives/518. diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index cd17943..8a2917b 100644 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -1151,6 +1151,8 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" ___ } elsif ($masm) { print <<___; @@ -1167,6 +1169,7 @@ if ($gas) { #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" ___ } @@ -1257,7 +1260,7 @@ print "#endif\n" if ($gas); # See https://www.airs.com/blog/archives/518. print ".section\t.note.GNU-stack,\"\",\@progbits\n" if ($elf); -close STDOUT or die "error closing STDOUT"; +close STDOUT; ################################################# # Cross-reference x86_64 ABI "card" diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl index f69fcda..c271148 100644 --- a/crypto/perlasm/x86asm.pl +++ b/crypto/perlasm/x86asm.pl @@ -264,16 +264,12 @@ $comment source tree. Do not edit by hand. ___ if ($win32) { print <<___ unless $masm; -%ifdef BORINGSSL_PREFIX -%include "boringssl_prefix_symbols_nasm.inc" -%endif +%include "ring_core_generated/prefix_symbols_nasm.inc" ___ } else { print <<___; #if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif +#include "ring_core_generated/prefix_symbols_asm.h" ___ } print @out; diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl index 5df7de6..7d0c00f 100644 --- a/crypto/perlasm/x86gas.pl +++ b/crypto/perlasm/x86gas.pl @@ -170,8 +170,8 @@ sub ::file_end { push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n"); } } } - if (0 && grep {/\b${nmdecor}GFp_ia32cap_P\b/i} @out) { - my $tmp=".comm\t${nmdecor}GFp_ia32cap_P,16"; + if (0 && grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) { + my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,16"; if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } @@ -208,7 +208,7 @@ sub ::picmeup &::mov($dst,&::DWP("$indirect-$reflabel",$base)); $non_lazy_ptr{"$nmdecor$sym"}=$indirect; } - elsif ($sym eq "GFp_ia32cap_P" && $::elf>0) + elsif ($sym eq "OPENSSL_ia32cap_P" && $::elf>0) { &::lea($dst,&::DWP("$sym-$reflabel",$base)); } else { &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]", @@ -265,6 +265,14 @@ ___ sub ::dataseg { push(@out,".data\n"); } +sub ::preprocessor_ifdef +{ my($define)=@_; + push(@out,"#ifdef ${define}\n"); +} + +sub ::preprocessor_endif +{ push(@out,"#endif\n"); } + *::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf); 1; diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl index 4dbd85c..96883ff 100644 --- a/crypto/perlasm/x86nasm.pl +++ b/crypto/perlasm/x86nasm.pl @@ -123,13 +123,13 @@ sub ::function_end_B } sub ::file_end -{ if (grep {/\b${nmdecor}GFp_ia32cap_P\b/i} @out) +{ if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) { my $comm=<<___; ${drdecor}segment .bss -${drdecor}common ${nmdecor}GFp_ia32cap_P 16 +${drdecor}common ${nmdecor}OPENSSL_ia32cap_P 16 ___ - # comment out GFp_ia32cap_P declarations - grep {s/(^extern\s+${nmdecor}GFp_ia32cap_P)/\;$1/} @out; + # comment out OPENSSL_ia32cap_P declarations + grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out; push (@out,$comm) } push (@out,$initseg) if ($initseg); @@ -183,4 +183,12 @@ sub ::safeseh push(@out,"%endif\n"); } +sub ::preprocessor_ifdef +{ my($define)=@_; + push(@out,"%ifdef ${define}\n"); +} + +sub ::preprocessor_endif +{ push(@out,"%endif\n"); } + 1; diff --git a/crypto/poly1305/internal.h b/crypto/poly1305/internal.h index 98e7a48..f828e0b 100644 --- a/crypto/poly1305/internal.h +++ b/crypto/poly1305/internal.h @@ -15,8 +15,8 @@ #ifndef OPENSSL_HEADER_POLY1305_INTERNAL_H #define OPENSSL_HEADER_POLY1305_INTERNAL_H -#include <GFp/base.h> -#include <GFp/poly1305.h> +#include <ring-core/base.h> +#include <ring-core/poly1305.h> #if defined(OPENSSL_ARM) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_APPLE) #define OPENSSL_POLY1305_NEON diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c index 6662058..fcf3bc8 100644 --- a/crypto/poly1305/poly1305.c +++ b/crypto/poly1305/poly1305.c @@ -16,7 +16,7 @@ // (https://github.com/floodyberry/poly1305-donna) and released as public // domain. -#include <GFp/poly1305.h> +#include <ring-core/poly1305.h> #include "internal.h" #include "../internal.h" @@ -32,12 +32,12 @@ // We can assume little-endian. static uint32_t U8TO32_LE(const uint8_t *m) { uint32_t r; - GFp_memcpy(&r, m, sizeof(r)); + OPENSSL_memcpy(&r, m, sizeof(r)); return r; } static void U32TO8_LE(uint8_t *m, uint32_t v) { - GFp_memcpy(m, &v, sizeof(v)); + OPENSSL_memcpy(m, &v, sizeof(v)); } static uint64_t mul32x32_64(uint32_t a, uint32_t b) { return (uint64_t)a * b; } @@ -157,7 +157,7 @@ poly1305_donna_atmost15bytes: goto poly1305_donna_mul; } -void GFp_poly1305_init(poly1305_state *statep, const uint8_t key[32]) { +void CRYPTO_poly1305_init(poly1305_state *statep, const uint8_t key[32]) { struct poly1305_state_st *state = poly1305_aligned_state(statep); uint32_t t0, t1, t2, t3; @@ -193,11 +193,11 @@ void GFp_poly1305_init(poly1305_state *statep, const uint8_t key[32]) { state->h4 = 0; state->buf_used = 0; - GFp_memcpy(state->key, key + 16, sizeof(state->key)); + OPENSSL_memcpy(state->key, key + 16, sizeof(state->key)); } -void GFp_poly1305_update(poly1305_state *statep, const uint8_t *in, - size_t in_len) { +void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in, + size_t in_len) { struct poly1305_state_st *state = poly1305_aligned_state(statep); if (state->buf_used) { @@ -233,7 +233,7 @@ void GFp_poly1305_update(poly1305_state *statep, const uint8_t *in, } } -void GFp_poly1305_finish(poly1305_state *statep, uint8_t mac[16]) { +void CRYPTO_poly1305_finish(poly1305_state *statep, uint8_t mac[16]) { struct poly1305_state_st *state = poly1305_aligned_state(statep); uint64_t f0, f1, f2, f3; uint32_t g0, g1, g2, g3, g4; diff --git a/crypto/poly1305/poly1305_arm.c b/crypto/poly1305/poly1305_arm.c index 3b00a9f..d7d66ff 100644 --- a/crypto/poly1305/poly1305_arm.c +++ b/crypto/poly1305/poly1305_arm.c @@ -15,7 +15,7 @@ // This implementation was taken from the public domain, neon2 version in // SUPERCOP by D. J. Bernstein and Peter Schwabe. -#include <GFp/poly1305.h> +#include <ring-core/poly1305.h> #include "internal.h" #include "../internal.h" @@ -30,8 +30,8 @@ typedef struct { uint32_t v[12]; // for alignment; only using 10 } fe1305x2; -#define addmulmod GFp_poly1305_neon2_addmulmod -#define blocks GFp_poly1305_neon2_blocks +#define addmulmod poly1305_neon2_addmulmod +#define blocks poly1305_neon2_blocks extern void addmulmod(fe1305x2 *r, const fe1305x2 *x, const fe1305x2 *y, const fe1305x2 *c); @@ -104,13 +104,13 @@ static void freeze(fe1305x2 *r) { r->v[8] = y4; } -static void store32(uint8_t out[4], uint32_t v) { GFp_memcpy(out, &v, 4); } +static void store32(uint8_t out[4], uint32_t v) { OPENSSL_memcpy(out, &v, 4); } // load32 exists to avoid breaking strict aliasing rules in // fe1305x2_frombytearray. static uint32_t load32(const uint8_t t[4]) { uint32_t tmp; - GFp_memcpy(&tmp, t, sizeof(tmp)); + OPENSSL_memcpy(&tmp, t, sizeof(tmp)); return tmp; } @@ -187,7 +187,7 @@ struct poly1305_state_st { OPENSSL_STATIC_ASSERT(sizeof(struct poly1305_state_st) <= sizeof(poly1305_state), "poly1305_state isn't large enough to hold aligned poly1305_state_st"); -void GFp_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { +void CRYPTO_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { struct poly1305_state_st *st = (struct poly1305_state_st *)(state); fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data))); fe1305x2 *const h = r + 1; @@ -207,12 +207,12 @@ void GFp_poly1305_init_neon(poly1305_state *state, const uint8_t key[32]) { addmulmod(precomp, r, r, &zero); // precompute r^2 addmulmod(precomp + 1, precomp, precomp, &zero); // precompute r^4 - GFp_memcpy(st->key, key + 16, 16); + OPENSSL_memcpy(st->key, key + 16, 16); st->buf_used = 0; } -void GFp_poly1305_update_neon(poly1305_state *state, const uint8_t *in, - size_t in_len) { +void CRYPTO_poly1305_update_neon(poly1305_state *state, const uint8_t *in, + size_t in_len) { struct poly1305_state_st *st = (struct poly1305_state_st *)(state); fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data))); fe1305x2 *const h = r + 1; @@ -259,7 +259,7 @@ void GFp_poly1305_update_neon(poly1305_state *state, const uint8_t *in, } } -void GFp_poly1305_finish_neon(poly1305_state *state, uint8_t mac[16]) { +void CRYPTO_poly1305_finish_neon(poly1305_state *state, uint8_t mac[16]) { struct poly1305_state_st *st = (struct poly1305_state_st *)(state); fe1305x2 *const r = (fe1305x2 *)(st->data + (15 & (-(int)st->data))); fe1305x2 *const h = r + 1; diff --git a/crypto/poly1305/poly1305_arm_asm.S b/crypto/poly1305/poly1305_arm_asm.S index 24ae435..42840ae 100644 --- a/crypto/poly1305/poly1305_arm_asm.S +++ b/crypto/poly1305/poly1305_arm_asm.S @@ -8,9 +8,7 @@ #pragma GCC diagnostic ignored "-Wlanguage-extension-token" -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif +#include "ring_core_generated/prefix_symbols_asm.h" # This implementation was taken from the public domain, neon2 version in # SUPERCOP by D. J. Bernstein and Peter Schwabe. @@ -165,10 +163,10 @@ # qhasm: qpushenter crypto_onetimeauth_poly1305_neon2_blocks .align 4 -.global GFp_poly1305_neon2_blocks -.hidden GFp_poly1305_neon2_blocks -.type GFp_poly1305_neon2_blocks STT_FUNC -GFp_poly1305_neon2_blocks: +.global poly1305_neon2_blocks +.hidden poly1305_neon2_blocks +.type poly1305_neon2_blocks STT_FUNC +poly1305_neon2_blocks: vpush {q4,q5,q6,q7} mov r12,sp sub sp,sp,#192 @@ -461,12 +459,12 @@ add r1,r2,#32 # qhasm: mainloop2: ._mainloop2: -# qhasm: c01 = mem128[input_2];input_2+=16 +# qhasm: c01 = mem128[input_2];input_2+=16 # asm 1: vld1.8 {>c01=reg128#1%bot->c01=reg128#1%top},[<input_2=int32#2]! # asm 2: vld1.8 {>c01=d0->c01=d1},[<input_2=r1]! vld1.8 {d0-d1},[r1]! -# qhasm: c23 = mem128[input_2];input_2+=16 +# qhasm: c23 = mem128[input_2];input_2+=16 # asm 1: vld1.8 {>c23=reg128#2%bot->c23=reg128#2%top},[<input_2=int32#2]! # asm 2: vld1.8 {>c23=d2->c23=d3},[<input_2=r1]! vld1.8 {d2-d3},[r1]! @@ -521,7 +519,7 @@ vmlal.u32 q15,d19,d4 # asm 2: vmlal.u32 <r4=q15,<x4=d20,<z0=d6 vmlal.u32 q15,d20,d6 -# qhasm: r3[0,1] = c23[2]<<18; r3[2,3] = c23[3]<<18 +# qhasm: r3[0,1] = c23[2]<<18; r3[2,3] = c23[3]<<18 # asm 1: vshll.u32 >r3=reg128#5,<c23=reg128#2%top,#18 # asm 2: vshll.u32 >r3=q4,<c23=d3,#18 vshll.u32 q4,d3,#18 @@ -541,7 +539,7 @@ vmlal.u32 q4,d16,d10 # asm 2: vmlal.u32 <r3=q4,<x01=d17,<z12=d5 vmlal.u32 q4,d17,d5 -# qhasm: r0 = r0[1]c01[0]r0[2,3] +# qhasm: r0 = r0[1]c01[0]r0[2,3] # asm 1: vext.32 <r0=reg128#8%bot,<r0=reg128#8%bot,<c01=reg128#1%bot,#1 # asm 2: vext.32 <r0=d14,<r0=d14,<c01=d0,#1 vext.32 d14,d14,d0,#1 @@ -576,17 +574,17 @@ vld1.8 {d10-d11},[r2,: 128] # asm 2: vmlal.u32 <r3=q4,<x4=d20,<5z34=d11 vmlal.u32 q4,d20,d11 -# qhasm: r0 = r0[1]r0[0]r0[3]r0[2] +# qhasm: r0 = r0[1]r0[0]r0[3]r0[2] # asm 1: vrev64.i32 >r0=reg128#8,<r0=reg128#8 # asm 2: vrev64.i32 >r0=q7,<r0=q7 vrev64.i32 q7,q7 -# qhasm: r2[0,1] = c01[2]<<12; r2[2,3] = c01[3]<<12 +# qhasm: r2[0,1] = c01[2]<<12; r2[2,3] = c01[3]<<12 # asm 1: vshll.u32 >r2=reg128#14,<c01=reg128#1%top,#12 # asm 2: vshll.u32 >r2=q13,<c01=d1,#12 vshll.u32 q13,d1,#12 -# qhasm: d01 = mem128[input_2];input_2+=16 +# qhasm: d01 = mem128[input_2];input_2+=16 # asm 1: vld1.8 {>d01=reg128#12%bot->d01=reg128#12%top},[<input_2=int32#2]! # asm 2: vld1.8 {>d01=d22->d01=d23},[<input_2=r1]! vld1.8 {d22-d23},[r1]! @@ -616,12 +614,12 @@ vmlal.u32 q13,d19,d11 # asm 2: vmlal.u32 <r2=q13,<x4=d20,<5z34=d10 vmlal.u32 q13,d20,d10 -# qhasm: r0 = r0[0,1]c01[1]r0[2] +# qhasm: r0 = r0[0,1]c01[1]r0[2] # asm 1: vext.32 <r0=reg128#8%top,<c01=reg128#1%bot,<r0=reg128#8%top,#1 # asm 2: vext.32 <r0=d15,<c01=d0,<r0=d15,#1 vext.32 d15,d0,d15,#1 -# qhasm: r1[0,1] = c23[0]<<6; r1[2,3] = c23[1]<<6 +# qhasm: r1[0,1] = c23[0]<<6; r1[2,3] = c23[1]<<6 # asm 1: vshll.u32 >r1=reg128#15,<c23=reg128#2%bot,#6 # asm 2: vshll.u32 >r1=q14,<c23=d2,#6 vshll.u32 q14,d2,#6 @@ -661,7 +659,7 @@ vld1.8 {d0-d1},[r2,: 128] # asm 2: vmlal.u32 <r1=q14,<x4=d20,<5z12=d1 vmlal.u32 q14,d20,d1 -# qhasm: d23 = mem128[input_2];input_2+=16 +# qhasm: d23 = mem128[input_2];input_2+=16 # asm 1: vld1.8 {>d23=reg128#2%bot->d23=reg128#2%top},[<input_2=int32#2]! # asm 2: vld1.8 {>d23=d2->d23=d3},[<input_2=r1]! vld1.8 {d2-d3},[r1]! @@ -681,7 +679,7 @@ vmlal.u32 q7,d20,d0 # asm 2: vmlal.u32 <r0=q7,<x23=d18,<5z34=d10 vmlal.u32 q7,d18,d10 -# qhasm: d01 d23 = d01[0] d23[0] d01[1] d23[1] +# qhasm: d01 d23 = d01[0] d23[0] d01[1] d23[1] # asm 1: vswp <d23=reg128#2%bot,<d01=reg128#12%top # asm 2: vswp <d23=d2,<d01=d23 vswp d2,d23 @@ -698,12 +696,12 @@ vmlal.u32 q7,d16,d6 # qhasm: new mid -# qhasm: 2x v4 = d23 unsigned>> 40 +# qhasm: 2x v4 = d23 unsigned>> 40 # asm 1: vshr.u64 >v4=reg128#4,<d23=reg128#2,#40 # asm 2: vshr.u64 >v4=q3,<d23=q1,#40 vshr.u64 q3,q1,#40 -# qhasm: mid = d01[1]d23[0] mid[2,3] +# qhasm: mid = d01[1]d23[0] mid[2,3] # asm 1: vext.32 <mid=reg128#1%bot,<d01=reg128#12%bot,<d23=reg128#2%bot,#1 # asm 2: vext.32 <mid=d0,<d01=d22,<d23=d2,#1 vext.32 d0,d22,d2,#1 @@ -715,7 +713,7 @@ vext.32 d0,d22,d2,#1 # asm 2: vshrn.u64 <v23=d19,<d23=q1,#14 vshrn.u64 d19,q1,#14 -# qhasm: mid = mid[0,1] d01[3]d23[2] +# qhasm: mid = mid[0,1] d01[3]d23[2] # asm 1: vext.32 <mid=reg128#1%top,<d01=reg128#12%top,<d23=reg128#2%top,#1 # asm 2: vext.32 <mid=d1,<d01=d23,<d23=d3,#1 vext.32 d1,d23,d3,#1 @@ -727,7 +725,7 @@ vext.32 d1,d23,d3,#1 # asm 2: vshrn.u64 <v01=d21,<d01=q11,#26 vshrn.u64 d21,q11,#26 -# qhasm: v01 = d01[1]d01[0] v01[2,3] +# qhasm: v01 = d01[1]d01[0] v01[2,3] # asm 1: vext.32 <v01=reg128#11%bot,<d01=reg128#12%bot,<d01=reg128#12%bot,#1 # asm 2: vext.32 <v01=d20,<d01=d22,<d01=d22,#1 vext.32 d20,d22,d22,#1 @@ -737,7 +735,7 @@ vext.32 d20,d22,d22,#1 # asm 2: vmlal.u32 <r0=q7,<x01=d17,<5z34=d11 vmlal.u32 q7,d17,d11 -# qhasm: v01 = v01[1]d01[2] v01[2,3] +# qhasm: v01 = v01[1]d01[2] v01[2,3] # asm 1: vext.32 <v01=reg128#11%bot,<v01=reg128#11%bot,<d01=reg128#12%top,#1 # asm 2: vext.32 <v01=d20,<v01=d20,<d01=d23,#1 vext.32 d20,d20,d23,#1 @@ -747,7 +745,7 @@ vext.32 d20,d20,d23,#1 # asm 2: vshrn.u64 <v23=d18,<mid=q0,#20 vshrn.u64 d18,q0,#20 -# qhasm: v4 = v4[0]v4[2]v4[1]v4[3] +# qhasm: v4 = v4[0]v4[2]v4[1]v4[3] # asm 1: vtrn.32 <v4=reg128#4%bot,<v4=reg128#4%top # asm 2: vtrn.32 <v4=d6,<v4=d7 vtrn.32 d6,d7 @@ -1171,7 +1169,7 @@ vld1.8 {d8-d9},[r1,: 128] # asm 2: vld1.8 {>u4=d10->u4=d11},[<ptr=r1,: 128] vld1.8 {d10-d11},[r1,: 128] -# qhasm: c01 = mem128[input_2];input_2+=16 +# qhasm: c01 = mem128[input_2];input_2+=16 # asm 1: vld1.8 {>c01=reg128#8%bot->c01=reg128#8%top},[<input_2=int32#3]! # asm 2: vld1.8 {>c01=d14->c01=d15},[<input_2=r2]! vld1.8 {d14-d15},[r2]! @@ -1181,7 +1179,7 @@ vld1.8 {d14-d15},[r2]! # asm 2: vmlal.u32 <r4=q4,<x01=d16,<y34=d5 vmlal.u32 q4,d16,d5 -# qhasm: c23 = mem128[input_2];input_2+=16 +# qhasm: c23 = mem128[input_2];input_2+=16 # asm 1: vld1.8 {>c23=reg128#14%bot->c23=reg128#14%top},[<input_2=int32#3]! # asm 2: vld1.8 {>c23=d26->c23=d27},[<input_2=r2]! vld1.8 {d26-d27},[r2]! @@ -1191,7 +1189,7 @@ vld1.8 {d26-d27},[r2]! # asm 2: vmlal.u32 <r4=q4,<x01=d17,<y34=d4 vmlal.u32 q4,d17,d4 -# qhasm: r0 = u4[1]c01[0]r0[2,3] +# qhasm: r0 = u4[1]c01[0]r0[2,3] # asm 1: vext.32 <r0=reg128#4%bot,<u4=reg128#6%bot,<c01=reg128#8%bot,#1 # asm 2: vext.32 <r0=d6,<u4=d10,<c01=d14,#1 vext.32 d6,d10,d14,#1 @@ -1201,7 +1199,7 @@ vext.32 d6,d10,d14,#1 # asm 2: vmlal.u32 <r4=q4,<x23=d18,<y12=d3 vmlal.u32 q4,d18,d3 -# qhasm: r0 = r0[0,1]u4[1]c23[0] +# qhasm: r0 = r0[0,1]u4[1]c23[0] # asm 1: vext.32 <r0=reg128#4%top,<u4=reg128#6%bot,<c23=reg128#14%bot,#1 # asm 2: vext.32 <r0=d7,<u4=d10,<c23=d26,#1 vext.32 d7,d10,d26,#1 @@ -1211,7 +1209,7 @@ vext.32 d7,d10,d26,#1 # asm 2: vmlal.u32 <r4=q4,<x23=d19,<y12=d2 vmlal.u32 q4,d19,d2 -# qhasm: r0 = r0[1]r0[0]r0[3]r0[2] +# qhasm: r0 = r0[1]r0[0]r0[3]r0[2] # asm 1: vrev64.i32 >r0=reg128#4,<r0=reg128#4 # asm 2: vrev64.i32 >r0=q3,<r0=q3 vrev64.i32 q3,q3 @@ -1236,7 +1234,7 @@ vmlal.u32 q3,d18,d24 # asm 2: vmlal.u32 <r0=q3,<x23=d19,<5y12=d23 vmlal.u32 q3,d19,d23 -# qhasm: c01 c23 = c01[0]c23[0]c01[2]c23[2]c01[1]c23[1]c01[3]c23[3] +# qhasm: c01 c23 = c01[0]c23[0]c01[2]c23[2]c01[1]c23[1]c01[3]c23[3] # asm 1: vtrn.32 <c01=reg128#8,<c23=reg128#14 # asm 2: vtrn.32 <c01=q7,<c23=q13 vtrn.32 q7,q13 @@ -1246,7 +1244,7 @@ vtrn.32 q7,q13 # asm 2: vmlal.u32 <r0=q3,<x01=d16,<y0=d0 vmlal.u32 q3,d16,d0 -# qhasm: r3[0,1] = c23[2]<<18; r3[2,3] = c23[3]<<18 +# qhasm: r3[0,1] = c23[2]<<18; r3[2,3] = c23[3]<<18 # asm 1: vshll.u32 >r3=reg128#6,<c23=reg128#14%top,#18 # asm 2: vshll.u32 >r3=q5,<c23=d27,#18 vshll.u32 q5,d27,#18 @@ -1276,7 +1274,7 @@ vmlal.u32 q5,d18,d2 # asm 2: vmlal.u32 <r3=q5,<x23=d19,<y0=d0 vmlal.u32 q5,d19,d0 -# qhasm: r1[0,1] = c23[0]<<6; r1[2,3] = c23[1]<<6 +# qhasm: r1[0,1] = c23[0]<<6; r1[2,3] = c23[1]<<6 # asm 1: vshll.u32 >r1=reg128#14,<c23=reg128#14%bot,#6 # asm 2: vshll.u32 >r1=q13,<c23=d26,#6 vshll.u32 q13,d26,#6 @@ -1306,7 +1304,7 @@ vmlal.u32 q13,d18,d25 # asm 2: vmlal.u32 <r1=q13,<x23=d19,<5y34=d24 vmlal.u32 q13,d19,d24 -# qhasm: r2[0,1] = c01[2]<<12; r2[2,3] = c01[3]<<12 +# qhasm: r2[0,1] = c01[2]<<12; r2[2,3] = c01[3]<<12 # asm 1: vshll.u32 >r2=reg128#8,<c01=reg128#8%top,#12 # asm 2: vshll.u32 >r2=q7,<c01=d15,#12 vshll.u32 q7,d15,#12 @@ -1624,10 +1622,10 @@ bx lr # qhasm: enter crypto_onetimeauth_poly1305_neon2_addmulmod .align 2 -.global GFp_poly1305_neon2_addmulmod -.hidden GFp_poly1305_neon2_addmulmod -.type GFp_poly1305_neon2_addmulmod STT_FUNC -GFp_poly1305_neon2_addmulmod: +.global poly1305_neon2_addmulmod +.hidden poly1305_neon2_addmulmod +.type poly1305_neon2_addmulmod STT_FUNC +poly1305_neon2_addmulmod: sub sp,sp,#0 # qhasm: 2x mask = 0xffffffff diff --git a/crypto/poly1305/poly1305_vec.c b/crypto/poly1305/poly1305_vec.c index 33c4d94..0f257fd 100644 --- a/crypto/poly1305/poly1305_vec.c +++ b/crypto/poly1305/poly1305_vec.c @@ -18,7 +18,7 @@ // http://cr.yp.to/papers.html#neoncrypto. Unrolled to 2 powers, i.e. 64 byte // block size -#include <GFp/poly1305.h> +#include <ring-core/poly1305.h> #include "internal.h" #include "../internal.h" @@ -33,18 +33,18 @@ static uint32_t load_u32_le(const uint8_t in[4]) { uint32_t ret; - GFp_memcpy(&ret, in, 4); + OPENSSL_memcpy(&ret, in, 4); return ret; } static uint64_t load_u64_le(const uint8_t in[8]) { uint64_t ret; - GFp_memcpy(&ret, in, 8); + OPENSSL_memcpy(&ret, in, 8); return ret; } static void store_u64_le(uint8_t out[8], uint64_t v) { - GFp_memcpy(out, &v, 8); + OPENSSL_memcpy(out, &v, 8); } typedef __m128i xmmi; @@ -109,7 +109,7 @@ static inline size_t poly1305_min(size_t a, size_t b) { return (a < b) ? a : b; } -void GFp_poly1305_init(poly1305_state *state, const uint8_t key[32]) { +void CRYPTO_poly1305_init(poly1305_state *state, const uint8_t key[32]) { poly1305_state_internal *st = poly1305_aligned_state(state); poly1305_power *p; uint64_t r0, r1, r2; @@ -677,8 +677,8 @@ static size_t poly1305_combine(poly1305_state_internal *st, const uint8_t *m, return consumed; } -void GFp_poly1305_update(poly1305_state *state, const uint8_t *m, - size_t bytes) { +void CRYPTO_poly1305_update(poly1305_state *state, const uint8_t *m, + size_t bytes) { poly1305_state_internal *st = poly1305_aligned_state(state); size_t want; @@ -695,7 +695,7 @@ void GFp_poly1305_update(poly1305_state *state, const uint8_t *m, bytes -= 32; } else { want = poly1305_min(32 - st->leftover, bytes); - GFp_memcpy(st->buffer + st->leftover, m, want); + OPENSSL_memcpy(st->buffer + st->leftover, m, want); bytes -= want; m += want; st->leftover += want; @@ -711,7 +711,7 @@ void GFp_poly1305_update(poly1305_state *state, const uint8_t *m, // handle leftover if (st->leftover) { want = poly1305_min(64 - st->leftover, bytes); - GFp_memcpy(st->buffer + st->leftover, m, want); + OPENSSL_memcpy(st->buffer + st->leftover, m, want); bytes -= want; m += want; st->leftover += want; @@ -731,12 +731,12 @@ void GFp_poly1305_update(poly1305_state *state, const uint8_t *m, } if (bytes) { - GFp_memcpy(st->buffer + st->leftover, m, bytes); + OPENSSL_memcpy(st->buffer + st->leftover, m, bytes); st->leftover += bytes; } } -void GFp_poly1305_finish(poly1305_state *state, uint8_t mac[16]) { +void CRYPTO_poly1305_finish(poly1305_state *state, uint8_t mac[16]) { poly1305_state_internal *st = poly1305_aligned_state(state); size_t leftover = st->leftover; uint8_t *m = st->buffer; @@ -807,7 +807,7 @@ poly1305_donna_atmost15bytes: } m[leftover++] = 1; - GFp_memset(m + leftover, 0, 16 - leftover); + OPENSSL_memset(m + leftover, 0, 16 - leftover); leftover = 16; t0 = load_u64_le(m + 0); diff --git a/include/GFp/aes.h b/include/ring-core/aes.h index d554ae7..5b5130d 100644 --- a/include/GFp/aes.h +++ b/include/ring-core/aes.h @@ -49,7 +49,7 @@ #ifndef OPENSSL_HEADER_AES_H #define OPENSSL_HEADER_AES_H -#include <GFp/base.h> +#include <ring-core/base.h> // Raw AES functions. diff --git a/include/GFp/arm_arch.h b/include/ring-core/arm_arch.h index 2e64aa9..2e64aa9 100644 --- a/include/GFp/arm_arch.h +++ b/include/ring-core/arm_arch.h diff --git a/include/GFp/base.h b/include/ring-core/base.h index e18ee44..223448f 100644 --- a/include/GFp/base.h +++ b/include/ring-core/base.h @@ -56,7 +56,9 @@ // This file should be the first included by all BoringSSL headers. -#include <GFp/type_check.h> +#include <ring_core_generated/prefix_symbols.h> + +#include <ring-core/type_check.h> #if defined(_MSC_VER) && !defined(__clang__) #pragma warning(push, 3) @@ -87,6 +89,10 @@ #elif defined(__MIPSEL__) && defined(__LP64__) #define OPENSSL_64_BIT #define OPENSSL_MIPS64 +#elif defined(__riscv) && __SIZEOF_POINTER__ == 8 +#define OPENSSL_64_BIT +#elif defined(__riscv) && __SIZEOF_POINTER__ == 4 +#define OPENSSL_32_BIT #elif defined(__wasm__) #define OPENSSL_32_BIT #else diff --git a/include/GFp/check.h b/include/ring-core/check.h index 4bd257c..08cbff3 100644 --- a/include/GFp/check.h +++ b/include/ring-core/check.h @@ -23,7 +23,7 @@ // When reviewing uses of |debug_assert_nonsecret|, verify that the check // really does not have potential to leak a secret. -#if !defined(GFp_NOSTDLIBINC) +#if !defined(RING_CORE_NOSTDLIBINC) # include <assert.h> # define debug_assert_nonsecret(x) assert(x) #else diff --git a/include/GFp/cpu.h b/include/ring-core/cpu.h index 462018a..0205c1d 100644 --- a/include/GFp/cpu.h +++ b/include/ring-core/cpu.h @@ -61,13 +61,13 @@ #ifndef OPENSSL_HEADER_CPU_H #define OPENSSL_HEADER_CPU_H -#include <GFp/base.h> +#include <ring-core/base.h> // Runtime CPU feature support #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64) -// GFp_ia32cap_P contains the Intel CPUID bits when running on an x86 or +// OPENSSL_ia32cap_P contains the Intel CPUID bits when running on an x86 or // x86-64 system. // // Index 0: @@ -86,7 +86,7 @@ // // Note: the CPUID bits are pre-adjusted for the OSXSAVE bit and the YMM and XMM // bits in XCR0, so it is not necessary to check those. -extern uint32_t GFp_ia32cap_P[4]; +extern uint32_t OPENSSL_ia32cap_P[4]; #endif #endif // OPENSSL_HEADER_CPU_H diff --git a/include/GFp/mem.h b/include/ring-core/mem.h index eaa3c0d..71d7ce1 100644 --- a/include/GFp/mem.h +++ b/include/ring-core/mem.h @@ -57,13 +57,15 @@ #ifndef OPENSSL_HEADER_MEM_H #define OPENSSL_HEADER_MEM_H -#include <GFp/base.h> +#include <ring-core/base.h> -// GFp_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It +// OPENSSL_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It // takes an amount of time dependent on |len|, but independent of the contents // of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a // defined order as the return value when a != b is undefined, other than to be // non-zero. -OPENSSL_EXPORT int GFp_memcmp(const uint8_t *a, const uint8_t *b, size_t len); +// +// NOTE: This returns `size_t` unlike BoringSSL/OpenSSL's. +OPENSSL_EXPORT size_t OPENSSL_memcmp(const uint8_t *a, const uint8_t *b, size_t len); #endif // OPENSSL_HEADER_MEM_H diff --git a/include/GFp/poly1305.h b/include/ring-core/poly1305.h index 53c4036..af082ca 100644 --- a/include/GFp/poly1305.h +++ b/include/ring-core/poly1305.h @@ -15,7 +15,7 @@ #ifndef OPENSSL_HEADER_POLY1305_H #define OPENSSL_HEADER_POLY1305_H -#include <GFp/base.h> +#include <ring-core/base.h> // Keep in sync with `poly1305_state` in poly1305.rs. typedef uint8_t poly1305_state[512]; diff --git a/include/GFp/type_check.h b/include/ring-core/type_check.h index 0cca158..d7e0393 100644 --- a/include/GFp/type_check.h +++ b/include/ring-core/type_check.h @@ -57,7 +57,7 @@ #ifndef OPENSSL_HEADER_TYPE_CHECK_H #define OPENSSL_HEADER_TYPE_CHECK_H -#include <GFp/base.h> +#include <ring-core/base.h> #if defined(__cplusplus) || (defined(_MSC_VER) && !defined(__clang__)) diff --git a/patches/0001-bigint-Provide-a-fallback-implementation-for-bn_mul_.patch b/patches/0001-bigint-Provide-a-fallback-implementation-for-bn_mul_.patch new file mode 100644 index 0000000..ba53731 --- /dev/null +++ b/patches/0001-bigint-Provide-a-fallback-implementation-for-bn_mul_.patch @@ -0,0 +1,283 @@ +From a26dbf3aa0c3f0c68c4ffcdf1670ec998d088c1e Mon Sep 17 00:00:00 2001 +From: Brian Smith <brian@briansmith.org> +Date: Fri, 11 Nov 2022 14:32:45 -0800 +Subject: [PATCH 1/2] bigint: Provide a fallback implementation for + `bn_mul_mont`. + +Provide an implementation of `bn_mul_mont` that works on all targets that +don't have an assembly language implementation. + +Expand `prefixed_export!` to support prefixing functions defined in Rust. +Function definitions don't end with a semicolon so move the semicolon +insertion from `prefixed_item!` to its callers. + +Unify the codepaths in `bigint` so that `bn_mul_mont` is always used. + +(cherry picked from commit 81f4e8d07da3f2ccc57f69a91245b41e6d764a1c) +Test: builds +Change-Id: If2cb061684ee1a0831f186c2f4cee3f02c2a236b +--- + src/arithmetic/bigint.rs | 70 ++----------------- + src/arithmetic/bigint/bn_mul_mont_fallback.rs | 51 ++++++++++++++ + src/prefixed.rs | 28 ++++++-- + 3 files changed, 77 insertions(+), 72 deletions(-) + create mode 100644 src/arithmetic/bigint/bn_mul_mont_fallback.rs + +diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs +index 2b2cdf31f..1eb90fead 100644 +--- a/src/arithmetic/bigint.rs ++++ b/src/arithmetic/bigint.rs +@@ -47,6 +47,8 @@ use core::{ + ops::{Deref, DerefMut}, + }; + ++mod bn_mul_mont_fallback; ++ + pub unsafe trait Prime {} + + struct Width<M> { +@@ -1231,13 +1233,6 @@ impl From<u64> for N0 { + fn limbs_mont_mul(r: &mut [Limb], a: &[Limb], m: &[Limb], n0: &N0) { + debug_assert_eq!(r.len(), m.len()); + debug_assert_eq!(a.len(), m.len()); +- +- #[cfg(any( +- target_arch = "aarch64", +- target_arch = "arm", +- target_arch = "x86_64", +- target_arch = "x86" +- ))] + unsafe { + bn_mul_mont( + r.as_mut_ptr(), +@@ -1248,19 +1243,6 @@ fn limbs_mont_mul(r: &mut [Limb], a: &[Limb], m: &[Limb], n0: &N0) { + r.len(), + ) + } +- +- #[cfg(not(any( +- target_arch = "aarch64", +- target_arch = "arm", +- target_arch = "x86_64", +- target_arch = "x86" +- )))] +- { +- let mut tmp = [0; 2 * MODULUS_MAX_LIMBS]; +- let tmp = &mut tmp[..(2 * a.len())]; +- limbs_mul(tmp, r, a); +- limbs_from_mont_in_place(r, tmp, m, n0); +- } + } + + fn limbs_from_mont_in_place(r: &mut [Limb], tmp: &mut [Limb], m: &[Limb], n0: &N0) { +@@ -1292,8 +1274,8 @@ fn limbs_from_mont_in_place(r: &mut [Limb], tmp: &mut [Limb], m: &[Limb], n0: &N + #[cfg(not(any( + target_arch = "aarch64", + target_arch = "arm", +- target_arch = "x86_64", +- target_arch = "x86" ++ target_arch = "x86", ++ target_arch = "x86_64" + )))] + fn limbs_mul(r: &mut [Limb], a: &[Limb], b: &[Limb]) { + debug_assert_eq!(r.len(), 2 * a.len()); +@@ -1320,12 +1302,6 @@ fn limbs_mont_product(r: &mut [Limb], a: &[Limb], b: &[Limb], m: &[Limb], n0: &N + debug_assert_eq!(a.len(), m.len()); + debug_assert_eq!(b.len(), m.len()); + +- #[cfg(any( +- target_arch = "aarch64", +- target_arch = "arm", +- target_arch = "x86_64", +- target_arch = "x86" +- ))] + unsafe { + bn_mul_mont( + r.as_mut_ptr(), +@@ -1336,30 +1312,11 @@ fn limbs_mont_product(r: &mut [Limb], a: &[Limb], b: &[Limb], m: &[Limb], n0: &N + r.len(), + ) + } +- +- #[cfg(not(any( +- target_arch = "aarch64", +- target_arch = "arm", +- target_arch = "x86_64", +- target_arch = "x86" +- )))] +- { +- let mut tmp = [0; 2 * MODULUS_MAX_LIMBS]; +- let tmp = &mut tmp[..(2 * a.len())]; +- limbs_mul(tmp, a, b); +- limbs_from_mont_in_place(r, tmp, m, n0) +- } + } + + /// r = r**2 + fn limbs_mont_square(r: &mut [Limb], m: &[Limb], n0: &N0) { + debug_assert_eq!(r.len(), m.len()); +- #[cfg(any( +- target_arch = "aarch64", +- target_arch = "arm", +- target_arch = "x86_64", +- target_arch = "x86" +- ))] + unsafe { + bn_mul_mont( + r.as_mut_ptr(), +@@ -1370,27 +1327,8 @@ fn limbs_mont_square(r: &mut [Limb], m: &[Limb], n0: &N0) { + r.len(), + ) + } +- +- #[cfg(not(any( +- target_arch = "aarch64", +- target_arch = "arm", +- target_arch = "x86_64", +- target_arch = "x86" +- )))] +- { +- let mut tmp = [0; 2 * MODULUS_MAX_LIMBS]; +- let tmp = &mut tmp[..(2 * r.len())]; +- limbs_mul(tmp, r, r); +- limbs_from_mont_in_place(r, tmp, m, n0) +- } + } + +-#[cfg(any( +- target_arch = "aarch64", +- target_arch = "arm", +- target_arch = "x86_64", +- target_arch = "x86" +-))] + prefixed_extern! { + // `r` and/or 'a' and/or 'b' may alias. + fn bn_mul_mont( +diff --git a/src/arithmetic/bigint/bn_mul_mont_fallback.rs b/src/arithmetic/bigint/bn_mul_mont_fallback.rs +new file mode 100644 +index 000000000..1357858d0 +--- /dev/null ++++ b/src/arithmetic/bigint/bn_mul_mont_fallback.rs +@@ -0,0 +1,51 @@ ++// Copyright 2015-2022 Brian Smith. ++// ++// Permission to use, copy, modify, and/or distribute this software for any ++// purpose with or without fee is hereby granted, provided that the above ++// copyright notice and this permission notice appear in all copies. ++// ++// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES ++// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY ++// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION ++// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN ++// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ ++#![cfg(not(any( ++ target_arch = "aarch64", ++ target_arch = "arm", ++ target_arch = "x86", ++ target_arch = "x86_64" ++)))] ++ ++use super::{limbs_from_mont_in_place, limbs_mul, Limb, MODULUS_MAX_LIMBS, N0}; ++use crate::c; ++ ++prefixed_export! { ++ unsafe fn bn_mul_mont( ++ r: *mut Limb, ++ a: *const Limb, ++ b: *const Limb, ++ n: *const Limb, ++ n0: &N0, ++ num_limbs: c::size_t, ++ ) { ++ // The mutable pointer `r` may alias `a` and/or `b`, so the lifetimes of ++ // any slices for `a` or `b` must not overlap with the lifetime of any ++ // mutable for `r`. ++ ++ // Nothing aliases `n` ++ let n = unsafe { core::slice::from_raw_parts(n, num_limbs) }; ++ ++ let mut tmp = [0; 2 * MODULUS_MAX_LIMBS]; ++ let tmp = &mut tmp[..(2 * num_limbs)]; ++ { ++ let a: &[Limb] = unsafe { core::slice::from_raw_parts(a, num_limbs) }; ++ let b: &[Limb] = unsafe { core::slice::from_raw_parts(b, num_limbs) }; ++ limbs_mul(tmp, a, b); ++ } ++ let r: &mut [Limb] = unsafe { core::slice::from_raw_parts_mut(r, num_limbs) }; ++ limbs_from_mont_in_place(r, tmp, n, n0); ++ } ++} +diff --git a/src/prefixed.rs b/src/prefixed.rs +index c8ac807ee..a35f9212f 100644 +--- a/src/prefixed.rs ++++ b/src/prefixed.rs +@@ -14,7 +14,7 @@ macro_rules! prefixed_extern { + $name + { + $( #[$meta] )* +- $vis fn $name ( $( $arg_pat : $arg_ty ),* ) $( -> $ret_ty )? ++ $vis fn $name ( $( $arg_pat : $arg_ty ),* ) $( -> $ret_ty )?; + } + + } +@@ -33,15 +33,31 @@ macro_rules! prefixed_extern { + $name + { + $( #[$meta] )* +- $vis static mut $name: $typ ++ $vis static mut $name: $typ; + } + } + } + }; + } + +-#[cfg(any(target_arch = "arm", target_arch = "aarch64"))] ++#[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))] + macro_rules! prefixed_export { ++ // A function. ++ { ++ $( #[$meta:meta] )* ++ $vis:vis unsafe fn $name:ident ( $( $arg_pat:ident : $arg_ty:ty ),* $(,)? ) $body:block ++ } => { ++ prefixed_item! { ++ export_name ++ $name ++ { ++ $( #[$meta] )* ++ $vis unsafe fn $name ( $( $arg_pat : $arg_ty ),* ) $body ++ } ++ } ++ }; ++ ++ // A global variable. + { + $( #[$meta:meta] )* + $vis:vis static mut $name:ident: $typ:ty = $initial_value:expr; +@@ -51,10 +67,10 @@ macro_rules! prefixed_export { + $name + { + $( #[$meta] )* +- $vis static mut $name: $typ = $initial_value ++ $vis static mut $name: $typ = $initial_value; + } + } +- } ++ }; + } + + macro_rules! prefixed_item { +@@ -81,6 +97,6 @@ macro_rules! prefixed_item { + { $( $item:tt )+ } + } => { + #[$attr = $prefixed_name] +- $( $item )+; ++ $( $item )+ + }; + } +-- +2.39.1.519.gcb327c4b5f-goog + diff --git a/patches/0002-CI-Add-riscv64gc-unknown-linux-gnu-support-to-mk.patch b/patches/0002-CI-Add-riscv64gc-unknown-linux-gnu-support-to-mk.patch new file mode 100644 index 0000000..fd94705 --- /dev/null +++ b/patches/0002-CI-Add-riscv64gc-unknown-linux-gnu-support-to-mk.patch @@ -0,0 +1,30 @@ +From cc5f5bfd58adb4d571e165bafb675c1c0267c829 Mon Sep 17 00:00:00 2001 +From: Brian Smith <brian@briansmith.org> +Date: Wed, 9 Nov 2022 16:44:13 -0800 +Subject: [PATCH 2/2] CI: Add riscv64gc-unknown-linux-gnu support to mk/. + +(cherry picked from commit 80544a3edb8481a849f3ff0f8017cab7655dea41) +Test: builds +Change-Id: I6e788488b50714908ea67cd8474542d899112e8d +--- + include/ring-core/base.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/include/ring-core/base.h b/include/ring-core/base.h +index f1a027d1a..223448f5b 100644 +--- a/include/ring-core/base.h ++++ b/include/ring-core/base.h +@@ -89,6 +89,10 @@ + #elif defined(__MIPSEL__) && defined(__LP64__) + #define OPENSSL_64_BIT + #define OPENSSL_MIPS64 ++#elif defined(__riscv) && __SIZEOF_POINTER__ == 8 ++#define OPENSSL_64_BIT ++#elif defined(__riscv) && __SIZEOF_POINTER__ == 4 ++#define OPENSSL_32_BIT + #elif defined(__wasm__) + #define OPENSSL_32_BIT + #else +-- +2.39.1.519.gcb327c4b5f-goog + diff --git a/patches/Android.bp.patch b/patches/Android.bp.patch new file mode 100644 index 0000000..5bbfbe8 --- /dev/null +++ b/patches/Android.bp.patch @@ -0,0 +1,30 @@ +diff --git a/Android.bp b/Android.bp +index 2fffd32fb..eb06e7878 100644 +--- a/Android.bp ++++ b/Android.bp +@@ -56,9 +56,9 @@ rust_library { + "libspin", + "libuntrusted", + ], +- static_libs: [ +- "libring_core_0_17_0_alpha_11_", +- "libring_core_0_17_0_alpha_11_test", ++ whole_static_libs: [ ++ "libring-core", ++ "libring-test", + ], + apex_available: [ + "//apex_available:platform", +@@ -94,9 +94,9 @@ rust_test { + "libspin", + "libuntrusted", + ], +- static_libs: [ +- "libring_core_0_17_0_alpha_11_", +- "libring_core_0_17_0_alpha_11_test", ++ whole_static_libs: [ ++ "libring-core", ++ "libring-test", + ], + } + diff --git a/patches/hardcode_prefix.patch b/patches/hardcode_prefix.patch new file mode 100644 index 0000000..a37c68a --- /dev/null +++ b/patches/hardcode_prefix.patch @@ -0,0 +1,14 @@ +diff --git a/src/prefixed.rs b/src/prefixed.rs +index 0f1c13e8c..c8ac807ee 100644 +--- a/src/prefixed.rs ++++ b/src/prefixed.rs +@@ -68,7 +68,8 @@ macro_rules! prefixed_item { + } => { + prefixed_item! { + $attr +- { concat!(env!("RING_CORE_PREFIX"), stringify!($name)) } ++ //{ concat!(env!("RING_CORE_PREFIX"), stringify!($name)) } ++ { concat!("ring_core_android_platform_", stringify!($name)) } + { $( $item )+ } + } + }; diff --git a/pregenerated/aesni-gcm-x86_64-elf.S b/pregenerated/aesni-gcm-x86_64-elf.S index 240e2b7..18836cc 100644 --- a/pregenerated/aesni-gcm-x86_64-elf.S +++ b/pregenerated/aesni-gcm-x86_64-elf.S @@ -8,6 +8,7 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text .type _aesni_ctr32_ghash_6x,@function @@ -340,11 +341,11 @@ _aesni_ctr32_ghash_6x: .byte 0xf3,0xc3 .cfi_endproc .size _aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x -.globl GFp_aesni_gcm_decrypt -.hidden GFp_aesni_gcm_decrypt -.type GFp_aesni_gcm_decrypt,@function +.globl aesni_gcm_decrypt +.hidden aesni_gcm_decrypt +.type aesni_gcm_decrypt,@function .align 32 -GFp_aesni_gcm_decrypt: +aesni_gcm_decrypt: .cfi_startproc xorq %r10,%r10 @@ -453,7 +454,7 @@ GFp_aesni_gcm_decrypt: movq %r10,%rax .byte 0xf3,0xc3 .cfi_endproc -.size GFp_aesni_gcm_decrypt,.-GFp_aesni_gcm_decrypt +.size aesni_gcm_decrypt,.-aesni_gcm_decrypt .type _aesni_ctr32_6x,@function .align 32 _aesni_ctr32_6x: @@ -547,11 +548,11 @@ _aesni_ctr32_6x: .cfi_endproc .size _aesni_ctr32_6x,.-_aesni_ctr32_6x -.globl GFp_aesni_gcm_encrypt -.hidden GFp_aesni_gcm_encrypt -.type GFp_aesni_gcm_encrypt,@function +.globl aesni_gcm_encrypt +.hidden aesni_gcm_encrypt +.type aesni_gcm_encrypt,@function .align 32 -GFp_aesni_gcm_encrypt: +aesni_gcm_encrypt: .cfi_startproc xorq %r10,%r10 @@ -826,7 +827,7 @@ GFp_aesni_gcm_encrypt: movq %r10,%rax .byte 0xf3,0xc3 .cfi_endproc -.size GFp_aesni_gcm_encrypt,.-GFp_aesni_gcm_encrypt +.size aesni_gcm_encrypt,.-aesni_gcm_encrypt .align 64 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 diff --git a/pregenerated/aesni-gcm-x86_64-macosx.S b/pregenerated/aesni-gcm-x86_64-macosx.S index ee36012..61d01ca 100644 --- a/pregenerated/aesni-gcm-x86_64-macosx.S +++ b/pregenerated/aesni-gcm-x86_64-macosx.S @@ -8,6 +8,7 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text @@ -340,11 +341,11 @@ L$6x_done: .byte 0xf3,0xc3 -.globl _GFp_aesni_gcm_decrypt -.private_extern _GFp_aesni_gcm_decrypt +.globl _aesni_gcm_decrypt +.private_extern _aesni_gcm_decrypt .p2align 5 -_GFp_aesni_gcm_decrypt: +_aesni_gcm_decrypt: xorq %r10,%r10 @@ -547,11 +548,11 @@ L$handle_ctr32_2: -.globl _GFp_aesni_gcm_encrypt -.private_extern _GFp_aesni_gcm_encrypt +.globl _aesni_gcm_encrypt +.private_extern _aesni_gcm_encrypt .p2align 5 -_GFp_aesni_gcm_encrypt: +_aesni_gcm_encrypt: xorq %r10,%r10 diff --git a/pregenerated/aesni-gcm-x86_64-nasm.obj b/pregenerated/aesni-gcm-x86_64-nasm.obj Binary files differindex 356e612..6cf79ee 100644 --- a/pregenerated/aesni-gcm-x86_64-nasm.obj +++ b/pregenerated/aesni-gcm-x86_64-nasm.obj diff --git a/pregenerated/aesni-x86-elf.S b/pregenerated/aesni-x86-elf.S index b8b3dcb..61a1362 100644 --- a/pregenerated/aesni-x86-elf.S +++ b/pregenerated/aesni-x86-elf.S @@ -2,16 +2,14 @@ # source tree. Do not edit by hand. #if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl GFp_aes_hw_encrypt -.hidden GFp_aes_hw_encrypt -.type GFp_aes_hw_encrypt,@function +.globl aes_hw_encrypt +.hidden aes_hw_encrypt +.type aes_hw_encrypt,@function .align 16 -GFp_aes_hw_encrypt: -.L_GFp_aes_hw_encrypt_begin: +aes_hw_encrypt: +.L_aes_hw_encrypt_begin: movl 4(%esp),%eax movl 12(%esp),%edx movups (%eax),%xmm2 @@ -33,7 +31,7 @@ GFp_aes_hw_encrypt: movups %xmm2,(%eax) pxor %xmm2,%xmm2 ret -.size GFp_aes_hw_encrypt,.-.L_GFp_aes_hw_encrypt_begin +.size aes_hw_encrypt,.-.L_aes_hw_encrypt_begin .hidden _aesni_encrypt2 .type _aesni_encrypt2,@function .align 16 @@ -189,12 +187,12 @@ _aesni_encrypt6: .byte 102,15,56,221,248 ret .size _aesni_encrypt6,.-_aesni_encrypt6 -.globl GFp_aes_hw_ctr32_encrypt_blocks -.hidden GFp_aes_hw_ctr32_encrypt_blocks -.type GFp_aes_hw_ctr32_encrypt_blocks,@function +.globl aes_hw_ctr32_encrypt_blocks +.hidden aes_hw_ctr32_encrypt_blocks +.type aes_hw_ctr32_encrypt_blocks,@function .align 16 -GFp_aes_hw_ctr32_encrypt_blocks: -.L_GFp_aes_hw_ctr32_encrypt_blocks_begin: +aes_hw_ctr32_encrypt_blocks: +.L_aes_hw_ctr32_encrypt_blocks_begin: pushl %ebp pushl %ebx pushl %esi @@ -427,7 +425,7 @@ GFp_aes_hw_ctr32_encrypt_blocks: popl %ebx popl %ebp ret -.size GFp_aes_hw_ctr32_encrypt_blocks,.-.L_GFp_aes_hw_ctr32_encrypt_blocks_begin +.size aes_hw_ctr32_encrypt_blocks,.-.L_aes_hw_ctr32_encrypt_blocks_begin .hidden _aesni_set_encrypt_key .type _aesni_set_encrypt_key,@function .align 16 @@ -442,7 +440,7 @@ _aesni_set_encrypt_key: .L016pic: popl %ebx leal .Lkey_const-.L016pic(%ebx),%ebx - leal GFp_ia32cap_P-.Lkey_const(%ebx),%ebp + leal OPENSSL_ia32cap_P-.Lkey_const(%ebx),%ebp movups (%eax),%xmm0 xorps %xmm4,%xmm4 movl 4(%ebp),%ebp @@ -673,18 +671,18 @@ _aesni_set_encrypt_key: popl %ebp ret .size _aesni_set_encrypt_key,.-_aesni_set_encrypt_key -.globl GFp_aes_hw_set_encrypt_key -.hidden GFp_aes_hw_set_encrypt_key -.type GFp_aes_hw_set_encrypt_key,@function +.globl aes_hw_set_encrypt_key +.hidden aes_hw_set_encrypt_key +.type aes_hw_set_encrypt_key,@function .align 16 -GFp_aes_hw_set_encrypt_key: -.L_GFp_aes_hw_set_encrypt_key_begin: +aes_hw_set_encrypt_key: +.L_aes_hw_set_encrypt_key_begin: movl 4(%esp),%eax movl 8(%esp),%ecx movl 12(%esp),%edx call _aesni_set_encrypt_key ret -.size GFp_aes_hw_set_encrypt_key,.-.L_GFp_aes_hw_set_encrypt_key_begin +.size aes_hw_set_encrypt_key,.-.L_aes_hw_set_encrypt_key_begin .align 64 .Lkey_const: .long 202313229,202313229,202313229,202313229 diff --git a/pregenerated/aesni-x86-macosx.S b/pregenerated/aesni-x86-macosx.S deleted file mode 100644 index 56d884b..0000000 --- a/pregenerated/aesni-x86-macosx.S +++ /dev/null @@ -1,686 +0,0 @@ -# This file is generated from a similarly-named Perl script in the BoringSSL -# source tree. Do not edit by hand. - -#if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif -.text -.globl _GFp_aes_hw_encrypt -.private_extern _GFp_aes_hw_encrypt -.align 4 -_GFp_aes_hw_encrypt: -L_GFp_aes_hw_encrypt_begin: - movl 4(%esp),%eax - movl 12(%esp),%edx - movups (%eax),%xmm2 - movl 240(%edx),%ecx - movl 8(%esp),%eax - movups (%edx),%xmm0 - movups 16(%edx),%xmm1 - leal 32(%edx),%edx - xorps %xmm0,%xmm2 -L000enc1_loop_1: -.byte 102,15,56,220,209 - decl %ecx - movups (%edx),%xmm1 - leal 16(%edx),%edx - jnz L000enc1_loop_1 -.byte 102,15,56,221,209 - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - movups %xmm2,(%eax) - pxor %xmm2,%xmm2 - ret -.private_extern __aesni_encrypt2 -.align 4 -__aesni_encrypt2: - movups (%edx),%xmm0 - shll $4,%ecx - movups 16(%edx),%xmm1 - xorps %xmm0,%xmm2 - pxor %xmm0,%xmm3 - movups 32(%edx),%xmm0 - leal 32(%edx,%ecx,1),%edx - negl %ecx - addl $16,%ecx -L001enc2_loop: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 - movups (%edx,%ecx,1),%xmm1 - addl $32,%ecx -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 - movups -16(%edx,%ecx,1),%xmm0 - jnz L001enc2_loop -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,221,208 -.byte 102,15,56,221,216 - ret -.private_extern __aesni_encrypt3 -.align 4 -__aesni_encrypt3: - movups (%edx),%xmm0 - shll $4,%ecx - movups 16(%edx),%xmm1 - xorps %xmm0,%xmm2 - pxor %xmm0,%xmm3 - pxor %xmm0,%xmm4 - movups 32(%edx),%xmm0 - leal 32(%edx,%ecx,1),%edx - negl %ecx - addl $16,%ecx -L002enc3_loop: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 - movups (%edx,%ecx,1),%xmm1 - addl $32,%ecx -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 - movups -16(%edx,%ecx,1),%xmm0 - jnz L002enc3_loop -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,221,208 -.byte 102,15,56,221,216 -.byte 102,15,56,221,224 - ret -.private_extern __aesni_encrypt4 -.align 4 -__aesni_encrypt4: - movups (%edx),%xmm0 - movups 16(%edx),%xmm1 - shll $4,%ecx - xorps %xmm0,%xmm2 - pxor %xmm0,%xmm3 - pxor %xmm0,%xmm4 - pxor %xmm0,%xmm5 - movups 32(%edx),%xmm0 - leal 32(%edx,%ecx,1),%edx - negl %ecx -.byte 15,31,64,0 - addl $16,%ecx -L003enc4_loop: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 - movups (%edx,%ecx,1),%xmm1 - addl $32,%ecx -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 - movups -16(%edx,%ecx,1),%xmm0 - jnz L003enc4_loop -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,221,208 -.byte 102,15,56,221,216 -.byte 102,15,56,221,224 -.byte 102,15,56,221,232 - ret -.private_extern __aesni_encrypt6 -.align 4 -__aesni_encrypt6: - movups (%edx),%xmm0 - shll $4,%ecx - movups 16(%edx),%xmm1 - xorps %xmm0,%xmm2 - pxor %xmm0,%xmm3 - pxor %xmm0,%xmm4 -.byte 102,15,56,220,209 - pxor %xmm0,%xmm5 - pxor %xmm0,%xmm6 -.byte 102,15,56,220,217 - leal 32(%edx,%ecx,1),%edx - negl %ecx -.byte 102,15,56,220,225 - pxor %xmm0,%xmm7 - movups (%edx,%ecx,1),%xmm0 - addl $16,%ecx - jmp L004_aesni_encrypt6_inner -.align 4,0x90 -L005enc6_loop: -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -L004_aesni_encrypt6_inner: -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 -L_aesni_encrypt6_enter: - movups (%edx,%ecx,1),%xmm1 - addl $32,%ecx -.byte 102,15,56,220,208 -.byte 102,15,56,220,216 -.byte 102,15,56,220,224 -.byte 102,15,56,220,232 -.byte 102,15,56,220,240 -.byte 102,15,56,220,248 - movups -16(%edx,%ecx,1),%xmm0 - jnz L005enc6_loop -.byte 102,15,56,220,209 -.byte 102,15,56,220,217 -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 -.byte 102,15,56,221,208 -.byte 102,15,56,221,216 -.byte 102,15,56,221,224 -.byte 102,15,56,221,232 -.byte 102,15,56,221,240 -.byte 102,15,56,221,248 - ret -.globl _GFp_aes_hw_ctr32_encrypt_blocks -.private_extern _GFp_aes_hw_ctr32_encrypt_blocks -.align 4 -_GFp_aes_hw_ctr32_encrypt_blocks: -L_GFp_aes_hw_ctr32_encrypt_blocks_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 20(%esp),%esi - movl 24(%esp),%edi - movl 28(%esp),%eax - movl 32(%esp),%edx - movl 36(%esp),%ebx - movl %esp,%ebp - subl $88,%esp - andl $-16,%esp - movl %ebp,80(%esp) - cmpl $1,%eax - je L006ctr32_one_shortcut - movdqu (%ebx),%xmm7 - movl $202182159,(%esp) - movl $134810123,4(%esp) - movl $67438087,8(%esp) - movl $66051,12(%esp) - movl $6,%ecx - xorl %ebp,%ebp - movl %ecx,16(%esp) - movl %ecx,20(%esp) - movl %ecx,24(%esp) - movl %ebp,28(%esp) -.byte 102,15,58,22,251,3 -.byte 102,15,58,34,253,3 - movl 240(%edx),%ecx - bswap %ebx - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - movdqa (%esp),%xmm2 -.byte 102,15,58,34,195,0 - leal 3(%ebx),%ebp -.byte 102,15,58,34,205,0 - incl %ebx -.byte 102,15,58,34,195,1 - incl %ebp -.byte 102,15,58,34,205,1 - incl %ebx -.byte 102,15,58,34,195,2 - incl %ebp -.byte 102,15,58,34,205,2 - movdqa %xmm0,48(%esp) -.byte 102,15,56,0,194 - movdqu (%edx),%xmm6 - movdqa %xmm1,64(%esp) -.byte 102,15,56,0,202 - pshufd $192,%xmm0,%xmm2 - pshufd $128,%xmm0,%xmm3 - cmpl $6,%eax - jb L007ctr32_tail - pxor %xmm6,%xmm7 - shll $4,%ecx - movl $16,%ebx - movdqa %xmm7,32(%esp) - movl %edx,%ebp - subl %ecx,%ebx - leal 32(%edx,%ecx,1),%edx - subl $6,%eax - jmp L008ctr32_loop6 -.align 4,0x90 -L008ctr32_loop6: - pshufd $64,%xmm0,%xmm4 - movdqa 32(%esp),%xmm0 - pshufd $192,%xmm1,%xmm5 - pxor %xmm0,%xmm2 - pshufd $128,%xmm1,%xmm6 - pxor %xmm0,%xmm3 - pshufd $64,%xmm1,%xmm7 - movups 16(%ebp),%xmm1 - pxor %xmm0,%xmm4 - pxor %xmm0,%xmm5 -.byte 102,15,56,220,209 - pxor %xmm0,%xmm6 - pxor %xmm0,%xmm7 -.byte 102,15,56,220,217 - movups 32(%ebp),%xmm0 - movl %ebx,%ecx -.byte 102,15,56,220,225 -.byte 102,15,56,220,233 -.byte 102,15,56,220,241 -.byte 102,15,56,220,249 - call L_aesni_encrypt6_enter - movups (%esi),%xmm1 - movups 16(%esi),%xmm0 - xorps %xmm1,%xmm2 - movups 32(%esi),%xmm1 - xorps %xmm0,%xmm3 - movups %xmm2,(%edi) - movdqa 16(%esp),%xmm0 - xorps %xmm1,%xmm4 - movdqa 64(%esp),%xmm1 - movups %xmm3,16(%edi) - movups %xmm4,32(%edi) - paddd %xmm0,%xmm1 - paddd 48(%esp),%xmm0 - movdqa (%esp),%xmm2 - movups 48(%esi),%xmm3 - movups 64(%esi),%xmm4 - xorps %xmm3,%xmm5 - movups 80(%esi),%xmm3 - leal 96(%esi),%esi - movdqa %xmm0,48(%esp) -.byte 102,15,56,0,194 - xorps %xmm4,%xmm6 - movups %xmm5,48(%edi) - xorps %xmm3,%xmm7 - movdqa %xmm1,64(%esp) -.byte 102,15,56,0,202 - movups %xmm6,64(%edi) - pshufd $192,%xmm0,%xmm2 - movups %xmm7,80(%edi) - leal 96(%edi),%edi - pshufd $128,%xmm0,%xmm3 - subl $6,%eax - jnc L008ctr32_loop6 - addl $6,%eax - jz L009ctr32_ret - movdqu (%ebp),%xmm7 - movl %ebp,%edx - pxor 32(%esp),%xmm7 - movl 240(%ebp),%ecx -L007ctr32_tail: - por %xmm7,%xmm2 - cmpl $2,%eax - jb L010ctr32_one - pshufd $64,%xmm0,%xmm4 - por %xmm7,%xmm3 - je L011ctr32_two - pshufd $192,%xmm1,%xmm5 - por %xmm7,%xmm4 - cmpl $4,%eax - jb L012ctr32_three - pshufd $128,%xmm1,%xmm6 - por %xmm7,%xmm5 - je L013ctr32_four - por %xmm7,%xmm6 - call __aesni_encrypt6 - movups (%esi),%xmm1 - movups 16(%esi),%xmm0 - xorps %xmm1,%xmm2 - movups 32(%esi),%xmm1 - xorps %xmm0,%xmm3 - movups 48(%esi),%xmm0 - xorps %xmm1,%xmm4 - movups 64(%esi),%xmm1 - xorps %xmm0,%xmm5 - movups %xmm2,(%edi) - xorps %xmm1,%xmm6 - movups %xmm3,16(%edi) - movups %xmm4,32(%edi) - movups %xmm5,48(%edi) - movups %xmm6,64(%edi) - jmp L009ctr32_ret -.align 4,0x90 -L006ctr32_one_shortcut: - movups (%ebx),%xmm2 - movl 240(%edx),%ecx -L010ctr32_one: - movups (%edx),%xmm0 - movups 16(%edx),%xmm1 - leal 32(%edx),%edx - xorps %xmm0,%xmm2 -L014enc1_loop_2: -.byte 102,15,56,220,209 - decl %ecx - movups (%edx),%xmm1 - leal 16(%edx),%edx - jnz L014enc1_loop_2 -.byte 102,15,56,221,209 - movups (%esi),%xmm6 - xorps %xmm2,%xmm6 - movups %xmm6,(%edi) - jmp L009ctr32_ret -.align 4,0x90 -L011ctr32_two: - call __aesni_encrypt2 - movups (%esi),%xmm5 - movups 16(%esi),%xmm6 - xorps %xmm5,%xmm2 - xorps %xmm6,%xmm3 - movups %xmm2,(%edi) - movups %xmm3,16(%edi) - jmp L009ctr32_ret -.align 4,0x90 -L012ctr32_three: - call __aesni_encrypt3 - movups (%esi),%xmm5 - movups 16(%esi),%xmm6 - xorps %xmm5,%xmm2 - movups 32(%esi),%xmm7 - xorps %xmm6,%xmm3 - movups %xmm2,(%edi) - xorps %xmm7,%xmm4 - movups %xmm3,16(%edi) - movups %xmm4,32(%edi) - jmp L009ctr32_ret -.align 4,0x90 -L013ctr32_four: - call __aesni_encrypt4 - movups (%esi),%xmm6 - movups 16(%esi),%xmm7 - movups 32(%esi),%xmm1 - xorps %xmm6,%xmm2 - movups 48(%esi),%xmm0 - xorps %xmm7,%xmm3 - movups %xmm2,(%edi) - xorps %xmm1,%xmm4 - movups %xmm3,16(%edi) - xorps %xmm0,%xmm5 - movups %xmm4,32(%edi) - movups %xmm5,48(%edi) -L009ctr32_ret: - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - movdqa %xmm0,32(%esp) - pxor %xmm5,%xmm5 - movdqa %xmm0,48(%esp) - pxor %xmm6,%xmm6 - movdqa %xmm0,64(%esp) - pxor %xmm7,%xmm7 - movl 80(%esp),%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.private_extern __aesni_set_encrypt_key -.align 4 -__aesni_set_encrypt_key: - pushl %ebp - pushl %ebx - testl %eax,%eax - jz L015bad_pointer - testl %edx,%edx - jz L015bad_pointer - call L016pic -L016pic: - popl %ebx - leal Lkey_const-L016pic(%ebx),%ebx - movl L_GFp_ia32cap_P$non_lazy_ptr-Lkey_const(%ebx),%ebp - movups (%eax),%xmm0 - xorps %xmm4,%xmm4 - movl 4(%ebp),%ebp - leal 16(%edx),%edx - andl $268437504,%ebp - cmpl $256,%ecx - je L01714rounds - cmpl $128,%ecx - jne L018bad_keybits -.align 4,0x90 -L01910rounds: - cmpl $268435456,%ebp - je L02010rounds_alt - movl $9,%ecx - movups %xmm0,-16(%edx) -.byte 102,15,58,223,200,1 - call L021key_128_cold -.byte 102,15,58,223,200,2 - call L022key_128 -.byte 102,15,58,223,200,4 - call L022key_128 -.byte 102,15,58,223,200,8 - call L022key_128 -.byte 102,15,58,223,200,16 - call L022key_128 -.byte 102,15,58,223,200,32 - call L022key_128 -.byte 102,15,58,223,200,64 - call L022key_128 -.byte 102,15,58,223,200,128 - call L022key_128 -.byte 102,15,58,223,200,27 - call L022key_128 -.byte 102,15,58,223,200,54 - call L022key_128 - movups %xmm0,(%edx) - movl %ecx,80(%edx) - jmp L023good_key -.align 4,0x90 -L022key_128: - movups %xmm0,(%edx) - leal 16(%edx),%edx -L021key_128_cold: - shufps $16,%xmm0,%xmm4 - xorps %xmm4,%xmm0 - shufps $140,%xmm0,%xmm4 - xorps %xmm4,%xmm0 - shufps $255,%xmm1,%xmm1 - xorps %xmm1,%xmm0 - ret -.align 4,0x90 -L02010rounds_alt: - movdqa (%ebx),%xmm5 - movl $8,%ecx - movdqa 32(%ebx),%xmm4 - movdqa %xmm0,%xmm2 - movdqu %xmm0,-16(%edx) -L024loop_key128: -.byte 102,15,56,0,197 -.byte 102,15,56,221,196 - pslld $1,%xmm4 - leal 16(%edx),%edx - movdqa %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm3,%xmm2 - pxor %xmm2,%xmm0 - movdqu %xmm0,-16(%edx) - movdqa %xmm0,%xmm2 - decl %ecx - jnz L024loop_key128 - movdqa 48(%ebx),%xmm4 -.byte 102,15,56,0,197 -.byte 102,15,56,221,196 - pslld $1,%xmm4 - movdqa %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm3,%xmm2 - pxor %xmm2,%xmm0 - movdqu %xmm0,(%edx) - movdqa %xmm0,%xmm2 -.byte 102,15,56,0,197 -.byte 102,15,56,221,196 - movdqa %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm2,%xmm3 - pslldq $4,%xmm2 - pxor %xmm3,%xmm2 - pxor %xmm2,%xmm0 - movdqu %xmm0,16(%edx) - movl $9,%ecx - movl %ecx,96(%edx) - jmp L023good_key -.align 4,0x90 -L01714rounds: - movups 16(%eax),%xmm2 - leal 16(%edx),%edx - cmpl $268435456,%ebp - je L02514rounds_alt - movl $13,%ecx - movups %xmm0,-32(%edx) - movups %xmm2,-16(%edx) -.byte 102,15,58,223,202,1 - call L026key_256a_cold -.byte 102,15,58,223,200,1 - call L027key_256b -.byte 102,15,58,223,202,2 - call L028key_256a -.byte 102,15,58,223,200,2 - call L027key_256b -.byte 102,15,58,223,202,4 - call L028key_256a -.byte 102,15,58,223,200,4 - call L027key_256b -.byte 102,15,58,223,202,8 - call L028key_256a -.byte 102,15,58,223,200,8 - call L027key_256b -.byte 102,15,58,223,202,16 - call L028key_256a -.byte 102,15,58,223,200,16 - call L027key_256b -.byte 102,15,58,223,202,32 - call L028key_256a -.byte 102,15,58,223,200,32 - call L027key_256b -.byte 102,15,58,223,202,64 - call L028key_256a - movups %xmm0,(%edx) - movl %ecx,16(%edx) - xorl %eax,%eax - jmp L023good_key -.align 4,0x90 -L028key_256a: - movups %xmm2,(%edx) - leal 16(%edx),%edx -L026key_256a_cold: - shufps $16,%xmm0,%xmm4 - xorps %xmm4,%xmm0 - shufps $140,%xmm0,%xmm4 - xorps %xmm4,%xmm0 - shufps $255,%xmm1,%xmm1 - xorps %xmm1,%xmm0 - ret -.align 4,0x90 -L027key_256b: - movups %xmm0,(%edx) - leal 16(%edx),%edx - shufps $16,%xmm2,%xmm4 - xorps %xmm4,%xmm2 - shufps $140,%xmm2,%xmm4 - xorps %xmm4,%xmm2 - shufps $170,%xmm1,%xmm1 - xorps %xmm1,%xmm2 - ret -.align 4,0x90 -L02514rounds_alt: - movdqa (%ebx),%xmm5 - movdqa 32(%ebx),%xmm4 - movl $7,%ecx - movdqu %xmm0,-32(%edx) - movdqa %xmm2,%xmm1 - movdqu %xmm2,-16(%edx) -L029loop_key256: -.byte 102,15,56,0,213 -.byte 102,15,56,221,212 - movdqa %xmm0,%xmm3 - pslldq $4,%xmm0 - pxor %xmm0,%xmm3 - pslldq $4,%xmm0 - pxor %xmm0,%xmm3 - pslldq $4,%xmm0 - pxor %xmm3,%xmm0 - pslld $1,%xmm4 - pxor %xmm2,%xmm0 - movdqu %xmm0,(%edx) - decl %ecx - jz L030done_key256 - pshufd $255,%xmm0,%xmm2 - pxor %xmm3,%xmm3 -.byte 102,15,56,221,211 - movdqa %xmm1,%xmm3 - pslldq $4,%xmm1 - pxor %xmm1,%xmm3 - pslldq $4,%xmm1 - pxor %xmm1,%xmm3 - pslldq $4,%xmm1 - pxor %xmm3,%xmm1 - pxor %xmm1,%xmm2 - movdqu %xmm2,16(%edx) - leal 32(%edx),%edx - movdqa %xmm2,%xmm1 - jmp L029loop_key256 -L030done_key256: - movl $13,%ecx - movl %ecx,16(%edx) -L023good_key: - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - xorl %eax,%eax - popl %ebx - popl %ebp - ret -.align 2,0x90 -L015bad_pointer: - movl $-1,%eax - popl %ebx - popl %ebp - ret -.align 2,0x90 -L018bad_keybits: - pxor %xmm0,%xmm0 - movl $-2,%eax - popl %ebx - popl %ebp - ret -.globl _GFp_aes_hw_set_encrypt_key -.private_extern _GFp_aes_hw_set_encrypt_key -.align 4 -_GFp_aes_hw_set_encrypt_key: -L_GFp_aes_hw_set_encrypt_key_begin: - movl 4(%esp),%eax - movl 8(%esp),%ecx - movl 12(%esp),%edx - call __aesni_set_encrypt_key - ret -.align 6,0x90 -Lkey_const: -.long 202313229,202313229,202313229,202313229 -.long 67569157,67569157,67569157,67569157 -.long 1,1,1,1 -.long 27,27,27,27 -.byte 65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69 -.byte 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83 -.byte 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 -.byte 115,108,46,111,114,103,62,0 -.section __IMPORT,__pointers,non_lazy_symbol_pointers -L_GFp_ia32cap_P$non_lazy_ptr: -.indirect_symbol _GFp_ia32cap_P -.long 0 -#endif diff --git a/pregenerated/aesni-x86-win32n.obj b/pregenerated/aesni-x86-win32n.obj Binary files differindex 5ad897a..3ca283f 100644 --- a/pregenerated/aesni-x86-win32n.obj +++ b/pregenerated/aesni-x86-win32n.obj diff --git a/pregenerated/aesni-x86_64-elf.S b/pregenerated/aesni-x86_64-elf.S index 4696645..ca8cc63 100644 --- a/pregenerated/aesni-x86_64-elf.S +++ b/pregenerated/aesni-x86_64-elf.S @@ -8,14 +8,15 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P -.globl GFp_aes_hw_encrypt -.hidden GFp_aes_hw_encrypt -.type GFp_aes_hw_encrypt,@function +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P +.globl aes_hw_encrypt +.hidden aes_hw_encrypt +.type aes_hw_encrypt,@function .align 16 -GFp_aes_hw_encrypt: +aes_hw_encrypt: .cfi_startproc movups (%rdi),%xmm2 movl 240(%rdx),%eax @@ -36,7 +37,7 @@ GFp_aes_hw_encrypt: pxor %xmm2,%xmm2 .byte 0xf3,0xc3 .cfi_endproc -.size GFp_aes_hw_encrypt,.-GFp_aes_hw_encrypt +.size aes_hw_encrypt,.-aes_hw_encrypt .type _aesni_encrypt2,@function .align 16 _aesni_encrypt2: @@ -268,11 +269,11 @@ _aesni_encrypt8: .byte 0xf3,0xc3 .cfi_endproc .size _aesni_encrypt8,.-_aesni_encrypt8 -.globl GFp_aes_hw_ctr32_encrypt_blocks -.hidden GFp_aes_hw_ctr32_encrypt_blocks -.type GFp_aes_hw_ctr32_encrypt_blocks,@function +.globl aes_hw_ctr32_encrypt_blocks +.hidden aes_hw_ctr32_encrypt_blocks +.type aes_hw_ctr32_encrypt_blocks,@function .align 16 -GFp_aes_hw_ctr32_encrypt_blocks: +aes_hw_ctr32_encrypt_blocks: .cfi_startproc cmpq $1,%rdx jne .Lctr32_bulk @@ -360,7 +361,7 @@ GFp_aes_hw_ctr32_encrypt_blocks: leaq 7(%r8),%r9 movl %r10d,96+12(%rsp) bswapl %r9d - leaq GFp_ia32cap_P(%rip),%r10 + leaq OPENSSL_ia32cap_P(%rip),%r10 movl 4(%r10),%r10d xorl %ebp,%r9d andl $71303168,%r10d @@ -848,12 +849,12 @@ GFp_aes_hw_ctr32_encrypt_blocks: .Lctr32_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_aes_hw_ctr32_encrypt_blocks,.-GFp_aes_hw_ctr32_encrypt_blocks -.globl GFp_aes_hw_set_encrypt_key -.hidden GFp_aes_hw_set_encrypt_key -.type GFp_aes_hw_set_encrypt_key,@function +.size aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks +.globl aes_hw_set_encrypt_key +.hidden aes_hw_set_encrypt_key +.type aes_hw_set_encrypt_key,@function .align 16 -GFp_aes_hw_set_encrypt_key: +aes_hw_set_encrypt_key: __aesni_set_encrypt_key: .cfi_startproc .byte 0x48,0x83,0xEC,0x08 @@ -866,7 +867,7 @@ __aesni_set_encrypt_key: movups (%rdi),%xmm0 xorps %xmm4,%xmm4 - leaq GFp_ia32cap_P(%rip),%r10 + leaq OPENSSL_ia32cap_P(%rip),%r10 movl 4(%r10),%r10d andl $268437504,%r10d leaq 16(%rdx),%rax @@ -1085,7 +1086,7 @@ __aesni_set_encrypt_key: .cfi_adjust_cfa_offset -8 .byte 0xf3,0xc3 .cfi_endproc -.LSEH_end_GFp_set_encrypt_key: +.LSEH_end_set_encrypt_key: .align 16 .Lkey_expansion_128: @@ -1155,7 +1156,7 @@ __aesni_set_encrypt_key: shufps $170,%xmm1,%xmm1 xorps %xmm1,%xmm2 .byte 0xf3,0xc3 -.size GFp_aes_hw_set_encrypt_key,.-GFp_aes_hw_set_encrypt_key +.size aes_hw_set_encrypt_key,.-aes_hw_set_encrypt_key .size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key .align 64 .Lbswap_mask: diff --git a/pregenerated/aesni-x86_64-macosx.S b/pregenerated/aesni-x86_64-macosx.S index 4d36398..d457cd2 100644 --- a/pregenerated/aesni-x86_64-macosx.S +++ b/pregenerated/aesni-x86_64-macosx.S @@ -8,13 +8,14 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl _GFp_aes_hw_encrypt -.private_extern _GFp_aes_hw_encrypt +.globl _aes_hw_encrypt +.private_extern _aes_hw_encrypt .p2align 4 -_GFp_aes_hw_encrypt: +_aes_hw_encrypt: movups (%rdi),%xmm2 movl 240(%rdx),%eax @@ -267,11 +268,11 @@ L$enc_loop8_enter: .byte 0xf3,0xc3 -.globl _GFp_aes_hw_ctr32_encrypt_blocks -.private_extern _GFp_aes_hw_ctr32_encrypt_blocks +.globl _aes_hw_ctr32_encrypt_blocks +.private_extern _aes_hw_ctr32_encrypt_blocks .p2align 4 -_GFp_aes_hw_ctr32_encrypt_blocks: +_aes_hw_ctr32_encrypt_blocks: cmpq $1,%rdx jne L$ctr32_bulk @@ -359,7 +360,7 @@ L$ctr32_bulk: leaq 7(%r8),%r9 movl %r10d,96+12(%rsp) bswapl %r9d - leaq _GFp_ia32cap_P(%rip),%r10 + leaq _OPENSSL_ia32cap_P(%rip),%r10 movl 4(%r10),%r10d xorl %ebp,%r9d andl $71303168,%r10d @@ -848,11 +849,11 @@ L$ctr32_epilogue: .byte 0xf3,0xc3 -.globl _GFp_aes_hw_set_encrypt_key -.private_extern _GFp_aes_hw_set_encrypt_key +.globl _aes_hw_set_encrypt_key +.private_extern _aes_hw_set_encrypt_key .p2align 4 -_GFp_aes_hw_set_encrypt_key: +_aes_hw_set_encrypt_key: __aesni_set_encrypt_key: .byte 0x48,0x83,0xEC,0x08 @@ -865,7 +866,7 @@ __aesni_set_encrypt_key: movups (%rdi),%xmm0 xorps %xmm4,%xmm4 - leaq _GFp_ia32cap_P(%rip),%r10 + leaq _OPENSSL_ia32cap_P(%rip),%r10 movl 4(%r10),%r10d andl $268437504,%r10d leaq 16(%rdx),%rax @@ -1084,7 +1085,7 @@ L$enc_key_ret: .byte 0xf3,0xc3 -L$SEH_end_GFp_set_encrypt_key: +L$SEH_end_set_encrypt_key: .p2align 4 L$key_expansion_128: diff --git a/pregenerated/aesni-x86_64-nasm.obj b/pregenerated/aesni-x86_64-nasm.obj Binary files differindex f8549ae..da5bcaf 100644 --- a/pregenerated/aesni-x86_64-nasm.obj +++ b/pregenerated/aesni-x86_64-nasm.obj diff --git a/pregenerated/aesv8-armx-ios32.S b/pregenerated/aesv8-armx-ios32.S deleted file mode 100644 index f592853..0000000 --- a/pregenerated/aesv8-armx-ios32.S +++ /dev/null @@ -1,436 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> - -#if __ARM_MAX_ARCH__>=7 -.text - - -.code 32 -#undef __thumb2__ -.align 5 -Lrcon: -.long 0x01,0x01,0x01,0x01 -.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d @ rotate-n-splat -.long 0x1b,0x1b,0x1b,0x1b - -.text - -.globl _GFp_aes_hw_set_encrypt_key -.private_extern _GFp_aes_hw_set_encrypt_key -#ifdef __thumb2__ -.thumb_func _GFp_aes_hw_set_encrypt_key -#endif -.align 5 -_GFp_aes_hw_set_encrypt_key: -Lenc_key: - mov r3,#-1 - cmp r0,#0 - beq Lenc_key_abort - cmp r2,#0 - beq Lenc_key_abort - mov r3,#-2 - cmp r1,#128 - blt Lenc_key_abort - cmp r1,#256 - bgt Lenc_key_abort - tst r1,#0x3f - bne Lenc_key_abort - - adr r3,Lrcon - cmp r1,#192 - - veor q0,q0,q0 - vld1.8 {q3},[r0]! - mov r1,#8 @ reuse r1 - vld1.32 {q1,q2},[r3]! - - blt Loop128 - @ 192-bit key support was removed. - b L256 - -.align 4 -Loop128: - vtbl.8 d20,{q3},d4 - vtbl.8 d21,{q3},d5 - vext.8 q9,q0,q3,#12 - vst1.32 {q3},[r2]! -.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 - subs r1,r1,#1 - - veor q3,q3,q9 - vext.8 q9,q0,q9,#12 - veor q3,q3,q9 - vext.8 q9,q0,q9,#12 - veor q10,q10,q1 - veor q3,q3,q9 - vshl.u8 q1,q1,#1 - veor q3,q3,q10 - bne Loop128 - - vld1.32 {q1},[r3] - - vtbl.8 d20,{q3},d4 - vtbl.8 d21,{q3},d5 - vext.8 q9,q0,q3,#12 - vst1.32 {q3},[r2]! -.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 - - veor q3,q3,q9 - vext.8 q9,q0,q9,#12 - veor q3,q3,q9 - vext.8 q9,q0,q9,#12 - veor q10,q10,q1 - veor q3,q3,q9 - vshl.u8 q1,q1,#1 - veor q3,q3,q10 - - vtbl.8 d20,{q3},d4 - vtbl.8 d21,{q3},d5 - vext.8 q9,q0,q3,#12 - vst1.32 {q3},[r2]! -.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 - - veor q3,q3,q9 - vext.8 q9,q0,q9,#12 - veor q3,q3,q9 - vext.8 q9,q0,q9,#12 - veor q10,q10,q1 - veor q3,q3,q9 - veor q3,q3,q10 - vst1.32 {q3},[r2] - add r2,r2,#0x50 - - mov r12,#10 - b Ldone - -@ 192-bit key support was removed. - -.align 4 -L256: - vld1.8 {q8},[r0] - mov r1,#7 - mov r12,#14 - vst1.32 {q3},[r2]! - -Loop256: - vtbl.8 d20,{q8},d4 - vtbl.8 d21,{q8},d5 - vext.8 q9,q0,q3,#12 - vst1.32 {q8},[r2]! -.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 - subs r1,r1,#1 - - veor q3,q3,q9 - vext.8 q9,q0,q9,#12 - veor q3,q3,q9 - vext.8 q9,q0,q9,#12 - veor q10,q10,q1 - veor q3,q3,q9 - vshl.u8 q1,q1,#1 - veor q3,q3,q10 - vst1.32 {q3},[r2]! - beq Ldone - - vdup.32 q10,d7[1] - vext.8 q9,q0,q8,#12 -.byte 0x00,0x43,0xf0,0xf3 @ aese q10,q0 - - veor q8,q8,q9 - vext.8 q9,q0,q9,#12 - veor q8,q8,q9 - vext.8 q9,q0,q9,#12 - veor q8,q8,q9 - - veor q8,q8,q10 - b Loop256 - -Ldone: - str r12,[r2] - mov r3,#0 - -Lenc_key_abort: - mov r0,r3 @ return value - - bx lr - -.globl _GFp_aes_hw_encrypt -.private_extern _GFp_aes_hw_encrypt -#ifdef __thumb2__ -.thumb_func _GFp_aes_hw_encrypt -#endif -.align 5 -_GFp_aes_hw_encrypt: - AARCH64_VALID_CALL_TARGET - ldr r3,[r2,#240] - vld1.32 {q0},[r2]! - vld1.8 {q2},[r0] - sub r3,r3,#2 - vld1.32 {q1},[r2]! - -Loop_enc: -.byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0 -.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 - vld1.32 {q0},[r2]! - subs r3,r3,#2 -.byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1 -.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 - vld1.32 {q1},[r2]! - bgt Loop_enc - -.byte 0x00,0x43,0xb0,0xf3 @ aese q2,q0 -.byte 0x84,0x43,0xb0,0xf3 @ aesmc q2,q2 - vld1.32 {q0},[r2] -.byte 0x02,0x43,0xb0,0xf3 @ aese q2,q1 - veor q2,q2,q0 - - vst1.8 {q2},[r1] - bx lr - -.globl _GFp_aes_hw_decrypt -.private_extern _GFp_aes_hw_decrypt -#ifdef __thumb2__ -.thumb_func _GFp_aes_hw_decrypt -#endif -.align 5 -_GFp_aes_hw_decrypt: - AARCH64_VALID_CALL_TARGET - ldr r3,[r2,#240] - vld1.32 {q0},[r2]! - vld1.8 {q2},[r0] - sub r3,r3,#2 - vld1.32 {q1},[r2]! - -Loop_dec: -.byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0 -.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 - vld1.32 {q0},[r2]! - subs r3,r3,#2 -.byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1 -.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 - vld1.32 {q1},[r2]! - bgt Loop_dec - -.byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0 -.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 - vld1.32 {q0},[r2] -.byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1 - veor q2,q2,q0 - - vst1.8 {q2},[r1] - bx lr - -.globl _GFp_aes_hw_ctr32_encrypt_blocks -.private_extern _GFp_aes_hw_ctr32_encrypt_blocks -#ifdef __thumb2__ -.thumb_func _GFp_aes_hw_ctr32_encrypt_blocks -#endif -.align 5 -_GFp_aes_hw_ctr32_encrypt_blocks: - mov ip,sp - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,lr} - vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so - ldr r4, [ip] @ load remaining arg - ldr r5,[r3,#240] - - ldr r8, [r4, #12] - vld1.32 {q0},[r4] - - vld1.32 {q8,q9},[r3] @ load key schedule... - sub r5,r5,#4 - mov r12,#16 - cmp r2,#2 - add r7,r3,r5,lsl#4 @ pointer to last 5 round keys - sub r5,r5,#2 - vld1.32 {q12,q13},[r7]! - vld1.32 {q14,q15},[r7]! - vld1.32 {q7},[r7] - add r7,r3,#32 - mov r6,r5 - movlo r12,#0 - - @ ARM Cortex-A57 and Cortex-A72 cores running in 32-bit mode are - @ affected by silicon errata #1742098 [0] and #1655431 [1], - @ respectively, where the second instruction of an aese/aesmc - @ instruction pair may execute twice if an interrupt is taken right - @ after the first instruction consumes an input register of which a - @ single 32-bit lane has been updated the last time it was modified. - @ - @ This function uses a counter in one 32-bit lane. The - @ could write to q1 and q10 directly, but that trips this bugs. - @ We write to q6 and copy to the final register as a workaround. - @ - @ [0] ARM-EPM-049219 v23 Cortex-A57 MPCore Software Developers Errata Notice - @ [1] ARM-EPM-012079 v11.0 Cortex-A72 MPCore Software Developers Errata Notice -#ifndef __ARMEB__ - rev r8, r8 -#endif - add r10, r8, #1 - vorr q6,q0,q0 - rev r10, r10 - vmov.32 d13[1],r10 - add r8, r8, #2 - vorr q1,q6,q6 - bls Lctr32_tail - rev r12, r8 - vmov.32 d13[1],r12 - sub r2,r2,#3 @ bias - vorr q10,q6,q6 - b Loop3x_ctr32 - -.align 4 -Loop3x_ctr32: -.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 -.byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8 -.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 - vld1.32 {q8},[r7]! - subs r6,r6,#2 -.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 -.byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9 -.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 - vld1.32 {q9},[r7]! - bgt Loop3x_ctr32 - -.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 -.byte 0x80,0x83,0xb0,0xf3 @ aesmc q4,q0 -.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 -.byte 0x82,0xa3,0xb0,0xf3 @ aesmc q5,q1 - vld1.8 {q2},[r0]! - add r9,r8,#1 -.byte 0x20,0x43,0xf0,0xf3 @ aese q10,q8 -.byte 0xa4,0x43,0xf0,0xf3 @ aesmc q10,q10 - vld1.8 {q3},[r0]! - rev r9,r9 -.byte 0x22,0x83,0xb0,0xf3 @ aese q4,q9 -.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 -.byte 0x22,0xa3,0xb0,0xf3 @ aese q5,q9 -.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - vld1.8 {q11},[r0]! - mov r7,r3 -.byte 0x22,0x43,0xf0,0xf3 @ aese q10,q9 -.byte 0xa4,0x23,0xf0,0xf3 @ aesmc q9,q10 -.byte 0x28,0x83,0xb0,0xf3 @ aese q4,q12 -.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 -.byte 0x28,0xa3,0xb0,0xf3 @ aese q5,q12 -.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - veor q2,q2,q7 - add r10,r8,#2 -.byte 0x28,0x23,0xf0,0xf3 @ aese q9,q12 -.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 - veor q3,q3,q7 - add r8,r8,#3 -.byte 0x2a,0x83,0xb0,0xf3 @ aese q4,q13 -.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 -.byte 0x2a,0xa3,0xb0,0xf3 @ aese q5,q13 -.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - @ Note the logic to update q0, q1, and q1 is written to work - @ around a bug in ARM Cortex-A57 and Cortex-A72 cores running in - @ 32-bit mode. See the comment above. - veor q11,q11,q7 - vmov.32 d13[1], r9 -.byte 0x2a,0x23,0xf0,0xf3 @ aese q9,q13 -.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 - vorr q0,q6,q6 - rev r10,r10 -.byte 0x2c,0x83,0xb0,0xf3 @ aese q4,q14 -.byte 0x88,0x83,0xb0,0xf3 @ aesmc q4,q4 - vmov.32 d13[1], r10 - rev r12,r8 -.byte 0x2c,0xa3,0xb0,0xf3 @ aese q5,q14 -.byte 0x8a,0xa3,0xb0,0xf3 @ aesmc q5,q5 - vorr q1,q6,q6 - vmov.32 d13[1], r12 -.byte 0x2c,0x23,0xf0,0xf3 @ aese q9,q14 -.byte 0xa2,0x23,0xf0,0xf3 @ aesmc q9,q9 - vorr q10,q6,q6 - subs r2,r2,#3 -.byte 0x2e,0x83,0xb0,0xf3 @ aese q4,q15 -.byte 0x2e,0xa3,0xb0,0xf3 @ aese q5,q15 -.byte 0x2e,0x23,0xf0,0xf3 @ aese q9,q15 - - veor q2,q2,q4 - vld1.32 {q8},[r7]! @ re-pre-load rndkey[0] - vst1.8 {q2},[r1]! - veor q3,q3,q5 - mov r6,r5 - vst1.8 {q3},[r1]! - veor q11,q11,q9 - vld1.32 {q9},[r7]! @ re-pre-load rndkey[1] - vst1.8 {q11},[r1]! - bhs Loop3x_ctr32 - - adds r2,r2,#3 - beq Lctr32_done - cmp r2,#1 - mov r12,#16 - moveq r12,#0 - -Lctr32_tail: -.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - vld1.32 {q8},[r7]! - subs r6,r6,#2 -.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - vld1.32 {q9},[r7]! - bgt Lctr32_tail - -.byte 0x20,0x03,0xb0,0xf3 @ aese q0,q8 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x20,0x23,0xb0,0xf3 @ aese q1,q8 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 -.byte 0x22,0x03,0xb0,0xf3 @ aese q0,q9 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x22,0x23,0xb0,0xf3 @ aese q1,q9 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - vld1.8 {q2},[r0],r12 -.byte 0x28,0x03,0xb0,0xf3 @ aese q0,q12 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x28,0x23,0xb0,0xf3 @ aese q1,q12 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - vld1.8 {q3},[r0] -.byte 0x2a,0x03,0xb0,0xf3 @ aese q0,q13 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x2a,0x23,0xb0,0xf3 @ aese q1,q13 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - veor q2,q2,q7 -.byte 0x2c,0x03,0xb0,0xf3 @ aese q0,q14 -.byte 0x80,0x03,0xb0,0xf3 @ aesmc q0,q0 -.byte 0x2c,0x23,0xb0,0xf3 @ aese q1,q14 -.byte 0x82,0x23,0xb0,0xf3 @ aesmc q1,q1 - veor q3,q3,q7 -.byte 0x2e,0x03,0xb0,0xf3 @ aese q0,q15 -.byte 0x2e,0x23,0xb0,0xf3 @ aese q1,q15 - - cmp r2,#1 - veor q2,q2,q0 - veor q3,q3,q1 - vst1.8 {q2},[r1]! - beq Lctr32_done - vst1.8 {q3},[r1] - -Lctr32_done: - vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,pc} - -#endif -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/aesv8-armx-ios64.S b/pregenerated/aesv8-armx-ios64.S index 053fac5..35f0b87 100644 --- a/pregenerated/aesv8-armx-ios64.S +++ b/pregenerated/aesv8-armx-ios64.S @@ -9,7 +9,8 @@ #endif #if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> #if __ARM_MAX_ARCH__>=7 .text @@ -23,11 +24,11 @@ Lrcon: .text -.globl _GFp_aes_hw_set_encrypt_key -.private_extern _GFp_aes_hw_set_encrypt_key +.globl _aes_hw_set_encrypt_key +.private_extern _aes_hw_set_encrypt_key .align 5 -_GFp_aes_hw_set_encrypt_key: +_aes_hw_set_encrypt_key: Lenc_key: // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. AARCH64_VALID_CALL_TARGET @@ -160,11 +161,11 @@ Lenc_key_abort: ldr x29,[sp],#16 ret -.globl _GFp_aes_hw_encrypt -.private_extern _GFp_aes_hw_encrypt +.globl _aes_hw_encrypt +.private_extern _aes_hw_encrypt .align 5 -_GFp_aes_hw_encrypt: +_aes_hw_encrypt: AARCH64_VALID_CALL_TARGET ldr w3,[x2,#240] ld1 {v0.4s},[x2],#16 @@ -191,42 +192,11 @@ Loop_enc: st1 {v2.16b},[x1] ret -.globl _GFp_aes_hw_decrypt -.private_extern _GFp_aes_hw_decrypt +.globl _aes_hw_ctr32_encrypt_blocks +.private_extern _aes_hw_ctr32_encrypt_blocks .align 5 -_GFp_aes_hw_decrypt: - AARCH64_VALID_CALL_TARGET - ldr w3,[x2,#240] - ld1 {v0.4s},[x2],#16 - ld1 {v2.16b},[x0] - sub w3,w3,#2 - ld1 {v1.4s},[x2],#16 - -Loop_dec: - aesd v2.16b,v0.16b - aesimc v2.16b,v2.16b - ld1 {v0.4s},[x2],#16 - subs w3,w3,#2 - aesd v2.16b,v1.16b - aesimc v2.16b,v2.16b - ld1 {v1.4s},[x2],#16 - b.gt Loop_dec - - aesd v2.16b,v0.16b - aesimc v2.16b,v2.16b - ld1 {v0.4s},[x2] - aesd v2.16b,v1.16b - eor v2.16b,v2.16b,v0.16b - - st1 {v2.16b},[x1] - ret - -.globl _GFp_aes_hw_ctr32_encrypt_blocks -.private_extern _GFp_aes_hw_ctr32_encrypt_blocks - -.align 5 -_GFp_aes_hw_ctr32_encrypt_blocks: +_aes_hw_ctr32_encrypt_blocks: // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. AARCH64_VALID_CALL_TARGET stp x29,x30,[sp,#-16]! diff --git a/pregenerated/aesv8-armx-linux32.S b/pregenerated/aesv8-armx-linux32.S index 7b46da6..fa82fff 100644 --- a/pregenerated/aesv8-armx-linux32.S +++ b/pregenerated/aesv8-armx-linux32.S @@ -10,7 +10,8 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> #if __ARM_MAX_ARCH__>=7 .text @@ -26,11 +27,11 @@ .text -.globl GFp_aes_hw_set_encrypt_key -.hidden GFp_aes_hw_set_encrypt_key -.type GFp_aes_hw_set_encrypt_key,%function +.globl aes_hw_set_encrypt_key +.hidden aes_hw_set_encrypt_key +.type aes_hw_set_encrypt_key,%function .align 5 -GFp_aes_hw_set_encrypt_key: +aes_hw_set_encrypt_key: .Lenc_key: mov r3,#-1 cmp r0,#0 @@ -161,12 +162,12 @@ GFp_aes_hw_set_encrypt_key: mov r0,r3 @ return value bx lr -.size GFp_aes_hw_set_encrypt_key,.-GFp_aes_hw_set_encrypt_key -.globl GFp_aes_hw_encrypt -.hidden GFp_aes_hw_encrypt -.type GFp_aes_hw_encrypt,%function +.size aes_hw_set_encrypt_key,.-aes_hw_set_encrypt_key +.globl aes_hw_encrypt +.hidden aes_hw_encrypt +.type aes_hw_encrypt,%function .align 5 -GFp_aes_hw_encrypt: +aes_hw_encrypt: AARCH64_VALID_CALL_TARGET ldr r3,[r2,#240] vld1.32 {q0},[r2]! @@ -192,43 +193,12 @@ GFp_aes_hw_encrypt: vst1.8 {q2},[r1] bx lr -.size GFp_aes_hw_encrypt,.-GFp_aes_hw_encrypt -.globl GFp_aes_hw_decrypt -.hidden GFp_aes_hw_decrypt -.type GFp_aes_hw_decrypt,%function +.size aes_hw_encrypt,.-aes_hw_encrypt +.globl aes_hw_ctr32_encrypt_blocks +.hidden aes_hw_ctr32_encrypt_blocks +.type aes_hw_ctr32_encrypt_blocks,%function .align 5 -GFp_aes_hw_decrypt: - AARCH64_VALID_CALL_TARGET - ldr r3,[r2,#240] - vld1.32 {q0},[r2]! - vld1.8 {q2},[r0] - sub r3,r3,#2 - vld1.32 {q1},[r2]! - -.Loop_dec: -.byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0 -.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 - vld1.32 {q0},[r2]! - subs r3,r3,#2 -.byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1 -.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 - vld1.32 {q1},[r2]! - bgt .Loop_dec - -.byte 0x40,0x43,0xb0,0xf3 @ aesd q2,q0 -.byte 0xc4,0x43,0xb0,0xf3 @ aesimc q2,q2 - vld1.32 {q0},[r2] -.byte 0x42,0x43,0xb0,0xf3 @ aesd q2,q1 - veor q2,q2,q0 - - vst1.8 {q2},[r1] - bx lr -.size GFp_aes_hw_decrypt,.-GFp_aes_hw_decrypt -.globl GFp_aes_hw_ctr32_encrypt_blocks -.hidden GFp_aes_hw_ctr32_encrypt_blocks -.type GFp_aes_hw_ctr32_encrypt_blocks,%function -.align 5 -GFp_aes_hw_ctr32_encrypt_blocks: +aes_hw_ctr32_encrypt_blocks: mov ip,sp stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,lr} vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so @@ -424,7 +394,7 @@ GFp_aes_hw_ctr32_encrypt_blocks: .Lctr32_done: vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,pc} -.size GFp_aes_hw_ctr32_encrypt_blocks,.-GFp_aes_hw_ctr32_encrypt_blocks +.size aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks #endif #endif #endif // !OPENSSL_NO_ASM diff --git a/pregenerated/aesv8-armx-linux64.S b/pregenerated/aesv8-armx-linux64.S index fd6987a..b6c1e77 100644 --- a/pregenerated/aesv8-armx-linux64.S +++ b/pregenerated/aesv8-armx-linux64.S @@ -10,7 +10,8 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__aarch64__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> #if __ARM_MAX_ARCH__>=7 .text @@ -24,11 +25,11 @@ .text -.globl GFp_aes_hw_set_encrypt_key -.hidden GFp_aes_hw_set_encrypt_key -.type GFp_aes_hw_set_encrypt_key,%function +.globl aes_hw_set_encrypt_key +.hidden aes_hw_set_encrypt_key +.type aes_hw_set_encrypt_key,%function .align 5 -GFp_aes_hw_set_encrypt_key: +aes_hw_set_encrypt_key: .Lenc_key: // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. AARCH64_VALID_CALL_TARGET @@ -160,12 +161,12 @@ GFp_aes_hw_set_encrypt_key: mov x0,x3 // return value ldr x29,[sp],#16 ret -.size GFp_aes_hw_set_encrypt_key,.-GFp_aes_hw_set_encrypt_key -.globl GFp_aes_hw_encrypt -.hidden GFp_aes_hw_encrypt -.type GFp_aes_hw_encrypt,%function +.size aes_hw_set_encrypt_key,.-aes_hw_set_encrypt_key +.globl aes_hw_encrypt +.hidden aes_hw_encrypt +.type aes_hw_encrypt,%function .align 5 -GFp_aes_hw_encrypt: +aes_hw_encrypt: AARCH64_VALID_CALL_TARGET ldr w3,[x2,#240] ld1 {v0.4s},[x2],#16 @@ -191,43 +192,12 @@ GFp_aes_hw_encrypt: st1 {v2.16b},[x1] ret -.size GFp_aes_hw_encrypt,.-GFp_aes_hw_encrypt -.globl GFp_aes_hw_decrypt -.hidden GFp_aes_hw_decrypt -.type GFp_aes_hw_decrypt,%function +.size aes_hw_encrypt,.-aes_hw_encrypt +.globl aes_hw_ctr32_encrypt_blocks +.hidden aes_hw_ctr32_encrypt_blocks +.type aes_hw_ctr32_encrypt_blocks,%function .align 5 -GFp_aes_hw_decrypt: - AARCH64_VALID_CALL_TARGET - ldr w3,[x2,#240] - ld1 {v0.4s},[x2],#16 - ld1 {v2.16b},[x0] - sub w3,w3,#2 - ld1 {v1.4s},[x2],#16 - -.Loop_dec: - aesd v2.16b,v0.16b - aesimc v2.16b,v2.16b - ld1 {v0.4s},[x2],#16 - subs w3,w3,#2 - aesd v2.16b,v1.16b - aesimc v2.16b,v2.16b - ld1 {v1.4s},[x2],#16 - b.gt .Loop_dec - - aesd v2.16b,v0.16b - aesimc v2.16b,v2.16b - ld1 {v0.4s},[x2] - aesd v2.16b,v1.16b - eor v2.16b,v2.16b,v0.16b - - st1 {v2.16b},[x1] - ret -.size GFp_aes_hw_decrypt,.-GFp_aes_hw_decrypt -.globl GFp_aes_hw_ctr32_encrypt_blocks -.hidden GFp_aes_hw_ctr32_encrypt_blocks -.type GFp_aes_hw_ctr32_encrypt_blocks,%function -.align 5 -GFp_aes_hw_ctr32_encrypt_blocks: +aes_hw_ctr32_encrypt_blocks: // Armv8.3-A PAuth: even though x30 is pushed to stack it is not popped later. AARCH64_VALID_CALL_TARGET stp x29,x30,[sp,#-16]! @@ -423,7 +393,7 @@ GFp_aes_hw_ctr32_encrypt_blocks: .Lctr32_done: ldr x29,[sp],#16 ret -.size GFp_aes_hw_ctr32_encrypt_blocks,.-GFp_aes_hw_ctr32_encrypt_blocks +.size aes_hw_ctr32_encrypt_blocks,.-aes_hw_ctr32_encrypt_blocks #endif #endif #endif // !OPENSSL_NO_ASM diff --git a/pregenerated/armv4-mont-ios32.S b/pregenerated/armv4-mont-ios32.S deleted file mode 100644 index e6ef8ce..0000000 --- a/pregenerated/armv4-mont-ios32.S +++ /dev/null @@ -1,972 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> - -@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both -@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. - - -.text -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -#if __ARM_MAX_ARCH__>=7 - -.private_extern _GFp_armcap_P -.align 5 -LOPENSSL_armcap: -.word _GFp_armcap_P-Lbn_mul_mont -#endif - -.globl _GFp_bn_mul_mont -.private_extern _GFp_bn_mul_mont -#ifdef __thumb2__ -.thumb_func _GFp_bn_mul_mont -#endif - -.align 5 -_GFp_bn_mul_mont: -Lbn_mul_mont: - ldr ip,[sp,#4] @ load num - stmdb sp!,{r0,r2} @ sp points at argument block -#if __ARM_MAX_ARCH__>=7 - tst ip,#7 - bne Lialu - adr r0,Lbn_mul_mont - ldr r2,LOPENSSL_armcap - ldr r0,[r0,r2] -#ifdef __APPLE__ - ldr r0,[r0] -#endif - tst r0,#ARMV7_NEON @ NEON available? - ldmia sp, {r0,r2} - beq Lialu - add sp,sp,#8 - b bn_mul8x_mont_neon -.align 4 -Lialu: -#endif - cmp ip,#2 - mov r0,ip @ load num -#ifdef __thumb2__ - ittt lt -#endif - movlt r0,#0 - addlt sp,sp,#2*4 - blt Labrt - - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @ save 10 registers - - mov r0,r0,lsl#2 @ rescale r0 for byte count - sub sp,sp,r0 @ alloca(4*num) - sub sp,sp,#4 @ +extra dword - sub r0,r0,#4 @ "num=num-1" - add r4,r2,r0 @ &bp[num-1] - - add r0,sp,r0 @ r0 to point at &tp[num-1] - ldr r8,[r0,#14*4] @ &n0 - ldr r2,[r2] @ bp[0] - ldr r5,[r1],#4 @ ap[0],ap++ - ldr r6,[r3],#4 @ np[0],np++ - ldr r8,[r8] @ *n0 - str r4,[r0,#15*4] @ save &bp[num] - - umull r10,r11,r5,r2 @ ap[0]*bp[0] - str r8,[r0,#14*4] @ save n0 value - mul r8,r10,r8 @ "tp[0]"*n0 - mov r12,#0 - umlal r10,r12,r6,r8 @ np[0]*n0+"t[0]" - mov r4,sp - -L1st: - ldr r5,[r1],#4 @ ap[j],ap++ - mov r10,r11 - ldr r6,[r3],#4 @ np[j],np++ - mov r11,#0 - umlal r10,r11,r5,r2 @ ap[j]*bp[0] - mov r14,#0 - umlal r12,r14,r6,r8 @ np[j]*n0 - adds r12,r12,r10 - str r12,[r4],#4 @ tp[j-1]=,tp++ - adc r12,r14,#0 - cmp r4,r0 - bne L1st - - adds r12,r12,r11 - ldr r4,[r0,#13*4] @ restore bp - mov r14,#0 - ldr r8,[r0,#14*4] @ restore n0 - adc r14,r14,#0 - str r12,[r0] @ tp[num-1]= - mov r7,sp - str r14,[r0,#4] @ tp[num]= - -Louter: - sub r7,r0,r7 @ "original" r0-1 value - sub r1,r1,r7 @ "rewind" ap to &ap[1] - ldr r2,[r4,#4]! @ *(++bp) - sub r3,r3,r7 @ "rewind" np to &np[1] - ldr r5,[r1,#-4] @ ap[0] - ldr r10,[sp] @ tp[0] - ldr r6,[r3,#-4] @ np[0] - ldr r7,[sp,#4] @ tp[1] - - mov r11,#0 - umlal r10,r11,r5,r2 @ ap[0]*bp[i]+tp[0] - str r4,[r0,#13*4] @ save bp - mul r8,r10,r8 - mov r12,#0 - umlal r10,r12,r6,r8 @ np[0]*n0+"tp[0]" - mov r4,sp - -Linner: - ldr r5,[r1],#4 @ ap[j],ap++ - adds r10,r11,r7 @ +=tp[j] - ldr r6,[r3],#4 @ np[j],np++ - mov r11,#0 - umlal r10,r11,r5,r2 @ ap[j]*bp[i] - mov r14,#0 - umlal r12,r14,r6,r8 @ np[j]*n0 - adc r11,r11,#0 - ldr r7,[r4,#8] @ tp[j+1] - adds r12,r12,r10 - str r12,[r4],#4 @ tp[j-1]=,tp++ - adc r12,r14,#0 - cmp r4,r0 - bne Linner - - adds r12,r12,r11 - mov r14,#0 - ldr r4,[r0,#13*4] @ restore bp - adc r14,r14,#0 - ldr r8,[r0,#14*4] @ restore n0 - adds r12,r12,r7 - ldr r7,[r0,#15*4] @ restore &bp[num] - adc r14,r14,#0 - str r12,[r0] @ tp[num-1]= - str r14,[r0,#4] @ tp[num]= - - cmp r4,r7 -#ifdef __thumb2__ - itt ne -#endif - movne r7,sp - bne Louter - - ldr r2,[r0,#12*4] @ pull rp - mov r5,sp - add r0,r0,#4 @ r0 to point at &tp[num] - sub r5,r0,r5 @ "original" num value - mov r4,sp @ "rewind" r4 - mov r1,r4 @ "borrow" r1 - sub r3,r3,r5 @ "rewind" r3 to &np[0] - - subs r7,r7,r7 @ "clear" carry flag -Lsub: ldr r7,[r4],#4 - ldr r6,[r3],#4 - sbcs r7,r7,r6 @ tp[j]-np[j] - str r7,[r2],#4 @ rp[j]= - teq r4,r0 @ preserve carry - bne Lsub - sbcs r14,r14,#0 @ upmost carry - mov r4,sp @ "rewind" r4 - sub r2,r2,r5 @ "rewind" r2 - -Lcopy: ldr r7,[r4] @ conditional copy - ldr r5,[r2] - str sp,[r4],#4 @ zap tp -#ifdef __thumb2__ - it cc -#endif - movcc r5,r7 - str r5,[r2],#4 - teq r4,r0 @ preserve carry - bne Lcopy - - mov sp,r0 - add sp,sp,#4 @ skip over tp[num+1] - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @ restore registers - add sp,sp,#2*4 @ skip over {r0,r2} - mov r0,#1 -Labrt: -#if __ARM_ARCH__>=5 - bx lr @ bx lr -#else - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet -.word 0xe12fff1e @ interoperable with Thumb ISA:-) -#endif - -#if __ARM_MAX_ARCH__>=7 - - - -#ifdef __thumb2__ -.thumb_func bn_mul8x_mont_neon -#endif -.align 5 -bn_mul8x_mont_neon: - mov ip,sp - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11} - vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI specification says so - ldmia ip,{r4,r5} @ load rest of parameter block - mov ip,sp - - cmp r5,#8 - bhi LNEON_8n - - @ special case for r5==8, everything is in register bank... - - vld1.32 {d28[0]}, [r2,:32]! - veor d8,d8,d8 - sub r7,sp,r5,lsl#4 - vld1.32 {d0,d1,d2,d3}, [r1]! @ can't specify :32 :-( - and r7,r7,#-64 - vld1.32 {d30[0]}, [r4,:32] - mov sp,r7 @ alloca - vzip.16 d28,d8 - - vmull.u32 q6,d28,d0[0] - vmull.u32 q7,d28,d0[1] - vmull.u32 q8,d28,d1[0] - vshl.i64 d29,d13,#16 - vmull.u32 q9,d28,d1[1] - - vadd.u64 d29,d29,d12 - veor d8,d8,d8 - vmul.u32 d29,d29,d30 - - vmull.u32 q10,d28,d2[0] - vld1.32 {d4,d5,d6,d7}, [r3]! - vmull.u32 q11,d28,d2[1] - vmull.u32 q12,d28,d3[0] - vzip.16 d29,d8 - vmull.u32 q13,d28,d3[1] - - vmlal.u32 q6,d29,d4[0] - sub r9,r5,#1 - vmlal.u32 q7,d29,d4[1] - vmlal.u32 q8,d29,d5[0] - vmlal.u32 q9,d29,d5[1] - - vmlal.u32 q10,d29,d6[0] - vmov q5,q6 - vmlal.u32 q11,d29,d6[1] - vmov q6,q7 - vmlal.u32 q12,d29,d7[0] - vmov q7,q8 - vmlal.u32 q13,d29,d7[1] - vmov q8,q9 - vmov q9,q10 - vshr.u64 d10,d10,#16 - vmov q10,q11 - vmov q11,q12 - vadd.u64 d10,d10,d11 - vmov q12,q13 - veor q13,q13 - vshr.u64 d10,d10,#16 - - b LNEON_outer8 - -.align 4 -LNEON_outer8: - vld1.32 {d28[0]}, [r2,:32]! - veor d8,d8,d8 - vzip.16 d28,d8 - vadd.u64 d12,d12,d10 - - vmlal.u32 q6,d28,d0[0] - vmlal.u32 q7,d28,d0[1] - vmlal.u32 q8,d28,d1[0] - vshl.i64 d29,d13,#16 - vmlal.u32 q9,d28,d1[1] - - vadd.u64 d29,d29,d12 - veor d8,d8,d8 - subs r9,r9,#1 - vmul.u32 d29,d29,d30 - - vmlal.u32 q10,d28,d2[0] - vmlal.u32 q11,d28,d2[1] - vmlal.u32 q12,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q13,d28,d3[1] - - vmlal.u32 q6,d29,d4[0] - vmlal.u32 q7,d29,d4[1] - vmlal.u32 q8,d29,d5[0] - vmlal.u32 q9,d29,d5[1] - - vmlal.u32 q10,d29,d6[0] - vmov q5,q6 - vmlal.u32 q11,d29,d6[1] - vmov q6,q7 - vmlal.u32 q12,d29,d7[0] - vmov q7,q8 - vmlal.u32 q13,d29,d7[1] - vmov q8,q9 - vmov q9,q10 - vshr.u64 d10,d10,#16 - vmov q10,q11 - vmov q11,q12 - vadd.u64 d10,d10,d11 - vmov q12,q13 - veor q13,q13 - vshr.u64 d10,d10,#16 - - bne LNEON_outer8 - - vadd.u64 d12,d12,d10 - mov r7,sp - vshr.u64 d10,d12,#16 - mov r8,r5 - vadd.u64 d13,d13,d10 - add r6,sp,#96 - vshr.u64 d10,d13,#16 - vzip.16 d12,d13 - - b LNEON_tail_entry - -.align 4 -LNEON_8n: - veor q6,q6,q6 - sub r7,sp,#128 - veor q7,q7,q7 - sub r7,r7,r5,lsl#4 - veor q8,q8,q8 - and r7,r7,#-64 - veor q9,q9,q9 - mov sp,r7 @ alloca - veor q10,q10,q10 - add r7,r7,#256 - veor q11,q11,q11 - sub r8,r5,#8 - veor q12,q12,q12 - veor q13,q13,q13 - -LNEON_8n_init: - vst1.64 {q6,q7},[r7,:256]! - subs r8,r8,#8 - vst1.64 {q8,q9},[r7,:256]! - vst1.64 {q10,q11},[r7,:256]! - vst1.64 {q12,q13},[r7,:256]! - bne LNEON_8n_init - - add r6,sp,#256 - vld1.32 {d0,d1,d2,d3},[r1]! - add r10,sp,#8 - vld1.32 {d30[0]},[r4,:32] - mov r9,r5 - b LNEON_8n_outer - -.align 4 -LNEON_8n_outer: - vld1.32 {d28[0]},[r2,:32]! @ *b++ - veor d8,d8,d8 - vzip.16 d28,d8 - add r7,sp,#128 - vld1.32 {d4,d5,d6,d7},[r3]! - - vmlal.u32 q6,d28,d0[0] - vmlal.u32 q7,d28,d0[1] - veor d8,d8,d8 - vmlal.u32 q8,d28,d1[0] - vshl.i64 d29,d13,#16 - vmlal.u32 q9,d28,d1[1] - vadd.u64 d29,d29,d12 - vmlal.u32 q10,d28,d2[0] - vmul.u32 d29,d29,d30 - vmlal.u32 q11,d28,d2[1] - vst1.32 {d28},[sp,:64] @ put aside smashed b[8*i+0] - vmlal.u32 q12,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q13,d28,d3[1] - vld1.32 {d28[0]},[r2,:32]! @ *b++ - vmlal.u32 q6,d29,d4[0] - veor d10,d10,d10 - vmlal.u32 q7,d29,d4[1] - vzip.16 d28,d10 - vmlal.u32 q8,d29,d5[0] - vshr.u64 d12,d12,#16 - vmlal.u32 q9,d29,d5[1] - vmlal.u32 q10,d29,d6[0] - vadd.u64 d12,d12,d13 - vmlal.u32 q11,d29,d6[1] - vshr.u64 d12,d12,#16 - vmlal.u32 q12,d29,d7[0] - vmlal.u32 q13,d29,d7[1] - vadd.u64 d14,d14,d12 - vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+0] - vmlal.u32 q7,d28,d0[0] - vld1.64 {q6},[r6,:128]! - vmlal.u32 q8,d28,d0[1] - veor d8,d8,d8 - vmlal.u32 q9,d28,d1[0] - vshl.i64 d29,d15,#16 - vmlal.u32 q10,d28,d1[1] - vadd.u64 d29,d29,d14 - vmlal.u32 q11,d28,d2[0] - vmul.u32 d29,d29,d30 - vmlal.u32 q12,d28,d2[1] - vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+1] - vmlal.u32 q13,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q6,d28,d3[1] - vld1.32 {d28[0]},[r2,:32]! @ *b++ - vmlal.u32 q7,d29,d4[0] - veor d10,d10,d10 - vmlal.u32 q8,d29,d4[1] - vzip.16 d28,d10 - vmlal.u32 q9,d29,d5[0] - vshr.u64 d14,d14,#16 - vmlal.u32 q10,d29,d5[1] - vmlal.u32 q11,d29,d6[0] - vadd.u64 d14,d14,d15 - vmlal.u32 q12,d29,d6[1] - vshr.u64 d14,d14,#16 - vmlal.u32 q13,d29,d7[0] - vmlal.u32 q6,d29,d7[1] - vadd.u64 d16,d16,d14 - vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+1] - vmlal.u32 q8,d28,d0[0] - vld1.64 {q7},[r6,:128]! - vmlal.u32 q9,d28,d0[1] - veor d8,d8,d8 - vmlal.u32 q10,d28,d1[0] - vshl.i64 d29,d17,#16 - vmlal.u32 q11,d28,d1[1] - vadd.u64 d29,d29,d16 - vmlal.u32 q12,d28,d2[0] - vmul.u32 d29,d29,d30 - vmlal.u32 q13,d28,d2[1] - vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+2] - vmlal.u32 q6,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q7,d28,d3[1] - vld1.32 {d28[0]},[r2,:32]! @ *b++ - vmlal.u32 q8,d29,d4[0] - veor d10,d10,d10 - vmlal.u32 q9,d29,d4[1] - vzip.16 d28,d10 - vmlal.u32 q10,d29,d5[0] - vshr.u64 d16,d16,#16 - vmlal.u32 q11,d29,d5[1] - vmlal.u32 q12,d29,d6[0] - vadd.u64 d16,d16,d17 - vmlal.u32 q13,d29,d6[1] - vshr.u64 d16,d16,#16 - vmlal.u32 q6,d29,d7[0] - vmlal.u32 q7,d29,d7[1] - vadd.u64 d18,d18,d16 - vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+2] - vmlal.u32 q9,d28,d0[0] - vld1.64 {q8},[r6,:128]! - vmlal.u32 q10,d28,d0[1] - veor d8,d8,d8 - vmlal.u32 q11,d28,d1[0] - vshl.i64 d29,d19,#16 - vmlal.u32 q12,d28,d1[1] - vadd.u64 d29,d29,d18 - vmlal.u32 q13,d28,d2[0] - vmul.u32 d29,d29,d30 - vmlal.u32 q6,d28,d2[1] - vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+3] - vmlal.u32 q7,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q8,d28,d3[1] - vld1.32 {d28[0]},[r2,:32]! @ *b++ - vmlal.u32 q9,d29,d4[0] - veor d10,d10,d10 - vmlal.u32 q10,d29,d4[1] - vzip.16 d28,d10 - vmlal.u32 q11,d29,d5[0] - vshr.u64 d18,d18,#16 - vmlal.u32 q12,d29,d5[1] - vmlal.u32 q13,d29,d6[0] - vadd.u64 d18,d18,d19 - vmlal.u32 q6,d29,d6[1] - vshr.u64 d18,d18,#16 - vmlal.u32 q7,d29,d7[0] - vmlal.u32 q8,d29,d7[1] - vadd.u64 d20,d20,d18 - vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+3] - vmlal.u32 q10,d28,d0[0] - vld1.64 {q9},[r6,:128]! - vmlal.u32 q11,d28,d0[1] - veor d8,d8,d8 - vmlal.u32 q12,d28,d1[0] - vshl.i64 d29,d21,#16 - vmlal.u32 q13,d28,d1[1] - vadd.u64 d29,d29,d20 - vmlal.u32 q6,d28,d2[0] - vmul.u32 d29,d29,d30 - vmlal.u32 q7,d28,d2[1] - vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+4] - vmlal.u32 q8,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q9,d28,d3[1] - vld1.32 {d28[0]},[r2,:32]! @ *b++ - vmlal.u32 q10,d29,d4[0] - veor d10,d10,d10 - vmlal.u32 q11,d29,d4[1] - vzip.16 d28,d10 - vmlal.u32 q12,d29,d5[0] - vshr.u64 d20,d20,#16 - vmlal.u32 q13,d29,d5[1] - vmlal.u32 q6,d29,d6[0] - vadd.u64 d20,d20,d21 - vmlal.u32 q7,d29,d6[1] - vshr.u64 d20,d20,#16 - vmlal.u32 q8,d29,d7[0] - vmlal.u32 q9,d29,d7[1] - vadd.u64 d22,d22,d20 - vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+4] - vmlal.u32 q11,d28,d0[0] - vld1.64 {q10},[r6,:128]! - vmlal.u32 q12,d28,d0[1] - veor d8,d8,d8 - vmlal.u32 q13,d28,d1[0] - vshl.i64 d29,d23,#16 - vmlal.u32 q6,d28,d1[1] - vadd.u64 d29,d29,d22 - vmlal.u32 q7,d28,d2[0] - vmul.u32 d29,d29,d30 - vmlal.u32 q8,d28,d2[1] - vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+5] - vmlal.u32 q9,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q10,d28,d3[1] - vld1.32 {d28[0]},[r2,:32]! @ *b++ - vmlal.u32 q11,d29,d4[0] - veor d10,d10,d10 - vmlal.u32 q12,d29,d4[1] - vzip.16 d28,d10 - vmlal.u32 q13,d29,d5[0] - vshr.u64 d22,d22,#16 - vmlal.u32 q6,d29,d5[1] - vmlal.u32 q7,d29,d6[0] - vadd.u64 d22,d22,d23 - vmlal.u32 q8,d29,d6[1] - vshr.u64 d22,d22,#16 - vmlal.u32 q9,d29,d7[0] - vmlal.u32 q10,d29,d7[1] - vadd.u64 d24,d24,d22 - vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+5] - vmlal.u32 q12,d28,d0[0] - vld1.64 {q11},[r6,:128]! - vmlal.u32 q13,d28,d0[1] - veor d8,d8,d8 - vmlal.u32 q6,d28,d1[0] - vshl.i64 d29,d25,#16 - vmlal.u32 q7,d28,d1[1] - vadd.u64 d29,d29,d24 - vmlal.u32 q8,d28,d2[0] - vmul.u32 d29,d29,d30 - vmlal.u32 q9,d28,d2[1] - vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+6] - vmlal.u32 q10,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q11,d28,d3[1] - vld1.32 {d28[0]},[r2,:32]! @ *b++ - vmlal.u32 q12,d29,d4[0] - veor d10,d10,d10 - vmlal.u32 q13,d29,d4[1] - vzip.16 d28,d10 - vmlal.u32 q6,d29,d5[0] - vshr.u64 d24,d24,#16 - vmlal.u32 q7,d29,d5[1] - vmlal.u32 q8,d29,d6[0] - vadd.u64 d24,d24,d25 - vmlal.u32 q9,d29,d6[1] - vshr.u64 d24,d24,#16 - vmlal.u32 q10,d29,d7[0] - vmlal.u32 q11,d29,d7[1] - vadd.u64 d26,d26,d24 - vst1.32 {d29},[r10,:64]! @ put aside smashed m[8*i+6] - vmlal.u32 q13,d28,d0[0] - vld1.64 {q12},[r6,:128]! - vmlal.u32 q6,d28,d0[1] - veor d8,d8,d8 - vmlal.u32 q7,d28,d1[0] - vshl.i64 d29,d27,#16 - vmlal.u32 q8,d28,d1[1] - vadd.u64 d29,d29,d26 - vmlal.u32 q9,d28,d2[0] - vmul.u32 d29,d29,d30 - vmlal.u32 q10,d28,d2[1] - vst1.32 {d28},[r10,:64]! @ put aside smashed b[8*i+7] - vmlal.u32 q11,d28,d3[0] - vzip.16 d29,d8 - vmlal.u32 q12,d28,d3[1] - vld1.32 {d28},[sp,:64] @ pull smashed b[8*i+0] - vmlal.u32 q13,d29,d4[0] - vld1.32 {d0,d1,d2,d3},[r1]! - vmlal.u32 q6,d29,d4[1] - vmlal.u32 q7,d29,d5[0] - vshr.u64 d26,d26,#16 - vmlal.u32 q8,d29,d5[1] - vmlal.u32 q9,d29,d6[0] - vadd.u64 d26,d26,d27 - vmlal.u32 q10,d29,d6[1] - vshr.u64 d26,d26,#16 - vmlal.u32 q11,d29,d7[0] - vmlal.u32 q12,d29,d7[1] - vadd.u64 d12,d12,d26 - vst1.32 {d29},[r10,:64] @ put aside smashed m[8*i+7] - add r10,sp,#8 @ rewind - sub r8,r5,#8 - b LNEON_8n_inner - -.align 4 -LNEON_8n_inner: - subs r8,r8,#8 - vmlal.u32 q6,d28,d0[0] - vld1.64 {q13},[r6,:128] - vmlal.u32 q7,d28,d0[1] - vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+0] - vmlal.u32 q8,d28,d1[0] - vld1.32 {d4,d5,d6,d7},[r3]! - vmlal.u32 q9,d28,d1[1] - it ne - addne r6,r6,#16 @ don't advance in last iteration - vmlal.u32 q10,d28,d2[0] - vmlal.u32 q11,d28,d2[1] - vmlal.u32 q12,d28,d3[0] - vmlal.u32 q13,d28,d3[1] - vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+1] - vmlal.u32 q6,d29,d4[0] - vmlal.u32 q7,d29,d4[1] - vmlal.u32 q8,d29,d5[0] - vmlal.u32 q9,d29,d5[1] - vmlal.u32 q10,d29,d6[0] - vmlal.u32 q11,d29,d6[1] - vmlal.u32 q12,d29,d7[0] - vmlal.u32 q13,d29,d7[1] - vst1.64 {q6},[r7,:128]! - vmlal.u32 q7,d28,d0[0] - vld1.64 {q6},[r6,:128] - vmlal.u32 q8,d28,d0[1] - vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+1] - vmlal.u32 q9,d28,d1[0] - it ne - addne r6,r6,#16 @ don't advance in last iteration - vmlal.u32 q10,d28,d1[1] - vmlal.u32 q11,d28,d2[0] - vmlal.u32 q12,d28,d2[1] - vmlal.u32 q13,d28,d3[0] - vmlal.u32 q6,d28,d3[1] - vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+2] - vmlal.u32 q7,d29,d4[0] - vmlal.u32 q8,d29,d4[1] - vmlal.u32 q9,d29,d5[0] - vmlal.u32 q10,d29,d5[1] - vmlal.u32 q11,d29,d6[0] - vmlal.u32 q12,d29,d6[1] - vmlal.u32 q13,d29,d7[0] - vmlal.u32 q6,d29,d7[1] - vst1.64 {q7},[r7,:128]! - vmlal.u32 q8,d28,d0[0] - vld1.64 {q7},[r6,:128] - vmlal.u32 q9,d28,d0[1] - vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+2] - vmlal.u32 q10,d28,d1[0] - it ne - addne r6,r6,#16 @ don't advance in last iteration - vmlal.u32 q11,d28,d1[1] - vmlal.u32 q12,d28,d2[0] - vmlal.u32 q13,d28,d2[1] - vmlal.u32 q6,d28,d3[0] - vmlal.u32 q7,d28,d3[1] - vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+3] - vmlal.u32 q8,d29,d4[0] - vmlal.u32 q9,d29,d4[1] - vmlal.u32 q10,d29,d5[0] - vmlal.u32 q11,d29,d5[1] - vmlal.u32 q12,d29,d6[0] - vmlal.u32 q13,d29,d6[1] - vmlal.u32 q6,d29,d7[0] - vmlal.u32 q7,d29,d7[1] - vst1.64 {q8},[r7,:128]! - vmlal.u32 q9,d28,d0[0] - vld1.64 {q8},[r6,:128] - vmlal.u32 q10,d28,d0[1] - vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+3] - vmlal.u32 q11,d28,d1[0] - it ne - addne r6,r6,#16 @ don't advance in last iteration - vmlal.u32 q12,d28,d1[1] - vmlal.u32 q13,d28,d2[0] - vmlal.u32 q6,d28,d2[1] - vmlal.u32 q7,d28,d3[0] - vmlal.u32 q8,d28,d3[1] - vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+4] - vmlal.u32 q9,d29,d4[0] - vmlal.u32 q10,d29,d4[1] - vmlal.u32 q11,d29,d5[0] - vmlal.u32 q12,d29,d5[1] - vmlal.u32 q13,d29,d6[0] - vmlal.u32 q6,d29,d6[1] - vmlal.u32 q7,d29,d7[0] - vmlal.u32 q8,d29,d7[1] - vst1.64 {q9},[r7,:128]! - vmlal.u32 q10,d28,d0[0] - vld1.64 {q9},[r6,:128] - vmlal.u32 q11,d28,d0[1] - vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+4] - vmlal.u32 q12,d28,d1[0] - it ne - addne r6,r6,#16 @ don't advance in last iteration - vmlal.u32 q13,d28,d1[1] - vmlal.u32 q6,d28,d2[0] - vmlal.u32 q7,d28,d2[1] - vmlal.u32 q8,d28,d3[0] - vmlal.u32 q9,d28,d3[1] - vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+5] - vmlal.u32 q10,d29,d4[0] - vmlal.u32 q11,d29,d4[1] - vmlal.u32 q12,d29,d5[0] - vmlal.u32 q13,d29,d5[1] - vmlal.u32 q6,d29,d6[0] - vmlal.u32 q7,d29,d6[1] - vmlal.u32 q8,d29,d7[0] - vmlal.u32 q9,d29,d7[1] - vst1.64 {q10},[r7,:128]! - vmlal.u32 q11,d28,d0[0] - vld1.64 {q10},[r6,:128] - vmlal.u32 q12,d28,d0[1] - vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+5] - vmlal.u32 q13,d28,d1[0] - it ne - addne r6,r6,#16 @ don't advance in last iteration - vmlal.u32 q6,d28,d1[1] - vmlal.u32 q7,d28,d2[0] - vmlal.u32 q8,d28,d2[1] - vmlal.u32 q9,d28,d3[0] - vmlal.u32 q10,d28,d3[1] - vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+6] - vmlal.u32 q11,d29,d4[0] - vmlal.u32 q12,d29,d4[1] - vmlal.u32 q13,d29,d5[0] - vmlal.u32 q6,d29,d5[1] - vmlal.u32 q7,d29,d6[0] - vmlal.u32 q8,d29,d6[1] - vmlal.u32 q9,d29,d7[0] - vmlal.u32 q10,d29,d7[1] - vst1.64 {q11},[r7,:128]! - vmlal.u32 q12,d28,d0[0] - vld1.64 {q11},[r6,:128] - vmlal.u32 q13,d28,d0[1] - vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+6] - vmlal.u32 q6,d28,d1[0] - it ne - addne r6,r6,#16 @ don't advance in last iteration - vmlal.u32 q7,d28,d1[1] - vmlal.u32 q8,d28,d2[0] - vmlal.u32 q9,d28,d2[1] - vmlal.u32 q10,d28,d3[0] - vmlal.u32 q11,d28,d3[1] - vld1.32 {d28},[r10,:64]! @ pull smashed b[8*i+7] - vmlal.u32 q12,d29,d4[0] - vmlal.u32 q13,d29,d4[1] - vmlal.u32 q6,d29,d5[0] - vmlal.u32 q7,d29,d5[1] - vmlal.u32 q8,d29,d6[0] - vmlal.u32 q9,d29,d6[1] - vmlal.u32 q10,d29,d7[0] - vmlal.u32 q11,d29,d7[1] - vst1.64 {q12},[r7,:128]! - vmlal.u32 q13,d28,d0[0] - vld1.64 {q12},[r6,:128] - vmlal.u32 q6,d28,d0[1] - vld1.32 {d29},[r10,:64]! @ pull smashed m[8*i+7] - vmlal.u32 q7,d28,d1[0] - it ne - addne r6,r6,#16 @ don't advance in last iteration - vmlal.u32 q8,d28,d1[1] - vmlal.u32 q9,d28,d2[0] - vmlal.u32 q10,d28,d2[1] - vmlal.u32 q11,d28,d3[0] - vmlal.u32 q12,d28,d3[1] - it eq - subeq r1,r1,r5,lsl#2 @ rewind - vmlal.u32 q13,d29,d4[0] - vld1.32 {d28},[sp,:64] @ pull smashed b[8*i+0] - vmlal.u32 q6,d29,d4[1] - vld1.32 {d0,d1,d2,d3},[r1]! - vmlal.u32 q7,d29,d5[0] - add r10,sp,#8 @ rewind - vmlal.u32 q8,d29,d5[1] - vmlal.u32 q9,d29,d6[0] - vmlal.u32 q10,d29,d6[1] - vmlal.u32 q11,d29,d7[0] - vst1.64 {q13},[r7,:128]! - vmlal.u32 q12,d29,d7[1] - - bne LNEON_8n_inner - add r6,sp,#128 - vst1.64 {q6,q7},[r7,:256]! - veor q2,q2,q2 @ d4-d5 - vst1.64 {q8,q9},[r7,:256]! - veor q3,q3,q3 @ d6-d7 - vst1.64 {q10,q11},[r7,:256]! - vst1.64 {q12},[r7,:128] - - subs r9,r9,#8 - vld1.64 {q6,q7},[r6,:256]! - vld1.64 {q8,q9},[r6,:256]! - vld1.64 {q10,q11},[r6,:256]! - vld1.64 {q12,q13},[r6,:256]! - - itt ne - subne r3,r3,r5,lsl#2 @ rewind - bne LNEON_8n_outer - - add r7,sp,#128 - vst1.64 {q2,q3}, [sp,:256]! @ start wiping stack frame - vshr.u64 d10,d12,#16 - vst1.64 {q2,q3},[sp,:256]! - vadd.u64 d13,d13,d10 - vst1.64 {q2,q3}, [sp,:256]! - vshr.u64 d10,d13,#16 - vst1.64 {q2,q3}, [sp,:256]! - vzip.16 d12,d13 - - mov r8,r5 - b LNEON_tail_entry - -.align 4 -LNEON_tail: - vadd.u64 d12,d12,d10 - vshr.u64 d10,d12,#16 - vld1.64 {q8,q9}, [r6, :256]! - vadd.u64 d13,d13,d10 - vld1.64 {q10,q11}, [r6, :256]! - vshr.u64 d10,d13,#16 - vld1.64 {q12,q13}, [r6, :256]! - vzip.16 d12,d13 - -LNEON_tail_entry: - vadd.u64 d14,d14,d10 - vst1.32 {d12[0]}, [r7, :32]! - vshr.u64 d10,d14,#16 - vadd.u64 d15,d15,d10 - vshr.u64 d10,d15,#16 - vzip.16 d14,d15 - vadd.u64 d16,d16,d10 - vst1.32 {d14[0]}, [r7, :32]! - vshr.u64 d10,d16,#16 - vadd.u64 d17,d17,d10 - vshr.u64 d10,d17,#16 - vzip.16 d16,d17 - vadd.u64 d18,d18,d10 - vst1.32 {d16[0]}, [r7, :32]! - vshr.u64 d10,d18,#16 - vadd.u64 d19,d19,d10 - vshr.u64 d10,d19,#16 - vzip.16 d18,d19 - vadd.u64 d20,d20,d10 - vst1.32 {d18[0]}, [r7, :32]! - vshr.u64 d10,d20,#16 - vadd.u64 d21,d21,d10 - vshr.u64 d10,d21,#16 - vzip.16 d20,d21 - vadd.u64 d22,d22,d10 - vst1.32 {d20[0]}, [r7, :32]! - vshr.u64 d10,d22,#16 - vadd.u64 d23,d23,d10 - vshr.u64 d10,d23,#16 - vzip.16 d22,d23 - vadd.u64 d24,d24,d10 - vst1.32 {d22[0]}, [r7, :32]! - vshr.u64 d10,d24,#16 - vadd.u64 d25,d25,d10 - vshr.u64 d10,d25,#16 - vzip.16 d24,d25 - vadd.u64 d26,d26,d10 - vst1.32 {d24[0]}, [r7, :32]! - vshr.u64 d10,d26,#16 - vadd.u64 d27,d27,d10 - vshr.u64 d10,d27,#16 - vzip.16 d26,d27 - vld1.64 {q6,q7}, [r6, :256]! - subs r8,r8,#8 - vst1.32 {d26[0]}, [r7, :32]! - bne LNEON_tail - - vst1.32 {d10[0]}, [r7, :32] @ top-most bit - sub r3,r3,r5,lsl#2 @ rewind r3 - subs r1,sp,#0 @ clear carry flag - add r2,sp,r5,lsl#2 - -LNEON_sub: - ldmia r1!, {r4,r5,r6,r7} - ldmia r3!, {r8,r9,r10,r11} - sbcs r8, r4,r8 - sbcs r9, r5,r9 - sbcs r10,r6,r10 - sbcs r11,r7,r11 - teq r1,r2 @ preserves carry - stmia r0!, {r8,r9,r10,r11} - bne LNEON_sub - - ldr r10, [r1] @ load top-most bit - mov r11,sp - veor q0,q0,q0 - sub r11,r2,r11 @ this is num*4 - veor q1,q1,q1 - mov r1,sp - sub r0,r0,r11 @ rewind r0 - mov r3,r2 @ second 3/4th of frame - sbcs r10,r10,#0 @ result is carry flag - -LNEON_copy_n_zap: - ldmia r1!, {r4,r5,r6,r7} - ldmia r0, {r8,r9,r10,r11} - it cc - movcc r8, r4 - vst1.64 {q0,q1}, [r3,:256]! @ wipe - itt cc - movcc r9, r5 - movcc r10,r6 - vst1.64 {q0,q1}, [r3,:256]! @ wipe - it cc - movcc r11,r7 - ldmia r1, {r4,r5,r6,r7} - stmia r0!, {r8,r9,r10,r11} - sub r1,r1,#16 - ldmia r0, {r8,r9,r10,r11} - it cc - movcc r8, r4 - vst1.64 {q0,q1}, [r1,:256]! @ wipe - itt cc - movcc r9, r5 - movcc r10,r6 - vst1.64 {q0,q1}, [r3,:256]! @ wipe - it cc - movcc r11,r7 - teq r1,r2 @ preserves carry - stmia r0!, {r8,r9,r10,r11} - bne LNEON_copy_n_zap - - mov sp,ip - vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11} - bx lr @ bx lr - -#endif -.byte 77,111,110,116,103,111,109,101,114,121,32,109,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/armv4-mont-linux32.S b/pregenerated/armv4-mont-linux32.S index 359b90b..ba12e79 100644 --- a/pregenerated/armv4-mont-linux32.S +++ b/pregenerated/armv4-mont-linux32.S @@ -10,7 +10,8 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> @ Silence ARMv8 deprecated IT instruction warnings. This file is used by both @ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. @@ -26,18 +27,18 @@ #if __ARM_MAX_ARCH__>=7 -.hidden GFp_armcap_P +.hidden OPENSSL_armcap_P .align 5 .LOPENSSL_armcap: -.word GFp_armcap_P-.Lbn_mul_mont +.word OPENSSL_armcap_P-.Lbn_mul_mont #endif -.globl GFp_bn_mul_mont -.hidden GFp_bn_mul_mont -.type GFp_bn_mul_mont,%function +.globl bn_mul_mont +.hidden bn_mul_mont +.type bn_mul_mont,%function .align 5 -GFp_bn_mul_mont: +bn_mul_mont: .Lbn_mul_mont: ldr ip,[sp,#4] @ load num stmdb sp!,{r0,r2} @ sp points at argument block @@ -208,7 +209,7 @@ GFp_bn_mul_mont: moveq pc,lr @ be binary compatible with V4, yet .word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif -.size GFp_bn_mul_mont,.-GFp_bn_mul_mont +.size bn_mul_mont,.-bn_mul_mont #if __ARM_MAX_ARCH__>=7 .arch armv7-a .fpu neon diff --git a/pregenerated/armv8-mont-ios64.S b/pregenerated/armv8-mont-ios64.S index 60e1a52..1534d27 100644 --- a/pregenerated/armv8-mont-ios64.S +++ b/pregenerated/armv8-mont-ios64.S @@ -9,15 +9,16 @@ #endif #if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .text -.globl _GFp_bn_mul_mont -.private_extern _GFp_bn_mul_mont +.globl _bn_mul_mont +.private_extern _bn_mul_mont .align 5 -_GFp_bn_mul_mont: +_bn_mul_mont: AARCH64_SIGN_LINK_REGISTER tst x5,#7 b.eq __bn_sqr8x_mont diff --git a/pregenerated/armv8-mont-linux64.S b/pregenerated/armv8-mont-linux64.S index 472dd41..89ba680 100644 --- a/pregenerated/armv8-mont-linux64.S +++ b/pregenerated/armv8-mont-linux64.S @@ -10,15 +10,16 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__aarch64__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .text -.globl GFp_bn_mul_mont -.hidden GFp_bn_mul_mont -.type GFp_bn_mul_mont,%function +.globl bn_mul_mont +.hidden bn_mul_mont +.type bn_mul_mont,%function .align 5 -GFp_bn_mul_mont: +bn_mul_mont: AARCH64_SIGN_LINK_REGISTER tst x5,#7 b.eq __bn_sqr8x_mont @@ -219,7 +220,7 @@ GFp_bn_mul_mont: ldr x29,[sp],#64 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_bn_mul_mont,.-GFp_bn_mul_mont +.size bn_mul_mont,.-bn_mul_mont .type __bn_sqr8x_mont,%function .align 5 __bn_sqr8x_mont: diff --git a/pregenerated/bsaes-armv7-ios32.S b/pregenerated/bsaes-armv7-ios32.S deleted file mode 100644 index 35467f1..0000000 --- a/pregenerated/bsaes-armv7-ios32.S +++ /dev/null @@ -1,805 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -@ Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. -@ -@ Licensed under the OpenSSL license (the "License"). You may not use -@ this file except in compliance with the License. You can obtain a copy -@ in the file LICENSE in the source distribution or at -@ https://www.openssl.org/source/license.html - - -@ ==================================================================== -@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL -@ project. The module is, however, dual licensed under OpenSSL and -@ CRYPTOGAMS licenses depending on where you obtain it. For further -@ details see http://www.openssl.org/~appro/cryptogams/. -@ -@ Specific modes and adaptation for Linux kernel by Ard Biesheuvel -@ of Linaro. Permission to use under GPL terms is granted. -@ ==================================================================== - -@ Bit-sliced AES for ARM NEON -@ -@ February 2012. -@ -@ This implementation is direct adaptation of bsaes-x86_64 module for -@ ARM NEON. Except that this module is endian-neutral [in sense that -@ it can be compiled for either endianness] by courtesy of vld1.8's -@ neutrality. Initial version doesn't implement interface to OpenSSL, -@ only low-level primitives and unsupported entry points, just enough -@ to collect performance results, which for Cortex-A8 core are: -@ -@ encrypt 19.5 cycles per byte processed with 128-bit key -@ decrypt 22.1 cycles per byte processed with 128-bit key -@ key conv. 440 cycles per 128-bit key/0.18 of 8x block -@ -@ Snapdragon S4 encrypts byte in 17.6 cycles and decrypts in 19.7, -@ which is [much] worse than anticipated (for further details see -@ http://www.openssl.org/~appro/Snapdragon-S4.html). -@ -@ Cortex-A15 manages in 14.2/16.1 cycles [when integer-only code -@ manages in 20.0 cycles]. -@ -@ When comparing to x86_64 results keep in mind that NEON unit is -@ [mostly] single-issue and thus can't [fully] benefit from -@ instruction-level parallelism. And when comparing to aes-armv4 -@ results keep in mind key schedule conversion overhead (see -@ bsaes-x86_64.pl for further details)... -@ -@ <appro@openssl.org> - -@ April-August 2013 -@ Add CBC, CTR and XTS subroutines and adapt for kernel use; courtesy of Ard. - -#ifndef __KERNEL__ -# include <GFp/arm_arch.h> - -# define VFP_ABI_PUSH vstmdb sp!,{d8-d15} -# define VFP_ABI_POP vldmia sp!,{d8-d15} -# define VFP_ABI_FRAME 0x40 -#else -# define VFP_ABI_PUSH -# define VFP_ABI_POP -# define VFP_ABI_FRAME 0 -# define BSAES_ASM_EXTENDED_KEY -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ -# define __ARM_MAX_ARCH__ 7 -#endif - -#ifdef __thumb__ -# define adrl adr -#endif - -#if __ARM_MAX_ARCH__>=7 - - - -.text -.syntax unified @ ARMv7-capable assembler is expected to handle this -#if defined(__thumb2__) && !defined(__APPLE__) -.thumb -#else -.code 32 -# undef __thumb2__ -#endif - - -.align 6 -_bsaes_const: -LM0ISR:@ InvShiftRows constants -.quad 0x0a0e0206070b0f03, 0x0004080c0d010509 -LISR: -.quad 0x0504070602010003, 0x0f0e0d0c080b0a09 -LISRM0: -.quad 0x01040b0e0205080f, 0x0306090c00070a0d -LM0SR:@ ShiftRows constants -.quad 0x0a0e02060f03070b, 0x0004080c05090d01 -LSR: -.quad 0x0504070600030201, 0x0f0e0d0c0a09080b -LSRM0: -.quad 0x0304090e00050a0f, 0x01060b0c0207080d -LM0: -.quad 0x02060a0e03070b0f, 0x0004080c0105090d -LREVM0SR: -.quad 0x090d01050c000408, 0x03070b0f060a0e02 -.byte 66,105,116,45,115,108,105,99,101,100,32,65,69,83,32,102,111,114,32,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 -.align 6 - - -#ifdef __thumb2__ -.thumb_func _bsaes_encrypt8 -#endif -.align 4 -_bsaes_encrypt8: - adr r6,. - vldmia r4!, {q9} @ round 0 key -#if defined(__thumb2__) || defined(__APPLE__) - adr r6,LM0SR -#else - sub r6,r6,#_bsaes_encrypt8-LM0SR -#endif - - vldmia r6!, {q8} @ LM0SR -_bsaes_encrypt8_alt: - veor q10, q0, q9 @ xor with round0 key - veor q11, q1, q9 - vtbl.8 d0, {q10}, d16 - vtbl.8 d1, {q10}, d17 - veor q12, q2, q9 - vtbl.8 d2, {q11}, d16 - vtbl.8 d3, {q11}, d17 - veor q13, q3, q9 - vtbl.8 d4, {q12}, d16 - vtbl.8 d5, {q12}, d17 - veor q14, q4, q9 - vtbl.8 d6, {q13}, d16 - vtbl.8 d7, {q13}, d17 - veor q15, q5, q9 - vtbl.8 d8, {q14}, d16 - vtbl.8 d9, {q14}, d17 - veor q10, q6, q9 - vtbl.8 d10, {q15}, d16 - vtbl.8 d11, {q15}, d17 - veor q11, q7, q9 - vtbl.8 d12, {q10}, d16 - vtbl.8 d13, {q10}, d17 - vtbl.8 d14, {q11}, d16 - vtbl.8 d15, {q11}, d17 -_bsaes_encrypt8_bitslice: - vmov.i8 q8,#0x55 @ compose LBS0 - vmov.i8 q9,#0x33 @ compose LBS1 - vshr.u64 q10, q6, #1 - vshr.u64 q11, q4, #1 - veor q10, q10, q7 - veor q11, q11, q5 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 - vshl.u64 q10, q10, #1 - veor q5, q5, q11 - vshl.u64 q11, q11, #1 - veor q6, q6, q10 - veor q4, q4, q11 - vshr.u64 q10, q2, #1 - vshr.u64 q11, q0, #1 - veor q10, q10, q3 - veor q11, q11, q1 - vand q10, q10, q8 - vand q11, q11, q8 - veor q3, q3, q10 - vshl.u64 q10, q10, #1 - veor q1, q1, q11 - vshl.u64 q11, q11, #1 - veor q2, q2, q10 - veor q0, q0, q11 - vmov.i8 q8,#0x0f @ compose LBS2 - vshr.u64 q10, q5, #2 - vshr.u64 q11, q4, #2 - veor q10, q10, q7 - veor q11, q11, q6 - vand q10, q10, q9 - vand q11, q11, q9 - veor q7, q7, q10 - vshl.u64 q10, q10, #2 - veor q6, q6, q11 - vshl.u64 q11, q11, #2 - veor q5, q5, q10 - veor q4, q4, q11 - vshr.u64 q10, q1, #2 - vshr.u64 q11, q0, #2 - veor q10, q10, q3 - veor q11, q11, q2 - vand q10, q10, q9 - vand q11, q11, q9 - veor q3, q3, q10 - vshl.u64 q10, q10, #2 - veor q2, q2, q11 - vshl.u64 q11, q11, #2 - veor q1, q1, q10 - veor q0, q0, q11 - vshr.u64 q10, q3, #4 - vshr.u64 q11, q2, #4 - veor q10, q10, q7 - veor q11, q11, q6 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 - vshl.u64 q10, q10, #4 - veor q6, q6, q11 - vshl.u64 q11, q11, #4 - veor q3, q3, q10 - veor q2, q2, q11 - vshr.u64 q10, q1, #4 - vshr.u64 q11, q0, #4 - veor q10, q10, q5 - veor q11, q11, q4 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 - vshl.u64 q10, q10, #4 - veor q4, q4, q11 - vshl.u64 q11, q11, #4 - veor q1, q1, q10 - veor q0, q0, q11 - sub r5,r5,#1 - b Lenc_sbox -.align 4 -Lenc_loop: - vldmia r4!, {q8,q9,q10,q11} - veor q8, q8, q0 - veor q9, q9, q1 - vtbl.8 d0, {q8}, d24 - vtbl.8 d1, {q8}, d25 - vldmia r4!, {q8} - veor q10, q10, q2 - vtbl.8 d2, {q9}, d24 - vtbl.8 d3, {q9}, d25 - vldmia r4!, {q9} - veor q11, q11, q3 - vtbl.8 d4, {q10}, d24 - vtbl.8 d5, {q10}, d25 - vldmia r4!, {q10} - vtbl.8 d6, {q11}, d24 - vtbl.8 d7, {q11}, d25 - vldmia r4!, {q11} - veor q8, q8, q4 - veor q9, q9, q5 - vtbl.8 d8, {q8}, d24 - vtbl.8 d9, {q8}, d25 - veor q10, q10, q6 - vtbl.8 d10, {q9}, d24 - vtbl.8 d11, {q9}, d25 - veor q11, q11, q7 - vtbl.8 d12, {q10}, d24 - vtbl.8 d13, {q10}, d25 - vtbl.8 d14, {q11}, d24 - vtbl.8 d15, {q11}, d25 -Lenc_sbox: - veor q2, q2, q1 - veor q5, q5, q6 - veor q3, q3, q0 - veor q6, q6, q2 - veor q5, q5, q0 - - veor q6, q6, q3 - veor q3, q3, q7 - veor q7, q7, q5 - veor q3, q3, q4 - veor q4, q4, q5 - - veor q2, q2, q7 - veor q3, q3, q1 - veor q1, q1, q5 - veor q11, q7, q4 - veor q10, q1, q2 - veor q9, q5, q3 - veor q13, q2, q4 - vmov q8, q10 - veor q12, q6, q0 - - vorr q10, q10, q9 - veor q15, q11, q8 - vand q14, q11, q12 - vorr q11, q11, q12 - veor q12, q12, q9 - vand q8, q8, q9 - veor q9, q3, q0 - vand q15, q15, q12 - vand q13, q13, q9 - veor q9, q7, q1 - veor q12, q5, q6 - veor q11, q11, q13 - veor q10, q10, q13 - vand q13, q9, q12 - vorr q9, q9, q12 - veor q11, q11, q15 - veor q8, q8, q13 - veor q10, q10, q14 - veor q9, q9, q15 - veor q8, q8, q14 - vand q12, q2, q3 - veor q9, q9, q14 - vand q13, q4, q0 - vand q14, q1, q5 - vorr q15, q7, q6 - veor q11, q11, q12 - veor q9, q9, q14 - veor q8, q8, q15 - veor q10, q10, q13 - - @ Inv_GF16 0, 1, 2, 3, s0, s1, s2, s3 - - @ new smaller inversion - - vand q14, q11, q9 - vmov q12, q8 - - veor q13, q10, q14 - veor q15, q8, q14 - veor q14, q8, q14 @ q14=q15 - - vbsl q13, q9, q8 - vbsl q15, q11, q10 - veor q11, q11, q10 - - vbsl q12, q13, q14 - vbsl q8, q14, q13 - - vand q14, q12, q15 - veor q9, q9, q8 - - veor q14, q14, q11 - veor q12, q6, q0 - veor q8, q5, q3 - veor q10, q15, q14 - vand q10, q10, q6 - veor q6, q6, q5 - vand q11, q5, q15 - vand q6, q6, q14 - veor q5, q11, q10 - veor q6, q6, q11 - veor q15, q15, q13 - veor q14, q14, q9 - veor q11, q15, q14 - veor q10, q13, q9 - vand q11, q11, q12 - vand q10, q10, q0 - veor q12, q12, q8 - veor q0, q0, q3 - vand q8, q8, q15 - vand q3, q3, q13 - vand q12, q12, q14 - vand q0, q0, q9 - veor q8, q8, q12 - veor q0, q0, q3 - veor q12, q12, q11 - veor q3, q3, q10 - veor q6, q6, q12 - veor q0, q0, q12 - veor q5, q5, q8 - veor q3, q3, q8 - - veor q12, q7, q4 - veor q8, q1, q2 - veor q11, q15, q14 - veor q10, q13, q9 - vand q11, q11, q12 - vand q10, q10, q4 - veor q12, q12, q8 - veor q4, q4, q2 - vand q8, q8, q15 - vand q2, q2, q13 - vand q12, q12, q14 - vand q4, q4, q9 - veor q8, q8, q12 - veor q4, q4, q2 - veor q12, q12, q11 - veor q2, q2, q10 - veor q15, q15, q13 - veor q14, q14, q9 - veor q10, q15, q14 - vand q10, q10, q7 - veor q7, q7, q1 - vand q11, q1, q15 - vand q7, q7, q14 - veor q1, q11, q10 - veor q7, q7, q11 - veor q7, q7, q12 - veor q4, q4, q12 - veor q1, q1, q8 - veor q2, q2, q8 - veor q7, q7, q0 - veor q1, q1, q6 - veor q6, q6, q0 - veor q4, q4, q7 - veor q0, q0, q1 - - veor q1, q1, q5 - veor q5, q5, q2 - veor q2, q2, q3 - veor q3, q3, q5 - veor q4, q4, q5 - - veor q6, q6, q3 - subs r5,r5,#1 - bcc Lenc_done - vext.8 q8, q0, q0, #12 @ x0 <<< 32 - vext.8 q9, q1, q1, #12 - veor q0, q0, q8 @ x0 ^ (x0 <<< 32) - vext.8 q10, q4, q4, #12 - veor q1, q1, q9 - vext.8 q11, q6, q6, #12 - veor q4, q4, q10 - vext.8 q12, q3, q3, #12 - veor q6, q6, q11 - vext.8 q13, q7, q7, #12 - veor q3, q3, q12 - vext.8 q14, q2, q2, #12 - veor q7, q7, q13 - vext.8 q15, q5, q5, #12 - veor q2, q2, q14 - - veor q9, q9, q0 - veor q5, q5, q15 - vext.8 q0, q0, q0, #8 @ (x0 ^ (x0 <<< 32)) <<< 64) - veor q10, q10, q1 - veor q8, q8, q5 - veor q9, q9, q5 - vext.8 q1, q1, q1, #8 - veor q13, q13, q3 - veor q0, q0, q8 - veor q14, q14, q7 - veor q1, q1, q9 - vext.8 q8, q3, q3, #8 - veor q12, q12, q6 - vext.8 q9, q7, q7, #8 - veor q15, q15, q2 - vext.8 q3, q6, q6, #8 - veor q11, q11, q4 - vext.8 q7, q5, q5, #8 - veor q12, q12, q5 - vext.8 q6, q2, q2, #8 - veor q11, q11, q5 - vext.8 q2, q4, q4, #8 - veor q5, q9, q13 - veor q4, q8, q12 - veor q3, q3, q11 - veor q7, q7, q15 - veor q6, q6, q14 - @ vmov q4, q8 - veor q2, q2, q10 - @ vmov q5, q9 - vldmia r6, {q12} @ LSR - ite eq @ Thumb2 thing, samity check in ARM - addeq r6,r6,#0x10 - bne Lenc_loop - vldmia r6, {q12} @ LSRM0 - b Lenc_loop -.align 4 -Lenc_done: - vmov.i8 q8,#0x55 @ compose LBS0 - vmov.i8 q9,#0x33 @ compose LBS1 - vshr.u64 q10, q2, #1 - vshr.u64 q11, q3, #1 - veor q10, q10, q5 - veor q11, q11, q7 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 - vshl.u64 q10, q10, #1 - veor q7, q7, q11 - vshl.u64 q11, q11, #1 - veor q2, q2, q10 - veor q3, q3, q11 - vshr.u64 q10, q4, #1 - vshr.u64 q11, q0, #1 - veor q10, q10, q6 - veor q11, q11, q1 - vand q10, q10, q8 - vand q11, q11, q8 - veor q6, q6, q10 - vshl.u64 q10, q10, #1 - veor q1, q1, q11 - vshl.u64 q11, q11, #1 - veor q4, q4, q10 - veor q0, q0, q11 - vmov.i8 q8,#0x0f @ compose LBS2 - vshr.u64 q10, q7, #2 - vshr.u64 q11, q3, #2 - veor q10, q10, q5 - veor q11, q11, q2 - vand q10, q10, q9 - vand q11, q11, q9 - veor q5, q5, q10 - vshl.u64 q10, q10, #2 - veor q2, q2, q11 - vshl.u64 q11, q11, #2 - veor q7, q7, q10 - veor q3, q3, q11 - vshr.u64 q10, q1, #2 - vshr.u64 q11, q0, #2 - veor q10, q10, q6 - veor q11, q11, q4 - vand q10, q10, q9 - vand q11, q11, q9 - veor q6, q6, q10 - vshl.u64 q10, q10, #2 - veor q4, q4, q11 - vshl.u64 q11, q11, #2 - veor q1, q1, q10 - veor q0, q0, q11 - vshr.u64 q10, q6, #4 - vshr.u64 q11, q4, #4 - veor q10, q10, q5 - veor q11, q11, q2 - vand q10, q10, q8 - vand q11, q11, q8 - veor q5, q5, q10 - vshl.u64 q10, q10, #4 - veor q2, q2, q11 - vshl.u64 q11, q11, #4 - veor q6, q6, q10 - veor q4, q4, q11 - vshr.u64 q10, q1, #4 - vshr.u64 q11, q0, #4 - veor q10, q10, q7 - veor q11, q11, q3 - vand q10, q10, q8 - vand q11, q11, q8 - veor q7, q7, q10 - vshl.u64 q10, q10, #4 - veor q3, q3, q11 - vshl.u64 q11, q11, #4 - veor q1, q1, q10 - veor q0, q0, q11 - vldmia r4, {q8} @ last round key - veor q4, q4, q8 - veor q6, q6, q8 - veor q3, q3, q8 - veor q7, q7, q8 - veor q2, q2, q8 - veor q5, q5, q8 - veor q0, q0, q8 - veor q1, q1, q8 - bx lr - -#ifdef __thumb2__ -.thumb_func _bsaes_key_convert -#endif -.align 4 -_bsaes_key_convert: - adr r6,. - vld1.8 {q7}, [r4]! @ load round 0 key -#if defined(__thumb2__) || defined(__APPLE__) - adr r6,LM0 -#else - sub r6,r6,#_bsaes_key_convert-LM0 -#endif - vld1.8 {q15}, [r4]! @ load round 1 key - - vmov.i8 q8, #0x01 @ bit masks - vmov.i8 q9, #0x02 - vmov.i8 q10, #0x04 - vmov.i8 q11, #0x08 - vmov.i8 q12, #0x10 - vmov.i8 q13, #0x20 - vldmia r6, {q14} @ LM0 - -#ifdef __ARMEL__ - vrev32.8 q7, q7 - vrev32.8 q15, q15 -#endif - sub r5,r5,#1 - vstmia r12!, {q7} @ save round 0 key - b Lkey_loop - -.align 4 -Lkey_loop: - vtbl.8 d14,{q15},d28 - vtbl.8 d15,{q15},d29 - vmov.i8 q6, #0x40 - vmov.i8 q15, #0x80 - - vtst.8 q0, q7, q8 - vtst.8 q1, q7, q9 - vtst.8 q2, q7, q10 - vtst.8 q3, q7, q11 - vtst.8 q4, q7, q12 - vtst.8 q5, q7, q13 - vtst.8 q6, q7, q6 - vtst.8 q7, q7, q15 - vld1.8 {q15}, [r4]! @ load next round key - vmvn q0, q0 @ "pnot" - vmvn q1, q1 - vmvn q5, q5 - vmvn q6, q6 -#ifdef __ARMEL__ - vrev32.8 q15, q15 -#endif - subs r5,r5,#1 - vstmia r12!,{q0,q1,q2,q3,q4,q5,q6,q7} @ write bit-sliced round key - bne Lkey_loop - - vmov.i8 q7,#0x63 @ compose L63 - @ don't save last round key - bx lr - -.globl _GFp_bsaes_ctr32_encrypt_blocks -.private_extern _GFp_bsaes_ctr32_encrypt_blocks -#ifdef __thumb2__ -.thumb_func _GFp_bsaes_ctr32_encrypt_blocks -#endif -.align 5 -_GFp_bsaes_ctr32_encrypt_blocks: - @ In OpenSSL, short inputs fall back to aes_nohw_* here. We patch this - @ out to retain a constant-time implementation. - mov ip, sp - stmdb sp!, {r4,r5,r6,r7,r8,r9,r10, lr} - VFP_ABI_PUSH - ldr r8, [ip] @ ctr is 1st arg on the stack - sub sp, sp, #0x10 @ scratch space to carry over the ctr - mov r9, sp @ save sp - - ldr r10, [r3, #240] @ get # of rounds -#ifndef BSAES_ASM_EXTENDED_KEY - @ allocate the key schedule on the stack - sub r12, sp, r10, lsl#7 @ 128 bytes per inner round key - add r12, #96 @ size of bit-sliced key schedule - - @ populate the key schedule - mov r4, r3 @ pass key - mov r5, r10 @ pass # of rounds - mov sp, r12 @ sp is sp - bl _bsaes_key_convert - veor q7,q7,q15 @ fix up last round key - vstmia r12, {q7} @ save last round key - - vld1.8 {q0}, [r8] @ load counter -#ifdef __APPLE__ - mov r8, #:lower16:(LREVM0SR-LM0) - add r8, r6, r8 -#else - add r8, r6, #LREVM0SR-LM0 @ borrow r8 -#endif - vldmia sp, {q4} @ load round0 key -#else - ldr r12, [r3, #244] - eors r12, #1 - beq 0f - - @ populate the key schedule - str r12, [r3, #244] - mov r4, r3 @ pass key - mov r5, r10 @ pass # of rounds - add r12, r3, #248 @ pass key schedule - bl _bsaes_key_convert - veor q7,q7,q15 @ fix up last round key - vstmia r12, {q7} @ save last round key - -.align 2 - add r12, r3, #248 - vld1.8 {q0}, [r8] @ load counter - adrl r8, LREVM0SR @ borrow r8 - vldmia r12, {q4} @ load round0 key - sub sp, #0x10 @ place for adjusted round0 key -#endif - - vmov.i32 q8,#1 @ compose 1<<96 - veor q9,q9,q9 - vrev32.8 q0,q0 - vext.8 q8,q9,q8,#4 - vrev32.8 q4,q4 - vadd.u32 q9,q8,q8 @ compose 2<<96 - vstmia sp, {q4} @ save adjusted round0 key - b Lctr_enc_loop - -.align 4 -Lctr_enc_loop: - vadd.u32 q10, q8, q9 @ compose 3<<96 - vadd.u32 q1, q0, q8 @ +1 - vadd.u32 q2, q0, q9 @ +2 - vadd.u32 q3, q0, q10 @ +3 - vadd.u32 q4, q1, q10 - vadd.u32 q5, q2, q10 - vadd.u32 q6, q3, q10 - vadd.u32 q7, q4, q10 - vadd.u32 q10, q5, q10 @ next counter - - @ Borrow prologue from _bsaes_encrypt8 to use the opportunity - @ to flip byte order in 32-bit counter - - vldmia sp, {q9} @ load round0 key -#ifndef BSAES_ASM_EXTENDED_KEY - add r4, sp, #0x10 @ pass next round key -#else - add r4, r3, #264 -#endif - vldmia r8, {q8} @ LREVM0SR - mov r5, r10 @ pass rounds - vstmia r9, {q10} @ save next counter -#ifdef __APPLE__ - mov r6, #:lower16:(LREVM0SR-LSR) - sub r6, r8, r6 -#else - sub r6, r8, #LREVM0SR-LSR @ pass constants -#endif - - bl _bsaes_encrypt8_alt - - subs r2, r2, #8 - blo Lctr_enc_loop_done - - vld1.8 {q8,q9}, [r0]! @ load input - vld1.8 {q10,q11}, [r0]! - veor q0, q8 - veor q1, q9 - vld1.8 {q12,q13}, [r0]! - veor q4, q10 - veor q6, q11 - vld1.8 {q14,q15}, [r0]! - veor q3, q12 - vst1.8 {q0,q1}, [r1]! @ write output - veor q7, q13 - veor q2, q14 - vst1.8 {q4}, [r1]! - veor q5, q15 - vst1.8 {q6}, [r1]! - vmov.i32 q8, #1 @ compose 1<<96 - vst1.8 {q3}, [r1]! - veor q9, q9, q9 - vst1.8 {q7}, [r1]! - vext.8 q8, q9, q8, #4 - vst1.8 {q2}, [r1]! - vadd.u32 q9,q8,q8 @ compose 2<<96 - vst1.8 {q5}, [r1]! - vldmia r9, {q0} @ load counter - - bne Lctr_enc_loop - b Lctr_enc_done - -.align 4 -Lctr_enc_loop_done: - add r2, r2, #8 - vld1.8 {q8}, [r0]! @ load input - veor q0, q8 - vst1.8 {q0}, [r1]! @ write output - cmp r2, #2 - blo Lctr_enc_done - vld1.8 {q9}, [r0]! - veor q1, q9 - vst1.8 {q1}, [r1]! - beq Lctr_enc_done - vld1.8 {q10}, [r0]! - veor q4, q10 - vst1.8 {q4}, [r1]! - cmp r2, #4 - blo Lctr_enc_done - vld1.8 {q11}, [r0]! - veor q6, q11 - vst1.8 {q6}, [r1]! - beq Lctr_enc_done - vld1.8 {q12}, [r0]! - veor q3, q12 - vst1.8 {q3}, [r1]! - cmp r2, #6 - blo Lctr_enc_done - vld1.8 {q13}, [r0]! - veor q7, q13 - vst1.8 {q7}, [r1]! - beq Lctr_enc_done - vld1.8 {q14}, [r0] - veor q2, q14 - vst1.8 {q2}, [r1]! - -Lctr_enc_done: - vmov.i32 q0, #0 - vmov.i32 q1, #0 -#ifndef BSAES_ASM_EXTENDED_KEY -Lctr_enc_bzero:@ wipe key schedule [if any] - vstmia sp!, {q0,q1} - cmp sp, r9 - bne Lctr_enc_bzero -#else - vstmia sp, {q0,q1} -#endif - - mov sp, r9 - add sp, #0x10 @ add sp,r9,#0x10 is no good for thumb - VFP_ABI_POP - ldmia sp!, {r4,r5,r6,r7,r8,r9,r10, pc} @ return - - @ OpenSSL contains aes_nohw_* fallback code here. We patch this - @ out to retain a constant-time implementation. - -#endif -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/bsaes-armv7-linux32.S b/pregenerated/bsaes-armv7-linux32.S index ec6d7c8..0eacc0a 100644 --- a/pregenerated/bsaes-armv7-linux32.S +++ b/pregenerated/bsaes-armv7-linux32.S @@ -10,6 +10,7 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) +#include "ring_core_generated/prefix_symbols_asm.h" @ Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved. @ @ Licensed under the OpenSSL license (the "License"). You may not use @@ -62,7 +63,7 @@ @ Add CBC, CTR and XTS subroutines and adapt for kernel use; courtesy of Ard. #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} @@ -611,11 +612,11 @@ _bsaes_key_convert: @ don't save last round key bx lr .size _bsaes_key_convert,.-_bsaes_key_convert -.globl GFp_bsaes_ctr32_encrypt_blocks -.hidden GFp_bsaes_ctr32_encrypt_blocks -.type GFp_bsaes_ctr32_encrypt_blocks,%function +.globl bsaes_ctr32_encrypt_blocks +.hidden bsaes_ctr32_encrypt_blocks +.type bsaes_ctr32_encrypt_blocks,%function .align 5 -GFp_bsaes_ctr32_encrypt_blocks: +bsaes_ctr32_encrypt_blocks: @ In OpenSSL, short inputs fall back to aes_nohw_* here. We patch this @ out to retain a constant-time implementation. mov ip, sp @@ -795,7 +796,7 @@ GFp_bsaes_ctr32_encrypt_blocks: @ OpenSSL contains aes_nohw_* fallback code here. We patch this @ out to retain a constant-time implementation. -.size GFp_bsaes_ctr32_encrypt_blocks,.-GFp_bsaes_ctr32_encrypt_blocks +.size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks #endif #endif #endif // !OPENSSL_NO_ASM diff --git a/pregenerated/chacha-armv4-ios32.S b/pregenerated/chacha-armv4-ios32.S deleted file mode 100644 index 84bcf64..0000000 --- a/pregenerated/chacha-armv4-ios32.S +++ /dev/null @@ -1,1492 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> - -@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both -@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. - - -.text -#if defined(__thumb2__) || defined(__clang__) -.syntax unified -#endif -#if defined(__thumb2__) -.thumb -#else -.code 32 -#endif - -#if defined(__thumb2__) || defined(__clang__) -#define ldrhsb ldrbhs -#endif - -.align 5 -Lsigma: -.long 0x61707865,0x3320646e,0x79622d32,0x6b206574 @ endian-neutral -Lone: -.long 1,0,0,0 -#if __ARM_MAX_ARCH__>=7 - -.private_extern _GFp_armcap_P -LOPENSSL_armcap: -.word _GFp_armcap_P-LChaCha20_ctr32 -#else -.word -1 -#endif - -.globl _GFp_ChaCha20_ctr32 -.private_extern _GFp_ChaCha20_ctr32 -#ifdef __thumb2__ -.thumb_func _GFp_ChaCha20_ctr32 -#endif -.align 5 -_GFp_ChaCha20_ctr32: -LChaCha20_ctr32: - ldr r12,[sp,#0] @ pull pointer to counter and nonce - stmdb sp!,{r0,r1,r2,r4-r11,lr} -#if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r14,pc,#16 @ ChaCha20_ctr32 -#else - adr r14,LChaCha20_ctr32 -#endif - cmp r2,#0 @ len==0? -#ifdef __thumb2__ - itt eq -#endif - addeq sp,sp,#4*3 - beq Lno_data -#if __ARM_MAX_ARCH__>=7 - cmp r2,#192 @ test len - bls Lshort - ldr r4,[r14,#-32] - ldr r4,[r14,r4] -# ifdef __APPLE__ - ldr r4,[r4] -# endif - tst r4,#ARMV7_NEON - bne LChaCha20_neon -Lshort: -#endif - ldmia r12,{r4,r5,r6,r7} @ load counter and nonce - sub sp,sp,#4*(16) @ off-load area - sub r14,r14,#64 @ Lsigma - stmdb sp!,{r4,r5,r6,r7} @ copy counter and nonce - ldmia r3,{r4,r5,r6,r7,r8,r9,r10,r11} @ load key - ldmia r14,{r0,r1,r2,r3} @ load sigma - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11} @ copy key - stmdb sp!,{r0,r1,r2,r3} @ copy sigma - str r10,[sp,#4*(16+10)] @ off-load "rx" - str r11,[sp,#4*(16+11)] @ off-load "rx" - b Loop_outer_enter - -.align 4 -Loop_outer: - ldmia sp,{r0,r1,r2,r3,r4,r5,r6,r7,r8,r9} @ load key material - str r11,[sp,#4*(32+2)] @ save len - str r12, [sp,#4*(32+1)] @ save inp - str r14, [sp,#4*(32+0)] @ save out -Loop_outer_enter: - ldr r11, [sp,#4*(15)] - ldr r12,[sp,#4*(12)] @ modulo-scheduled load - ldr r10, [sp,#4*(13)] - ldr r14,[sp,#4*(14)] - str r11, [sp,#4*(16+15)] - mov r11,#10 - b Loop - -.align 4 -Loop: - subs r11,r11,#1 - add r0,r0,r4 - mov r12,r12,ror#16 - add r1,r1,r5 - mov r10,r10,ror#16 - eor r12,r12,r0,ror#16 - eor r10,r10,r1,ror#16 - add r8,r8,r12 - mov r4,r4,ror#20 - add r9,r9,r10 - mov r5,r5,ror#20 - eor r4,r4,r8,ror#20 - eor r5,r5,r9,ror#20 - add r0,r0,r4 - mov r12,r12,ror#24 - add r1,r1,r5 - mov r10,r10,ror#24 - eor r12,r12,r0,ror#24 - eor r10,r10,r1,ror#24 - add r8,r8,r12 - mov r4,r4,ror#25 - add r9,r9,r10 - mov r5,r5,ror#25 - str r10,[sp,#4*(16+13)] - ldr r10,[sp,#4*(16+15)] - eor r4,r4,r8,ror#25 - eor r5,r5,r9,ror#25 - str r8,[sp,#4*(16+8)] - ldr r8,[sp,#4*(16+10)] - add r2,r2,r6 - mov r14,r14,ror#16 - str r9,[sp,#4*(16+9)] - ldr r9,[sp,#4*(16+11)] - add r3,r3,r7 - mov r10,r10,ror#16 - eor r14,r14,r2,ror#16 - eor r10,r10,r3,ror#16 - add r8,r8,r14 - mov r6,r6,ror#20 - add r9,r9,r10 - mov r7,r7,ror#20 - eor r6,r6,r8,ror#20 - eor r7,r7,r9,ror#20 - add r2,r2,r6 - mov r14,r14,ror#24 - add r3,r3,r7 - mov r10,r10,ror#24 - eor r14,r14,r2,ror#24 - eor r10,r10,r3,ror#24 - add r8,r8,r14 - mov r6,r6,ror#25 - add r9,r9,r10 - mov r7,r7,ror#25 - eor r6,r6,r8,ror#25 - eor r7,r7,r9,ror#25 - add r0,r0,r5 - mov r10,r10,ror#16 - add r1,r1,r6 - mov r12,r12,ror#16 - eor r10,r10,r0,ror#16 - eor r12,r12,r1,ror#16 - add r8,r8,r10 - mov r5,r5,ror#20 - add r9,r9,r12 - mov r6,r6,ror#20 - eor r5,r5,r8,ror#20 - eor r6,r6,r9,ror#20 - add r0,r0,r5 - mov r10,r10,ror#24 - add r1,r1,r6 - mov r12,r12,ror#24 - eor r10,r10,r0,ror#24 - eor r12,r12,r1,ror#24 - add r8,r8,r10 - mov r5,r5,ror#25 - str r10,[sp,#4*(16+15)] - ldr r10,[sp,#4*(16+13)] - add r9,r9,r12 - mov r6,r6,ror#25 - eor r5,r5,r8,ror#25 - eor r6,r6,r9,ror#25 - str r8,[sp,#4*(16+10)] - ldr r8,[sp,#4*(16+8)] - add r2,r2,r7 - mov r10,r10,ror#16 - str r9,[sp,#4*(16+11)] - ldr r9,[sp,#4*(16+9)] - add r3,r3,r4 - mov r14,r14,ror#16 - eor r10,r10,r2,ror#16 - eor r14,r14,r3,ror#16 - add r8,r8,r10 - mov r7,r7,ror#20 - add r9,r9,r14 - mov r4,r4,ror#20 - eor r7,r7,r8,ror#20 - eor r4,r4,r9,ror#20 - add r2,r2,r7 - mov r10,r10,ror#24 - add r3,r3,r4 - mov r14,r14,ror#24 - eor r10,r10,r2,ror#24 - eor r14,r14,r3,ror#24 - add r8,r8,r10 - mov r7,r7,ror#25 - add r9,r9,r14 - mov r4,r4,ror#25 - eor r7,r7,r8,ror#25 - eor r4,r4,r9,ror#25 - bne Loop - - ldr r11,[sp,#4*(32+2)] @ load len - - str r8, [sp,#4*(16+8)] @ modulo-scheduled store - str r9, [sp,#4*(16+9)] - str r12,[sp,#4*(16+12)] - str r10, [sp,#4*(16+13)] - str r14,[sp,#4*(16+14)] - - @ at this point we have first half of 512-bit result in - @ rx and second half at sp+4*(16+8) - - cmp r11,#64 @ done yet? -#ifdef __thumb2__ - itete lo -#endif - addlo r12,sp,#4*(0) @ shortcut or ... - ldrhs r12,[sp,#4*(32+1)] @ ... load inp - addlo r14,sp,#4*(0) @ shortcut or ... - ldrhs r14,[sp,#4*(32+0)] @ ... load out - - ldr r8,[sp,#4*(0)] @ load key material - ldr r9,[sp,#4*(1)] - -#if __ARM_ARCH__>=6 || !defined(__ARMEB__) -# if __ARM_ARCH__<7 - orr r10,r12,r14 - tst r10,#3 @ are input and output aligned? - ldr r10,[sp,#4*(2)] - bne Lunaligned - cmp r11,#64 @ restore flags -# else - ldr r10,[sp,#4*(2)] -# endif - ldr r11,[sp,#4*(3)] - - add r0,r0,r8 @ accumulate key material - add r1,r1,r9 -# ifdef __thumb2__ - itt hs -# endif - ldrhs r8,[r12],#16 @ load input - ldrhs r9,[r12,#-12] - - add r2,r2,r10 - add r3,r3,r11 -# ifdef __thumb2__ - itt hs -# endif - ldrhs r10,[r12,#-8] - ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) - rev r0,r0 - rev r1,r1 - rev r2,r2 - rev r3,r3 -# endif -# ifdef __thumb2__ - itt hs -# endif - eorhs r0,r0,r8 @ xor with input - eorhs r1,r1,r9 - add r8,sp,#4*(4) - str r0,[r14],#16 @ store output -# ifdef __thumb2__ - itt hs -# endif - eorhs r2,r2,r10 - eorhs r3,r3,r11 - ldmia r8,{r8,r9,r10,r11} @ load key material - str r1,[r14,#-12] - str r2,[r14,#-8] - str r3,[r14,#-4] - - add r4,r4,r8 @ accumulate key material - add r5,r5,r9 -# ifdef __thumb2__ - itt hs -# endif - ldrhs r8,[r12],#16 @ load input - ldrhs r9,[r12,#-12] - add r6,r6,r10 - add r7,r7,r11 -# ifdef __thumb2__ - itt hs -# endif - ldrhs r10,[r12,#-8] - ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) - rev r4,r4 - rev r5,r5 - rev r6,r6 - rev r7,r7 -# endif -# ifdef __thumb2__ - itt hs -# endif - eorhs r4,r4,r8 - eorhs r5,r5,r9 - add r8,sp,#4*(8) - str r4,[r14],#16 @ store output -# ifdef __thumb2__ - itt hs -# endif - eorhs r6,r6,r10 - eorhs r7,r7,r11 - str r5,[r14,#-12] - ldmia r8,{r8,r9,r10,r11} @ load key material - str r6,[r14,#-8] - add r0,sp,#4*(16+8) - str r7,[r14,#-4] - - ldmia r0,{r0,r1,r2,r3,r4,r5,r6,r7} @ load second half - - add r0,r0,r8 @ accumulate key material - add r1,r1,r9 -# ifdef __thumb2__ - itt hs -# endif - ldrhs r8,[r12],#16 @ load input - ldrhs r9,[r12,#-12] -# ifdef __thumb2__ - itt hi -# endif - strhi r10,[sp,#4*(16+10)] @ copy "rx" while at it - strhi r11,[sp,#4*(16+11)] @ copy "rx" while at it - add r2,r2,r10 - add r3,r3,r11 -# ifdef __thumb2__ - itt hs -# endif - ldrhs r10,[r12,#-8] - ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) - rev r0,r0 - rev r1,r1 - rev r2,r2 - rev r3,r3 -# endif -# ifdef __thumb2__ - itt hs -# endif - eorhs r0,r0,r8 - eorhs r1,r1,r9 - add r8,sp,#4*(12) - str r0,[r14],#16 @ store output -# ifdef __thumb2__ - itt hs -# endif - eorhs r2,r2,r10 - eorhs r3,r3,r11 - str r1,[r14,#-12] - ldmia r8,{r8,r9,r10,r11} @ load key material - str r2,[r14,#-8] - str r3,[r14,#-4] - - add r4,r4,r8 @ accumulate key material - add r5,r5,r9 -# ifdef __thumb2__ - itt hi -# endif - addhi r8,r8,#1 @ next counter value - strhi r8,[sp,#4*(12)] @ save next counter value -# ifdef __thumb2__ - itt hs -# endif - ldrhs r8,[r12],#16 @ load input - ldrhs r9,[r12,#-12] - add r6,r6,r10 - add r7,r7,r11 -# ifdef __thumb2__ - itt hs -# endif - ldrhs r10,[r12,#-8] - ldrhs r11,[r12,#-4] -# if __ARM_ARCH__>=6 && defined(__ARMEB__) - rev r4,r4 - rev r5,r5 - rev r6,r6 - rev r7,r7 -# endif -# ifdef __thumb2__ - itt hs -# endif - eorhs r4,r4,r8 - eorhs r5,r5,r9 -# ifdef __thumb2__ - it ne -# endif - ldrne r8,[sp,#4*(32+2)] @ re-load len -# ifdef __thumb2__ - itt hs -# endif - eorhs r6,r6,r10 - eorhs r7,r7,r11 - str r4,[r14],#16 @ store output - str r5,[r14,#-12] -# ifdef __thumb2__ - it hs -# endif - subhs r11,r8,#64 @ len-=64 - str r6,[r14,#-8] - str r7,[r14,#-4] - bhi Loop_outer - - beq Ldone -# if __ARM_ARCH__<7 - b Ltail - -.align 4 -Lunaligned:@ unaligned endian-neutral path - cmp r11,#64 @ restore flags -# endif -#endif -#if __ARM_ARCH__<7 - ldr r11,[sp,#4*(3)] - add r0,r0,r8 @ accumulate key material - add r1,r1,r9 - add r2,r2,r10 -# ifdef __thumb2__ - itete lo -# endif - eorlo r8,r8,r8 @ zero or ... - ldrhsb r8,[r12],#16 @ ... load input - eorlo r9,r9,r9 - ldrhsb r9,[r12,#-12] - - add r3,r3,r11 -# ifdef __thumb2__ - itete lo -# endif - eorlo r10,r10,r10 - ldrhsb r10,[r12,#-8] - eorlo r11,r11,r11 - ldrhsb r11,[r12,#-4] - - eor r0,r8,r0 @ xor with input (or zero) - eor r1,r9,r1 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-15] @ load more input - ldrhsb r9,[r12,#-11] - eor r2,r10,r2 - strb r0,[r14],#16 @ store output - eor r3,r11,r3 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-7] - ldrhsb r11,[r12,#-3] - strb r1,[r14,#-12] - eor r0,r8,r0,lsr#8 - strb r2,[r14,#-8] - eor r1,r9,r1,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-14] @ load more input - ldrhsb r9,[r12,#-10] - strb r3,[r14,#-4] - eor r2,r10,r2,lsr#8 - strb r0,[r14,#-15] - eor r3,r11,r3,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-6] - ldrhsb r11,[r12,#-2] - strb r1,[r14,#-11] - eor r0,r8,r0,lsr#8 - strb r2,[r14,#-7] - eor r1,r9,r1,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-13] @ load more input - ldrhsb r9,[r12,#-9] - strb r3,[r14,#-3] - eor r2,r10,r2,lsr#8 - strb r0,[r14,#-14] - eor r3,r11,r3,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-5] - ldrhsb r11,[r12,#-1] - strb r1,[r14,#-10] - strb r2,[r14,#-6] - eor r0,r8,r0,lsr#8 - strb r3,[r14,#-2] - eor r1,r9,r1,lsr#8 - strb r0,[r14,#-13] - eor r2,r10,r2,lsr#8 - strb r1,[r14,#-9] - eor r3,r11,r3,lsr#8 - strb r2,[r14,#-5] - strb r3,[r14,#-1] - add r8,sp,#4*(4+0) - ldmia r8,{r8,r9,r10,r11} @ load key material - add r0,sp,#4*(16+8) - add r4,r4,r8 @ accumulate key material - add r5,r5,r9 - add r6,r6,r10 -# ifdef __thumb2__ - itete lo -# endif - eorlo r8,r8,r8 @ zero or ... - ldrhsb r8,[r12],#16 @ ... load input - eorlo r9,r9,r9 - ldrhsb r9,[r12,#-12] - - add r7,r7,r11 -# ifdef __thumb2__ - itete lo -# endif - eorlo r10,r10,r10 - ldrhsb r10,[r12,#-8] - eorlo r11,r11,r11 - ldrhsb r11,[r12,#-4] - - eor r4,r8,r4 @ xor with input (or zero) - eor r5,r9,r5 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-15] @ load more input - ldrhsb r9,[r12,#-11] - eor r6,r10,r6 - strb r4,[r14],#16 @ store output - eor r7,r11,r7 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-7] - ldrhsb r11,[r12,#-3] - strb r5,[r14,#-12] - eor r4,r8,r4,lsr#8 - strb r6,[r14,#-8] - eor r5,r9,r5,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-14] @ load more input - ldrhsb r9,[r12,#-10] - strb r7,[r14,#-4] - eor r6,r10,r6,lsr#8 - strb r4,[r14,#-15] - eor r7,r11,r7,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-6] - ldrhsb r11,[r12,#-2] - strb r5,[r14,#-11] - eor r4,r8,r4,lsr#8 - strb r6,[r14,#-7] - eor r5,r9,r5,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-13] @ load more input - ldrhsb r9,[r12,#-9] - strb r7,[r14,#-3] - eor r6,r10,r6,lsr#8 - strb r4,[r14,#-14] - eor r7,r11,r7,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-5] - ldrhsb r11,[r12,#-1] - strb r5,[r14,#-10] - strb r6,[r14,#-6] - eor r4,r8,r4,lsr#8 - strb r7,[r14,#-2] - eor r5,r9,r5,lsr#8 - strb r4,[r14,#-13] - eor r6,r10,r6,lsr#8 - strb r5,[r14,#-9] - eor r7,r11,r7,lsr#8 - strb r6,[r14,#-5] - strb r7,[r14,#-1] - add r8,sp,#4*(4+4) - ldmia r8,{r8,r9,r10,r11} @ load key material - ldmia r0,{r0,r1,r2,r3,r4,r5,r6,r7} @ load second half -# ifdef __thumb2__ - itt hi -# endif - strhi r10,[sp,#4*(16+10)] @ copy "rx" - strhi r11,[sp,#4*(16+11)] @ copy "rx" - add r0,r0,r8 @ accumulate key material - add r1,r1,r9 - add r2,r2,r10 -# ifdef __thumb2__ - itete lo -# endif - eorlo r8,r8,r8 @ zero or ... - ldrhsb r8,[r12],#16 @ ... load input - eorlo r9,r9,r9 - ldrhsb r9,[r12,#-12] - - add r3,r3,r11 -# ifdef __thumb2__ - itete lo -# endif - eorlo r10,r10,r10 - ldrhsb r10,[r12,#-8] - eorlo r11,r11,r11 - ldrhsb r11,[r12,#-4] - - eor r0,r8,r0 @ xor with input (or zero) - eor r1,r9,r1 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-15] @ load more input - ldrhsb r9,[r12,#-11] - eor r2,r10,r2 - strb r0,[r14],#16 @ store output - eor r3,r11,r3 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-7] - ldrhsb r11,[r12,#-3] - strb r1,[r14,#-12] - eor r0,r8,r0,lsr#8 - strb r2,[r14,#-8] - eor r1,r9,r1,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-14] @ load more input - ldrhsb r9,[r12,#-10] - strb r3,[r14,#-4] - eor r2,r10,r2,lsr#8 - strb r0,[r14,#-15] - eor r3,r11,r3,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-6] - ldrhsb r11,[r12,#-2] - strb r1,[r14,#-11] - eor r0,r8,r0,lsr#8 - strb r2,[r14,#-7] - eor r1,r9,r1,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-13] @ load more input - ldrhsb r9,[r12,#-9] - strb r3,[r14,#-3] - eor r2,r10,r2,lsr#8 - strb r0,[r14,#-14] - eor r3,r11,r3,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-5] - ldrhsb r11,[r12,#-1] - strb r1,[r14,#-10] - strb r2,[r14,#-6] - eor r0,r8,r0,lsr#8 - strb r3,[r14,#-2] - eor r1,r9,r1,lsr#8 - strb r0,[r14,#-13] - eor r2,r10,r2,lsr#8 - strb r1,[r14,#-9] - eor r3,r11,r3,lsr#8 - strb r2,[r14,#-5] - strb r3,[r14,#-1] - add r8,sp,#4*(4+8) - ldmia r8,{r8,r9,r10,r11} @ load key material - add r4,r4,r8 @ accumulate key material -# ifdef __thumb2__ - itt hi -# endif - addhi r8,r8,#1 @ next counter value - strhi r8,[sp,#4*(12)] @ save next counter value - add r5,r5,r9 - add r6,r6,r10 -# ifdef __thumb2__ - itete lo -# endif - eorlo r8,r8,r8 @ zero or ... - ldrhsb r8,[r12],#16 @ ... load input - eorlo r9,r9,r9 - ldrhsb r9,[r12,#-12] - - add r7,r7,r11 -# ifdef __thumb2__ - itete lo -# endif - eorlo r10,r10,r10 - ldrhsb r10,[r12,#-8] - eorlo r11,r11,r11 - ldrhsb r11,[r12,#-4] - - eor r4,r8,r4 @ xor with input (or zero) - eor r5,r9,r5 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-15] @ load more input - ldrhsb r9,[r12,#-11] - eor r6,r10,r6 - strb r4,[r14],#16 @ store output - eor r7,r11,r7 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-7] - ldrhsb r11,[r12,#-3] - strb r5,[r14,#-12] - eor r4,r8,r4,lsr#8 - strb r6,[r14,#-8] - eor r5,r9,r5,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-14] @ load more input - ldrhsb r9,[r12,#-10] - strb r7,[r14,#-4] - eor r6,r10,r6,lsr#8 - strb r4,[r14,#-15] - eor r7,r11,r7,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-6] - ldrhsb r11,[r12,#-2] - strb r5,[r14,#-11] - eor r4,r8,r4,lsr#8 - strb r6,[r14,#-7] - eor r5,r9,r5,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r8,[r12,#-13] @ load more input - ldrhsb r9,[r12,#-9] - strb r7,[r14,#-3] - eor r6,r10,r6,lsr#8 - strb r4,[r14,#-14] - eor r7,r11,r7,lsr#8 -# ifdef __thumb2__ - itt hs -# endif - ldrhsb r10,[r12,#-5] - ldrhsb r11,[r12,#-1] - strb r5,[r14,#-10] - strb r6,[r14,#-6] - eor r4,r8,r4,lsr#8 - strb r7,[r14,#-2] - eor r5,r9,r5,lsr#8 - strb r4,[r14,#-13] - eor r6,r10,r6,lsr#8 - strb r5,[r14,#-9] - eor r7,r11,r7,lsr#8 - strb r6,[r14,#-5] - strb r7,[r14,#-1] -# ifdef __thumb2__ - it ne -# endif - ldrne r8,[sp,#4*(32+2)] @ re-load len -# ifdef __thumb2__ - it hs -# endif - subhs r11,r8,#64 @ len-=64 - bhi Loop_outer - - beq Ldone -#endif - -Ltail: - ldr r12,[sp,#4*(32+1)] @ load inp - add r9,sp,#4*(0) - ldr r14,[sp,#4*(32+0)] @ load out - -Loop_tail: - ldrb r10,[r9],#1 @ read buffer on stack - ldrb r11,[r12],#1 @ read input - subs r8,r8,#1 - eor r11,r11,r10 - strb r11,[r14],#1 @ store output - bne Loop_tail - -Ldone: - add sp,sp,#4*(32+3) -Lno_data: - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} - -#if __ARM_MAX_ARCH__>=7 - - - -#ifdef __thumb2__ -.thumb_func ChaCha20_neon -#endif -.align 5 -ChaCha20_neon: - ldr r12,[sp,#0] @ pull pointer to counter and nonce - stmdb sp!,{r0,r1,r2,r4-r11,lr} -LChaCha20_neon: - adr r14,Lsigma - vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ ABI spec says so - stmdb sp!,{r0,r1,r2,r3} - - vld1.32 {q1,q2},[r3] @ load key - ldmia r3,{r4,r5,r6,r7,r8,r9,r10,r11} @ load key - - sub sp,sp,#4*(16+16) - vld1.32 {q3},[r12] @ load counter and nonce - add r12,sp,#4*8 - ldmia r14,{r0,r1,r2,r3} @ load sigma - vld1.32 {q0},[r14]! @ load sigma - vld1.32 {q12},[r14] @ one - vst1.32 {q2,q3},[r12] @ copy 1/2key|counter|nonce - vst1.32 {q0,q1},[sp] @ copy sigma|1/2key - - str r10,[sp,#4*(16+10)] @ off-load "rx" - str r11,[sp,#4*(16+11)] @ off-load "rx" - vshl.i32 d26,d24,#1 @ two - vstr d24,[sp,#4*(16+0)] - vshl.i32 d28,d24,#2 @ four - vstr d26,[sp,#4*(16+2)] - vmov q4,q0 - vstr d28,[sp,#4*(16+4)] - vmov q8,q0 - vmov q5,q1 - vmov q9,q1 - b Loop_neon_enter - -.align 4 -Loop_neon_outer: - ldmia sp,{r0,r1,r2,r3,r4,r5,r6,r7,r8,r9} @ load key material - cmp r11,#64*2 @ if len<=64*2 - bls Lbreak_neon @ switch to integer-only - vmov q4,q0 - str r11,[sp,#4*(32+2)] @ save len - vmov q8,q0 - str r12, [sp,#4*(32+1)] @ save inp - vmov q5,q1 - str r14, [sp,#4*(32+0)] @ save out - vmov q9,q1 -Loop_neon_enter: - ldr r11, [sp,#4*(15)] - vadd.i32 q7,q3,q12 @ counter+1 - ldr r12,[sp,#4*(12)] @ modulo-scheduled load - vmov q6,q2 - ldr r10, [sp,#4*(13)] - vmov q10,q2 - ldr r14,[sp,#4*(14)] - vadd.i32 q11,q7,q12 @ counter+2 - str r11, [sp,#4*(16+15)] - mov r11,#10 - add r12,r12,#3 @ counter+3 - b Loop_neon - -.align 4 -Loop_neon: - subs r11,r11,#1 - vadd.i32 q0,q0,q1 - add r0,r0,r4 - vadd.i32 q4,q4,q5 - mov r12,r12,ror#16 - vadd.i32 q8,q8,q9 - add r1,r1,r5 - veor q3,q3,q0 - mov r10,r10,ror#16 - veor q7,q7,q4 - eor r12,r12,r0,ror#16 - veor q11,q11,q8 - eor r10,r10,r1,ror#16 - vrev32.16 q3,q3 - add r8,r8,r12 - vrev32.16 q7,q7 - mov r4,r4,ror#20 - vrev32.16 q11,q11 - add r9,r9,r10 - vadd.i32 q2,q2,q3 - mov r5,r5,ror#20 - vadd.i32 q6,q6,q7 - eor r4,r4,r8,ror#20 - vadd.i32 q10,q10,q11 - eor r5,r5,r9,ror#20 - veor q12,q1,q2 - add r0,r0,r4 - veor q13,q5,q6 - mov r12,r12,ror#24 - veor q14,q9,q10 - add r1,r1,r5 - vshr.u32 q1,q12,#20 - mov r10,r10,ror#24 - vshr.u32 q5,q13,#20 - eor r12,r12,r0,ror#24 - vshr.u32 q9,q14,#20 - eor r10,r10,r1,ror#24 - vsli.32 q1,q12,#12 - add r8,r8,r12 - vsli.32 q5,q13,#12 - mov r4,r4,ror#25 - vsli.32 q9,q14,#12 - add r9,r9,r10 - vadd.i32 q0,q0,q1 - mov r5,r5,ror#25 - vadd.i32 q4,q4,q5 - str r10,[sp,#4*(16+13)] - vadd.i32 q8,q8,q9 - ldr r10,[sp,#4*(16+15)] - veor q12,q3,q0 - eor r4,r4,r8,ror#25 - veor q13,q7,q4 - eor r5,r5,r9,ror#25 - veor q14,q11,q8 - str r8,[sp,#4*(16+8)] - vshr.u32 q3,q12,#24 - ldr r8,[sp,#4*(16+10)] - vshr.u32 q7,q13,#24 - add r2,r2,r6 - vshr.u32 q11,q14,#24 - mov r14,r14,ror#16 - vsli.32 q3,q12,#8 - str r9,[sp,#4*(16+9)] - vsli.32 q7,q13,#8 - ldr r9,[sp,#4*(16+11)] - vsli.32 q11,q14,#8 - add r3,r3,r7 - vadd.i32 q2,q2,q3 - mov r10,r10,ror#16 - vadd.i32 q6,q6,q7 - eor r14,r14,r2,ror#16 - vadd.i32 q10,q10,q11 - eor r10,r10,r3,ror#16 - veor q12,q1,q2 - add r8,r8,r14 - veor q13,q5,q6 - mov r6,r6,ror#20 - veor q14,q9,q10 - add r9,r9,r10 - vshr.u32 q1,q12,#25 - mov r7,r7,ror#20 - vshr.u32 q5,q13,#25 - eor r6,r6,r8,ror#20 - vshr.u32 q9,q14,#25 - eor r7,r7,r9,ror#20 - vsli.32 q1,q12,#7 - add r2,r2,r6 - vsli.32 q5,q13,#7 - mov r14,r14,ror#24 - vsli.32 q9,q14,#7 - add r3,r3,r7 - vext.8 q2,q2,q2,#8 - mov r10,r10,ror#24 - vext.8 q6,q6,q6,#8 - eor r14,r14,r2,ror#24 - vext.8 q10,q10,q10,#8 - eor r10,r10,r3,ror#24 - vext.8 q1,q1,q1,#4 - add r8,r8,r14 - vext.8 q5,q5,q5,#4 - mov r6,r6,ror#25 - vext.8 q9,q9,q9,#4 - add r9,r9,r10 - vext.8 q3,q3,q3,#12 - mov r7,r7,ror#25 - vext.8 q7,q7,q7,#12 - eor r6,r6,r8,ror#25 - vext.8 q11,q11,q11,#12 - eor r7,r7,r9,ror#25 - vadd.i32 q0,q0,q1 - add r0,r0,r5 - vadd.i32 q4,q4,q5 - mov r10,r10,ror#16 - vadd.i32 q8,q8,q9 - add r1,r1,r6 - veor q3,q3,q0 - mov r12,r12,ror#16 - veor q7,q7,q4 - eor r10,r10,r0,ror#16 - veor q11,q11,q8 - eor r12,r12,r1,ror#16 - vrev32.16 q3,q3 - add r8,r8,r10 - vrev32.16 q7,q7 - mov r5,r5,ror#20 - vrev32.16 q11,q11 - add r9,r9,r12 - vadd.i32 q2,q2,q3 - mov r6,r6,ror#20 - vadd.i32 q6,q6,q7 - eor r5,r5,r8,ror#20 - vadd.i32 q10,q10,q11 - eor r6,r6,r9,ror#20 - veor q12,q1,q2 - add r0,r0,r5 - veor q13,q5,q6 - mov r10,r10,ror#24 - veor q14,q9,q10 - add r1,r1,r6 - vshr.u32 q1,q12,#20 - mov r12,r12,ror#24 - vshr.u32 q5,q13,#20 - eor r10,r10,r0,ror#24 - vshr.u32 q9,q14,#20 - eor r12,r12,r1,ror#24 - vsli.32 q1,q12,#12 - add r8,r8,r10 - vsli.32 q5,q13,#12 - mov r5,r5,ror#25 - vsli.32 q9,q14,#12 - str r10,[sp,#4*(16+15)] - vadd.i32 q0,q0,q1 - ldr r10,[sp,#4*(16+13)] - vadd.i32 q4,q4,q5 - add r9,r9,r12 - vadd.i32 q8,q8,q9 - mov r6,r6,ror#25 - veor q12,q3,q0 - eor r5,r5,r8,ror#25 - veor q13,q7,q4 - eor r6,r6,r9,ror#25 - veor q14,q11,q8 - str r8,[sp,#4*(16+10)] - vshr.u32 q3,q12,#24 - ldr r8,[sp,#4*(16+8)] - vshr.u32 q7,q13,#24 - add r2,r2,r7 - vshr.u32 q11,q14,#24 - mov r10,r10,ror#16 - vsli.32 q3,q12,#8 - str r9,[sp,#4*(16+11)] - vsli.32 q7,q13,#8 - ldr r9,[sp,#4*(16+9)] - vsli.32 q11,q14,#8 - add r3,r3,r4 - vadd.i32 q2,q2,q3 - mov r14,r14,ror#16 - vadd.i32 q6,q6,q7 - eor r10,r10,r2,ror#16 - vadd.i32 q10,q10,q11 - eor r14,r14,r3,ror#16 - veor q12,q1,q2 - add r8,r8,r10 - veor q13,q5,q6 - mov r7,r7,ror#20 - veor q14,q9,q10 - add r9,r9,r14 - vshr.u32 q1,q12,#25 - mov r4,r4,ror#20 - vshr.u32 q5,q13,#25 - eor r7,r7,r8,ror#20 - vshr.u32 q9,q14,#25 - eor r4,r4,r9,ror#20 - vsli.32 q1,q12,#7 - add r2,r2,r7 - vsli.32 q5,q13,#7 - mov r10,r10,ror#24 - vsli.32 q9,q14,#7 - add r3,r3,r4 - vext.8 q2,q2,q2,#8 - mov r14,r14,ror#24 - vext.8 q6,q6,q6,#8 - eor r10,r10,r2,ror#24 - vext.8 q10,q10,q10,#8 - eor r14,r14,r3,ror#24 - vext.8 q1,q1,q1,#12 - add r8,r8,r10 - vext.8 q5,q5,q5,#12 - mov r7,r7,ror#25 - vext.8 q9,q9,q9,#12 - add r9,r9,r14 - vext.8 q3,q3,q3,#4 - mov r4,r4,ror#25 - vext.8 q7,q7,q7,#4 - eor r7,r7,r8,ror#25 - vext.8 q11,q11,q11,#4 - eor r4,r4,r9,ror#25 - bne Loop_neon - - add r11,sp,#32 - vld1.32 {q12,q13},[sp] @ load key material - vld1.32 {q14,q15},[r11] - - ldr r11,[sp,#4*(32+2)] @ load len - - str r8, [sp,#4*(16+8)] @ modulo-scheduled store - str r9, [sp,#4*(16+9)] - str r12,[sp,#4*(16+12)] - str r10, [sp,#4*(16+13)] - str r14,[sp,#4*(16+14)] - - @ at this point we have first half of 512-bit result in - @ rx and second half at sp+4*(16+8) - - ldr r12,[sp,#4*(32+1)] @ load inp - ldr r14,[sp,#4*(32+0)] @ load out - - vadd.i32 q0,q0,q12 @ accumulate key material - vadd.i32 q4,q4,q12 - vadd.i32 q8,q8,q12 - vldr d24,[sp,#4*(16+0)] @ one - - vadd.i32 q1,q1,q13 - vadd.i32 q5,q5,q13 - vadd.i32 q9,q9,q13 - vldr d26,[sp,#4*(16+2)] @ two - - vadd.i32 q2,q2,q14 - vadd.i32 q6,q6,q14 - vadd.i32 q10,q10,q14 - vadd.i32 d14,d14,d24 @ counter+1 - vadd.i32 d22,d22,d26 @ counter+2 - - vadd.i32 q3,q3,q15 - vadd.i32 q7,q7,q15 - vadd.i32 q11,q11,q15 - - cmp r11,#64*4 - blo Ltail_neon - - vld1.8 {q12,q13},[r12]! @ load input - mov r11,sp - vld1.8 {q14,q15},[r12]! - veor q0,q0,q12 @ xor with input - veor q1,q1,q13 - vld1.8 {q12,q13},[r12]! - veor q2,q2,q14 - veor q3,q3,q15 - vld1.8 {q14,q15},[r12]! - - veor q4,q4,q12 - vst1.8 {q0,q1},[r14]! @ store output - veor q5,q5,q13 - vld1.8 {q12,q13},[r12]! - veor q6,q6,q14 - vst1.8 {q2,q3},[r14]! - veor q7,q7,q15 - vld1.8 {q14,q15},[r12]! - - veor q8,q8,q12 - vld1.32 {q0,q1},[r11]! @ load for next iteration - veor d25,d25,d25 - vldr d24,[sp,#4*(16+4)] @ four - veor q9,q9,q13 - vld1.32 {q2,q3},[r11] - veor q10,q10,q14 - vst1.8 {q4,q5},[r14]! - veor q11,q11,q15 - vst1.8 {q6,q7},[r14]! - - vadd.i32 d6,d6,d24 @ next counter value - vldr d24,[sp,#4*(16+0)] @ one - - ldmia sp,{r8,r9,r10,r11} @ load key material - add r0,r0,r8 @ accumulate key material - ldr r8,[r12],#16 @ load input - vst1.8 {q8,q9},[r14]! - add r1,r1,r9 - ldr r9,[r12,#-12] - vst1.8 {q10,q11},[r14]! - add r2,r2,r10 - ldr r10,[r12,#-8] - add r3,r3,r11 - ldr r11,[r12,#-4] -# ifdef __ARMEB__ - rev r0,r0 - rev r1,r1 - rev r2,r2 - rev r3,r3 -# endif - eor r0,r0,r8 @ xor with input - add r8,sp,#4*(4) - eor r1,r1,r9 - str r0,[r14],#16 @ store output - eor r2,r2,r10 - str r1,[r14,#-12] - eor r3,r3,r11 - ldmia r8,{r8,r9,r10,r11} @ load key material - str r2,[r14,#-8] - str r3,[r14,#-4] - - add r4,r4,r8 @ accumulate key material - ldr r8,[r12],#16 @ load input - add r5,r5,r9 - ldr r9,[r12,#-12] - add r6,r6,r10 - ldr r10,[r12,#-8] - add r7,r7,r11 - ldr r11,[r12,#-4] -# ifdef __ARMEB__ - rev r4,r4 - rev r5,r5 - rev r6,r6 - rev r7,r7 -# endif - eor r4,r4,r8 - add r8,sp,#4*(8) - eor r5,r5,r9 - str r4,[r14],#16 @ store output - eor r6,r6,r10 - str r5,[r14,#-12] - eor r7,r7,r11 - ldmia r8,{r8,r9,r10,r11} @ load key material - str r6,[r14,#-8] - add r0,sp,#4*(16+8) - str r7,[r14,#-4] - - ldmia r0,{r0,r1,r2,r3,r4,r5,r6,r7} @ load second half - - add r0,r0,r8 @ accumulate key material - ldr r8,[r12],#16 @ load input - add r1,r1,r9 - ldr r9,[r12,#-12] -# ifdef __thumb2__ - it hi -# endif - strhi r10,[sp,#4*(16+10)] @ copy "rx" while at it - add r2,r2,r10 - ldr r10,[r12,#-8] -# ifdef __thumb2__ - it hi -# endif - strhi r11,[sp,#4*(16+11)] @ copy "rx" while at it - add r3,r3,r11 - ldr r11,[r12,#-4] -# ifdef __ARMEB__ - rev r0,r0 - rev r1,r1 - rev r2,r2 - rev r3,r3 -# endif - eor r0,r0,r8 - add r8,sp,#4*(12) - eor r1,r1,r9 - str r0,[r14],#16 @ store output - eor r2,r2,r10 - str r1,[r14,#-12] - eor r3,r3,r11 - ldmia r8,{r8,r9,r10,r11} @ load key material - str r2,[r14,#-8] - str r3,[r14,#-4] - - add r4,r4,r8 @ accumulate key material - add r8,r8,#4 @ next counter value - add r5,r5,r9 - str r8,[sp,#4*(12)] @ save next counter value - ldr r8,[r12],#16 @ load input - add r6,r6,r10 - add r4,r4,#3 @ counter+3 - ldr r9,[r12,#-12] - add r7,r7,r11 - ldr r10,[r12,#-8] - ldr r11,[r12,#-4] -# ifdef __ARMEB__ - rev r4,r4 - rev r5,r5 - rev r6,r6 - rev r7,r7 -# endif - eor r4,r4,r8 -# ifdef __thumb2__ - it hi -# endif - ldrhi r8,[sp,#4*(32+2)] @ re-load len - eor r5,r5,r9 - eor r6,r6,r10 - str r4,[r14],#16 @ store output - eor r7,r7,r11 - str r5,[r14,#-12] - sub r11,r8,#64*4 @ len-=64*4 - str r6,[r14,#-8] - str r7,[r14,#-4] - bhi Loop_neon_outer - - b Ldone_neon - -.align 4 -Lbreak_neon: - @ harmonize NEON and integer-only stack frames: load data - @ from NEON frame, but save to integer-only one; distance - @ between the two is 4*(32+4+16-32)=4*(20). - - str r11, [sp,#4*(20+32+2)] @ save len - add r11,sp,#4*(32+4) - str r12, [sp,#4*(20+32+1)] @ save inp - str r14, [sp,#4*(20+32+0)] @ save out - - ldr r12,[sp,#4*(16+10)] - ldr r14,[sp,#4*(16+11)] - vldmia r11,{d8,d9,d10,d11,d12,d13,d14,d15} @ fulfill ABI requirement - str r12,[sp,#4*(20+16+10)] @ copy "rx" - str r14,[sp,#4*(20+16+11)] @ copy "rx" - - ldr r11, [sp,#4*(15)] - ldr r12,[sp,#4*(12)] @ modulo-scheduled load - ldr r10, [sp,#4*(13)] - ldr r14,[sp,#4*(14)] - str r11, [sp,#4*(20+16+15)] - add r11,sp,#4*(20) - vst1.32 {q0,q1},[r11]! @ copy key - add sp,sp,#4*(20) @ switch frame - vst1.32 {q2,q3},[r11] - mov r11,#10 - b Loop @ go integer-only - -.align 4 -Ltail_neon: - cmp r11,#64*3 - bhs L192_or_more_neon - cmp r11,#64*2 - bhs L128_or_more_neon - cmp r11,#64*1 - bhs L64_or_more_neon - - add r8,sp,#4*(8) - vst1.8 {q0,q1},[sp] - add r10,sp,#4*(0) - vst1.8 {q2,q3},[r8] - b Loop_tail_neon - -.align 4 -L64_or_more_neon: - vld1.8 {q12,q13},[r12]! - vld1.8 {q14,q15},[r12]! - veor q0,q0,q12 - veor q1,q1,q13 - veor q2,q2,q14 - veor q3,q3,q15 - vst1.8 {q0,q1},[r14]! - vst1.8 {q2,q3},[r14]! - - beq Ldone_neon - - add r8,sp,#4*(8) - vst1.8 {q4,q5},[sp] - add r10,sp,#4*(0) - vst1.8 {q6,q7},[r8] - sub r11,r11,#64*1 @ len-=64*1 - b Loop_tail_neon - -.align 4 -L128_or_more_neon: - vld1.8 {q12,q13},[r12]! - vld1.8 {q14,q15},[r12]! - veor q0,q0,q12 - veor q1,q1,q13 - vld1.8 {q12,q13},[r12]! - veor q2,q2,q14 - veor q3,q3,q15 - vld1.8 {q14,q15},[r12]! - - veor q4,q4,q12 - veor q5,q5,q13 - vst1.8 {q0,q1},[r14]! - veor q6,q6,q14 - vst1.8 {q2,q3},[r14]! - veor q7,q7,q15 - vst1.8 {q4,q5},[r14]! - vst1.8 {q6,q7},[r14]! - - beq Ldone_neon - - add r8,sp,#4*(8) - vst1.8 {q8,q9},[sp] - add r10,sp,#4*(0) - vst1.8 {q10,q11},[r8] - sub r11,r11,#64*2 @ len-=64*2 - b Loop_tail_neon - -.align 4 -L192_or_more_neon: - vld1.8 {q12,q13},[r12]! - vld1.8 {q14,q15},[r12]! - veor q0,q0,q12 - veor q1,q1,q13 - vld1.8 {q12,q13},[r12]! - veor q2,q2,q14 - veor q3,q3,q15 - vld1.8 {q14,q15},[r12]! - - veor q4,q4,q12 - veor q5,q5,q13 - vld1.8 {q12,q13},[r12]! - veor q6,q6,q14 - vst1.8 {q0,q1},[r14]! - veor q7,q7,q15 - vld1.8 {q14,q15},[r12]! - - veor q8,q8,q12 - vst1.8 {q2,q3},[r14]! - veor q9,q9,q13 - vst1.8 {q4,q5},[r14]! - veor q10,q10,q14 - vst1.8 {q6,q7},[r14]! - veor q11,q11,q15 - vst1.8 {q8,q9},[r14]! - vst1.8 {q10,q11},[r14]! - - beq Ldone_neon - - ldmia sp,{r8,r9,r10,r11} @ load key material - add r0,r0,r8 @ accumulate key material - add r8,sp,#4*(4) - add r1,r1,r9 - add r2,r2,r10 - add r3,r3,r11 - ldmia r8,{r8,r9,r10,r11} @ load key material - - add r4,r4,r8 @ accumulate key material - add r8,sp,#4*(8) - add r5,r5,r9 - add r6,r6,r10 - add r7,r7,r11 - ldmia r8,{r8,r9,r10,r11} @ load key material -# ifdef __ARMEB__ - rev r0,r0 - rev r1,r1 - rev r2,r2 - rev r3,r3 - rev r4,r4 - rev r5,r5 - rev r6,r6 - rev r7,r7 -# endif - stmia sp,{r0,r1,r2,r3,r4,r5,r6,r7} - add r0,sp,#4*(16+8) - - ldmia r0,{r0,r1,r2,r3,r4,r5,r6,r7} @ load second half - - add r0,r0,r8 @ accumulate key material - add r8,sp,#4*(12) - add r1,r1,r9 - add r2,r2,r10 - add r3,r3,r11 - ldmia r8,{r8,r9,r10,r11} @ load key material - - add r4,r4,r8 @ accumulate key material - add r8,sp,#4*(8) - add r5,r5,r9 - add r4,r4,#3 @ counter+3 - add r6,r6,r10 - add r7,r7,r11 - ldr r11,[sp,#4*(32+2)] @ re-load len -# ifdef __ARMEB__ - rev r0,r0 - rev r1,r1 - rev r2,r2 - rev r3,r3 - rev r4,r4 - rev r5,r5 - rev r6,r6 - rev r7,r7 -# endif - stmia r8,{r0,r1,r2,r3,r4,r5,r6,r7} - add r10,sp,#4*(0) - sub r11,r11,#64*3 @ len-=64*3 - -Loop_tail_neon: - ldrb r8,[r10],#1 @ read buffer on stack - ldrb r9,[r12],#1 @ read input - subs r11,r11,#1 - eor r8,r8,r9 - strb r8,[r14],#1 @ store output - bne Loop_tail_neon - -Ldone_neon: - add sp,sp,#4*(32+4) - vldmia sp,{d8,d9,d10,d11,d12,d13,d14,d15} - add sp,sp,#4*(16+3) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} - -#endif -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/chacha-armv4-linux32.S b/pregenerated/chacha-armv4-linux32.S index 1639ec7..4bf7edc 100644 --- a/pregenerated/chacha-armv4-linux32.S +++ b/pregenerated/chacha-armv4-linux32.S @@ -10,7 +10,8 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> @ Silence ARMv8 deprecated IT instruction warnings. This file is used by both @ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. @@ -37,18 +38,18 @@ .long 1,0,0,0 #if __ARM_MAX_ARCH__>=7 -.hidden GFp_armcap_P +.hidden OPENSSL_armcap_P .LOPENSSL_armcap: -.word GFp_armcap_P-.LChaCha20_ctr32 +.word OPENSSL_armcap_P-.LChaCha20_ctr32 #else .word -1 #endif -.globl GFp_ChaCha20_ctr32 -.hidden GFp_ChaCha20_ctr32 -.type GFp_ChaCha20_ctr32,%function +.globl ChaCha20_ctr32 +.hidden ChaCha20_ctr32 +.type ChaCha20_ctr32,%function .align 5 -GFp_ChaCha20_ctr32: +ChaCha20_ctr32: .LChaCha20_ctr32: ldr r12,[sp,#0] @ pull pointer to counter and nonce stmdb sp!,{r0,r1,r2,r4-r11,lr} @@ -806,7 +807,7 @@ GFp_ChaCha20_ctr32: add sp,sp,#4*(32+3) .Lno_data: ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} -.size GFp_ChaCha20_ctr32,.-GFp_ChaCha20_ctr32 +.size ChaCha20_ctr32,.-ChaCha20_ctr32 #if __ARM_MAX_ARCH__>=7 .arch armv7-a .fpu neon diff --git a/pregenerated/chacha-armv8-ios64.S b/pregenerated/chacha-armv8-ios64.S index 9961b78..918087b 100644 --- a/pregenerated/chacha-armv8-ios64.S +++ b/pregenerated/chacha-armv8-ios64.S @@ -9,10 +9,11 @@ #endif #if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> -.private_extern _GFp_armcap_P +.private_extern _OPENSSL_armcap_P .section __TEXT,__const @@ -26,21 +27,21 @@ Lone: .text -.globl _GFp_ChaCha20_ctr32 -.private_extern _GFp_ChaCha20_ctr32 +.globl _ChaCha20_ctr32 +.private_extern _ChaCha20_ctr32 .align 5 -_GFp_ChaCha20_ctr32: +_ChaCha20_ctr32: AARCH64_VALID_CALL_TARGET cbz x2,Labort #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 - adrp x5,:pg_hi21_nc:_GFp_armcap_P + adrp x5,:pg_hi21_nc:_OPENSSL_armcap_P #else - adrp x5,_GFp_armcap_P@PAGE + adrp x5,_OPENSSL_armcap_P@PAGE #endif cmp x2,#192 b.lo Lshort - ldr w17,[x5,_GFp_armcap_P@PAGEOFF] + ldr w17,[x5,_OPENSSL_armcap_P@PAGEOFF] tst w17,#ARMV7_NEON b.ne ChaCha20_neon diff --git a/pregenerated/chacha-armv8-linux64.S b/pregenerated/chacha-armv8-linux64.S index d8bef04..62d1336 100644 --- a/pregenerated/chacha-armv8-linux64.S +++ b/pregenerated/chacha-armv8-linux64.S @@ -10,10 +10,11 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__aarch64__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> -.hidden GFp_armcap_P +.hidden OPENSSL_armcap_P .section .rodata @@ -27,21 +28,21 @@ .text -.globl GFp_ChaCha20_ctr32 -.hidden GFp_ChaCha20_ctr32 -.type GFp_ChaCha20_ctr32,%function +.globl ChaCha20_ctr32 +.hidden ChaCha20_ctr32 +.type ChaCha20_ctr32,%function .align 5 -GFp_ChaCha20_ctr32: +ChaCha20_ctr32: AARCH64_VALID_CALL_TARGET cbz x2,.Labort #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 - adrp x5,:pg_hi21_nc:GFp_armcap_P + adrp x5,:pg_hi21_nc:OPENSSL_armcap_P #else - adrp x5,GFp_armcap_P + adrp x5,OPENSSL_armcap_P #endif cmp x2,#192 b.lo .Lshort - ldr w17,[x5,:lo12:GFp_armcap_P] + ldr w17,[x5,:lo12:OPENSSL_armcap_P] tst w17,#ARMV7_NEON b.ne ChaCha20_neon @@ -318,7 +319,7 @@ GFp_ChaCha20_ctr32: ldp x29,x30,[sp],#96 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_ChaCha20_ctr32,.-GFp_ChaCha20_ctr32 +.size ChaCha20_ctr32,.-ChaCha20_ctr32 .type ChaCha20_neon,%function .align 5 diff --git a/pregenerated/chacha-x86-elf.S b/pregenerated/chacha-x86-elf.S index 514d975..e293c53 100644 --- a/pregenerated/chacha-x86-elf.S +++ b/pregenerated/chacha-x86-elf.S @@ -2,16 +2,14 @@ # source tree. Do not edit by hand. #if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl GFp_ChaCha20_ctr32 -.hidden GFp_ChaCha20_ctr32 -.type GFp_ChaCha20_ctr32,@function +.globl ChaCha20_ctr32 +.hidden ChaCha20_ctr32 +.type ChaCha20_ctr32,@function .align 16 -GFp_ChaCha20_ctr32: -.L_GFp_ChaCha20_ctr32_begin: +ChaCha20_ctr32: +.L_ChaCha20_ctr32_begin: pushl %ebp pushl %ebx pushl %esi @@ -22,7 +20,7 @@ GFp_ChaCha20_ctr32: call .Lpic_point .Lpic_point: popl %eax - leal GFp_ia32cap_P-.Lpic_point(%eax),%ebp + leal OPENSSL_ia32cap_P-.Lpic_point(%eax),%ebp testl $16777216,(%ebp) jz .L001x86 testl $512,4(%ebp) @@ -379,7 +377,7 @@ GFp_ChaCha20_ctr32: popl %ebx popl %ebp ret -.size GFp_ChaCha20_ctr32,.-.L_GFp_ChaCha20_ctr32_begin +.size ChaCha20_ctr32,.-.L_ChaCha20_ctr32_begin .hidden _ChaCha20_ssse3 .type _ChaCha20_ssse3,@function .align 16 diff --git a/pregenerated/chacha-x86-macosx.S b/pregenerated/chacha-x86-macosx.S deleted file mode 100644 index 9adbd6f..0000000 --- a/pregenerated/chacha-x86-macosx.S +++ /dev/null @@ -1,972 +0,0 @@ -# This file is generated from a similarly-named Perl script in the BoringSSL -# source tree. Do not edit by hand. - -#if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif -.text -.globl _GFp_ChaCha20_ctr32 -.private_extern _GFp_ChaCha20_ctr32 -.align 4 -_GFp_ChaCha20_ctr32: -L_GFp_ChaCha20_ctr32_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - xorl %eax,%eax - cmpl 28(%esp),%eax - je L000no_data - call Lpic_point -Lpic_point: - popl %eax - movl L_GFp_ia32cap_P$non_lazy_ptr-Lpic_point(%eax),%ebp - testl $16777216,(%ebp) - jz L001x86 - testl $512,4(%ebp) - jz L001x86 - jmp Lssse3_shortcut -L001x86: - movl 32(%esp),%esi - movl 36(%esp),%edi - subl $132,%esp - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edx - movl %eax,80(%esp) - movl %ebx,84(%esp) - movl %ecx,88(%esp) - movl %edx,92(%esp) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edx - movl %eax,96(%esp) - movl %ebx,100(%esp) - movl %ecx,104(%esp) - movl %edx,108(%esp) - movl (%edi),%eax - movl 4(%edi),%ebx - movl 8(%edi),%ecx - movl 12(%edi),%edx - subl $1,%eax - movl %eax,112(%esp) - movl %ebx,116(%esp) - movl %ecx,120(%esp) - movl %edx,124(%esp) - jmp L002entry -.align 4,0x90 -L003outer_loop: - movl %ebx,156(%esp) - movl %eax,152(%esp) - movl %ecx,160(%esp) -L002entry: - movl $1634760805,%eax - movl $857760878,4(%esp) - movl $2036477234,8(%esp) - movl $1797285236,12(%esp) - movl 84(%esp),%ebx - movl 88(%esp),%ebp - movl 104(%esp),%ecx - movl 108(%esp),%esi - movl 116(%esp),%edx - movl 120(%esp),%edi - movl %ebx,20(%esp) - movl %ebp,24(%esp) - movl %ecx,40(%esp) - movl %esi,44(%esp) - movl %edx,52(%esp) - movl %edi,56(%esp) - movl 92(%esp),%ebx - movl 124(%esp),%edi - movl 112(%esp),%edx - movl 80(%esp),%ebp - movl 96(%esp),%ecx - movl 100(%esp),%esi - addl $1,%edx - movl %ebx,28(%esp) - movl %edi,60(%esp) - movl %edx,112(%esp) - movl $10,%ebx - jmp L004loop -.align 4,0x90 -L004loop: - addl %ebp,%eax - movl %ebx,128(%esp) - movl %ebp,%ebx - xorl %eax,%edx - roll $16,%edx - addl %edx,%ecx - xorl %ecx,%ebx - movl 52(%esp),%edi - roll $12,%ebx - movl 20(%esp),%ebp - addl %ebx,%eax - xorl %eax,%edx - movl %eax,(%esp) - roll $8,%edx - movl 4(%esp),%eax - addl %edx,%ecx - movl %edx,48(%esp) - xorl %ecx,%ebx - addl %ebp,%eax - roll $7,%ebx - xorl %eax,%edi - movl %ecx,32(%esp) - roll $16,%edi - movl %ebx,16(%esp) - addl %edi,%esi - movl 40(%esp),%ecx - xorl %esi,%ebp - movl 56(%esp),%edx - roll $12,%ebp - movl 24(%esp),%ebx - addl %ebp,%eax - xorl %eax,%edi - movl %eax,4(%esp) - roll $8,%edi - movl 8(%esp),%eax - addl %edi,%esi - movl %edi,52(%esp) - xorl %esi,%ebp - addl %ebx,%eax - roll $7,%ebp - xorl %eax,%edx - movl %esi,36(%esp) - roll $16,%edx - movl %ebp,20(%esp) - addl %edx,%ecx - movl 44(%esp),%esi - xorl %ecx,%ebx - movl 60(%esp),%edi - roll $12,%ebx - movl 28(%esp),%ebp - addl %ebx,%eax - xorl %eax,%edx - movl %eax,8(%esp) - roll $8,%edx - movl 12(%esp),%eax - addl %edx,%ecx - movl %edx,56(%esp) - xorl %ecx,%ebx - addl %ebp,%eax - roll $7,%ebx - xorl %eax,%edi - roll $16,%edi - movl %ebx,24(%esp) - addl %edi,%esi - xorl %esi,%ebp - roll $12,%ebp - movl 20(%esp),%ebx - addl %ebp,%eax - xorl %eax,%edi - movl %eax,12(%esp) - roll $8,%edi - movl (%esp),%eax - addl %edi,%esi - movl %edi,%edx - xorl %esi,%ebp - addl %ebx,%eax - roll $7,%ebp - xorl %eax,%edx - roll $16,%edx - movl %ebp,28(%esp) - addl %edx,%ecx - xorl %ecx,%ebx - movl 48(%esp),%edi - roll $12,%ebx - movl 24(%esp),%ebp - addl %ebx,%eax - xorl %eax,%edx - movl %eax,(%esp) - roll $8,%edx - movl 4(%esp),%eax - addl %edx,%ecx - movl %edx,60(%esp) - xorl %ecx,%ebx - addl %ebp,%eax - roll $7,%ebx - xorl %eax,%edi - movl %ecx,40(%esp) - roll $16,%edi - movl %ebx,20(%esp) - addl %edi,%esi - movl 32(%esp),%ecx - xorl %esi,%ebp - movl 52(%esp),%edx - roll $12,%ebp - movl 28(%esp),%ebx - addl %ebp,%eax - xorl %eax,%edi - movl %eax,4(%esp) - roll $8,%edi - movl 8(%esp),%eax - addl %edi,%esi - movl %edi,48(%esp) - xorl %esi,%ebp - addl %ebx,%eax - roll $7,%ebp - xorl %eax,%edx - movl %esi,44(%esp) - roll $16,%edx - movl %ebp,24(%esp) - addl %edx,%ecx - movl 36(%esp),%esi - xorl %ecx,%ebx - movl 56(%esp),%edi - roll $12,%ebx - movl 16(%esp),%ebp - addl %ebx,%eax - xorl %eax,%edx - movl %eax,8(%esp) - roll $8,%edx - movl 12(%esp),%eax - addl %edx,%ecx - movl %edx,52(%esp) - xorl %ecx,%ebx - addl %ebp,%eax - roll $7,%ebx - xorl %eax,%edi - roll $16,%edi - movl %ebx,28(%esp) - addl %edi,%esi - xorl %esi,%ebp - movl 48(%esp),%edx - roll $12,%ebp - movl 128(%esp),%ebx - addl %ebp,%eax - xorl %eax,%edi - movl %eax,12(%esp) - roll $8,%edi - movl (%esp),%eax - addl %edi,%esi - movl %edi,56(%esp) - xorl %esi,%ebp - roll $7,%ebp - decl %ebx - jnz L004loop - movl 160(%esp),%ebx - addl $1634760805,%eax - addl 80(%esp),%ebp - addl 96(%esp),%ecx - addl 100(%esp),%esi - cmpl $64,%ebx - jb L005tail - movl 156(%esp),%ebx - addl 112(%esp),%edx - addl 120(%esp),%edi - xorl (%ebx),%eax - xorl 16(%ebx),%ebp - movl %eax,(%esp) - movl 152(%esp),%eax - xorl 32(%ebx),%ecx - xorl 36(%ebx),%esi - xorl 48(%ebx),%edx - xorl 56(%ebx),%edi - movl %ebp,16(%eax) - movl %ecx,32(%eax) - movl %esi,36(%eax) - movl %edx,48(%eax) - movl %edi,56(%eax) - movl 4(%esp),%ebp - movl 8(%esp),%ecx - movl 12(%esp),%esi - movl 20(%esp),%edx - movl 24(%esp),%edi - addl $857760878,%ebp - addl $2036477234,%ecx - addl $1797285236,%esi - addl 84(%esp),%edx - addl 88(%esp),%edi - xorl 4(%ebx),%ebp - xorl 8(%ebx),%ecx - xorl 12(%ebx),%esi - xorl 20(%ebx),%edx - xorl 24(%ebx),%edi - movl %ebp,4(%eax) - movl %ecx,8(%eax) - movl %esi,12(%eax) - movl %edx,20(%eax) - movl %edi,24(%eax) - movl 28(%esp),%ebp - movl 40(%esp),%ecx - movl 44(%esp),%esi - movl 52(%esp),%edx - movl 60(%esp),%edi - addl 92(%esp),%ebp - addl 104(%esp),%ecx - addl 108(%esp),%esi - addl 116(%esp),%edx - addl 124(%esp),%edi - xorl 28(%ebx),%ebp - xorl 40(%ebx),%ecx - xorl 44(%ebx),%esi - xorl 52(%ebx),%edx - xorl 60(%ebx),%edi - leal 64(%ebx),%ebx - movl %ebp,28(%eax) - movl (%esp),%ebp - movl %ecx,40(%eax) - movl 160(%esp),%ecx - movl %esi,44(%eax) - movl %edx,52(%eax) - movl %edi,60(%eax) - movl %ebp,(%eax) - leal 64(%eax),%eax - subl $64,%ecx - jnz L003outer_loop - jmp L006done -L005tail: - addl 112(%esp),%edx - addl 120(%esp),%edi - movl %eax,(%esp) - movl %ebp,16(%esp) - movl %ecx,32(%esp) - movl %esi,36(%esp) - movl %edx,48(%esp) - movl %edi,56(%esp) - movl 4(%esp),%ebp - movl 8(%esp),%ecx - movl 12(%esp),%esi - movl 20(%esp),%edx - movl 24(%esp),%edi - addl $857760878,%ebp - addl $2036477234,%ecx - addl $1797285236,%esi - addl 84(%esp),%edx - addl 88(%esp),%edi - movl %ebp,4(%esp) - movl %ecx,8(%esp) - movl %esi,12(%esp) - movl %edx,20(%esp) - movl %edi,24(%esp) - movl 28(%esp),%ebp - movl 40(%esp),%ecx - movl 44(%esp),%esi - movl 52(%esp),%edx - movl 60(%esp),%edi - addl 92(%esp),%ebp - addl 104(%esp),%ecx - addl 108(%esp),%esi - addl 116(%esp),%edx - addl 124(%esp),%edi - movl %ebp,28(%esp) - movl 156(%esp),%ebp - movl %ecx,40(%esp) - movl 152(%esp),%ecx - movl %esi,44(%esp) - xorl %esi,%esi - movl %edx,52(%esp) - movl %edi,60(%esp) - xorl %eax,%eax - xorl %edx,%edx -L007tail_loop: - movb (%esi,%ebp,1),%al - movb (%esp,%esi,1),%dl - leal 1(%esi),%esi - xorb %dl,%al - movb %al,-1(%ecx,%esi,1) - decl %ebx - jnz L007tail_loop -L006done: - addl $132,%esp -L000no_data: - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.private_extern __ChaCha20_ssse3 -.align 4 -__ChaCha20_ssse3: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi -Lssse3_shortcut: - movl 20(%esp),%edi - movl 24(%esp),%esi - movl 28(%esp),%ecx - movl 32(%esp),%edx - movl 36(%esp),%ebx - movl %esp,%ebp - subl $524,%esp - andl $-64,%esp - movl %ebp,512(%esp) - leal Lssse3_data-Lpic_point(%eax),%eax - movdqu (%ebx),%xmm3 - cmpl $256,%ecx - jb L0081x - movl %edx,516(%esp) - movl %ebx,520(%esp) - subl $256,%ecx - leal 384(%esp),%ebp - movdqu (%edx),%xmm7 - pshufd $0,%xmm3,%xmm0 - pshufd $85,%xmm3,%xmm1 - pshufd $170,%xmm3,%xmm2 - pshufd $255,%xmm3,%xmm3 - paddd 48(%eax),%xmm0 - pshufd $0,%xmm7,%xmm4 - pshufd $85,%xmm7,%xmm5 - psubd 64(%eax),%xmm0 - pshufd $170,%xmm7,%xmm6 - pshufd $255,%xmm7,%xmm7 - movdqa %xmm0,64(%ebp) - movdqa %xmm1,80(%ebp) - movdqa %xmm2,96(%ebp) - movdqa %xmm3,112(%ebp) - movdqu 16(%edx),%xmm3 - movdqa %xmm4,-64(%ebp) - movdqa %xmm5,-48(%ebp) - movdqa %xmm6,-32(%ebp) - movdqa %xmm7,-16(%ebp) - movdqa 32(%eax),%xmm7 - leal 128(%esp),%ebx - pshufd $0,%xmm3,%xmm0 - pshufd $85,%xmm3,%xmm1 - pshufd $170,%xmm3,%xmm2 - pshufd $255,%xmm3,%xmm3 - pshufd $0,%xmm7,%xmm4 - pshufd $85,%xmm7,%xmm5 - pshufd $170,%xmm7,%xmm6 - pshufd $255,%xmm7,%xmm7 - movdqa %xmm0,(%ebp) - movdqa %xmm1,16(%ebp) - movdqa %xmm2,32(%ebp) - movdqa %xmm3,48(%ebp) - movdqa %xmm4,-128(%ebp) - movdqa %xmm5,-112(%ebp) - movdqa %xmm6,-96(%ebp) - movdqa %xmm7,-80(%ebp) - leal 128(%esi),%esi - leal 128(%edi),%edi - jmp L009outer_loop -.align 4,0x90 -L009outer_loop: - movdqa -112(%ebp),%xmm1 - movdqa -96(%ebp),%xmm2 - movdqa -80(%ebp),%xmm3 - movdqa -48(%ebp),%xmm5 - movdqa -32(%ebp),%xmm6 - movdqa -16(%ebp),%xmm7 - movdqa %xmm1,-112(%ebx) - movdqa %xmm2,-96(%ebx) - movdqa %xmm3,-80(%ebx) - movdqa %xmm5,-48(%ebx) - movdqa %xmm6,-32(%ebx) - movdqa %xmm7,-16(%ebx) - movdqa 32(%ebp),%xmm2 - movdqa 48(%ebp),%xmm3 - movdqa 64(%ebp),%xmm4 - movdqa 80(%ebp),%xmm5 - movdqa 96(%ebp),%xmm6 - movdqa 112(%ebp),%xmm7 - paddd 64(%eax),%xmm4 - movdqa %xmm2,32(%ebx) - movdqa %xmm3,48(%ebx) - movdqa %xmm4,64(%ebx) - movdqa %xmm5,80(%ebx) - movdqa %xmm6,96(%ebx) - movdqa %xmm7,112(%ebx) - movdqa %xmm4,64(%ebp) - movdqa -128(%ebp),%xmm0 - movdqa %xmm4,%xmm6 - movdqa -64(%ebp),%xmm3 - movdqa (%ebp),%xmm4 - movdqa 16(%ebp),%xmm5 - movl $10,%edx - nop -.align 4,0x90 -L010loop: - paddd %xmm3,%xmm0 - movdqa %xmm3,%xmm2 - pxor %xmm0,%xmm6 - pshufb (%eax),%xmm6 - paddd %xmm6,%xmm4 - pxor %xmm4,%xmm2 - movdqa -48(%ebx),%xmm3 - movdqa %xmm2,%xmm1 - pslld $12,%xmm2 - psrld $20,%xmm1 - por %xmm1,%xmm2 - movdqa -112(%ebx),%xmm1 - paddd %xmm2,%xmm0 - movdqa 80(%ebx),%xmm7 - pxor %xmm0,%xmm6 - movdqa %xmm0,-128(%ebx) - pshufb 16(%eax),%xmm6 - paddd %xmm6,%xmm4 - movdqa %xmm6,64(%ebx) - pxor %xmm4,%xmm2 - paddd %xmm3,%xmm1 - movdqa %xmm2,%xmm0 - pslld $7,%xmm2 - psrld $25,%xmm0 - pxor %xmm1,%xmm7 - por %xmm0,%xmm2 - movdqa %xmm4,(%ebx) - pshufb (%eax),%xmm7 - movdqa %xmm2,-64(%ebx) - paddd %xmm7,%xmm5 - movdqa 32(%ebx),%xmm4 - pxor %xmm5,%xmm3 - movdqa -32(%ebx),%xmm2 - movdqa %xmm3,%xmm0 - pslld $12,%xmm3 - psrld $20,%xmm0 - por %xmm0,%xmm3 - movdqa -96(%ebx),%xmm0 - paddd %xmm3,%xmm1 - movdqa 96(%ebx),%xmm6 - pxor %xmm1,%xmm7 - movdqa %xmm1,-112(%ebx) - pshufb 16(%eax),%xmm7 - paddd %xmm7,%xmm5 - movdqa %xmm7,80(%ebx) - pxor %xmm5,%xmm3 - paddd %xmm2,%xmm0 - movdqa %xmm3,%xmm1 - pslld $7,%xmm3 - psrld $25,%xmm1 - pxor %xmm0,%xmm6 - por %xmm1,%xmm3 - movdqa %xmm5,16(%ebx) - pshufb (%eax),%xmm6 - movdqa %xmm3,-48(%ebx) - paddd %xmm6,%xmm4 - movdqa 48(%ebx),%xmm5 - pxor %xmm4,%xmm2 - movdqa -16(%ebx),%xmm3 - movdqa %xmm2,%xmm1 - pslld $12,%xmm2 - psrld $20,%xmm1 - por %xmm1,%xmm2 - movdqa -80(%ebx),%xmm1 - paddd %xmm2,%xmm0 - movdqa 112(%ebx),%xmm7 - pxor %xmm0,%xmm6 - movdqa %xmm0,-96(%ebx) - pshufb 16(%eax),%xmm6 - paddd %xmm6,%xmm4 - movdqa %xmm6,96(%ebx) - pxor %xmm4,%xmm2 - paddd %xmm3,%xmm1 - movdqa %xmm2,%xmm0 - pslld $7,%xmm2 - psrld $25,%xmm0 - pxor %xmm1,%xmm7 - por %xmm0,%xmm2 - pshufb (%eax),%xmm7 - movdqa %xmm2,-32(%ebx) - paddd %xmm7,%xmm5 - pxor %xmm5,%xmm3 - movdqa -48(%ebx),%xmm2 - movdqa %xmm3,%xmm0 - pslld $12,%xmm3 - psrld $20,%xmm0 - por %xmm0,%xmm3 - movdqa -128(%ebx),%xmm0 - paddd %xmm3,%xmm1 - pxor %xmm1,%xmm7 - movdqa %xmm1,-80(%ebx) - pshufb 16(%eax),%xmm7 - paddd %xmm7,%xmm5 - movdqa %xmm7,%xmm6 - pxor %xmm5,%xmm3 - paddd %xmm2,%xmm0 - movdqa %xmm3,%xmm1 - pslld $7,%xmm3 - psrld $25,%xmm1 - pxor %xmm0,%xmm6 - por %xmm1,%xmm3 - pshufb (%eax),%xmm6 - movdqa %xmm3,-16(%ebx) - paddd %xmm6,%xmm4 - pxor %xmm4,%xmm2 - movdqa -32(%ebx),%xmm3 - movdqa %xmm2,%xmm1 - pslld $12,%xmm2 - psrld $20,%xmm1 - por %xmm1,%xmm2 - movdqa -112(%ebx),%xmm1 - paddd %xmm2,%xmm0 - movdqa 64(%ebx),%xmm7 - pxor %xmm0,%xmm6 - movdqa %xmm0,-128(%ebx) - pshufb 16(%eax),%xmm6 - paddd %xmm6,%xmm4 - movdqa %xmm6,112(%ebx) - pxor %xmm4,%xmm2 - paddd %xmm3,%xmm1 - movdqa %xmm2,%xmm0 - pslld $7,%xmm2 - psrld $25,%xmm0 - pxor %xmm1,%xmm7 - por %xmm0,%xmm2 - movdqa %xmm4,32(%ebx) - pshufb (%eax),%xmm7 - movdqa %xmm2,-48(%ebx) - paddd %xmm7,%xmm5 - movdqa (%ebx),%xmm4 - pxor %xmm5,%xmm3 - movdqa -16(%ebx),%xmm2 - movdqa %xmm3,%xmm0 - pslld $12,%xmm3 - psrld $20,%xmm0 - por %xmm0,%xmm3 - movdqa -96(%ebx),%xmm0 - paddd %xmm3,%xmm1 - movdqa 80(%ebx),%xmm6 - pxor %xmm1,%xmm7 - movdqa %xmm1,-112(%ebx) - pshufb 16(%eax),%xmm7 - paddd %xmm7,%xmm5 - movdqa %xmm7,64(%ebx) - pxor %xmm5,%xmm3 - paddd %xmm2,%xmm0 - movdqa %xmm3,%xmm1 - pslld $7,%xmm3 - psrld $25,%xmm1 - pxor %xmm0,%xmm6 - por %xmm1,%xmm3 - movdqa %xmm5,48(%ebx) - pshufb (%eax),%xmm6 - movdqa %xmm3,-32(%ebx) - paddd %xmm6,%xmm4 - movdqa 16(%ebx),%xmm5 - pxor %xmm4,%xmm2 - movdqa -64(%ebx),%xmm3 - movdqa %xmm2,%xmm1 - pslld $12,%xmm2 - psrld $20,%xmm1 - por %xmm1,%xmm2 - movdqa -80(%ebx),%xmm1 - paddd %xmm2,%xmm0 - movdqa 96(%ebx),%xmm7 - pxor %xmm0,%xmm6 - movdqa %xmm0,-96(%ebx) - pshufb 16(%eax),%xmm6 - paddd %xmm6,%xmm4 - movdqa %xmm6,80(%ebx) - pxor %xmm4,%xmm2 - paddd %xmm3,%xmm1 - movdqa %xmm2,%xmm0 - pslld $7,%xmm2 - psrld $25,%xmm0 - pxor %xmm1,%xmm7 - por %xmm0,%xmm2 - pshufb (%eax),%xmm7 - movdqa %xmm2,-16(%ebx) - paddd %xmm7,%xmm5 - pxor %xmm5,%xmm3 - movdqa %xmm3,%xmm0 - pslld $12,%xmm3 - psrld $20,%xmm0 - por %xmm0,%xmm3 - movdqa -128(%ebx),%xmm0 - paddd %xmm3,%xmm1 - movdqa 64(%ebx),%xmm6 - pxor %xmm1,%xmm7 - movdqa %xmm1,-80(%ebx) - pshufb 16(%eax),%xmm7 - paddd %xmm7,%xmm5 - movdqa %xmm7,96(%ebx) - pxor %xmm5,%xmm3 - movdqa %xmm3,%xmm1 - pslld $7,%xmm3 - psrld $25,%xmm1 - por %xmm1,%xmm3 - decl %edx - jnz L010loop - movdqa %xmm3,-64(%ebx) - movdqa %xmm4,(%ebx) - movdqa %xmm5,16(%ebx) - movdqa %xmm6,64(%ebx) - movdqa %xmm7,96(%ebx) - movdqa -112(%ebx),%xmm1 - movdqa -96(%ebx),%xmm2 - movdqa -80(%ebx),%xmm3 - paddd -128(%ebp),%xmm0 - paddd -112(%ebp),%xmm1 - paddd -96(%ebp),%xmm2 - paddd -80(%ebp),%xmm3 - movdqa %xmm0,%xmm6 - punpckldq %xmm1,%xmm0 - movdqa %xmm2,%xmm7 - punpckldq %xmm3,%xmm2 - punpckhdq %xmm1,%xmm6 - punpckhdq %xmm3,%xmm7 - movdqa %xmm0,%xmm1 - punpcklqdq %xmm2,%xmm0 - movdqa %xmm6,%xmm3 - punpcklqdq %xmm7,%xmm6 - punpckhqdq %xmm2,%xmm1 - punpckhqdq %xmm7,%xmm3 - movdqu -128(%esi),%xmm4 - movdqu -64(%esi),%xmm5 - movdqu (%esi),%xmm2 - movdqu 64(%esi),%xmm7 - leal 16(%esi),%esi - pxor %xmm0,%xmm4 - movdqa -64(%ebx),%xmm0 - pxor %xmm1,%xmm5 - movdqa -48(%ebx),%xmm1 - pxor %xmm2,%xmm6 - movdqa -32(%ebx),%xmm2 - pxor %xmm3,%xmm7 - movdqa -16(%ebx),%xmm3 - movdqu %xmm4,-128(%edi) - movdqu %xmm5,-64(%edi) - movdqu %xmm6,(%edi) - movdqu %xmm7,64(%edi) - leal 16(%edi),%edi - paddd -64(%ebp),%xmm0 - paddd -48(%ebp),%xmm1 - paddd -32(%ebp),%xmm2 - paddd -16(%ebp),%xmm3 - movdqa %xmm0,%xmm6 - punpckldq %xmm1,%xmm0 - movdqa %xmm2,%xmm7 - punpckldq %xmm3,%xmm2 - punpckhdq %xmm1,%xmm6 - punpckhdq %xmm3,%xmm7 - movdqa %xmm0,%xmm1 - punpcklqdq %xmm2,%xmm0 - movdqa %xmm6,%xmm3 - punpcklqdq %xmm7,%xmm6 - punpckhqdq %xmm2,%xmm1 - punpckhqdq %xmm7,%xmm3 - movdqu -128(%esi),%xmm4 - movdqu -64(%esi),%xmm5 - movdqu (%esi),%xmm2 - movdqu 64(%esi),%xmm7 - leal 16(%esi),%esi - pxor %xmm0,%xmm4 - movdqa (%ebx),%xmm0 - pxor %xmm1,%xmm5 - movdqa 16(%ebx),%xmm1 - pxor %xmm2,%xmm6 - movdqa 32(%ebx),%xmm2 - pxor %xmm3,%xmm7 - movdqa 48(%ebx),%xmm3 - movdqu %xmm4,-128(%edi) - movdqu %xmm5,-64(%edi) - movdqu %xmm6,(%edi) - movdqu %xmm7,64(%edi) - leal 16(%edi),%edi - paddd (%ebp),%xmm0 - paddd 16(%ebp),%xmm1 - paddd 32(%ebp),%xmm2 - paddd 48(%ebp),%xmm3 - movdqa %xmm0,%xmm6 - punpckldq %xmm1,%xmm0 - movdqa %xmm2,%xmm7 - punpckldq %xmm3,%xmm2 - punpckhdq %xmm1,%xmm6 - punpckhdq %xmm3,%xmm7 - movdqa %xmm0,%xmm1 - punpcklqdq %xmm2,%xmm0 - movdqa %xmm6,%xmm3 - punpcklqdq %xmm7,%xmm6 - punpckhqdq %xmm2,%xmm1 - punpckhqdq %xmm7,%xmm3 - movdqu -128(%esi),%xmm4 - movdqu -64(%esi),%xmm5 - movdqu (%esi),%xmm2 - movdqu 64(%esi),%xmm7 - leal 16(%esi),%esi - pxor %xmm0,%xmm4 - movdqa 64(%ebx),%xmm0 - pxor %xmm1,%xmm5 - movdqa 80(%ebx),%xmm1 - pxor %xmm2,%xmm6 - movdqa 96(%ebx),%xmm2 - pxor %xmm3,%xmm7 - movdqa 112(%ebx),%xmm3 - movdqu %xmm4,-128(%edi) - movdqu %xmm5,-64(%edi) - movdqu %xmm6,(%edi) - movdqu %xmm7,64(%edi) - leal 16(%edi),%edi - paddd 64(%ebp),%xmm0 - paddd 80(%ebp),%xmm1 - paddd 96(%ebp),%xmm2 - paddd 112(%ebp),%xmm3 - movdqa %xmm0,%xmm6 - punpckldq %xmm1,%xmm0 - movdqa %xmm2,%xmm7 - punpckldq %xmm3,%xmm2 - punpckhdq %xmm1,%xmm6 - punpckhdq %xmm3,%xmm7 - movdqa %xmm0,%xmm1 - punpcklqdq %xmm2,%xmm0 - movdqa %xmm6,%xmm3 - punpcklqdq %xmm7,%xmm6 - punpckhqdq %xmm2,%xmm1 - punpckhqdq %xmm7,%xmm3 - movdqu -128(%esi),%xmm4 - movdqu -64(%esi),%xmm5 - movdqu (%esi),%xmm2 - movdqu 64(%esi),%xmm7 - leal 208(%esi),%esi - pxor %xmm0,%xmm4 - pxor %xmm1,%xmm5 - pxor %xmm2,%xmm6 - pxor %xmm3,%xmm7 - movdqu %xmm4,-128(%edi) - movdqu %xmm5,-64(%edi) - movdqu %xmm6,(%edi) - movdqu %xmm7,64(%edi) - leal 208(%edi),%edi - subl $256,%ecx - jnc L009outer_loop - addl $256,%ecx - jz L011done - movl 520(%esp),%ebx - leal -128(%esi),%esi - movl 516(%esp),%edx - leal -128(%edi),%edi - movd 64(%ebp),%xmm2 - movdqu (%ebx),%xmm3 - paddd 96(%eax),%xmm2 - pand 112(%eax),%xmm3 - por %xmm2,%xmm3 -L0081x: - movdqa 32(%eax),%xmm0 - movdqu (%edx),%xmm1 - movdqu 16(%edx),%xmm2 - movdqa (%eax),%xmm6 - movdqa 16(%eax),%xmm7 - movl %ebp,48(%esp) - movdqa %xmm0,(%esp) - movdqa %xmm1,16(%esp) - movdqa %xmm2,32(%esp) - movdqa %xmm3,48(%esp) - movl $10,%edx - jmp L012loop1x -.align 4,0x90 -L013outer1x: - movdqa 80(%eax),%xmm3 - movdqa (%esp),%xmm0 - movdqa 16(%esp),%xmm1 - movdqa 32(%esp),%xmm2 - paddd 48(%esp),%xmm3 - movl $10,%edx - movdqa %xmm3,48(%esp) - jmp L012loop1x -.align 4,0x90 -L012loop1x: - paddd %xmm1,%xmm0 - pxor %xmm0,%xmm3 -.byte 102,15,56,0,222 - paddd %xmm3,%xmm2 - pxor %xmm2,%xmm1 - movdqa %xmm1,%xmm4 - psrld $20,%xmm1 - pslld $12,%xmm4 - por %xmm4,%xmm1 - paddd %xmm1,%xmm0 - pxor %xmm0,%xmm3 -.byte 102,15,56,0,223 - paddd %xmm3,%xmm2 - pxor %xmm2,%xmm1 - movdqa %xmm1,%xmm4 - psrld $25,%xmm1 - pslld $7,%xmm4 - por %xmm4,%xmm1 - pshufd $78,%xmm2,%xmm2 - pshufd $57,%xmm1,%xmm1 - pshufd $147,%xmm3,%xmm3 - nop - paddd %xmm1,%xmm0 - pxor %xmm0,%xmm3 -.byte 102,15,56,0,222 - paddd %xmm3,%xmm2 - pxor %xmm2,%xmm1 - movdqa %xmm1,%xmm4 - psrld $20,%xmm1 - pslld $12,%xmm4 - por %xmm4,%xmm1 - paddd %xmm1,%xmm0 - pxor %xmm0,%xmm3 -.byte 102,15,56,0,223 - paddd %xmm3,%xmm2 - pxor %xmm2,%xmm1 - movdqa %xmm1,%xmm4 - psrld $25,%xmm1 - pslld $7,%xmm4 - por %xmm4,%xmm1 - pshufd $78,%xmm2,%xmm2 - pshufd $147,%xmm1,%xmm1 - pshufd $57,%xmm3,%xmm3 - decl %edx - jnz L012loop1x - paddd (%esp),%xmm0 - paddd 16(%esp),%xmm1 - paddd 32(%esp),%xmm2 - paddd 48(%esp),%xmm3 - cmpl $64,%ecx - jb L014tail - movdqu (%esi),%xmm4 - movdqu 16(%esi),%xmm5 - pxor %xmm4,%xmm0 - movdqu 32(%esi),%xmm4 - pxor %xmm5,%xmm1 - movdqu 48(%esi),%xmm5 - pxor %xmm4,%xmm2 - pxor %xmm5,%xmm3 - leal 64(%esi),%esi - movdqu %xmm0,(%edi) - movdqu %xmm1,16(%edi) - movdqu %xmm2,32(%edi) - movdqu %xmm3,48(%edi) - leal 64(%edi),%edi - subl $64,%ecx - jnz L013outer1x - jmp L011done -L014tail: - movdqa %xmm0,(%esp) - movdqa %xmm1,16(%esp) - movdqa %xmm2,32(%esp) - movdqa %xmm3,48(%esp) - xorl %eax,%eax - xorl %edx,%edx - xorl %ebp,%ebp -L015tail_loop: - movb (%esp,%ebp,1),%al - movb (%esi,%ebp,1),%dl - leal 1(%ebp),%ebp - xorb %dl,%al - movb %al,-1(%edi,%ebp,1) - decl %ecx - jnz L015tail_loop -L011done: - movl 512(%esp),%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.align 6,0x90 -Lssse3_data: -.byte 2,3,0,1,6,7,4,5,10,11,8,9,14,15,12,13 -.byte 3,0,1,2,7,4,5,6,11,8,9,10,15,12,13,14 -.long 1634760805,857760878,2036477234,1797285236 -.long 0,1,2,3 -.long 4,4,4,4 -.long 1,0,0,0 -.long 4,0,0,0 -.long 0,-1,-1,-1 -.align 6,0x90 -.byte 67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54 -.byte 44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32 -.byte 60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111 -.byte 114,103,62,0 -.section __IMPORT,__pointers,non_lazy_symbol_pointers -L_GFp_ia32cap_P$non_lazy_ptr: -.indirect_symbol _GFp_ia32cap_P -.long 0 -#endif diff --git a/pregenerated/chacha-x86-win32n.obj b/pregenerated/chacha-x86-win32n.obj Binary files differindex bbd8c65..345fc76 100644 --- a/pregenerated/chacha-x86-win32n.obj +++ b/pregenerated/chacha-x86-win32n.obj diff --git a/pregenerated/chacha-x86_64-elf.S b/pregenerated/chacha-x86_64-elf.S index ca665f4..02f6ea6 100644 --- a/pregenerated/chacha-x86_64-elf.S +++ b/pregenerated/chacha-x86_64-elf.S @@ -8,10 +8,11 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P .align 64 .Lzero: @@ -42,15 +43,15 @@ .Lsixteen: .long 16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16 .byte 67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.globl GFp_ChaCha20_ctr32 -.hidden GFp_ChaCha20_ctr32 -.type GFp_ChaCha20_ctr32,@function +.globl ChaCha20_ctr32 +.hidden ChaCha20_ctr32 +.type ChaCha20_ctr32,@function .align 64 -GFp_ChaCha20_ctr32: +ChaCha20_ctr32: .cfi_startproc cmpq $0,%rdx je .Lno_data - movq GFp_ia32cap_P+4(%rip),%r10 + movq OPENSSL_ia32cap_P+4(%rip),%r10 testl $512,%r10d jnz .LChaCha20_ssse3 @@ -330,7 +331,7 @@ GFp_ChaCha20_ctr32: .Lno_data: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_ChaCha20_ctr32,.-GFp_ChaCha20_ctr32 +.size ChaCha20_ctr32,.-ChaCha20_ctr32 .type ChaCha20_ssse3,@function .align 32 ChaCha20_ssse3: diff --git a/pregenerated/chacha-x86_64-macosx.S b/pregenerated/chacha-x86_64-macosx.S index 96f4409..5eabae4 100644 --- a/pregenerated/chacha-x86_64-macosx.S +++ b/pregenerated/chacha-x86_64-macosx.S @@ -8,6 +8,7 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text @@ -41,15 +42,15 @@ L$incz: L$sixteen: .long 16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16 .byte 67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.globl _GFp_ChaCha20_ctr32 -.private_extern _GFp_ChaCha20_ctr32 +.globl _ChaCha20_ctr32 +.private_extern _ChaCha20_ctr32 .p2align 6 -_GFp_ChaCha20_ctr32: +_ChaCha20_ctr32: cmpq $0,%rdx je L$no_data - movq _GFp_ia32cap_P+4(%rip),%r10 + movq _OPENSSL_ia32cap_P+4(%rip),%r10 testl $512,%r10d jnz L$ChaCha20_ssse3 diff --git a/pregenerated/chacha-x86_64-nasm.obj b/pregenerated/chacha-x86_64-nasm.obj Binary files differindex 8298ce6..252d677 100644 --- a/pregenerated/chacha-x86_64-nasm.obj +++ b/pregenerated/chacha-x86_64-nasm.obj diff --git a/pregenerated/chacha20_poly1305_x86_64-elf.S b/pregenerated/chacha20_poly1305_x86_64-elf.S index 6c9c107..eff24d4 100644 --- a/pregenerated/chacha20_poly1305_x86_64-elf.S +++ b/pregenerated/chacha20_poly1305_x86_64-elf.S @@ -8,9 +8,10 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P chacha20_poly1305_constants: @@ -219,11 +220,11 @@ poly_hash_ad_internal: .cfi_endproc .size poly_hash_ad_internal, .-poly_hash_ad_internal -.globl GFp_chacha20_poly1305_open -.hidden GFp_chacha20_poly1305_open -.type GFp_chacha20_poly1305_open,@function +.globl chacha20_poly1305_open +.hidden chacha20_poly1305_open +.type chacha20_poly1305_open,@function .align 64 -GFp_chacha20_poly1305_open: +chacha20_poly1305_open: .cfi_startproc pushq %rbp .cfi_adjust_cfa_offset 8 @@ -258,7 +259,7 @@ GFp_chacha20_poly1305_open: movq %r8,0+0+32(%rbp) movq %rbx,8+0+32(%rbp) - movl GFp_ia32cap_P+8(%rip),%eax + movl OPENSSL_ia32cap_P+8(%rip),%eax andl $288,%eax xorl $288,%eax jz chacha20_poly1305_open_avx2 @@ -2095,7 +2096,7 @@ GFp_chacha20_poly1305_open: movdqa %xmm10,%xmm6 movdqa %xmm14,%xmm10 jmp .Lopen_sse_128_xor_hash -.size GFp_chacha20_poly1305_open, .-GFp_chacha20_poly1305_open +.size chacha20_poly1305_open, .-chacha20_poly1305_open .cfi_endproc @@ -2103,11 +2104,12 @@ GFp_chacha20_poly1305_open: -.globl GFp_chacha20_poly1305_seal -.hidden GFp_chacha20_poly1305_seal -.type GFp_chacha20_poly1305_seal,@function + +.globl chacha20_poly1305_seal +.hidden chacha20_poly1305_seal +.type chacha20_poly1305_seal,@function .align 64 -GFp_chacha20_poly1305_seal: +chacha20_poly1305_seal: .cfi_startproc pushq %rbp .cfi_adjust_cfa_offset 8 @@ -2143,7 +2145,7 @@ GFp_chacha20_poly1305_seal: movq %rbx,8+0+32(%rbp) movq %rdx,%rbx - movl GFp_ia32cap_P+8(%rip),%eax + movl OPENSSL_ia32cap_P+8(%rip),%eax andl $288,%eax xorl $288,%eax jz chacha20_poly1305_seal_avx2 @@ -4099,7 +4101,7 @@ process_extra_in_trailer: movq %r8,%r8 call poly_hash_ad_internal jmp .Lseal_sse_128_tail_xor -.size GFp_chacha20_poly1305_seal, .-GFp_chacha20_poly1305_seal +.size chacha20_poly1305_seal, .-chacha20_poly1305_seal .cfi_endproc diff --git a/pregenerated/chacha20_poly1305_x86_64-macosx.S b/pregenerated/chacha20_poly1305_x86_64-macosx.S index fbd3075..939209c 100644 --- a/pregenerated/chacha20_poly1305_x86_64-macosx.S +++ b/pregenerated/chacha20_poly1305_x86_64-macosx.S @@ -8,6 +8,7 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text @@ -218,11 +219,11 @@ L$hash_ad_done: -.globl _GFp_chacha20_poly1305_open -.private_extern _GFp_chacha20_poly1305_open +.globl _chacha20_poly1305_open +.private_extern _chacha20_poly1305_open .p2align 6 -_GFp_chacha20_poly1305_open: +_chacha20_poly1305_open: pushq %rbp @@ -250,7 +251,7 @@ _GFp_chacha20_poly1305_open: movq %r8,0+0+32(%rbp) movq %rbx,8+0+32(%rbp) - movl _GFp_ia32cap_P+8(%rip),%eax + movl _OPENSSL_ia32cap_P+8(%rip),%eax andl $288,%eax xorl $288,%eax jz chacha20_poly1305_open_avx2 @@ -2088,11 +2089,12 @@ L$open_sse_128_xor_hash: -.globl _GFp_chacha20_poly1305_seal -.private_extern _GFp_chacha20_poly1305_seal + +.globl _chacha20_poly1305_seal +.private_extern _chacha20_poly1305_seal .p2align 6 -_GFp_chacha20_poly1305_seal: +_chacha20_poly1305_seal: pushq %rbp @@ -2121,7 +2123,7 @@ _GFp_chacha20_poly1305_seal: movq %rbx,8+0+32(%rbp) movq %rdx,%rbx - movl _GFp_ia32cap_P+8(%rip),%eax + movl _OPENSSL_ia32cap_P+8(%rip),%eax andl $288,%eax xorl $288,%eax jz chacha20_poly1305_seal_avx2 diff --git a/pregenerated/chacha20_poly1305_x86_64-nasm.obj b/pregenerated/chacha20_poly1305_x86_64-nasm.obj Binary files differindex f3483a3..98dc999 100644 --- a/pregenerated/chacha20_poly1305_x86_64-nasm.obj +++ b/pregenerated/chacha20_poly1305_x86_64-nasm.obj diff --git a/pregenerated/ecp_nistz256-armv4-ios32.S b/pregenerated/ecp_nistz256-armv4-ios32.S deleted file mode 100644 index 360a959..0000000 --- a/pregenerated/ecp_nistz256-armv4-ios32.S +++ /dev/null @@ -1,1114 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> - -.text -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.byte 69,67,80,95,78,73,83,84,90,50,53,54,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 -.align 6 -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_mul_by_2 -#endif -.align 4 -__ecp_nistz256_mul_by_2: - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - adds r4,r4,r4 @ a[0:7]+=a[0:7], i.e. add with itself - ldr r7,[r1,#12] - adcs r5,r5,r5 - ldr r8,[r1,#16] - adcs r6,r6,r6 - ldr r9,[r1,#20] - adcs r7,r7,r7 - ldr r10,[r1,#24] - adcs r8,r8,r8 - ldr r11,[r1,#28] - adcs r9,r9,r9 - adcs r10,r10,r10 - mov r3,#0 - adcs r11,r11,r11 - adc r3,r3,#0 - - b Lreduce_by_sub - - -@ void GFp_nistz256_add(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl _GFp_nistz256_add -.private_extern _GFp_nistz256_add -#ifdef __thumb2__ -.thumb_func _GFp_nistz256_add -#endif -.align 4 -_GFp_nistz256_add: - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bl __ecp_nistz256_add -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif - - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_add -#endif -.align 4 -__ecp_nistz256_add: - str lr,[sp,#-4]! @ push lr - - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - ldr r7,[r1,#12] - ldr r8,[r1,#16] - ldr r3,[r2,#0] - ldr r9,[r1,#20] - ldr r12,[r2,#4] - ldr r10,[r1,#24] - ldr r14,[r2,#8] - ldr r11,[r1,#28] - ldr r1,[r2,#12] - adds r4,r4,r3 - ldr r3,[r2,#16] - adcs r5,r5,r12 - ldr r12,[r2,#20] - adcs r6,r6,r14 - ldr r14,[r2,#24] - adcs r7,r7,r1 - ldr r1,[r2,#28] - adcs r8,r8,r3 - adcs r9,r9,r12 - adcs r10,r10,r14 - mov r3,#0 - adcs r11,r11,r1 - adc r3,r3,#0 - ldr lr,[sp],#4 @ pop lr - -Lreduce_by_sub: - - @ if a+b >= modulus, subtract modulus. - @ - @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subtraction borrowed. - - subs r4,r4,#-1 - sbcs r5,r5,#-1 - sbcs r6,r6,#-1 - sbcs r7,r7,#0 - sbcs r8,r8,#0 - sbcs r9,r9,#0 - sbcs r10,r10,#1 - sbcs r11,r11,#-1 - sbc r3,r3,#0 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ using value of borrow as a whole or extracting single bit. - @ Follow r3 register... - - adds r4,r4,r3 @ add synthesized modulus - adcs r5,r5,r3 - str r4,[r0,#0] - adcs r6,r6,r3 - str r5,[r0,#4] - adcs r7,r7,#0 - str r6,[r0,#8] - adcs r8,r8,#0 - str r7,[r0,#12] - adcs r9,r9,#0 - str r8,[r0,#16] - adcs r10,r10,r3,lsr#31 - str r9,[r0,#20] - adcs r11,r11,r3 - str r10,[r0,#24] - str r11,[r0,#28] - - mov pc,lr - - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_mul_by_3 -#endif -.align 4 -__ecp_nistz256_mul_by_3: - str lr,[sp,#-4]! @ push lr - - @ As multiplication by 3 is performed as 2*n+n, below are inline - @ copies of __ecp_nistz256_mul_by_2 and __ecp_nistz256_add, see - @ corresponding subroutines for details. - - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - adds r4,r4,r4 @ a[0:7]+=a[0:7] - ldr r7,[r1,#12] - adcs r5,r5,r5 - ldr r8,[r1,#16] - adcs r6,r6,r6 - ldr r9,[r1,#20] - adcs r7,r7,r7 - ldr r10,[r1,#24] - adcs r8,r8,r8 - ldr r11,[r1,#28] - adcs r9,r9,r9 - adcs r10,r10,r10 - mov r3,#0 - adcs r11,r11,r11 - adc r3,r3,#0 - - subs r4,r4,#-1 @ Lreduce_by_sub but without stores - sbcs r5,r5,#-1 - sbcs r6,r6,#-1 - sbcs r7,r7,#0 - sbcs r8,r8,#0 - sbcs r9,r9,#0 - sbcs r10,r10,#1 - sbcs r11,r11,#-1 - sbc r3,r3,#0 - - adds r4,r4,r3 @ add synthesized modulus - adcs r5,r5,r3 - adcs r6,r6,r3 - adcs r7,r7,#0 - adcs r8,r8,#0 - ldr r2,[r1,#0] - adcs r9,r9,#0 - ldr r12,[r1,#4] - adcs r10,r10,r3,lsr#31 - ldr r14,[r1,#8] - adc r11,r11,r3 - - ldr r3,[r1,#12] - adds r4,r4,r2 @ 2*a[0:7]+=a[0:7] - ldr r2,[r1,#16] - adcs r5,r5,r12 - ldr r12,[r1,#20] - adcs r6,r6,r14 - ldr r14,[r1,#24] - adcs r7,r7,r3 - ldr r1,[r1,#28] - adcs r8,r8,r2 - adcs r9,r9,r12 - adcs r10,r10,r14 - mov r3,#0 - adcs r11,r11,r1 - adc r3,r3,#0 - ldr lr,[sp],#4 @ pop lr - - b Lreduce_by_sub - - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_div_by_2 -#endif -.align 4 -__ecp_nistz256_div_by_2: - @ ret = (a is odd ? a+mod : a) >> 1 - - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - mov r3,r4,lsl#31 @ place least significant bit to most - @ significant position, now arithmetic - @ right shift by 31 will produce -1 or - @ 0, while logical right shift 1 or 0, - @ this is how modulus is conditionally - @ synthesized in this case... - ldr r7,[r1,#12] - adds r4,r4,r3,asr#31 - ldr r8,[r1,#16] - adcs r5,r5,r3,asr#31 - ldr r9,[r1,#20] - adcs r6,r6,r3,asr#31 - ldr r10,[r1,#24] - adcs r7,r7,#0 - ldr r11,[r1,#28] - adcs r8,r8,#0 - mov r4,r4,lsr#1 @ a[0:7]>>=1, we can start early - @ because it doesn't affect flags - adcs r9,r9,#0 - orr r4,r4,r5,lsl#31 - adcs r10,r10,r3,lsr#31 - mov r2,#0 - adcs r11,r11,r3,asr#31 - mov r5,r5,lsr#1 - adc r2,r2,#0 @ top-most carry bit from addition - - orr r5,r5,r6,lsl#31 - mov r6,r6,lsr#1 - str r4,[r0,#0] - orr r6,r6,r7,lsl#31 - mov r7,r7,lsr#1 - str r5,[r0,#4] - orr r7,r7,r8,lsl#31 - mov r8,r8,lsr#1 - str r6,[r0,#8] - orr r8,r8,r9,lsl#31 - mov r9,r9,lsr#1 - str r7,[r0,#12] - orr r9,r9,r10,lsl#31 - mov r10,r10,lsr#1 - str r8,[r0,#16] - orr r10,r10,r11,lsl#31 - mov r11,r11,lsr#1 - str r9,[r0,#20] - orr r11,r11,r2,lsl#31 @ don't forget the top-most carry bit - str r10,[r0,#24] - str r11,[r0,#28] - - mov pc,lr - - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_sub -#endif -.align 4 -__ecp_nistz256_sub: - str lr,[sp,#-4]! @ push lr - - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - ldr r7,[r1,#12] - ldr r8,[r1,#16] - ldr r3,[r2,#0] - ldr r9,[r1,#20] - ldr r12,[r2,#4] - ldr r10,[r1,#24] - ldr r14,[r2,#8] - ldr r11,[r1,#28] - ldr r1,[r2,#12] - subs r4,r4,r3 - ldr r3,[r2,#16] - sbcs r5,r5,r12 - ldr r12,[r2,#20] - sbcs r6,r6,r14 - ldr r14,[r2,#24] - sbcs r7,r7,r1 - ldr r1,[r2,#28] - sbcs r8,r8,r3 - sbcs r9,r9,r12 - sbcs r10,r10,r14 - sbcs r11,r11,r1 - sbc r3,r3,r3 @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - -Lreduce_by_add: - - @ if a-b borrows, add modulus. - @ - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ broadcasting borrow bit to a register, r3, and using it as - @ a whole or extracting single bit. - - adds r4,r4,r3 @ add synthesized modulus - adcs r5,r5,r3 - str r4,[r0,#0] - adcs r6,r6,r3 - str r5,[r0,#4] - adcs r7,r7,#0 - str r6,[r0,#8] - adcs r8,r8,#0 - str r7,[r0,#12] - adcs r9,r9,#0 - str r8,[r0,#16] - adcs r10,r10,r3,lsr#31 - str r9,[r0,#20] - adcs r11,r11,r3 - str r10,[r0,#24] - str r11,[r0,#28] - - mov pc,lr - - -@ void GFp_nistz256_neg(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl _GFp_nistz256_neg -.private_extern _GFp_nistz256_neg -#ifdef __thumb2__ -.thumb_func _GFp_nistz256_neg -#endif -.align 4 -_GFp_nistz256_neg: - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bl __ecp_nistz256_neg -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif - - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_neg -#endif -.align 4 -__ecp_nistz256_neg: - ldr r4,[r1,#0] - eor r3,r3,r3 - ldr r5,[r1,#4] - ldr r6,[r1,#8] - subs r4,r3,r4 - ldr r7,[r1,#12] - sbcs r5,r3,r5 - ldr r8,[r1,#16] - sbcs r6,r3,r6 - ldr r9,[r1,#20] - sbcs r7,r3,r7 - ldr r10,[r1,#24] - sbcs r8,r3,r8 - ldr r11,[r1,#28] - sbcs r9,r3,r9 - sbcs r10,r3,r10 - sbcs r11,r3,r11 - sbc r3,r3,r3 - - b Lreduce_by_add - -@ void GFp_nistz256_mul_mont(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl _GFp_nistz256_mul_mont -.private_extern _GFp_nistz256_mul_mont -#ifdef __thumb2__ -.thumb_func _GFp_nistz256_mul_mont -#endif -.align 4 -_GFp_nistz256_mul_mont: - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bl __ecp_nistz256_mul_mont -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif - - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_mul_mont -#endif -.align 4 -__ecp_nistz256_mul_mont: - stmdb sp!,{r0,r1,r2,lr} @ make a copy of arguments too - - ldr r2,[r2,#0] @ b[0] - ldmia r1,{r4,r5,r6,r7,r8,r9,r10,r11} - - umull r3,r14,r4,r2 @ r[0]=a[0]*b[0] - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11} @ copy a[0-7] to stack, so - @ that it can be addressed - @ without spending register - @ on address - umull r4,r0,r5,r2 @ r[1]=a[1]*b[0] - umull r5,r1,r6,r2 - adds r4,r4,r14 @ accumulate high part of mult - umull r6,r12,r7,r2 - adcs r5,r5,r0 - umull r7,r14,r8,r2 - adcs r6,r6,r1 - umull r8,r0,r9,r2 - adcs r7,r7,r12 - umull r9,r1,r10,r2 - adcs r8,r8,r14 - umull r10,r12,r11,r2 - adcs r9,r9,r0 - adcs r10,r10,r1 - eor r14,r14,r14 @ first overflow bit is zero - adc r11,r12,#0 - @ multiplication-less reduction 1 - adds r6,r6,r3 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r7,r7,#0 @ r[4]+=0 - adcs r8,r8,#0 @ r[5]+=0 - adcs r9,r9,r3 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r10,r10,#0 @ r[7]+=0 - ldr r2,[r2,#4*1] @ load b[i] - adcs r11,r11,r3 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r10,r10,r3 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r11,r11,#0 @ r[8]-=0 - umlal r4,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r3,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r5,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r3,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r3,[sp,#12] @ a[3], r3 is alias r3 - umlal r6,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r5,r5,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r7,r14,r3,r2 @ "r[3]"+=a[3]*b[i] - eor r3,r3,r3 - adcs r6,r6,r1 - ldr r1,[sp,#20] @ a[5] - umlal r8,r3,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r7,r7,r12 - ldr r12,[sp,#24] @ a[6] - umlal r9,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r8,r8,r14 - ldr r14,[sp,#28] @ a[7] - umlal r10,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r9,r9,r3 - ldr r3,[sp,#36] @ restore overflow bit - umlal r11,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r10,r10,r0 - adcs r11,r11,r1 - adcs r3,r3,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 2 - adds r7,r7,r4 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r8,r8,#0 @ r[4]+=0 - adcs r9,r9,#0 @ r[5]+=0 - adcs r10,r10,r4 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r11,r11,#0 @ r[7]+=0 - ldr r2,[r2,#4*2] @ load b[i] - adcs r3,r3,r4 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r11,r11,r4 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r3,r3,#0 @ r[8]-=0 - umlal r5,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r4,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r6,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r4,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r4,[sp,#12] @ a[3], r4 is alias r4 - umlal r7,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r6,r6,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r8,r14,r4,r2 @ "r[3]"+=a[3]*b[i] - eor r4,r4,r4 - adcs r7,r7,r1 - ldr r1,[sp,#20] @ a[5] - umlal r9,r4,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r8,r8,r12 - ldr r12,[sp,#24] @ a[6] - umlal r10,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r9,r9,r14 - ldr r14,[sp,#28] @ a[7] - umlal r11,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r10,r10,r4 - ldr r4,[sp,#36] @ restore overflow bit - umlal r3,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r11,r11,r0 - adcs r3,r3,r1 - adcs r4,r4,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 3 - adds r8,r8,r5 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r9,r9,#0 @ r[4]+=0 - adcs r10,r10,#0 @ r[5]+=0 - adcs r11,r11,r5 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r3,r3,#0 @ r[7]+=0 - ldr r2,[r2,#4*3] @ load b[i] - adcs r4,r4,r5 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r3,r3,r5 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r4,r4,#0 @ r[8]-=0 - umlal r6,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r5,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r7,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r5,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r5,[sp,#12] @ a[3], r5 is alias r5 - umlal r8,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r7,r7,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r9,r14,r5,r2 @ "r[3]"+=a[3]*b[i] - eor r5,r5,r5 - adcs r8,r8,r1 - ldr r1,[sp,#20] @ a[5] - umlal r10,r5,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r9,r9,r12 - ldr r12,[sp,#24] @ a[6] - umlal r11,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r10,r10,r14 - ldr r14,[sp,#28] @ a[7] - umlal r3,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r11,r11,r5 - ldr r5,[sp,#36] @ restore overflow bit - umlal r4,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r3,r3,r0 - adcs r4,r4,r1 - adcs r5,r5,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 4 - adds r9,r9,r6 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r10,r10,#0 @ r[4]+=0 - adcs r11,r11,#0 @ r[5]+=0 - adcs r3,r3,r6 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r4,r4,#0 @ r[7]+=0 - ldr r2,[r2,#4*4] @ load b[i] - adcs r5,r5,r6 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r4,r4,r6 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r5,r5,#0 @ r[8]-=0 - umlal r7,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r6,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r8,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r6,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r6,[sp,#12] @ a[3], r6 is alias r6 - umlal r9,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r8,r8,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r10,r14,r6,r2 @ "r[3]"+=a[3]*b[i] - eor r6,r6,r6 - adcs r9,r9,r1 - ldr r1,[sp,#20] @ a[5] - umlal r11,r6,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r10,r10,r12 - ldr r12,[sp,#24] @ a[6] - umlal r3,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r11,r11,r14 - ldr r14,[sp,#28] @ a[7] - umlal r4,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r3,r3,r6 - ldr r6,[sp,#36] @ restore overflow bit - umlal r5,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r4,r4,r0 - adcs r5,r5,r1 - adcs r6,r6,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 5 - adds r10,r10,r7 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r11,r11,#0 @ r[4]+=0 - adcs r3,r3,#0 @ r[5]+=0 - adcs r4,r4,r7 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r5,r5,#0 @ r[7]+=0 - ldr r2,[r2,#4*5] @ load b[i] - adcs r6,r6,r7 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r5,r5,r7 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r6,r6,#0 @ r[8]-=0 - umlal r8,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r7,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r9,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r7,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r7,[sp,#12] @ a[3], r7 is alias r7 - umlal r10,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r9,r9,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r11,r14,r7,r2 @ "r[3]"+=a[3]*b[i] - eor r7,r7,r7 - adcs r10,r10,r1 - ldr r1,[sp,#20] @ a[5] - umlal r3,r7,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r11,r11,r12 - ldr r12,[sp,#24] @ a[6] - umlal r4,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r3,r3,r14 - ldr r14,[sp,#28] @ a[7] - umlal r5,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r4,r4,r7 - ldr r7,[sp,#36] @ restore overflow bit - umlal r6,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r5,r5,r0 - adcs r6,r6,r1 - adcs r7,r7,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 6 - adds r11,r11,r8 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r3,r3,#0 @ r[4]+=0 - adcs r4,r4,#0 @ r[5]+=0 - adcs r5,r5,r8 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r6,r6,#0 @ r[7]+=0 - ldr r2,[r2,#4*6] @ load b[i] - adcs r7,r7,r8 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r6,r6,r8 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r7,r7,#0 @ r[8]-=0 - umlal r9,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r8,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r10,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r8,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r8,[sp,#12] @ a[3], r8 is alias r8 - umlal r11,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r10,r10,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r3,r14,r8,r2 @ "r[3]"+=a[3]*b[i] - eor r8,r8,r8 - adcs r11,r11,r1 - ldr r1,[sp,#20] @ a[5] - umlal r4,r8,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r3,r3,r12 - ldr r12,[sp,#24] @ a[6] - umlal r5,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r4,r4,r14 - ldr r14,[sp,#28] @ a[7] - umlal r6,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r5,r5,r8 - ldr r8,[sp,#36] @ restore overflow bit - umlal r7,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r6,r6,r0 - adcs r7,r7,r1 - adcs r8,r8,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 7 - adds r3,r3,r9 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r4,r4,#0 @ r[4]+=0 - adcs r5,r5,#0 @ r[5]+=0 - adcs r6,r6,r9 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r7,r7,#0 @ r[7]+=0 - ldr r2,[r2,#4*7] @ load b[i] - adcs r8,r8,r9 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r7,r7,r9 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r8,r8,#0 @ r[8]-=0 - umlal r10,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r9,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r11,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r9,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r9,[sp,#12] @ a[3], r9 is alias r9 - umlal r3,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r11,r11,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r4,r14,r9,r2 @ "r[3]"+=a[3]*b[i] - eor r9,r9,r9 - adcs r3,r3,r1 - ldr r1,[sp,#20] @ a[5] - umlal r5,r9,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r4,r4,r12 - ldr r12,[sp,#24] @ a[6] - umlal r6,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r5,r5,r14 - ldr r14,[sp,#28] @ a[7] - umlal r7,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r6,r6,r9 - ldr r9,[sp,#36] @ restore overflow bit - umlal r8,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r7,r7,r0 - adcs r8,r8,r1 - adcs r9,r9,r12 - adc r14,r14,#0 @ new overflow bit - @ last multiplication-less reduction - adds r4,r4,r10 - ldr r0,[sp,#32] @ restore r_ptr - adcs r5,r5,#0 - adcs r6,r6,#0 - adcs r7,r7,r10 - adcs r8,r8,#0 - adcs r9,r9,r10 - adc r14,r14,#0 - subs r8,r8,r10 - sbcs r9,r9,#0 - sbc r10,r14,#0 @ overflow bit - - @ Final step is "if result > mod, subtract mod", but we do it - @ "other way around", namely subtract modulus from result - @ and if it borrowed, add modulus back. - - adds r11,r11,#1 @ subs r11,r11,#-1 - adcs r3,r3,#0 @ sbcs r3,r3,#-1 - adcs r4,r4,#0 @ sbcs r4,r4,#-1 - sbcs r5,r5,#0 - sbcs r6,r6,#0 - sbcs r7,r7,#0 - sbcs r8,r8,#1 - adcs r9,r9,#0 @ sbcs r9,r9,#-1 - ldr lr,[sp,#44] @ restore lr - sbc r10,r10,#0 @ broadcast borrow bit - add sp,sp,#48 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ broadcasting borrow bit to a register, r10, and using it as - @ a whole or extracting single bit. - - adds r11,r11,r10 @ add modulus or zero - adcs r3,r3,r10 - str r11,[r0,#0] - adcs r4,r4,r10 - str r3,[r0,#4] - adcs r5,r5,#0 - str r4,[r0,#8] - adcs r6,r6,#0 - str r5,[r0,#12] - adcs r7,r7,#0 - str r6,[r0,#16] - adcs r8,r8,r10,lsr#31 - str r7,[r0,#20] - adc r9,r9,r10 - str r8,[r0,#24] - str r9,[r0,#28] - - mov pc,lr - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_sub_from -#endif -.align 5 -__ecp_nistz256_sub_from: - str lr,[sp,#-4]! @ push lr - - ldr r10,[r2,#0] - ldr r12,[r2,#4] - ldr r14,[r2,#8] - ldr r1,[r2,#12] - subs r11,r11,r10 - ldr r10,[r2,#16] - sbcs r3,r3,r12 - ldr r12,[r2,#20] - sbcs r4,r4,r14 - ldr r14,[r2,#24] - sbcs r5,r5,r1 - ldr r1,[r2,#28] - sbcs r6,r6,r10 - sbcs r7,r7,r12 - sbcs r8,r8,r14 - sbcs r9,r9,r1 - sbc r2,r2,r2 @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - - adds r11,r11,r2 @ add synthesized modulus - adcs r3,r3,r2 - str r11,[r0,#0] - adcs r4,r4,r2 - str r3,[r0,#4] - adcs r5,r5,#0 - str r4,[r0,#8] - adcs r6,r6,#0 - str r5,[r0,#12] - adcs r7,r7,#0 - str r6,[r0,#16] - adcs r8,r8,r2,lsr#31 - str r7,[r0,#20] - adcs r9,r9,r2 - str r8,[r0,#24] - str r9,[r0,#28] - - mov pc,lr - - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_sub_morf -#endif -.align 5 -__ecp_nistz256_sub_morf: - str lr,[sp,#-4]! @ push lr - - ldr r10,[r2,#0] - ldr r12,[r2,#4] - ldr r14,[r2,#8] - ldr r1,[r2,#12] - subs r11,r10,r11 - ldr r10,[r2,#16] - sbcs r3,r12,r3 - ldr r12,[r2,#20] - sbcs r4,r14,r4 - ldr r14,[r2,#24] - sbcs r5,r1,r5 - ldr r1,[r2,#28] - sbcs r6,r10,r6 - sbcs r7,r12,r7 - sbcs r8,r14,r8 - sbcs r9,r1,r9 - sbc r2,r2,r2 @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - - adds r11,r11,r2 @ add synthesized modulus - adcs r3,r3,r2 - str r11,[r0,#0] - adcs r4,r4,r2 - str r3,[r0,#4] - adcs r5,r5,#0 - str r4,[r0,#8] - adcs r6,r6,#0 - str r5,[r0,#12] - adcs r7,r7,#0 - str r6,[r0,#16] - adcs r8,r8,r2,lsr#31 - str r7,[r0,#20] - adcs r9,r9,r2 - str r8,[r0,#24] - str r9,[r0,#28] - - mov pc,lr - - -#ifdef __thumb2__ -.thumb_func __ecp_nistz256_add_self -#endif -.align 4 -__ecp_nistz256_add_self: - adds r11,r11,r11 @ a[0:7]+=a[0:7] - adcs r3,r3,r3 - adcs r4,r4,r4 - adcs r5,r5,r5 - adcs r6,r6,r6 - adcs r7,r7,r7 - adcs r8,r8,r8 - mov r2,#0 - adcs r9,r9,r9 - adc r2,r2,#0 - - @ if a+b >= modulus, subtract modulus. - @ - @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subtraction borrowed. - - subs r11,r11,#-1 - sbcs r3,r3,#-1 - sbcs r4,r4,#-1 - sbcs r5,r5,#0 - sbcs r6,r6,#0 - sbcs r7,r7,#0 - sbcs r8,r8,#1 - sbcs r9,r9,#-1 - sbc r2,r2,#0 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ using value of borrow as a whole or extracting single bit. - @ Follow r2 register... - - adds r11,r11,r2 @ add synthesized modulus - adcs r3,r3,r2 - str r11,[r0,#0] - adcs r4,r4,r2 - str r3,[r0,#4] - adcs r5,r5,#0 - str r4,[r0,#8] - adcs r6,r6,#0 - str r5,[r0,#12] - adcs r7,r7,#0 - str r6,[r0,#16] - adcs r8,r8,r2,lsr#31 - str r7,[r0,#20] - adcs r9,r9,r2 - str r8,[r0,#24] - str r9,[r0,#28] - - mov pc,lr - - -.globl _GFp_nistz256_point_double -.private_extern _GFp_nistz256_point_double -#ifdef __thumb2__ -.thumb_func _GFp_nistz256_point_double -#endif -.align 5 -_GFp_nistz256_point_double: - stmdb sp!,{r0,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @ push from r0, unusual, but intentional - sub sp,sp,#32*5 - -Lpoint_double_shortcut: - add r3,sp,#96 - ldmia r1!,{r4,r5,r6,r7,r8,r9,r10,r11} @ copy in_x - stmia r3,{r4,r5,r6,r7,r8,r9,r10,r11} - - add r0,sp,#0 - bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(S, in_y); - - add r2,r1,#32 - add r1,r1,#32 - add r0,sp,#64 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Zsqr, in_z); - - add r1,sp,#0 - add r2,sp,#0 - add r0,sp,#0 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(S, S); - - ldr r2,[sp,#32*5+4] - add r1,r2,#32 - add r2,r2,#64 - add r0,sp,#128 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(tmp0, in_z, in_y); - - ldr r0,[sp,#32*5] - add r0,r0,#64 - bl __ecp_nistz256_add_self @ p256_mul_by_2(res_z, tmp0); - - add r1,sp,#96 - add r2,sp,#64 - add r0,sp,#32 - bl __ecp_nistz256_add @ p256_add(M, in_x, Zsqr); - - add r1,sp,#96 - add r2,sp,#64 - add r0,sp,#64 - bl __ecp_nistz256_sub @ p256_sub(Zsqr, in_x, Zsqr); - - add r1,sp,#0 - add r2,sp,#0 - add r0,sp,#128 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(tmp0, S); - - add r1,sp,#64 - add r2,sp,#32 - add r0,sp,#32 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(M, M, Zsqr); - - ldr r0,[sp,#32*5] - add r1,sp,#128 - add r0,r0,#32 - bl __ecp_nistz256_div_by_2 @ p256_div_by_2(res_y, tmp0); - - add r1,sp,#32 - add r0,sp,#32 - bl __ecp_nistz256_mul_by_3 @ p256_mul_by_3(M, M); - - add r1,sp,#96 - add r2,sp,#0 - add r0,sp,#0 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, in_x); - - add r0,sp,#128 - bl __ecp_nistz256_add_self @ p256_mul_by_2(tmp0, S); - - ldr r0,[sp,#32*5] - add r1,sp,#32 - add r2,sp,#32 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(res_x, M); - - add r2,sp,#128 - bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, tmp0); - - add r2,sp,#0 - add r0,sp,#0 - bl __ecp_nistz256_sub_morf @ p256_sub(S, S, res_x); - - add r1,sp,#32 - add r2,sp,#0 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, M); - - ldr r0,[sp,#32*5] - add r2,r0,#32 - add r0,r0,#32 - bl __ecp_nistz256_sub_from @ p256_sub(res_y, S, res_y); - - add sp,sp,#32*5+16 @ +16 means "skip even over saved r0-r3" -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif - -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/ecp_nistz256-armv4-linux32.S b/pregenerated/ecp_nistz256-armv4-linux32.S deleted file mode 100644 index 81b2356..0000000 --- a/pregenerated/ecp_nistz256-armv4-linux32.S +++ /dev/null @@ -1,1089 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#if defined(__arm__) -#include <GFp/arm_arch.h> - -.text -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - -.byte 69,67,80,95,78,73,83,84,90,50,53,54,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 -.align 6 -.type __ecp_nistz256_mul_by_2,%function -.align 4 -__ecp_nistz256_mul_by_2: - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - adds r4,r4,r4 @ a[0:7]+=a[0:7], i.e. add with itself - ldr r7,[r1,#12] - adcs r5,r5,r5 - ldr r8,[r1,#16] - adcs r6,r6,r6 - ldr r9,[r1,#20] - adcs r7,r7,r7 - ldr r10,[r1,#24] - adcs r8,r8,r8 - ldr r11,[r1,#28] - adcs r9,r9,r9 - adcs r10,r10,r10 - mov r3,#0 - adcs r11,r11,r11 - adc r3,r3,#0 - - b .Lreduce_by_sub -.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2 - -@ void GFp_nistz256_add(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl GFp_nistz256_add -.hidden GFp_nistz256_add -.type GFp_nistz256_add,%function -.align 4 -GFp_nistz256_add: - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bl __ecp_nistz256_add -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_nistz256_add,.-GFp_nistz256_add - -.type __ecp_nistz256_add,%function -.align 4 -__ecp_nistz256_add: - str lr,[sp,#-4]! @ push lr - - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - ldr r7,[r1,#12] - ldr r8,[r1,#16] - ldr r3,[r2,#0] - ldr r9,[r1,#20] - ldr r12,[r2,#4] - ldr r10,[r1,#24] - ldr r14,[r2,#8] - ldr r11,[r1,#28] - ldr r1,[r2,#12] - adds r4,r4,r3 - ldr r3,[r2,#16] - adcs r5,r5,r12 - ldr r12,[r2,#20] - adcs r6,r6,r14 - ldr r14,[r2,#24] - adcs r7,r7,r1 - ldr r1,[r2,#28] - adcs r8,r8,r3 - adcs r9,r9,r12 - adcs r10,r10,r14 - mov r3,#0 - adcs r11,r11,r1 - adc r3,r3,#0 - ldr lr,[sp],#4 @ pop lr - -.Lreduce_by_sub: - - @ if a+b >= modulus, subtract modulus. - @ - @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subtraction borrowed. - - subs r4,r4,#-1 - sbcs r5,r5,#-1 - sbcs r6,r6,#-1 - sbcs r7,r7,#0 - sbcs r8,r8,#0 - sbcs r9,r9,#0 - sbcs r10,r10,#1 - sbcs r11,r11,#-1 - sbc r3,r3,#0 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ using value of borrow as a whole or extracting single bit. - @ Follow r3 register... - - adds r4,r4,r3 @ add synthesized modulus - adcs r5,r5,r3 - str r4,[r0,#0] - adcs r6,r6,r3 - str r5,[r0,#4] - adcs r7,r7,#0 - str r6,[r0,#8] - adcs r8,r8,#0 - str r7,[r0,#12] - adcs r9,r9,#0 - str r8,[r0,#16] - adcs r10,r10,r3,lsr#31 - str r9,[r0,#20] - adcs r11,r11,r3 - str r10,[r0,#24] - str r11,[r0,#28] - - mov pc,lr -.size __ecp_nistz256_add,.-__ecp_nistz256_add - -.type __ecp_nistz256_mul_by_3,%function -.align 4 -__ecp_nistz256_mul_by_3: - str lr,[sp,#-4]! @ push lr - - @ As multiplication by 3 is performed as 2*n+n, below are inline - @ copies of __ecp_nistz256_mul_by_2 and __ecp_nistz256_add, see - @ corresponding subroutines for details. - - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - adds r4,r4,r4 @ a[0:7]+=a[0:7] - ldr r7,[r1,#12] - adcs r5,r5,r5 - ldr r8,[r1,#16] - adcs r6,r6,r6 - ldr r9,[r1,#20] - adcs r7,r7,r7 - ldr r10,[r1,#24] - adcs r8,r8,r8 - ldr r11,[r1,#28] - adcs r9,r9,r9 - adcs r10,r10,r10 - mov r3,#0 - adcs r11,r11,r11 - adc r3,r3,#0 - - subs r4,r4,#-1 @ .Lreduce_by_sub but without stores - sbcs r5,r5,#-1 - sbcs r6,r6,#-1 - sbcs r7,r7,#0 - sbcs r8,r8,#0 - sbcs r9,r9,#0 - sbcs r10,r10,#1 - sbcs r11,r11,#-1 - sbc r3,r3,#0 - - adds r4,r4,r3 @ add synthesized modulus - adcs r5,r5,r3 - adcs r6,r6,r3 - adcs r7,r7,#0 - adcs r8,r8,#0 - ldr r2,[r1,#0] - adcs r9,r9,#0 - ldr r12,[r1,#4] - adcs r10,r10,r3,lsr#31 - ldr r14,[r1,#8] - adc r11,r11,r3 - - ldr r3,[r1,#12] - adds r4,r4,r2 @ 2*a[0:7]+=a[0:7] - ldr r2,[r1,#16] - adcs r5,r5,r12 - ldr r12,[r1,#20] - adcs r6,r6,r14 - ldr r14,[r1,#24] - adcs r7,r7,r3 - ldr r1,[r1,#28] - adcs r8,r8,r2 - adcs r9,r9,r12 - adcs r10,r10,r14 - mov r3,#0 - adcs r11,r11,r1 - adc r3,r3,#0 - ldr lr,[sp],#4 @ pop lr - - b .Lreduce_by_sub -.size __ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3 - -.type __ecp_nistz256_div_by_2,%function -.align 4 -__ecp_nistz256_div_by_2: - @ ret = (a is odd ? a+mod : a) >> 1 - - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - mov r3,r4,lsl#31 @ place least significant bit to most - @ significant position, now arithmetic - @ right shift by 31 will produce -1 or - @ 0, while logical right shift 1 or 0, - @ this is how modulus is conditionally - @ synthesized in this case... - ldr r7,[r1,#12] - adds r4,r4,r3,asr#31 - ldr r8,[r1,#16] - adcs r5,r5,r3,asr#31 - ldr r9,[r1,#20] - adcs r6,r6,r3,asr#31 - ldr r10,[r1,#24] - adcs r7,r7,#0 - ldr r11,[r1,#28] - adcs r8,r8,#0 - mov r4,r4,lsr#1 @ a[0:7]>>=1, we can start early - @ because it doesn't affect flags - adcs r9,r9,#0 - orr r4,r4,r5,lsl#31 - adcs r10,r10,r3,lsr#31 - mov r2,#0 - adcs r11,r11,r3,asr#31 - mov r5,r5,lsr#1 - adc r2,r2,#0 @ top-most carry bit from addition - - orr r5,r5,r6,lsl#31 - mov r6,r6,lsr#1 - str r4,[r0,#0] - orr r6,r6,r7,lsl#31 - mov r7,r7,lsr#1 - str r5,[r0,#4] - orr r7,r7,r8,lsl#31 - mov r8,r8,lsr#1 - str r6,[r0,#8] - orr r8,r8,r9,lsl#31 - mov r9,r9,lsr#1 - str r7,[r0,#12] - orr r9,r9,r10,lsl#31 - mov r10,r10,lsr#1 - str r8,[r0,#16] - orr r10,r10,r11,lsl#31 - mov r11,r11,lsr#1 - str r9,[r0,#20] - orr r11,r11,r2,lsl#31 @ don't forget the top-most carry bit - str r10,[r0,#24] - str r11,[r0,#28] - - mov pc,lr -.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 - -.type __ecp_nistz256_sub,%function -.align 4 -__ecp_nistz256_sub: - str lr,[sp,#-4]! @ push lr - - ldr r4,[r1,#0] - ldr r5,[r1,#4] - ldr r6,[r1,#8] - ldr r7,[r1,#12] - ldr r8,[r1,#16] - ldr r3,[r2,#0] - ldr r9,[r1,#20] - ldr r12,[r2,#4] - ldr r10,[r1,#24] - ldr r14,[r2,#8] - ldr r11,[r1,#28] - ldr r1,[r2,#12] - subs r4,r4,r3 - ldr r3,[r2,#16] - sbcs r5,r5,r12 - ldr r12,[r2,#20] - sbcs r6,r6,r14 - ldr r14,[r2,#24] - sbcs r7,r7,r1 - ldr r1,[r2,#28] - sbcs r8,r8,r3 - sbcs r9,r9,r12 - sbcs r10,r10,r14 - sbcs r11,r11,r1 - sbc r3,r3,r3 @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - -.Lreduce_by_add: - - @ if a-b borrows, add modulus. - @ - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ broadcasting borrow bit to a register, r3, and using it as - @ a whole or extracting single bit. - - adds r4,r4,r3 @ add synthesized modulus - adcs r5,r5,r3 - str r4,[r0,#0] - adcs r6,r6,r3 - str r5,[r0,#4] - adcs r7,r7,#0 - str r6,[r0,#8] - adcs r8,r8,#0 - str r7,[r0,#12] - adcs r9,r9,#0 - str r8,[r0,#16] - adcs r10,r10,r3,lsr#31 - str r9,[r0,#20] - adcs r11,r11,r3 - str r10,[r0,#24] - str r11,[r0,#28] - - mov pc,lr -.size __ecp_nistz256_sub,.-__ecp_nistz256_sub - -@ void GFp_nistz256_neg(BN_ULONG r0[8],const BN_ULONG r1[8]); -.globl GFp_nistz256_neg -.hidden GFp_nistz256_neg -.type GFp_nistz256_neg,%function -.align 4 -GFp_nistz256_neg: - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bl __ecp_nistz256_neg -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_nistz256_neg,.-GFp_nistz256_neg - -.type __ecp_nistz256_neg,%function -.align 4 -__ecp_nistz256_neg: - ldr r4,[r1,#0] - eor r3,r3,r3 - ldr r5,[r1,#4] - ldr r6,[r1,#8] - subs r4,r3,r4 - ldr r7,[r1,#12] - sbcs r5,r3,r5 - ldr r8,[r1,#16] - sbcs r6,r3,r6 - ldr r9,[r1,#20] - sbcs r7,r3,r7 - ldr r10,[r1,#24] - sbcs r8,r3,r8 - ldr r11,[r1,#28] - sbcs r9,r3,r9 - sbcs r10,r3,r10 - sbcs r11,r3,r11 - sbc r3,r3,r3 - - b .Lreduce_by_add -.size __ecp_nistz256_neg,.-__ecp_nistz256_neg -@ void GFp_nistz256_mul_mont(BN_ULONG r0[8],const BN_ULONG r1[8], -@ const BN_ULONG r2[8]); -.globl GFp_nistz256_mul_mont -.hidden GFp_nistz256_mul_mont -.type GFp_nistz256_mul_mont,%function -.align 4 -GFp_nistz256_mul_mont: - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bl __ecp_nistz256_mul_mont -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_nistz256_mul_mont,.-GFp_nistz256_mul_mont - -.type __ecp_nistz256_mul_mont,%function -.align 4 -__ecp_nistz256_mul_mont: - stmdb sp!,{r0,r1,r2,lr} @ make a copy of arguments too - - ldr r2,[r2,#0] @ b[0] - ldmia r1,{r4,r5,r6,r7,r8,r9,r10,r11} - - umull r3,r14,r4,r2 @ r[0]=a[0]*b[0] - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11} @ copy a[0-7] to stack, so - @ that it can be addressed - @ without spending register - @ on address - umull r4,r0,r5,r2 @ r[1]=a[1]*b[0] - umull r5,r1,r6,r2 - adds r4,r4,r14 @ accumulate high part of mult - umull r6,r12,r7,r2 - adcs r5,r5,r0 - umull r7,r14,r8,r2 - adcs r6,r6,r1 - umull r8,r0,r9,r2 - adcs r7,r7,r12 - umull r9,r1,r10,r2 - adcs r8,r8,r14 - umull r10,r12,r11,r2 - adcs r9,r9,r0 - adcs r10,r10,r1 - eor r14,r14,r14 @ first overflow bit is zero - adc r11,r12,#0 - @ multiplication-less reduction 1 - adds r6,r6,r3 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r7,r7,#0 @ r[4]+=0 - adcs r8,r8,#0 @ r[5]+=0 - adcs r9,r9,r3 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r10,r10,#0 @ r[7]+=0 - ldr r2,[r2,#4*1] @ load b[i] - adcs r11,r11,r3 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r10,r10,r3 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r11,r11,#0 @ r[8]-=0 - umlal r4,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r3,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r5,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r3,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r3,[sp,#12] @ a[3], r3 is alias r3 - umlal r6,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r5,r5,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r7,r14,r3,r2 @ "r[3]"+=a[3]*b[i] - eor r3,r3,r3 - adcs r6,r6,r1 - ldr r1,[sp,#20] @ a[5] - umlal r8,r3,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r7,r7,r12 - ldr r12,[sp,#24] @ a[6] - umlal r9,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r8,r8,r14 - ldr r14,[sp,#28] @ a[7] - umlal r10,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r9,r9,r3 - ldr r3,[sp,#36] @ restore overflow bit - umlal r11,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r10,r10,r0 - adcs r11,r11,r1 - adcs r3,r3,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 2 - adds r7,r7,r4 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r8,r8,#0 @ r[4]+=0 - adcs r9,r9,#0 @ r[5]+=0 - adcs r10,r10,r4 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r11,r11,#0 @ r[7]+=0 - ldr r2,[r2,#4*2] @ load b[i] - adcs r3,r3,r4 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r11,r11,r4 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r3,r3,#0 @ r[8]-=0 - umlal r5,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r4,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r6,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r4,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r4,[sp,#12] @ a[3], r4 is alias r4 - umlal r7,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r6,r6,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r8,r14,r4,r2 @ "r[3]"+=a[3]*b[i] - eor r4,r4,r4 - adcs r7,r7,r1 - ldr r1,[sp,#20] @ a[5] - umlal r9,r4,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r8,r8,r12 - ldr r12,[sp,#24] @ a[6] - umlal r10,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r9,r9,r14 - ldr r14,[sp,#28] @ a[7] - umlal r11,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r10,r10,r4 - ldr r4,[sp,#36] @ restore overflow bit - umlal r3,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r11,r11,r0 - adcs r3,r3,r1 - adcs r4,r4,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 3 - adds r8,r8,r5 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r9,r9,#0 @ r[4]+=0 - adcs r10,r10,#0 @ r[5]+=0 - adcs r11,r11,r5 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r3,r3,#0 @ r[7]+=0 - ldr r2,[r2,#4*3] @ load b[i] - adcs r4,r4,r5 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r3,r3,r5 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r4,r4,#0 @ r[8]-=0 - umlal r6,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r5,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r7,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r5,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r5,[sp,#12] @ a[3], r5 is alias r5 - umlal r8,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r7,r7,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r9,r14,r5,r2 @ "r[3]"+=a[3]*b[i] - eor r5,r5,r5 - adcs r8,r8,r1 - ldr r1,[sp,#20] @ a[5] - umlal r10,r5,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r9,r9,r12 - ldr r12,[sp,#24] @ a[6] - umlal r11,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r10,r10,r14 - ldr r14,[sp,#28] @ a[7] - umlal r3,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r11,r11,r5 - ldr r5,[sp,#36] @ restore overflow bit - umlal r4,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r3,r3,r0 - adcs r4,r4,r1 - adcs r5,r5,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 4 - adds r9,r9,r6 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r10,r10,#0 @ r[4]+=0 - adcs r11,r11,#0 @ r[5]+=0 - adcs r3,r3,r6 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r4,r4,#0 @ r[7]+=0 - ldr r2,[r2,#4*4] @ load b[i] - adcs r5,r5,r6 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r4,r4,r6 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r5,r5,#0 @ r[8]-=0 - umlal r7,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r6,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r8,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r6,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r6,[sp,#12] @ a[3], r6 is alias r6 - umlal r9,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r8,r8,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r10,r14,r6,r2 @ "r[3]"+=a[3]*b[i] - eor r6,r6,r6 - adcs r9,r9,r1 - ldr r1,[sp,#20] @ a[5] - umlal r11,r6,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r10,r10,r12 - ldr r12,[sp,#24] @ a[6] - umlal r3,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r11,r11,r14 - ldr r14,[sp,#28] @ a[7] - umlal r4,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r3,r3,r6 - ldr r6,[sp,#36] @ restore overflow bit - umlal r5,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r4,r4,r0 - adcs r5,r5,r1 - adcs r6,r6,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 5 - adds r10,r10,r7 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r11,r11,#0 @ r[4]+=0 - adcs r3,r3,#0 @ r[5]+=0 - adcs r4,r4,r7 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r5,r5,#0 @ r[7]+=0 - ldr r2,[r2,#4*5] @ load b[i] - adcs r6,r6,r7 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r5,r5,r7 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r6,r6,#0 @ r[8]-=0 - umlal r8,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r7,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r9,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r7,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r7,[sp,#12] @ a[3], r7 is alias r7 - umlal r10,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r9,r9,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r11,r14,r7,r2 @ "r[3]"+=a[3]*b[i] - eor r7,r7,r7 - adcs r10,r10,r1 - ldr r1,[sp,#20] @ a[5] - umlal r3,r7,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r11,r11,r12 - ldr r12,[sp,#24] @ a[6] - umlal r4,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r3,r3,r14 - ldr r14,[sp,#28] @ a[7] - umlal r5,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r4,r4,r7 - ldr r7,[sp,#36] @ restore overflow bit - umlal r6,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r5,r5,r0 - adcs r6,r6,r1 - adcs r7,r7,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 6 - adds r11,r11,r8 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r3,r3,#0 @ r[4]+=0 - adcs r4,r4,#0 @ r[5]+=0 - adcs r5,r5,r8 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r6,r6,#0 @ r[7]+=0 - ldr r2,[r2,#4*6] @ load b[i] - adcs r7,r7,r8 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r6,r6,r8 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r7,r7,#0 @ r[8]-=0 - umlal r9,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r8,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r10,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r8,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r8,[sp,#12] @ a[3], r8 is alias r8 - umlal r11,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r10,r10,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r3,r14,r8,r2 @ "r[3]"+=a[3]*b[i] - eor r8,r8,r8 - adcs r11,r11,r1 - ldr r1,[sp,#20] @ a[5] - umlal r4,r8,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r3,r3,r12 - ldr r12,[sp,#24] @ a[6] - umlal r5,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r4,r4,r14 - ldr r14,[sp,#28] @ a[7] - umlal r6,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r5,r5,r8 - ldr r8,[sp,#36] @ restore overflow bit - umlal r7,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r6,r6,r0 - adcs r7,r7,r1 - adcs r8,r8,r12 - adc r14,r14,#0 @ new overflow bit - @ multiplication-less reduction 7 - adds r3,r3,r9 @ r[3]+=r[0] - ldr r2,[sp,#40] @ restore b_ptr - adcs r4,r4,#0 @ r[4]+=0 - adcs r5,r5,#0 @ r[5]+=0 - adcs r6,r6,r9 @ r[6]+=r[0] - ldr r1,[sp,#0] @ load a[0] - adcs r7,r7,#0 @ r[7]+=0 - ldr r2,[r2,#4*7] @ load b[i] - adcs r8,r8,r9 @ r[8]+=r[0] - eor r0,r0,r0 - adc r14,r14,#0 @ overflow bit - subs r7,r7,r9 @ r[7]-=r[0] - ldr r12,[sp,#4] @ a[1] - sbcs r8,r8,#0 @ r[8]-=0 - umlal r10,r0,r1,r2 @ "r[0]"+=a[0]*b[i] - eor r1,r1,r1 - sbc r9,r14,#0 @ overflow bit, keep in mind - @ that netto result is - @ addition of a value which - @ makes underflow impossible - - ldr r14,[sp,#8] @ a[2] - umlal r11,r1,r12,r2 @ "r[1]"+=a[1]*b[i] - str r9,[sp,#36] @ temporarily offload overflow - eor r12,r12,r12 - ldr r9,[sp,#12] @ a[3], r9 is alias r9 - umlal r3,r12,r14,r2 @ "r[2]"+=a[2]*b[i] - eor r14,r14,r14 - adds r11,r11,r0 @ accumulate high part of mult - ldr r0,[sp,#16] @ a[4] - umlal r4,r14,r9,r2 @ "r[3]"+=a[3]*b[i] - eor r9,r9,r9 - adcs r3,r3,r1 - ldr r1,[sp,#20] @ a[5] - umlal r5,r9,r0,r2 @ "r[4]"+=a[4]*b[i] - eor r0,r0,r0 - adcs r4,r4,r12 - ldr r12,[sp,#24] @ a[6] - umlal r6,r0,r1,r2 @ "r[5]"+=a[5]*b[i] - eor r1,r1,r1 - adcs r5,r5,r14 - ldr r14,[sp,#28] @ a[7] - umlal r7,r1,r12,r2 @ "r[6]"+=a[6]*b[i] - eor r12,r12,r12 - adcs r6,r6,r9 - ldr r9,[sp,#36] @ restore overflow bit - umlal r8,r12,r14,r2 @ "r[7]"+=a[7]*b[i] - eor r14,r14,r14 - adcs r7,r7,r0 - adcs r8,r8,r1 - adcs r9,r9,r12 - adc r14,r14,#0 @ new overflow bit - @ last multiplication-less reduction - adds r4,r4,r10 - ldr r0,[sp,#32] @ restore r_ptr - adcs r5,r5,#0 - adcs r6,r6,#0 - adcs r7,r7,r10 - adcs r8,r8,#0 - adcs r9,r9,r10 - adc r14,r14,#0 - subs r8,r8,r10 - sbcs r9,r9,#0 - sbc r10,r14,#0 @ overflow bit - - @ Final step is "if result > mod, subtract mod", but we do it - @ "other way around", namely subtract modulus from result - @ and if it borrowed, add modulus back. - - adds r11,r11,#1 @ subs r11,r11,#-1 - adcs r3,r3,#0 @ sbcs r3,r3,#-1 - adcs r4,r4,#0 @ sbcs r4,r4,#-1 - sbcs r5,r5,#0 - sbcs r6,r6,#0 - sbcs r7,r7,#0 - sbcs r8,r8,#1 - adcs r9,r9,#0 @ sbcs r9,r9,#-1 - ldr lr,[sp,#44] @ restore lr - sbc r10,r10,#0 @ broadcast borrow bit - add sp,sp,#48 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ broadcasting borrow bit to a register, r10, and using it as - @ a whole or extracting single bit. - - adds r11,r11,r10 @ add modulus or zero - adcs r3,r3,r10 - str r11,[r0,#0] - adcs r4,r4,r10 - str r3,[r0,#4] - adcs r5,r5,#0 - str r4,[r0,#8] - adcs r6,r6,#0 - str r5,[r0,#12] - adcs r7,r7,#0 - str r6,[r0,#16] - adcs r8,r8,r10,lsr#31 - str r7,[r0,#20] - adc r9,r9,r10 - str r8,[r0,#24] - str r9,[r0,#28] - - mov pc,lr -.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont -.type __ecp_nistz256_sub_from,%function -.align 5 -__ecp_nistz256_sub_from: - str lr,[sp,#-4]! @ push lr - - ldr r10,[r2,#0] - ldr r12,[r2,#4] - ldr r14,[r2,#8] - ldr r1,[r2,#12] - subs r11,r11,r10 - ldr r10,[r2,#16] - sbcs r3,r3,r12 - ldr r12,[r2,#20] - sbcs r4,r4,r14 - ldr r14,[r2,#24] - sbcs r5,r5,r1 - ldr r1,[r2,#28] - sbcs r6,r6,r10 - sbcs r7,r7,r12 - sbcs r8,r8,r14 - sbcs r9,r9,r1 - sbc r2,r2,r2 @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - - adds r11,r11,r2 @ add synthesized modulus - adcs r3,r3,r2 - str r11,[r0,#0] - adcs r4,r4,r2 - str r3,[r0,#4] - adcs r5,r5,#0 - str r4,[r0,#8] - adcs r6,r6,#0 - str r5,[r0,#12] - adcs r7,r7,#0 - str r6,[r0,#16] - adcs r8,r8,r2,lsr#31 - str r7,[r0,#20] - adcs r9,r9,r2 - str r8,[r0,#24] - str r9,[r0,#28] - - mov pc,lr -.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from - -.type __ecp_nistz256_sub_morf,%function -.align 5 -__ecp_nistz256_sub_morf: - str lr,[sp,#-4]! @ push lr - - ldr r10,[r2,#0] - ldr r12,[r2,#4] - ldr r14,[r2,#8] - ldr r1,[r2,#12] - subs r11,r10,r11 - ldr r10,[r2,#16] - sbcs r3,r12,r3 - ldr r12,[r2,#20] - sbcs r4,r14,r4 - ldr r14,[r2,#24] - sbcs r5,r1,r5 - ldr r1,[r2,#28] - sbcs r6,r10,r6 - sbcs r7,r12,r7 - sbcs r8,r14,r8 - sbcs r9,r1,r9 - sbc r2,r2,r2 @ broadcast borrow bit - ldr lr,[sp],#4 @ pop lr - - adds r11,r11,r2 @ add synthesized modulus - adcs r3,r3,r2 - str r11,[r0,#0] - adcs r4,r4,r2 - str r3,[r0,#4] - adcs r5,r5,#0 - str r4,[r0,#8] - adcs r6,r6,#0 - str r5,[r0,#12] - adcs r7,r7,#0 - str r6,[r0,#16] - adcs r8,r8,r2,lsr#31 - str r7,[r0,#20] - adcs r9,r9,r2 - str r8,[r0,#24] - str r9,[r0,#28] - - mov pc,lr -.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf - -.type __ecp_nistz256_add_self,%function -.align 4 -__ecp_nistz256_add_self: - adds r11,r11,r11 @ a[0:7]+=a[0:7] - adcs r3,r3,r3 - adcs r4,r4,r4 - adcs r5,r5,r5 - adcs r6,r6,r6 - adcs r7,r7,r7 - adcs r8,r8,r8 - mov r2,#0 - adcs r9,r9,r9 - adc r2,r2,#0 - - @ if a+b >= modulus, subtract modulus. - @ - @ But since comparison implies subtraction, we subtract - @ modulus and then add it back if subtraction borrowed. - - subs r11,r11,#-1 - sbcs r3,r3,#-1 - sbcs r4,r4,#-1 - sbcs r5,r5,#0 - sbcs r6,r6,#0 - sbcs r7,r7,#0 - sbcs r8,r8,#1 - sbcs r9,r9,#-1 - sbc r2,r2,#0 - - @ Note that because mod has special form, i.e. consists of - @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by - @ using value of borrow as a whole or extracting single bit. - @ Follow r2 register... - - adds r11,r11,r2 @ add synthesized modulus - adcs r3,r3,r2 - str r11,[r0,#0] - adcs r4,r4,r2 - str r3,[r0,#4] - adcs r5,r5,#0 - str r4,[r0,#8] - adcs r6,r6,#0 - str r5,[r0,#12] - adcs r7,r7,#0 - str r6,[r0,#16] - adcs r8,r8,r2,lsr#31 - str r7,[r0,#20] - adcs r9,r9,r2 - str r8,[r0,#24] - str r9,[r0,#28] - - mov pc,lr -.size __ecp_nistz256_add_self,.-__ecp_nistz256_add_self - -.globl GFp_nistz256_point_double -.hidden GFp_nistz256_point_double -.type GFp_nistz256_point_double,%function -.align 5 -GFp_nistz256_point_double: - stmdb sp!,{r0,r1,r2,r3,r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} @ push from r0, unusual, but intentional - sub sp,sp,#32*5 - -.Lpoint_double_shortcut: - add r3,sp,#96 - ldmia r1!,{r4,r5,r6,r7,r8,r9,r10,r11} @ copy in_x - stmia r3,{r4,r5,r6,r7,r8,r9,r10,r11} - - add r0,sp,#0 - bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(S, in_y); - - add r2,r1,#32 - add r1,r1,#32 - add r0,sp,#64 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Zsqr, in_z); - - add r1,sp,#0 - add r2,sp,#0 - add r0,sp,#0 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(S, S); - - ldr r2,[sp,#32*5+4] - add r1,r2,#32 - add r2,r2,#64 - add r0,sp,#128 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(tmp0, in_z, in_y); - - ldr r0,[sp,#32*5] - add r0,r0,#64 - bl __ecp_nistz256_add_self @ p256_mul_by_2(res_z, tmp0); - - add r1,sp,#96 - add r2,sp,#64 - add r0,sp,#32 - bl __ecp_nistz256_add @ p256_add(M, in_x, Zsqr); - - add r1,sp,#96 - add r2,sp,#64 - add r0,sp,#64 - bl __ecp_nistz256_sub @ p256_sub(Zsqr, in_x, Zsqr); - - add r1,sp,#0 - add r2,sp,#0 - add r0,sp,#128 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(tmp0, S); - - add r1,sp,#64 - add r2,sp,#32 - add r0,sp,#32 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(M, M, Zsqr); - - ldr r0,[sp,#32*5] - add r1,sp,#128 - add r0,r0,#32 - bl __ecp_nistz256_div_by_2 @ p256_div_by_2(res_y, tmp0); - - add r1,sp,#32 - add r0,sp,#32 - bl __ecp_nistz256_mul_by_3 @ p256_mul_by_3(M, M); - - add r1,sp,#96 - add r2,sp,#0 - add r0,sp,#0 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, in_x); - - add r0,sp,#128 - bl __ecp_nistz256_add_self @ p256_mul_by_2(tmp0, S); - - ldr r0,[sp,#32*5] - add r1,sp,#32 - add r2,sp,#32 - bl __ecp_nistz256_mul_mont @ p256_sqr_mont(res_x, M); - - add r2,sp,#128 - bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, tmp0); - - add r2,sp,#0 - add r0,sp,#0 - bl __ecp_nistz256_sub_morf @ p256_sub(S, S, res_x); - - add r1,sp,#32 - add r2,sp,#0 - bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, M); - - ldr r0,[sp,#32*5] - add r2,r0,#32 - add r0,r0,#32 - bl __ecp_nistz256_sub_from @ p256_sub(res_y, S, res_y); - - add sp,sp,#32*5+16 @ +16 means "skip even over saved r0-r3" -#if __ARM_ARCH__>=5 || !defined(__thumb__) - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - bx lr @ interoperable with Thumb ISA:-) -#endif -.size GFp_nistz256_point_double,.-GFp_nistz256_point_double -#endif -#endif // !OPENSSL_NO_ASM -.section .note.GNU-stack,"",%progbits diff --git a/pregenerated/ecp_nistz256-armv8-ios64.S b/pregenerated/ecp_nistz256-armv8-ios64.S deleted file mode 100644 index b668519..0000000 --- a/pregenerated/ecp_nistz256-armv8-ios64.S +++ /dev/null @@ -1,833 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> - -.text -.align 5 -Lpoly: -.quad 0xffffffffffffffff,0x00000000ffffffff,0x0000000000000000,0xffffffff00000001 -Lone_mont: -.quad 0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe -Lone: -.quad 1,0,0,0 -.byte 69,67,80,95,78,73,83,84,90,50,53,54,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 - -// void GFp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl _GFp_nistz256_mul_mont -.private_extern _GFp_nistz256_mul_mont - -.align 4 -_GFp_nistz256_mul_mont: - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldr x3,[x2] // bp[0] - ldp x4,x5,[x1] - ldp x6,x7,[x1,#16] - ldr x12,Lpoly+8 - ldr x13,Lpoly+24 - - bl __ecp_nistz256_mul_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - ret - - -// void GFp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl _GFp_nistz256_sqr_mont -.private_extern _GFp_nistz256_sqr_mont - -.align 4 -_GFp_nistz256_sqr_mont: - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldp x4,x5,[x1] - ldp x6,x7,[x1,#16] - ldr x12,Lpoly+8 - ldr x13,Lpoly+24 - - bl __ecp_nistz256_sqr_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - ret - - -// void GFp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl _GFp_nistz256_add -.private_extern _GFp_nistz256_add - -.align 4 -_GFp_nistz256_add: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ldp x14,x15,[x1] - ldp x8,x9,[x2] - ldp x16,x17,[x1,#16] - ldp x10,x11,[x2,#16] - ldr x12,Lpoly+8 - ldr x13,Lpoly+24 - - bl __ecp_nistz256_add - - ldp x29,x30,[sp],#16 - ret - - -// void GFp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl _GFp_nistz256_neg -.private_extern _GFp_nistz256_neg - -.align 4 -_GFp_nistz256_neg: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - mov x2,x1 - mov x14,xzr // a = 0 - mov x15,xzr - mov x16,xzr - mov x17,xzr - ldr x12,Lpoly+8 - ldr x13,Lpoly+24 - - bl __ecp_nistz256_sub_from - - ldp x29,x30,[sp],#16 - ret - - -// note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded -// to x4-x7 and b[0] - to x3 - -.align 4 -__ecp_nistz256_mul_mont: - mul x14,x4,x3 // a[0]*b[0] - umulh x8,x4,x3 - - mul x15,x5,x3 // a[1]*b[0] - umulh x9,x5,x3 - - mul x16,x6,x3 // a[2]*b[0] - umulh x10,x6,x3 - - mul x17,x7,x3 // a[3]*b[0] - umulh x11,x7,x3 - ldr x3,[x2,#8] // b[1] - - adds x15,x15,x8 // accumulate high parts of multiplication - lsl x8,x14,#32 - adcs x16,x16,x9 - lsr x9,x14,#32 - adcs x17,x17,x10 - adc x19,xzr,x11 - mov x20,xzr - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - mul x8,x4,x3 // lo(a[0]*b[i]) - adcs x15,x16,x9 - mul x9,x5,x3 // lo(a[1]*b[i]) - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - mul x10,x6,x3 // lo(a[2]*b[i]) - adcs x17,x19,x11 - mul x11,x7,x3 // lo(a[3]*b[i]) - adc x19,x20,xzr - - adds x14,x14,x8 // accumulate low parts of multiplication - umulh x8,x4,x3 // hi(a[0]*b[i]) - adcs x15,x15,x9 - umulh x9,x5,x3 // hi(a[1]*b[i]) - adcs x16,x16,x10 - umulh x10,x6,x3 // hi(a[2]*b[i]) - adcs x17,x17,x11 - umulh x11,x7,x3 // hi(a[3]*b[i]) - adc x19,x19,xzr - ldr x3,[x2,#8*(1+1)] // b[1+1] - adds x15,x15,x8 // accumulate high parts of multiplication - lsl x8,x14,#32 - adcs x16,x16,x9 - lsr x9,x14,#32 - adcs x17,x17,x10 - adcs x19,x19,x11 - adc x20,xzr,xzr - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - mul x8,x4,x3 // lo(a[0]*b[i]) - adcs x15,x16,x9 - mul x9,x5,x3 // lo(a[1]*b[i]) - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - mul x10,x6,x3 // lo(a[2]*b[i]) - adcs x17,x19,x11 - mul x11,x7,x3 // lo(a[3]*b[i]) - adc x19,x20,xzr - - adds x14,x14,x8 // accumulate low parts of multiplication - umulh x8,x4,x3 // hi(a[0]*b[i]) - adcs x15,x15,x9 - umulh x9,x5,x3 // hi(a[1]*b[i]) - adcs x16,x16,x10 - umulh x10,x6,x3 // hi(a[2]*b[i]) - adcs x17,x17,x11 - umulh x11,x7,x3 // hi(a[3]*b[i]) - adc x19,x19,xzr - ldr x3,[x2,#8*(2+1)] // b[2+1] - adds x15,x15,x8 // accumulate high parts of multiplication - lsl x8,x14,#32 - adcs x16,x16,x9 - lsr x9,x14,#32 - adcs x17,x17,x10 - adcs x19,x19,x11 - adc x20,xzr,xzr - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - mul x8,x4,x3 // lo(a[0]*b[i]) - adcs x15,x16,x9 - mul x9,x5,x3 // lo(a[1]*b[i]) - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - mul x10,x6,x3 // lo(a[2]*b[i]) - adcs x17,x19,x11 - mul x11,x7,x3 // lo(a[3]*b[i]) - adc x19,x20,xzr - - adds x14,x14,x8 // accumulate low parts of multiplication - umulh x8,x4,x3 // hi(a[0]*b[i]) - adcs x15,x15,x9 - umulh x9,x5,x3 // hi(a[1]*b[i]) - adcs x16,x16,x10 - umulh x10,x6,x3 // hi(a[2]*b[i]) - adcs x17,x17,x11 - umulh x11,x7,x3 // hi(a[3]*b[i]) - adc x19,x19,xzr - adds x15,x15,x8 // accumulate high parts of multiplication - lsl x8,x14,#32 - adcs x16,x16,x9 - lsr x9,x14,#32 - adcs x17,x17,x10 - adcs x19,x19,x11 - adc x20,xzr,xzr - // last reduction - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - adcs x17,x19,x11 - adc x19,x20,xzr - - adds x8,x14,#1 // subs x8,x14,#-1 // tmp = ret-modulus - sbcs x9,x15,x12 - sbcs x10,x16,xzr - sbcs x11,x17,x13 - sbcs xzr,x19,xzr // did it borrow? - - csel x14,x14,x8,lo // ret = borrow ? ret : ret-modulus - csel x15,x15,x9,lo - csel x16,x16,x10,lo - stp x14,x15,[x0] - csel x17,x17,x11,lo - stp x16,x17,[x0,#16] - - ret - - -// note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded -// to x4-x7 - -.align 4 -__ecp_nistz256_sqr_mont: - // | | | | | |a1*a0| | - // | | | | |a2*a0| | | - // | |a3*a2|a3*a0| | | | - // | | | |a2*a1| | | | - // | | |a3*a1| | | | | - // *| | | | | | | | 2| - // +|a3*a3|a2*a2|a1*a1|a0*a0| - // |--+--+--+--+--+--+--+--| - // |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is , i.e. follow - // - // "can't overflow" below mark carrying into high part of - // multiplication result, which can't overflow, because it - // can never be all ones. - - mul x15,x5,x4 // a[1]*a[0] - umulh x9,x5,x4 - mul x16,x6,x4 // a[2]*a[0] - umulh x10,x6,x4 - mul x17,x7,x4 // a[3]*a[0] - umulh x19,x7,x4 - - adds x16,x16,x9 // accumulate high parts of multiplication - mul x8,x6,x5 // a[2]*a[1] - umulh x9,x6,x5 - adcs x17,x17,x10 - mul x10,x7,x5 // a[3]*a[1] - umulh x11,x7,x5 - adc x19,x19,xzr // can't overflow - - mul x20,x7,x6 // a[3]*a[2] - umulh x1,x7,x6 - - adds x9,x9,x10 // accumulate high parts of multiplication - mul x14,x4,x4 // a[0]*a[0] - adc x10,x11,xzr // can't overflow - - adds x17,x17,x8 // accumulate low parts of multiplication - umulh x4,x4,x4 - adcs x19,x19,x9 - mul x9,x5,x5 // a[1]*a[1] - adcs x20,x20,x10 - umulh x5,x5,x5 - adc x1,x1,xzr // can't overflow - - adds x15,x15,x15 // acc[1-6]*=2 - mul x10,x6,x6 // a[2]*a[2] - adcs x16,x16,x16 - umulh x6,x6,x6 - adcs x17,x17,x17 - mul x11,x7,x7 // a[3]*a[3] - adcs x19,x19,x19 - umulh x7,x7,x7 - adcs x20,x20,x20 - adcs x1,x1,x1 - adc x2,xzr,xzr - - adds x15,x15,x4 // +a[i]*a[i] - adcs x16,x16,x9 - adcs x17,x17,x5 - adcs x19,x19,x10 - adcs x20,x20,x6 - lsl x8,x14,#32 - adcs x1,x1,x11 - lsr x9,x14,#32 - adc x2,x2,x7 - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - lsl x8,x14,#32 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - lsr x9,x14,#32 - adc x17,x11,xzr // can't overflow - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - lsl x8,x14,#32 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - lsr x9,x14,#32 - adc x17,x11,xzr // can't overflow - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - lsl x8,x14,#32 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - lsr x9,x14,#32 - adc x17,x11,xzr // can't overflow - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - adc x17,x11,xzr // can't overflow - - adds x14,x14,x19 // accumulate upper half - adcs x15,x15,x20 - adcs x16,x16,x1 - adcs x17,x17,x2 - adc x19,xzr,xzr - - adds x8,x14,#1 // subs x8,x14,#-1 // tmp = ret-modulus - sbcs x9,x15,x12 - sbcs x10,x16,xzr - sbcs x11,x17,x13 - sbcs xzr,x19,xzr // did it borrow? - - csel x14,x14,x8,lo // ret = borrow ? ret : ret-modulus - csel x15,x15,x9,lo - csel x16,x16,x10,lo - stp x14,x15,[x0] - csel x17,x17,x11,lo - stp x16,x17,[x0,#16] - - ret - - -// Note that __ecp_nistz256_add expects both input vectors pre-loaded to -// x4-x7 and x8-x11. This is done because it's used in multiple -// contexts, e.g. in multiplication by 2 and 3... - -.align 4 -__ecp_nistz256_add: - adds x14,x14,x8 // ret = a+b - adcs x15,x15,x9 - adcs x16,x16,x10 - adcs x17,x17,x11 - adc x1,xzr,xzr // zap x1 - - adds x8,x14,#1 // subs x8,x4,#-1 // tmp = ret-modulus - sbcs x9,x15,x12 - sbcs x10,x16,xzr - sbcs x11,x17,x13 - sbcs xzr,x1,xzr // did subtraction borrow? - - csel x14,x14,x8,lo // ret = borrow ? ret : ret-modulus - csel x15,x15,x9,lo - csel x16,x16,x10,lo - stp x14,x15,[x0] - csel x17,x17,x11,lo - stp x16,x17,[x0,#16] - - ret - - - -.align 4 -__ecp_nistz256_sub_from: - ldp x8,x9,[x2] - ldp x10,x11,[x2,#16] - subs x14,x14,x8 // ret = a-b - sbcs x15,x15,x9 - sbcs x16,x16,x10 - sbcs x17,x17,x11 - sbc x1,xzr,xzr // zap x1 - - subs x8,x14,#1 // adds x8,x4,#-1 // tmp = ret+modulus - adcs x9,x15,x12 - adcs x10,x16,xzr - adc x11,x17,x13 - cmp x1,xzr // did subtraction borrow? - - csel x14,x14,x8,eq // ret = borrow ? ret+modulus : ret - csel x15,x15,x9,eq - csel x16,x16,x10,eq - stp x14,x15,[x0] - csel x17,x17,x11,eq - stp x16,x17,[x0,#16] - - ret - - - -.align 4 -__ecp_nistz256_sub_morf: - ldp x8,x9,[x2] - ldp x10,x11,[x2,#16] - subs x14,x8,x14 // ret = b-a - sbcs x15,x9,x15 - sbcs x16,x10,x16 - sbcs x17,x11,x17 - sbc x1,xzr,xzr // zap x1 - - subs x8,x14,#1 // adds x8,x4,#-1 // tmp = ret+modulus - adcs x9,x15,x12 - adcs x10,x16,xzr - adc x11,x17,x13 - cmp x1,xzr // did subtraction borrow? - - csel x14,x14,x8,eq // ret = borrow ? ret+modulus : ret - csel x15,x15,x9,eq - csel x16,x16,x10,eq - stp x14,x15,[x0] - csel x17,x17,x11,eq - stp x16,x17,[x0,#16] - - ret - - - -.align 4 -__ecp_nistz256_div_by_2: - subs x8,x14,#1 // adds x8,x4,#-1 // tmp = a+modulus - adcs x9,x15,x12 - adcs x10,x16,xzr - adcs x11,x17,x13 - adc x1,xzr,xzr // zap x1 - tst x14,#1 // is a even? - - csel x14,x14,x8,eq // ret = even ? a : a+modulus - csel x15,x15,x9,eq - csel x16,x16,x10,eq - csel x17,x17,x11,eq - csel x1,xzr,x1,eq - - lsr x14,x14,#1 // ret >>= 1 - orr x14,x14,x15,lsl#63 - lsr x15,x15,#1 - orr x15,x15,x16,lsl#63 - lsr x16,x16,#1 - orr x16,x16,x17,lsl#63 - lsr x17,x17,#1 - stp x14,x15,[x0] - orr x17,x17,x1,lsl#63 - stp x16,x17,[x0,#16] - - ret - -.globl _GFp_nistz256_point_double -.private_extern _GFp_nistz256_point_double - -.align 5 -_GFp_nistz256_point_double: - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - sub sp,sp,#32*4 - -Ldouble_shortcut: - ldp x14,x15,[x1,#32] - mov x21,x0 - ldp x16,x17,[x1,#48] - mov x22,x1 - ldr x12,Lpoly+8 - mov x8,x14 - ldr x13,Lpoly+24 - mov x9,x15 - ldp x4,x5,[x22,#64] // forward load for p256_sqr_mont - mov x10,x16 - mov x11,x17 - ldp x6,x7,[x22,#64+16] - add x0,sp,#0 - bl __ecp_nistz256_add // p256_mul_by_2(S, in_y); - - add x0,sp,#64 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Zsqr, in_z); - - ldp x8,x9,[x22] - ldp x10,x11,[x22,#16] - mov x4,x14 // put Zsqr aside for p256_sub - mov x5,x15 - mov x6,x16 - mov x7,x17 - add x0,sp,#32 - bl __ecp_nistz256_add // p256_add(M, Zsqr, in_x); - - add x2,x22,#0 - mov x14,x4 // restore Zsqr - mov x15,x5 - ldp x4,x5,[sp,#0] // forward load for p256_sqr_mont - mov x16,x6 - mov x17,x7 - ldp x6,x7,[sp,#0+16] - add x0,sp,#64 - bl __ecp_nistz256_sub_morf // p256_sub(Zsqr, in_x, Zsqr); - - add x0,sp,#0 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(S, S); - - ldr x3,[x22,#32] - ldp x4,x5,[x22,#64] - ldp x6,x7,[x22,#64+16] - add x2,x22,#32 - add x0,sp,#96 - bl __ecp_nistz256_mul_mont // p256_mul_mont(tmp0, in_z, in_y); - - mov x8,x14 - mov x9,x15 - ldp x4,x5,[sp,#0] // forward load for p256_sqr_mont - mov x10,x16 - mov x11,x17 - ldp x6,x7,[sp,#0+16] - add x0,x21,#64 - bl __ecp_nistz256_add // p256_mul_by_2(res_z, tmp0); - - add x0,sp,#96 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(tmp0, S); - - ldr x3,[sp,#64] // forward load for p256_mul_mont - ldp x4,x5,[sp,#32] - ldp x6,x7,[sp,#32+16] - add x0,x21,#32 - bl __ecp_nistz256_div_by_2 // p256_div_by_2(res_y, tmp0); - - add x2,sp,#64 - add x0,sp,#32 - bl __ecp_nistz256_mul_mont // p256_mul_mont(M, M, Zsqr); - - mov x8,x14 // duplicate M - mov x9,x15 - mov x10,x16 - mov x11,x17 - mov x4,x14 // put M aside - mov x5,x15 - mov x6,x16 - mov x7,x17 - add x0,sp,#32 - bl __ecp_nistz256_add - mov x8,x4 // restore M - mov x9,x5 - ldr x3,[x22] // forward load for p256_mul_mont - mov x10,x6 - ldp x4,x5,[sp,#0] - mov x11,x7 - ldp x6,x7,[sp,#0+16] - bl __ecp_nistz256_add // p256_mul_by_3(M, M); - - add x2,x22,#0 - add x0,sp,#0 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S, S, in_x); - - mov x8,x14 - mov x9,x15 - ldp x4,x5,[sp,#32] // forward load for p256_sqr_mont - mov x10,x16 - mov x11,x17 - ldp x6,x7,[sp,#32+16] - add x0,sp,#96 - bl __ecp_nistz256_add // p256_mul_by_2(tmp0, S); - - add x0,x21,#0 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(res_x, M); - - add x2,sp,#96 - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, tmp0); - - add x2,sp,#0 - add x0,sp,#0 - bl __ecp_nistz256_sub_morf // p256_sub(S, S, res_x); - - ldr x3,[sp,#32] - mov x4,x14 // copy S - mov x5,x15 - mov x6,x16 - mov x7,x17 - add x2,sp,#32 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S, S, M); - - add x2,x21,#32 - add x0,x21,#32 - bl __ecp_nistz256_sub_from // p256_sub(res_y, S, res_y); - - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x29,x30,[sp],#80 - ret - -.globl _GFp_nistz256_point_add_affine -.private_extern _GFp_nistz256_point_add_affine - -.align 5 -_GFp_nistz256_point_add_affine: - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - sub sp,sp,#32*10 - - mov x21,x0 - mov x22,x1 - mov x23,x2 - ldr x12,Lpoly+8 - ldr x13,Lpoly+24 - - ldp x4,x5,[x1,#64] // in1_z - ldp x6,x7,[x1,#64+16] - orr x8,x4,x5 - orr x10,x6,x7 - orr x24,x8,x10 - cmp x24,#0 - csetm x24,ne // !in1infty - - ldp x14,x15,[x2] // in2_x - ldp x16,x17,[x2,#16] - ldp x8,x9,[x2,#32] // in2_y - ldp x10,x11,[x2,#48] - orr x14,x14,x15 - orr x16,x16,x17 - orr x8,x8,x9 - orr x10,x10,x11 - orr x14,x14,x16 - orr x8,x8,x10 - orr x25,x14,x8 - cmp x25,#0 - csetm x25,ne // !in2infty - - add x0,sp,#128 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); - - mov x4,x14 - mov x5,x15 - mov x6,x16 - mov x7,x17 - ldr x3,[x23] - add x2,x23,#0 - add x0,sp,#96 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, Z1sqr, in2_x); - - add x2,x22,#0 - ldr x3,[x22,#64] // forward load for p256_mul_mont - ldp x4,x5,[sp,#128] - ldp x6,x7,[sp,#128+16] - add x0,sp,#160 - bl __ecp_nistz256_sub_from // p256_sub(H, U2, in1_x); - - add x2,x22,#64 - add x0,sp,#128 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, Z1sqr, in1_z); - - ldr x3,[x22,#64] - ldp x4,x5,[sp,#160] - ldp x6,x7,[sp,#160+16] - add x2,x22,#64 - add x0,sp,#64 - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_z, H, in1_z); - - ldr x3,[x23,#32] - ldp x4,x5,[sp,#128] - ldp x6,x7,[sp,#128+16] - add x2,x23,#32 - add x0,sp,#128 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, S2, in2_y); - - add x2,x22,#32 - ldp x4,x5,[sp,#160] // forward load for p256_sqr_mont - ldp x6,x7,[sp,#160+16] - add x0,sp,#192 - bl __ecp_nistz256_sub_from // p256_sub(R, S2, in1_y); - - add x0,sp,#224 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Hsqr, H); - - ldp x4,x5,[sp,#192] - ldp x6,x7,[sp,#192+16] - add x0,sp,#288 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Rsqr, R); - - ldr x3,[sp,#160] - ldp x4,x5,[sp,#224] - ldp x6,x7,[sp,#224+16] - add x2,sp,#160 - add x0,sp,#256 - bl __ecp_nistz256_mul_mont // p256_mul_mont(Hcub, Hsqr, H); - - ldr x3,[x22] - ldp x4,x5,[sp,#224] - ldp x6,x7,[sp,#224+16] - add x2,x22,#0 - add x0,sp,#96 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, in1_x, Hsqr); - - mov x8,x14 - mov x9,x15 - mov x10,x16 - mov x11,x17 - add x0,sp,#224 - bl __ecp_nistz256_add // p256_mul_by_2(Hsqr, U2); - - add x2,sp,#288 - add x0,sp,#0 - bl __ecp_nistz256_sub_morf // p256_sub(res_x, Rsqr, Hsqr); - - add x2,sp,#256 - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, Hcub); - - add x2,sp,#96 - ldr x3,[x22,#32] // forward load for p256_mul_mont - ldp x4,x5,[sp,#256] - ldp x6,x7,[sp,#256+16] - add x0,sp,#32 - bl __ecp_nistz256_sub_morf // p256_sub(res_y, U2, res_x); - - add x2,x22,#32 - add x0,sp,#128 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, in1_y, Hcub); - - ldr x3,[sp,#192] - ldp x4,x5,[sp,#32] - ldp x6,x7,[sp,#32+16] - add x2,sp,#192 - add x0,sp,#32 - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_y, res_y, R); - - add x2,sp,#128 - bl __ecp_nistz256_sub_from // p256_sub(res_y, res_y, S2); - - ldp x4,x5,[sp,#0] // res - ldp x6,x7,[sp,#0+16] - ldp x8,x9,[x23] // in2 - ldp x10,x11,[x23,#16] - ldp x14,x15,[x22,#0] // in1 - cmp x24,#0 // !, remember? - ldp x16,x17,[x22,#0+16] - csel x8,x4,x8,ne - csel x9,x5,x9,ne - ldp x4,x5,[sp,#0+0+32] // res - csel x10,x6,x10,ne - csel x11,x7,x11,ne - cmp x25,#0 // !, remember? - ldp x6,x7,[sp,#0+0+48] - csel x14,x8,x14,ne - csel x15,x9,x15,ne - ldp x8,x9,[x23,#0+32] // in2 - csel x16,x10,x16,ne - csel x17,x11,x17,ne - ldp x10,x11,[x23,#0+48] - stp x14,x15,[x21,#0] - stp x16,x17,[x21,#0+16] - adr x23,Lone_mont-64 - ldp x14,x15,[x22,#32] // in1 - cmp x24,#0 // !, remember? - ldp x16,x17,[x22,#32+16] - csel x8,x4,x8,ne - csel x9,x5,x9,ne - ldp x4,x5,[sp,#0+32+32] // res - csel x10,x6,x10,ne - csel x11,x7,x11,ne - cmp x25,#0 // !, remember? - ldp x6,x7,[sp,#0+32+48] - csel x14,x8,x14,ne - csel x15,x9,x15,ne - ldp x8,x9,[x23,#32+32] // in2 - csel x16,x10,x16,ne - csel x17,x11,x17,ne - ldp x10,x11,[x23,#32+48] - stp x14,x15,[x21,#32] - stp x16,x17,[x21,#32+16] - ldp x14,x15,[x22,#64] // in1 - cmp x24,#0 // !, remember? - ldp x16,x17,[x22,#64+16] - csel x8,x4,x8,ne - csel x9,x5,x9,ne - csel x10,x6,x10,ne - csel x11,x7,x11,ne - cmp x25,#0 // !, remember? - csel x14,x8,x14,ne - csel x15,x9,x15,ne - csel x16,x10,x16,ne - csel x17,x11,x17,ne - stp x14,x15,[x21,#64] - stp x16,x17,[x21,#64+16] - - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x29,x30,[sp],#80 - ret - -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/ecp_nistz256-armv8-linux64.S b/pregenerated/ecp_nistz256-armv8-linux64.S deleted file mode 100644 index 569ae03..0000000 --- a/pregenerated/ecp_nistz256-armv8-linux64.S +++ /dev/null @@ -1,836 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#if defined(__aarch64__) -#include <GFp/arm_arch.h> - -.text -.align 5 -.Lpoly: -.quad 0xffffffffffffffff,0x00000000ffffffff,0x0000000000000000,0xffffffff00000001 -.Lone_mont: -.quad 0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe -.Lone: -.quad 1,0,0,0 -.byte 69,67,80,95,78,73,83,84,90,50,53,54,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 - -// void GFp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl GFp_nistz256_mul_mont -.hidden GFp_nistz256_mul_mont -.type GFp_nistz256_mul_mont,%function -.align 4 -GFp_nistz256_mul_mont: - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldr x3,[x2] // bp[0] - ldp x4,x5,[x1] - ldp x6,x7,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 - - bl __ecp_nistz256_mul_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - ret -.size GFp_nistz256_mul_mont,.-GFp_nistz256_mul_mont - -// void GFp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl GFp_nistz256_sqr_mont -.hidden GFp_nistz256_sqr_mont -.type GFp_nistz256_sqr_mont,%function -.align 4 -GFp_nistz256_sqr_mont: - stp x29,x30,[sp,#-32]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - - ldp x4,x5,[x1] - ldp x6,x7,[x1,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 - - bl __ecp_nistz256_sqr_mont - - ldp x19,x20,[sp,#16] - ldp x29,x30,[sp],#32 - ret -.size GFp_nistz256_sqr_mont,.-GFp_nistz256_sqr_mont - -// void GFp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4], -// const BN_ULONG x2[4]); -.globl GFp_nistz256_add -.hidden GFp_nistz256_add -.type GFp_nistz256_add,%function -.align 4 -GFp_nistz256_add: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - ldp x14,x15,[x1] - ldp x8,x9,[x2] - ldp x16,x17,[x1,#16] - ldp x10,x11,[x2,#16] - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 - - bl __ecp_nistz256_add - - ldp x29,x30,[sp],#16 - ret -.size GFp_nistz256_add,.-GFp_nistz256_add - -// void GFp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]); -.globl GFp_nistz256_neg -.hidden GFp_nistz256_neg -.type GFp_nistz256_neg,%function -.align 4 -GFp_nistz256_neg: - stp x29,x30,[sp,#-16]! - add x29,sp,#0 - - mov x2,x1 - mov x14,xzr // a = 0 - mov x15,xzr - mov x16,xzr - mov x17,xzr - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 - - bl __ecp_nistz256_sub_from - - ldp x29,x30,[sp],#16 - ret -.size GFp_nistz256_neg,.-GFp_nistz256_neg - -// note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded -// to x4-x7 and b[0] - to x3 -.type __ecp_nistz256_mul_mont,%function -.align 4 -__ecp_nistz256_mul_mont: - mul x14,x4,x3 // a[0]*b[0] - umulh x8,x4,x3 - - mul x15,x5,x3 // a[1]*b[0] - umulh x9,x5,x3 - - mul x16,x6,x3 // a[2]*b[0] - umulh x10,x6,x3 - - mul x17,x7,x3 // a[3]*b[0] - umulh x11,x7,x3 - ldr x3,[x2,#8] // b[1] - - adds x15,x15,x8 // accumulate high parts of multiplication - lsl x8,x14,#32 - adcs x16,x16,x9 - lsr x9,x14,#32 - adcs x17,x17,x10 - adc x19,xzr,x11 - mov x20,xzr - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - mul x8,x4,x3 // lo(a[0]*b[i]) - adcs x15,x16,x9 - mul x9,x5,x3 // lo(a[1]*b[i]) - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - mul x10,x6,x3 // lo(a[2]*b[i]) - adcs x17,x19,x11 - mul x11,x7,x3 // lo(a[3]*b[i]) - adc x19,x20,xzr - - adds x14,x14,x8 // accumulate low parts of multiplication - umulh x8,x4,x3 // hi(a[0]*b[i]) - adcs x15,x15,x9 - umulh x9,x5,x3 // hi(a[1]*b[i]) - adcs x16,x16,x10 - umulh x10,x6,x3 // hi(a[2]*b[i]) - adcs x17,x17,x11 - umulh x11,x7,x3 // hi(a[3]*b[i]) - adc x19,x19,xzr - ldr x3,[x2,#8*(1+1)] // b[1+1] - adds x15,x15,x8 // accumulate high parts of multiplication - lsl x8,x14,#32 - adcs x16,x16,x9 - lsr x9,x14,#32 - adcs x17,x17,x10 - adcs x19,x19,x11 - adc x20,xzr,xzr - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - mul x8,x4,x3 // lo(a[0]*b[i]) - adcs x15,x16,x9 - mul x9,x5,x3 // lo(a[1]*b[i]) - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - mul x10,x6,x3 // lo(a[2]*b[i]) - adcs x17,x19,x11 - mul x11,x7,x3 // lo(a[3]*b[i]) - adc x19,x20,xzr - - adds x14,x14,x8 // accumulate low parts of multiplication - umulh x8,x4,x3 // hi(a[0]*b[i]) - adcs x15,x15,x9 - umulh x9,x5,x3 // hi(a[1]*b[i]) - adcs x16,x16,x10 - umulh x10,x6,x3 // hi(a[2]*b[i]) - adcs x17,x17,x11 - umulh x11,x7,x3 // hi(a[3]*b[i]) - adc x19,x19,xzr - ldr x3,[x2,#8*(2+1)] // b[2+1] - adds x15,x15,x8 // accumulate high parts of multiplication - lsl x8,x14,#32 - adcs x16,x16,x9 - lsr x9,x14,#32 - adcs x17,x17,x10 - adcs x19,x19,x11 - adc x20,xzr,xzr - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - mul x8,x4,x3 // lo(a[0]*b[i]) - adcs x15,x16,x9 - mul x9,x5,x3 // lo(a[1]*b[i]) - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - mul x10,x6,x3 // lo(a[2]*b[i]) - adcs x17,x19,x11 - mul x11,x7,x3 // lo(a[3]*b[i]) - adc x19,x20,xzr - - adds x14,x14,x8 // accumulate low parts of multiplication - umulh x8,x4,x3 // hi(a[0]*b[i]) - adcs x15,x15,x9 - umulh x9,x5,x3 // hi(a[1]*b[i]) - adcs x16,x16,x10 - umulh x10,x6,x3 // hi(a[2]*b[i]) - adcs x17,x17,x11 - umulh x11,x7,x3 // hi(a[3]*b[i]) - adc x19,x19,xzr - adds x15,x15,x8 // accumulate high parts of multiplication - lsl x8,x14,#32 - adcs x16,x16,x9 - lsr x9,x14,#32 - adcs x17,x17,x10 - adcs x19,x19,x11 - adc x20,xzr,xzr - // last reduction - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - adcs x17,x19,x11 - adc x19,x20,xzr - - adds x8,x14,#1 // subs x8,x14,#-1 // tmp = ret-modulus - sbcs x9,x15,x12 - sbcs x10,x16,xzr - sbcs x11,x17,x13 - sbcs xzr,x19,xzr // did it borrow? - - csel x14,x14,x8,lo // ret = borrow ? ret : ret-modulus - csel x15,x15,x9,lo - csel x16,x16,x10,lo - stp x14,x15,[x0] - csel x17,x17,x11,lo - stp x16,x17,[x0,#16] - - ret -.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont - -// note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded -// to x4-x7 -.type __ecp_nistz256_sqr_mont,%function -.align 4 -__ecp_nistz256_sqr_mont: - // | | | | | |a1*a0| | - // | | | | |a2*a0| | | - // | |a3*a2|a3*a0| | | | - // | | | |a2*a1| | | | - // | | |a3*a1| | | | | - // *| | | | | | | | 2| - // +|a3*a3|a2*a2|a1*a1|a0*a0| - // |--+--+--+--+--+--+--+--| - // |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is , i.e. follow - // - // "can't overflow" below mark carrying into high part of - // multiplication result, which can't overflow, because it - // can never be all ones. - - mul x15,x5,x4 // a[1]*a[0] - umulh x9,x5,x4 - mul x16,x6,x4 // a[2]*a[0] - umulh x10,x6,x4 - mul x17,x7,x4 // a[3]*a[0] - umulh x19,x7,x4 - - adds x16,x16,x9 // accumulate high parts of multiplication - mul x8,x6,x5 // a[2]*a[1] - umulh x9,x6,x5 - adcs x17,x17,x10 - mul x10,x7,x5 // a[3]*a[1] - umulh x11,x7,x5 - adc x19,x19,xzr // can't overflow - - mul x20,x7,x6 // a[3]*a[2] - umulh x1,x7,x6 - - adds x9,x9,x10 // accumulate high parts of multiplication - mul x14,x4,x4 // a[0]*a[0] - adc x10,x11,xzr // can't overflow - - adds x17,x17,x8 // accumulate low parts of multiplication - umulh x4,x4,x4 - adcs x19,x19,x9 - mul x9,x5,x5 // a[1]*a[1] - adcs x20,x20,x10 - umulh x5,x5,x5 - adc x1,x1,xzr // can't overflow - - adds x15,x15,x15 // acc[1-6]*=2 - mul x10,x6,x6 // a[2]*a[2] - adcs x16,x16,x16 - umulh x6,x6,x6 - adcs x17,x17,x17 - mul x11,x7,x7 // a[3]*a[3] - adcs x19,x19,x19 - umulh x7,x7,x7 - adcs x20,x20,x20 - adcs x1,x1,x1 - adc x2,xzr,xzr - - adds x15,x15,x4 // +a[i]*a[i] - adcs x16,x16,x9 - adcs x17,x17,x5 - adcs x19,x19,x10 - adcs x20,x20,x6 - lsl x8,x14,#32 - adcs x1,x1,x11 - lsr x9,x14,#32 - adc x2,x2,x7 - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - lsl x8,x14,#32 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - lsr x9,x14,#32 - adc x17,x11,xzr // can't overflow - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - lsl x8,x14,#32 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - lsr x9,x14,#32 - adc x17,x11,xzr // can't overflow - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - lsl x8,x14,#32 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - lsr x9,x14,#32 - adc x17,x11,xzr // can't overflow - subs x10,x14,x8 // "*0xffff0001" - sbc x11,x14,x9 - adds x14,x15,x8 // +=acc[0]<<96 and omit acc[0] - adcs x15,x16,x9 - adcs x16,x17,x10 // +=acc[0]*0xffff0001 - adc x17,x11,xzr // can't overflow - - adds x14,x14,x19 // accumulate upper half - adcs x15,x15,x20 - adcs x16,x16,x1 - adcs x17,x17,x2 - adc x19,xzr,xzr - - adds x8,x14,#1 // subs x8,x14,#-1 // tmp = ret-modulus - sbcs x9,x15,x12 - sbcs x10,x16,xzr - sbcs x11,x17,x13 - sbcs xzr,x19,xzr // did it borrow? - - csel x14,x14,x8,lo // ret = borrow ? ret : ret-modulus - csel x15,x15,x9,lo - csel x16,x16,x10,lo - stp x14,x15,[x0] - csel x17,x17,x11,lo - stp x16,x17,[x0,#16] - - ret -.size __ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont - -// Note that __ecp_nistz256_add expects both input vectors pre-loaded to -// x4-x7 and x8-x11. This is done because it's used in multiple -// contexts, e.g. in multiplication by 2 and 3... -.type __ecp_nistz256_add,%function -.align 4 -__ecp_nistz256_add: - adds x14,x14,x8 // ret = a+b - adcs x15,x15,x9 - adcs x16,x16,x10 - adcs x17,x17,x11 - adc x1,xzr,xzr // zap x1 - - adds x8,x14,#1 // subs x8,x4,#-1 // tmp = ret-modulus - sbcs x9,x15,x12 - sbcs x10,x16,xzr - sbcs x11,x17,x13 - sbcs xzr,x1,xzr // did subtraction borrow? - - csel x14,x14,x8,lo // ret = borrow ? ret : ret-modulus - csel x15,x15,x9,lo - csel x16,x16,x10,lo - stp x14,x15,[x0] - csel x17,x17,x11,lo - stp x16,x17,[x0,#16] - - ret -.size __ecp_nistz256_add,.-__ecp_nistz256_add - -.type __ecp_nistz256_sub_from,%function -.align 4 -__ecp_nistz256_sub_from: - ldp x8,x9,[x2] - ldp x10,x11,[x2,#16] - subs x14,x14,x8 // ret = a-b - sbcs x15,x15,x9 - sbcs x16,x16,x10 - sbcs x17,x17,x11 - sbc x1,xzr,xzr // zap x1 - - subs x8,x14,#1 // adds x8,x4,#-1 // tmp = ret+modulus - adcs x9,x15,x12 - adcs x10,x16,xzr - adc x11,x17,x13 - cmp x1,xzr // did subtraction borrow? - - csel x14,x14,x8,eq // ret = borrow ? ret+modulus : ret - csel x15,x15,x9,eq - csel x16,x16,x10,eq - stp x14,x15,[x0] - csel x17,x17,x11,eq - stp x16,x17,[x0,#16] - - ret -.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from - -.type __ecp_nistz256_sub_morf,%function -.align 4 -__ecp_nistz256_sub_morf: - ldp x8,x9,[x2] - ldp x10,x11,[x2,#16] - subs x14,x8,x14 // ret = b-a - sbcs x15,x9,x15 - sbcs x16,x10,x16 - sbcs x17,x11,x17 - sbc x1,xzr,xzr // zap x1 - - subs x8,x14,#1 // adds x8,x4,#-1 // tmp = ret+modulus - adcs x9,x15,x12 - adcs x10,x16,xzr - adc x11,x17,x13 - cmp x1,xzr // did subtraction borrow? - - csel x14,x14,x8,eq // ret = borrow ? ret+modulus : ret - csel x15,x15,x9,eq - csel x16,x16,x10,eq - stp x14,x15,[x0] - csel x17,x17,x11,eq - stp x16,x17,[x0,#16] - - ret -.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf - -.type __ecp_nistz256_div_by_2,%function -.align 4 -__ecp_nistz256_div_by_2: - subs x8,x14,#1 // adds x8,x4,#-1 // tmp = a+modulus - adcs x9,x15,x12 - adcs x10,x16,xzr - adcs x11,x17,x13 - adc x1,xzr,xzr // zap x1 - tst x14,#1 // is a even? - - csel x14,x14,x8,eq // ret = even ? a : a+modulus - csel x15,x15,x9,eq - csel x16,x16,x10,eq - csel x17,x17,x11,eq - csel x1,xzr,x1,eq - - lsr x14,x14,#1 // ret >>= 1 - orr x14,x14,x15,lsl#63 - lsr x15,x15,#1 - orr x15,x15,x16,lsl#63 - lsr x16,x16,#1 - orr x16,x16,x17,lsl#63 - lsr x17,x17,#1 - stp x14,x15,[x0] - orr x17,x17,x1,lsl#63 - stp x16,x17,[x0,#16] - - ret -.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 -.globl GFp_nistz256_point_double -.hidden GFp_nistz256_point_double -.type GFp_nistz256_point_double,%function -.align 5 -GFp_nistz256_point_double: - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - sub sp,sp,#32*4 - -.Ldouble_shortcut: - ldp x14,x15,[x1,#32] - mov x21,x0 - ldp x16,x17,[x1,#48] - mov x22,x1 - ldr x12,.Lpoly+8 - mov x8,x14 - ldr x13,.Lpoly+24 - mov x9,x15 - ldp x4,x5,[x22,#64] // forward load for p256_sqr_mont - mov x10,x16 - mov x11,x17 - ldp x6,x7,[x22,#64+16] - add x0,sp,#0 - bl __ecp_nistz256_add // p256_mul_by_2(S, in_y); - - add x0,sp,#64 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Zsqr, in_z); - - ldp x8,x9,[x22] - ldp x10,x11,[x22,#16] - mov x4,x14 // put Zsqr aside for p256_sub - mov x5,x15 - mov x6,x16 - mov x7,x17 - add x0,sp,#32 - bl __ecp_nistz256_add // p256_add(M, Zsqr, in_x); - - add x2,x22,#0 - mov x14,x4 // restore Zsqr - mov x15,x5 - ldp x4,x5,[sp,#0] // forward load for p256_sqr_mont - mov x16,x6 - mov x17,x7 - ldp x6,x7,[sp,#0+16] - add x0,sp,#64 - bl __ecp_nistz256_sub_morf // p256_sub(Zsqr, in_x, Zsqr); - - add x0,sp,#0 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(S, S); - - ldr x3,[x22,#32] - ldp x4,x5,[x22,#64] - ldp x6,x7,[x22,#64+16] - add x2,x22,#32 - add x0,sp,#96 - bl __ecp_nistz256_mul_mont // p256_mul_mont(tmp0, in_z, in_y); - - mov x8,x14 - mov x9,x15 - ldp x4,x5,[sp,#0] // forward load for p256_sqr_mont - mov x10,x16 - mov x11,x17 - ldp x6,x7,[sp,#0+16] - add x0,x21,#64 - bl __ecp_nistz256_add // p256_mul_by_2(res_z, tmp0); - - add x0,sp,#96 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(tmp0, S); - - ldr x3,[sp,#64] // forward load for p256_mul_mont - ldp x4,x5,[sp,#32] - ldp x6,x7,[sp,#32+16] - add x0,x21,#32 - bl __ecp_nistz256_div_by_2 // p256_div_by_2(res_y, tmp0); - - add x2,sp,#64 - add x0,sp,#32 - bl __ecp_nistz256_mul_mont // p256_mul_mont(M, M, Zsqr); - - mov x8,x14 // duplicate M - mov x9,x15 - mov x10,x16 - mov x11,x17 - mov x4,x14 // put M aside - mov x5,x15 - mov x6,x16 - mov x7,x17 - add x0,sp,#32 - bl __ecp_nistz256_add - mov x8,x4 // restore M - mov x9,x5 - ldr x3,[x22] // forward load for p256_mul_mont - mov x10,x6 - ldp x4,x5,[sp,#0] - mov x11,x7 - ldp x6,x7,[sp,#0+16] - bl __ecp_nistz256_add // p256_mul_by_3(M, M); - - add x2,x22,#0 - add x0,sp,#0 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S, S, in_x); - - mov x8,x14 - mov x9,x15 - ldp x4,x5,[sp,#32] // forward load for p256_sqr_mont - mov x10,x16 - mov x11,x17 - ldp x6,x7,[sp,#32+16] - add x0,sp,#96 - bl __ecp_nistz256_add // p256_mul_by_2(tmp0, S); - - add x0,x21,#0 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(res_x, M); - - add x2,sp,#96 - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, tmp0); - - add x2,sp,#0 - add x0,sp,#0 - bl __ecp_nistz256_sub_morf // p256_sub(S, S, res_x); - - ldr x3,[sp,#32] - mov x4,x14 // copy S - mov x5,x15 - mov x6,x16 - mov x7,x17 - add x2,sp,#32 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S, S, M); - - add x2,x21,#32 - add x0,x21,#32 - bl __ecp_nistz256_sub_from // p256_sub(res_y, S, res_y); - - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x29,x30,[sp],#80 - ret -.size GFp_nistz256_point_double,.-GFp_nistz256_point_double -.globl GFp_nistz256_point_add_affine -.hidden GFp_nistz256_point_add_affine -.type GFp_nistz256_point_add_affine,%function -.align 5 -GFp_nistz256_point_add_affine: - stp x29,x30,[sp,#-80]! - add x29,sp,#0 - stp x19,x20,[sp,#16] - stp x21,x22,[sp,#32] - stp x23,x24,[sp,#48] - stp x25,x26,[sp,#64] - sub sp,sp,#32*10 - - mov x21,x0 - mov x22,x1 - mov x23,x2 - ldr x12,.Lpoly+8 - ldr x13,.Lpoly+24 - - ldp x4,x5,[x1,#64] // in1_z - ldp x6,x7,[x1,#64+16] - orr x8,x4,x5 - orr x10,x6,x7 - orr x24,x8,x10 - cmp x24,#0 - csetm x24,ne // !in1infty - - ldp x14,x15,[x2] // in2_x - ldp x16,x17,[x2,#16] - ldp x8,x9,[x2,#32] // in2_y - ldp x10,x11,[x2,#48] - orr x14,x14,x15 - orr x16,x16,x17 - orr x8,x8,x9 - orr x10,x10,x11 - orr x14,x14,x16 - orr x8,x8,x10 - orr x25,x14,x8 - cmp x25,#0 - csetm x25,ne // !in2infty - - add x0,sp,#128 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Z1sqr, in1_z); - - mov x4,x14 - mov x5,x15 - mov x6,x16 - mov x7,x17 - ldr x3,[x23] - add x2,x23,#0 - add x0,sp,#96 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, Z1sqr, in2_x); - - add x2,x22,#0 - ldr x3,[x22,#64] // forward load for p256_mul_mont - ldp x4,x5,[sp,#128] - ldp x6,x7,[sp,#128+16] - add x0,sp,#160 - bl __ecp_nistz256_sub_from // p256_sub(H, U2, in1_x); - - add x2,x22,#64 - add x0,sp,#128 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, Z1sqr, in1_z); - - ldr x3,[x22,#64] - ldp x4,x5,[sp,#160] - ldp x6,x7,[sp,#160+16] - add x2,x22,#64 - add x0,sp,#64 - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_z, H, in1_z); - - ldr x3,[x23,#32] - ldp x4,x5,[sp,#128] - ldp x6,x7,[sp,#128+16] - add x2,x23,#32 - add x0,sp,#128 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, S2, in2_y); - - add x2,x22,#32 - ldp x4,x5,[sp,#160] // forward load for p256_sqr_mont - ldp x6,x7,[sp,#160+16] - add x0,sp,#192 - bl __ecp_nistz256_sub_from // p256_sub(R, S2, in1_y); - - add x0,sp,#224 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Hsqr, H); - - ldp x4,x5,[sp,#192] - ldp x6,x7,[sp,#192+16] - add x0,sp,#288 - bl __ecp_nistz256_sqr_mont // p256_sqr_mont(Rsqr, R); - - ldr x3,[sp,#160] - ldp x4,x5,[sp,#224] - ldp x6,x7,[sp,#224+16] - add x2,sp,#160 - add x0,sp,#256 - bl __ecp_nistz256_mul_mont // p256_mul_mont(Hcub, Hsqr, H); - - ldr x3,[x22] - ldp x4,x5,[sp,#224] - ldp x6,x7,[sp,#224+16] - add x2,x22,#0 - add x0,sp,#96 - bl __ecp_nistz256_mul_mont // p256_mul_mont(U2, in1_x, Hsqr); - - mov x8,x14 - mov x9,x15 - mov x10,x16 - mov x11,x17 - add x0,sp,#224 - bl __ecp_nistz256_add // p256_mul_by_2(Hsqr, U2); - - add x2,sp,#288 - add x0,sp,#0 - bl __ecp_nistz256_sub_morf // p256_sub(res_x, Rsqr, Hsqr); - - add x2,sp,#256 - bl __ecp_nistz256_sub_from // p256_sub(res_x, res_x, Hcub); - - add x2,sp,#96 - ldr x3,[x22,#32] // forward load for p256_mul_mont - ldp x4,x5,[sp,#256] - ldp x6,x7,[sp,#256+16] - add x0,sp,#32 - bl __ecp_nistz256_sub_morf // p256_sub(res_y, U2, res_x); - - add x2,x22,#32 - add x0,sp,#128 - bl __ecp_nistz256_mul_mont // p256_mul_mont(S2, in1_y, Hcub); - - ldr x3,[sp,#192] - ldp x4,x5,[sp,#32] - ldp x6,x7,[sp,#32+16] - add x2,sp,#192 - add x0,sp,#32 - bl __ecp_nistz256_mul_mont // p256_mul_mont(res_y, res_y, R); - - add x2,sp,#128 - bl __ecp_nistz256_sub_from // p256_sub(res_y, res_y, S2); - - ldp x4,x5,[sp,#0] // res - ldp x6,x7,[sp,#0+16] - ldp x8,x9,[x23] // in2 - ldp x10,x11,[x23,#16] - ldp x14,x15,[x22,#0] // in1 - cmp x24,#0 // !, remember? - ldp x16,x17,[x22,#0+16] - csel x8,x4,x8,ne - csel x9,x5,x9,ne - ldp x4,x5,[sp,#0+0+32] // res - csel x10,x6,x10,ne - csel x11,x7,x11,ne - cmp x25,#0 // !, remember? - ldp x6,x7,[sp,#0+0+48] - csel x14,x8,x14,ne - csel x15,x9,x15,ne - ldp x8,x9,[x23,#0+32] // in2 - csel x16,x10,x16,ne - csel x17,x11,x17,ne - ldp x10,x11,[x23,#0+48] - stp x14,x15,[x21,#0] - stp x16,x17,[x21,#0+16] - adr x23,.Lone_mont-64 - ldp x14,x15,[x22,#32] // in1 - cmp x24,#0 // !, remember? - ldp x16,x17,[x22,#32+16] - csel x8,x4,x8,ne - csel x9,x5,x9,ne - ldp x4,x5,[sp,#0+32+32] // res - csel x10,x6,x10,ne - csel x11,x7,x11,ne - cmp x25,#0 // !, remember? - ldp x6,x7,[sp,#0+32+48] - csel x14,x8,x14,ne - csel x15,x9,x15,ne - ldp x8,x9,[x23,#32+32] // in2 - csel x16,x10,x16,ne - csel x17,x11,x17,ne - ldp x10,x11,[x23,#32+48] - stp x14,x15,[x21,#32] - stp x16,x17,[x21,#32+16] - ldp x14,x15,[x22,#64] // in1 - cmp x24,#0 // !, remember? - ldp x16,x17,[x22,#64+16] - csel x8,x4,x8,ne - csel x9,x5,x9,ne - csel x10,x6,x10,ne - csel x11,x7,x11,ne - cmp x25,#0 // !, remember? - csel x14,x8,x14,ne - csel x15,x9,x15,ne - csel x16,x10,x16,ne - csel x17,x11,x17,ne - stp x14,x15,[x21,#64] - stp x16,x17,[x21,#64+16] - - add sp,x29,#0 // destroy frame - ldp x19,x20,[x29,#16] - ldp x21,x22,[x29,#32] - ldp x23,x24,[x29,#48] - ldp x25,x26,[x29,#64] - ldp x29,x30,[sp],#80 - ret -.size GFp_nistz256_point_add_affine,.-GFp_nistz256_point_add_affine -#endif -#endif // !OPENSSL_NO_ASM -.section .note.GNU-stack,"",%progbits diff --git a/pregenerated/ecp_nistz256-x86-elf.S b/pregenerated/ecp_nistz256-x86-elf.S deleted file mode 100644 index d084e56..0000000 --- a/pregenerated/ecp_nistz256-x86-elf.S +++ /dev/null @@ -1,1128 +0,0 @@ -# This file is generated from a similarly-named Perl script in the BoringSSL -# source tree. Do not edit by hand. - -#if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif -.text -.LONE_mont: -.long 1,0,0,-1,-1,-1,-2,0 -.hidden _ecp_nistz256_div_by_2 -.type _ecp_nistz256_div_by_2,@function -.align 16 -_ecp_nistz256_div_by_2: - movl (%esi),%ebp - xorl %edx,%edx - movl 4(%esi),%ebx - movl %ebp,%eax - andl $1,%ebp - movl 8(%esi),%ecx - subl %ebp,%edx - addl %edx,%eax - adcl %edx,%ebx - movl %eax,(%edi) - adcl %edx,%ecx - movl %ebx,4(%edi) - movl %ecx,8(%edi) - movl 12(%esi),%eax - movl 16(%esi),%ebx - adcl $0,%eax - movl 20(%esi),%ecx - adcl $0,%ebx - movl %eax,12(%edi) - adcl $0,%ecx - movl %ebx,16(%edi) - movl %ecx,20(%edi) - movl 24(%esi),%eax - movl 28(%esi),%ebx - adcl %ebp,%eax - adcl %edx,%ebx - movl %eax,24(%edi) - sbbl %esi,%esi - movl %ebx,28(%edi) - movl (%edi),%eax - movl 4(%edi),%ebx - movl 8(%edi),%ecx - movl 12(%edi),%edx - shrl $1,%eax - movl %ebx,%ebp - shll $31,%ebx - orl %ebx,%eax - shrl $1,%ebp - movl %ecx,%ebx - shll $31,%ecx - movl %eax,(%edi) - orl %ecx,%ebp - movl 16(%edi),%eax - shrl $1,%ebx - movl %edx,%ecx - shll $31,%edx - movl %ebp,4(%edi) - orl %edx,%ebx - movl 20(%edi),%ebp - shrl $1,%ecx - movl %eax,%edx - shll $31,%eax - movl %ebx,8(%edi) - orl %eax,%ecx - movl 24(%edi),%ebx - shrl $1,%edx - movl %ebp,%eax - shll $31,%ebp - movl %ecx,12(%edi) - orl %ebp,%edx - movl 28(%edi),%ecx - shrl $1,%eax - movl %ebx,%ebp - shll $31,%ebx - movl %edx,16(%edi) - orl %ebx,%eax - shrl $1,%ebp - movl %ecx,%ebx - shll $31,%ecx - movl %eax,20(%edi) - orl %ecx,%ebp - shrl $1,%ebx - shll $31,%esi - movl %ebp,24(%edi) - orl %esi,%ebx - movl %ebx,28(%edi) - ret -.size _ecp_nistz256_div_by_2,.-_ecp_nistz256_div_by_2 -.globl GFp_nistz256_add -.hidden GFp_nistz256_add -.type GFp_nistz256_add,@function -.align 16 -GFp_nistz256_add: -.L_GFp_nistz256_add_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%esi - movl 28(%esp),%ebp - movl 20(%esp),%edi - call _ecp_nistz256_add - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.size GFp_nistz256_add,.-.L_GFp_nistz256_add_begin -.hidden _ecp_nistz256_add -.type _ecp_nistz256_add,@function -.align 16 -_ecp_nistz256_add: - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - addl (%ebp),%eax - movl 12(%esi),%edx - adcl 4(%ebp),%ebx - movl %eax,(%edi) - adcl 8(%ebp),%ecx - movl %ebx,4(%edi) - adcl 12(%ebp),%edx - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - adcl 16(%ebp),%eax - movl 28(%esi),%edx - adcl 20(%ebp),%ebx - movl %eax,16(%edi) - adcl 24(%ebp),%ecx - movl %ebx,20(%edi) - movl $0,%esi - adcl 28(%ebp),%edx - movl %ecx,24(%edi) - adcl $0,%esi - movl %edx,28(%edi) - movl (%edi),%eax - movl 4(%edi),%ebx - movl 8(%edi),%ecx - subl $-1,%eax - movl 12(%edi),%edx - sbbl $-1,%ebx - movl 16(%edi),%eax - sbbl $-1,%ecx - movl 20(%edi),%ebx - sbbl $0,%edx - movl 24(%edi),%ecx - sbbl $0,%eax - movl 28(%edi),%edx - sbbl $0,%ebx - sbbl $1,%ecx - sbbl $-1,%edx - sbbl $0,%esi - notl %esi - movl (%edi),%eax - movl %esi,%ebp - movl 4(%edi),%ebx - shrl $31,%ebp - movl 8(%edi),%ecx - subl %esi,%eax - movl 12(%edi),%edx - sbbl %esi,%ebx - movl %eax,(%edi) - sbbl %esi,%ecx - movl %ebx,4(%edi) - sbbl $0,%edx - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%edi),%eax - movl 20(%edi),%ebx - movl 24(%edi),%ecx - sbbl $0,%eax - movl 28(%edi),%edx - sbbl $0,%ebx - movl %eax,16(%edi) - sbbl %ebp,%ecx - movl %ebx,20(%edi) - sbbl %esi,%edx - movl %ecx,24(%edi) - movl %edx,28(%edi) - ret -.size _ecp_nistz256_add,.-_ecp_nistz256_add -.hidden _ecp_nistz256_sub -.type _ecp_nistz256_sub,@function -.align 16 -_ecp_nistz256_sub: - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - subl (%ebp),%eax - movl 12(%esi),%edx - sbbl 4(%ebp),%ebx - movl %eax,(%edi) - sbbl 8(%ebp),%ecx - movl %ebx,4(%edi) - sbbl 12(%ebp),%edx - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - sbbl 16(%ebp),%eax - movl 28(%esi),%edx - sbbl 20(%ebp),%ebx - sbbl 24(%ebp),%ecx - movl %eax,16(%edi) - sbbl 28(%ebp),%edx - movl %ebx,20(%edi) - sbbl %esi,%esi - movl %ecx,24(%edi) - movl %edx,28(%edi) - movl (%edi),%eax - movl %esi,%ebp - movl 4(%edi),%ebx - shrl $31,%ebp - movl 8(%edi),%ecx - addl %esi,%eax - movl 12(%edi),%edx - adcl %esi,%ebx - movl %eax,(%edi) - adcl %esi,%ecx - movl %ebx,4(%edi) - adcl $0,%edx - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%edi),%eax - movl 20(%edi),%ebx - movl 24(%edi),%ecx - adcl $0,%eax - movl 28(%edi),%edx - adcl $0,%ebx - movl %eax,16(%edi) - adcl %ebp,%ecx - movl %ebx,20(%edi) - adcl %esi,%edx - movl %ecx,24(%edi) - movl %edx,28(%edi) - ret -.size _ecp_nistz256_sub,.-_ecp_nistz256_sub -.globl GFp_nistz256_neg -.hidden GFp_nistz256_neg -.type GFp_nistz256_neg,@function -.align 16 -GFp_nistz256_neg: -.L_GFp_nistz256_neg_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%ebp - movl 20(%esp),%edi - xorl %eax,%eax - subl $32,%esp - movl %eax,(%esp) - movl %esp,%esi - movl %eax,4(%esp) - movl %eax,8(%esp) - movl %eax,12(%esp) - movl %eax,16(%esp) - movl %eax,20(%esp) - movl %eax,24(%esp) - movl %eax,28(%esp) - call _ecp_nistz256_sub - addl $32,%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.size GFp_nistz256_neg,.-.L_GFp_nistz256_neg_begin -.hidden _picup_eax -.type _picup_eax,@function -.align 16 -_picup_eax: - movl (%esp),%eax - ret -.size _picup_eax,.-_picup_eax -.globl GFp_nistz256_mul_mont -.hidden GFp_nistz256_mul_mont -.type GFp_nistz256_mul_mont,@function -.align 16 -GFp_nistz256_mul_mont: -.L_GFp_nistz256_mul_mont_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%esi - movl 28(%esp),%ebp - call _picup_eax -.L000pic: - leal GFp_ia32cap_P-.L000pic(%eax),%eax - movl (%eax),%eax - movl 20(%esp),%edi - call _ecp_nistz256_mul_mont - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.size GFp_nistz256_mul_mont,.-.L_GFp_nistz256_mul_mont_begin -.hidden _ecp_nistz256_mul_mont -.type _ecp_nistz256_mul_mont,@function -.align 16 -_ecp_nistz256_mul_mont: - movl %esp,%edx - subl $256,%esp - movd (%ebp),%xmm7 - leal 4(%ebp),%ebp - pcmpeqd %xmm6,%xmm6 - psrlq $48,%xmm6 - pshuflw $220,%xmm7,%xmm7 - andl $-64,%esp - pshufd $220,%xmm7,%xmm7 - leal 128(%esp),%ebx - movd (%esi),%xmm0 - pshufd $204,%xmm0,%xmm0 - movd 4(%esi),%xmm1 - movdqa %xmm0,(%ebx) - pmuludq %xmm7,%xmm0 - movd 8(%esi),%xmm2 - pshufd $204,%xmm1,%xmm1 - movdqa %xmm1,16(%ebx) - pmuludq %xmm7,%xmm1 - movq %xmm0,%xmm4 - pslldq $6,%xmm4 - paddq %xmm0,%xmm4 - movdqa %xmm4,%xmm5 - psrldq $10,%xmm4 - pand %xmm6,%xmm5 - movd 12(%esi),%xmm3 - pshufd $204,%xmm2,%xmm2 - movdqa %xmm2,32(%ebx) - pmuludq %xmm7,%xmm2 - paddq %xmm4,%xmm1 - movdqa %xmm1,(%esp) - movd 16(%esi),%xmm0 - pshufd $204,%xmm3,%xmm3 - movdqa %xmm3,48(%ebx) - pmuludq %xmm7,%xmm3 - movdqa %xmm2,16(%esp) - movd 20(%esi),%xmm1 - pshufd $204,%xmm0,%xmm0 - movdqa %xmm0,64(%ebx) - pmuludq %xmm7,%xmm0 - paddq %xmm5,%xmm3 - movdqa %xmm3,32(%esp) - movd 24(%esi),%xmm2 - pshufd $204,%xmm1,%xmm1 - movdqa %xmm1,80(%ebx) - pmuludq %xmm7,%xmm1 - movdqa %xmm0,48(%esp) - pshufd $177,%xmm5,%xmm4 - movd 28(%esi),%xmm3 - pshufd $204,%xmm2,%xmm2 - movdqa %xmm2,96(%ebx) - pmuludq %xmm7,%xmm2 - movdqa %xmm1,64(%esp) - psubq %xmm5,%xmm4 - movd (%ebp),%xmm0 - pshufd $204,%xmm3,%xmm3 - movdqa %xmm3,112(%ebx) - pmuludq %xmm7,%xmm3 - pshuflw $220,%xmm0,%xmm7 - movdqa (%ebx),%xmm0 - pshufd $220,%xmm7,%xmm7 - movl $6,%ecx - leal 4(%ebp),%ebp - jmp .L001madd_sse2 -.align 16 -.L001madd_sse2: - paddq %xmm5,%xmm2 - paddq %xmm4,%xmm3 - movdqa 16(%ebx),%xmm1 - pmuludq %xmm7,%xmm0 - movdqa %xmm2,80(%esp) - movdqa 32(%ebx),%xmm2 - pmuludq %xmm7,%xmm1 - movdqa %xmm3,96(%esp) - paddq (%esp),%xmm0 - movdqa 48(%ebx),%xmm3 - pmuludq %xmm7,%xmm2 - movq %xmm0,%xmm4 - pslldq $6,%xmm4 - paddq 16(%esp),%xmm1 - paddq %xmm0,%xmm4 - movdqa %xmm4,%xmm5 - psrldq $10,%xmm4 - movdqa 64(%ebx),%xmm0 - pmuludq %xmm7,%xmm3 - paddq %xmm4,%xmm1 - paddq 32(%esp),%xmm2 - movdqa %xmm1,(%esp) - movdqa 80(%ebx),%xmm1 - pmuludq %xmm7,%xmm0 - paddq 48(%esp),%xmm3 - movdqa %xmm2,16(%esp) - pand %xmm6,%xmm5 - movdqa 96(%ebx),%xmm2 - pmuludq %xmm7,%xmm1 - paddq %xmm5,%xmm3 - paddq 64(%esp),%xmm0 - movdqa %xmm3,32(%esp) - pshufd $177,%xmm5,%xmm4 - movdqa %xmm7,%xmm3 - pmuludq %xmm7,%xmm2 - movd (%ebp),%xmm7 - leal 4(%ebp),%ebp - paddq 80(%esp),%xmm1 - psubq %xmm5,%xmm4 - movdqa %xmm0,48(%esp) - pshuflw $220,%xmm7,%xmm7 - pmuludq 112(%ebx),%xmm3 - pshufd $220,%xmm7,%xmm7 - movdqa (%ebx),%xmm0 - movdqa %xmm1,64(%esp) - paddq 96(%esp),%xmm2 - decl %ecx - jnz .L001madd_sse2 - paddq %xmm5,%xmm2 - paddq %xmm4,%xmm3 - movdqa 16(%ebx),%xmm1 - pmuludq %xmm7,%xmm0 - movdqa %xmm2,80(%esp) - movdqa 32(%ebx),%xmm2 - pmuludq %xmm7,%xmm1 - movdqa %xmm3,96(%esp) - paddq (%esp),%xmm0 - movdqa 48(%ebx),%xmm3 - pmuludq %xmm7,%xmm2 - movq %xmm0,%xmm4 - pslldq $6,%xmm4 - paddq 16(%esp),%xmm1 - paddq %xmm0,%xmm4 - movdqa %xmm4,%xmm5 - psrldq $10,%xmm4 - movdqa 64(%ebx),%xmm0 - pmuludq %xmm7,%xmm3 - paddq %xmm4,%xmm1 - paddq 32(%esp),%xmm2 - movdqa %xmm1,(%esp) - movdqa 80(%ebx),%xmm1 - pmuludq %xmm7,%xmm0 - paddq 48(%esp),%xmm3 - movdqa %xmm2,16(%esp) - pand %xmm6,%xmm5 - movdqa 96(%ebx),%xmm2 - pmuludq %xmm7,%xmm1 - paddq %xmm5,%xmm3 - paddq 64(%esp),%xmm0 - movdqa %xmm3,32(%esp) - pshufd $177,%xmm5,%xmm4 - movdqa 112(%ebx),%xmm3 - pmuludq %xmm7,%xmm2 - paddq 80(%esp),%xmm1 - psubq %xmm5,%xmm4 - movdqa %xmm0,48(%esp) - pmuludq %xmm7,%xmm3 - pcmpeqd %xmm7,%xmm7 - movdqa (%esp),%xmm0 - pslldq $8,%xmm7 - movdqa %xmm1,64(%esp) - paddq 96(%esp),%xmm2 - paddq %xmm5,%xmm2 - paddq %xmm4,%xmm3 - movdqa %xmm2,80(%esp) - movdqa %xmm3,96(%esp) - movdqa 16(%esp),%xmm1 - movdqa 32(%esp),%xmm2 - movdqa 48(%esp),%xmm3 - movq %xmm0,%xmm4 - pand %xmm7,%xmm0 - xorl %ebp,%ebp - pslldq $6,%xmm4 - movq %xmm1,%xmm5 - paddq %xmm4,%xmm0 - pand %xmm7,%xmm1 - psrldq $6,%xmm0 - movd %xmm0,%eax - psrldq $4,%xmm0 - paddq %xmm0,%xmm5 - movdqa 64(%esp),%xmm0 - subl $-1,%eax - pslldq $6,%xmm5 - movq %xmm2,%xmm4 - paddq %xmm5,%xmm1 - pand %xmm7,%xmm2 - psrldq $6,%xmm1 - movl %eax,(%edi) - movd %xmm1,%eax - psrldq $4,%xmm1 - paddq %xmm1,%xmm4 - movdqa 80(%esp),%xmm1 - sbbl $-1,%eax - pslldq $6,%xmm4 - movq %xmm3,%xmm5 - paddq %xmm4,%xmm2 - pand %xmm7,%xmm3 - psrldq $6,%xmm2 - movl %eax,4(%edi) - movd %xmm2,%eax - psrldq $4,%xmm2 - paddq %xmm2,%xmm5 - movdqa 96(%esp),%xmm2 - sbbl $-1,%eax - pslldq $6,%xmm5 - movq %xmm0,%xmm4 - paddq %xmm5,%xmm3 - pand %xmm7,%xmm0 - psrldq $6,%xmm3 - movl %eax,8(%edi) - movd %xmm3,%eax - psrldq $4,%xmm3 - paddq %xmm3,%xmm4 - sbbl $0,%eax - pslldq $6,%xmm4 - movq %xmm1,%xmm5 - paddq %xmm4,%xmm0 - pand %xmm7,%xmm1 - psrldq $6,%xmm0 - movl %eax,12(%edi) - movd %xmm0,%eax - psrldq $4,%xmm0 - paddq %xmm0,%xmm5 - sbbl $0,%eax - pslldq $6,%xmm5 - movq %xmm2,%xmm4 - paddq %xmm5,%xmm1 - pand %xmm7,%xmm2 - psrldq $6,%xmm1 - movd %xmm1,%ebx - psrldq $4,%xmm1 - movl %edx,%esp - paddq %xmm1,%xmm4 - pslldq $6,%xmm4 - paddq %xmm4,%xmm2 - psrldq $6,%xmm2 - movd %xmm2,%ecx - psrldq $4,%xmm2 - sbbl $0,%ebx - movd %xmm2,%edx - pextrw $2,%xmm2,%esi - sbbl $1,%ecx - sbbl $-1,%edx - sbbl $0,%esi - subl %esi,%ebp - addl %esi,(%edi) - adcl %esi,4(%edi) - adcl %esi,8(%edi) - adcl $0,12(%edi) - adcl $0,%eax - adcl $0,%ebx - movl %eax,16(%edi) - adcl %ebp,%ecx - movl %ebx,20(%edi) - adcl %esi,%edx - movl %ecx,24(%edi) - movl %edx,28(%edi) - ret -.size _ecp_nistz256_mul_mont,.-_ecp_nistz256_mul_mont -.globl GFp_nistz256_point_double -.hidden GFp_nistz256_point_double -.type GFp_nistz256_point_double,@function -.align 16 -GFp_nistz256_point_double: -.L_GFp_nistz256_point_double_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%esi - subl $164,%esp - call _picup_eax -.L002pic: - leal GFp_ia32cap_P-.L002pic(%eax),%edx - movl (%edx),%ebp -.Lpoint_double_shortcut: - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edx - movl %eax,96(%esp) - movl %ebx,100(%esp) - movl %ecx,104(%esp) - movl %edx,108(%esp) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edx - movl %eax,112(%esp) - movl %ebx,116(%esp) - movl %ecx,120(%esp) - movl %edx,124(%esp) - movl %ebp,160(%esp) - leal 32(%esi),%ebp - leal 32(%esi),%esi - leal (%esp),%edi - call _ecp_nistz256_add - movl 160(%esp),%eax - movl $64,%esi - addl 188(%esp),%esi - leal 64(%esp),%edi - movl %esi,%ebp - call _ecp_nistz256_mul_mont - movl 160(%esp),%eax - leal (%esp),%esi - leal (%esp),%ebp - leal (%esp),%edi - call _ecp_nistz256_mul_mont - movl 160(%esp),%eax - movl 188(%esp),%ebp - leal 32(%ebp),%esi - leal 64(%ebp),%ebp - leal 128(%esp),%edi - call _ecp_nistz256_mul_mont - leal 96(%esp),%esi - leal 64(%esp),%ebp - leal 32(%esp),%edi - call _ecp_nistz256_add - movl $64,%edi - leal 128(%esp),%esi - leal 128(%esp),%ebp - addl 184(%esp),%edi - call _ecp_nistz256_add - leal 96(%esp),%esi - leal 64(%esp),%ebp - leal 64(%esp),%edi - call _ecp_nistz256_sub - movl 160(%esp),%eax - leal (%esp),%esi - leal (%esp),%ebp - leal 128(%esp),%edi - call _ecp_nistz256_mul_mont - movl 160(%esp),%eax - leal 32(%esp),%esi - leal 64(%esp),%ebp - leal 32(%esp),%edi - call _ecp_nistz256_mul_mont - movl $32,%edi - leal 128(%esp),%esi - addl 184(%esp),%edi - call _ecp_nistz256_div_by_2 - leal 32(%esp),%esi - leal 32(%esp),%ebp - leal 128(%esp),%edi - call _ecp_nistz256_add - movl 160(%esp),%eax - leal 96(%esp),%esi - leal (%esp),%ebp - leal (%esp),%edi - call _ecp_nistz256_mul_mont - leal 128(%esp),%esi - leal 32(%esp),%ebp - leal 32(%esp),%edi - call _ecp_nistz256_add - leal (%esp),%esi - leal (%esp),%ebp - leal 128(%esp),%edi - call _ecp_nistz256_add - movl 160(%esp),%eax - leal 32(%esp),%esi - leal 32(%esp),%ebp - movl 184(%esp),%edi - call _ecp_nistz256_mul_mont - movl %edi,%esi - leal 128(%esp),%ebp - call _ecp_nistz256_sub - leal (%esp),%esi - movl %edi,%ebp - leal (%esp),%edi - call _ecp_nistz256_sub - movl 160(%esp),%eax - movl %edi,%esi - leal 32(%esp),%ebp - call _ecp_nistz256_mul_mont - movl $32,%ebp - leal (%esp),%esi - addl 184(%esp),%ebp - movl %ebp,%edi - call _ecp_nistz256_sub - addl $164,%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.size GFp_nistz256_point_double,.-.L_GFp_nistz256_point_double_begin -.globl GFp_nistz256_point_add_affine -.hidden GFp_nistz256_point_add_affine -.type GFp_nistz256_point_add_affine,@function -.align 16 -GFp_nistz256_point_add_affine: -.L_GFp_nistz256_point_add_affine_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%esi - subl $492,%esp - call _picup_eax -.L003pic: - leal GFp_ia32cap_P-.L003pic(%eax),%edx - movl (%edx),%ebp - leal 96(%esp),%edi - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edx - movl %eax,(%edi) - movl %ebp,488(%esp) - movl %ebx,4(%edi) - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edx - movl %eax,16(%edi) - movl %ebx,20(%edi) - movl %ecx,24(%edi) - movl %edx,28(%edi) - movl 32(%esi),%eax - movl 36(%esi),%ebx - movl 40(%esi),%ecx - movl 44(%esi),%edx - movl %eax,32(%edi) - movl %ebx,36(%edi) - movl %ecx,40(%edi) - movl %edx,44(%edi) - movl 48(%esi),%eax - movl 52(%esi),%ebx - movl 56(%esi),%ecx - movl 60(%esi),%edx - movl %eax,48(%edi) - movl %ebx,52(%edi) - movl %ecx,56(%edi) - movl %edx,60(%edi) - movl 64(%esi),%eax - movl 68(%esi),%ebx - movl 72(%esi),%ecx - movl 76(%esi),%edx - movl %eax,64(%edi) - movl %eax,%ebp - movl %ebx,68(%edi) - orl %ebx,%ebp - movl %ecx,72(%edi) - orl %ecx,%ebp - movl %edx,76(%edi) - orl %edx,%ebp - movl 80(%esi),%eax - movl 84(%esi),%ebx - movl 88(%esi),%ecx - movl 92(%esi),%edx - movl %eax,80(%edi) - orl %eax,%ebp - movl %ebx,84(%edi) - orl %ebx,%ebp - movl %ecx,88(%edi) - orl %ecx,%ebp - movl %edx,92(%edi) - orl %edx,%ebp - xorl %eax,%eax - movl 520(%esp),%esi - subl %ebp,%eax - orl %eax,%ebp - sarl $31,%ebp - movl %ebp,480(%esp) - leal 192(%esp),%edi - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edx - movl %eax,(%edi) - movl %eax,%ebp - movl %ebx,4(%edi) - orl %ebx,%ebp - movl %ecx,8(%edi) - orl %ecx,%ebp - movl %edx,12(%edi) - orl %edx,%ebp - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edx - movl %eax,16(%edi) - orl %eax,%ebp - movl %ebx,20(%edi) - orl %ebx,%ebp - movl %ecx,24(%edi) - orl %ecx,%ebp - movl %edx,28(%edi) - orl %edx,%ebp - movl 32(%esi),%eax - movl 36(%esi),%ebx - movl 40(%esi),%ecx - movl 44(%esi),%edx - movl %eax,32(%edi) - orl %eax,%ebp - movl %ebx,36(%edi) - orl %ebx,%ebp - movl %ecx,40(%edi) - orl %ecx,%ebp - movl %edx,44(%edi) - orl %edx,%ebp - movl 48(%esi),%eax - movl 52(%esi),%ebx - movl 56(%esi),%ecx - movl 60(%esi),%edx - movl %eax,48(%edi) - orl %eax,%ebp - movl %ebx,52(%edi) - orl %ebx,%ebp - movl %ecx,56(%edi) - orl %ecx,%ebp - movl %edx,60(%edi) - orl %edx,%ebp - xorl %ebx,%ebx - movl 488(%esp),%eax - subl %ebp,%ebx - leal 160(%esp),%esi - orl %ebp,%ebx - leal 160(%esp),%ebp - sarl $31,%ebx - leal 288(%esp),%edi - movl %ebx,484(%esp) - call _ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 192(%esp),%esi - movl %edi,%ebp - leal 256(%esp),%edi - call _ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 160(%esp),%esi - leal 288(%esp),%ebp - leal 288(%esp),%edi - call _ecp_nistz256_mul_mont - leal 256(%esp),%esi - leal 96(%esp),%ebp - leal 320(%esp),%edi - call _ecp_nistz256_sub - movl 488(%esp),%eax - leal 224(%esp),%esi - leal 288(%esp),%ebp - leal 288(%esp),%edi - call _ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 160(%esp),%esi - leal 320(%esp),%ebp - leal 64(%esp),%edi - call _ecp_nistz256_mul_mont - leal 288(%esp),%esi - leal 128(%esp),%ebp - leal 352(%esp),%edi - call _ecp_nistz256_sub - movl 488(%esp),%eax - leal 320(%esp),%esi - leal 320(%esp),%ebp - leal 384(%esp),%edi - call _ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 352(%esp),%esi - leal 352(%esp),%ebp - leal 448(%esp),%edi - call _ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 96(%esp),%esi - leal 384(%esp),%ebp - leal 256(%esp),%edi - call _ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 320(%esp),%esi - leal 384(%esp),%ebp - leal 416(%esp),%edi - call _ecp_nistz256_mul_mont - leal 256(%esp),%esi - leal 256(%esp),%ebp - leal 384(%esp),%edi - call _ecp_nistz256_add - leal 448(%esp),%esi - leal 384(%esp),%ebp - leal (%esp),%edi - call _ecp_nistz256_sub - leal (%esp),%esi - leal 416(%esp),%ebp - leal (%esp),%edi - call _ecp_nistz256_sub - leal 256(%esp),%esi - leal (%esp),%ebp - leal 32(%esp),%edi - call _ecp_nistz256_sub - movl 488(%esp),%eax - leal 416(%esp),%esi - leal 128(%esp),%ebp - leal 288(%esp),%edi - call _ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 352(%esp),%esi - leal 32(%esp),%ebp - leal 32(%esp),%edi - call _ecp_nistz256_mul_mont - leal 32(%esp),%esi - leal 288(%esp),%ebp - leal 32(%esp),%edi - call _ecp_nistz256_sub - movl 480(%esp),%ebp - movl 484(%esp),%esi - movl 512(%esp),%edi - movl %ebp,%edx - notl %ebp - andl %esi,%edx - andl %esi,%ebp - notl %esi - movl %edx,%eax - andl 64(%esp),%eax - movl %ebp,%ebx - andl $1,%ebx - movl %esi,%ecx - andl 160(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,64(%edi) - movl %edx,%eax - andl 68(%esp),%eax - movl %esi,%ecx - andl 164(%esp),%ecx - orl %ecx,%eax - movl %eax,68(%edi) - movl %edx,%eax - andl 72(%esp),%eax - movl %esi,%ecx - andl 168(%esp),%ecx - orl %ecx,%eax - movl %eax,72(%edi) - movl %edx,%eax - andl 76(%esp),%eax - movl %esi,%ecx - andl 172(%esp),%ecx - orl %ebp,%eax - orl %ecx,%eax - movl %eax,76(%edi) - movl %edx,%eax - andl 80(%esp),%eax - movl %esi,%ecx - andl 176(%esp),%ecx - orl %ebp,%eax - orl %ecx,%eax - movl %eax,80(%edi) - movl %edx,%eax - andl 84(%esp),%eax - movl %esi,%ecx - andl 180(%esp),%ecx - orl %ebp,%eax - orl %ecx,%eax - movl %eax,84(%edi) - movl %edx,%eax - andl 88(%esp),%eax - movl %ebp,%ebx - andl $-2,%ebx - movl %esi,%ecx - andl 184(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,88(%edi) - movl %edx,%eax - andl 92(%esp),%eax - movl %esi,%ecx - andl 188(%esp),%ecx - orl %ecx,%eax - movl %eax,92(%edi) - movl %edx,%eax - andl (%esp),%eax - movl %ebp,%ebx - andl 192(%esp),%ebx - movl %esi,%ecx - andl 96(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,(%edi) - movl %edx,%eax - andl 4(%esp),%eax - movl %ebp,%ebx - andl 196(%esp),%ebx - movl %esi,%ecx - andl 100(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,4(%edi) - movl %edx,%eax - andl 8(%esp),%eax - movl %ebp,%ebx - andl 200(%esp),%ebx - movl %esi,%ecx - andl 104(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,8(%edi) - movl %edx,%eax - andl 12(%esp),%eax - movl %ebp,%ebx - andl 204(%esp),%ebx - movl %esi,%ecx - andl 108(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,12(%edi) - movl %edx,%eax - andl 16(%esp),%eax - movl %ebp,%ebx - andl 208(%esp),%ebx - movl %esi,%ecx - andl 112(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,16(%edi) - movl %edx,%eax - andl 20(%esp),%eax - movl %ebp,%ebx - andl 212(%esp),%ebx - movl %esi,%ecx - andl 116(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,20(%edi) - movl %edx,%eax - andl 24(%esp),%eax - movl %ebp,%ebx - andl 216(%esp),%ebx - movl %esi,%ecx - andl 120(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,24(%edi) - movl %edx,%eax - andl 28(%esp),%eax - movl %ebp,%ebx - andl 220(%esp),%ebx - movl %esi,%ecx - andl 124(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,28(%edi) - movl %edx,%eax - andl 32(%esp),%eax - movl %ebp,%ebx - andl 224(%esp),%ebx - movl %esi,%ecx - andl 128(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,32(%edi) - movl %edx,%eax - andl 36(%esp),%eax - movl %ebp,%ebx - andl 228(%esp),%ebx - movl %esi,%ecx - andl 132(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,36(%edi) - movl %edx,%eax - andl 40(%esp),%eax - movl %ebp,%ebx - andl 232(%esp),%ebx - movl %esi,%ecx - andl 136(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,40(%edi) - movl %edx,%eax - andl 44(%esp),%eax - movl %ebp,%ebx - andl 236(%esp),%ebx - movl %esi,%ecx - andl 140(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,44(%edi) - movl %edx,%eax - andl 48(%esp),%eax - movl %ebp,%ebx - andl 240(%esp),%ebx - movl %esi,%ecx - andl 144(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,48(%edi) - movl %edx,%eax - andl 52(%esp),%eax - movl %ebp,%ebx - andl 244(%esp),%ebx - movl %esi,%ecx - andl 148(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,52(%edi) - movl %edx,%eax - andl 56(%esp),%eax - movl %ebp,%ebx - andl 248(%esp),%ebx - movl %esi,%ecx - andl 152(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,56(%edi) - movl %edx,%eax - andl 60(%esp),%eax - movl %ebp,%ebx - andl 252(%esp),%ebx - movl %esi,%ecx - andl 156(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,60(%edi) - addl $492,%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.size GFp_nistz256_point_add_affine,.-.L_GFp_nistz256_point_add_affine_begin -#endif -.section .note.GNU-stack,"",@progbits diff --git a/pregenerated/ecp_nistz256-x86-macosx.S b/pregenerated/ecp_nistz256-x86-macosx.S deleted file mode 100644 index 90daf41..0000000 --- a/pregenerated/ecp_nistz256-x86-macosx.S +++ /dev/null @@ -1,1111 +0,0 @@ -# This file is generated from a similarly-named Perl script in the BoringSSL -# source tree. Do not edit by hand. - -#if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif -.text -LONE_mont: -.long 1,0,0,-1,-1,-1,-2,0 -.private_extern __ecp_nistz256_div_by_2 -.align 4 -__ecp_nistz256_div_by_2: - movl (%esi),%ebp - xorl %edx,%edx - movl 4(%esi),%ebx - movl %ebp,%eax - andl $1,%ebp - movl 8(%esi),%ecx - subl %ebp,%edx - addl %edx,%eax - adcl %edx,%ebx - movl %eax,(%edi) - adcl %edx,%ecx - movl %ebx,4(%edi) - movl %ecx,8(%edi) - movl 12(%esi),%eax - movl 16(%esi),%ebx - adcl $0,%eax - movl 20(%esi),%ecx - adcl $0,%ebx - movl %eax,12(%edi) - adcl $0,%ecx - movl %ebx,16(%edi) - movl %ecx,20(%edi) - movl 24(%esi),%eax - movl 28(%esi),%ebx - adcl %ebp,%eax - adcl %edx,%ebx - movl %eax,24(%edi) - sbbl %esi,%esi - movl %ebx,28(%edi) - movl (%edi),%eax - movl 4(%edi),%ebx - movl 8(%edi),%ecx - movl 12(%edi),%edx - shrl $1,%eax - movl %ebx,%ebp - shll $31,%ebx - orl %ebx,%eax - shrl $1,%ebp - movl %ecx,%ebx - shll $31,%ecx - movl %eax,(%edi) - orl %ecx,%ebp - movl 16(%edi),%eax - shrl $1,%ebx - movl %edx,%ecx - shll $31,%edx - movl %ebp,4(%edi) - orl %edx,%ebx - movl 20(%edi),%ebp - shrl $1,%ecx - movl %eax,%edx - shll $31,%eax - movl %ebx,8(%edi) - orl %eax,%ecx - movl 24(%edi),%ebx - shrl $1,%edx - movl %ebp,%eax - shll $31,%ebp - movl %ecx,12(%edi) - orl %ebp,%edx - movl 28(%edi),%ecx - shrl $1,%eax - movl %ebx,%ebp - shll $31,%ebx - movl %edx,16(%edi) - orl %ebx,%eax - shrl $1,%ebp - movl %ecx,%ebx - shll $31,%ecx - movl %eax,20(%edi) - orl %ecx,%ebp - shrl $1,%ebx - shll $31,%esi - movl %ebp,24(%edi) - orl %esi,%ebx - movl %ebx,28(%edi) - ret -.globl _GFp_nistz256_add -.private_extern _GFp_nistz256_add -.align 4 -_GFp_nistz256_add: -L_GFp_nistz256_add_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%esi - movl 28(%esp),%ebp - movl 20(%esp),%edi - call __ecp_nistz256_add - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.private_extern __ecp_nistz256_add -.align 4 -__ecp_nistz256_add: - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - addl (%ebp),%eax - movl 12(%esi),%edx - adcl 4(%ebp),%ebx - movl %eax,(%edi) - adcl 8(%ebp),%ecx - movl %ebx,4(%edi) - adcl 12(%ebp),%edx - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - adcl 16(%ebp),%eax - movl 28(%esi),%edx - adcl 20(%ebp),%ebx - movl %eax,16(%edi) - adcl 24(%ebp),%ecx - movl %ebx,20(%edi) - movl $0,%esi - adcl 28(%ebp),%edx - movl %ecx,24(%edi) - adcl $0,%esi - movl %edx,28(%edi) - movl (%edi),%eax - movl 4(%edi),%ebx - movl 8(%edi),%ecx - subl $-1,%eax - movl 12(%edi),%edx - sbbl $-1,%ebx - movl 16(%edi),%eax - sbbl $-1,%ecx - movl 20(%edi),%ebx - sbbl $0,%edx - movl 24(%edi),%ecx - sbbl $0,%eax - movl 28(%edi),%edx - sbbl $0,%ebx - sbbl $1,%ecx - sbbl $-1,%edx - sbbl $0,%esi - notl %esi - movl (%edi),%eax - movl %esi,%ebp - movl 4(%edi),%ebx - shrl $31,%ebp - movl 8(%edi),%ecx - subl %esi,%eax - movl 12(%edi),%edx - sbbl %esi,%ebx - movl %eax,(%edi) - sbbl %esi,%ecx - movl %ebx,4(%edi) - sbbl $0,%edx - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%edi),%eax - movl 20(%edi),%ebx - movl 24(%edi),%ecx - sbbl $0,%eax - movl 28(%edi),%edx - sbbl $0,%ebx - movl %eax,16(%edi) - sbbl %ebp,%ecx - movl %ebx,20(%edi) - sbbl %esi,%edx - movl %ecx,24(%edi) - movl %edx,28(%edi) - ret -.private_extern __ecp_nistz256_sub -.align 4 -__ecp_nistz256_sub: - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - subl (%ebp),%eax - movl 12(%esi),%edx - sbbl 4(%ebp),%ebx - movl %eax,(%edi) - sbbl 8(%ebp),%ecx - movl %ebx,4(%edi) - sbbl 12(%ebp),%edx - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - sbbl 16(%ebp),%eax - movl 28(%esi),%edx - sbbl 20(%ebp),%ebx - sbbl 24(%ebp),%ecx - movl %eax,16(%edi) - sbbl 28(%ebp),%edx - movl %ebx,20(%edi) - sbbl %esi,%esi - movl %ecx,24(%edi) - movl %edx,28(%edi) - movl (%edi),%eax - movl %esi,%ebp - movl 4(%edi),%ebx - shrl $31,%ebp - movl 8(%edi),%ecx - addl %esi,%eax - movl 12(%edi),%edx - adcl %esi,%ebx - movl %eax,(%edi) - adcl %esi,%ecx - movl %ebx,4(%edi) - adcl $0,%edx - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%edi),%eax - movl 20(%edi),%ebx - movl 24(%edi),%ecx - adcl $0,%eax - movl 28(%edi),%edx - adcl $0,%ebx - movl %eax,16(%edi) - adcl %ebp,%ecx - movl %ebx,20(%edi) - adcl %esi,%edx - movl %ecx,24(%edi) - movl %edx,28(%edi) - ret -.globl _GFp_nistz256_neg -.private_extern _GFp_nistz256_neg -.align 4 -_GFp_nistz256_neg: -L_GFp_nistz256_neg_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%ebp - movl 20(%esp),%edi - xorl %eax,%eax - subl $32,%esp - movl %eax,(%esp) - movl %esp,%esi - movl %eax,4(%esp) - movl %eax,8(%esp) - movl %eax,12(%esp) - movl %eax,16(%esp) - movl %eax,20(%esp) - movl %eax,24(%esp) - movl %eax,28(%esp) - call __ecp_nistz256_sub - addl $32,%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.private_extern __picup_eax -.align 4 -__picup_eax: - movl (%esp),%eax - ret -.globl _GFp_nistz256_mul_mont -.private_extern _GFp_nistz256_mul_mont -.align 4 -_GFp_nistz256_mul_mont: -L_GFp_nistz256_mul_mont_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%esi - movl 28(%esp),%ebp - call __picup_eax -L000pic: - movl L_GFp_ia32cap_P$non_lazy_ptr-L000pic(%eax),%eax - movl (%eax),%eax - movl 20(%esp),%edi - call __ecp_nistz256_mul_mont - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.private_extern __ecp_nistz256_mul_mont -.align 4 -__ecp_nistz256_mul_mont: - movl %esp,%edx - subl $256,%esp - movd (%ebp),%xmm7 - leal 4(%ebp),%ebp - pcmpeqd %xmm6,%xmm6 - psrlq $48,%xmm6 - pshuflw $220,%xmm7,%xmm7 - andl $-64,%esp - pshufd $220,%xmm7,%xmm7 - leal 128(%esp),%ebx - movd (%esi),%xmm0 - pshufd $204,%xmm0,%xmm0 - movd 4(%esi),%xmm1 - movdqa %xmm0,(%ebx) - pmuludq %xmm7,%xmm0 - movd 8(%esi),%xmm2 - pshufd $204,%xmm1,%xmm1 - movdqa %xmm1,16(%ebx) - pmuludq %xmm7,%xmm1 - movq %xmm0,%xmm4 - pslldq $6,%xmm4 - paddq %xmm0,%xmm4 - movdqa %xmm4,%xmm5 - psrldq $10,%xmm4 - pand %xmm6,%xmm5 - movd 12(%esi),%xmm3 - pshufd $204,%xmm2,%xmm2 - movdqa %xmm2,32(%ebx) - pmuludq %xmm7,%xmm2 - paddq %xmm4,%xmm1 - movdqa %xmm1,(%esp) - movd 16(%esi),%xmm0 - pshufd $204,%xmm3,%xmm3 - movdqa %xmm3,48(%ebx) - pmuludq %xmm7,%xmm3 - movdqa %xmm2,16(%esp) - movd 20(%esi),%xmm1 - pshufd $204,%xmm0,%xmm0 - movdqa %xmm0,64(%ebx) - pmuludq %xmm7,%xmm0 - paddq %xmm5,%xmm3 - movdqa %xmm3,32(%esp) - movd 24(%esi),%xmm2 - pshufd $204,%xmm1,%xmm1 - movdqa %xmm1,80(%ebx) - pmuludq %xmm7,%xmm1 - movdqa %xmm0,48(%esp) - pshufd $177,%xmm5,%xmm4 - movd 28(%esi),%xmm3 - pshufd $204,%xmm2,%xmm2 - movdqa %xmm2,96(%ebx) - pmuludq %xmm7,%xmm2 - movdqa %xmm1,64(%esp) - psubq %xmm5,%xmm4 - movd (%ebp),%xmm0 - pshufd $204,%xmm3,%xmm3 - movdqa %xmm3,112(%ebx) - pmuludq %xmm7,%xmm3 - pshuflw $220,%xmm0,%xmm7 - movdqa (%ebx),%xmm0 - pshufd $220,%xmm7,%xmm7 - movl $6,%ecx - leal 4(%ebp),%ebp - jmp L001madd_sse2 -.align 4,0x90 -L001madd_sse2: - paddq %xmm5,%xmm2 - paddq %xmm4,%xmm3 - movdqa 16(%ebx),%xmm1 - pmuludq %xmm7,%xmm0 - movdqa %xmm2,80(%esp) - movdqa 32(%ebx),%xmm2 - pmuludq %xmm7,%xmm1 - movdqa %xmm3,96(%esp) - paddq (%esp),%xmm0 - movdqa 48(%ebx),%xmm3 - pmuludq %xmm7,%xmm2 - movq %xmm0,%xmm4 - pslldq $6,%xmm4 - paddq 16(%esp),%xmm1 - paddq %xmm0,%xmm4 - movdqa %xmm4,%xmm5 - psrldq $10,%xmm4 - movdqa 64(%ebx),%xmm0 - pmuludq %xmm7,%xmm3 - paddq %xmm4,%xmm1 - paddq 32(%esp),%xmm2 - movdqa %xmm1,(%esp) - movdqa 80(%ebx),%xmm1 - pmuludq %xmm7,%xmm0 - paddq 48(%esp),%xmm3 - movdqa %xmm2,16(%esp) - pand %xmm6,%xmm5 - movdqa 96(%ebx),%xmm2 - pmuludq %xmm7,%xmm1 - paddq %xmm5,%xmm3 - paddq 64(%esp),%xmm0 - movdqa %xmm3,32(%esp) - pshufd $177,%xmm5,%xmm4 - movdqa %xmm7,%xmm3 - pmuludq %xmm7,%xmm2 - movd (%ebp),%xmm7 - leal 4(%ebp),%ebp - paddq 80(%esp),%xmm1 - psubq %xmm5,%xmm4 - movdqa %xmm0,48(%esp) - pshuflw $220,%xmm7,%xmm7 - pmuludq 112(%ebx),%xmm3 - pshufd $220,%xmm7,%xmm7 - movdqa (%ebx),%xmm0 - movdqa %xmm1,64(%esp) - paddq 96(%esp),%xmm2 - decl %ecx - jnz L001madd_sse2 - paddq %xmm5,%xmm2 - paddq %xmm4,%xmm3 - movdqa 16(%ebx),%xmm1 - pmuludq %xmm7,%xmm0 - movdqa %xmm2,80(%esp) - movdqa 32(%ebx),%xmm2 - pmuludq %xmm7,%xmm1 - movdqa %xmm3,96(%esp) - paddq (%esp),%xmm0 - movdqa 48(%ebx),%xmm3 - pmuludq %xmm7,%xmm2 - movq %xmm0,%xmm4 - pslldq $6,%xmm4 - paddq 16(%esp),%xmm1 - paddq %xmm0,%xmm4 - movdqa %xmm4,%xmm5 - psrldq $10,%xmm4 - movdqa 64(%ebx),%xmm0 - pmuludq %xmm7,%xmm3 - paddq %xmm4,%xmm1 - paddq 32(%esp),%xmm2 - movdqa %xmm1,(%esp) - movdqa 80(%ebx),%xmm1 - pmuludq %xmm7,%xmm0 - paddq 48(%esp),%xmm3 - movdqa %xmm2,16(%esp) - pand %xmm6,%xmm5 - movdqa 96(%ebx),%xmm2 - pmuludq %xmm7,%xmm1 - paddq %xmm5,%xmm3 - paddq 64(%esp),%xmm0 - movdqa %xmm3,32(%esp) - pshufd $177,%xmm5,%xmm4 - movdqa 112(%ebx),%xmm3 - pmuludq %xmm7,%xmm2 - paddq 80(%esp),%xmm1 - psubq %xmm5,%xmm4 - movdqa %xmm0,48(%esp) - pmuludq %xmm7,%xmm3 - pcmpeqd %xmm7,%xmm7 - movdqa (%esp),%xmm0 - pslldq $8,%xmm7 - movdqa %xmm1,64(%esp) - paddq 96(%esp),%xmm2 - paddq %xmm5,%xmm2 - paddq %xmm4,%xmm3 - movdqa %xmm2,80(%esp) - movdqa %xmm3,96(%esp) - movdqa 16(%esp),%xmm1 - movdqa 32(%esp),%xmm2 - movdqa 48(%esp),%xmm3 - movq %xmm0,%xmm4 - pand %xmm7,%xmm0 - xorl %ebp,%ebp - pslldq $6,%xmm4 - movq %xmm1,%xmm5 - paddq %xmm4,%xmm0 - pand %xmm7,%xmm1 - psrldq $6,%xmm0 - movd %xmm0,%eax - psrldq $4,%xmm0 - paddq %xmm0,%xmm5 - movdqa 64(%esp),%xmm0 - subl $-1,%eax - pslldq $6,%xmm5 - movq %xmm2,%xmm4 - paddq %xmm5,%xmm1 - pand %xmm7,%xmm2 - psrldq $6,%xmm1 - movl %eax,(%edi) - movd %xmm1,%eax - psrldq $4,%xmm1 - paddq %xmm1,%xmm4 - movdqa 80(%esp),%xmm1 - sbbl $-1,%eax - pslldq $6,%xmm4 - movq %xmm3,%xmm5 - paddq %xmm4,%xmm2 - pand %xmm7,%xmm3 - psrldq $6,%xmm2 - movl %eax,4(%edi) - movd %xmm2,%eax - psrldq $4,%xmm2 - paddq %xmm2,%xmm5 - movdqa 96(%esp),%xmm2 - sbbl $-1,%eax - pslldq $6,%xmm5 - movq %xmm0,%xmm4 - paddq %xmm5,%xmm3 - pand %xmm7,%xmm0 - psrldq $6,%xmm3 - movl %eax,8(%edi) - movd %xmm3,%eax - psrldq $4,%xmm3 - paddq %xmm3,%xmm4 - sbbl $0,%eax - pslldq $6,%xmm4 - movq %xmm1,%xmm5 - paddq %xmm4,%xmm0 - pand %xmm7,%xmm1 - psrldq $6,%xmm0 - movl %eax,12(%edi) - movd %xmm0,%eax - psrldq $4,%xmm0 - paddq %xmm0,%xmm5 - sbbl $0,%eax - pslldq $6,%xmm5 - movq %xmm2,%xmm4 - paddq %xmm5,%xmm1 - pand %xmm7,%xmm2 - psrldq $6,%xmm1 - movd %xmm1,%ebx - psrldq $4,%xmm1 - movl %edx,%esp - paddq %xmm1,%xmm4 - pslldq $6,%xmm4 - paddq %xmm4,%xmm2 - psrldq $6,%xmm2 - movd %xmm2,%ecx - psrldq $4,%xmm2 - sbbl $0,%ebx - movd %xmm2,%edx - pextrw $2,%xmm2,%esi - sbbl $1,%ecx - sbbl $-1,%edx - sbbl $0,%esi - subl %esi,%ebp - addl %esi,(%edi) - adcl %esi,4(%edi) - adcl %esi,8(%edi) - adcl $0,12(%edi) - adcl $0,%eax - adcl $0,%ebx - movl %eax,16(%edi) - adcl %ebp,%ecx - movl %ebx,20(%edi) - adcl %esi,%edx - movl %ecx,24(%edi) - movl %edx,28(%edi) - ret -.globl _GFp_nistz256_point_double -.private_extern _GFp_nistz256_point_double -.align 4 -_GFp_nistz256_point_double: -L_GFp_nistz256_point_double_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%esi - subl $164,%esp - call __picup_eax -L002pic: - movl L_GFp_ia32cap_P$non_lazy_ptr-L002pic(%eax),%edx - movl (%edx),%ebp -Lpoint_double_shortcut: - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edx - movl %eax,96(%esp) - movl %ebx,100(%esp) - movl %ecx,104(%esp) - movl %edx,108(%esp) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edx - movl %eax,112(%esp) - movl %ebx,116(%esp) - movl %ecx,120(%esp) - movl %edx,124(%esp) - movl %ebp,160(%esp) - leal 32(%esi),%ebp - leal 32(%esi),%esi - leal (%esp),%edi - call __ecp_nistz256_add - movl 160(%esp),%eax - movl $64,%esi - addl 188(%esp),%esi - leal 64(%esp),%edi - movl %esi,%ebp - call __ecp_nistz256_mul_mont - movl 160(%esp),%eax - leal (%esp),%esi - leal (%esp),%ebp - leal (%esp),%edi - call __ecp_nistz256_mul_mont - movl 160(%esp),%eax - movl 188(%esp),%ebp - leal 32(%ebp),%esi - leal 64(%ebp),%ebp - leal 128(%esp),%edi - call __ecp_nistz256_mul_mont - leal 96(%esp),%esi - leal 64(%esp),%ebp - leal 32(%esp),%edi - call __ecp_nistz256_add - movl $64,%edi - leal 128(%esp),%esi - leal 128(%esp),%ebp - addl 184(%esp),%edi - call __ecp_nistz256_add - leal 96(%esp),%esi - leal 64(%esp),%ebp - leal 64(%esp),%edi - call __ecp_nistz256_sub - movl 160(%esp),%eax - leal (%esp),%esi - leal (%esp),%ebp - leal 128(%esp),%edi - call __ecp_nistz256_mul_mont - movl 160(%esp),%eax - leal 32(%esp),%esi - leal 64(%esp),%ebp - leal 32(%esp),%edi - call __ecp_nistz256_mul_mont - movl $32,%edi - leal 128(%esp),%esi - addl 184(%esp),%edi - call __ecp_nistz256_div_by_2 - leal 32(%esp),%esi - leal 32(%esp),%ebp - leal 128(%esp),%edi - call __ecp_nistz256_add - movl 160(%esp),%eax - leal 96(%esp),%esi - leal (%esp),%ebp - leal (%esp),%edi - call __ecp_nistz256_mul_mont - leal 128(%esp),%esi - leal 32(%esp),%ebp - leal 32(%esp),%edi - call __ecp_nistz256_add - leal (%esp),%esi - leal (%esp),%ebp - leal 128(%esp),%edi - call __ecp_nistz256_add - movl 160(%esp),%eax - leal 32(%esp),%esi - leal 32(%esp),%ebp - movl 184(%esp),%edi - call __ecp_nistz256_mul_mont - movl %edi,%esi - leal 128(%esp),%ebp - call __ecp_nistz256_sub - leal (%esp),%esi - movl %edi,%ebp - leal (%esp),%edi - call __ecp_nistz256_sub - movl 160(%esp),%eax - movl %edi,%esi - leal 32(%esp),%ebp - call __ecp_nistz256_mul_mont - movl $32,%ebp - leal (%esp),%esi - addl 184(%esp),%ebp - movl %ebp,%edi - call __ecp_nistz256_sub - addl $164,%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.globl _GFp_nistz256_point_add_affine -.private_extern _GFp_nistz256_point_add_affine -.align 4 -_GFp_nistz256_point_add_affine: -L_GFp_nistz256_point_add_affine_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 24(%esp),%esi - subl $492,%esp - call __picup_eax -L003pic: - movl L_GFp_ia32cap_P$non_lazy_ptr-L003pic(%eax),%edx - movl (%edx),%ebp - leal 96(%esp),%edi - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edx - movl %eax,(%edi) - movl %ebp,488(%esp) - movl %ebx,4(%edi) - movl %ecx,8(%edi) - movl %edx,12(%edi) - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edx - movl %eax,16(%edi) - movl %ebx,20(%edi) - movl %ecx,24(%edi) - movl %edx,28(%edi) - movl 32(%esi),%eax - movl 36(%esi),%ebx - movl 40(%esi),%ecx - movl 44(%esi),%edx - movl %eax,32(%edi) - movl %ebx,36(%edi) - movl %ecx,40(%edi) - movl %edx,44(%edi) - movl 48(%esi),%eax - movl 52(%esi),%ebx - movl 56(%esi),%ecx - movl 60(%esi),%edx - movl %eax,48(%edi) - movl %ebx,52(%edi) - movl %ecx,56(%edi) - movl %edx,60(%edi) - movl 64(%esi),%eax - movl 68(%esi),%ebx - movl 72(%esi),%ecx - movl 76(%esi),%edx - movl %eax,64(%edi) - movl %eax,%ebp - movl %ebx,68(%edi) - orl %ebx,%ebp - movl %ecx,72(%edi) - orl %ecx,%ebp - movl %edx,76(%edi) - orl %edx,%ebp - movl 80(%esi),%eax - movl 84(%esi),%ebx - movl 88(%esi),%ecx - movl 92(%esi),%edx - movl %eax,80(%edi) - orl %eax,%ebp - movl %ebx,84(%edi) - orl %ebx,%ebp - movl %ecx,88(%edi) - orl %ecx,%ebp - movl %edx,92(%edi) - orl %edx,%ebp - xorl %eax,%eax - movl 520(%esp),%esi - subl %ebp,%eax - orl %eax,%ebp - sarl $31,%ebp - movl %ebp,480(%esp) - leal 192(%esp),%edi - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%edx - movl %eax,(%edi) - movl %eax,%ebp - movl %ebx,4(%edi) - orl %ebx,%ebp - movl %ecx,8(%edi) - orl %ecx,%ebp - movl %edx,12(%edi) - orl %edx,%ebp - movl 16(%esi),%eax - movl 20(%esi),%ebx - movl 24(%esi),%ecx - movl 28(%esi),%edx - movl %eax,16(%edi) - orl %eax,%ebp - movl %ebx,20(%edi) - orl %ebx,%ebp - movl %ecx,24(%edi) - orl %ecx,%ebp - movl %edx,28(%edi) - orl %edx,%ebp - movl 32(%esi),%eax - movl 36(%esi),%ebx - movl 40(%esi),%ecx - movl 44(%esi),%edx - movl %eax,32(%edi) - orl %eax,%ebp - movl %ebx,36(%edi) - orl %ebx,%ebp - movl %ecx,40(%edi) - orl %ecx,%ebp - movl %edx,44(%edi) - orl %edx,%ebp - movl 48(%esi),%eax - movl 52(%esi),%ebx - movl 56(%esi),%ecx - movl 60(%esi),%edx - movl %eax,48(%edi) - orl %eax,%ebp - movl %ebx,52(%edi) - orl %ebx,%ebp - movl %ecx,56(%edi) - orl %ecx,%ebp - movl %edx,60(%edi) - orl %edx,%ebp - xorl %ebx,%ebx - movl 488(%esp),%eax - subl %ebp,%ebx - leal 160(%esp),%esi - orl %ebp,%ebx - leal 160(%esp),%ebp - sarl $31,%ebx - leal 288(%esp),%edi - movl %ebx,484(%esp) - call __ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 192(%esp),%esi - movl %edi,%ebp - leal 256(%esp),%edi - call __ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 160(%esp),%esi - leal 288(%esp),%ebp - leal 288(%esp),%edi - call __ecp_nistz256_mul_mont - leal 256(%esp),%esi - leal 96(%esp),%ebp - leal 320(%esp),%edi - call __ecp_nistz256_sub - movl 488(%esp),%eax - leal 224(%esp),%esi - leal 288(%esp),%ebp - leal 288(%esp),%edi - call __ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 160(%esp),%esi - leal 320(%esp),%ebp - leal 64(%esp),%edi - call __ecp_nistz256_mul_mont - leal 288(%esp),%esi - leal 128(%esp),%ebp - leal 352(%esp),%edi - call __ecp_nistz256_sub - movl 488(%esp),%eax - leal 320(%esp),%esi - leal 320(%esp),%ebp - leal 384(%esp),%edi - call __ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 352(%esp),%esi - leal 352(%esp),%ebp - leal 448(%esp),%edi - call __ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 96(%esp),%esi - leal 384(%esp),%ebp - leal 256(%esp),%edi - call __ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 320(%esp),%esi - leal 384(%esp),%ebp - leal 416(%esp),%edi - call __ecp_nistz256_mul_mont - leal 256(%esp),%esi - leal 256(%esp),%ebp - leal 384(%esp),%edi - call __ecp_nistz256_add - leal 448(%esp),%esi - leal 384(%esp),%ebp - leal (%esp),%edi - call __ecp_nistz256_sub - leal (%esp),%esi - leal 416(%esp),%ebp - leal (%esp),%edi - call __ecp_nistz256_sub - leal 256(%esp),%esi - leal (%esp),%ebp - leal 32(%esp),%edi - call __ecp_nistz256_sub - movl 488(%esp),%eax - leal 416(%esp),%esi - leal 128(%esp),%ebp - leal 288(%esp),%edi - call __ecp_nistz256_mul_mont - movl 488(%esp),%eax - leal 352(%esp),%esi - leal 32(%esp),%ebp - leal 32(%esp),%edi - call __ecp_nistz256_mul_mont - leal 32(%esp),%esi - leal 288(%esp),%ebp - leal 32(%esp),%edi - call __ecp_nistz256_sub - movl 480(%esp),%ebp - movl 484(%esp),%esi - movl 512(%esp),%edi - movl %ebp,%edx - notl %ebp - andl %esi,%edx - andl %esi,%ebp - notl %esi - movl %edx,%eax - andl 64(%esp),%eax - movl %ebp,%ebx - andl $1,%ebx - movl %esi,%ecx - andl 160(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,64(%edi) - movl %edx,%eax - andl 68(%esp),%eax - movl %esi,%ecx - andl 164(%esp),%ecx - orl %ecx,%eax - movl %eax,68(%edi) - movl %edx,%eax - andl 72(%esp),%eax - movl %esi,%ecx - andl 168(%esp),%ecx - orl %ecx,%eax - movl %eax,72(%edi) - movl %edx,%eax - andl 76(%esp),%eax - movl %esi,%ecx - andl 172(%esp),%ecx - orl %ebp,%eax - orl %ecx,%eax - movl %eax,76(%edi) - movl %edx,%eax - andl 80(%esp),%eax - movl %esi,%ecx - andl 176(%esp),%ecx - orl %ebp,%eax - orl %ecx,%eax - movl %eax,80(%edi) - movl %edx,%eax - andl 84(%esp),%eax - movl %esi,%ecx - andl 180(%esp),%ecx - orl %ebp,%eax - orl %ecx,%eax - movl %eax,84(%edi) - movl %edx,%eax - andl 88(%esp),%eax - movl %ebp,%ebx - andl $-2,%ebx - movl %esi,%ecx - andl 184(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,88(%edi) - movl %edx,%eax - andl 92(%esp),%eax - movl %esi,%ecx - andl 188(%esp),%ecx - orl %ecx,%eax - movl %eax,92(%edi) - movl %edx,%eax - andl (%esp),%eax - movl %ebp,%ebx - andl 192(%esp),%ebx - movl %esi,%ecx - andl 96(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,(%edi) - movl %edx,%eax - andl 4(%esp),%eax - movl %ebp,%ebx - andl 196(%esp),%ebx - movl %esi,%ecx - andl 100(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,4(%edi) - movl %edx,%eax - andl 8(%esp),%eax - movl %ebp,%ebx - andl 200(%esp),%ebx - movl %esi,%ecx - andl 104(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,8(%edi) - movl %edx,%eax - andl 12(%esp),%eax - movl %ebp,%ebx - andl 204(%esp),%ebx - movl %esi,%ecx - andl 108(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,12(%edi) - movl %edx,%eax - andl 16(%esp),%eax - movl %ebp,%ebx - andl 208(%esp),%ebx - movl %esi,%ecx - andl 112(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,16(%edi) - movl %edx,%eax - andl 20(%esp),%eax - movl %ebp,%ebx - andl 212(%esp),%ebx - movl %esi,%ecx - andl 116(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,20(%edi) - movl %edx,%eax - andl 24(%esp),%eax - movl %ebp,%ebx - andl 216(%esp),%ebx - movl %esi,%ecx - andl 120(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,24(%edi) - movl %edx,%eax - andl 28(%esp),%eax - movl %ebp,%ebx - andl 220(%esp),%ebx - movl %esi,%ecx - andl 124(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,28(%edi) - movl %edx,%eax - andl 32(%esp),%eax - movl %ebp,%ebx - andl 224(%esp),%ebx - movl %esi,%ecx - andl 128(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,32(%edi) - movl %edx,%eax - andl 36(%esp),%eax - movl %ebp,%ebx - andl 228(%esp),%ebx - movl %esi,%ecx - andl 132(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,36(%edi) - movl %edx,%eax - andl 40(%esp),%eax - movl %ebp,%ebx - andl 232(%esp),%ebx - movl %esi,%ecx - andl 136(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,40(%edi) - movl %edx,%eax - andl 44(%esp),%eax - movl %ebp,%ebx - andl 236(%esp),%ebx - movl %esi,%ecx - andl 140(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,44(%edi) - movl %edx,%eax - andl 48(%esp),%eax - movl %ebp,%ebx - andl 240(%esp),%ebx - movl %esi,%ecx - andl 144(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,48(%edi) - movl %edx,%eax - andl 52(%esp),%eax - movl %ebp,%ebx - andl 244(%esp),%ebx - movl %esi,%ecx - andl 148(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,52(%edi) - movl %edx,%eax - andl 56(%esp),%eax - movl %ebp,%ebx - andl 248(%esp),%ebx - movl %esi,%ecx - andl 152(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,56(%edi) - movl %edx,%eax - andl 60(%esp),%eax - movl %ebp,%ebx - andl 252(%esp),%ebx - movl %esi,%ecx - andl 156(%esp),%ecx - orl %ebx,%eax - orl %ecx,%eax - movl %eax,60(%edi) - addl $492,%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.section __IMPORT,__pointers,non_lazy_symbol_pointers -L_GFp_ia32cap_P$non_lazy_ptr: -.indirect_symbol _GFp_ia32cap_P -.long 0 -#endif diff --git a/pregenerated/ecp_nistz256-x86-win32n.obj b/pregenerated/ecp_nistz256-x86-win32n.obj Binary files differdeleted file mode 100644 index 606ba23..0000000 --- a/pregenerated/ecp_nistz256-x86-win32n.obj +++ /dev/null diff --git a/pregenerated/ghash-armv4-ios32.S b/pregenerated/ghash-armv4-ios32.S deleted file mode 100644 index b7e6ba4..0000000 --- a/pregenerated/ghash-armv4-ios32.S +++ /dev/null @@ -1,255 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> - -@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both -@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 PMULL -@ instructions are in aesv8-armx.pl.) - - -.text -#if defined(__thumb2__) || defined(__clang__) -.syntax unified -#define ldrplb ldrbpl -#define ldrneb ldrbne -#endif -#if defined(__thumb2__) -.thumb -#else -.code 32 -#endif -#if __ARM_MAX_ARCH__>=7 - - - -.globl _GFp_gcm_init_neon -.private_extern _GFp_gcm_init_neon -#ifdef __thumb2__ -.thumb_func _GFp_gcm_init_neon -#endif -.align 4 -_GFp_gcm_init_neon: - vld1.64 d7,[r1]! @ load H - vmov.i8 q8,#0xe1 - vld1.64 d6,[r1] - vshl.i64 d17,#57 - vshr.u64 d16,#63 @ t0=0xc2....01 - vdup.8 q9,d7[7] - vshr.u64 d26,d6,#63 - vshr.s8 q9,#7 @ broadcast carry bit - vshl.i64 q3,q3,#1 - vand q8,q8,q9 - vorr d7,d26 @ H<<<=1 - veor q3,q3,q8 @ twisted H - vstmia r0,{q3} - - bx lr @ bx lr - - -.globl _GFp_gcm_gmult_neon -.private_extern _GFp_gcm_gmult_neon -#ifdef __thumb2__ -.thumb_func _GFp_gcm_gmult_neon -#endif -.align 4 -_GFp_gcm_gmult_neon: - vld1.64 d7,[r0]! @ load Xi - vld1.64 d6,[r0]! - vmov.i64 d29,#0x0000ffffffffffff - vldmia r1,{d26,d27} @ load twisted H - vmov.i64 d30,#0x00000000ffffffff -#ifdef __ARMEL__ - vrev64.8 q3,q3 -#endif - vmov.i64 d31,#0x000000000000ffff - veor d28,d26,d27 @ Karatsuba pre-processing - mov r3,#16 - b Lgmult_neon - - -.globl _GFp_gcm_ghash_neon -.private_extern _GFp_gcm_ghash_neon -#ifdef __thumb2__ -.thumb_func _GFp_gcm_ghash_neon -#endif -.align 4 -_GFp_gcm_ghash_neon: - vld1.64 d1,[r0]! @ load Xi - vld1.64 d0,[r0]! - vmov.i64 d29,#0x0000ffffffffffff - vldmia r1,{d26,d27} @ load twisted H - vmov.i64 d30,#0x00000000ffffffff -#ifdef __ARMEL__ - vrev64.8 q0,q0 -#endif - vmov.i64 d31,#0x000000000000ffff - veor d28,d26,d27 @ Karatsuba pre-processing - -Loop_neon: - vld1.64 d7,[r2]! @ load inp - vld1.64 d6,[r2]! -#ifdef __ARMEL__ - vrev64.8 q3,q3 -#endif - veor q3,q0 @ inp^=Xi -Lgmult_neon: - vext.8 d16, d26, d26, #1 @ A1 - vmull.p8 q8, d16, d6 @ F = A1*B - vext.8 d0, d6, d6, #1 @ B1 - vmull.p8 q0, d26, d0 @ E = A*B1 - vext.8 d18, d26, d26, #2 @ A2 - vmull.p8 q9, d18, d6 @ H = A2*B - vext.8 d22, d6, d6, #2 @ B2 - vmull.p8 q11, d26, d22 @ G = A*B2 - vext.8 d20, d26, d26, #3 @ A3 - veor q8, q8, q0 @ L = E + F - vmull.p8 q10, d20, d6 @ J = A3*B - vext.8 d0, d6, d6, #3 @ B3 - veor q9, q9, q11 @ M = G + H - vmull.p8 q0, d26, d0 @ I = A*B3 - veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 - vand d17, d17, d29 - vext.8 d22, d6, d6, #4 @ B4 - veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 - vand d19, d19, d30 - vmull.p8 q11, d26, d22 @ K = A*B4 - veor q10, q10, q0 @ N = I + J - veor d16, d16, d17 - veor d18, d18, d19 - veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 - vand d21, d21, d31 - vext.8 q8, q8, q8, #15 - veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 - vmov.i64 d23, #0 - vext.8 q9, q9, q9, #14 - veor d20, d20, d21 - vmull.p8 q0, d26, d6 @ D = A*B - vext.8 q11, q11, q11, #12 - vext.8 q10, q10, q10, #13 - veor q8, q8, q9 - veor q10, q10, q11 - veor q0, q0, q8 - veor q0, q0, q10 - veor d6,d6,d7 @ Karatsuba pre-processing - vext.8 d16, d28, d28, #1 @ A1 - vmull.p8 q8, d16, d6 @ F = A1*B - vext.8 d2, d6, d6, #1 @ B1 - vmull.p8 q1, d28, d2 @ E = A*B1 - vext.8 d18, d28, d28, #2 @ A2 - vmull.p8 q9, d18, d6 @ H = A2*B - vext.8 d22, d6, d6, #2 @ B2 - vmull.p8 q11, d28, d22 @ G = A*B2 - vext.8 d20, d28, d28, #3 @ A3 - veor q8, q8, q1 @ L = E + F - vmull.p8 q10, d20, d6 @ J = A3*B - vext.8 d2, d6, d6, #3 @ B3 - veor q9, q9, q11 @ M = G + H - vmull.p8 q1, d28, d2 @ I = A*B3 - veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 - vand d17, d17, d29 - vext.8 d22, d6, d6, #4 @ B4 - veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 - vand d19, d19, d30 - vmull.p8 q11, d28, d22 @ K = A*B4 - veor q10, q10, q1 @ N = I + J - veor d16, d16, d17 - veor d18, d18, d19 - veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 - vand d21, d21, d31 - vext.8 q8, q8, q8, #15 - veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 - vmov.i64 d23, #0 - vext.8 q9, q9, q9, #14 - veor d20, d20, d21 - vmull.p8 q1, d28, d6 @ D = A*B - vext.8 q11, q11, q11, #12 - vext.8 q10, q10, q10, #13 - veor q8, q8, q9 - veor q10, q10, q11 - veor q1, q1, q8 - veor q1, q1, q10 - vext.8 d16, d27, d27, #1 @ A1 - vmull.p8 q8, d16, d7 @ F = A1*B - vext.8 d4, d7, d7, #1 @ B1 - vmull.p8 q2, d27, d4 @ E = A*B1 - vext.8 d18, d27, d27, #2 @ A2 - vmull.p8 q9, d18, d7 @ H = A2*B - vext.8 d22, d7, d7, #2 @ B2 - vmull.p8 q11, d27, d22 @ G = A*B2 - vext.8 d20, d27, d27, #3 @ A3 - veor q8, q8, q2 @ L = E + F - vmull.p8 q10, d20, d7 @ J = A3*B - vext.8 d4, d7, d7, #3 @ B3 - veor q9, q9, q11 @ M = G + H - vmull.p8 q2, d27, d4 @ I = A*B3 - veor d16, d16, d17 @ t0 = (L) (P0 + P1) << 8 - vand d17, d17, d29 - vext.8 d22, d7, d7, #4 @ B4 - veor d18, d18, d19 @ t1 = (M) (P2 + P3) << 16 - vand d19, d19, d30 - vmull.p8 q11, d27, d22 @ K = A*B4 - veor q10, q10, q2 @ N = I + J - veor d16, d16, d17 - veor d18, d18, d19 - veor d20, d20, d21 @ t2 = (N) (P4 + P5) << 24 - vand d21, d21, d31 - vext.8 q8, q8, q8, #15 - veor d22, d22, d23 @ t3 = (K) (P6 + P7) << 32 - vmov.i64 d23, #0 - vext.8 q9, q9, q9, #14 - veor d20, d20, d21 - vmull.p8 q2, d27, d7 @ D = A*B - vext.8 q11, q11, q11, #12 - vext.8 q10, q10, q10, #13 - veor q8, q8, q9 - veor q10, q10, q11 - veor q2, q2, q8 - veor q2, q2, q10 - veor q1,q1,q0 @ Karatsuba post-processing - veor q1,q1,q2 - veor d1,d1,d2 - veor d4,d4,d3 @ Xh|Xl - 256-bit result - - @ equivalent of reduction_avx from ghash-x86_64.pl - vshl.i64 q9,q0,#57 @ 1st phase - vshl.i64 q10,q0,#62 - veor q10,q10,q9 @ - vshl.i64 q9,q0,#63 - veor q10, q10, q9 @ - veor d1,d1,d20 @ - veor d4,d4,d21 - - vshr.u64 q10,q0,#1 @ 2nd phase - veor q2,q2,q0 - veor q0,q0,q10 @ - vshr.u64 q10,q10,#6 - vshr.u64 q0,q0,#1 @ - veor q0,q0,q2 @ - veor q0,q0,q10 @ - - subs r3,#16 - bne Loop_neon - -#ifdef __ARMEL__ - vrev64.8 q0,q0 -#endif - sub r0,#16 - vst1.64 d1,[r0]! @ write out Xi - vst1.64 d0,[r0] - - bx lr @ bx lr - -#endif -.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 -.align 2 -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/ghash-armv4-linux32.S b/pregenerated/ghash-armv4-linux32.S index d8d63b4..d89e3e3 100644 --- a/pregenerated/ghash-armv4-linux32.S +++ b/pregenerated/ghash-armv4-linux32.S @@ -10,7 +10,8 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> @ Silence ARMv8 deprecated IT instruction warnings. This file is used by both @ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. (ARMv8 PMULL @@ -32,11 +33,11 @@ .arch armv7-a .fpu neon -.globl GFp_gcm_init_neon -.hidden GFp_gcm_init_neon -.type GFp_gcm_init_neon,%function +.globl gcm_init_neon +.hidden gcm_init_neon +.type gcm_init_neon,%function .align 4 -GFp_gcm_init_neon: +gcm_init_neon: vld1.64 d7,[r1]! @ load H vmov.i8 q8,#0xe1 vld1.64 d6,[r1] @@ -52,13 +53,13 @@ GFp_gcm_init_neon: vstmia r0,{q3} bx lr @ bx lr -.size GFp_gcm_init_neon,.-GFp_gcm_init_neon +.size gcm_init_neon,.-gcm_init_neon -.globl GFp_gcm_gmult_neon -.hidden GFp_gcm_gmult_neon -.type GFp_gcm_gmult_neon,%function +.globl gcm_gmult_neon +.hidden gcm_gmult_neon +.type gcm_gmult_neon,%function .align 4 -GFp_gcm_gmult_neon: +gcm_gmult_neon: vld1.64 d7,[r0]! @ load Xi vld1.64 d6,[r0]! vmov.i64 d29,#0x0000ffffffffffff @@ -71,13 +72,13 @@ GFp_gcm_gmult_neon: veor d28,d26,d27 @ Karatsuba pre-processing mov r3,#16 b .Lgmult_neon -.size GFp_gcm_gmult_neon,.-GFp_gcm_gmult_neon +.size gcm_gmult_neon,.-gcm_gmult_neon -.globl GFp_gcm_ghash_neon -.hidden GFp_gcm_ghash_neon -.type GFp_gcm_ghash_neon,%function +.globl gcm_ghash_neon +.hidden gcm_ghash_neon +.type gcm_ghash_neon,%function .align 4 -GFp_gcm_ghash_neon: +gcm_ghash_neon: vld1.64 d1,[r0]! @ load Xi vld1.64 d0,[r0]! vmov.i64 d29,#0x0000ffffffffffff @@ -242,7 +243,7 @@ GFp_gcm_ghash_neon: vst1.64 d0,[r0] bx lr @ bx lr -.size GFp_gcm_ghash_neon,.-GFp_gcm_ghash_neon +.size gcm_ghash_neon,.-gcm_ghash_neon #endif .byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 diff --git a/pregenerated/ghash-neon-armv8-ios64.S b/pregenerated/ghash-neon-armv8-ios64.S index 24a50bc..5e596e5 100644 --- a/pregenerated/ghash-neon-armv8-ios64.S +++ b/pregenerated/ghash-neon-armv8-ios64.S @@ -9,15 +9,16 @@ #endif #if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .text -.globl _GFp_gcm_init_neon -.private_extern _GFp_gcm_init_neon +.globl _gcm_init_neon +.private_extern _gcm_init_neon .align 4 -_GFp_gcm_init_neon: +_gcm_init_neon: AARCH64_VALID_CALL_TARGET // This function is adapted from gcm_init_v8. xC2 is t3. ld1 {v17.2d}, [x1] // load H @@ -39,11 +40,11 @@ _GFp_gcm_init_neon: ret -.globl _GFp_gcm_gmult_neon -.private_extern _GFp_gcm_gmult_neon +.globl _gcm_gmult_neon +.private_extern _gcm_gmult_neon .align 4 -_GFp_gcm_gmult_neon: +_gcm_gmult_neon: AARCH64_VALID_CALL_TARGET ld1 {v3.16b}, [x0] // load Xi ld1 {v5.1d}, [x1], #8 // load twisted H @@ -59,11 +60,11 @@ _GFp_gcm_gmult_neon: b Lgmult_neon -.globl _GFp_gcm_ghash_neon -.private_extern _GFp_gcm_ghash_neon +.globl _gcm_ghash_neon +.private_extern _gcm_ghash_neon .align 4 -_GFp_gcm_ghash_neon: +_gcm_ghash_neon: AARCH64_VALID_CALL_TARGET ld1 {v0.16b}, [x0] // load Xi ld1 {v5.1d}, [x1], #8 // load twisted H diff --git a/pregenerated/ghash-neon-armv8-linux64.S b/pregenerated/ghash-neon-armv8-linux64.S index 965f274..0a4477f 100644 --- a/pregenerated/ghash-neon-armv8-linux64.S +++ b/pregenerated/ghash-neon-armv8-linux64.S @@ -10,15 +10,16 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__aarch64__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .text -.globl GFp_gcm_init_neon -.hidden GFp_gcm_init_neon -.type GFp_gcm_init_neon,%function +.globl gcm_init_neon +.hidden gcm_init_neon +.type gcm_init_neon,%function .align 4 -GFp_gcm_init_neon: +gcm_init_neon: AARCH64_VALID_CALL_TARGET // This function is adapted from gcm_init_v8. xC2 is t3. ld1 {v17.2d}, [x1] // load H @@ -38,13 +39,13 @@ GFp_gcm_init_neon: eor v5.16b, v3.16b, v16.16b // twisted H st1 {v5.2d}, [x0] // store Htable[0] ret -.size GFp_gcm_init_neon,.-GFp_gcm_init_neon +.size gcm_init_neon,.-gcm_init_neon -.globl GFp_gcm_gmult_neon -.hidden GFp_gcm_gmult_neon -.type GFp_gcm_gmult_neon,%function +.globl gcm_gmult_neon +.hidden gcm_gmult_neon +.type gcm_gmult_neon,%function .align 4 -GFp_gcm_gmult_neon: +gcm_gmult_neon: AARCH64_VALID_CALL_TARGET ld1 {v3.16b}, [x0] // load Xi ld1 {v5.1d}, [x1], #8 // load twisted H @@ -58,13 +59,13 @@ GFp_gcm_gmult_neon: mov x3, #16 b .Lgmult_neon -.size GFp_gcm_gmult_neon,.-GFp_gcm_gmult_neon +.size gcm_gmult_neon,.-gcm_gmult_neon -.globl GFp_gcm_ghash_neon -.hidden GFp_gcm_ghash_neon -.type GFp_gcm_ghash_neon,%function +.globl gcm_ghash_neon +.hidden gcm_ghash_neon +.type gcm_ghash_neon,%function .align 4 -GFp_gcm_ghash_neon: +gcm_ghash_neon: AARCH64_VALID_CALL_TARGET ld1 {v0.16b}, [x0] // load Xi ld1 {v5.1d}, [x1], #8 // load twisted H @@ -326,7 +327,7 @@ GFp_gcm_ghash_neon: st1 {v0.16b}, [x0] ret -.size GFp_gcm_ghash_neon,.-GFp_gcm_ghash_neon +.size gcm_ghash_neon,.-gcm_ghash_neon .section .rodata .align 4 diff --git a/pregenerated/ghash-x86-elf.S b/pregenerated/ghash-x86-elf.S index 7eaeca0..d7a1043 100644 --- a/pregenerated/ghash-x86-elf.S +++ b/pregenerated/ghash-x86-elf.S @@ -2,16 +2,14 @@ # source tree. Do not edit by hand. #if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl GFp_gcm_init_clmul -.hidden GFp_gcm_init_clmul -.type GFp_gcm_init_clmul,@function +.globl gcm_init_clmul +.hidden gcm_init_clmul +.type gcm_init_clmul,@function .align 16 -GFp_gcm_init_clmul: -.L_GFp_gcm_init_clmul_begin: +gcm_init_clmul: +.L_gcm_init_clmul_begin: movl 4(%esp),%edx movl 8(%esp),%eax call .L000pic @@ -75,13 +73,13 @@ GFp_gcm_init_clmul: .byte 102,15,58,15,227,8 movdqu %xmm4,32(%edx) ret -.size GFp_gcm_init_clmul,.-.L_GFp_gcm_init_clmul_begin -.globl GFp_gcm_gmult_clmul -.hidden GFp_gcm_gmult_clmul -.type GFp_gcm_gmult_clmul,@function +.size gcm_init_clmul,.-.L_gcm_init_clmul_begin +.globl gcm_gmult_clmul +.hidden gcm_gmult_clmul +.type gcm_gmult_clmul,@function .align 16 -GFp_gcm_gmult_clmul: -.L_GFp_gcm_gmult_clmul_begin: +gcm_gmult_clmul: +.L_gcm_gmult_clmul_begin: movl 4(%esp),%eax movl 8(%esp),%edx call .L001pic @@ -129,13 +127,13 @@ GFp_gcm_gmult_clmul: .byte 102,15,56,0,197 movdqu %xmm0,(%eax) ret -.size GFp_gcm_gmult_clmul,.-.L_GFp_gcm_gmult_clmul_begin -.globl GFp_gcm_ghash_clmul -.hidden GFp_gcm_ghash_clmul -.type GFp_gcm_ghash_clmul,@function +.size gcm_gmult_clmul,.-.L_gcm_gmult_clmul_begin +.globl gcm_ghash_clmul +.hidden gcm_ghash_clmul +.type gcm_ghash_clmul,@function .align 16 -GFp_gcm_ghash_clmul: -.L_GFp_gcm_ghash_clmul_begin: +gcm_ghash_clmul: +.L_gcm_ghash_clmul_begin: pushl %ebp pushl %ebx pushl %esi @@ -317,7 +315,7 @@ GFp_gcm_ghash_clmul: popl %ebx popl %ebp ret -.size GFp_gcm_ghash_clmul,.-.L_GFp_gcm_ghash_clmul_begin +.size gcm_ghash_clmul,.-.L_gcm_ghash_clmul_begin .align 64 .Lbswap: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 diff --git a/pregenerated/ghash-x86-macosx.S b/pregenerated/ghash-x86-macosx.S deleted file mode 100644 index 6e61330..0000000 --- a/pregenerated/ghash-x86-macosx.S +++ /dev/null @@ -1,357 +0,0 @@ -# This file is generated from a similarly-named Perl script in the BoringSSL -# source tree. Do not edit by hand. - -#if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif -.text -.globl _GFp_gcm_init_clmul -.private_extern _GFp_gcm_init_clmul -.align 4 -_GFp_gcm_init_clmul: -L_GFp_gcm_init_clmul_begin: - movl 4(%esp),%edx - movl 8(%esp),%eax - call L000pic -L000pic: - popl %ecx - leal Lbswap-L000pic(%ecx),%ecx - movdqu (%eax),%xmm2 - pshufd $78,%xmm2,%xmm2 - pshufd $255,%xmm2,%xmm4 - movdqa %xmm2,%xmm3 - psllq $1,%xmm2 - pxor %xmm5,%xmm5 - psrlq $63,%xmm3 - pcmpgtd %xmm4,%xmm5 - pslldq $8,%xmm3 - por %xmm3,%xmm2 - pand 16(%ecx),%xmm5 - pxor %xmm5,%xmm2 - movdqa %xmm2,%xmm0 - movdqa %xmm0,%xmm1 - pshufd $78,%xmm0,%xmm3 - pshufd $78,%xmm2,%xmm4 - pxor %xmm0,%xmm3 - pxor %xmm2,%xmm4 -.byte 102,15,58,68,194,0 -.byte 102,15,58,68,202,17 -.byte 102,15,58,68,220,0 - xorps %xmm0,%xmm3 - xorps %xmm1,%xmm3 - movdqa %xmm3,%xmm4 - psrldq $8,%xmm3 - pslldq $8,%xmm4 - pxor %xmm3,%xmm1 - pxor %xmm4,%xmm0 - movdqa %xmm0,%xmm4 - movdqa %xmm0,%xmm3 - psllq $5,%xmm0 - pxor %xmm0,%xmm3 - psllq $1,%xmm0 - pxor %xmm3,%xmm0 - psllq $57,%xmm0 - movdqa %xmm0,%xmm3 - pslldq $8,%xmm0 - psrldq $8,%xmm3 - pxor %xmm4,%xmm0 - pxor %xmm3,%xmm1 - movdqa %xmm0,%xmm4 - psrlq $1,%xmm0 - pxor %xmm4,%xmm1 - pxor %xmm0,%xmm4 - psrlq $5,%xmm0 - pxor %xmm4,%xmm0 - psrlq $1,%xmm0 - pxor %xmm1,%xmm0 - pshufd $78,%xmm2,%xmm3 - pshufd $78,%xmm0,%xmm4 - pxor %xmm2,%xmm3 - movdqu %xmm2,(%edx) - pxor %xmm0,%xmm4 - movdqu %xmm0,16(%edx) -.byte 102,15,58,15,227,8 - movdqu %xmm4,32(%edx) - ret -.globl _GFp_gcm_gmult_clmul -.private_extern _GFp_gcm_gmult_clmul -.align 4 -_GFp_gcm_gmult_clmul: -L_GFp_gcm_gmult_clmul_begin: - movl 4(%esp),%eax - movl 8(%esp),%edx - call L001pic -L001pic: - popl %ecx - leal Lbswap-L001pic(%ecx),%ecx - movdqu (%eax),%xmm0 - movdqa (%ecx),%xmm5 - movups (%edx),%xmm2 -.byte 102,15,56,0,197 - movups 32(%edx),%xmm4 - movdqa %xmm0,%xmm1 - pshufd $78,%xmm0,%xmm3 - pxor %xmm0,%xmm3 -.byte 102,15,58,68,194,0 -.byte 102,15,58,68,202,17 -.byte 102,15,58,68,220,0 - xorps %xmm0,%xmm3 - xorps %xmm1,%xmm3 - movdqa %xmm3,%xmm4 - psrldq $8,%xmm3 - pslldq $8,%xmm4 - pxor %xmm3,%xmm1 - pxor %xmm4,%xmm0 - movdqa %xmm0,%xmm4 - movdqa %xmm0,%xmm3 - psllq $5,%xmm0 - pxor %xmm0,%xmm3 - psllq $1,%xmm0 - pxor %xmm3,%xmm0 - psllq $57,%xmm0 - movdqa %xmm0,%xmm3 - pslldq $8,%xmm0 - psrldq $8,%xmm3 - pxor %xmm4,%xmm0 - pxor %xmm3,%xmm1 - movdqa %xmm0,%xmm4 - psrlq $1,%xmm0 - pxor %xmm4,%xmm1 - pxor %xmm0,%xmm4 - psrlq $5,%xmm0 - pxor %xmm4,%xmm0 - psrlq $1,%xmm0 - pxor %xmm1,%xmm0 -.byte 102,15,56,0,197 - movdqu %xmm0,(%eax) - ret -.globl _GFp_gcm_ghash_clmul -.private_extern _GFp_gcm_ghash_clmul -.align 4 -_GFp_gcm_ghash_clmul: -L_GFp_gcm_ghash_clmul_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 20(%esp),%eax - movl 24(%esp),%edx - movl 28(%esp),%esi - movl 32(%esp),%ebx - call L002pic -L002pic: - popl %ecx - leal Lbswap-L002pic(%ecx),%ecx - movdqu (%eax),%xmm0 - movdqa (%ecx),%xmm5 - movdqu (%edx),%xmm2 -.byte 102,15,56,0,197 - subl $16,%ebx - jz L003odd_tail - movdqu (%esi),%xmm3 - movdqu 16(%esi),%xmm6 -.byte 102,15,56,0,221 -.byte 102,15,56,0,245 - movdqu 32(%edx),%xmm5 - pxor %xmm3,%xmm0 - pshufd $78,%xmm6,%xmm3 - movdqa %xmm6,%xmm7 - pxor %xmm6,%xmm3 - leal 32(%esi),%esi -.byte 102,15,58,68,242,0 -.byte 102,15,58,68,250,17 -.byte 102,15,58,68,221,0 - movups 16(%edx),%xmm2 - nop - subl $32,%ebx - jbe L004even_tail - jmp L005mod_loop -.align 5,0x90 -L005mod_loop: - pshufd $78,%xmm0,%xmm4 - movdqa %xmm0,%xmm1 - pxor %xmm0,%xmm4 - nop -.byte 102,15,58,68,194,0 -.byte 102,15,58,68,202,17 -.byte 102,15,58,68,229,16 - movups (%edx),%xmm2 - xorps %xmm6,%xmm0 - movdqa (%ecx),%xmm5 - xorps %xmm7,%xmm1 - movdqu (%esi),%xmm7 - pxor %xmm0,%xmm3 - movdqu 16(%esi),%xmm6 - pxor %xmm1,%xmm3 -.byte 102,15,56,0,253 - pxor %xmm3,%xmm4 - movdqa %xmm4,%xmm3 - psrldq $8,%xmm4 - pslldq $8,%xmm3 - pxor %xmm4,%xmm1 - pxor %xmm3,%xmm0 -.byte 102,15,56,0,245 - pxor %xmm7,%xmm1 - movdqa %xmm6,%xmm7 - movdqa %xmm0,%xmm4 - movdqa %xmm0,%xmm3 - psllq $5,%xmm0 - pxor %xmm0,%xmm3 - psllq $1,%xmm0 - pxor %xmm3,%xmm0 -.byte 102,15,58,68,242,0 - movups 32(%edx),%xmm5 - psllq $57,%xmm0 - movdqa %xmm0,%xmm3 - pslldq $8,%xmm0 - psrldq $8,%xmm3 - pxor %xmm4,%xmm0 - pxor %xmm3,%xmm1 - pshufd $78,%xmm7,%xmm3 - movdqa %xmm0,%xmm4 - psrlq $1,%xmm0 - pxor %xmm7,%xmm3 - pxor %xmm4,%xmm1 -.byte 102,15,58,68,250,17 - movups 16(%edx),%xmm2 - pxor %xmm0,%xmm4 - psrlq $5,%xmm0 - pxor %xmm4,%xmm0 - psrlq $1,%xmm0 - pxor %xmm1,%xmm0 -.byte 102,15,58,68,221,0 - leal 32(%esi),%esi - subl $32,%ebx - ja L005mod_loop -L004even_tail: - pshufd $78,%xmm0,%xmm4 - movdqa %xmm0,%xmm1 - pxor %xmm0,%xmm4 -.byte 102,15,58,68,194,0 -.byte 102,15,58,68,202,17 -.byte 102,15,58,68,229,16 - movdqa (%ecx),%xmm5 - xorps %xmm6,%xmm0 - xorps %xmm7,%xmm1 - pxor %xmm0,%xmm3 - pxor %xmm1,%xmm3 - pxor %xmm3,%xmm4 - movdqa %xmm4,%xmm3 - psrldq $8,%xmm4 - pslldq $8,%xmm3 - pxor %xmm4,%xmm1 - pxor %xmm3,%xmm0 - movdqa %xmm0,%xmm4 - movdqa %xmm0,%xmm3 - psllq $5,%xmm0 - pxor %xmm0,%xmm3 - psllq $1,%xmm0 - pxor %xmm3,%xmm0 - psllq $57,%xmm0 - movdqa %xmm0,%xmm3 - pslldq $8,%xmm0 - psrldq $8,%xmm3 - pxor %xmm4,%xmm0 - pxor %xmm3,%xmm1 - movdqa %xmm0,%xmm4 - psrlq $1,%xmm0 - pxor %xmm4,%xmm1 - pxor %xmm0,%xmm4 - psrlq $5,%xmm0 - pxor %xmm4,%xmm0 - psrlq $1,%xmm0 - pxor %xmm1,%xmm0 - testl %ebx,%ebx - jnz L006done - movups (%edx),%xmm2 -L003odd_tail: - movdqu (%esi),%xmm3 -.byte 102,15,56,0,221 - pxor %xmm3,%xmm0 - movdqa %xmm0,%xmm1 - pshufd $78,%xmm0,%xmm3 - pshufd $78,%xmm2,%xmm4 - pxor %xmm0,%xmm3 - pxor %xmm2,%xmm4 -.byte 102,15,58,68,194,0 -.byte 102,15,58,68,202,17 -.byte 102,15,58,68,220,0 - xorps %xmm0,%xmm3 - xorps %xmm1,%xmm3 - movdqa %xmm3,%xmm4 - psrldq $8,%xmm3 - pslldq $8,%xmm4 - pxor %xmm3,%xmm1 - pxor %xmm4,%xmm0 - movdqa %xmm0,%xmm4 - movdqa %xmm0,%xmm3 - psllq $5,%xmm0 - pxor %xmm0,%xmm3 - psllq $1,%xmm0 - pxor %xmm3,%xmm0 - psllq $57,%xmm0 - movdqa %xmm0,%xmm3 - pslldq $8,%xmm0 - psrldq $8,%xmm3 - pxor %xmm4,%xmm0 - pxor %xmm3,%xmm1 - movdqa %xmm0,%xmm4 - psrlq $1,%xmm0 - pxor %xmm4,%xmm1 - pxor %xmm0,%xmm4 - psrlq $5,%xmm0 - pxor %xmm4,%xmm0 - psrlq $1,%xmm0 - pxor %xmm1,%xmm0 -L006done: -.byte 102,15,56,0,197 - movdqu %xmm0,(%eax) - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.align 6,0x90 -Lbswap: -.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 -.byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,194 -.align 6,0x90 -L007rem_8bit: -.value 0,450,900,582,1800,1738,1164,1358 -.value 3600,4050,3476,3158,2328,2266,2716,2910 -.value 7200,7650,8100,7782,6952,6890,6316,6510 -.value 4656,5106,4532,4214,5432,5370,5820,6014 -.value 14400,14722,15300,14854,16200,16010,15564,15630 -.value 13904,14226,13780,13334,12632,12442,13020,13086 -.value 9312,9634,10212,9766,9064,8874,8428,8494 -.value 10864,11186,10740,10294,11640,11450,12028,12094 -.value 28800,28994,29444,29382,30600,30282,29708,30158 -.value 32400,32594,32020,31958,31128,30810,31260,31710 -.value 27808,28002,28452,28390,27560,27242,26668,27118 -.value 25264,25458,24884,24822,26040,25722,26172,26622 -.value 18624,18690,19268,19078,20424,19978,19532,19854 -.value 18128,18194,17748,17558,16856,16410,16988,17310 -.value 21728,21794,22372,22182,21480,21034,20588,20910 -.value 23280,23346,22900,22710,24056,23610,24188,24510 -.value 57600,57538,57988,58182,58888,59338,58764,58446 -.value 61200,61138,60564,60758,59416,59866,60316,59998 -.value 64800,64738,65188,65382,64040,64490,63916,63598 -.value 62256,62194,61620,61814,62520,62970,63420,63102 -.value 55616,55426,56004,56070,56904,57226,56780,56334 -.value 55120,54930,54484,54550,53336,53658,54236,53790 -.value 50528,50338,50916,50982,49768,50090,49644,49198 -.value 52080,51890,51444,51510,52344,52666,53244,52798 -.value 37248,36930,37380,37830,38536,38730,38156,38094 -.value 40848,40530,39956,40406,39064,39258,39708,39646 -.value 36256,35938,36388,36838,35496,35690,35116,35054 -.value 33712,33394,32820,33270,33976,34170,34620,34558 -.value 43456,43010,43588,43910,44744,44810,44364,44174 -.value 42960,42514,42068,42390,41176,41242,41820,41630 -.value 46560,46114,46692,47014,45800,45866,45420,45230 -.value 48112,47666,47220,47542,48376,48442,49020,48830 -.byte 71,72,65,83,72,32,102,111,114,32,120,56,54,44,32,67 -.byte 82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112 -.byte 112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62 -.byte 0 -#endif diff --git a/pregenerated/ghash-x86-win32n.obj b/pregenerated/ghash-x86-win32n.obj Binary files differindex 07403db..53a4a30 100644 --- a/pregenerated/ghash-x86-win32n.obj +++ b/pregenerated/ghash-x86-win32n.obj diff --git a/pregenerated/ghash-x86_64-elf.S b/pregenerated/ghash-x86_64-elf.S index 7dedb9b..965af07 100644 --- a/pregenerated/ghash-x86_64-elf.S +++ b/pregenerated/ghash-x86_64-elf.S @@ -8,14 +8,15 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P -.globl GFp_gcm_init_clmul -.hidden GFp_gcm_init_clmul -.type GFp_gcm_init_clmul,@function +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P +.globl gcm_init_clmul +.hidden gcm_init_clmul +.type gcm_init_clmul,@function .align 16 -GFp_gcm_init_clmul: +gcm_init_clmul: .cfi_startproc .L_init_clmul: movdqu (%rsi),%xmm2 @@ -169,12 +170,12 @@ GFp_gcm_init_clmul: movdqu %xmm4,80(%rdi) .byte 0xf3,0xc3 .cfi_endproc -.size GFp_gcm_init_clmul,.-GFp_gcm_init_clmul -.globl GFp_gcm_gmult_clmul -.hidden GFp_gcm_gmult_clmul -.type GFp_gcm_gmult_clmul,@function +.size gcm_init_clmul,.-gcm_init_clmul +.globl gcm_gmult_clmul +.hidden gcm_gmult_clmul +.type gcm_gmult_clmul,@function .align 16 -GFp_gcm_gmult_clmul: +gcm_gmult_clmul: .cfi_startproc .L_gmult_clmul: movdqu (%rdi),%xmm0 @@ -223,12 +224,12 @@ GFp_gcm_gmult_clmul: movdqu %xmm0,(%rdi) .byte 0xf3,0xc3 .cfi_endproc -.size GFp_gcm_gmult_clmul,.-GFp_gcm_gmult_clmul -.globl GFp_gcm_ghash_clmul -.hidden GFp_gcm_ghash_clmul -.type GFp_gcm_ghash_clmul,@function +.size gcm_gmult_clmul,.-gcm_gmult_clmul +.globl gcm_ghash_clmul +.hidden gcm_ghash_clmul +.type gcm_ghash_clmul,@function .align 32 -GFp_gcm_ghash_clmul: +gcm_ghash_clmul: .cfi_startproc .L_ghash_clmul: movdqa .Lbswap_mask(%rip),%xmm10 @@ -242,7 +243,7 @@ GFp_gcm_ghash_clmul: jz .Lodd_tail movdqu 16(%rsi),%xmm6 - leaq GFp_ia32cap_P(%rip),%rax + leaq OPENSSL_ia32cap_P(%rip),%rax movl 4(%rax),%eax cmpq $0x30,%rcx jb .Lskip4x @@ -610,12 +611,12 @@ GFp_gcm_ghash_clmul: movdqu %xmm0,(%rdi) .byte 0xf3,0xc3 .cfi_endproc -.size GFp_gcm_ghash_clmul,.-GFp_gcm_ghash_clmul -.globl GFp_gcm_init_avx -.hidden GFp_gcm_init_avx -.type GFp_gcm_init_avx,@function +.size gcm_ghash_clmul,.-gcm_ghash_clmul +.globl gcm_init_avx +.hidden gcm_init_avx +.type gcm_init_avx,@function .align 32 -GFp_gcm_init_avx: +gcm_init_avx: .cfi_startproc vzeroupper @@ -720,12 +721,12 @@ GFp_gcm_init_avx: vzeroupper .byte 0xf3,0xc3 .cfi_endproc -.size GFp_gcm_init_avx,.-GFp_gcm_init_avx -.globl GFp_gcm_ghash_avx -.hidden GFp_gcm_ghash_avx -.type GFp_gcm_ghash_avx,@function +.size gcm_init_avx,.-gcm_init_avx +.globl gcm_ghash_avx +.hidden gcm_ghash_avx +.type gcm_ghash_avx,@function .align 32 -GFp_gcm_ghash_avx: +gcm_ghash_avx: .cfi_startproc vzeroupper @@ -1099,7 +1100,7 @@ GFp_gcm_ghash_avx: vzeroupper .byte 0xf3,0xc3 .cfi_endproc -.size GFp_gcm_ghash_avx,.-GFp_gcm_ghash_avx +.size gcm_ghash_avx,.-gcm_ghash_avx .align 64 .Lbswap_mask: .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 diff --git a/pregenerated/ghash-x86_64-macosx.S b/pregenerated/ghash-x86_64-macosx.S index 7d2fa12..57b414c 100644 --- a/pregenerated/ghash-x86_64-macosx.S +++ b/pregenerated/ghash-x86_64-macosx.S @@ -8,13 +8,14 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl _GFp_gcm_init_clmul -.private_extern _GFp_gcm_init_clmul +.globl _gcm_init_clmul +.private_extern _gcm_init_clmul .p2align 4 -_GFp_gcm_init_clmul: +_gcm_init_clmul: L$_init_clmul: movdqu (%rsi),%xmm2 @@ -169,11 +170,11 @@ L$_init_clmul: .byte 0xf3,0xc3 -.globl _GFp_gcm_gmult_clmul -.private_extern _GFp_gcm_gmult_clmul +.globl _gcm_gmult_clmul +.private_extern _gcm_gmult_clmul .p2align 4 -_GFp_gcm_gmult_clmul: +_gcm_gmult_clmul: L$_gmult_clmul: movdqu (%rdi),%xmm0 @@ -223,11 +224,11 @@ L$_gmult_clmul: .byte 0xf3,0xc3 -.globl _GFp_gcm_ghash_clmul -.private_extern _GFp_gcm_ghash_clmul +.globl _gcm_ghash_clmul +.private_extern _gcm_ghash_clmul .p2align 5 -_GFp_gcm_ghash_clmul: +_gcm_ghash_clmul: L$_ghash_clmul: movdqa L$bswap_mask(%rip),%xmm10 @@ -241,7 +242,7 @@ L$_ghash_clmul: jz L$odd_tail movdqu 16(%rsi),%xmm6 - leaq _GFp_ia32cap_P(%rip),%rax + leaq _OPENSSL_ia32cap_P(%rip),%rax movl 4(%rax),%eax cmpq $0x30,%rcx jb L$skip4x @@ -610,11 +611,11 @@ L$done: .byte 0xf3,0xc3 -.globl _GFp_gcm_init_avx -.private_extern _GFp_gcm_init_avx +.globl _gcm_init_avx +.private_extern _gcm_init_avx .p2align 5 -_GFp_gcm_init_avx: +_gcm_init_avx: vzeroupper @@ -720,11 +721,11 @@ L$init_start_avx: .byte 0xf3,0xc3 -.globl _GFp_gcm_ghash_avx -.private_extern _GFp_gcm_ghash_avx +.globl _gcm_ghash_avx +.private_extern _gcm_ghash_avx .p2align 5 -_GFp_gcm_ghash_avx: +_gcm_ghash_avx: vzeroupper diff --git a/pregenerated/ghash-x86_64-nasm.obj b/pregenerated/ghash-x86_64-nasm.obj Binary files differindex 7d7996d..82a9b94 100644 --- a/pregenerated/ghash-x86_64-nasm.obj +++ b/pregenerated/ghash-x86_64-nasm.obj diff --git a/pregenerated/ghashv8-armx-ios32.S b/pregenerated/ghashv8-armx-ios32.S deleted file mode 100644 index ac25245..0000000 --- a/pregenerated/ghashv8-armx-ios32.S +++ /dev/null @@ -1,256 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> - -.text - -.code 32 -#undef __thumb2__ -.globl _GFp_gcm_init_clmul -.private_extern _GFp_gcm_init_clmul -#ifdef __thumb2__ -.thumb_func _GFp_gcm_init_clmul -#endif -.align 4 -_GFp_gcm_init_clmul: - AARCH64_VALID_CALL_TARGET - vld1.64 {q9},[r1] @ load input H - vmov.i8 q11,#0xe1 - vshl.i64 q11,q11,#57 @ 0xc2.0 - vext.8 q3,q9,q9,#8 - vshr.u64 q10,q11,#63 - vdup.32 q9,d18[1] - vext.8 q8,q10,q11,#8 @ t0=0xc2....01 - vshr.u64 q10,q3,#63 - vshr.s32 q9,q9,#31 @ broadcast carry bit - vand q10,q10,q8 - vshl.i64 q3,q3,#1 - vext.8 q10,q10,q10,#8 - vand q8,q8,q9 - vorr q3,q3,q10 @ H<<<=1 - veor q12,q3,q8 @ twisted H - vst1.64 {q12},[r0]! @ store Htable[0] - - @ calculate H^2 - vext.8 q8,q12,q12,#8 @ Karatsuba pre-processing -.byte 0xa8,0x0e,0xa8,0xf2 @ pmull q0,q12,q12 - veor q8,q8,q12 -.byte 0xa9,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q12 -.byte 0xa0,0x2e,0xa0,0xf2 @ pmull q1,q8,q8 - - vext.8 q9,q0,q2,#8 @ Karatsuba post-processing - veor q10,q0,q2 - veor q1,q1,q9 - veor q1,q1,q10 -.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase - - vmov d4,d3 @ Xh|Xm - 256-bit result - vmov d3,d0 @ Xm is rotated Xl - veor q0,q1,q10 - - vext.8 q10,q0,q0,#8 @ 2nd phase -.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 - veor q10,q10,q2 - veor q14,q0,q10 - - vext.8 q9,q14,q14,#8 @ Karatsuba pre-processing - veor q9,q9,q14 - vext.8 q13,q8,q9,#8 @ pack Karatsuba pre-processed - vst1.64 {q13,q14},[r0] @ store Htable[1..2] - - bx lr - -.globl _GFp_gcm_gmult_clmul -.private_extern _GFp_gcm_gmult_clmul -#ifdef __thumb2__ -.thumb_func _GFp_gcm_gmult_clmul -#endif -.align 4 -_GFp_gcm_gmult_clmul: - AARCH64_VALID_CALL_TARGET - vld1.64 {q9},[r0] @ load Xi - vmov.i8 q11,#0xe1 - vld1.64 {q12,q13},[r1] @ load twisted H, ... - vshl.u64 q11,q11,#57 -#ifndef __ARMEB__ - vrev64.8 q9,q9 -#endif - vext.8 q3,q9,q9,#8 - -.byte 0x86,0x0e,0xa8,0xf2 @ pmull q0,q12,q3 @ H.lo·Xi.lo - veor q9,q9,q3 @ Karatsuba pre-processing -.byte 0x87,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q3 @ H.hi·Xi.hi -.byte 0xa2,0x2e,0xaa,0xf2 @ pmull q1,q13,q9 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) - - vext.8 q9,q0,q2,#8 @ Karatsuba post-processing - veor q10,q0,q2 - veor q1,q1,q9 - veor q1,q1,q10 -.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction - - vmov d4,d3 @ Xh|Xm - 256-bit result - vmov d3,d0 @ Xm is rotated Xl - veor q0,q1,q10 - - vext.8 q10,q0,q0,#8 @ 2nd phase of reduction -.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 - veor q10,q10,q2 - veor q0,q0,q10 - -#ifndef __ARMEB__ - vrev64.8 q0,q0 -#endif - vext.8 q0,q0,q0,#8 - vst1.64 {q0},[r0] @ write out Xi - - bx lr - -.globl _GFp_gcm_ghash_clmul -.private_extern _GFp_gcm_ghash_clmul -#ifdef __thumb2__ -.thumb_func _GFp_gcm_ghash_clmul -#endif -.align 4 -_GFp_gcm_ghash_clmul: - AARCH64_VALID_CALL_TARGET - vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ 32-bit ABI says so - vld1.64 {q0},[r0] @ load [rotated] Xi - @ "[rotated]" means that - @ loaded value would have - @ to be rotated in order to - @ make it appear as in - @ algorithm specification - subs r3,r3,#32 @ see if r3 is 32 or larger - mov r12,#16 @ r12 is used as post- - @ increment for input pointer; - @ as loop is modulo-scheduled - @ r12 is zeroed just in time - @ to preclude overstepping - @ inp[len], which means that - @ last block[s] are actually - @ loaded twice, but last - @ copy is not processed - vld1.64 {q12,q13},[r1]! @ load twisted H, ..., H^2 - vmov.i8 q11,#0xe1 - vld1.64 {q14},[r1] - moveq r12,#0 @ is it time to zero r12? - vext.8 q0,q0,q0,#8 @ rotate Xi - vld1.64 {q8},[r2]! @ load [rotated] I[0] - vshl.u64 q11,q11,#57 @ compose 0xc2.0 constant -#ifndef __ARMEB__ - vrev64.8 q8,q8 - vrev64.8 q0,q0 -#endif - vext.8 q3,q8,q8,#8 @ rotate I[0] - blo Lodd_tail_v8 @ r3 was less than 32 - vld1.64 {q9},[r2],r12 @ load [rotated] I[1] -#ifndef __ARMEB__ - vrev64.8 q9,q9 -#endif - vext.8 q7,q9,q9,#8 - veor q3,q3,q0 @ I[i]^=Xi -.byte 0x8e,0x8e,0xa8,0xf2 @ pmull q4,q12,q7 @ H·Ii+1 - veor q9,q9,q7 @ Karatsuba pre-processing -.byte 0x8f,0xce,0xa9,0xf2 @ pmull2 q6,q12,q7 - b Loop_mod2x_v8 - -.align 4 -Loop_mod2x_v8: - vext.8 q10,q3,q3,#8 - subs r3,r3,#32 @ is there more data? -.byte 0x86,0x0e,0xac,0xf2 @ pmull q0,q14,q3 @ H^2.lo·Xi.lo - movlo r12,#0 @ is it time to zero r12? - -.byte 0xa2,0xae,0xaa,0xf2 @ pmull q5,q13,q9 - veor q10,q10,q3 @ Karatsuba pre-processing -.byte 0x87,0x4e,0xad,0xf2 @ pmull2 q2,q14,q3 @ H^2.hi·Xi.hi - veor q0,q0,q4 @ accumulate -.byte 0xa5,0x2e,0xab,0xf2 @ pmull2 q1,q13,q10 @ (H^2.lo+H^2.hi)·(Xi.lo+Xi.hi) - vld1.64 {q8},[r2],r12 @ load [rotated] I[i+2] - - veor q2,q2,q6 - moveq r12,#0 @ is it time to zero r12? - veor q1,q1,q5 - - vext.8 q9,q0,q2,#8 @ Karatsuba post-processing - veor q10,q0,q2 - veor q1,q1,q9 - vld1.64 {q9},[r2],r12 @ load [rotated] I[i+3] -#ifndef __ARMEB__ - vrev64.8 q8,q8 -#endif - veor q1,q1,q10 -.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction - -#ifndef __ARMEB__ - vrev64.8 q9,q9 -#endif - vmov d4,d3 @ Xh|Xm - 256-bit result - vmov d3,d0 @ Xm is rotated Xl - vext.8 q7,q9,q9,#8 - vext.8 q3,q8,q8,#8 - veor q0,q1,q10 -.byte 0x8e,0x8e,0xa8,0xf2 @ pmull q4,q12,q7 @ H·Ii+1 - veor q3,q3,q2 @ accumulate q3 early - - vext.8 q10,q0,q0,#8 @ 2nd phase of reduction -.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 - veor q3,q3,q10 - veor q9,q9,q7 @ Karatsuba pre-processing - veor q3,q3,q0 -.byte 0x8f,0xce,0xa9,0xf2 @ pmull2 q6,q12,q7 - bhs Loop_mod2x_v8 @ there was at least 32 more bytes - - veor q2,q2,q10 - vext.8 q3,q8,q8,#8 @ re-construct q3 - adds r3,r3,#32 @ re-construct r3 - veor q0,q0,q2 @ re-construct q0 - beq Ldone_v8 @ is r3 zero? -Lodd_tail_v8: - vext.8 q10,q0,q0,#8 - veor q3,q3,q0 @ inp^=Xi - veor q9,q8,q10 @ q9 is rotated inp^Xi - -.byte 0x86,0x0e,0xa8,0xf2 @ pmull q0,q12,q3 @ H.lo·Xi.lo - veor q9,q9,q3 @ Karatsuba pre-processing -.byte 0x87,0x4e,0xa9,0xf2 @ pmull2 q2,q12,q3 @ H.hi·Xi.hi -.byte 0xa2,0x2e,0xaa,0xf2 @ pmull q1,q13,q9 @ (H.lo+H.hi)·(Xi.lo+Xi.hi) - - vext.8 q9,q0,q2,#8 @ Karatsuba post-processing - veor q10,q0,q2 - veor q1,q1,q9 - veor q1,q1,q10 -.byte 0x26,0x4e,0xe0,0xf2 @ pmull q10,q0,q11 @ 1st phase of reduction - - vmov d4,d3 @ Xh|Xm - 256-bit result - vmov d3,d0 @ Xm is rotated Xl - veor q0,q1,q10 - - vext.8 q10,q0,q0,#8 @ 2nd phase of reduction -.byte 0x26,0x0e,0xa0,0xf2 @ pmull q0,q0,q11 - veor q10,q10,q2 - veor q0,q0,q10 - -Ldone_v8: -#ifndef __ARMEB__ - vrev64.8 q0,q0 -#endif - vext.8 q0,q0,q0,#8 - vst1.64 {q0},[r0] @ write out Xi - - vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ 32-bit ABI says so - bx lr - -.byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 -.align 2 -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/ghashv8-armx-ios64.S b/pregenerated/ghashv8-armx-ios64.S index 60ba87a..40d48e8 100644 --- a/pregenerated/ghashv8-armx-ios64.S +++ b/pregenerated/ghashv8-armx-ios64.S @@ -9,15 +9,16 @@ #endif #if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .text -.globl _GFp_gcm_init_clmul -.private_extern _GFp_gcm_init_clmul +.globl _gcm_init_clmul +.private_extern _gcm_init_clmul .align 4 -_GFp_gcm_init_clmul: +_gcm_init_clmul: AARCH64_VALID_CALL_TARGET ld1 {v17.2d},[x1] //load input H movi v19.16b,#0xe1 @@ -65,11 +66,11 @@ _GFp_gcm_init_clmul: ret -.globl _GFp_gcm_gmult_clmul -.private_extern _GFp_gcm_gmult_clmul +.globl _gcm_gmult_clmul +.private_extern _gcm_gmult_clmul .align 4 -_GFp_gcm_gmult_clmul: +_gcm_gmult_clmul: AARCH64_VALID_CALL_TARGET ld1 {v17.2d},[x0] //load Xi movi v19.16b,#0xe1 @@ -108,11 +109,11 @@ _GFp_gcm_gmult_clmul: ret -.globl _GFp_gcm_ghash_clmul -.private_extern _GFp_gcm_ghash_clmul +.globl _gcm_ghash_clmul +.private_extern _gcm_ghash_clmul .align 4 -_GFp_gcm_ghash_clmul: +_gcm_ghash_clmul: AARCH64_VALID_CALL_TARGET ld1 {v0.2d},[x0] //load [rotated] Xi //"[rotated]" means that diff --git a/pregenerated/ghashv8-armx-linux32.S b/pregenerated/ghashv8-armx-linux32.S index fe947e2..70bce3c 100644 --- a/pregenerated/ghashv8-armx-linux32.S +++ b/pregenerated/ghashv8-armx-linux32.S @@ -10,17 +10,18 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .text .fpu neon .code 32 #undef __thumb2__ -.globl GFp_gcm_init_clmul -.hidden GFp_gcm_init_clmul -.type GFp_gcm_init_clmul,%function +.globl gcm_init_clmul +.hidden gcm_init_clmul +.type gcm_init_clmul,%function .align 4 -GFp_gcm_init_clmul: +gcm_init_clmul: AARCH64_VALID_CALL_TARGET vld1.64 {q9},[r1] @ load input H vmov.i8 q11,#0xe1 @@ -67,12 +68,12 @@ GFp_gcm_init_clmul: vst1.64 {q13,q14},[r0] @ store Htable[1..2] bx lr -.size GFp_gcm_init_clmul,.-GFp_gcm_init_clmul -.globl GFp_gcm_gmult_clmul -.hidden GFp_gcm_gmult_clmul -.type GFp_gcm_gmult_clmul,%function +.size gcm_init_clmul,.-gcm_init_clmul +.globl gcm_gmult_clmul +.hidden gcm_gmult_clmul +.type gcm_gmult_clmul,%function .align 4 -GFp_gcm_gmult_clmul: +gcm_gmult_clmul: AARCH64_VALID_CALL_TARGET vld1.64 {q9},[r0] @ load Xi vmov.i8 q11,#0xe1 @@ -110,12 +111,12 @@ GFp_gcm_gmult_clmul: vst1.64 {q0},[r0] @ write out Xi bx lr -.size GFp_gcm_gmult_clmul,.-GFp_gcm_gmult_clmul -.globl GFp_gcm_ghash_clmul -.hidden GFp_gcm_ghash_clmul -.type GFp_gcm_ghash_clmul,%function +.size gcm_gmult_clmul,.-gcm_gmult_clmul +.globl gcm_ghash_clmul +.hidden gcm_ghash_clmul +.type gcm_ghash_clmul,%function .align 4 -GFp_gcm_ghash_clmul: +gcm_ghash_clmul: AARCH64_VALID_CALL_TARGET vstmdb sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ 32-bit ABI says so vld1.64 {q0},[r0] @ load [rotated] Xi @@ -244,7 +245,7 @@ GFp_gcm_ghash_clmul: vldmia sp!,{d8,d9,d10,d11,d12,d13,d14,d15} @ 32-bit ABI says so bx lr -.size GFp_gcm_ghash_clmul,.-GFp_gcm_ghash_clmul +.size gcm_ghash_clmul,.-gcm_ghash_clmul .byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 2 diff --git a/pregenerated/ghashv8-armx-linux64.S b/pregenerated/ghashv8-armx-linux64.S index 9060951..d3a1b78 100644 --- a/pregenerated/ghashv8-armx-linux64.S +++ b/pregenerated/ghashv8-armx-linux64.S @@ -10,15 +10,16 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__aarch64__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .text .arch armv8-a+crypto -.globl GFp_gcm_init_clmul -.hidden GFp_gcm_init_clmul -.type GFp_gcm_init_clmul,%function +.globl gcm_init_clmul +.hidden gcm_init_clmul +.type gcm_init_clmul,%function .align 4 -GFp_gcm_init_clmul: +gcm_init_clmul: AARCH64_VALID_CALL_TARGET ld1 {v17.2d},[x1] //load input H movi v19.16b,#0xe1 @@ -65,12 +66,12 @@ GFp_gcm_init_clmul: st1 {v21.2d,v22.2d},[x0] //store Htable[1..2] ret -.size GFp_gcm_init_clmul,.-GFp_gcm_init_clmul -.globl GFp_gcm_gmult_clmul -.hidden GFp_gcm_gmult_clmul -.type GFp_gcm_gmult_clmul,%function +.size gcm_init_clmul,.-gcm_init_clmul +.globl gcm_gmult_clmul +.hidden gcm_gmult_clmul +.type gcm_gmult_clmul,%function .align 4 -GFp_gcm_gmult_clmul: +gcm_gmult_clmul: AARCH64_VALID_CALL_TARGET ld1 {v17.2d},[x0] //load Xi movi v19.16b,#0xe1 @@ -108,12 +109,12 @@ GFp_gcm_gmult_clmul: st1 {v0.2d},[x0] //write out Xi ret -.size GFp_gcm_gmult_clmul,.-GFp_gcm_gmult_clmul -.globl GFp_gcm_ghash_clmul -.hidden GFp_gcm_ghash_clmul -.type GFp_gcm_ghash_clmul,%function +.size gcm_gmult_clmul,.-gcm_gmult_clmul +.globl gcm_ghash_clmul +.hidden gcm_ghash_clmul +.type gcm_ghash_clmul,%function .align 4 -GFp_gcm_ghash_clmul: +gcm_ghash_clmul: AARCH64_VALID_CALL_TARGET ld1 {v0.2d},[x0] //load [rotated] Xi //"[rotated]" means that @@ -240,7 +241,7 @@ GFp_gcm_ghash_clmul: st1 {v0.2d},[x0] //write out Xi ret -.size GFp_gcm_ghash_clmul,.-GFp_gcm_ghash_clmul +.size gcm_ghash_clmul,.-gcm_ghash_clmul .byte 71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .align 2 .align 2 diff --git a/pregenerated/p256-x86_64-asm-elf.S b/pregenerated/p256-x86_64-asm-elf.S index 6aa0e29..e772ef2 100644 --- a/pregenerated/p256-x86_64-asm-elf.S +++ b/pregenerated/p256-x86_64-asm-elf.S @@ -8,9 +8,10 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P .align 64 @@ -34,58 +35,11 @@ -.globl GFp_nistz256_add -.hidden GFp_nistz256_add -.type GFp_nistz256_add,@function +.globl nistz256_neg +.hidden nistz256_neg +.type nistz256_neg,@function .align 32 -GFp_nistz256_add: - pushq %r12 - pushq %r13 - - movq 0(%rsi),%r8 - xorq %r13,%r13 - movq 8(%rsi),%r9 - movq 16(%rsi),%r10 - movq 24(%rsi),%r11 - leaq .Lpoly(%rip),%rsi - - addq 0(%rdx),%r8 - adcq 8(%rdx),%r9 - movq %r8,%rax - adcq 16(%rdx),%r10 - adcq 24(%rdx),%r11 - movq %r9,%rdx - adcq $0,%r13 - - subq 0(%rsi),%r8 - movq %r10,%rcx - sbbq 8(%rsi),%r9 - sbbq 16(%rsi),%r10 - movq %r11,%r12 - sbbq 24(%rsi),%r11 - sbbq $0,%r13 - - cmovcq %rax,%r8 - cmovcq %rdx,%r9 - movq %r8,0(%rdi) - cmovcq %rcx,%r10 - movq %r9,8(%rdi) - cmovcq %r12,%r11 - movq %r10,16(%rdi) - movq %r11,24(%rdi) - - popq %r13 - popq %r12 - .byte 0xf3,0xc3 -.size GFp_nistz256_add,.-GFp_nistz256_add - - - -.globl GFp_nistz256_neg -.hidden GFp_nistz256_neg -.type GFp_nistz256_neg,@function -.align 32 -GFp_nistz256_neg: +nistz256_neg: .cfi_startproc pushq %r12 .cfi_adjust_cfa_offset 8 @@ -136,20 +90,20 @@ GFp_nistz256_neg: .Lneg_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_neg,.-GFp_nistz256_neg +.size nistz256_neg,.-nistz256_neg -.globl GFp_p256_scalar_mul_mont -.hidden GFp_p256_scalar_mul_mont -.type GFp_p256_scalar_mul_mont,@function +.globl p256_scalar_mul_mont +.hidden p256_scalar_mul_mont +.type p256_scalar_mul_mont,@function .align 32 -GFp_p256_scalar_mul_mont: +p256_scalar_mul_mont: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rcx + leaq OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -469,7 +423,7 @@ GFp_p256_scalar_mul_mont: .Lord_mul_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_p256_scalar_mul_mont,.-GFp_p256_scalar_mul_mont +.size p256_scalar_mul_mont,.-p256_scalar_mul_mont @@ -477,13 +431,13 @@ GFp_p256_scalar_mul_mont: -.globl GFp_p256_scalar_sqr_rep_mont -.hidden GFp_p256_scalar_sqr_rep_mont -.type GFp_p256_scalar_sqr_rep_mont,@function +.globl p256_scalar_sqr_rep_mont +.hidden p256_scalar_sqr_rep_mont +.type p256_scalar_sqr_rep_mont,@function .align 32 -GFp_p256_scalar_sqr_rep_mont: +p256_scalar_sqr_rep_mont: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rcx + leaq OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -773,7 +727,7 @@ GFp_p256_scalar_sqr_rep_mont: .Lord_sqr_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_p256_scalar_sqr_rep_mont,.-GFp_p256_scalar_sqr_rep_mont +.size p256_scalar_sqr_rep_mont,.-p256_scalar_sqr_rep_mont .type ecp_nistz256_ord_mul_montx,@function .align 32 @@ -1236,13 +1190,13 @@ ecp_nistz256_ord_sqr_montx: -.globl GFp_nistz256_mul_mont -.hidden GFp_nistz256_mul_mont -.type GFp_nistz256_mul_mont,@function +.globl p256_mul_mont +.hidden p256_mul_mont +.type p256_mul_mont,@function .align 32 -GFp_nistz256_mul_mont: +p256_mul_mont: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rcx + leaq OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx .Lmul_mont: @@ -1306,7 +1260,7 @@ GFp_nistz256_mul_mont: .Lmul_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_mul_mont,.-GFp_nistz256_mul_mont +.size p256_mul_mont,.-p256_mul_mont .type __ecp_nistz256_mul_montq,@function .align 32 @@ -1533,13 +1487,13 @@ __ecp_nistz256_mul_montq: -.globl GFp_nistz256_sqr_mont -.hidden GFp_nistz256_sqr_mont -.type GFp_nistz256_sqr_mont,@function +.globl p256_sqr_mont +.hidden p256_sqr_mont +.type p256_sqr_mont,@function .align 32 -GFp_nistz256_sqr_mont: +p256_sqr_mont: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rcx + leaq OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx pushq %rbp @@ -1598,7 +1552,7 @@ GFp_nistz256_sqr_mont: .Lsqr_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_sqr_mont,.-GFp_nistz256_sqr_mont +.size p256_sqr_mont,.-p256_sqr_mont .type __ecp_nistz256_sqr_montq,@function .align 32 @@ -2063,13 +2017,13 @@ __ecp_nistz256_sqr_montx: .size __ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx -.globl GFp_nistz256_select_w5 -.hidden GFp_nistz256_select_w5 -.type GFp_nistz256_select_w5,@function +.globl nistz256_select_w5 +.hidden nistz256_select_w5 +.type nistz256_select_w5,@function .align 32 -GFp_nistz256_select_w5: +nistz256_select_w5: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rax + leaq OPENSSL_ia32cap_P(%rip),%rax movq 8(%rax),%rax testl $32,%eax jnz .Lavx2_select_w5 @@ -2125,18 +2079,18 @@ GFp_nistz256_select_w5: movdqu %xmm7,80(%rdi) .byte 0xf3,0xc3 .cfi_endproc -.LSEH_end_GFp_nistz256_select_w5: -.size GFp_nistz256_select_w5,.-GFp_nistz256_select_w5 +.LSEH_end_nistz256_select_w5: +.size nistz256_select_w5,.-nistz256_select_w5 -.globl GFp_nistz256_select_w7 -.hidden GFp_nistz256_select_w7 -.type GFp_nistz256_select_w7,@function +.globl nistz256_select_w7 +.hidden nistz256_select_w7 +.type nistz256_select_w7,@function .align 32 -GFp_nistz256_select_w7: +nistz256_select_w7: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rax + leaq OPENSSL_ia32cap_P(%rip),%rax movq 8(%rax),%rax testl $32,%eax jnz .Lavx2_select_w7 @@ -2181,13 +2135,13 @@ GFp_nistz256_select_w7: movdqu %xmm5,48(%rdi) .byte 0xf3,0xc3 .cfi_endproc -.LSEH_end_GFp_nistz256_select_w7: -.size GFp_nistz256_select_w7,.-GFp_nistz256_select_w7 +.LSEH_end_nistz256_select_w7: +.size nistz256_select_w7,.-nistz256_select_w7 -.type GFp_nistz256_avx2_select_w5,@function +.type ecp_nistz256_avx2_select_w5,@function .align 32 -GFp_nistz256_avx2_select_w5: +ecp_nistz256_avx2_select_w5: .cfi_startproc .Lavx2_select_w5: vzeroupper @@ -2244,16 +2198,14 @@ GFp_nistz256_avx2_select_w5: vzeroupper .byte 0xf3,0xc3 .cfi_endproc -.LSEH_end_GFp_nistz256_avx2_select_w5: -.size GFp_nistz256_avx2_select_w5,.-GFp_nistz256_avx2_select_w5 +.LSEH_end_ecp_nistz256_avx2_select_w5: +.size ecp_nistz256_avx2_select_w5,.-ecp_nistz256_avx2_select_w5 -.globl GFp_nistz256_avx2_select_w7 -.hidden GFp_nistz256_avx2_select_w7 -.type GFp_nistz256_avx2_select_w7,@function +.type ecp_nistz256_avx2_select_w7,@function .align 32 -GFp_nistz256_avx2_select_w7: +ecp_nistz256_avx2_select_w7: .cfi_startproc .Lavx2_select_w7: vzeroupper @@ -2325,8 +2277,8 @@ GFp_nistz256_avx2_select_w7: vzeroupper .byte 0xf3,0xc3 .cfi_endproc -.LSEH_end_GFp_nistz256_avx2_select_w7: -.size GFp_nistz256_avx2_select_w7,.-GFp_nistz256_avx2_select_w7 +.LSEH_end_ecp_nistz256_avx2_select_w7: +.size ecp_nistz256_avx2_select_w7,.-ecp_nistz256_avx2_select_w7 .type __ecp_nistz256_add_toq,@function .align 32 __ecp_nistz256_add_toq: @@ -2456,13 +2408,13 @@ __ecp_nistz256_mul_by_2q: .byte 0xf3,0xc3 .cfi_endproc .size __ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q -.globl GFp_nistz256_point_double -.hidden GFp_nistz256_point_double -.type GFp_nistz256_point_double,@function +.globl p256_point_double +.hidden p256_point_double +.type p256_point_double,@function .align 32 -GFp_nistz256_point_double: +p256_point_double: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rcx + leaq OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -2689,14 +2641,14 @@ GFp_nistz256_point_double: .Lpoint_doubleq_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_point_double,.-GFp_nistz256_point_double -.globl GFp_nistz256_point_add -.hidden GFp_nistz256_point_add -.type GFp_nistz256_point_add,@function +.size p256_point_double,.-p256_point_double +.globl p256_point_add +.hidden p256_point_add +.type p256_point_add,@function .align 32 -GFp_nistz256_point_add: +p256_point_add: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rcx + leaq OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -3126,14 +3078,14 @@ GFp_nistz256_point_add: .Lpoint_addq_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_point_add,.-GFp_nistz256_point_add -.globl GFp_nistz256_point_add_affine -.hidden GFp_nistz256_point_add_affine -.type GFp_nistz256_point_add_affine,@function +.size p256_point_add,.-p256_point_add +.globl p256_point_add_affine +.hidden p256_point_add_affine +.type p256_point_add_affine,@function .align 32 -GFp_nistz256_point_add_affine: +p256_point_add_affine: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%rcx + leaq OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -3460,7 +3412,7 @@ GFp_nistz256_point_add_affine: .Ladd_affineq_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_point_add_affine,.-GFp_nistz256_point_add_affine +.size p256_point_add_affine,.-p256_point_add_affine .type __ecp_nistz256_add_tox,@function .align 32 __ecp_nistz256_add_tox: @@ -3596,9 +3548,9 @@ __ecp_nistz256_mul_by_2x: .byte 0xf3,0xc3 .cfi_endproc .size __ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x -.type GFp_nistz256_point_doublex,@function +.type p256_point_doublex,@function .align 32 -GFp_nistz256_point_doublex: +p256_point_doublex: .cfi_startproc .Lpoint_doublex: pushq %rbp @@ -3823,10 +3775,10 @@ GFp_nistz256_point_doublex: .Lpoint_doublex_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_point_doublex,.-GFp_nistz256_point_doublex -.type GFp_nistz256_point_addx,@function +.size p256_point_doublex,.-p256_point_doublex +.type p256_point_addx,@function .align 32 -GFp_nistz256_point_addx: +p256_point_addx: .cfi_startproc .Lpoint_addx: pushq %rbp @@ -4254,10 +4206,10 @@ GFp_nistz256_point_addx: .Lpoint_addx_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_point_addx,.-GFp_nistz256_point_addx -.type GFp_nistz256_point_add_affinex,@function +.size p256_point_addx,.-p256_point_addx +.type p256_point_add_affinex,@function .align 32 -GFp_nistz256_point_add_affinex: +p256_point_add_affinex: .cfi_startproc .Lpoint_add_affinex: pushq %rbp @@ -4582,6 +4534,6 @@ GFp_nistz256_point_add_affinex: .Ladd_affinex_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_nistz256_point_add_affinex,.-GFp_nistz256_point_add_affinex +.size p256_point_add_affinex,.-p256_point_add_affinex #endif .section .note.GNU-stack,"",@progbits diff --git a/pregenerated/p256-x86_64-asm-macosx.S b/pregenerated/p256-x86_64-asm-macosx.S index 030a758..21b5627 100644 --- a/pregenerated/p256-x86_64-asm-macosx.S +++ b/pregenerated/p256-x86_64-asm-macosx.S @@ -8,6 +8,7 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text @@ -33,58 +34,11 @@ L$ordK: -.globl _GFp_nistz256_add -.private_extern _GFp_nistz256_add +.globl _nistz256_neg +.private_extern _nistz256_neg .p2align 5 -_GFp_nistz256_add: - pushq %r12 - pushq %r13 - - movq 0(%rsi),%r8 - xorq %r13,%r13 - movq 8(%rsi),%r9 - movq 16(%rsi),%r10 - movq 24(%rsi),%r11 - leaq L$poly(%rip),%rsi - - addq 0(%rdx),%r8 - adcq 8(%rdx),%r9 - movq %r8,%rax - adcq 16(%rdx),%r10 - adcq 24(%rdx),%r11 - movq %r9,%rdx - adcq $0,%r13 - - subq 0(%rsi),%r8 - movq %r10,%rcx - sbbq 8(%rsi),%r9 - sbbq 16(%rsi),%r10 - movq %r11,%r12 - sbbq 24(%rsi),%r11 - sbbq $0,%r13 - - cmovcq %rax,%r8 - cmovcq %rdx,%r9 - movq %r8,0(%rdi) - cmovcq %rcx,%r10 - movq %r9,8(%rdi) - cmovcq %r12,%r11 - movq %r10,16(%rdi) - movq %r11,24(%rdi) - - popq %r13 - popq %r12 - .byte 0xf3,0xc3 - - - - -.globl _GFp_nistz256_neg -.private_extern _GFp_nistz256_neg - -.p2align 5 -_GFp_nistz256_neg: +_nistz256_neg: pushq %r12 @@ -140,13 +94,13 @@ L$neg_epilogue: -.globl _GFp_p256_scalar_mul_mont -.private_extern _GFp_p256_scalar_mul_mont +.globl _p256_scalar_mul_mont +.private_extern _p256_scalar_mul_mont .p2align 5 -_GFp_p256_scalar_mul_mont: +_p256_scalar_mul_mont: - leaq _GFp_ia32cap_P(%rip),%rcx + leaq _OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -468,13 +422,13 @@ L$ord_mul_epilogue: -.globl _GFp_p256_scalar_sqr_rep_mont -.private_extern _GFp_p256_scalar_sqr_rep_mont +.globl _p256_scalar_sqr_rep_mont +.private_extern _p256_scalar_sqr_rep_mont .p2align 5 -_GFp_p256_scalar_sqr_rep_mont: +_p256_scalar_sqr_rep_mont: - leaq _GFp_ia32cap_P(%rip),%rcx + leaq _OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -1209,13 +1163,13 @@ L$ord_sqrx_epilogue: -.globl _GFp_nistz256_mul_mont -.private_extern _GFp_nistz256_mul_mont +.globl _p256_mul_mont +.private_extern _p256_mul_mont .p2align 5 -_GFp_nistz256_mul_mont: +_p256_mul_mont: - leaq _GFp_ia32cap_P(%rip),%rcx + leaq _OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx L$mul_mont: @@ -1500,13 +1454,13 @@ __ecp_nistz256_mul_montq: -.globl _GFp_nistz256_sqr_mont -.private_extern _GFp_nistz256_sqr_mont +.globl _p256_sqr_mont +.private_extern _p256_sqr_mont .p2align 5 -_GFp_nistz256_sqr_mont: +_p256_sqr_mont: - leaq _GFp_ia32cap_P(%rip),%rcx + leaq _OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx pushq %rbp @@ -2024,13 +1978,13 @@ __ecp_nistz256_sqr_montx: -.globl _GFp_nistz256_select_w5 -.private_extern _GFp_nistz256_select_w5 +.globl _nistz256_select_w5 +.private_extern _nistz256_select_w5 .p2align 5 -_GFp_nistz256_select_w5: +_nistz256_select_w5: - leaq _GFp_ia32cap_P(%rip),%rax + leaq _OPENSSL_ia32cap_P(%rip),%rax movq 8(%rax),%rax testl $32,%eax jnz L$avx2_select_w5 @@ -2086,18 +2040,18 @@ L$select_loop_sse_w5: movdqu %xmm7,80(%rdi) .byte 0xf3,0xc3 -L$SEH_end_GFp_nistz256_select_w5: +L$SEH_end_nistz256_select_w5: -.globl _GFp_nistz256_select_w7 -.private_extern _GFp_nistz256_select_w7 +.globl _nistz256_select_w7 +.private_extern _nistz256_select_w7 .p2align 5 -_GFp_nistz256_select_w7: +_nistz256_select_w7: - leaq _GFp_ia32cap_P(%rip),%rax + leaq _OPENSSL_ia32cap_P(%rip),%rax movq 8(%rax),%rax testl $32,%eax jnz L$avx2_select_w7 @@ -2142,13 +2096,13 @@ L$select_loop_sse_w7: movdqu %xmm5,48(%rdi) .byte 0xf3,0xc3 -L$SEH_end_GFp_nistz256_select_w7: +L$SEH_end_nistz256_select_w7: .p2align 5 -GFp_nistz256_avx2_select_w5: +ecp_nistz256_avx2_select_w5: L$avx2_select_w5: vzeroupper @@ -2205,16 +2159,14 @@ L$select_loop_avx2_w5: vzeroupper .byte 0xf3,0xc3 -L$SEH_end_GFp_nistz256_avx2_select_w5: +L$SEH_end_ecp_nistz256_avx2_select_w5: -.globl _GFp_nistz256_avx2_select_w7 -.private_extern _GFp_nistz256_avx2_select_w7 .p2align 5 -_GFp_nistz256_avx2_select_w7: +ecp_nistz256_avx2_select_w7: L$avx2_select_w7: vzeroupper @@ -2286,7 +2238,7 @@ L$select_loop_avx2_w7: vzeroupper .byte 0xf3,0xc3 -L$SEH_end_GFp_nistz256_avx2_select_w7: +L$SEH_end_ecp_nistz256_avx2_select_w7: .p2align 5 @@ -2417,13 +2369,13 @@ __ecp_nistz256_mul_by_2q: .byte 0xf3,0xc3 -.globl _GFp_nistz256_point_double -.private_extern _GFp_nistz256_point_double +.globl _p256_point_double +.private_extern _p256_point_double .p2align 5 -_GFp_nistz256_point_double: +_p256_point_double: - leaq _GFp_ia32cap_P(%rip),%rcx + leaq _OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -2645,13 +2597,13 @@ L$point_doubleq_epilogue: .byte 0xf3,0xc3 -.globl _GFp_nistz256_point_add -.private_extern _GFp_nistz256_point_add +.globl _p256_point_add +.private_extern _p256_point_add .p2align 5 -_GFp_nistz256_point_add: +_p256_point_add: - leaq _GFp_ia32cap_P(%rip),%rcx + leaq _OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -3076,13 +3028,13 @@ L$point_addq_epilogue: .byte 0xf3,0xc3 -.globl _GFp_nistz256_point_add_affine -.private_extern _GFp_nistz256_point_add_affine +.globl _p256_point_add_affine +.private_extern _p256_point_add_affine .p2align 5 -_GFp_nistz256_point_add_affine: +_p256_point_add_affine: - leaq _GFp_ia32cap_P(%rip),%rcx + leaq _OPENSSL_ia32cap_P(%rip),%rcx movq 8(%rcx),%rcx andl $0x80100,%ecx cmpl $0x80100,%ecx @@ -3541,7 +3493,7 @@ __ecp_nistz256_mul_by_2x: .p2align 5 -GFp_nistz256_point_doublex: +p256_point_doublex: L$point_doublex: pushq %rbp @@ -3763,7 +3715,7 @@ L$point_doublex_epilogue: .p2align 5 -GFp_nistz256_point_addx: +p256_point_addx: L$point_addx: pushq %rbp @@ -4188,7 +4140,7 @@ L$point_addx_epilogue: .p2align 5 -GFp_nistz256_point_add_affinex: +p256_point_add_affinex: L$point_add_affinex: pushq %rbp diff --git a/pregenerated/p256-x86_64-asm-nasm.obj b/pregenerated/p256-x86_64-asm-nasm.obj Binary files differindex 87a679f..e24a4e0 100644 --- a/pregenerated/p256-x86_64-asm-nasm.obj +++ b/pregenerated/p256-x86_64-asm-nasm.obj diff --git a/pregenerated/ring_core_generated/prefix_symbols_nasm.inc b/pregenerated/ring_core_generated/prefix_symbols_nasm.inc new file mode 100644 index 0000000..e5b106a --- /dev/null +++ b/pregenerated/ring_core_generated/prefix_symbols_nasm.inc @@ -0,0 +1,210 @@ + +%ifndef ring_core_generated_PREFIX_SYMBOLS_NASM_INC +%define ring_core_generated_PREFIX_SYMBOLS_NASM_INC + +%ifidn __OUTPUT_FORMAT__,win32 +%define _CRYPTO_poly1305_finish _ring_core_0_17_0_alpha_11_CRYPTO_poly1305_finish +%define _CRYPTO_poly1305_finish_neon _ring_core_0_17_0_alpha_11_CRYPTO_poly1305_finish_neon +%define _CRYPTO_poly1305_init _ring_core_0_17_0_alpha_11_CRYPTO_poly1305_init +%define _CRYPTO_poly1305_init_neon _ring_core_0_17_0_alpha_11_CRYPTO_poly1305_init_neon +%define _CRYPTO_poly1305_update _ring_core_0_17_0_alpha_11_CRYPTO_poly1305_update +%define _CRYPTO_poly1305_update_neon _ring_core_0_17_0_alpha_11_CRYPTO_poly1305_update_neon +%define _ChaCha20_ctr32 _ring_core_0_17_0_alpha_11_ChaCha20_ctr32 +%define _LIMBS_add_mod _ring_core_0_17_0_alpha_11_LIMBS_add_mod +%define _LIMBS_are_even _ring_core_0_17_0_alpha_11_LIMBS_are_even +%define _LIMBS_are_zero _ring_core_0_17_0_alpha_11_LIMBS_are_zero +%define _LIMBS_equal _ring_core_0_17_0_alpha_11_LIMBS_equal +%define _LIMBS_equal_limb _ring_core_0_17_0_alpha_11_LIMBS_equal_limb +%define _LIMBS_less_than _ring_core_0_17_0_alpha_11_LIMBS_less_than +%define _LIMBS_less_than_limb _ring_core_0_17_0_alpha_11_LIMBS_less_than_limb +%define _LIMBS_reduce_once _ring_core_0_17_0_alpha_11_LIMBS_reduce_once +%define _LIMBS_select_512_32 _ring_core_0_17_0_alpha_11_LIMBS_select_512_32 +%define _LIMBS_shl_mod _ring_core_0_17_0_alpha_11_LIMBS_shl_mod +%define _LIMBS_sub_mod _ring_core_0_17_0_alpha_11_LIMBS_sub_mod +%define _LIMBS_window5_split_window _ring_core_0_17_0_alpha_11_LIMBS_window5_split_window +%define _LIMBS_window5_unsplit_window _ring_core_0_17_0_alpha_11_LIMBS_window5_unsplit_window +%define _LIMB_shr _ring_core_0_17_0_alpha_11_LIMB_shr +%define _OPENSSL_armcap_P _ring_core_0_17_0_alpha_11_OPENSSL_armcap_P +%define _OPENSSL_cpuid_setup _ring_core_0_17_0_alpha_11_OPENSSL_cpuid_setup +%define _OPENSSL_ia32cap_P _ring_core_0_17_0_alpha_11_OPENSSL_ia32cap_P +%define _OPENSSL_memcmp _ring_core_0_17_0_alpha_11_OPENSSL_memcmp +%define _RSA_padding_check_oaep _ring_core_0_17_0_alpha_11_RSA_padding_check_oaep +%define _aes_hw_ctr32_encrypt_blocks _ring_core_0_17_0_alpha_11_aes_hw_ctr32_encrypt_blocks +%define _aes_hw_encrypt _ring_core_0_17_0_alpha_11_aes_hw_encrypt +%define _aes_hw_set_encrypt_key _ring_core_0_17_0_alpha_11_aes_hw_set_encrypt_key +%define _aes_nohw_ctr32_encrypt_blocks _ring_core_0_17_0_alpha_11_aes_nohw_ctr32_encrypt_blocks +%define _aes_nohw_encrypt _ring_core_0_17_0_alpha_11_aes_nohw_encrypt +%define _aes_nohw_set_encrypt_key _ring_core_0_17_0_alpha_11_aes_nohw_set_encrypt_key +%define _aesni_gcm_decrypt _ring_core_0_17_0_alpha_11_aesni_gcm_decrypt +%define _aesni_gcm_encrypt _ring_core_0_17_0_alpha_11_aesni_gcm_encrypt +%define _bn_from_montgomery _ring_core_0_17_0_alpha_11_bn_from_montgomery +%define _bn_from_montgomery_in_place _ring_core_0_17_0_alpha_11_bn_from_montgomery_in_place +%define _bn_gather5 _ring_core_0_17_0_alpha_11_bn_gather5 +%define _bn_mul_mont _ring_core_0_17_0_alpha_11_bn_mul_mont +%define _bn_mul_mont_gather5 _ring_core_0_17_0_alpha_11_bn_mul_mont_gather5 +%define _bn_neg_inv_mod_r_u64 _ring_core_0_17_0_alpha_11_bn_neg_inv_mod_r_u64 +%define _bn_power5 _ring_core_0_17_0_alpha_11_bn_power5 +%define _bn_scatter5 _ring_core_0_17_0_alpha_11_bn_scatter5 +%define _bn_sqr8x_internal _ring_core_0_17_0_alpha_11_bn_sqr8x_internal +%define _bn_sqrx8x_internal _ring_core_0_17_0_alpha_11_bn_sqrx8x_internal +%define _bsaes_ctr32_encrypt_blocks _ring_core_0_17_0_alpha_11_bsaes_ctr32_encrypt_blocks +%define _bssl_constant_time_test_main _ring_core_0_17_0_alpha_11_bssl_constant_time_test_main +%define _chacha20_poly1305_open _ring_core_0_17_0_alpha_11_chacha20_poly1305_open +%define _chacha20_poly1305_seal _ring_core_0_17_0_alpha_11_chacha20_poly1305_seal +%define _gcm_ghash_avx _ring_core_0_17_0_alpha_11_gcm_ghash_avx +%define _gcm_ghash_clmul _ring_core_0_17_0_alpha_11_gcm_ghash_clmul +%define _gcm_ghash_neon _ring_core_0_17_0_alpha_11_gcm_ghash_neon +%define _gcm_gmult_clmul _ring_core_0_17_0_alpha_11_gcm_gmult_clmul +%define _gcm_gmult_neon _ring_core_0_17_0_alpha_11_gcm_gmult_neon +%define _gcm_init_avx _ring_core_0_17_0_alpha_11_gcm_init_avx +%define _gcm_init_clmul _ring_core_0_17_0_alpha_11_gcm_init_clmul +%define _gcm_init_neon _ring_core_0_17_0_alpha_11_gcm_init_neon +%define _limbs_mul_add_limb _ring_core_0_17_0_alpha_11_limbs_mul_add_limb +%define _little_endian_bytes_from_scalar _ring_core_0_17_0_alpha_11_little_endian_bytes_from_scalar +%define _nistz256_neg _ring_core_0_17_0_alpha_11_nistz256_neg +%define _nistz256_select_w5 _ring_core_0_17_0_alpha_11_nistz256_select_w5 +%define _nistz256_select_w7 _ring_core_0_17_0_alpha_11_nistz256_select_w7 +%define _nistz384_point_add _ring_core_0_17_0_alpha_11_nistz384_point_add +%define _nistz384_point_double _ring_core_0_17_0_alpha_11_nistz384_point_double +%define _nistz384_point_mul _ring_core_0_17_0_alpha_11_nistz384_point_mul +%define _p256_mul_mont _ring_core_0_17_0_alpha_11_p256_mul_mont +%define _p256_point_add _ring_core_0_17_0_alpha_11_p256_point_add +%define _p256_point_add_affine _ring_core_0_17_0_alpha_11_p256_point_add_affine +%define _p256_point_double _ring_core_0_17_0_alpha_11_p256_point_double +%define _p256_point_mul _ring_core_0_17_0_alpha_11_p256_point_mul +%define _p256_point_mul_base _ring_core_0_17_0_alpha_11_p256_point_mul_base +%define _p256_scalar_mul_mont _ring_core_0_17_0_alpha_11_p256_scalar_mul_mont +%define _p256_scalar_sqr_rep_mont _ring_core_0_17_0_alpha_11_p256_scalar_sqr_rep_mont +%define _p256_sqr_mont _ring_core_0_17_0_alpha_11_p256_sqr_mont +%define _p384_elem_div_by_2 _ring_core_0_17_0_alpha_11_p384_elem_div_by_2 +%define _p384_elem_mul_mont _ring_core_0_17_0_alpha_11_p384_elem_mul_mont +%define _p384_elem_neg _ring_core_0_17_0_alpha_11_p384_elem_neg +%define _p384_elem_sub _ring_core_0_17_0_alpha_11_p384_elem_sub +%define _p384_scalar_mul_mont _ring_core_0_17_0_alpha_11_p384_scalar_mul_mont +%define _poly1305_neon2_addmulmod _ring_core_0_17_0_alpha_11_poly1305_neon2_addmulmod +%define _poly1305_neon2_blocks _ring_core_0_17_0_alpha_11_poly1305_neon2_blocks +%define _sha256_block_data_order _ring_core_0_17_0_alpha_11_sha256_block_data_order +%define _sha512_block_data_order _ring_core_0_17_0_alpha_11_sha512_block_data_order +%define _vpaes_ctr32_encrypt_blocks _ring_core_0_17_0_alpha_11_vpaes_ctr32_encrypt_blocks +%define _vpaes_encrypt _ring_core_0_17_0_alpha_11_vpaes_encrypt +%define _vpaes_encrypt_key_to_bsaes _ring_core_0_17_0_alpha_11_vpaes_encrypt_key_to_bsaes +%define _vpaes_set_encrypt_key _ring_core_0_17_0_alpha_11_vpaes_set_encrypt_key +%define _x25519_NEON _ring_core_0_17_0_alpha_11_x25519_NEON +%define _x25519_fe_invert _ring_core_0_17_0_alpha_11_x25519_fe_invert +%define _x25519_fe_isnegative _ring_core_0_17_0_alpha_11_x25519_fe_isnegative +%define _x25519_fe_mul_ttt _ring_core_0_17_0_alpha_11_x25519_fe_mul_ttt +%define _x25519_fe_neg _ring_core_0_17_0_alpha_11_x25519_fe_neg +%define _x25519_fe_tobytes _ring_core_0_17_0_alpha_11_x25519_fe_tobytes +%define _x25519_ge_double_scalarmult_vartime _ring_core_0_17_0_alpha_11_x25519_ge_double_scalarmult_vartime +%define _x25519_ge_frombytes_vartime _ring_core_0_17_0_alpha_11_x25519_ge_frombytes_vartime +%define _x25519_ge_scalarmult_base _ring_core_0_17_0_alpha_11_x25519_ge_scalarmult_base +%define _x25519_public_from_private_generic_masked _ring_core_0_17_0_alpha_11_x25519_public_from_private_generic_masked +%define _x25519_sc_mask _ring_core_0_17_0_alpha_11_x25519_sc_mask +%define _x25519_sc_muladd _ring_core_0_17_0_alpha_11_x25519_sc_muladd +%define _x25519_sc_reduce _ring_core_0_17_0_alpha_11_x25519_sc_reduce +%define _x25519_scalar_mult_generic_masked _ring_core_0_17_0_alpha_11_x25519_scalar_mult_generic_masked + +%else +%define CRYPTO_poly1305_finish ring_core_0_17_0_alpha_11_CRYPTO_poly1305_finish +%define CRYPTO_poly1305_finish_neon ring_core_0_17_0_alpha_11_CRYPTO_poly1305_finish_neon +%define CRYPTO_poly1305_init ring_core_0_17_0_alpha_11_CRYPTO_poly1305_init +%define CRYPTO_poly1305_init_neon ring_core_0_17_0_alpha_11_CRYPTO_poly1305_init_neon +%define CRYPTO_poly1305_update ring_core_0_17_0_alpha_11_CRYPTO_poly1305_update +%define CRYPTO_poly1305_update_neon ring_core_0_17_0_alpha_11_CRYPTO_poly1305_update_neon +%define ChaCha20_ctr32 ring_core_0_17_0_alpha_11_ChaCha20_ctr32 +%define LIMBS_add_mod ring_core_0_17_0_alpha_11_LIMBS_add_mod +%define LIMBS_are_even ring_core_0_17_0_alpha_11_LIMBS_are_even +%define LIMBS_are_zero ring_core_0_17_0_alpha_11_LIMBS_are_zero +%define LIMBS_equal ring_core_0_17_0_alpha_11_LIMBS_equal +%define LIMBS_equal_limb ring_core_0_17_0_alpha_11_LIMBS_equal_limb +%define LIMBS_less_than ring_core_0_17_0_alpha_11_LIMBS_less_than +%define LIMBS_less_than_limb ring_core_0_17_0_alpha_11_LIMBS_less_than_limb +%define LIMBS_reduce_once ring_core_0_17_0_alpha_11_LIMBS_reduce_once +%define LIMBS_select_512_32 ring_core_0_17_0_alpha_11_LIMBS_select_512_32 +%define LIMBS_shl_mod ring_core_0_17_0_alpha_11_LIMBS_shl_mod +%define LIMBS_sub_mod ring_core_0_17_0_alpha_11_LIMBS_sub_mod +%define LIMBS_window5_split_window ring_core_0_17_0_alpha_11_LIMBS_window5_split_window +%define LIMBS_window5_unsplit_window ring_core_0_17_0_alpha_11_LIMBS_window5_unsplit_window +%define LIMB_shr ring_core_0_17_0_alpha_11_LIMB_shr +%define OPENSSL_armcap_P ring_core_0_17_0_alpha_11_OPENSSL_armcap_P +%define OPENSSL_cpuid_setup ring_core_0_17_0_alpha_11_OPENSSL_cpuid_setup +%define OPENSSL_ia32cap_P ring_core_0_17_0_alpha_11_OPENSSL_ia32cap_P +%define OPENSSL_memcmp ring_core_0_17_0_alpha_11_OPENSSL_memcmp +%define RSA_padding_check_oaep ring_core_0_17_0_alpha_11_RSA_padding_check_oaep +%define aes_hw_ctr32_encrypt_blocks ring_core_0_17_0_alpha_11_aes_hw_ctr32_encrypt_blocks +%define aes_hw_encrypt ring_core_0_17_0_alpha_11_aes_hw_encrypt +%define aes_hw_set_encrypt_key ring_core_0_17_0_alpha_11_aes_hw_set_encrypt_key +%define aes_nohw_ctr32_encrypt_blocks ring_core_0_17_0_alpha_11_aes_nohw_ctr32_encrypt_blocks +%define aes_nohw_encrypt ring_core_0_17_0_alpha_11_aes_nohw_encrypt +%define aes_nohw_set_encrypt_key ring_core_0_17_0_alpha_11_aes_nohw_set_encrypt_key +%define aesni_gcm_decrypt ring_core_0_17_0_alpha_11_aesni_gcm_decrypt +%define aesni_gcm_encrypt ring_core_0_17_0_alpha_11_aesni_gcm_encrypt +%define bn_from_montgomery ring_core_0_17_0_alpha_11_bn_from_montgomery +%define bn_from_montgomery_in_place ring_core_0_17_0_alpha_11_bn_from_montgomery_in_place +%define bn_gather5 ring_core_0_17_0_alpha_11_bn_gather5 +%define bn_mul_mont ring_core_0_17_0_alpha_11_bn_mul_mont +%define bn_mul_mont_gather5 ring_core_0_17_0_alpha_11_bn_mul_mont_gather5 +%define bn_neg_inv_mod_r_u64 ring_core_0_17_0_alpha_11_bn_neg_inv_mod_r_u64 +%define bn_power5 ring_core_0_17_0_alpha_11_bn_power5 +%define bn_scatter5 ring_core_0_17_0_alpha_11_bn_scatter5 +%define bn_sqr8x_internal ring_core_0_17_0_alpha_11_bn_sqr8x_internal +%define bn_sqrx8x_internal ring_core_0_17_0_alpha_11_bn_sqrx8x_internal +%define bsaes_ctr32_encrypt_blocks ring_core_0_17_0_alpha_11_bsaes_ctr32_encrypt_blocks +%define bssl_constant_time_test_main ring_core_0_17_0_alpha_11_bssl_constant_time_test_main +%define chacha20_poly1305_open ring_core_0_17_0_alpha_11_chacha20_poly1305_open +%define chacha20_poly1305_seal ring_core_0_17_0_alpha_11_chacha20_poly1305_seal +%define gcm_ghash_avx ring_core_0_17_0_alpha_11_gcm_ghash_avx +%define gcm_ghash_clmul ring_core_0_17_0_alpha_11_gcm_ghash_clmul +%define gcm_ghash_neon ring_core_0_17_0_alpha_11_gcm_ghash_neon +%define gcm_gmult_clmul ring_core_0_17_0_alpha_11_gcm_gmult_clmul +%define gcm_gmult_neon ring_core_0_17_0_alpha_11_gcm_gmult_neon +%define gcm_init_avx ring_core_0_17_0_alpha_11_gcm_init_avx +%define gcm_init_clmul ring_core_0_17_0_alpha_11_gcm_init_clmul +%define gcm_init_neon ring_core_0_17_0_alpha_11_gcm_init_neon +%define limbs_mul_add_limb ring_core_0_17_0_alpha_11_limbs_mul_add_limb +%define little_endian_bytes_from_scalar ring_core_0_17_0_alpha_11_little_endian_bytes_from_scalar +%define nistz256_neg ring_core_0_17_0_alpha_11_nistz256_neg +%define nistz256_select_w5 ring_core_0_17_0_alpha_11_nistz256_select_w5 +%define nistz256_select_w7 ring_core_0_17_0_alpha_11_nistz256_select_w7 +%define nistz384_point_add ring_core_0_17_0_alpha_11_nistz384_point_add +%define nistz384_point_double ring_core_0_17_0_alpha_11_nistz384_point_double +%define nistz384_point_mul ring_core_0_17_0_alpha_11_nistz384_point_mul +%define p256_mul_mont ring_core_0_17_0_alpha_11_p256_mul_mont +%define p256_point_add ring_core_0_17_0_alpha_11_p256_point_add +%define p256_point_add_affine ring_core_0_17_0_alpha_11_p256_point_add_affine +%define p256_point_double ring_core_0_17_0_alpha_11_p256_point_double +%define p256_point_mul ring_core_0_17_0_alpha_11_p256_point_mul +%define p256_point_mul_base ring_core_0_17_0_alpha_11_p256_point_mul_base +%define p256_scalar_mul_mont ring_core_0_17_0_alpha_11_p256_scalar_mul_mont +%define p256_scalar_sqr_rep_mont ring_core_0_17_0_alpha_11_p256_scalar_sqr_rep_mont +%define p256_sqr_mont ring_core_0_17_0_alpha_11_p256_sqr_mont +%define p384_elem_div_by_2 ring_core_0_17_0_alpha_11_p384_elem_div_by_2 +%define p384_elem_mul_mont ring_core_0_17_0_alpha_11_p384_elem_mul_mont +%define p384_elem_neg ring_core_0_17_0_alpha_11_p384_elem_neg +%define p384_elem_sub ring_core_0_17_0_alpha_11_p384_elem_sub +%define p384_scalar_mul_mont ring_core_0_17_0_alpha_11_p384_scalar_mul_mont +%define poly1305_neon2_addmulmod ring_core_0_17_0_alpha_11_poly1305_neon2_addmulmod +%define poly1305_neon2_blocks ring_core_0_17_0_alpha_11_poly1305_neon2_blocks +%define sha256_block_data_order ring_core_0_17_0_alpha_11_sha256_block_data_order +%define sha512_block_data_order ring_core_0_17_0_alpha_11_sha512_block_data_order +%define vpaes_ctr32_encrypt_blocks ring_core_0_17_0_alpha_11_vpaes_ctr32_encrypt_blocks +%define vpaes_encrypt ring_core_0_17_0_alpha_11_vpaes_encrypt +%define vpaes_encrypt_key_to_bsaes ring_core_0_17_0_alpha_11_vpaes_encrypt_key_to_bsaes +%define vpaes_set_encrypt_key ring_core_0_17_0_alpha_11_vpaes_set_encrypt_key +%define x25519_NEON ring_core_0_17_0_alpha_11_x25519_NEON +%define x25519_fe_invert ring_core_0_17_0_alpha_11_x25519_fe_invert +%define x25519_fe_isnegative ring_core_0_17_0_alpha_11_x25519_fe_isnegative +%define x25519_fe_mul_ttt ring_core_0_17_0_alpha_11_x25519_fe_mul_ttt +%define x25519_fe_neg ring_core_0_17_0_alpha_11_x25519_fe_neg +%define x25519_fe_tobytes ring_core_0_17_0_alpha_11_x25519_fe_tobytes +%define x25519_ge_double_scalarmult_vartime ring_core_0_17_0_alpha_11_x25519_ge_double_scalarmult_vartime +%define x25519_ge_frombytes_vartime ring_core_0_17_0_alpha_11_x25519_ge_frombytes_vartime +%define x25519_ge_scalarmult_base ring_core_0_17_0_alpha_11_x25519_ge_scalarmult_base +%define x25519_public_from_private_generic_masked ring_core_0_17_0_alpha_11_x25519_public_from_private_generic_masked +%define x25519_sc_mask ring_core_0_17_0_alpha_11_x25519_sc_mask +%define x25519_sc_muladd ring_core_0_17_0_alpha_11_x25519_sc_muladd +%define x25519_sc_reduce ring_core_0_17_0_alpha_11_x25519_sc_reduce +%define x25519_scalar_mult_generic_masked ring_core_0_17_0_alpha_11_x25519_scalar_mult_generic_masked + +%endif +%endif diff --git a/pregenerated/sha256-armv4-ios32.S b/pregenerated/sha256-armv4-ios32.S deleted file mode 100644 index 6268463..0000000 --- a/pregenerated/sha256-armv4-ios32.S +++ /dev/null @@ -1,2834 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -@ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. -@ -@ Licensed under the OpenSSL license (the "License"). You may not use -@ this file except in compliance with the License. You can obtain a copy -@ in the file LICENSE in the source distribution or at -@ https://www.openssl.org/source/license.html - - -@ ==================================================================== -@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL -@ project. The module is, however, dual licensed under OpenSSL and -@ CRYPTOGAMS licenses depending on where you obtain it. For further -@ details see http://www.openssl.org/~appro/cryptogams/. -@ -@ Permission to use under GPL terms is granted. -@ ==================================================================== - -@ SHA256 block procedure for ARMv4. May 2007. - -@ Performance is ~2x better than gcc 3.4 generated code and in "abso- -@ lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per -@ byte [on single-issue Xscale PXA250 core]. - -@ July 2010. -@ -@ Rescheduling for dual-issue pipeline resulted in 22% improvement on -@ Cortex A8 core and ~20 cycles per processed byte. - -@ February 2011. -@ -@ Profiler-assisted and platform-specific optimization resulted in 16% -@ improvement on Cortex A8 core and ~15.4 cycles per processed byte. - -@ September 2013. -@ -@ Add NEON implementation. On Cortex A8 it was measured to process one -@ byte in 12.5 cycles or 23% faster than integer-only code. Snapdragon -@ S4 does it in 12.5 cycles too, but it's 50% faster than integer-only -@ code (meaning that latter performs sub-optimally, nothing was done -@ about it). - -@ May 2014. -@ -@ Add ARMv8 code path performing at 2.0 cpb on Apple A7. - -#ifndef __KERNEL__ -# include <GFp/arm_arch.h> -#else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ -# define __ARM_MAX_ARCH__ 7 -#endif - -@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both -@ ARMv7 and ARMv8 processors. It does have ARMv8-only code, but those -@ instructions are manually-encoded. (See unsha256.) - - -.text -#if defined(__thumb2__) -.syntax unified -.thumb -#else -.code 32 -#endif - - -.align 5 -K256: -.word 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 -.word 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 -.word 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 -.word 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 -.word 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc -.word 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da -.word 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 -.word 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 -.word 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 -.word 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 -.word 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 -.word 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 -.word 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 -.word 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 -.word 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 -.word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 - -.word 0 @ terminator -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - -.private_extern _GFp_armcap_P -LOPENSSL_armcap: -.word _GFp_armcap_P-Lsha256_block_data_order -#endif -.align 5 - -.globl _GFp_sha256_block_data_order -.private_extern _GFp_sha256_block_data_order -#ifdef __thumb2__ -.thumb_func _GFp_sha256_block_data_order -#endif -_GFp_sha256_block_data_order: -Lsha256_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r3,pc,#8 @ _GFp_sha256_block_data_order -#else - adr r3,Lsha256_block_data_order -#endif -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - ldr r12,LOPENSSL_armcap - ldr r12,[r3,r12] @ _GFp_armcap_P -#ifdef __APPLE__ - ldr r12,[r12] -#endif - tst r12,#ARMV8_SHA256 - bne LARMv8 - tst r12,#ARMV7_NEON - bne LNEON -#endif - add r2,r1,r2,lsl#6 @ len to point at the end of inp - stmdb sp!,{r0,r1,r2,r4-r11,lr} - ldmia r0,{r4,r5,r6,r7,r8,r9,r10,r11} - sub r14,r3,#256+32 @ K256 - sub sp,sp,#16*4 @ alloca(X[16]) -Loop: -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 -# else - ldrb r2,[r1,#3] -# endif - eor r3,r5,r6 @ magic - eor r12,r12,r12 -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 0 -# if 0==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r8,r8,ror#5 - add r4,r4,r12 @ h+=Maj(a,b,c) from the past - eor r0,r0,r8,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 0 - add r4,r4,r12 @ h+=Maj(a,b,c) from the past - ldrb r12,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r12,lsl#8 - ldrb r12,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 0==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r8,r8,ror#5 - orr r2,r2,r12,lsl#24 - eor r0,r0,r8,ror#19 @ Sigma1(e) -#endif - ldr r12,[r14],#4 @ *K256++ - add r11,r11,r2 @ h+=X[i] - str r2,[sp,#0*4] - eor r2,r9,r10 - add r11,r11,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r8 - add r11,r11,r12 @ h+=K256[i] - eor r2,r2,r10 @ Ch(e,f,g) - eor r0,r4,r4,ror#11 - add r11,r11,r2 @ h+=Ch(e,f,g) -#if 0==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 0<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r4,r5 @ a^b, b^c in next round -#else - ldr r2,[sp,#2*4] @ from future BODY_16_xx - eor r12,r4,r5 @ a^b, b^c in next round - ldr r1,[sp,#15*4] @ from future BODY_16_xx -#endif - eor r0,r0,r4,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r7,r7,r11 @ d+=h - eor r3,r3,r5 @ Maj(a,b,c) - add r11,r11,r0,ror#2 @ h+=Sigma0(a) - @ add r11,r11,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 1 -# if 1==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r7,r7,ror#5 - add r11,r11,r3 @ h+=Maj(a,b,c) from the past - eor r0,r0,r7,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 1 - add r11,r11,r3 @ h+=Maj(a,b,c) from the past - ldrb r3,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r3,lsl#8 - ldrb r3,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 1==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r7,r7,ror#5 - orr r2,r2,r3,lsl#24 - eor r0,r0,r7,ror#19 @ Sigma1(e) -#endif - ldr r3,[r14],#4 @ *K256++ - add r10,r10,r2 @ h+=X[i] - str r2,[sp,#1*4] - eor r2,r8,r9 - add r10,r10,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r7 - add r10,r10,r3 @ h+=K256[i] - eor r2,r2,r9 @ Ch(e,f,g) - eor r0,r11,r11,ror#11 - add r10,r10,r2 @ h+=Ch(e,f,g) -#if 1==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 1<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r11,r4 @ a^b, b^c in next round -#else - ldr r2,[sp,#3*4] @ from future BODY_16_xx - eor r3,r11,r4 @ a^b, b^c in next round - ldr r1,[sp,#0*4] @ from future BODY_16_xx -#endif - eor r0,r0,r11,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r6,r6,r10 @ d+=h - eor r12,r12,r4 @ Maj(a,b,c) - add r10,r10,r0,ror#2 @ h+=Sigma0(a) - @ add r10,r10,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 2 -# if 2==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r6,r6,ror#5 - add r10,r10,r12 @ h+=Maj(a,b,c) from the past - eor r0,r0,r6,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 2 - add r10,r10,r12 @ h+=Maj(a,b,c) from the past - ldrb r12,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r12,lsl#8 - ldrb r12,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 2==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r6,r6,ror#5 - orr r2,r2,r12,lsl#24 - eor r0,r0,r6,ror#19 @ Sigma1(e) -#endif - ldr r12,[r14],#4 @ *K256++ - add r9,r9,r2 @ h+=X[i] - str r2,[sp,#2*4] - eor r2,r7,r8 - add r9,r9,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r6 - add r9,r9,r12 @ h+=K256[i] - eor r2,r2,r8 @ Ch(e,f,g) - eor r0,r10,r10,ror#11 - add r9,r9,r2 @ h+=Ch(e,f,g) -#if 2==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 2<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r10,r11 @ a^b, b^c in next round -#else - ldr r2,[sp,#4*4] @ from future BODY_16_xx - eor r12,r10,r11 @ a^b, b^c in next round - ldr r1,[sp,#1*4] @ from future BODY_16_xx -#endif - eor r0,r0,r10,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r5,r5,r9 @ d+=h - eor r3,r3,r11 @ Maj(a,b,c) - add r9,r9,r0,ror#2 @ h+=Sigma0(a) - @ add r9,r9,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 3 -# if 3==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r5,r5,ror#5 - add r9,r9,r3 @ h+=Maj(a,b,c) from the past - eor r0,r0,r5,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 3 - add r9,r9,r3 @ h+=Maj(a,b,c) from the past - ldrb r3,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r3,lsl#8 - ldrb r3,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 3==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r5,r5,ror#5 - orr r2,r2,r3,lsl#24 - eor r0,r0,r5,ror#19 @ Sigma1(e) -#endif - ldr r3,[r14],#4 @ *K256++ - add r8,r8,r2 @ h+=X[i] - str r2,[sp,#3*4] - eor r2,r6,r7 - add r8,r8,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r5 - add r8,r8,r3 @ h+=K256[i] - eor r2,r2,r7 @ Ch(e,f,g) - eor r0,r9,r9,ror#11 - add r8,r8,r2 @ h+=Ch(e,f,g) -#if 3==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 3<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r9,r10 @ a^b, b^c in next round -#else - ldr r2,[sp,#5*4] @ from future BODY_16_xx - eor r3,r9,r10 @ a^b, b^c in next round - ldr r1,[sp,#2*4] @ from future BODY_16_xx -#endif - eor r0,r0,r9,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r4,r4,r8 @ d+=h - eor r12,r12,r10 @ Maj(a,b,c) - add r8,r8,r0,ror#2 @ h+=Sigma0(a) - @ add r8,r8,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 4 -# if 4==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r4,r4,ror#5 - add r8,r8,r12 @ h+=Maj(a,b,c) from the past - eor r0,r0,r4,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 4 - add r8,r8,r12 @ h+=Maj(a,b,c) from the past - ldrb r12,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r12,lsl#8 - ldrb r12,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 4==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r4,r4,ror#5 - orr r2,r2,r12,lsl#24 - eor r0,r0,r4,ror#19 @ Sigma1(e) -#endif - ldr r12,[r14],#4 @ *K256++ - add r7,r7,r2 @ h+=X[i] - str r2,[sp,#4*4] - eor r2,r5,r6 - add r7,r7,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r4 - add r7,r7,r12 @ h+=K256[i] - eor r2,r2,r6 @ Ch(e,f,g) - eor r0,r8,r8,ror#11 - add r7,r7,r2 @ h+=Ch(e,f,g) -#if 4==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 4<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r8,r9 @ a^b, b^c in next round -#else - ldr r2,[sp,#6*4] @ from future BODY_16_xx - eor r12,r8,r9 @ a^b, b^c in next round - ldr r1,[sp,#3*4] @ from future BODY_16_xx -#endif - eor r0,r0,r8,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r11,r11,r7 @ d+=h - eor r3,r3,r9 @ Maj(a,b,c) - add r7,r7,r0,ror#2 @ h+=Sigma0(a) - @ add r7,r7,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 5 -# if 5==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r11,r11,ror#5 - add r7,r7,r3 @ h+=Maj(a,b,c) from the past - eor r0,r0,r11,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 5 - add r7,r7,r3 @ h+=Maj(a,b,c) from the past - ldrb r3,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r3,lsl#8 - ldrb r3,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 5==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r11,r11,ror#5 - orr r2,r2,r3,lsl#24 - eor r0,r0,r11,ror#19 @ Sigma1(e) -#endif - ldr r3,[r14],#4 @ *K256++ - add r6,r6,r2 @ h+=X[i] - str r2,[sp,#5*4] - eor r2,r4,r5 - add r6,r6,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r11 - add r6,r6,r3 @ h+=K256[i] - eor r2,r2,r5 @ Ch(e,f,g) - eor r0,r7,r7,ror#11 - add r6,r6,r2 @ h+=Ch(e,f,g) -#if 5==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 5<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r7,r8 @ a^b, b^c in next round -#else - ldr r2,[sp,#7*4] @ from future BODY_16_xx - eor r3,r7,r8 @ a^b, b^c in next round - ldr r1,[sp,#4*4] @ from future BODY_16_xx -#endif - eor r0,r0,r7,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r10,r10,r6 @ d+=h - eor r12,r12,r8 @ Maj(a,b,c) - add r6,r6,r0,ror#2 @ h+=Sigma0(a) - @ add r6,r6,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 6 -# if 6==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r10,r10,ror#5 - add r6,r6,r12 @ h+=Maj(a,b,c) from the past - eor r0,r0,r10,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 6 - add r6,r6,r12 @ h+=Maj(a,b,c) from the past - ldrb r12,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r12,lsl#8 - ldrb r12,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 6==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r10,r10,ror#5 - orr r2,r2,r12,lsl#24 - eor r0,r0,r10,ror#19 @ Sigma1(e) -#endif - ldr r12,[r14],#4 @ *K256++ - add r5,r5,r2 @ h+=X[i] - str r2,[sp,#6*4] - eor r2,r11,r4 - add r5,r5,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r10 - add r5,r5,r12 @ h+=K256[i] - eor r2,r2,r4 @ Ch(e,f,g) - eor r0,r6,r6,ror#11 - add r5,r5,r2 @ h+=Ch(e,f,g) -#if 6==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 6<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r6,r7 @ a^b, b^c in next round -#else - ldr r2,[sp,#8*4] @ from future BODY_16_xx - eor r12,r6,r7 @ a^b, b^c in next round - ldr r1,[sp,#5*4] @ from future BODY_16_xx -#endif - eor r0,r0,r6,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r9,r9,r5 @ d+=h - eor r3,r3,r7 @ Maj(a,b,c) - add r5,r5,r0,ror#2 @ h+=Sigma0(a) - @ add r5,r5,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 7 -# if 7==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r9,r9,ror#5 - add r5,r5,r3 @ h+=Maj(a,b,c) from the past - eor r0,r0,r9,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 7 - add r5,r5,r3 @ h+=Maj(a,b,c) from the past - ldrb r3,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r3,lsl#8 - ldrb r3,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 7==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r9,r9,ror#5 - orr r2,r2,r3,lsl#24 - eor r0,r0,r9,ror#19 @ Sigma1(e) -#endif - ldr r3,[r14],#4 @ *K256++ - add r4,r4,r2 @ h+=X[i] - str r2,[sp,#7*4] - eor r2,r10,r11 - add r4,r4,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r9 - add r4,r4,r3 @ h+=K256[i] - eor r2,r2,r11 @ Ch(e,f,g) - eor r0,r5,r5,ror#11 - add r4,r4,r2 @ h+=Ch(e,f,g) -#if 7==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 7<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r5,r6 @ a^b, b^c in next round -#else - ldr r2,[sp,#9*4] @ from future BODY_16_xx - eor r3,r5,r6 @ a^b, b^c in next round - ldr r1,[sp,#6*4] @ from future BODY_16_xx -#endif - eor r0,r0,r5,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r8,r8,r4 @ d+=h - eor r12,r12,r6 @ Maj(a,b,c) - add r4,r4,r0,ror#2 @ h+=Sigma0(a) - @ add r4,r4,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 8 -# if 8==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r8,r8,ror#5 - add r4,r4,r12 @ h+=Maj(a,b,c) from the past - eor r0,r0,r8,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 8 - add r4,r4,r12 @ h+=Maj(a,b,c) from the past - ldrb r12,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r12,lsl#8 - ldrb r12,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 8==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r8,r8,ror#5 - orr r2,r2,r12,lsl#24 - eor r0,r0,r8,ror#19 @ Sigma1(e) -#endif - ldr r12,[r14],#4 @ *K256++ - add r11,r11,r2 @ h+=X[i] - str r2,[sp,#8*4] - eor r2,r9,r10 - add r11,r11,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r8 - add r11,r11,r12 @ h+=K256[i] - eor r2,r2,r10 @ Ch(e,f,g) - eor r0,r4,r4,ror#11 - add r11,r11,r2 @ h+=Ch(e,f,g) -#if 8==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 8<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r4,r5 @ a^b, b^c in next round -#else - ldr r2,[sp,#10*4] @ from future BODY_16_xx - eor r12,r4,r5 @ a^b, b^c in next round - ldr r1,[sp,#7*4] @ from future BODY_16_xx -#endif - eor r0,r0,r4,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r7,r7,r11 @ d+=h - eor r3,r3,r5 @ Maj(a,b,c) - add r11,r11,r0,ror#2 @ h+=Sigma0(a) - @ add r11,r11,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 9 -# if 9==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r7,r7,ror#5 - add r11,r11,r3 @ h+=Maj(a,b,c) from the past - eor r0,r0,r7,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 9 - add r11,r11,r3 @ h+=Maj(a,b,c) from the past - ldrb r3,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r3,lsl#8 - ldrb r3,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 9==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r7,r7,ror#5 - orr r2,r2,r3,lsl#24 - eor r0,r0,r7,ror#19 @ Sigma1(e) -#endif - ldr r3,[r14],#4 @ *K256++ - add r10,r10,r2 @ h+=X[i] - str r2,[sp,#9*4] - eor r2,r8,r9 - add r10,r10,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r7 - add r10,r10,r3 @ h+=K256[i] - eor r2,r2,r9 @ Ch(e,f,g) - eor r0,r11,r11,ror#11 - add r10,r10,r2 @ h+=Ch(e,f,g) -#if 9==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 9<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r11,r4 @ a^b, b^c in next round -#else - ldr r2,[sp,#11*4] @ from future BODY_16_xx - eor r3,r11,r4 @ a^b, b^c in next round - ldr r1,[sp,#8*4] @ from future BODY_16_xx -#endif - eor r0,r0,r11,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r6,r6,r10 @ d+=h - eor r12,r12,r4 @ Maj(a,b,c) - add r10,r10,r0,ror#2 @ h+=Sigma0(a) - @ add r10,r10,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 10 -# if 10==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r6,r6,ror#5 - add r10,r10,r12 @ h+=Maj(a,b,c) from the past - eor r0,r0,r6,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 10 - add r10,r10,r12 @ h+=Maj(a,b,c) from the past - ldrb r12,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r12,lsl#8 - ldrb r12,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 10==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r6,r6,ror#5 - orr r2,r2,r12,lsl#24 - eor r0,r0,r6,ror#19 @ Sigma1(e) -#endif - ldr r12,[r14],#4 @ *K256++ - add r9,r9,r2 @ h+=X[i] - str r2,[sp,#10*4] - eor r2,r7,r8 - add r9,r9,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r6 - add r9,r9,r12 @ h+=K256[i] - eor r2,r2,r8 @ Ch(e,f,g) - eor r0,r10,r10,ror#11 - add r9,r9,r2 @ h+=Ch(e,f,g) -#if 10==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 10<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r10,r11 @ a^b, b^c in next round -#else - ldr r2,[sp,#12*4] @ from future BODY_16_xx - eor r12,r10,r11 @ a^b, b^c in next round - ldr r1,[sp,#9*4] @ from future BODY_16_xx -#endif - eor r0,r0,r10,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r5,r5,r9 @ d+=h - eor r3,r3,r11 @ Maj(a,b,c) - add r9,r9,r0,ror#2 @ h+=Sigma0(a) - @ add r9,r9,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 11 -# if 11==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r5,r5,ror#5 - add r9,r9,r3 @ h+=Maj(a,b,c) from the past - eor r0,r0,r5,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 11 - add r9,r9,r3 @ h+=Maj(a,b,c) from the past - ldrb r3,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r3,lsl#8 - ldrb r3,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 11==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r5,r5,ror#5 - orr r2,r2,r3,lsl#24 - eor r0,r0,r5,ror#19 @ Sigma1(e) -#endif - ldr r3,[r14],#4 @ *K256++ - add r8,r8,r2 @ h+=X[i] - str r2,[sp,#11*4] - eor r2,r6,r7 - add r8,r8,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r5 - add r8,r8,r3 @ h+=K256[i] - eor r2,r2,r7 @ Ch(e,f,g) - eor r0,r9,r9,ror#11 - add r8,r8,r2 @ h+=Ch(e,f,g) -#if 11==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 11<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r9,r10 @ a^b, b^c in next round -#else - ldr r2,[sp,#13*4] @ from future BODY_16_xx - eor r3,r9,r10 @ a^b, b^c in next round - ldr r1,[sp,#10*4] @ from future BODY_16_xx -#endif - eor r0,r0,r9,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r4,r4,r8 @ d+=h - eor r12,r12,r10 @ Maj(a,b,c) - add r8,r8,r0,ror#2 @ h+=Sigma0(a) - @ add r8,r8,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 12 -# if 12==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r4,r4,ror#5 - add r8,r8,r12 @ h+=Maj(a,b,c) from the past - eor r0,r0,r4,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 12 - add r8,r8,r12 @ h+=Maj(a,b,c) from the past - ldrb r12,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r12,lsl#8 - ldrb r12,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 12==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r4,r4,ror#5 - orr r2,r2,r12,lsl#24 - eor r0,r0,r4,ror#19 @ Sigma1(e) -#endif - ldr r12,[r14],#4 @ *K256++ - add r7,r7,r2 @ h+=X[i] - str r2,[sp,#12*4] - eor r2,r5,r6 - add r7,r7,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r4 - add r7,r7,r12 @ h+=K256[i] - eor r2,r2,r6 @ Ch(e,f,g) - eor r0,r8,r8,ror#11 - add r7,r7,r2 @ h+=Ch(e,f,g) -#if 12==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 12<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r8,r9 @ a^b, b^c in next round -#else - ldr r2,[sp,#14*4] @ from future BODY_16_xx - eor r12,r8,r9 @ a^b, b^c in next round - ldr r1,[sp,#11*4] @ from future BODY_16_xx -#endif - eor r0,r0,r8,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r11,r11,r7 @ d+=h - eor r3,r3,r9 @ Maj(a,b,c) - add r7,r7,r0,ror#2 @ h+=Sigma0(a) - @ add r7,r7,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 13 -# if 13==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r11,r11,ror#5 - add r7,r7,r3 @ h+=Maj(a,b,c) from the past - eor r0,r0,r11,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 13 - add r7,r7,r3 @ h+=Maj(a,b,c) from the past - ldrb r3,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r3,lsl#8 - ldrb r3,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 13==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r11,r11,ror#5 - orr r2,r2,r3,lsl#24 - eor r0,r0,r11,ror#19 @ Sigma1(e) -#endif - ldr r3,[r14],#4 @ *K256++ - add r6,r6,r2 @ h+=X[i] - str r2,[sp,#13*4] - eor r2,r4,r5 - add r6,r6,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r11 - add r6,r6,r3 @ h+=K256[i] - eor r2,r2,r5 @ Ch(e,f,g) - eor r0,r7,r7,ror#11 - add r6,r6,r2 @ h+=Ch(e,f,g) -#if 13==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 13<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r7,r8 @ a^b, b^c in next round -#else - ldr r2,[sp,#15*4] @ from future BODY_16_xx - eor r3,r7,r8 @ a^b, b^c in next round - ldr r1,[sp,#12*4] @ from future BODY_16_xx -#endif - eor r0,r0,r7,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r10,r10,r6 @ d+=h - eor r12,r12,r8 @ Maj(a,b,c) - add r6,r6,r0,ror#2 @ h+=Sigma0(a) - @ add r6,r6,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 14 -# if 14==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r10,r10,ror#5 - add r6,r6,r12 @ h+=Maj(a,b,c) from the past - eor r0,r0,r10,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 14 - add r6,r6,r12 @ h+=Maj(a,b,c) from the past - ldrb r12,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r12,lsl#8 - ldrb r12,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 14==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r10,r10,ror#5 - orr r2,r2,r12,lsl#24 - eor r0,r0,r10,ror#19 @ Sigma1(e) -#endif - ldr r12,[r14],#4 @ *K256++ - add r5,r5,r2 @ h+=X[i] - str r2,[sp,#14*4] - eor r2,r11,r4 - add r5,r5,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r10 - add r5,r5,r12 @ h+=K256[i] - eor r2,r2,r4 @ Ch(e,f,g) - eor r0,r6,r6,ror#11 - add r5,r5,r2 @ h+=Ch(e,f,g) -#if 14==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 14<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r6,r7 @ a^b, b^c in next round -#else - ldr r2,[sp,#0*4] @ from future BODY_16_xx - eor r12,r6,r7 @ a^b, b^c in next round - ldr r1,[sp,#13*4] @ from future BODY_16_xx -#endif - eor r0,r0,r6,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r9,r9,r5 @ d+=h - eor r3,r3,r7 @ Maj(a,b,c) - add r5,r5,r0,ror#2 @ h+=Sigma0(a) - @ add r5,r5,r3 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - @ ldr r2,[r1],#4 @ 15 -# if 15==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r9,r9,ror#5 - add r5,r5,r3 @ h+=Maj(a,b,c) from the past - eor r0,r0,r9,ror#19 @ Sigma1(e) -# ifndef __ARMEB__ - rev r2,r2 -# endif -#else - @ ldrb r2,[r1,#3] @ 15 - add r5,r5,r3 @ h+=Maj(a,b,c) from the past - ldrb r3,[r1,#2] - ldrb r0,[r1,#1] - orr r2,r2,r3,lsl#8 - ldrb r3,[r1],#4 - orr r2,r2,r0,lsl#16 -# if 15==15 - str r1,[sp,#17*4] @ make room for r1 -# endif - eor r0,r9,r9,ror#5 - orr r2,r2,r3,lsl#24 - eor r0,r0,r9,ror#19 @ Sigma1(e) -#endif - ldr r3,[r14],#4 @ *K256++ - add r4,r4,r2 @ h+=X[i] - str r2,[sp,#15*4] - eor r2,r10,r11 - add r4,r4,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r9 - add r4,r4,r3 @ h+=K256[i] - eor r2,r2,r11 @ Ch(e,f,g) - eor r0,r5,r5,ror#11 - add r4,r4,r2 @ h+=Ch(e,f,g) -#if 15==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 15<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r5,r6 @ a^b, b^c in next round -#else - ldr r2,[sp,#1*4] @ from future BODY_16_xx - eor r3,r5,r6 @ a^b, b^c in next round - ldr r1,[sp,#14*4] @ from future BODY_16_xx -#endif - eor r0,r0,r5,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r8,r8,r4 @ d+=h - eor r12,r12,r6 @ Maj(a,b,c) - add r4,r4,r0,ror#2 @ h+=Sigma0(a) - @ add r4,r4,r12 @ h+=Maj(a,b,c) -Lrounds_16_xx: - @ ldr r2,[sp,#1*4] @ 16 - @ ldr r1,[sp,#14*4] - mov r0,r2,ror#7 - add r4,r4,r12 @ h+=Maj(a,b,c) from the past - mov r12,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r12,r12,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#0*4] - eor r12,r12,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#9*4] - - add r12,r12,r0 - eor r0,r8,r8,ror#5 @ from BODY_00_15 - add r2,r2,r12 - eor r0,r0,r8,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r12,[r14],#4 @ *K256++ - add r11,r11,r2 @ h+=X[i] - str r2,[sp,#0*4] - eor r2,r9,r10 - add r11,r11,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r8 - add r11,r11,r12 @ h+=K256[i] - eor r2,r2,r10 @ Ch(e,f,g) - eor r0,r4,r4,ror#11 - add r11,r11,r2 @ h+=Ch(e,f,g) -#if 16==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 16<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r4,r5 @ a^b, b^c in next round -#else - ldr r2,[sp,#2*4] @ from future BODY_16_xx - eor r12,r4,r5 @ a^b, b^c in next round - ldr r1,[sp,#15*4] @ from future BODY_16_xx -#endif - eor r0,r0,r4,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r7,r7,r11 @ d+=h - eor r3,r3,r5 @ Maj(a,b,c) - add r11,r11,r0,ror#2 @ h+=Sigma0(a) - @ add r11,r11,r3 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#2*4] @ 17 - @ ldr r1,[sp,#15*4] - mov r0,r2,ror#7 - add r11,r11,r3 @ h+=Maj(a,b,c) from the past - mov r3,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r3,r3,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#1*4] - eor r3,r3,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#10*4] - - add r3,r3,r0 - eor r0,r7,r7,ror#5 @ from BODY_00_15 - add r2,r2,r3 - eor r0,r0,r7,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r3,[r14],#4 @ *K256++ - add r10,r10,r2 @ h+=X[i] - str r2,[sp,#1*4] - eor r2,r8,r9 - add r10,r10,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r7 - add r10,r10,r3 @ h+=K256[i] - eor r2,r2,r9 @ Ch(e,f,g) - eor r0,r11,r11,ror#11 - add r10,r10,r2 @ h+=Ch(e,f,g) -#if 17==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 17<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r11,r4 @ a^b, b^c in next round -#else - ldr r2,[sp,#3*4] @ from future BODY_16_xx - eor r3,r11,r4 @ a^b, b^c in next round - ldr r1,[sp,#0*4] @ from future BODY_16_xx -#endif - eor r0,r0,r11,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r6,r6,r10 @ d+=h - eor r12,r12,r4 @ Maj(a,b,c) - add r10,r10,r0,ror#2 @ h+=Sigma0(a) - @ add r10,r10,r12 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#3*4] @ 18 - @ ldr r1,[sp,#0*4] - mov r0,r2,ror#7 - add r10,r10,r12 @ h+=Maj(a,b,c) from the past - mov r12,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r12,r12,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#2*4] - eor r12,r12,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#11*4] - - add r12,r12,r0 - eor r0,r6,r6,ror#5 @ from BODY_00_15 - add r2,r2,r12 - eor r0,r0,r6,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r12,[r14],#4 @ *K256++ - add r9,r9,r2 @ h+=X[i] - str r2,[sp,#2*4] - eor r2,r7,r8 - add r9,r9,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r6 - add r9,r9,r12 @ h+=K256[i] - eor r2,r2,r8 @ Ch(e,f,g) - eor r0,r10,r10,ror#11 - add r9,r9,r2 @ h+=Ch(e,f,g) -#if 18==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 18<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r10,r11 @ a^b, b^c in next round -#else - ldr r2,[sp,#4*4] @ from future BODY_16_xx - eor r12,r10,r11 @ a^b, b^c in next round - ldr r1,[sp,#1*4] @ from future BODY_16_xx -#endif - eor r0,r0,r10,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r5,r5,r9 @ d+=h - eor r3,r3,r11 @ Maj(a,b,c) - add r9,r9,r0,ror#2 @ h+=Sigma0(a) - @ add r9,r9,r3 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#4*4] @ 19 - @ ldr r1,[sp,#1*4] - mov r0,r2,ror#7 - add r9,r9,r3 @ h+=Maj(a,b,c) from the past - mov r3,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r3,r3,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#3*4] - eor r3,r3,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#12*4] - - add r3,r3,r0 - eor r0,r5,r5,ror#5 @ from BODY_00_15 - add r2,r2,r3 - eor r0,r0,r5,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r3,[r14],#4 @ *K256++ - add r8,r8,r2 @ h+=X[i] - str r2,[sp,#3*4] - eor r2,r6,r7 - add r8,r8,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r5 - add r8,r8,r3 @ h+=K256[i] - eor r2,r2,r7 @ Ch(e,f,g) - eor r0,r9,r9,ror#11 - add r8,r8,r2 @ h+=Ch(e,f,g) -#if 19==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 19<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r9,r10 @ a^b, b^c in next round -#else - ldr r2,[sp,#5*4] @ from future BODY_16_xx - eor r3,r9,r10 @ a^b, b^c in next round - ldr r1,[sp,#2*4] @ from future BODY_16_xx -#endif - eor r0,r0,r9,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r4,r4,r8 @ d+=h - eor r12,r12,r10 @ Maj(a,b,c) - add r8,r8,r0,ror#2 @ h+=Sigma0(a) - @ add r8,r8,r12 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#5*4] @ 20 - @ ldr r1,[sp,#2*4] - mov r0,r2,ror#7 - add r8,r8,r12 @ h+=Maj(a,b,c) from the past - mov r12,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r12,r12,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#4*4] - eor r12,r12,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#13*4] - - add r12,r12,r0 - eor r0,r4,r4,ror#5 @ from BODY_00_15 - add r2,r2,r12 - eor r0,r0,r4,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r12,[r14],#4 @ *K256++ - add r7,r7,r2 @ h+=X[i] - str r2,[sp,#4*4] - eor r2,r5,r6 - add r7,r7,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r4 - add r7,r7,r12 @ h+=K256[i] - eor r2,r2,r6 @ Ch(e,f,g) - eor r0,r8,r8,ror#11 - add r7,r7,r2 @ h+=Ch(e,f,g) -#if 20==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 20<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r8,r9 @ a^b, b^c in next round -#else - ldr r2,[sp,#6*4] @ from future BODY_16_xx - eor r12,r8,r9 @ a^b, b^c in next round - ldr r1,[sp,#3*4] @ from future BODY_16_xx -#endif - eor r0,r0,r8,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r11,r11,r7 @ d+=h - eor r3,r3,r9 @ Maj(a,b,c) - add r7,r7,r0,ror#2 @ h+=Sigma0(a) - @ add r7,r7,r3 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#6*4] @ 21 - @ ldr r1,[sp,#3*4] - mov r0,r2,ror#7 - add r7,r7,r3 @ h+=Maj(a,b,c) from the past - mov r3,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r3,r3,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#5*4] - eor r3,r3,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#14*4] - - add r3,r3,r0 - eor r0,r11,r11,ror#5 @ from BODY_00_15 - add r2,r2,r3 - eor r0,r0,r11,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r3,[r14],#4 @ *K256++ - add r6,r6,r2 @ h+=X[i] - str r2,[sp,#5*4] - eor r2,r4,r5 - add r6,r6,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r11 - add r6,r6,r3 @ h+=K256[i] - eor r2,r2,r5 @ Ch(e,f,g) - eor r0,r7,r7,ror#11 - add r6,r6,r2 @ h+=Ch(e,f,g) -#if 21==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 21<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r7,r8 @ a^b, b^c in next round -#else - ldr r2,[sp,#7*4] @ from future BODY_16_xx - eor r3,r7,r8 @ a^b, b^c in next round - ldr r1,[sp,#4*4] @ from future BODY_16_xx -#endif - eor r0,r0,r7,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r10,r10,r6 @ d+=h - eor r12,r12,r8 @ Maj(a,b,c) - add r6,r6,r0,ror#2 @ h+=Sigma0(a) - @ add r6,r6,r12 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#7*4] @ 22 - @ ldr r1,[sp,#4*4] - mov r0,r2,ror#7 - add r6,r6,r12 @ h+=Maj(a,b,c) from the past - mov r12,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r12,r12,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#6*4] - eor r12,r12,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#15*4] - - add r12,r12,r0 - eor r0,r10,r10,ror#5 @ from BODY_00_15 - add r2,r2,r12 - eor r0,r0,r10,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r12,[r14],#4 @ *K256++ - add r5,r5,r2 @ h+=X[i] - str r2,[sp,#6*4] - eor r2,r11,r4 - add r5,r5,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r10 - add r5,r5,r12 @ h+=K256[i] - eor r2,r2,r4 @ Ch(e,f,g) - eor r0,r6,r6,ror#11 - add r5,r5,r2 @ h+=Ch(e,f,g) -#if 22==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 22<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r6,r7 @ a^b, b^c in next round -#else - ldr r2,[sp,#8*4] @ from future BODY_16_xx - eor r12,r6,r7 @ a^b, b^c in next round - ldr r1,[sp,#5*4] @ from future BODY_16_xx -#endif - eor r0,r0,r6,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r9,r9,r5 @ d+=h - eor r3,r3,r7 @ Maj(a,b,c) - add r5,r5,r0,ror#2 @ h+=Sigma0(a) - @ add r5,r5,r3 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#8*4] @ 23 - @ ldr r1,[sp,#5*4] - mov r0,r2,ror#7 - add r5,r5,r3 @ h+=Maj(a,b,c) from the past - mov r3,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r3,r3,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#7*4] - eor r3,r3,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#0*4] - - add r3,r3,r0 - eor r0,r9,r9,ror#5 @ from BODY_00_15 - add r2,r2,r3 - eor r0,r0,r9,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r3,[r14],#4 @ *K256++ - add r4,r4,r2 @ h+=X[i] - str r2,[sp,#7*4] - eor r2,r10,r11 - add r4,r4,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r9 - add r4,r4,r3 @ h+=K256[i] - eor r2,r2,r11 @ Ch(e,f,g) - eor r0,r5,r5,ror#11 - add r4,r4,r2 @ h+=Ch(e,f,g) -#if 23==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 23<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r5,r6 @ a^b, b^c in next round -#else - ldr r2,[sp,#9*4] @ from future BODY_16_xx - eor r3,r5,r6 @ a^b, b^c in next round - ldr r1,[sp,#6*4] @ from future BODY_16_xx -#endif - eor r0,r0,r5,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r8,r8,r4 @ d+=h - eor r12,r12,r6 @ Maj(a,b,c) - add r4,r4,r0,ror#2 @ h+=Sigma0(a) - @ add r4,r4,r12 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#9*4] @ 24 - @ ldr r1,[sp,#6*4] - mov r0,r2,ror#7 - add r4,r4,r12 @ h+=Maj(a,b,c) from the past - mov r12,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r12,r12,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#8*4] - eor r12,r12,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#1*4] - - add r12,r12,r0 - eor r0,r8,r8,ror#5 @ from BODY_00_15 - add r2,r2,r12 - eor r0,r0,r8,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r12,[r14],#4 @ *K256++ - add r11,r11,r2 @ h+=X[i] - str r2,[sp,#8*4] - eor r2,r9,r10 - add r11,r11,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r8 - add r11,r11,r12 @ h+=K256[i] - eor r2,r2,r10 @ Ch(e,f,g) - eor r0,r4,r4,ror#11 - add r11,r11,r2 @ h+=Ch(e,f,g) -#if 24==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 24<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r4,r5 @ a^b, b^c in next round -#else - ldr r2,[sp,#10*4] @ from future BODY_16_xx - eor r12,r4,r5 @ a^b, b^c in next round - ldr r1,[sp,#7*4] @ from future BODY_16_xx -#endif - eor r0,r0,r4,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r7,r7,r11 @ d+=h - eor r3,r3,r5 @ Maj(a,b,c) - add r11,r11,r0,ror#2 @ h+=Sigma0(a) - @ add r11,r11,r3 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#10*4] @ 25 - @ ldr r1,[sp,#7*4] - mov r0,r2,ror#7 - add r11,r11,r3 @ h+=Maj(a,b,c) from the past - mov r3,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r3,r3,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#9*4] - eor r3,r3,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#2*4] - - add r3,r3,r0 - eor r0,r7,r7,ror#5 @ from BODY_00_15 - add r2,r2,r3 - eor r0,r0,r7,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r3,[r14],#4 @ *K256++ - add r10,r10,r2 @ h+=X[i] - str r2,[sp,#9*4] - eor r2,r8,r9 - add r10,r10,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r7 - add r10,r10,r3 @ h+=K256[i] - eor r2,r2,r9 @ Ch(e,f,g) - eor r0,r11,r11,ror#11 - add r10,r10,r2 @ h+=Ch(e,f,g) -#if 25==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 25<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r11,r4 @ a^b, b^c in next round -#else - ldr r2,[sp,#11*4] @ from future BODY_16_xx - eor r3,r11,r4 @ a^b, b^c in next round - ldr r1,[sp,#8*4] @ from future BODY_16_xx -#endif - eor r0,r0,r11,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r6,r6,r10 @ d+=h - eor r12,r12,r4 @ Maj(a,b,c) - add r10,r10,r0,ror#2 @ h+=Sigma0(a) - @ add r10,r10,r12 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#11*4] @ 26 - @ ldr r1,[sp,#8*4] - mov r0,r2,ror#7 - add r10,r10,r12 @ h+=Maj(a,b,c) from the past - mov r12,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r12,r12,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#10*4] - eor r12,r12,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#3*4] - - add r12,r12,r0 - eor r0,r6,r6,ror#5 @ from BODY_00_15 - add r2,r2,r12 - eor r0,r0,r6,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r12,[r14],#4 @ *K256++ - add r9,r9,r2 @ h+=X[i] - str r2,[sp,#10*4] - eor r2,r7,r8 - add r9,r9,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r6 - add r9,r9,r12 @ h+=K256[i] - eor r2,r2,r8 @ Ch(e,f,g) - eor r0,r10,r10,ror#11 - add r9,r9,r2 @ h+=Ch(e,f,g) -#if 26==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 26<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r10,r11 @ a^b, b^c in next round -#else - ldr r2,[sp,#12*4] @ from future BODY_16_xx - eor r12,r10,r11 @ a^b, b^c in next round - ldr r1,[sp,#9*4] @ from future BODY_16_xx -#endif - eor r0,r0,r10,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r5,r5,r9 @ d+=h - eor r3,r3,r11 @ Maj(a,b,c) - add r9,r9,r0,ror#2 @ h+=Sigma0(a) - @ add r9,r9,r3 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#12*4] @ 27 - @ ldr r1,[sp,#9*4] - mov r0,r2,ror#7 - add r9,r9,r3 @ h+=Maj(a,b,c) from the past - mov r3,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r3,r3,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#11*4] - eor r3,r3,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#4*4] - - add r3,r3,r0 - eor r0,r5,r5,ror#5 @ from BODY_00_15 - add r2,r2,r3 - eor r0,r0,r5,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r3,[r14],#4 @ *K256++ - add r8,r8,r2 @ h+=X[i] - str r2,[sp,#11*4] - eor r2,r6,r7 - add r8,r8,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r5 - add r8,r8,r3 @ h+=K256[i] - eor r2,r2,r7 @ Ch(e,f,g) - eor r0,r9,r9,ror#11 - add r8,r8,r2 @ h+=Ch(e,f,g) -#if 27==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 27<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r9,r10 @ a^b, b^c in next round -#else - ldr r2,[sp,#13*4] @ from future BODY_16_xx - eor r3,r9,r10 @ a^b, b^c in next round - ldr r1,[sp,#10*4] @ from future BODY_16_xx -#endif - eor r0,r0,r9,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r4,r4,r8 @ d+=h - eor r12,r12,r10 @ Maj(a,b,c) - add r8,r8,r0,ror#2 @ h+=Sigma0(a) - @ add r8,r8,r12 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#13*4] @ 28 - @ ldr r1,[sp,#10*4] - mov r0,r2,ror#7 - add r8,r8,r12 @ h+=Maj(a,b,c) from the past - mov r12,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r12,r12,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#12*4] - eor r12,r12,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#5*4] - - add r12,r12,r0 - eor r0,r4,r4,ror#5 @ from BODY_00_15 - add r2,r2,r12 - eor r0,r0,r4,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r12,[r14],#4 @ *K256++ - add r7,r7,r2 @ h+=X[i] - str r2,[sp,#12*4] - eor r2,r5,r6 - add r7,r7,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r4 - add r7,r7,r12 @ h+=K256[i] - eor r2,r2,r6 @ Ch(e,f,g) - eor r0,r8,r8,ror#11 - add r7,r7,r2 @ h+=Ch(e,f,g) -#if 28==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 28<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r8,r9 @ a^b, b^c in next round -#else - ldr r2,[sp,#14*4] @ from future BODY_16_xx - eor r12,r8,r9 @ a^b, b^c in next round - ldr r1,[sp,#11*4] @ from future BODY_16_xx -#endif - eor r0,r0,r8,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r11,r11,r7 @ d+=h - eor r3,r3,r9 @ Maj(a,b,c) - add r7,r7,r0,ror#2 @ h+=Sigma0(a) - @ add r7,r7,r3 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#14*4] @ 29 - @ ldr r1,[sp,#11*4] - mov r0,r2,ror#7 - add r7,r7,r3 @ h+=Maj(a,b,c) from the past - mov r3,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r3,r3,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#13*4] - eor r3,r3,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#6*4] - - add r3,r3,r0 - eor r0,r11,r11,ror#5 @ from BODY_00_15 - add r2,r2,r3 - eor r0,r0,r11,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r3,[r14],#4 @ *K256++ - add r6,r6,r2 @ h+=X[i] - str r2,[sp,#13*4] - eor r2,r4,r5 - add r6,r6,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r11 - add r6,r6,r3 @ h+=K256[i] - eor r2,r2,r5 @ Ch(e,f,g) - eor r0,r7,r7,ror#11 - add r6,r6,r2 @ h+=Ch(e,f,g) -#if 29==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 29<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r7,r8 @ a^b, b^c in next round -#else - ldr r2,[sp,#15*4] @ from future BODY_16_xx - eor r3,r7,r8 @ a^b, b^c in next round - ldr r1,[sp,#12*4] @ from future BODY_16_xx -#endif - eor r0,r0,r7,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r10,r10,r6 @ d+=h - eor r12,r12,r8 @ Maj(a,b,c) - add r6,r6,r0,ror#2 @ h+=Sigma0(a) - @ add r6,r6,r12 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#15*4] @ 30 - @ ldr r1,[sp,#12*4] - mov r0,r2,ror#7 - add r6,r6,r12 @ h+=Maj(a,b,c) from the past - mov r12,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r12,r12,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#14*4] - eor r12,r12,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#7*4] - - add r12,r12,r0 - eor r0,r10,r10,ror#5 @ from BODY_00_15 - add r2,r2,r12 - eor r0,r0,r10,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r12,[r14],#4 @ *K256++ - add r5,r5,r2 @ h+=X[i] - str r2,[sp,#14*4] - eor r2,r11,r4 - add r5,r5,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r10 - add r5,r5,r12 @ h+=K256[i] - eor r2,r2,r4 @ Ch(e,f,g) - eor r0,r6,r6,ror#11 - add r5,r5,r2 @ h+=Ch(e,f,g) -#if 30==31 - and r12,r12,#0xff - cmp r12,#0xf2 @ done? -#endif -#if 30<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r12,r6,r7 @ a^b, b^c in next round -#else - ldr r2,[sp,#0*4] @ from future BODY_16_xx - eor r12,r6,r7 @ a^b, b^c in next round - ldr r1,[sp,#13*4] @ from future BODY_16_xx -#endif - eor r0,r0,r6,ror#20 @ Sigma0(a) - and r3,r3,r12 @ (b^c)&=(a^b) - add r9,r9,r5 @ d+=h - eor r3,r3,r7 @ Maj(a,b,c) - add r5,r5,r0,ror#2 @ h+=Sigma0(a) - @ add r5,r5,r3 @ h+=Maj(a,b,c) - @ ldr r2,[sp,#0*4] @ 31 - @ ldr r1,[sp,#13*4] - mov r0,r2,ror#7 - add r5,r5,r3 @ h+=Maj(a,b,c) from the past - mov r3,r1,ror#17 - eor r0,r0,r2,ror#18 - eor r3,r3,r1,ror#19 - eor r0,r0,r2,lsr#3 @ sigma0(X[i+1]) - ldr r2,[sp,#15*4] - eor r3,r3,r1,lsr#10 @ sigma1(X[i+14]) - ldr r1,[sp,#8*4] - - add r3,r3,r0 - eor r0,r9,r9,ror#5 @ from BODY_00_15 - add r2,r2,r3 - eor r0,r0,r9,ror#19 @ Sigma1(e) - add r2,r2,r1 @ X[i] - ldr r3,[r14],#4 @ *K256++ - add r4,r4,r2 @ h+=X[i] - str r2,[sp,#15*4] - eor r2,r10,r11 - add r4,r4,r0,ror#6 @ h+=Sigma1(e) - and r2,r2,r9 - add r4,r4,r3 @ h+=K256[i] - eor r2,r2,r11 @ Ch(e,f,g) - eor r0,r5,r5,ror#11 - add r4,r4,r2 @ h+=Ch(e,f,g) -#if 31==31 - and r3,r3,#0xff - cmp r3,#0xf2 @ done? -#endif -#if 31<15 -# if __ARM_ARCH__>=7 - ldr r2,[r1],#4 @ prefetch -# else - ldrb r2,[r1,#3] -# endif - eor r3,r5,r6 @ a^b, b^c in next round -#else - ldr r2,[sp,#1*4] @ from future BODY_16_xx - eor r3,r5,r6 @ a^b, b^c in next round - ldr r1,[sp,#14*4] @ from future BODY_16_xx -#endif - eor r0,r0,r5,ror#20 @ Sigma0(a) - and r12,r12,r3 @ (b^c)&=(a^b) - add r8,r8,r4 @ d+=h - eor r12,r12,r6 @ Maj(a,b,c) - add r4,r4,r0,ror#2 @ h+=Sigma0(a) - @ add r4,r4,r12 @ h+=Maj(a,b,c) -#if __ARM_ARCH__>=7 - ite eq @ Thumb2 thing, sanity check in ARM -#endif - ldreq r3,[sp,#16*4] @ pull ctx - bne Lrounds_16_xx - - add r4,r4,r12 @ h+=Maj(a,b,c) from the past - ldr r0,[r3,#0] - ldr r2,[r3,#4] - ldr r12,[r3,#8] - add r4,r4,r0 - ldr r0,[r3,#12] - add r5,r5,r2 - ldr r2,[r3,#16] - add r6,r6,r12 - ldr r12,[r3,#20] - add r7,r7,r0 - ldr r0,[r3,#24] - add r8,r8,r2 - ldr r2,[r3,#28] - add r9,r9,r12 - ldr r1,[sp,#17*4] @ pull inp - ldr r12,[sp,#18*4] @ pull inp+len - add r10,r10,r0 - add r11,r11,r2 - stmia r3,{r4,r5,r6,r7,r8,r9,r10,r11} - cmp r1,r12 - sub r14,r14,#256 @ rewind Ktbl - bne Loop - - add sp,sp,#19*4 @ destroy frame -#if __ARM_ARCH__>=5 - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet -.word 0xe12fff1e @ interoperable with Thumb ISA:-) -#endif - -#if __ARM_MAX_ARCH__>=7 - - - -#ifdef __thumb2__ -.thumb_func sha256_block_data_order_neon -#endif -.align 5 -.skip 16 -sha256_block_data_order_neon: -LNEON: - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - - sub r11,sp,#16*4+16 - adr r14,K256 - bic r11,r11,#15 @ align for 128-bit stores - mov r12,sp - mov sp,r11 @ alloca - add r2,r1,r2,lsl#6 @ len to point at the end of inp - - vld1.8 {q0},[r1]! - vld1.8 {q1},[r1]! - vld1.8 {q2},[r1]! - vld1.8 {q3},[r1]! - vld1.32 {q8},[r14,:128]! - vld1.32 {q9},[r14,:128]! - vld1.32 {q10},[r14,:128]! - vld1.32 {q11},[r14,:128]! - vrev32.8 q0,q0 @ yes, even on - str r0,[sp,#64] - vrev32.8 q1,q1 @ big-endian - str r1,[sp,#68] - mov r1,sp - vrev32.8 q2,q2 - str r2,[sp,#72] - vrev32.8 q3,q3 - str r12,[sp,#76] @ save original sp - vadd.i32 q8,q8,q0 - vadd.i32 q9,q9,q1 - vst1.32 {q8},[r1,:128]! - vadd.i32 q10,q10,q2 - vst1.32 {q9},[r1,:128]! - vadd.i32 q11,q11,q3 - vst1.32 {q10},[r1,:128]! - vst1.32 {q11},[r1,:128]! - - ldmia r0,{r4,r5,r6,r7,r8,r9,r10,r11} - sub r1,r1,#64 - ldr r2,[sp,#0] - eor r12,r12,r12 - eor r3,r5,r6 - b L_00_48 - -.align 4 -L_00_48: - vext.8 q8,q0,q1,#4 - add r11,r11,r2 - eor r2,r9,r10 - eor r0,r8,r8,ror#5 - vext.8 q9,q2,q3,#4 - add r4,r4,r12 - and r2,r2,r8 - eor r12,r0,r8,ror#19 - vshr.u32 q10,q8,#7 - eor r0,r4,r4,ror#11 - eor r2,r2,r10 - vadd.i32 q0,q0,q9 - add r11,r11,r12,ror#6 - eor r12,r4,r5 - vshr.u32 q9,q8,#3 - eor r0,r0,r4,ror#20 - add r11,r11,r2 - vsli.32 q10,q8,#25 - ldr r2,[sp,#4] - and r3,r3,r12 - vshr.u32 q11,q8,#18 - add r7,r7,r11 - add r11,r11,r0,ror#2 - eor r3,r3,r5 - veor q9,q9,q10 - add r10,r10,r2 - vsli.32 q11,q8,#14 - eor r2,r8,r9 - eor r0,r7,r7,ror#5 - vshr.u32 d24,d7,#17 - add r11,r11,r3 - and r2,r2,r7 - veor q9,q9,q11 - eor r3,r0,r7,ror#19 - eor r0,r11,r11,ror#11 - vsli.32 d24,d7,#15 - eor r2,r2,r9 - add r10,r10,r3,ror#6 - vshr.u32 d25,d7,#10 - eor r3,r11,r4 - eor r0,r0,r11,ror#20 - vadd.i32 q0,q0,q9 - add r10,r10,r2 - ldr r2,[sp,#8] - veor d25,d25,d24 - and r12,r12,r3 - add r6,r6,r10 - vshr.u32 d24,d7,#19 - add r10,r10,r0,ror#2 - eor r12,r12,r4 - vsli.32 d24,d7,#13 - add r9,r9,r2 - eor r2,r7,r8 - veor d25,d25,d24 - eor r0,r6,r6,ror#5 - add r10,r10,r12 - vadd.i32 d0,d0,d25 - and r2,r2,r6 - eor r12,r0,r6,ror#19 - vshr.u32 d24,d0,#17 - eor r0,r10,r10,ror#11 - eor r2,r2,r8 - vsli.32 d24,d0,#15 - add r9,r9,r12,ror#6 - eor r12,r10,r11 - vshr.u32 d25,d0,#10 - eor r0,r0,r10,ror#20 - add r9,r9,r2 - veor d25,d25,d24 - ldr r2,[sp,#12] - and r3,r3,r12 - vshr.u32 d24,d0,#19 - add r5,r5,r9 - add r9,r9,r0,ror#2 - eor r3,r3,r11 - vld1.32 {q8},[r14,:128]! - add r8,r8,r2 - vsli.32 d24,d0,#13 - eor r2,r6,r7 - eor r0,r5,r5,ror#5 - veor d25,d25,d24 - add r9,r9,r3 - and r2,r2,r5 - vadd.i32 d1,d1,d25 - eor r3,r0,r5,ror#19 - eor r0,r9,r9,ror#11 - vadd.i32 q8,q8,q0 - eor r2,r2,r7 - add r8,r8,r3,ror#6 - eor r3,r9,r10 - eor r0,r0,r9,ror#20 - add r8,r8,r2 - ldr r2,[sp,#16] - and r12,r12,r3 - add r4,r4,r8 - vst1.32 {q8},[r1,:128]! - add r8,r8,r0,ror#2 - eor r12,r12,r10 - vext.8 q8,q1,q2,#4 - add r7,r7,r2 - eor r2,r5,r6 - eor r0,r4,r4,ror#5 - vext.8 q9,q3,q0,#4 - add r8,r8,r12 - and r2,r2,r4 - eor r12,r0,r4,ror#19 - vshr.u32 q10,q8,#7 - eor r0,r8,r8,ror#11 - eor r2,r2,r6 - vadd.i32 q1,q1,q9 - add r7,r7,r12,ror#6 - eor r12,r8,r9 - vshr.u32 q9,q8,#3 - eor r0,r0,r8,ror#20 - add r7,r7,r2 - vsli.32 q10,q8,#25 - ldr r2,[sp,#20] - and r3,r3,r12 - vshr.u32 q11,q8,#18 - add r11,r11,r7 - add r7,r7,r0,ror#2 - eor r3,r3,r9 - veor q9,q9,q10 - add r6,r6,r2 - vsli.32 q11,q8,#14 - eor r2,r4,r5 - eor r0,r11,r11,ror#5 - vshr.u32 d24,d1,#17 - add r7,r7,r3 - and r2,r2,r11 - veor q9,q9,q11 - eor r3,r0,r11,ror#19 - eor r0,r7,r7,ror#11 - vsli.32 d24,d1,#15 - eor r2,r2,r5 - add r6,r6,r3,ror#6 - vshr.u32 d25,d1,#10 - eor r3,r7,r8 - eor r0,r0,r7,ror#20 - vadd.i32 q1,q1,q9 - add r6,r6,r2 - ldr r2,[sp,#24] - veor d25,d25,d24 - and r12,r12,r3 - add r10,r10,r6 - vshr.u32 d24,d1,#19 - add r6,r6,r0,ror#2 - eor r12,r12,r8 - vsli.32 d24,d1,#13 - add r5,r5,r2 - eor r2,r11,r4 - veor d25,d25,d24 - eor r0,r10,r10,ror#5 - add r6,r6,r12 - vadd.i32 d2,d2,d25 - and r2,r2,r10 - eor r12,r0,r10,ror#19 - vshr.u32 d24,d2,#17 - eor r0,r6,r6,ror#11 - eor r2,r2,r4 - vsli.32 d24,d2,#15 - add r5,r5,r12,ror#6 - eor r12,r6,r7 - vshr.u32 d25,d2,#10 - eor r0,r0,r6,ror#20 - add r5,r5,r2 - veor d25,d25,d24 - ldr r2,[sp,#28] - and r3,r3,r12 - vshr.u32 d24,d2,#19 - add r9,r9,r5 - add r5,r5,r0,ror#2 - eor r3,r3,r7 - vld1.32 {q8},[r14,:128]! - add r4,r4,r2 - vsli.32 d24,d2,#13 - eor r2,r10,r11 - eor r0,r9,r9,ror#5 - veor d25,d25,d24 - add r5,r5,r3 - and r2,r2,r9 - vadd.i32 d3,d3,d25 - eor r3,r0,r9,ror#19 - eor r0,r5,r5,ror#11 - vadd.i32 q8,q8,q1 - eor r2,r2,r11 - add r4,r4,r3,ror#6 - eor r3,r5,r6 - eor r0,r0,r5,ror#20 - add r4,r4,r2 - ldr r2,[sp,#32] - and r12,r12,r3 - add r8,r8,r4 - vst1.32 {q8},[r1,:128]! - add r4,r4,r0,ror#2 - eor r12,r12,r6 - vext.8 q8,q2,q3,#4 - add r11,r11,r2 - eor r2,r9,r10 - eor r0,r8,r8,ror#5 - vext.8 q9,q0,q1,#4 - add r4,r4,r12 - and r2,r2,r8 - eor r12,r0,r8,ror#19 - vshr.u32 q10,q8,#7 - eor r0,r4,r4,ror#11 - eor r2,r2,r10 - vadd.i32 q2,q2,q9 - add r11,r11,r12,ror#6 - eor r12,r4,r5 - vshr.u32 q9,q8,#3 - eor r0,r0,r4,ror#20 - add r11,r11,r2 - vsli.32 q10,q8,#25 - ldr r2,[sp,#36] - and r3,r3,r12 - vshr.u32 q11,q8,#18 - add r7,r7,r11 - add r11,r11,r0,ror#2 - eor r3,r3,r5 - veor q9,q9,q10 - add r10,r10,r2 - vsli.32 q11,q8,#14 - eor r2,r8,r9 - eor r0,r7,r7,ror#5 - vshr.u32 d24,d3,#17 - add r11,r11,r3 - and r2,r2,r7 - veor q9,q9,q11 - eor r3,r0,r7,ror#19 - eor r0,r11,r11,ror#11 - vsli.32 d24,d3,#15 - eor r2,r2,r9 - add r10,r10,r3,ror#6 - vshr.u32 d25,d3,#10 - eor r3,r11,r4 - eor r0,r0,r11,ror#20 - vadd.i32 q2,q2,q9 - add r10,r10,r2 - ldr r2,[sp,#40] - veor d25,d25,d24 - and r12,r12,r3 - add r6,r6,r10 - vshr.u32 d24,d3,#19 - add r10,r10,r0,ror#2 - eor r12,r12,r4 - vsli.32 d24,d3,#13 - add r9,r9,r2 - eor r2,r7,r8 - veor d25,d25,d24 - eor r0,r6,r6,ror#5 - add r10,r10,r12 - vadd.i32 d4,d4,d25 - and r2,r2,r6 - eor r12,r0,r6,ror#19 - vshr.u32 d24,d4,#17 - eor r0,r10,r10,ror#11 - eor r2,r2,r8 - vsli.32 d24,d4,#15 - add r9,r9,r12,ror#6 - eor r12,r10,r11 - vshr.u32 d25,d4,#10 - eor r0,r0,r10,ror#20 - add r9,r9,r2 - veor d25,d25,d24 - ldr r2,[sp,#44] - and r3,r3,r12 - vshr.u32 d24,d4,#19 - add r5,r5,r9 - add r9,r9,r0,ror#2 - eor r3,r3,r11 - vld1.32 {q8},[r14,:128]! - add r8,r8,r2 - vsli.32 d24,d4,#13 - eor r2,r6,r7 - eor r0,r5,r5,ror#5 - veor d25,d25,d24 - add r9,r9,r3 - and r2,r2,r5 - vadd.i32 d5,d5,d25 - eor r3,r0,r5,ror#19 - eor r0,r9,r9,ror#11 - vadd.i32 q8,q8,q2 - eor r2,r2,r7 - add r8,r8,r3,ror#6 - eor r3,r9,r10 - eor r0,r0,r9,ror#20 - add r8,r8,r2 - ldr r2,[sp,#48] - and r12,r12,r3 - add r4,r4,r8 - vst1.32 {q8},[r1,:128]! - add r8,r8,r0,ror#2 - eor r12,r12,r10 - vext.8 q8,q3,q0,#4 - add r7,r7,r2 - eor r2,r5,r6 - eor r0,r4,r4,ror#5 - vext.8 q9,q1,q2,#4 - add r8,r8,r12 - and r2,r2,r4 - eor r12,r0,r4,ror#19 - vshr.u32 q10,q8,#7 - eor r0,r8,r8,ror#11 - eor r2,r2,r6 - vadd.i32 q3,q3,q9 - add r7,r7,r12,ror#6 - eor r12,r8,r9 - vshr.u32 q9,q8,#3 - eor r0,r0,r8,ror#20 - add r7,r7,r2 - vsli.32 q10,q8,#25 - ldr r2,[sp,#52] - and r3,r3,r12 - vshr.u32 q11,q8,#18 - add r11,r11,r7 - add r7,r7,r0,ror#2 - eor r3,r3,r9 - veor q9,q9,q10 - add r6,r6,r2 - vsli.32 q11,q8,#14 - eor r2,r4,r5 - eor r0,r11,r11,ror#5 - vshr.u32 d24,d5,#17 - add r7,r7,r3 - and r2,r2,r11 - veor q9,q9,q11 - eor r3,r0,r11,ror#19 - eor r0,r7,r7,ror#11 - vsli.32 d24,d5,#15 - eor r2,r2,r5 - add r6,r6,r3,ror#6 - vshr.u32 d25,d5,#10 - eor r3,r7,r8 - eor r0,r0,r7,ror#20 - vadd.i32 q3,q3,q9 - add r6,r6,r2 - ldr r2,[sp,#56] - veor d25,d25,d24 - and r12,r12,r3 - add r10,r10,r6 - vshr.u32 d24,d5,#19 - add r6,r6,r0,ror#2 - eor r12,r12,r8 - vsli.32 d24,d5,#13 - add r5,r5,r2 - eor r2,r11,r4 - veor d25,d25,d24 - eor r0,r10,r10,ror#5 - add r6,r6,r12 - vadd.i32 d6,d6,d25 - and r2,r2,r10 - eor r12,r0,r10,ror#19 - vshr.u32 d24,d6,#17 - eor r0,r6,r6,ror#11 - eor r2,r2,r4 - vsli.32 d24,d6,#15 - add r5,r5,r12,ror#6 - eor r12,r6,r7 - vshr.u32 d25,d6,#10 - eor r0,r0,r6,ror#20 - add r5,r5,r2 - veor d25,d25,d24 - ldr r2,[sp,#60] - and r3,r3,r12 - vshr.u32 d24,d6,#19 - add r9,r9,r5 - add r5,r5,r0,ror#2 - eor r3,r3,r7 - vld1.32 {q8},[r14,:128]! - add r4,r4,r2 - vsli.32 d24,d6,#13 - eor r2,r10,r11 - eor r0,r9,r9,ror#5 - veor d25,d25,d24 - add r5,r5,r3 - and r2,r2,r9 - vadd.i32 d7,d7,d25 - eor r3,r0,r9,ror#19 - eor r0,r5,r5,ror#11 - vadd.i32 q8,q8,q3 - eor r2,r2,r11 - add r4,r4,r3,ror#6 - eor r3,r5,r6 - eor r0,r0,r5,ror#20 - add r4,r4,r2 - ldr r2,[r14] - and r12,r12,r3 - add r8,r8,r4 - vst1.32 {q8},[r1,:128]! - add r4,r4,r0,ror#2 - eor r12,r12,r6 - teq r2,#0 @ check for K256 terminator - ldr r2,[sp,#0] - sub r1,r1,#64 - bne L_00_48 - - ldr r1,[sp,#68] - ldr r0,[sp,#72] - sub r14,r14,#256 @ rewind r14 - teq r1,r0 - it eq - subeq r1,r1,#64 @ avoid SEGV - vld1.8 {q0},[r1]! @ load next input block - vld1.8 {q1},[r1]! - vld1.8 {q2},[r1]! - vld1.8 {q3},[r1]! - it ne - strne r1,[sp,#68] - mov r1,sp - add r11,r11,r2 - eor r2,r9,r10 - eor r0,r8,r8,ror#5 - add r4,r4,r12 - vld1.32 {q8},[r14,:128]! - and r2,r2,r8 - eor r12,r0,r8,ror#19 - eor r0,r4,r4,ror#11 - eor r2,r2,r10 - vrev32.8 q0,q0 - add r11,r11,r12,ror#6 - eor r12,r4,r5 - eor r0,r0,r4,ror#20 - add r11,r11,r2 - vadd.i32 q8,q8,q0 - ldr r2,[sp,#4] - and r3,r3,r12 - add r7,r7,r11 - add r11,r11,r0,ror#2 - eor r3,r3,r5 - add r10,r10,r2 - eor r2,r8,r9 - eor r0,r7,r7,ror#5 - add r11,r11,r3 - and r2,r2,r7 - eor r3,r0,r7,ror#19 - eor r0,r11,r11,ror#11 - eor r2,r2,r9 - add r10,r10,r3,ror#6 - eor r3,r11,r4 - eor r0,r0,r11,ror#20 - add r10,r10,r2 - ldr r2,[sp,#8] - and r12,r12,r3 - add r6,r6,r10 - add r10,r10,r0,ror#2 - eor r12,r12,r4 - add r9,r9,r2 - eor r2,r7,r8 - eor r0,r6,r6,ror#5 - add r10,r10,r12 - and r2,r2,r6 - eor r12,r0,r6,ror#19 - eor r0,r10,r10,ror#11 - eor r2,r2,r8 - add r9,r9,r12,ror#6 - eor r12,r10,r11 - eor r0,r0,r10,ror#20 - add r9,r9,r2 - ldr r2,[sp,#12] - and r3,r3,r12 - add r5,r5,r9 - add r9,r9,r0,ror#2 - eor r3,r3,r11 - add r8,r8,r2 - eor r2,r6,r7 - eor r0,r5,r5,ror#5 - add r9,r9,r3 - and r2,r2,r5 - eor r3,r0,r5,ror#19 - eor r0,r9,r9,ror#11 - eor r2,r2,r7 - add r8,r8,r3,ror#6 - eor r3,r9,r10 - eor r0,r0,r9,ror#20 - add r8,r8,r2 - ldr r2,[sp,#16] - and r12,r12,r3 - add r4,r4,r8 - add r8,r8,r0,ror#2 - eor r12,r12,r10 - vst1.32 {q8},[r1,:128]! - add r7,r7,r2 - eor r2,r5,r6 - eor r0,r4,r4,ror#5 - add r8,r8,r12 - vld1.32 {q8},[r14,:128]! - and r2,r2,r4 - eor r12,r0,r4,ror#19 - eor r0,r8,r8,ror#11 - eor r2,r2,r6 - vrev32.8 q1,q1 - add r7,r7,r12,ror#6 - eor r12,r8,r9 - eor r0,r0,r8,ror#20 - add r7,r7,r2 - vadd.i32 q8,q8,q1 - ldr r2,[sp,#20] - and r3,r3,r12 - add r11,r11,r7 - add r7,r7,r0,ror#2 - eor r3,r3,r9 - add r6,r6,r2 - eor r2,r4,r5 - eor r0,r11,r11,ror#5 - add r7,r7,r3 - and r2,r2,r11 - eor r3,r0,r11,ror#19 - eor r0,r7,r7,ror#11 - eor r2,r2,r5 - add r6,r6,r3,ror#6 - eor r3,r7,r8 - eor r0,r0,r7,ror#20 - add r6,r6,r2 - ldr r2,[sp,#24] - and r12,r12,r3 - add r10,r10,r6 - add r6,r6,r0,ror#2 - eor r12,r12,r8 - add r5,r5,r2 - eor r2,r11,r4 - eor r0,r10,r10,ror#5 - add r6,r6,r12 - and r2,r2,r10 - eor r12,r0,r10,ror#19 - eor r0,r6,r6,ror#11 - eor r2,r2,r4 - add r5,r5,r12,ror#6 - eor r12,r6,r7 - eor r0,r0,r6,ror#20 - add r5,r5,r2 - ldr r2,[sp,#28] - and r3,r3,r12 - add r9,r9,r5 - add r5,r5,r0,ror#2 - eor r3,r3,r7 - add r4,r4,r2 - eor r2,r10,r11 - eor r0,r9,r9,ror#5 - add r5,r5,r3 - and r2,r2,r9 - eor r3,r0,r9,ror#19 - eor r0,r5,r5,ror#11 - eor r2,r2,r11 - add r4,r4,r3,ror#6 - eor r3,r5,r6 - eor r0,r0,r5,ror#20 - add r4,r4,r2 - ldr r2,[sp,#32] - and r12,r12,r3 - add r8,r8,r4 - add r4,r4,r0,ror#2 - eor r12,r12,r6 - vst1.32 {q8},[r1,:128]! - add r11,r11,r2 - eor r2,r9,r10 - eor r0,r8,r8,ror#5 - add r4,r4,r12 - vld1.32 {q8},[r14,:128]! - and r2,r2,r8 - eor r12,r0,r8,ror#19 - eor r0,r4,r4,ror#11 - eor r2,r2,r10 - vrev32.8 q2,q2 - add r11,r11,r12,ror#6 - eor r12,r4,r5 - eor r0,r0,r4,ror#20 - add r11,r11,r2 - vadd.i32 q8,q8,q2 - ldr r2,[sp,#36] - and r3,r3,r12 - add r7,r7,r11 - add r11,r11,r0,ror#2 - eor r3,r3,r5 - add r10,r10,r2 - eor r2,r8,r9 - eor r0,r7,r7,ror#5 - add r11,r11,r3 - and r2,r2,r7 - eor r3,r0,r7,ror#19 - eor r0,r11,r11,ror#11 - eor r2,r2,r9 - add r10,r10,r3,ror#6 - eor r3,r11,r4 - eor r0,r0,r11,ror#20 - add r10,r10,r2 - ldr r2,[sp,#40] - and r12,r12,r3 - add r6,r6,r10 - add r10,r10,r0,ror#2 - eor r12,r12,r4 - add r9,r9,r2 - eor r2,r7,r8 - eor r0,r6,r6,ror#5 - add r10,r10,r12 - and r2,r2,r6 - eor r12,r0,r6,ror#19 - eor r0,r10,r10,ror#11 - eor r2,r2,r8 - add r9,r9,r12,ror#6 - eor r12,r10,r11 - eor r0,r0,r10,ror#20 - add r9,r9,r2 - ldr r2,[sp,#44] - and r3,r3,r12 - add r5,r5,r9 - add r9,r9,r0,ror#2 - eor r3,r3,r11 - add r8,r8,r2 - eor r2,r6,r7 - eor r0,r5,r5,ror#5 - add r9,r9,r3 - and r2,r2,r5 - eor r3,r0,r5,ror#19 - eor r0,r9,r9,ror#11 - eor r2,r2,r7 - add r8,r8,r3,ror#6 - eor r3,r9,r10 - eor r0,r0,r9,ror#20 - add r8,r8,r2 - ldr r2,[sp,#48] - and r12,r12,r3 - add r4,r4,r8 - add r8,r8,r0,ror#2 - eor r12,r12,r10 - vst1.32 {q8},[r1,:128]! - add r7,r7,r2 - eor r2,r5,r6 - eor r0,r4,r4,ror#5 - add r8,r8,r12 - vld1.32 {q8},[r14,:128]! - and r2,r2,r4 - eor r12,r0,r4,ror#19 - eor r0,r8,r8,ror#11 - eor r2,r2,r6 - vrev32.8 q3,q3 - add r7,r7,r12,ror#6 - eor r12,r8,r9 - eor r0,r0,r8,ror#20 - add r7,r7,r2 - vadd.i32 q8,q8,q3 - ldr r2,[sp,#52] - and r3,r3,r12 - add r11,r11,r7 - add r7,r7,r0,ror#2 - eor r3,r3,r9 - add r6,r6,r2 - eor r2,r4,r5 - eor r0,r11,r11,ror#5 - add r7,r7,r3 - and r2,r2,r11 - eor r3,r0,r11,ror#19 - eor r0,r7,r7,ror#11 - eor r2,r2,r5 - add r6,r6,r3,ror#6 - eor r3,r7,r8 - eor r0,r0,r7,ror#20 - add r6,r6,r2 - ldr r2,[sp,#56] - and r12,r12,r3 - add r10,r10,r6 - add r6,r6,r0,ror#2 - eor r12,r12,r8 - add r5,r5,r2 - eor r2,r11,r4 - eor r0,r10,r10,ror#5 - add r6,r6,r12 - and r2,r2,r10 - eor r12,r0,r10,ror#19 - eor r0,r6,r6,ror#11 - eor r2,r2,r4 - add r5,r5,r12,ror#6 - eor r12,r6,r7 - eor r0,r0,r6,ror#20 - add r5,r5,r2 - ldr r2,[sp,#60] - and r3,r3,r12 - add r9,r9,r5 - add r5,r5,r0,ror#2 - eor r3,r3,r7 - add r4,r4,r2 - eor r2,r10,r11 - eor r0,r9,r9,ror#5 - add r5,r5,r3 - and r2,r2,r9 - eor r3,r0,r9,ror#19 - eor r0,r5,r5,ror#11 - eor r2,r2,r11 - add r4,r4,r3,ror#6 - eor r3,r5,r6 - eor r0,r0,r5,ror#20 - add r4,r4,r2 - ldr r2,[sp,#64] - and r12,r12,r3 - add r8,r8,r4 - add r4,r4,r0,ror#2 - eor r12,r12,r6 - vst1.32 {q8},[r1,:128]! - ldr r0,[r2,#0] - add r4,r4,r12 @ h+=Maj(a,b,c) from the past - ldr r12,[r2,#4] - ldr r3,[r2,#8] - ldr r1,[r2,#12] - add r4,r4,r0 @ accumulate - ldr r0,[r2,#16] - add r5,r5,r12 - ldr r12,[r2,#20] - add r6,r6,r3 - ldr r3,[r2,#24] - add r7,r7,r1 - ldr r1,[r2,#28] - add r8,r8,r0 - str r4,[r2],#4 - add r9,r9,r12 - str r5,[r2],#4 - add r10,r10,r3 - str r6,[r2],#4 - add r11,r11,r1 - str r7,[r2],#4 - stmia r2,{r8,r9,r10,r11} - - ittte ne - movne r1,sp - ldrne r2,[sp,#0] - eorne r12,r12,r12 - ldreq sp,[sp,#76] @ restore original sp - itt ne - eorne r3,r5,r6 - bne L_00_48 - - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} - -#endif -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - -# if defined(__thumb2__) -# define INST(a,b,c,d) .byte c,d|0xc,a,b -# else -# define INST(a,b,c,d) .byte a,b,c,d -# endif - -#ifdef __thumb2__ -.thumb_func sha256_block_data_order_armv8 -#endif -.align 5 -sha256_block_data_order_armv8: -LARMv8: - vld1.32 {q0,q1},[r0] - sub r3,r3,#256+32 - add r2,r1,r2,lsl#6 @ len to point at the end of inp - b Loop_v8 - -.align 4 -Loop_v8: - vld1.8 {q8,q9},[r1]! - vld1.8 {q10,q11},[r1]! - vld1.32 {q12},[r3]! - vrev32.8 q8,q8 - vrev32.8 q9,q9 - vrev32.8 q10,q10 - vrev32.8 q11,q11 - vmov q14,q0 @ offload - vmov q15,q1 - teq r1,r2 - vld1.32 {q13},[r3]! - vadd.i32 q12,q12,q8 - INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9 - vmov q2,q0 - INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 - INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11 - vld1.32 {q12},[r3]! - vadd.i32 q13,q13,q9 - INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10 - vmov q2,q0 - INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 - INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8 - vld1.32 {q13},[r3]! - vadd.i32 q12,q12,q10 - INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11 - vmov q2,q0 - INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 - INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9 - vld1.32 {q12},[r3]! - vadd.i32 q13,q13,q11 - INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8 - vmov q2,q0 - INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 - INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10 - vld1.32 {q13},[r3]! - vadd.i32 q12,q12,q8 - INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9 - vmov q2,q0 - INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 - INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11 - vld1.32 {q12},[r3]! - vadd.i32 q13,q13,q9 - INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10 - vmov q2,q0 - INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 - INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8 - vld1.32 {q13},[r3]! - vadd.i32 q12,q12,q10 - INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11 - vmov q2,q0 - INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 - INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9 - vld1.32 {q12},[r3]! - vadd.i32 q13,q13,q11 - INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8 - vmov q2,q0 - INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 - INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10 - vld1.32 {q13},[r3]! - vadd.i32 q12,q12,q8 - INST(0xe2,0x03,0xfa,0xf3) @ sha256su0 q8,q9 - vmov q2,q0 - INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 - INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - INST(0xe6,0x0c,0x64,0xf3) @ sha256su1 q8,q10,q11 - vld1.32 {q12},[r3]! - vadd.i32 q13,q13,q9 - INST(0xe4,0x23,0xfa,0xf3) @ sha256su0 q9,q10 - vmov q2,q0 - INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 - INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - INST(0xe0,0x2c,0x66,0xf3) @ sha256su1 q9,q11,q8 - vld1.32 {q13},[r3]! - vadd.i32 q12,q12,q10 - INST(0xe6,0x43,0xfa,0xf3) @ sha256su0 q10,q11 - vmov q2,q0 - INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 - INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - INST(0xe2,0x4c,0x60,0xf3) @ sha256su1 q10,q8,q9 - vld1.32 {q12},[r3]! - vadd.i32 q13,q13,q11 - INST(0xe0,0x63,0xfa,0xf3) @ sha256su0 q11,q8 - vmov q2,q0 - INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 - INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - INST(0xe4,0x6c,0x62,0xf3) @ sha256su1 q11,q9,q10 - vld1.32 {q13},[r3]! - vadd.i32 q12,q12,q8 - vmov q2,q0 - INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 - INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - - vld1.32 {q12},[r3]! - vadd.i32 q13,q13,q9 - vmov q2,q0 - INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 - INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - - vld1.32 {q13},[r3] - vadd.i32 q12,q12,q10 - sub r3,r3,#256-16 @ rewind - vmov q2,q0 - INST(0x68,0x0c,0x02,0xf3) @ sha256h q0,q1,q12 - INST(0x68,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q12 - - vadd.i32 q13,q13,q11 - vmov q2,q0 - INST(0x6a,0x0c,0x02,0xf3) @ sha256h q0,q1,q13 - INST(0x6a,0x2c,0x14,0xf3) @ sha256h2 q1,q2,q13 - - vadd.i32 q0,q0,q14 - vadd.i32 q1,q1,q15 - it ne - bne Loop_v8 - - vst1.32 {q0,q1},[r0] - - bx lr @ bx lr - -#endif -.byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,47,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/sha256-armv4-linux32.S b/pregenerated/sha256-armv4-linux32.S index c4c791b..c27c745 100644 --- a/pregenerated/sha256-armv4-linux32.S +++ b/pregenerated/sha256-armv4-linux32.S @@ -10,6 +10,7 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) +#include "ring_core_generated/prefix_symbols_asm.h" @ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. @ @ Licensed under the OpenSSL license (the "License"). You may not use @@ -56,7 +57,7 @@ @ Add ARMv8 code path performing at 2.0 cpb on Apple A7. #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> #else # define __ARM_ARCH__ __LINUX_ARM_ARCH__ # define __ARM_MAX_ARCH__ 7 @@ -98,25 +99,25 @@ K256: .word 0 @ terminator #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.hidden GFp_armcap_P +.hidden OPENSSL_armcap_P .LOPENSSL_armcap: -.word GFp_armcap_P-.Lsha256_block_data_order +.word OPENSSL_armcap_P-.Lsha256_block_data_order #endif .align 5 -.globl GFp_sha256_block_data_order -.hidden GFp_sha256_block_data_order -.type GFp_sha256_block_data_order,%function -GFp_sha256_block_data_order: +.globl sha256_block_data_order +.hidden sha256_block_data_order +.type sha256_block_data_order,%function +sha256_block_data_order: .Lsha256_block_data_order: #if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r3,pc,#8 @ GFp_sha256_block_data_order + sub r3,pc,#8 @ sha256_block_data_order #else adr r3,.Lsha256_block_data_order #endif #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap - ldr r12,[r3,r12] @ GFp_armcap_P + ldr r12,[r3,r12] @ OPENSSL_armcap_P #ifdef __APPLE__ ldr r12,[r12] #endif @@ -1890,7 +1891,7 @@ GFp_sha256_block_data_order: moveq pc,lr @ be binary compatible with V4, yet .word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif -.size GFp_sha256_block_data_order,.-GFp_sha256_block_data_order +.size sha256_block_data_order,.-sha256_block_data_order #if __ARM_MAX_ARCH__>=7 .arch armv7-a .fpu neon diff --git a/pregenerated/sha256-armv8-ios64.S b/pregenerated/sha256-armv8-ios64.S index 019d2d3..4b42c74 100644 --- a/pregenerated/sha256-armv8-ios64.S +++ b/pregenerated/sha256-armv8-ios64.S @@ -9,6 +9,7 @@ #endif #if !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" // Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use @@ -49,26 +50,26 @@ // and the gap is only 40-90%. #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> #endif .text -.private_extern _GFp_armcap_P -.globl _GFp_sha256_block_data_order -.private_extern _GFp_sha256_block_data_order +.private_extern _OPENSSL_armcap_P +.globl _sha256_block_data_order +.private_extern _sha256_block_data_order .align 6 -_GFp_sha256_block_data_order: +_sha256_block_data_order: AARCH64_VALID_CALL_TARGET #ifndef __KERNEL__ #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 - adrp x16,:pg_hi21_nc:_GFp_armcap_P + adrp x16,:pg_hi21_nc:_OPENSSL_armcap_P #else - adrp x16,_GFp_armcap_P@PAGE + adrp x16,_OPENSSL_armcap_P@PAGE #endif - ldr w16,[x16,_GFp_armcap_P@PAGEOFF] + ldr w16,[x16,_OPENSSL_armcap_P@PAGEOFF] tst w16,#ARMV8_SHA256 b.ne Lv8_entry #endif diff --git a/pregenerated/sha256-armv8-linux64.S b/pregenerated/sha256-armv8-linux64.S index 1306389..6386733 100644 --- a/pregenerated/sha256-armv8-linux64.S +++ b/pregenerated/sha256-armv8-linux64.S @@ -10,6 +10,7 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__aarch64__) +#include "ring_core_generated/prefix_symbols_asm.h" // Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use @@ -50,26 +51,26 @@ // and the gap is only 40-90%. #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> #endif .text -.hidden GFp_armcap_P -.globl GFp_sha256_block_data_order -.hidden GFp_sha256_block_data_order -.type GFp_sha256_block_data_order,%function +.hidden OPENSSL_armcap_P +.globl sha256_block_data_order +.hidden sha256_block_data_order +.type sha256_block_data_order,%function .align 6 -GFp_sha256_block_data_order: +sha256_block_data_order: AARCH64_VALID_CALL_TARGET #ifndef __KERNEL__ #if __has_feature(hwaddress_sanitizer) && __clang_major__ >= 10 - adrp x16,:pg_hi21_nc:GFp_armcap_P + adrp x16,:pg_hi21_nc:OPENSSL_armcap_P #else - adrp x16,GFp_armcap_P + adrp x16,OPENSSL_armcap_P #endif - ldr w16,[x16,:lo12:GFp_armcap_P] + ldr w16,[x16,:lo12:OPENSSL_armcap_P] tst w16,#ARMV8_SHA256 b.ne .Lv8_entry #endif @@ -1036,7 +1037,7 @@ GFp_sha256_block_data_order: ldp x29,x30,[sp],#128 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_sha256_block_data_order,.-GFp_sha256_block_data_order +.size sha256_block_data_order,.-sha256_block_data_order .section .rodata .align 6 diff --git a/pregenerated/sha256-x86_64-elf.S b/pregenerated/sha256-x86_64-elf.S index 82f375a..a91a67b 100644 --- a/pregenerated/sha256-x86_64-elf.S +++ b/pregenerated/sha256-x86_64-elf.S @@ -8,17 +8,18 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P -.globl GFp_sha256_block_data_order -.hidden GFp_sha256_block_data_order -.type GFp_sha256_block_data_order,@function +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P +.globl sha256_block_data_order +.hidden sha256_block_data_order +.type sha256_block_data_order,@function .align 16 -GFp_sha256_block_data_order: +sha256_block_data_order: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 movl 0(%r11),%r9d movl 4(%r11),%r10d movl 8(%r11),%r11d @@ -1734,7 +1735,7 @@ GFp_sha256_block_data_order: .Lepilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_sha256_block_data_order,.-GFp_sha256_block_data_order +.size sha256_block_data_order,.-sha256_block_data_order .align 64 .type K256,@object K256: @@ -1778,9 +1779,9 @@ K256: .long 0xffffffff,0xffffffff,0x03020100,0x0b0a0908 .long 0xffffffff,0xffffffff,0x03020100,0x0b0a0908 .byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.type GFp_sha256_block_data_order_ssse3,@function +.type sha256_block_data_order_ssse3,@function .align 64 -GFp_sha256_block_data_order_ssse3: +sha256_block_data_order_ssse3: .cfi_startproc .Lssse3_shortcut: movq %rsp,%rax @@ -2890,10 +2891,10 @@ GFp_sha256_block_data_order_ssse3: .Lepilogue_ssse3: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_sha256_block_data_order_ssse3,.-GFp_sha256_block_data_order_ssse3 -.type GFp_sha256_block_data_order_avx,@function +.size sha256_block_data_order_ssse3,.-sha256_block_data_order_ssse3 +.type sha256_block_data_order_avx,@function .align 64 -GFp_sha256_block_data_order_avx: +sha256_block_data_order_avx: .cfi_startproc .Lavx_shortcut: movq %rsp,%rax @@ -3965,6 +3966,6 @@ GFp_sha256_block_data_order_avx: .Lepilogue_avx: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_sha256_block_data_order_avx,.-GFp_sha256_block_data_order_avx +.size sha256_block_data_order_avx,.-sha256_block_data_order_avx #endif .section .note.GNU-stack,"",@progbits diff --git a/pregenerated/sha256-x86_64-macosx.S b/pregenerated/sha256-x86_64-macosx.S index 199af6f..781f65f 100644 --- a/pregenerated/sha256-x86_64-macosx.S +++ b/pregenerated/sha256-x86_64-macosx.S @@ -8,16 +8,17 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl _GFp_sha256_block_data_order -.private_extern _GFp_sha256_block_data_order +.globl _sha256_block_data_order +.private_extern _sha256_block_data_order .p2align 4 -_GFp_sha256_block_data_order: +_sha256_block_data_order: - leaq _GFp_ia32cap_P(%rip),%r11 + leaq _OPENSSL_ia32cap_P(%rip),%r11 movl 0(%r11),%r9d movl 4(%r11),%r10d movl 8(%r11),%r11d @@ -1779,7 +1780,7 @@ K256: .byte 83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 -GFp_sha256_block_data_order_ssse3: +sha256_block_data_order_ssse3: L$ssse3_shortcut: movq %rsp,%rax @@ -2892,7 +2893,7 @@ L$epilogue_ssse3: .p2align 6 -GFp_sha256_block_data_order_avx: +sha256_block_data_order_avx: L$avx_shortcut: movq %rsp,%rax diff --git a/pregenerated/sha256-x86_64-nasm.obj b/pregenerated/sha256-x86_64-nasm.obj Binary files differindex ac787a4..3d7a976 100644 --- a/pregenerated/sha256-x86_64-nasm.obj +++ b/pregenerated/sha256-x86_64-nasm.obj diff --git a/pregenerated/sha512-armv4-ios32.S b/pregenerated/sha512-armv4-ios32.S deleted file mode 100644 index 09f5dc6..0000000 --- a/pregenerated/sha512-armv4-ios32.S +++ /dev/null @@ -1,1887 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -@ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. -@ -@ Licensed under the OpenSSL license (the "License"). You may not use -@ this file except in compliance with the License. You can obtain a copy -@ in the file LICENSE in the source distribution or at -@ https://www.openssl.org/source/license.html - - -@ ==================================================================== -@ Written by Andy Polyakov <appro@openssl.org> for the OpenSSL -@ project. The module is, however, dual licensed under OpenSSL and -@ CRYPTOGAMS licenses depending on where you obtain it. For further -@ details see http://www.openssl.org/~appro/cryptogams/. -@ -@ Permission to use under GPL terms is granted. -@ ==================================================================== - -@ SHA512 block procedure for ARMv4. September 2007. - -@ This code is ~4.5 (four and a half) times faster than code generated -@ by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue -@ Xscale PXA250 core]. -@ -@ July 2010. -@ -@ Rescheduling for dual-issue pipeline resulted in 6% improvement on -@ Cortex A8 core and ~40 cycles per processed byte. - -@ February 2011. -@ -@ Profiler-assisted and platform-specific optimization resulted in 7% -@ improvement on Coxtex A8 core and ~38 cycles per byte. - -@ March 2011. -@ -@ Add NEON implementation. On Cortex A8 it was measured to process -@ one byte in 23.3 cycles or ~60% faster than integer-only code. - -@ August 2012. -@ -@ Improve NEON performance by 12% on Snapdragon S4. In absolute -@ terms it's 22.6 cycles per byte, which is disappointing result. -@ Technical writers asserted that 3-way S4 pipeline can sustain -@ multiple NEON instructions per cycle, but dual NEON issue could -@ not be observed, see http://www.openssl.org/~appro/Snapdragon-S4.html -@ for further details. On side note Cortex-A15 processes one byte in -@ 16 cycles. - -@ Byte order [in]dependence. ========================================= -@ -@ Originally caller was expected to maintain specific *dword* order in -@ h[0-7], namely with most significant dword at *lower* address, which -@ was reflected in below two parameters as 0 and 4. Now caller is -@ expected to maintain native byte order for whole 64-bit values. -#ifndef __KERNEL__ -# include <GFp/arm_arch.h> -# define VFP_ABI_PUSH vstmdb sp!,{d8-d15} -# define VFP_ABI_POP vldmia sp!,{d8-d15} -#else -# define __ARM_ARCH__ __LINUX_ARM_ARCH__ -# define __ARM_MAX_ARCH__ 7 -# define VFP_ABI_PUSH -# define VFP_ABI_POP -#endif - -@ Silence ARMv8 deprecated IT instruction warnings. This file is used by both -@ ARMv7 and ARMv8 processors and does not use ARMv8 instructions. - - -#ifdef __ARMEL__ -# define LO 0 -# define HI 4 -# define WORD64(hi0,lo0,hi1,lo1) .word lo0,hi0, lo1,hi1 -#else -# define HI 0 -# define LO 4 -# define WORD64(hi0,lo0,hi1,lo1) .word hi0,lo0, hi1,lo1 -#endif - -.text -#if defined(__thumb2__) -.syntax unified -.thumb -# define adrl adr -#else -.code 32 -#endif - - -.align 5 -K512: - WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd) - WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc) - WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019) - WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118) - WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe) - WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2) - WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1) - WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694) - WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3) - WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65) - WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483) - WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5) - WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210) - WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4) - WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725) - WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70) - WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926) - WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df) - WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8) - WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b) - WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001) - WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30) - WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910) - WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8) - WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53) - WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8) - WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb) - WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3) - WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60) - WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec) - WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9) - WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b) - WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207) - WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178) - WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6) - WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b) - WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493) - WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) - WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) - WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) - -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - -.private_extern _GFp_armcap_P -LOPENSSL_armcap: -.word _GFp_armcap_P-Lsha512_block_data_order -.skip 32-4 -#else -.skip 32 -#endif - -.globl _GFp_sha512_block_data_order -.private_extern _GFp_sha512_block_data_order -#ifdef __thumb2__ -.thumb_func _GFp_sha512_block_data_order -#endif -_GFp_sha512_block_data_order: -Lsha512_block_data_order: -#if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r3,pc,#8 @ _GFp_sha512_block_data_order -#else - adr r3,Lsha512_block_data_order -#endif -#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) - ldr r12,LOPENSSL_armcap - ldr r12,[r3,r12] @ _GFp_armcap_P -#ifdef __APPLE__ - ldr r12,[r12] -#endif - tst r12,#ARMV7_NEON - bne LNEON -#endif - add r2,r1,r2,lsl#7 @ len to point at the end of inp - stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - sub r14,r3,#672 @ K512 - sub sp,sp,#9*8 - - ldr r7,[r0,#32+LO] - ldr r8,[r0,#32+HI] - ldr r9, [r0,#48+LO] - ldr r10, [r0,#48+HI] - ldr r11, [r0,#56+LO] - ldr r12, [r0,#56+HI] -Loop: - str r9, [sp,#48+0] - str r10, [sp,#48+4] - str r11, [sp,#56+0] - str r12, [sp,#56+4] - ldr r5,[r0,#0+LO] - ldr r6,[r0,#0+HI] - ldr r3,[r0,#8+LO] - ldr r4,[r0,#8+HI] - ldr r9, [r0,#16+LO] - ldr r10, [r0,#16+HI] - ldr r11, [r0,#24+LO] - ldr r12, [r0,#24+HI] - str r3,[sp,#8+0] - str r4,[sp,#8+4] - str r9, [sp,#16+0] - str r10, [sp,#16+4] - str r11, [sp,#24+0] - str r12, [sp,#24+4] - ldr r3,[r0,#40+LO] - ldr r4,[r0,#40+HI] - str r3,[sp,#40+0] - str r4,[sp,#40+4] - -L00_15: -#if __ARM_ARCH__<7 - ldrb r3,[r1,#7] - ldrb r9, [r1,#6] - ldrb r10, [r1,#5] - ldrb r11, [r1,#4] - ldrb r4,[r1,#3] - ldrb r12, [r1,#2] - orr r3,r3,r9,lsl#8 - ldrb r9, [r1,#1] - orr r3,r3,r10,lsl#16 - ldrb r10, [r1],#8 - orr r3,r3,r11,lsl#24 - orr r4,r4,r12,lsl#8 - orr r4,r4,r9,lsl#16 - orr r4,r4,r10,lsl#24 -#else - ldr r3,[r1,#4] - ldr r4,[r1],#8 -#ifdef __ARMEL__ - rev r3,r3 - rev r4,r4 -#endif -#endif - @ Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) - @ LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 - @ HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 - mov r9,r7,lsr#14 - str r3,[sp,#64+0] - mov r10,r8,lsr#14 - str r4,[sp,#64+4] - eor r9,r9,r8,lsl#18 - ldr r11,[sp,#56+0] @ h.lo - eor r10,r10,r7,lsl#18 - ldr r12,[sp,#56+4] @ h.hi - eor r9,r9,r7,lsr#18 - eor r10,r10,r8,lsr#18 - eor r9,r9,r8,lsl#14 - eor r10,r10,r7,lsl#14 - eor r9,r9,r8,lsr#9 - eor r10,r10,r7,lsr#9 - eor r9,r9,r7,lsl#23 - eor r10,r10,r8,lsl#23 @ Sigma1(e) - adds r3,r3,r9 - ldr r9,[sp,#40+0] @ f.lo - adc r4,r4,r10 @ T += Sigma1(e) - ldr r10,[sp,#40+4] @ f.hi - adds r3,r3,r11 - ldr r11,[sp,#48+0] @ g.lo - adc r4,r4,r12 @ T += h - ldr r12,[sp,#48+4] @ g.hi - - eor r9,r9,r11 - str r7,[sp,#32+0] - eor r10,r10,r12 - str r8,[sp,#32+4] - and r9,r9,r7 - str r5,[sp,#0+0] - and r10,r10,r8 - str r6,[sp,#0+4] - eor r9,r9,r11 - ldr r11,[r14,#LO] @ K[i].lo - eor r10,r10,r12 @ Ch(e,f,g) - ldr r12,[r14,#HI] @ K[i].hi - - adds r3,r3,r9 - ldr r7,[sp,#24+0] @ d.lo - adc r4,r4,r10 @ T += Ch(e,f,g) - ldr r8,[sp,#24+4] @ d.hi - adds r3,r3,r11 - and r9,r11,#0xff - adc r4,r4,r12 @ T += K[i] - adds r7,r7,r3 - ldr r11,[sp,#8+0] @ b.lo - adc r8,r8,r4 @ d += T - teq r9,#148 - - ldr r12,[sp,#16+0] @ c.lo -#if __ARM_ARCH__>=7 - it eq @ Thumb2 thing, sanity check in ARM -#endif - orreq r14,r14,#1 - @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) - @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 - @ HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 - mov r9,r5,lsr#28 - mov r10,r6,lsr#28 - eor r9,r9,r6,lsl#4 - eor r10,r10,r5,lsl#4 - eor r9,r9,r6,lsr#2 - eor r10,r10,r5,lsr#2 - eor r9,r9,r5,lsl#30 - eor r10,r10,r6,lsl#30 - eor r9,r9,r6,lsr#7 - eor r10,r10,r5,lsr#7 - eor r9,r9,r5,lsl#25 - eor r10,r10,r6,lsl#25 @ Sigma0(a) - adds r3,r3,r9 - and r9,r5,r11 - adc r4,r4,r10 @ T += Sigma0(a) - - ldr r10,[sp,#8+4] @ b.hi - orr r5,r5,r11 - ldr r11,[sp,#16+4] @ c.hi - and r5,r5,r12 - and r12,r6,r10 - orr r6,r6,r10 - orr r5,r5,r9 @ Maj(a,b,c).lo - and r6,r6,r11 - adds r5,r5,r3 - orr r6,r6,r12 @ Maj(a,b,c).hi - sub sp,sp,#8 - adc r6,r6,r4 @ h += T - tst r14,#1 - add r14,r14,#8 - tst r14,#1 - beq L00_15 - ldr r9,[sp,#184+0] - ldr r10,[sp,#184+4] - bic r14,r14,#1 -L16_79: - @ sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) - @ LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 - @ HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 - mov r3,r9,lsr#1 - ldr r11,[sp,#80+0] - mov r4,r10,lsr#1 - ldr r12,[sp,#80+4] - eor r3,r3,r10,lsl#31 - eor r4,r4,r9,lsl#31 - eor r3,r3,r9,lsr#8 - eor r4,r4,r10,lsr#8 - eor r3,r3,r10,lsl#24 - eor r4,r4,r9,lsl#24 - eor r3,r3,r9,lsr#7 - eor r4,r4,r10,lsr#7 - eor r3,r3,r10,lsl#25 - - @ sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) - @ LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 - @ HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 - mov r9,r11,lsr#19 - mov r10,r12,lsr#19 - eor r9,r9,r12,lsl#13 - eor r10,r10,r11,lsl#13 - eor r9,r9,r12,lsr#29 - eor r10,r10,r11,lsr#29 - eor r9,r9,r11,lsl#3 - eor r10,r10,r12,lsl#3 - eor r9,r9,r11,lsr#6 - eor r10,r10,r12,lsr#6 - ldr r11,[sp,#120+0] - eor r9,r9,r12,lsl#26 - - ldr r12,[sp,#120+4] - adds r3,r3,r9 - ldr r9,[sp,#192+0] - adc r4,r4,r10 - - ldr r10,[sp,#192+4] - adds r3,r3,r11 - adc r4,r4,r12 - adds r3,r3,r9 - adc r4,r4,r10 - @ Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) - @ LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 - @ HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 - mov r9,r7,lsr#14 - str r3,[sp,#64+0] - mov r10,r8,lsr#14 - str r4,[sp,#64+4] - eor r9,r9,r8,lsl#18 - ldr r11,[sp,#56+0] @ h.lo - eor r10,r10,r7,lsl#18 - ldr r12,[sp,#56+4] @ h.hi - eor r9,r9,r7,lsr#18 - eor r10,r10,r8,lsr#18 - eor r9,r9,r8,lsl#14 - eor r10,r10,r7,lsl#14 - eor r9,r9,r8,lsr#9 - eor r10,r10,r7,lsr#9 - eor r9,r9,r7,lsl#23 - eor r10,r10,r8,lsl#23 @ Sigma1(e) - adds r3,r3,r9 - ldr r9,[sp,#40+0] @ f.lo - adc r4,r4,r10 @ T += Sigma1(e) - ldr r10,[sp,#40+4] @ f.hi - adds r3,r3,r11 - ldr r11,[sp,#48+0] @ g.lo - adc r4,r4,r12 @ T += h - ldr r12,[sp,#48+4] @ g.hi - - eor r9,r9,r11 - str r7,[sp,#32+0] - eor r10,r10,r12 - str r8,[sp,#32+4] - and r9,r9,r7 - str r5,[sp,#0+0] - and r10,r10,r8 - str r6,[sp,#0+4] - eor r9,r9,r11 - ldr r11,[r14,#LO] @ K[i].lo - eor r10,r10,r12 @ Ch(e,f,g) - ldr r12,[r14,#HI] @ K[i].hi - - adds r3,r3,r9 - ldr r7,[sp,#24+0] @ d.lo - adc r4,r4,r10 @ T += Ch(e,f,g) - ldr r8,[sp,#24+4] @ d.hi - adds r3,r3,r11 - and r9,r11,#0xff - adc r4,r4,r12 @ T += K[i] - adds r7,r7,r3 - ldr r11,[sp,#8+0] @ b.lo - adc r8,r8,r4 @ d += T - teq r9,#23 - - ldr r12,[sp,#16+0] @ c.lo -#if __ARM_ARCH__>=7 - it eq @ Thumb2 thing, sanity check in ARM -#endif - orreq r14,r14,#1 - @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) - @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 - @ HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 - mov r9,r5,lsr#28 - mov r10,r6,lsr#28 - eor r9,r9,r6,lsl#4 - eor r10,r10,r5,lsl#4 - eor r9,r9,r6,lsr#2 - eor r10,r10,r5,lsr#2 - eor r9,r9,r5,lsl#30 - eor r10,r10,r6,lsl#30 - eor r9,r9,r6,lsr#7 - eor r10,r10,r5,lsr#7 - eor r9,r9,r5,lsl#25 - eor r10,r10,r6,lsl#25 @ Sigma0(a) - adds r3,r3,r9 - and r9,r5,r11 - adc r4,r4,r10 @ T += Sigma0(a) - - ldr r10,[sp,#8+4] @ b.hi - orr r5,r5,r11 - ldr r11,[sp,#16+4] @ c.hi - and r5,r5,r12 - and r12,r6,r10 - orr r6,r6,r10 - orr r5,r5,r9 @ Maj(a,b,c).lo - and r6,r6,r11 - adds r5,r5,r3 - orr r6,r6,r12 @ Maj(a,b,c).hi - sub sp,sp,#8 - adc r6,r6,r4 @ h += T - tst r14,#1 - add r14,r14,#8 -#if __ARM_ARCH__>=7 - ittt eq @ Thumb2 thing, sanity check in ARM -#endif - ldreq r9,[sp,#184+0] - ldreq r10,[sp,#184+4] - beq L16_79 - bic r14,r14,#1 - - ldr r3,[sp,#8+0] - ldr r4,[sp,#8+4] - ldr r9, [r0,#0+LO] - ldr r10, [r0,#0+HI] - ldr r11, [r0,#8+LO] - ldr r12, [r0,#8+HI] - adds r9,r5,r9 - str r9, [r0,#0+LO] - adc r10,r6,r10 - str r10, [r0,#0+HI] - adds r11,r3,r11 - str r11, [r0,#8+LO] - adc r12,r4,r12 - str r12, [r0,#8+HI] - - ldr r5,[sp,#16+0] - ldr r6,[sp,#16+4] - ldr r3,[sp,#24+0] - ldr r4,[sp,#24+4] - ldr r9, [r0,#16+LO] - ldr r10, [r0,#16+HI] - ldr r11, [r0,#24+LO] - ldr r12, [r0,#24+HI] - adds r9,r5,r9 - str r9, [r0,#16+LO] - adc r10,r6,r10 - str r10, [r0,#16+HI] - adds r11,r3,r11 - str r11, [r0,#24+LO] - adc r12,r4,r12 - str r12, [r0,#24+HI] - - ldr r3,[sp,#40+0] - ldr r4,[sp,#40+4] - ldr r9, [r0,#32+LO] - ldr r10, [r0,#32+HI] - ldr r11, [r0,#40+LO] - ldr r12, [r0,#40+HI] - adds r7,r7,r9 - str r7,[r0,#32+LO] - adc r8,r8,r10 - str r8,[r0,#32+HI] - adds r11,r3,r11 - str r11, [r0,#40+LO] - adc r12,r4,r12 - str r12, [r0,#40+HI] - - ldr r5,[sp,#48+0] - ldr r6,[sp,#48+4] - ldr r3,[sp,#56+0] - ldr r4,[sp,#56+4] - ldr r9, [r0,#48+LO] - ldr r10, [r0,#48+HI] - ldr r11, [r0,#56+LO] - ldr r12, [r0,#56+HI] - adds r9,r5,r9 - str r9, [r0,#48+LO] - adc r10,r6,r10 - str r10, [r0,#48+HI] - adds r11,r3,r11 - str r11, [r0,#56+LO] - adc r12,r4,r12 - str r12, [r0,#56+HI] - - add sp,sp,#640 - sub r14,r14,#640 - - teq r1,r2 - bne Loop - - add sp,sp,#8*9 @ destroy frame -#if __ARM_ARCH__>=5 - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} -#else - ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet -.word 0xe12fff1e @ interoperable with Thumb ISA:-) -#endif - -#if __ARM_MAX_ARCH__>=7 - - - -#ifdef __thumb2__ -.thumb_func sha512_block_data_order_neon -#endif -.align 4 -sha512_block_data_order_neon: -LNEON: - dmb @ errata #451034 on early Cortex A8 - add r2,r1,r2,lsl#7 @ len to point at the end of inp - adr r3,K512 - VFP_ABI_PUSH - vldmia r0,{d16,d17,d18,d19,d20,d21,d22,d23} @ load context -Loop_neon: - vshr.u64 d24,d20,#14 @ 0 -#if 0<16 - vld1.64 {d0},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d20,#18 -#if 0>0 - vadd.i64 d16,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d20,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d20,#50 - vsli.64 d25,d20,#46 - vmov d29,d20 - vsli.64 d26,d20,#23 -#if 0<16 && defined(__ARMEL__) - vrev64.8 d0,d0 -#endif - veor d25,d24 - vbsl d29,d21,d22 @ Ch(e,f,g) - vshr.u64 d24,d16,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d23 - vshr.u64 d25,d16,#34 - vsli.64 d24,d16,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d16,#39 - vadd.i64 d28,d0 - vsli.64 d25,d16,#30 - veor d30,d16,d17 - vsli.64 d26,d16,#25 - veor d23,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d18,d17 @ Maj(a,b,c) - veor d23,d26 @ Sigma0(a) - vadd.i64 d19,d27 - vadd.i64 d30,d27 - @ vadd.i64 d23,d30 - vshr.u64 d24,d19,#14 @ 1 -#if 1<16 - vld1.64 {d1},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d19,#18 -#if 1>0 - vadd.i64 d23,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d19,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d19,#50 - vsli.64 d25,d19,#46 - vmov d29,d19 - vsli.64 d26,d19,#23 -#if 1<16 && defined(__ARMEL__) - vrev64.8 d1,d1 -#endif - veor d25,d24 - vbsl d29,d20,d21 @ Ch(e,f,g) - vshr.u64 d24,d23,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d22 - vshr.u64 d25,d23,#34 - vsli.64 d24,d23,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d23,#39 - vadd.i64 d28,d1 - vsli.64 d25,d23,#30 - veor d30,d23,d16 - vsli.64 d26,d23,#25 - veor d22,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d17,d16 @ Maj(a,b,c) - veor d22,d26 @ Sigma0(a) - vadd.i64 d18,d27 - vadd.i64 d30,d27 - @ vadd.i64 d22,d30 - vshr.u64 d24,d18,#14 @ 2 -#if 2<16 - vld1.64 {d2},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d18,#18 -#if 2>0 - vadd.i64 d22,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d18,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d18,#50 - vsli.64 d25,d18,#46 - vmov d29,d18 - vsli.64 d26,d18,#23 -#if 2<16 && defined(__ARMEL__) - vrev64.8 d2,d2 -#endif - veor d25,d24 - vbsl d29,d19,d20 @ Ch(e,f,g) - vshr.u64 d24,d22,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d21 - vshr.u64 d25,d22,#34 - vsli.64 d24,d22,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d22,#39 - vadd.i64 d28,d2 - vsli.64 d25,d22,#30 - veor d30,d22,d23 - vsli.64 d26,d22,#25 - veor d21,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d16,d23 @ Maj(a,b,c) - veor d21,d26 @ Sigma0(a) - vadd.i64 d17,d27 - vadd.i64 d30,d27 - @ vadd.i64 d21,d30 - vshr.u64 d24,d17,#14 @ 3 -#if 3<16 - vld1.64 {d3},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d17,#18 -#if 3>0 - vadd.i64 d21,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d17,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d17,#50 - vsli.64 d25,d17,#46 - vmov d29,d17 - vsli.64 d26,d17,#23 -#if 3<16 && defined(__ARMEL__) - vrev64.8 d3,d3 -#endif - veor d25,d24 - vbsl d29,d18,d19 @ Ch(e,f,g) - vshr.u64 d24,d21,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d20 - vshr.u64 d25,d21,#34 - vsli.64 d24,d21,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d21,#39 - vadd.i64 d28,d3 - vsli.64 d25,d21,#30 - veor d30,d21,d22 - vsli.64 d26,d21,#25 - veor d20,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d23,d22 @ Maj(a,b,c) - veor d20,d26 @ Sigma0(a) - vadd.i64 d16,d27 - vadd.i64 d30,d27 - @ vadd.i64 d20,d30 - vshr.u64 d24,d16,#14 @ 4 -#if 4<16 - vld1.64 {d4},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d16,#18 -#if 4>0 - vadd.i64 d20,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d16,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d16,#50 - vsli.64 d25,d16,#46 - vmov d29,d16 - vsli.64 d26,d16,#23 -#if 4<16 && defined(__ARMEL__) - vrev64.8 d4,d4 -#endif - veor d25,d24 - vbsl d29,d17,d18 @ Ch(e,f,g) - vshr.u64 d24,d20,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d19 - vshr.u64 d25,d20,#34 - vsli.64 d24,d20,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d20,#39 - vadd.i64 d28,d4 - vsli.64 d25,d20,#30 - veor d30,d20,d21 - vsli.64 d26,d20,#25 - veor d19,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d22,d21 @ Maj(a,b,c) - veor d19,d26 @ Sigma0(a) - vadd.i64 d23,d27 - vadd.i64 d30,d27 - @ vadd.i64 d19,d30 - vshr.u64 d24,d23,#14 @ 5 -#if 5<16 - vld1.64 {d5},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d23,#18 -#if 5>0 - vadd.i64 d19,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d23,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d23,#50 - vsli.64 d25,d23,#46 - vmov d29,d23 - vsli.64 d26,d23,#23 -#if 5<16 && defined(__ARMEL__) - vrev64.8 d5,d5 -#endif - veor d25,d24 - vbsl d29,d16,d17 @ Ch(e,f,g) - vshr.u64 d24,d19,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d18 - vshr.u64 d25,d19,#34 - vsli.64 d24,d19,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d19,#39 - vadd.i64 d28,d5 - vsli.64 d25,d19,#30 - veor d30,d19,d20 - vsli.64 d26,d19,#25 - veor d18,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d21,d20 @ Maj(a,b,c) - veor d18,d26 @ Sigma0(a) - vadd.i64 d22,d27 - vadd.i64 d30,d27 - @ vadd.i64 d18,d30 - vshr.u64 d24,d22,#14 @ 6 -#if 6<16 - vld1.64 {d6},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d22,#18 -#if 6>0 - vadd.i64 d18,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d22,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d22,#50 - vsli.64 d25,d22,#46 - vmov d29,d22 - vsli.64 d26,d22,#23 -#if 6<16 && defined(__ARMEL__) - vrev64.8 d6,d6 -#endif - veor d25,d24 - vbsl d29,d23,d16 @ Ch(e,f,g) - vshr.u64 d24,d18,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d17 - vshr.u64 d25,d18,#34 - vsli.64 d24,d18,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d18,#39 - vadd.i64 d28,d6 - vsli.64 d25,d18,#30 - veor d30,d18,d19 - vsli.64 d26,d18,#25 - veor d17,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d20,d19 @ Maj(a,b,c) - veor d17,d26 @ Sigma0(a) - vadd.i64 d21,d27 - vadd.i64 d30,d27 - @ vadd.i64 d17,d30 - vshr.u64 d24,d21,#14 @ 7 -#if 7<16 - vld1.64 {d7},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d21,#18 -#if 7>0 - vadd.i64 d17,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d21,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d21,#50 - vsli.64 d25,d21,#46 - vmov d29,d21 - vsli.64 d26,d21,#23 -#if 7<16 && defined(__ARMEL__) - vrev64.8 d7,d7 -#endif - veor d25,d24 - vbsl d29,d22,d23 @ Ch(e,f,g) - vshr.u64 d24,d17,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d16 - vshr.u64 d25,d17,#34 - vsli.64 d24,d17,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d17,#39 - vadd.i64 d28,d7 - vsli.64 d25,d17,#30 - veor d30,d17,d18 - vsli.64 d26,d17,#25 - veor d16,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d19,d18 @ Maj(a,b,c) - veor d16,d26 @ Sigma0(a) - vadd.i64 d20,d27 - vadd.i64 d30,d27 - @ vadd.i64 d16,d30 - vshr.u64 d24,d20,#14 @ 8 -#if 8<16 - vld1.64 {d8},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d20,#18 -#if 8>0 - vadd.i64 d16,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d20,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d20,#50 - vsli.64 d25,d20,#46 - vmov d29,d20 - vsli.64 d26,d20,#23 -#if 8<16 && defined(__ARMEL__) - vrev64.8 d8,d8 -#endif - veor d25,d24 - vbsl d29,d21,d22 @ Ch(e,f,g) - vshr.u64 d24,d16,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d23 - vshr.u64 d25,d16,#34 - vsli.64 d24,d16,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d16,#39 - vadd.i64 d28,d8 - vsli.64 d25,d16,#30 - veor d30,d16,d17 - vsli.64 d26,d16,#25 - veor d23,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d18,d17 @ Maj(a,b,c) - veor d23,d26 @ Sigma0(a) - vadd.i64 d19,d27 - vadd.i64 d30,d27 - @ vadd.i64 d23,d30 - vshr.u64 d24,d19,#14 @ 9 -#if 9<16 - vld1.64 {d9},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d19,#18 -#if 9>0 - vadd.i64 d23,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d19,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d19,#50 - vsli.64 d25,d19,#46 - vmov d29,d19 - vsli.64 d26,d19,#23 -#if 9<16 && defined(__ARMEL__) - vrev64.8 d9,d9 -#endif - veor d25,d24 - vbsl d29,d20,d21 @ Ch(e,f,g) - vshr.u64 d24,d23,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d22 - vshr.u64 d25,d23,#34 - vsli.64 d24,d23,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d23,#39 - vadd.i64 d28,d9 - vsli.64 d25,d23,#30 - veor d30,d23,d16 - vsli.64 d26,d23,#25 - veor d22,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d17,d16 @ Maj(a,b,c) - veor d22,d26 @ Sigma0(a) - vadd.i64 d18,d27 - vadd.i64 d30,d27 - @ vadd.i64 d22,d30 - vshr.u64 d24,d18,#14 @ 10 -#if 10<16 - vld1.64 {d10},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d18,#18 -#if 10>0 - vadd.i64 d22,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d18,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d18,#50 - vsli.64 d25,d18,#46 - vmov d29,d18 - vsli.64 d26,d18,#23 -#if 10<16 && defined(__ARMEL__) - vrev64.8 d10,d10 -#endif - veor d25,d24 - vbsl d29,d19,d20 @ Ch(e,f,g) - vshr.u64 d24,d22,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d21 - vshr.u64 d25,d22,#34 - vsli.64 d24,d22,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d22,#39 - vadd.i64 d28,d10 - vsli.64 d25,d22,#30 - veor d30,d22,d23 - vsli.64 d26,d22,#25 - veor d21,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d16,d23 @ Maj(a,b,c) - veor d21,d26 @ Sigma0(a) - vadd.i64 d17,d27 - vadd.i64 d30,d27 - @ vadd.i64 d21,d30 - vshr.u64 d24,d17,#14 @ 11 -#if 11<16 - vld1.64 {d11},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d17,#18 -#if 11>0 - vadd.i64 d21,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d17,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d17,#50 - vsli.64 d25,d17,#46 - vmov d29,d17 - vsli.64 d26,d17,#23 -#if 11<16 && defined(__ARMEL__) - vrev64.8 d11,d11 -#endif - veor d25,d24 - vbsl d29,d18,d19 @ Ch(e,f,g) - vshr.u64 d24,d21,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d20 - vshr.u64 d25,d21,#34 - vsli.64 d24,d21,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d21,#39 - vadd.i64 d28,d11 - vsli.64 d25,d21,#30 - veor d30,d21,d22 - vsli.64 d26,d21,#25 - veor d20,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d23,d22 @ Maj(a,b,c) - veor d20,d26 @ Sigma0(a) - vadd.i64 d16,d27 - vadd.i64 d30,d27 - @ vadd.i64 d20,d30 - vshr.u64 d24,d16,#14 @ 12 -#if 12<16 - vld1.64 {d12},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d16,#18 -#if 12>0 - vadd.i64 d20,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d16,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d16,#50 - vsli.64 d25,d16,#46 - vmov d29,d16 - vsli.64 d26,d16,#23 -#if 12<16 && defined(__ARMEL__) - vrev64.8 d12,d12 -#endif - veor d25,d24 - vbsl d29,d17,d18 @ Ch(e,f,g) - vshr.u64 d24,d20,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d19 - vshr.u64 d25,d20,#34 - vsli.64 d24,d20,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d20,#39 - vadd.i64 d28,d12 - vsli.64 d25,d20,#30 - veor d30,d20,d21 - vsli.64 d26,d20,#25 - veor d19,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d22,d21 @ Maj(a,b,c) - veor d19,d26 @ Sigma0(a) - vadd.i64 d23,d27 - vadd.i64 d30,d27 - @ vadd.i64 d19,d30 - vshr.u64 d24,d23,#14 @ 13 -#if 13<16 - vld1.64 {d13},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d23,#18 -#if 13>0 - vadd.i64 d19,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d23,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d23,#50 - vsli.64 d25,d23,#46 - vmov d29,d23 - vsli.64 d26,d23,#23 -#if 13<16 && defined(__ARMEL__) - vrev64.8 d13,d13 -#endif - veor d25,d24 - vbsl d29,d16,d17 @ Ch(e,f,g) - vshr.u64 d24,d19,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d18 - vshr.u64 d25,d19,#34 - vsli.64 d24,d19,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d19,#39 - vadd.i64 d28,d13 - vsli.64 d25,d19,#30 - veor d30,d19,d20 - vsli.64 d26,d19,#25 - veor d18,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d21,d20 @ Maj(a,b,c) - veor d18,d26 @ Sigma0(a) - vadd.i64 d22,d27 - vadd.i64 d30,d27 - @ vadd.i64 d18,d30 - vshr.u64 d24,d22,#14 @ 14 -#if 14<16 - vld1.64 {d14},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d22,#18 -#if 14>0 - vadd.i64 d18,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d22,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d22,#50 - vsli.64 d25,d22,#46 - vmov d29,d22 - vsli.64 d26,d22,#23 -#if 14<16 && defined(__ARMEL__) - vrev64.8 d14,d14 -#endif - veor d25,d24 - vbsl d29,d23,d16 @ Ch(e,f,g) - vshr.u64 d24,d18,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d17 - vshr.u64 d25,d18,#34 - vsli.64 d24,d18,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d18,#39 - vadd.i64 d28,d14 - vsli.64 d25,d18,#30 - veor d30,d18,d19 - vsli.64 d26,d18,#25 - veor d17,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d20,d19 @ Maj(a,b,c) - veor d17,d26 @ Sigma0(a) - vadd.i64 d21,d27 - vadd.i64 d30,d27 - @ vadd.i64 d17,d30 - vshr.u64 d24,d21,#14 @ 15 -#if 15<16 - vld1.64 {d15},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d21,#18 -#if 15>0 - vadd.i64 d17,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d21,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d21,#50 - vsli.64 d25,d21,#46 - vmov d29,d21 - vsli.64 d26,d21,#23 -#if 15<16 && defined(__ARMEL__) - vrev64.8 d15,d15 -#endif - veor d25,d24 - vbsl d29,d22,d23 @ Ch(e,f,g) - vshr.u64 d24,d17,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d16 - vshr.u64 d25,d17,#34 - vsli.64 d24,d17,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d17,#39 - vadd.i64 d28,d15 - vsli.64 d25,d17,#30 - veor d30,d17,d18 - vsli.64 d26,d17,#25 - veor d16,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d19,d18 @ Maj(a,b,c) - veor d16,d26 @ Sigma0(a) - vadd.i64 d20,d27 - vadd.i64 d30,d27 - @ vadd.i64 d16,d30 - mov r12,#4 -L16_79_neon: - subs r12,#1 - vshr.u64 q12,q7,#19 - vshr.u64 q13,q7,#61 - vadd.i64 d16,d30 @ h+=Maj from the past - vshr.u64 q15,q7,#6 - vsli.64 q12,q7,#45 - vext.8 q14,q0,q1,#8 @ X[i+1] - vsli.64 q13,q7,#3 - veor q15,q12 - vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) - vshr.u64 q13,q14,#8 - vadd.i64 q0,q15 - vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q4,q5,#8 @ X[i+9] - veor q15,q12 - vshr.u64 d24,d20,#14 @ from NEON_00_15 - vadd.i64 q0,q14 - vshr.u64 d25,d20,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) - vshr.u64 d26,d20,#41 @ from NEON_00_15 - vadd.i64 q0,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d20,#50 - vsli.64 d25,d20,#46 - vmov d29,d20 - vsli.64 d26,d20,#23 -#if 16<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d21,d22 @ Ch(e,f,g) - vshr.u64 d24,d16,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d23 - vshr.u64 d25,d16,#34 - vsli.64 d24,d16,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d16,#39 - vadd.i64 d28,d0 - vsli.64 d25,d16,#30 - veor d30,d16,d17 - vsli.64 d26,d16,#25 - veor d23,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d18,d17 @ Maj(a,b,c) - veor d23,d26 @ Sigma0(a) - vadd.i64 d19,d27 - vadd.i64 d30,d27 - @ vadd.i64 d23,d30 - vshr.u64 d24,d19,#14 @ 17 -#if 17<16 - vld1.64 {d1},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d19,#18 -#if 17>0 - vadd.i64 d23,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d19,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d19,#50 - vsli.64 d25,d19,#46 - vmov d29,d19 - vsli.64 d26,d19,#23 -#if 17<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d20,d21 @ Ch(e,f,g) - vshr.u64 d24,d23,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d22 - vshr.u64 d25,d23,#34 - vsli.64 d24,d23,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d23,#39 - vadd.i64 d28,d1 - vsli.64 d25,d23,#30 - veor d30,d23,d16 - vsli.64 d26,d23,#25 - veor d22,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d17,d16 @ Maj(a,b,c) - veor d22,d26 @ Sigma0(a) - vadd.i64 d18,d27 - vadd.i64 d30,d27 - @ vadd.i64 d22,d30 - vshr.u64 q12,q0,#19 - vshr.u64 q13,q0,#61 - vadd.i64 d22,d30 @ h+=Maj from the past - vshr.u64 q15,q0,#6 - vsli.64 q12,q0,#45 - vext.8 q14,q1,q2,#8 @ X[i+1] - vsli.64 q13,q0,#3 - veor q15,q12 - vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) - vshr.u64 q13,q14,#8 - vadd.i64 q1,q15 - vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q5,q6,#8 @ X[i+9] - veor q15,q12 - vshr.u64 d24,d18,#14 @ from NEON_00_15 - vadd.i64 q1,q14 - vshr.u64 d25,d18,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) - vshr.u64 d26,d18,#41 @ from NEON_00_15 - vadd.i64 q1,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d18,#50 - vsli.64 d25,d18,#46 - vmov d29,d18 - vsli.64 d26,d18,#23 -#if 18<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d19,d20 @ Ch(e,f,g) - vshr.u64 d24,d22,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d21 - vshr.u64 d25,d22,#34 - vsli.64 d24,d22,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d22,#39 - vadd.i64 d28,d2 - vsli.64 d25,d22,#30 - veor d30,d22,d23 - vsli.64 d26,d22,#25 - veor d21,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d16,d23 @ Maj(a,b,c) - veor d21,d26 @ Sigma0(a) - vadd.i64 d17,d27 - vadd.i64 d30,d27 - @ vadd.i64 d21,d30 - vshr.u64 d24,d17,#14 @ 19 -#if 19<16 - vld1.64 {d3},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d17,#18 -#if 19>0 - vadd.i64 d21,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d17,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d17,#50 - vsli.64 d25,d17,#46 - vmov d29,d17 - vsli.64 d26,d17,#23 -#if 19<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d18,d19 @ Ch(e,f,g) - vshr.u64 d24,d21,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d20 - vshr.u64 d25,d21,#34 - vsli.64 d24,d21,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d21,#39 - vadd.i64 d28,d3 - vsli.64 d25,d21,#30 - veor d30,d21,d22 - vsli.64 d26,d21,#25 - veor d20,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d23,d22 @ Maj(a,b,c) - veor d20,d26 @ Sigma0(a) - vadd.i64 d16,d27 - vadd.i64 d30,d27 - @ vadd.i64 d20,d30 - vshr.u64 q12,q1,#19 - vshr.u64 q13,q1,#61 - vadd.i64 d20,d30 @ h+=Maj from the past - vshr.u64 q15,q1,#6 - vsli.64 q12,q1,#45 - vext.8 q14,q2,q3,#8 @ X[i+1] - vsli.64 q13,q1,#3 - veor q15,q12 - vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) - vshr.u64 q13,q14,#8 - vadd.i64 q2,q15 - vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q6,q7,#8 @ X[i+9] - veor q15,q12 - vshr.u64 d24,d16,#14 @ from NEON_00_15 - vadd.i64 q2,q14 - vshr.u64 d25,d16,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) - vshr.u64 d26,d16,#41 @ from NEON_00_15 - vadd.i64 q2,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d16,#50 - vsli.64 d25,d16,#46 - vmov d29,d16 - vsli.64 d26,d16,#23 -#if 20<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d17,d18 @ Ch(e,f,g) - vshr.u64 d24,d20,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d19 - vshr.u64 d25,d20,#34 - vsli.64 d24,d20,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d20,#39 - vadd.i64 d28,d4 - vsli.64 d25,d20,#30 - veor d30,d20,d21 - vsli.64 d26,d20,#25 - veor d19,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d22,d21 @ Maj(a,b,c) - veor d19,d26 @ Sigma0(a) - vadd.i64 d23,d27 - vadd.i64 d30,d27 - @ vadd.i64 d19,d30 - vshr.u64 d24,d23,#14 @ 21 -#if 21<16 - vld1.64 {d5},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d23,#18 -#if 21>0 - vadd.i64 d19,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d23,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d23,#50 - vsli.64 d25,d23,#46 - vmov d29,d23 - vsli.64 d26,d23,#23 -#if 21<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d16,d17 @ Ch(e,f,g) - vshr.u64 d24,d19,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d18 - vshr.u64 d25,d19,#34 - vsli.64 d24,d19,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d19,#39 - vadd.i64 d28,d5 - vsli.64 d25,d19,#30 - veor d30,d19,d20 - vsli.64 d26,d19,#25 - veor d18,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d21,d20 @ Maj(a,b,c) - veor d18,d26 @ Sigma0(a) - vadd.i64 d22,d27 - vadd.i64 d30,d27 - @ vadd.i64 d18,d30 - vshr.u64 q12,q2,#19 - vshr.u64 q13,q2,#61 - vadd.i64 d18,d30 @ h+=Maj from the past - vshr.u64 q15,q2,#6 - vsli.64 q12,q2,#45 - vext.8 q14,q3,q4,#8 @ X[i+1] - vsli.64 q13,q2,#3 - veor q15,q12 - vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) - vshr.u64 q13,q14,#8 - vadd.i64 q3,q15 - vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q7,q0,#8 @ X[i+9] - veor q15,q12 - vshr.u64 d24,d22,#14 @ from NEON_00_15 - vadd.i64 q3,q14 - vshr.u64 d25,d22,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) - vshr.u64 d26,d22,#41 @ from NEON_00_15 - vadd.i64 q3,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d22,#50 - vsli.64 d25,d22,#46 - vmov d29,d22 - vsli.64 d26,d22,#23 -#if 22<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d23,d16 @ Ch(e,f,g) - vshr.u64 d24,d18,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d17 - vshr.u64 d25,d18,#34 - vsli.64 d24,d18,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d18,#39 - vadd.i64 d28,d6 - vsli.64 d25,d18,#30 - veor d30,d18,d19 - vsli.64 d26,d18,#25 - veor d17,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d20,d19 @ Maj(a,b,c) - veor d17,d26 @ Sigma0(a) - vadd.i64 d21,d27 - vadd.i64 d30,d27 - @ vadd.i64 d17,d30 - vshr.u64 d24,d21,#14 @ 23 -#if 23<16 - vld1.64 {d7},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d21,#18 -#if 23>0 - vadd.i64 d17,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d21,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d21,#50 - vsli.64 d25,d21,#46 - vmov d29,d21 - vsli.64 d26,d21,#23 -#if 23<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d22,d23 @ Ch(e,f,g) - vshr.u64 d24,d17,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d16 - vshr.u64 d25,d17,#34 - vsli.64 d24,d17,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d17,#39 - vadd.i64 d28,d7 - vsli.64 d25,d17,#30 - veor d30,d17,d18 - vsli.64 d26,d17,#25 - veor d16,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d19,d18 @ Maj(a,b,c) - veor d16,d26 @ Sigma0(a) - vadd.i64 d20,d27 - vadd.i64 d30,d27 - @ vadd.i64 d16,d30 - vshr.u64 q12,q3,#19 - vshr.u64 q13,q3,#61 - vadd.i64 d16,d30 @ h+=Maj from the past - vshr.u64 q15,q3,#6 - vsli.64 q12,q3,#45 - vext.8 q14,q4,q5,#8 @ X[i+1] - vsli.64 q13,q3,#3 - veor q15,q12 - vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) - vshr.u64 q13,q14,#8 - vadd.i64 q4,q15 - vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q0,q1,#8 @ X[i+9] - veor q15,q12 - vshr.u64 d24,d20,#14 @ from NEON_00_15 - vadd.i64 q4,q14 - vshr.u64 d25,d20,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) - vshr.u64 d26,d20,#41 @ from NEON_00_15 - vadd.i64 q4,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d20,#50 - vsli.64 d25,d20,#46 - vmov d29,d20 - vsli.64 d26,d20,#23 -#if 24<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d21,d22 @ Ch(e,f,g) - vshr.u64 d24,d16,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d23 - vshr.u64 d25,d16,#34 - vsli.64 d24,d16,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d16,#39 - vadd.i64 d28,d8 - vsli.64 d25,d16,#30 - veor d30,d16,d17 - vsli.64 d26,d16,#25 - veor d23,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d18,d17 @ Maj(a,b,c) - veor d23,d26 @ Sigma0(a) - vadd.i64 d19,d27 - vadd.i64 d30,d27 - @ vadd.i64 d23,d30 - vshr.u64 d24,d19,#14 @ 25 -#if 25<16 - vld1.64 {d9},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d19,#18 -#if 25>0 - vadd.i64 d23,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d19,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d19,#50 - vsli.64 d25,d19,#46 - vmov d29,d19 - vsli.64 d26,d19,#23 -#if 25<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d20,d21 @ Ch(e,f,g) - vshr.u64 d24,d23,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d22 - vshr.u64 d25,d23,#34 - vsli.64 d24,d23,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d23,#39 - vadd.i64 d28,d9 - vsli.64 d25,d23,#30 - veor d30,d23,d16 - vsli.64 d26,d23,#25 - veor d22,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d17,d16 @ Maj(a,b,c) - veor d22,d26 @ Sigma0(a) - vadd.i64 d18,d27 - vadd.i64 d30,d27 - @ vadd.i64 d22,d30 - vshr.u64 q12,q4,#19 - vshr.u64 q13,q4,#61 - vadd.i64 d22,d30 @ h+=Maj from the past - vshr.u64 q15,q4,#6 - vsli.64 q12,q4,#45 - vext.8 q14,q5,q6,#8 @ X[i+1] - vsli.64 q13,q4,#3 - veor q15,q12 - vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) - vshr.u64 q13,q14,#8 - vadd.i64 q5,q15 - vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q1,q2,#8 @ X[i+9] - veor q15,q12 - vshr.u64 d24,d18,#14 @ from NEON_00_15 - vadd.i64 q5,q14 - vshr.u64 d25,d18,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) - vshr.u64 d26,d18,#41 @ from NEON_00_15 - vadd.i64 q5,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d18,#50 - vsli.64 d25,d18,#46 - vmov d29,d18 - vsli.64 d26,d18,#23 -#if 26<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d19,d20 @ Ch(e,f,g) - vshr.u64 d24,d22,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d21 - vshr.u64 d25,d22,#34 - vsli.64 d24,d22,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d22,#39 - vadd.i64 d28,d10 - vsli.64 d25,d22,#30 - veor d30,d22,d23 - vsli.64 d26,d22,#25 - veor d21,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d16,d23 @ Maj(a,b,c) - veor d21,d26 @ Sigma0(a) - vadd.i64 d17,d27 - vadd.i64 d30,d27 - @ vadd.i64 d21,d30 - vshr.u64 d24,d17,#14 @ 27 -#if 27<16 - vld1.64 {d11},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d17,#18 -#if 27>0 - vadd.i64 d21,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d17,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d17,#50 - vsli.64 d25,d17,#46 - vmov d29,d17 - vsli.64 d26,d17,#23 -#if 27<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d18,d19 @ Ch(e,f,g) - vshr.u64 d24,d21,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d20 - vshr.u64 d25,d21,#34 - vsli.64 d24,d21,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d21,#39 - vadd.i64 d28,d11 - vsli.64 d25,d21,#30 - veor d30,d21,d22 - vsli.64 d26,d21,#25 - veor d20,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d23,d22 @ Maj(a,b,c) - veor d20,d26 @ Sigma0(a) - vadd.i64 d16,d27 - vadd.i64 d30,d27 - @ vadd.i64 d20,d30 - vshr.u64 q12,q5,#19 - vshr.u64 q13,q5,#61 - vadd.i64 d20,d30 @ h+=Maj from the past - vshr.u64 q15,q5,#6 - vsli.64 q12,q5,#45 - vext.8 q14,q6,q7,#8 @ X[i+1] - vsli.64 q13,q5,#3 - veor q15,q12 - vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) - vshr.u64 q13,q14,#8 - vadd.i64 q6,q15 - vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q2,q3,#8 @ X[i+9] - veor q15,q12 - vshr.u64 d24,d16,#14 @ from NEON_00_15 - vadd.i64 q6,q14 - vshr.u64 d25,d16,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) - vshr.u64 d26,d16,#41 @ from NEON_00_15 - vadd.i64 q6,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d16,#50 - vsli.64 d25,d16,#46 - vmov d29,d16 - vsli.64 d26,d16,#23 -#if 28<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d17,d18 @ Ch(e,f,g) - vshr.u64 d24,d20,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d19 - vshr.u64 d25,d20,#34 - vsli.64 d24,d20,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d20,#39 - vadd.i64 d28,d12 - vsli.64 d25,d20,#30 - veor d30,d20,d21 - vsli.64 d26,d20,#25 - veor d19,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d22,d21 @ Maj(a,b,c) - veor d19,d26 @ Sigma0(a) - vadd.i64 d23,d27 - vadd.i64 d30,d27 - @ vadd.i64 d19,d30 - vshr.u64 d24,d23,#14 @ 29 -#if 29<16 - vld1.64 {d13},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d23,#18 -#if 29>0 - vadd.i64 d19,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d23,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d23,#50 - vsli.64 d25,d23,#46 - vmov d29,d23 - vsli.64 d26,d23,#23 -#if 29<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d16,d17 @ Ch(e,f,g) - vshr.u64 d24,d19,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d18 - vshr.u64 d25,d19,#34 - vsli.64 d24,d19,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d19,#39 - vadd.i64 d28,d13 - vsli.64 d25,d19,#30 - veor d30,d19,d20 - vsli.64 d26,d19,#25 - veor d18,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d21,d20 @ Maj(a,b,c) - veor d18,d26 @ Sigma0(a) - vadd.i64 d22,d27 - vadd.i64 d30,d27 - @ vadd.i64 d18,d30 - vshr.u64 q12,q6,#19 - vshr.u64 q13,q6,#61 - vadd.i64 d18,d30 @ h+=Maj from the past - vshr.u64 q15,q6,#6 - vsli.64 q12,q6,#45 - vext.8 q14,q7,q0,#8 @ X[i+1] - vsli.64 q13,q6,#3 - veor q15,q12 - vshr.u64 q12,q14,#1 - veor q15,q13 @ sigma1(X[i+14]) - vshr.u64 q13,q14,#8 - vadd.i64 q7,q15 - vshr.u64 q15,q14,#7 - vsli.64 q12,q14,#63 - vsli.64 q13,q14,#56 - vext.8 q14,q3,q4,#8 @ X[i+9] - veor q15,q12 - vshr.u64 d24,d22,#14 @ from NEON_00_15 - vadd.i64 q7,q14 - vshr.u64 d25,d22,#18 @ from NEON_00_15 - veor q15,q13 @ sigma0(X[i+1]) - vshr.u64 d26,d22,#41 @ from NEON_00_15 - vadd.i64 q7,q15 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d22,#50 - vsli.64 d25,d22,#46 - vmov d29,d22 - vsli.64 d26,d22,#23 -#if 30<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d23,d16 @ Ch(e,f,g) - vshr.u64 d24,d18,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d17 - vshr.u64 d25,d18,#34 - vsli.64 d24,d18,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d18,#39 - vadd.i64 d28,d14 - vsli.64 d25,d18,#30 - veor d30,d18,d19 - vsli.64 d26,d18,#25 - veor d17,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d20,d19 @ Maj(a,b,c) - veor d17,d26 @ Sigma0(a) - vadd.i64 d21,d27 - vadd.i64 d30,d27 - @ vadd.i64 d17,d30 - vshr.u64 d24,d21,#14 @ 31 -#if 31<16 - vld1.64 {d15},[r1]! @ handles unaligned -#endif - vshr.u64 d25,d21,#18 -#if 31>0 - vadd.i64 d17,d30 @ h+=Maj from the past -#endif - vshr.u64 d26,d21,#41 - vld1.64 {d28},[r3,:64]! @ K[i++] - vsli.64 d24,d21,#50 - vsli.64 d25,d21,#46 - vmov d29,d21 - vsli.64 d26,d21,#23 -#if 31<16 && defined(__ARMEL__) - vrev64.8 , -#endif - veor d25,d24 - vbsl d29,d22,d23 @ Ch(e,f,g) - vshr.u64 d24,d17,#28 - veor d26,d25 @ Sigma1(e) - vadd.i64 d27,d29,d16 - vshr.u64 d25,d17,#34 - vsli.64 d24,d17,#36 - vadd.i64 d27,d26 - vshr.u64 d26,d17,#39 - vadd.i64 d28,d15 - vsli.64 d25,d17,#30 - veor d30,d17,d18 - vsli.64 d26,d17,#25 - veor d16,d24,d25 - vadd.i64 d27,d28 - vbsl d30,d19,d18 @ Maj(a,b,c) - veor d16,d26 @ Sigma0(a) - vadd.i64 d20,d27 - vadd.i64 d30,d27 - @ vadd.i64 d16,d30 - bne L16_79_neon - - vadd.i64 d16,d30 @ h+=Maj from the past - vldmia r0,{d24,d25,d26,d27,d28,d29,d30,d31} @ load context to temp - vadd.i64 q8,q12 @ vectorized accumulate - vadd.i64 q9,q13 - vadd.i64 q10,q14 - vadd.i64 q11,q15 - vstmia r0,{d16,d17,d18,d19,d20,d21,d22,d23} @ save context - teq r1,r2 - sub r3,#640 @ rewind K512 - bne Loop_neon - - VFP_ABI_POP - bx lr @ .word 0xe12fff1e - -#endif -.byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,52,47,78,69,79,78,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.align 2 -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/sha512-armv4-linux32.S b/pregenerated/sha512-armv4-linux32.S index c05ea0b..fbad34b 100644 --- a/pregenerated/sha512-armv4-linux32.S +++ b/pregenerated/sha512-armv4-linux32.S @@ -10,6 +10,7 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) +#include "ring_core_generated/prefix_symbols_asm.h" @ Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. @ @ Licensed under the OpenSSL license (the "License"). You may not use @@ -65,7 +66,7 @@ @ was reflected in below two parameters as 0 and 4. Now caller is @ expected to maintain native byte order for whole 64-bit values. #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> # define VFP_ABI_PUSH vstmdb sp!,{d8-d15} # define VFP_ABI_POP vldmia sp!,{d8-d15} #else @@ -144,27 +145,27 @@ K512: .size K512,.-K512 #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) -.hidden GFp_armcap_P +.hidden OPENSSL_armcap_P .LOPENSSL_armcap: -.word GFp_armcap_P-.Lsha512_block_data_order +.word OPENSSL_armcap_P-.Lsha512_block_data_order .skip 32-4 #else .skip 32 #endif -.globl GFp_sha512_block_data_order -.hidden GFp_sha512_block_data_order -.type GFp_sha512_block_data_order,%function -GFp_sha512_block_data_order: +.globl sha512_block_data_order +.hidden sha512_block_data_order +.type sha512_block_data_order,%function +sha512_block_data_order: .Lsha512_block_data_order: #if __ARM_ARCH__<7 && !defined(__thumb2__) - sub r3,pc,#8 @ GFp_sha512_block_data_order + sub r3,pc,#8 @ sha512_block_data_order #else adr r3,.Lsha512_block_data_order #endif #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__) ldr r12,.LOPENSSL_armcap - ldr r12,[r3,r12] @ GFp_armcap_P + ldr r12,[r3,r12] @ OPENSSL_armcap_P #ifdef __APPLE__ ldr r12,[r12] #endif @@ -548,7 +549,7 @@ GFp_sha512_block_data_order: moveq pc,lr @ be binary compatible with V4, yet .word 0xe12fff1e @ interoperable with Thumb ISA:-) #endif -.size GFp_sha512_block_data_order,.-GFp_sha512_block_data_order +.size sha512_block_data_order,.-sha512_block_data_order #if __ARM_MAX_ARCH__>=7 .arch armv7-a .fpu neon diff --git a/pregenerated/sha512-armv8-ios64.S b/pregenerated/sha512-armv8-ios64.S index fa7b20e..c4cc5b0 100644 --- a/pregenerated/sha512-armv8-ios64.S +++ b/pregenerated/sha512-armv8-ios64.S @@ -9,6 +9,7 @@ #endif #if !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" // Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use @@ -49,18 +50,18 @@ // and the gap is only 40-90%. #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> #endif .text -.private_extern _GFp_armcap_P -.globl _GFp_sha512_block_data_order -.private_extern _GFp_sha512_block_data_order +.private_extern _OPENSSL_armcap_P +.globl _sha512_block_data_order +.private_extern _sha512_block_data_order .align 6 -_GFp_sha512_block_data_order: +_sha512_block_data_order: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-128]! add x29,sp,#0 diff --git a/pregenerated/sha512-armv8-linux64.S b/pregenerated/sha512-armv8-linux64.S index 0646e60..23970e9 100644 --- a/pregenerated/sha512-armv8-linux64.S +++ b/pregenerated/sha512-armv8-linux64.S @@ -10,6 +10,7 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__aarch64__) +#include "ring_core_generated/prefix_symbols_asm.h" // Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. // // Licensed under the OpenSSL license (the "License"). You may not use @@ -50,18 +51,18 @@ // and the gap is only 40-90%. #ifndef __KERNEL__ -# include <GFp/arm_arch.h> +# include <ring-core/arm_arch.h> #endif .text -.hidden GFp_armcap_P -.globl GFp_sha512_block_data_order -.hidden GFp_sha512_block_data_order -.type GFp_sha512_block_data_order,%function +.hidden OPENSSL_armcap_P +.globl sha512_block_data_order +.hidden sha512_block_data_order +.type sha512_block_data_order,%function .align 6 -GFp_sha512_block_data_order: +sha512_block_data_order: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-128]! add x29,sp,#0 @@ -1025,7 +1026,7 @@ GFp_sha512_block_data_order: ldp x29,x30,[sp],#128 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_sha512_block_data_order,.-GFp_sha512_block_data_order +.size sha512_block_data_order,.-sha512_block_data_order .section .rodata .align 6 diff --git a/pregenerated/sha512-x86_64-elf.S b/pregenerated/sha512-x86_64-elf.S index 2208dba..ddee2cd 100644 --- a/pregenerated/sha512-x86_64-elf.S +++ b/pregenerated/sha512-x86_64-elf.S @@ -8,17 +8,18 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P -.globl GFp_sha512_block_data_order -.hidden GFp_sha512_block_data_order -.type GFp_sha512_block_data_order,@function +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P +.globl sha512_block_data_order +.hidden sha512_block_data_order +.type sha512_block_data_order,@function .align 16 -GFp_sha512_block_data_order: +sha512_block_data_order: .cfi_startproc - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 movl 0(%r11),%r9d movl 4(%r11),%r10d movl 8(%r11),%r11d @@ -1732,7 +1733,7 @@ GFp_sha512_block_data_order: .Lepilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_sha512_block_data_order,.-GFp_sha512_block_data_order +.size sha512_block_data_order,.-sha512_block_data_order .align 64 .type K512,@object K512: @@ -1820,9 +1821,9 @@ K512: .quad 0x0001020304050607,0x08090a0b0c0d0e0f .quad 0x0001020304050607,0x08090a0b0c0d0e0f .byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 -.type GFp_sha512_block_data_order_avx,@function +.type sha512_block_data_order_avx,@function .align 64 -GFp_sha512_block_data_order_avx: +sha512_block_data_order_avx: .cfi_startproc .Lavx_shortcut: movq %rsp,%rax @@ -2984,6 +2985,6 @@ GFp_sha512_block_data_order_avx: .Lepilogue_avx: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_sha512_block_data_order_avx,.-GFp_sha512_block_data_order_avx +.size sha512_block_data_order_avx,.-sha512_block_data_order_avx #endif .section .note.GNU-stack,"",@progbits diff --git a/pregenerated/sha512-x86_64-macosx.S b/pregenerated/sha512-x86_64-macosx.S index d0e461a..abc10dc 100644 --- a/pregenerated/sha512-x86_64-macosx.S +++ b/pregenerated/sha512-x86_64-macosx.S @@ -8,16 +8,17 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl _GFp_sha512_block_data_order -.private_extern _GFp_sha512_block_data_order +.globl _sha512_block_data_order +.private_extern _sha512_block_data_order .p2align 4 -_GFp_sha512_block_data_order: +_sha512_block_data_order: - leaq _GFp_ia32cap_P(%rip),%r11 + leaq _OPENSSL_ia32cap_P(%rip),%r11 movl 0(%r11),%r9d movl 4(%r11),%r10d movl 8(%r11),%r11d @@ -1821,7 +1822,7 @@ K512: .byte 83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 .p2align 6 -GFp_sha512_block_data_order_avx: +sha512_block_data_order_avx: L$avx_shortcut: movq %rsp,%rax diff --git a/pregenerated/sha512-x86_64-nasm.obj b/pregenerated/sha512-x86_64-nasm.obj Binary files differindex 49a0899..0d33a2b 100644 --- a/pregenerated/sha512-x86_64-nasm.obj +++ b/pregenerated/sha512-x86_64-nasm.obj diff --git a/pregenerated/tmp/aesni-gcm-x86_64-nasm.asm b/pregenerated/tmp/aesni-gcm-x86_64-nasm.asm index d975309..b82c880 100644 --- a/pregenerated/tmp/aesni-gcm-x86_64-nasm.asm +++ b/pregenerated/tmp/aesni-gcm-x86_64-nasm.asm @@ -5,6 +5,8 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 @@ -338,14 +340,14 @@ $L$6x_done: DB 0F3h,0C3h ;repret -global GFp_aesni_gcm_decrypt +global aesni_gcm_decrypt ALIGN 32 -GFp_aesni_gcm_decrypt: +aesni_gcm_decrypt: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_aesni_gcm_decrypt: +$L$SEH_begin_aesni_gcm_decrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -486,7 +488,7 @@ $L$gcm_dec_abort: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_aesni_gcm_decrypt: +$L$SEH_end_aesni_gcm_decrypt: ALIGN 32 _aesni_ctr32_6x: @@ -580,14 +582,14 @@ $L$handle_ctr32_2: -global GFp_aesni_gcm_encrypt +global aesni_gcm_encrypt ALIGN 32 -GFp_aesni_gcm_encrypt: +aesni_gcm_encrypt: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_aesni_gcm_encrypt: +$L$SEH_begin_aesni_gcm_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -894,7 +896,7 @@ $L$gcm_enc_abort: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_aesni_gcm_encrypt: +$L$SEH_end_aesni_gcm_encrypt: ALIGN 64 $L$bswap_mask: DB 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 @@ -1006,20 +1008,20 @@ $L$common_seh_tail: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_aesni_gcm_decrypt wrt ..imagebase - DD $L$SEH_end_GFp_aesni_gcm_decrypt wrt ..imagebase + DD $L$SEH_begin_aesni_gcm_decrypt wrt ..imagebase + DD $L$SEH_end_aesni_gcm_decrypt wrt ..imagebase DD $L$SEH_gcm_dec_info wrt ..imagebase - DD $L$SEH_begin_GFp_aesni_gcm_encrypt wrt ..imagebase - DD $L$SEH_end_GFp_aesni_gcm_encrypt wrt ..imagebase - DD $L$SEH_GFp_gcm_enc_info wrt ..imagebase + DD $L$SEH_begin_aesni_gcm_encrypt wrt ..imagebase + DD $L$SEH_end_aesni_gcm_encrypt wrt ..imagebase + DD $L$SEH_gcm_enc_info wrt ..imagebase section .xdata rdata align=8 ALIGN 8 $L$SEH_gcm_dec_info: DB 9,0,0,0 DD gcm_se_handler wrt ..imagebase DD $L$gcm_dec_body wrt ..imagebase,$L$gcm_dec_abort wrt ..imagebase -$L$SEH_GFp_gcm_enc_info: +$L$SEH_gcm_enc_info: DB 9,0,0,0 DD gcm_se_handler wrt ..imagebase DD $L$gcm_enc_body wrt ..imagebase,$L$gcm_enc_abort wrt ..imagebase diff --git a/pregenerated/tmp/aesni-x86-win32n.asm b/pregenerated/tmp/aesni-x86-win32n.asm index ad9b729..27cf66d 100644 --- a/pregenerated/tmp/aesni-x86-win32n.asm +++ b/pregenerated/tmp/aesni-x86-win32n.asm @@ -1,9 +1,7 @@ ; This file is generated from a similarly-named Perl script in the BoringSSL ; source tree. Do not edit by hand. -%ifdef BORINGSSL_PREFIX -%include "boringssl_prefix_symbols_nasm.inc" -%endif +%include "ring_core_generated/prefix_symbols_nasm.inc" %ifidn __OUTPUT_FORMAT__,obj section code use32 class=code align=64 %elifidn __OUTPUT_FORMAT__,win32 @@ -12,11 +10,11 @@ section .text code align=64 %else section .text code %endif -;extern _GFp_ia32cap_P -global _GFp_aes_hw_encrypt +;extern _OPENSSL_ia32cap_P +global _aes_hw_encrypt align 16 -_GFp_aes_hw_encrypt: -L$_GFp_aes_hw_encrypt_begin: +_aes_hw_encrypt: +L$_aes_hw_encrypt_begin: mov eax,DWORD [4+esp] mov edx,DWORD [12+esp] movups xmm2,[eax] @@ -181,10 +179,10 @@ db 102,15,56,221,232 db 102,15,56,221,240 db 102,15,56,221,248 ret -global _GFp_aes_hw_ctr32_encrypt_blocks +global _aes_hw_ctr32_encrypt_blocks align 16 -_GFp_aes_hw_ctr32_encrypt_blocks: -L$_GFp_aes_hw_ctr32_encrypt_blocks_begin: +_aes_hw_ctr32_encrypt_blocks: +L$_aes_hw_ctr32_encrypt_blocks_begin: push ebp push ebx push esi @@ -429,7 +427,7 @@ __aesni_set_encrypt_key: L$016pic: pop ebx lea ebx,[(L$key_const-L$016pic)+ebx] - lea ebp,[_GFp_ia32cap_P] + lea ebp,[_OPENSSL_ia32cap_P] movups xmm0,[eax] xorps xmm4,xmm4 mov ebp,DWORD [4+ebp] @@ -659,10 +657,10 @@ L$018bad_keybits: pop ebx pop ebp ret -global _GFp_aes_hw_set_encrypt_key +global _aes_hw_set_encrypt_key align 16 -_GFp_aes_hw_set_encrypt_key: -L$_GFp_aes_hw_set_encrypt_key_begin: +_aes_hw_set_encrypt_key: +L$_aes_hw_set_encrypt_key_begin: mov eax,DWORD [4+esp] mov ecx,DWORD [8+esp] mov edx,DWORD [12+esp] @@ -679,4 +677,4 @@ db 83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83 db 32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115 db 115,108,46,111,114,103,62,0 segment .bss -common _GFp_ia32cap_P 16 +common _OPENSSL_ia32cap_P 16 diff --git a/pregenerated/tmp/aesni-x86_64-nasm.asm b/pregenerated/tmp/aesni-x86_64-nasm.asm index 62d318a..a5af74a 100644 --- a/pregenerated/tmp/aesni-x86_64-nasm.asm +++ b/pregenerated/tmp/aesni-x86_64-nasm.asm @@ -5,13 +5,15 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P -global GFp_aes_hw_encrypt +EXTERN OPENSSL_ia32cap_P +global aes_hw_encrypt ALIGN 16 -GFp_aes_hw_encrypt: +aes_hw_encrypt: movups xmm2,XMMWORD[rcx] mov eax,DWORD[240+r8] @@ -264,14 +266,14 @@ DB 102,68,15,56,221,200 DB 0F3h,0C3h ;repret -global GFp_aes_hw_ctr32_encrypt_blocks +global aes_hw_ctr32_encrypt_blocks ALIGN 16 -GFp_aes_hw_ctr32_encrypt_blocks: +aes_hw_ctr32_encrypt_blocks: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_aes_hw_ctr32_encrypt_blocks: +$L$SEH_begin_aes_hw_ctr32_encrypt_blocks: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -377,7 +379,7 @@ DB 102,15,58,34,232,3 lea r9,[7+r8] mov DWORD[((96+12))+rsp],r10d bswap r9d - lea r10,[GFp_ia32cap_P] + lea r10,[OPENSSL_ia32cap_P] mov r10d,DWORD[4+r10] xor r9d,ebp and r10d,71303168 @@ -877,11 +879,11 @@ $L$ctr32_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_aes_hw_ctr32_encrypt_blocks: -global GFp_aes_hw_set_encrypt_key +$L$SEH_end_aes_hw_ctr32_encrypt_blocks: +global aes_hw_set_encrypt_key ALIGN 16 -GFp_aes_hw_set_encrypt_key: +aes_hw_set_encrypt_key: __aesni_set_encrypt_key: DB 0x48,0x83,0xEC,0x08 @@ -894,7 +896,7 @@ DB 0x48,0x83,0xEC,0x08 movups xmm0,XMMWORD[rcx] xorps xmm4,xmm4 - lea r10,[GFp_ia32cap_P] + lea r10,[OPENSSL_ia32cap_P] mov r10d,DWORD[4+r10] and r10d,268437504 lea rax,[16+r8] @@ -1113,7 +1115,7 @@ $L$enc_key_ret: DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_set_encrypt_key: +$L$SEH_end_set_encrypt_key: ALIGN 16 $L$key_expansion_128: @@ -1294,18 +1296,18 @@ $L$common_seh_tail: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_aes_hw_ctr32_encrypt_blocks wrt ..imagebase - DD $L$SEH_end_GFp_aes_hw_ctr32_encrypt_blocks wrt ..imagebase - DD $L$SEH_info_GFp_ctr32 wrt ..imagebase - DD GFp_aes_hw_set_encrypt_key wrt ..imagebase - DD $L$SEH_end_GFp_set_encrypt_key wrt ..imagebase - DD $L$SEH_info_GFp_key wrt ..imagebase + DD $L$SEH_begin_aes_hw_ctr32_encrypt_blocks wrt ..imagebase + DD $L$SEH_end_aes_hw_ctr32_encrypt_blocks wrt ..imagebase + DD $L$SEH_info_ctr32 wrt ..imagebase + DD aes_hw_set_encrypt_key wrt ..imagebase + DD $L$SEH_end_set_encrypt_key wrt ..imagebase + DD $L$SEH_info_key wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_ctr32: +$L$SEH_info_ctr32: DB 9,0,0,0 DD ctr_xts_se_handler wrt ..imagebase DD $L$ctr32_body wrt ..imagebase,$L$ctr32_epilogue wrt ..imagebase -$L$SEH_info_GFp_key: +$L$SEH_info_key: DB 0x01,0x04,0x01,0x00 DB 0x04,0x02,0x00,0x00 diff --git a/pregenerated/tmp/chacha-x86-win32n.asm b/pregenerated/tmp/chacha-x86-win32n.asm index 09a1f09..4b4967d 100644 --- a/pregenerated/tmp/chacha-x86-win32n.asm +++ b/pregenerated/tmp/chacha-x86-win32n.asm @@ -1,9 +1,7 @@ ; This file is generated from a similarly-named Perl script in the BoringSSL ; source tree. Do not edit by hand. -%ifdef BORINGSSL_PREFIX -%include "boringssl_prefix_symbols_nasm.inc" -%endif +%include "ring_core_generated/prefix_symbols_nasm.inc" %ifidn __OUTPUT_FORMAT__,obj section code use32 class=code align=64 %elifidn __OUTPUT_FORMAT__,win32 @@ -12,10 +10,10 @@ section .text code align=64 %else section .text code %endif -global _GFp_ChaCha20_ctr32 +global _ChaCha20_ctr32 align 16 -_GFp_ChaCha20_ctr32: -L$_GFp_ChaCha20_ctr32_begin: +_ChaCha20_ctr32: +L$_ChaCha20_ctr32_begin: push ebp push ebx push esi @@ -26,7 +24,7 @@ L$_GFp_ChaCha20_ctr32_begin: call L$pic_point L$pic_point: pop eax - lea ebp,[_GFp_ia32cap_P] + lea ebp,[_OPENSSL_ia32cap_P] test DWORD [ebp],16777216 jz NEAR L$001x86 test DWORD [4+ebp],512 @@ -970,4 +968,4 @@ db 44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32 db 60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111 db 114,103,62,0 segment .bss -common _GFp_ia32cap_P 16 +common _OPENSSL_ia32cap_P 16 diff --git a/pregenerated/tmp/chacha-x86_64-nasm.asm b/pregenerated/tmp/chacha-x86_64-nasm.asm index 1169fa5..187f0ea 100644 --- a/pregenerated/tmp/chacha-x86_64-nasm.asm +++ b/pregenerated/tmp/chacha-x86_64-nasm.asm @@ -5,10 +5,12 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P +EXTERN OPENSSL_ia32cap_P ALIGN 64 $L$zero: @@ -43,14 +45,14 @@ DB 67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54 DB 95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32 DB 98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115 DB 108,46,111,114,103,62,0 -global GFp_ChaCha20_ctr32 +global ChaCha20_ctr32 ALIGN 64 -GFp_ChaCha20_ctr32: +ChaCha20_ctr32: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_ChaCha20_ctr32: +$L$SEH_begin_ChaCha20_ctr32: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -61,7 +63,7 @@ $L$SEH_begin_GFp_ChaCha20_ctr32: cmp rdx,0 je NEAR $L$no_data - mov r10,QWORD[((GFp_ia32cap_P+4))] + mov r10,QWORD[((OPENSSL_ia32cap_P+4))] test r10d,512 jnz NEAR $L$ChaCha20_ssse3 @@ -337,7 +339,7 @@ $L$no_data: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_ChaCha20_ctr32: +$L$SEH_end_ChaCha20_ctr32: ALIGN 32 ChaCha20_ssse3: @@ -1887,9 +1889,9 @@ full_handler: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_ChaCha20_ctr32 wrt ..imagebase - DD $L$SEH_end_GFp_ChaCha20_ctr32 wrt ..imagebase - DD $L$SEH_info_GFp_ChaCha20_ctr32 wrt ..imagebase + DD $L$SEH_begin_ChaCha20_ctr32 wrt ..imagebase + DD $L$SEH_end_ChaCha20_ctr32 wrt ..imagebase + DD $L$SEH_info_ChaCha20_ctr32 wrt ..imagebase DD $L$SEH_begin_ChaCha20_ssse3 wrt ..imagebase DD $L$SEH_end_ChaCha20_ssse3 wrt ..imagebase @@ -1903,7 +1905,7 @@ ALIGN 4 DD $L$SEH_info_ChaCha20_8x wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_ChaCha20_ctr32: +$L$SEH_info_ChaCha20_ctr32: DB 9,0,0,0 DD se_handler wrt ..imagebase diff --git a/pregenerated/tmp/chacha20_poly1305_x86_64-nasm.asm b/pregenerated/tmp/chacha20_poly1305_x86_64-nasm.asm index 150930f..e124637 100644 --- a/pregenerated/tmp/chacha20_poly1305_x86_64-nasm.asm +++ b/pregenerated/tmp/chacha20_poly1305_x86_64-nasm.asm @@ -5,9 +5,11 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P +EXTERN OPENSSL_ia32cap_P chacha20_poly1305_constants: @@ -216,14 +218,14 @@ $L$hash_ad_done: -global GFp_chacha20_poly1305_open +global chacha20_poly1305_open ALIGN 64 -GFp_chacha20_poly1305_open: +chacha20_poly1305_open: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_chacha20_poly1305_open: +$L$SEH_begin_chacha20_poly1305_open: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -270,7 +272,7 @@ $L$SEH_begin_GFp_chacha20_poly1305_open: mov QWORD[((0+160+32))+rbp],r8 mov QWORD[((8+160+32))+rbp],rbx - mov eax,DWORD[((GFp_ia32cap_P+8))] + mov eax,DWORD[((OPENSSL_ia32cap_P+8))] and eax,288 xor eax,288 jz NEAR chacha20_poly1305_open_avx2 @@ -2113,7 +2115,8 @@ $L$open_sse_128_xor_hash: movdqa xmm6,xmm10 movdqa xmm10,xmm14 jmp NEAR $L$open_sse_128_xor_hash -$L$SEH_end_GFp_chacha20_poly1305_open: +$L$SEH_end_chacha20_poly1305_open: + @@ -2121,14 +2124,14 @@ $L$SEH_end_GFp_chacha20_poly1305_open: -global GFp_chacha20_poly1305_seal +global chacha20_poly1305_seal ALIGN 64 -GFp_chacha20_poly1305_seal: +chacha20_poly1305_seal: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_chacha20_poly1305_seal: +$L$SEH_begin_chacha20_poly1305_seal: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -2176,7 +2179,7 @@ $L$SEH_begin_GFp_chacha20_poly1305_seal: mov QWORD[((8+160+32))+rbp],rbx mov rbx,rdx - mov eax,DWORD[((GFp_ia32cap_P+8))] + mov eax,DWORD[((OPENSSL_ia32cap_P+8))] and eax,288 xor eax,288 jz NEAR chacha20_poly1305_seal_avx2 @@ -4138,7 +4141,7 @@ DB 102,69,15,58,15,246,4 mov r8,r8 call poly_hash_ad_internal jmp NEAR $L$seal_sse_128_tail_xor -$L$SEH_end_GFp_chacha20_poly1305_seal: +$L$SEH_end_chacha20_poly1305_seal: diff --git a/pregenerated/tmp/ecp_nistz256-x86-win32n.asm b/pregenerated/tmp/ecp_nistz256-x86-win32n.asm deleted file mode 100644 index 85b53b3..0000000 --- a/pregenerated/tmp/ecp_nistz256-x86-win32n.asm +++ /dev/null @@ -1,1105 +0,0 @@ -; This file is generated from a similarly-named Perl script in the BoringSSL -; source tree. Do not edit by hand. - -%ifdef BORINGSSL_PREFIX -%include "boringssl_prefix_symbols_nasm.inc" -%endif -%ifidn __OUTPUT_FORMAT__,obj -section code use32 class=code align=64 -%elifidn __OUTPUT_FORMAT__,win32 -$@feat.00 equ 1 -section .text code align=64 -%else -section .text code -%endif -;extern _GFp_ia32cap_P -L$ONE_mont: -dd 1,0,0,-1,-1,-1,-2,0 -align 16 -__ecp_nistz256_div_by_2: - mov ebp,DWORD [esi] - xor edx,edx - mov ebx,DWORD [4+esi] - mov eax,ebp - and ebp,1 - mov ecx,DWORD [8+esi] - sub edx,ebp - add eax,edx - adc ebx,edx - mov DWORD [edi],eax - adc ecx,edx - mov DWORD [4+edi],ebx - mov DWORD [8+edi],ecx - mov eax,DWORD [12+esi] - mov ebx,DWORD [16+esi] - adc eax,0 - mov ecx,DWORD [20+esi] - adc ebx,0 - mov DWORD [12+edi],eax - adc ecx,0 - mov DWORD [16+edi],ebx - mov DWORD [20+edi],ecx - mov eax,DWORD [24+esi] - mov ebx,DWORD [28+esi] - adc eax,ebp - adc ebx,edx - mov DWORD [24+edi],eax - sbb esi,esi - mov DWORD [28+edi],ebx - mov eax,DWORD [edi] - mov ebx,DWORD [4+edi] - mov ecx,DWORD [8+edi] - mov edx,DWORD [12+edi] - shr eax,1 - mov ebp,ebx - shl ebx,31 - or eax,ebx - shr ebp,1 - mov ebx,ecx - shl ecx,31 - mov DWORD [edi],eax - or ebp,ecx - mov eax,DWORD [16+edi] - shr ebx,1 - mov ecx,edx - shl edx,31 - mov DWORD [4+edi],ebp - or ebx,edx - mov ebp,DWORD [20+edi] - shr ecx,1 - mov edx,eax - shl eax,31 - mov DWORD [8+edi],ebx - or ecx,eax - mov ebx,DWORD [24+edi] - shr edx,1 - mov eax,ebp - shl ebp,31 - mov DWORD [12+edi],ecx - or edx,ebp - mov ecx,DWORD [28+edi] - shr eax,1 - mov ebp,ebx - shl ebx,31 - mov DWORD [16+edi],edx - or eax,ebx - shr ebp,1 - mov ebx,ecx - shl ecx,31 - mov DWORD [20+edi],eax - or ebp,ecx - shr ebx,1 - shl esi,31 - mov DWORD [24+edi],ebp - or ebx,esi - mov DWORD [28+edi],ebx - ret -global _GFp_nistz256_add -align 16 -_GFp_nistz256_add: -L$_GFp_nistz256_add_begin: - push ebp - push ebx - push esi - push edi - mov esi,DWORD [24+esp] - mov ebp,DWORD [28+esp] - mov edi,DWORD [20+esp] - call __ecp_nistz256_add - pop edi - pop esi - pop ebx - pop ebp - ret -align 16 -__ecp_nistz256_add: - mov eax,DWORD [esi] - mov ebx,DWORD [4+esi] - mov ecx,DWORD [8+esi] - add eax,DWORD [ebp] - mov edx,DWORD [12+esi] - adc ebx,DWORD [4+ebp] - mov DWORD [edi],eax - adc ecx,DWORD [8+ebp] - mov DWORD [4+edi],ebx - adc edx,DWORD [12+ebp] - mov DWORD [8+edi],ecx - mov DWORD [12+edi],edx - mov eax,DWORD [16+esi] - mov ebx,DWORD [20+esi] - mov ecx,DWORD [24+esi] - adc eax,DWORD [16+ebp] - mov edx,DWORD [28+esi] - adc ebx,DWORD [20+ebp] - mov DWORD [16+edi],eax - adc ecx,DWORD [24+ebp] - mov DWORD [20+edi],ebx - mov esi,0 - adc edx,DWORD [28+ebp] - mov DWORD [24+edi],ecx - adc esi,0 - mov DWORD [28+edi],edx - mov eax,DWORD [edi] - mov ebx,DWORD [4+edi] - mov ecx,DWORD [8+edi] - sub eax,-1 - mov edx,DWORD [12+edi] - sbb ebx,-1 - mov eax,DWORD [16+edi] - sbb ecx,-1 - mov ebx,DWORD [20+edi] - sbb edx,0 - mov ecx,DWORD [24+edi] - sbb eax,0 - mov edx,DWORD [28+edi] - sbb ebx,0 - sbb ecx,1 - sbb edx,-1 - sbb esi,0 - not esi - mov eax,DWORD [edi] - mov ebp,esi - mov ebx,DWORD [4+edi] - shr ebp,31 - mov ecx,DWORD [8+edi] - sub eax,esi - mov edx,DWORD [12+edi] - sbb ebx,esi - mov DWORD [edi],eax - sbb ecx,esi - mov DWORD [4+edi],ebx - sbb edx,0 - mov DWORD [8+edi],ecx - mov DWORD [12+edi],edx - mov eax,DWORD [16+edi] - mov ebx,DWORD [20+edi] - mov ecx,DWORD [24+edi] - sbb eax,0 - mov edx,DWORD [28+edi] - sbb ebx,0 - mov DWORD [16+edi],eax - sbb ecx,ebp - mov DWORD [20+edi],ebx - sbb edx,esi - mov DWORD [24+edi],ecx - mov DWORD [28+edi],edx - ret -align 16 -__ecp_nistz256_sub: - mov eax,DWORD [esi] - mov ebx,DWORD [4+esi] - mov ecx,DWORD [8+esi] - sub eax,DWORD [ebp] - mov edx,DWORD [12+esi] - sbb ebx,DWORD [4+ebp] - mov DWORD [edi],eax - sbb ecx,DWORD [8+ebp] - mov DWORD [4+edi],ebx - sbb edx,DWORD [12+ebp] - mov DWORD [8+edi],ecx - mov DWORD [12+edi],edx - mov eax,DWORD [16+esi] - mov ebx,DWORD [20+esi] - mov ecx,DWORD [24+esi] - sbb eax,DWORD [16+ebp] - mov edx,DWORD [28+esi] - sbb ebx,DWORD [20+ebp] - sbb ecx,DWORD [24+ebp] - mov DWORD [16+edi],eax - sbb edx,DWORD [28+ebp] - mov DWORD [20+edi],ebx - sbb esi,esi - mov DWORD [24+edi],ecx - mov DWORD [28+edi],edx - mov eax,DWORD [edi] - mov ebp,esi - mov ebx,DWORD [4+edi] - shr ebp,31 - mov ecx,DWORD [8+edi] - add eax,esi - mov edx,DWORD [12+edi] - adc ebx,esi - mov DWORD [edi],eax - adc ecx,esi - mov DWORD [4+edi],ebx - adc edx,0 - mov DWORD [8+edi],ecx - mov DWORD [12+edi],edx - mov eax,DWORD [16+edi] - mov ebx,DWORD [20+edi] - mov ecx,DWORD [24+edi] - adc eax,0 - mov edx,DWORD [28+edi] - adc ebx,0 - mov DWORD [16+edi],eax - adc ecx,ebp - mov DWORD [20+edi],ebx - adc edx,esi - mov DWORD [24+edi],ecx - mov DWORD [28+edi],edx - ret -global _GFp_nistz256_neg -align 16 -_GFp_nistz256_neg: -L$_GFp_nistz256_neg_begin: - push ebp - push ebx - push esi - push edi - mov ebp,DWORD [24+esp] - mov edi,DWORD [20+esp] - xor eax,eax - sub esp,32 - mov DWORD [esp],eax - mov esi,esp - mov DWORD [4+esp],eax - mov DWORD [8+esp],eax - mov DWORD [12+esp],eax - mov DWORD [16+esp],eax - mov DWORD [20+esp],eax - mov DWORD [24+esp],eax - mov DWORD [28+esp],eax - call __ecp_nistz256_sub - add esp,32 - pop edi - pop esi - pop ebx - pop ebp - ret -align 16 -__picup_eax: - mov eax,DWORD [esp] - ret -global _GFp_nistz256_mul_mont -align 16 -_GFp_nistz256_mul_mont: -L$_GFp_nistz256_mul_mont_begin: - push ebp - push ebx - push esi - push edi - mov esi,DWORD [24+esp] - mov ebp,DWORD [28+esp] - call __picup_eax -L$000pic: - lea eax,[_GFp_ia32cap_P] - mov eax,DWORD [eax] - mov edi,DWORD [20+esp] - call __ecp_nistz256_mul_mont - pop edi - pop esi - pop ebx - pop ebp - ret -align 16 -__ecp_nistz256_mul_mont: - mov edx,esp - sub esp,256 - movd xmm7,DWORD [ebp] - lea ebp,[4+ebp] - pcmpeqd xmm6,xmm6 - psrlq xmm6,48 - pshuflw xmm7,xmm7,220 - and esp,-64 - pshufd xmm7,xmm7,220 - lea ebx,[128+esp] - movd xmm0,DWORD [esi] - pshufd xmm0,xmm0,204 - movd xmm1,DWORD [4+esi] - movdqa [ebx],xmm0 - pmuludq xmm0,xmm7 - movd xmm2,DWORD [8+esi] - pshufd xmm1,xmm1,204 - movdqa [16+ebx],xmm1 - pmuludq xmm1,xmm7 - movq xmm4,xmm0 - pslldq xmm4,6 - paddq xmm4,xmm0 - movdqa xmm5,xmm4 - psrldq xmm4,10 - pand xmm5,xmm6 - movd xmm3,DWORD [12+esi] - pshufd xmm2,xmm2,204 - movdqa [32+ebx],xmm2 - pmuludq xmm2,xmm7 - paddq xmm1,xmm4 - movdqa [esp],xmm1 - movd xmm0,DWORD [16+esi] - pshufd xmm3,xmm3,204 - movdqa [48+ebx],xmm3 - pmuludq xmm3,xmm7 - movdqa [16+esp],xmm2 - movd xmm1,DWORD [20+esi] - pshufd xmm0,xmm0,204 - movdqa [64+ebx],xmm0 - pmuludq xmm0,xmm7 - paddq xmm3,xmm5 - movdqa [32+esp],xmm3 - movd xmm2,DWORD [24+esi] - pshufd xmm1,xmm1,204 - movdqa [80+ebx],xmm1 - pmuludq xmm1,xmm7 - movdqa [48+esp],xmm0 - pshufd xmm4,xmm5,177 - movd xmm3,DWORD [28+esi] - pshufd xmm2,xmm2,204 - movdqa [96+ebx],xmm2 - pmuludq xmm2,xmm7 - movdqa [64+esp],xmm1 - psubq xmm4,xmm5 - movd xmm0,DWORD [ebp] - pshufd xmm3,xmm3,204 - movdqa [112+ebx],xmm3 - pmuludq xmm3,xmm7 - pshuflw xmm7,xmm0,220 - movdqa xmm0,[ebx] - pshufd xmm7,xmm7,220 - mov ecx,6 - lea ebp,[4+ebp] - jmp NEAR L$001madd_sse2 -align 16 -L$001madd_sse2: - paddq xmm2,xmm5 - paddq xmm3,xmm4 - movdqa xmm1,[16+ebx] - pmuludq xmm0,xmm7 - movdqa [80+esp],xmm2 - movdqa xmm2,[32+ebx] - pmuludq xmm1,xmm7 - movdqa [96+esp],xmm3 - paddq xmm0,[esp] - movdqa xmm3,[48+ebx] - pmuludq xmm2,xmm7 - movq xmm4,xmm0 - pslldq xmm4,6 - paddq xmm1,[16+esp] - paddq xmm4,xmm0 - movdqa xmm5,xmm4 - psrldq xmm4,10 - movdqa xmm0,[64+ebx] - pmuludq xmm3,xmm7 - paddq xmm1,xmm4 - paddq xmm2,[32+esp] - movdqa [esp],xmm1 - movdqa xmm1,[80+ebx] - pmuludq xmm0,xmm7 - paddq xmm3,[48+esp] - movdqa [16+esp],xmm2 - pand xmm5,xmm6 - movdqa xmm2,[96+ebx] - pmuludq xmm1,xmm7 - paddq xmm3,xmm5 - paddq xmm0,[64+esp] - movdqa [32+esp],xmm3 - pshufd xmm4,xmm5,177 - movdqa xmm3,xmm7 - pmuludq xmm2,xmm7 - movd xmm7,DWORD [ebp] - lea ebp,[4+ebp] - paddq xmm1,[80+esp] - psubq xmm4,xmm5 - movdqa [48+esp],xmm0 - pshuflw xmm7,xmm7,220 - pmuludq xmm3,[112+ebx] - pshufd xmm7,xmm7,220 - movdqa xmm0,[ebx] - movdqa [64+esp],xmm1 - paddq xmm2,[96+esp] - dec ecx - jnz NEAR L$001madd_sse2 - paddq xmm2,xmm5 - paddq xmm3,xmm4 - movdqa xmm1,[16+ebx] - pmuludq xmm0,xmm7 - movdqa [80+esp],xmm2 - movdqa xmm2,[32+ebx] - pmuludq xmm1,xmm7 - movdqa [96+esp],xmm3 - paddq xmm0,[esp] - movdqa xmm3,[48+ebx] - pmuludq xmm2,xmm7 - movq xmm4,xmm0 - pslldq xmm4,6 - paddq xmm1,[16+esp] - paddq xmm4,xmm0 - movdqa xmm5,xmm4 - psrldq xmm4,10 - movdqa xmm0,[64+ebx] - pmuludq xmm3,xmm7 - paddq xmm1,xmm4 - paddq xmm2,[32+esp] - movdqa [esp],xmm1 - movdqa xmm1,[80+ebx] - pmuludq xmm0,xmm7 - paddq xmm3,[48+esp] - movdqa [16+esp],xmm2 - pand xmm5,xmm6 - movdqa xmm2,[96+ebx] - pmuludq xmm1,xmm7 - paddq xmm3,xmm5 - paddq xmm0,[64+esp] - movdqa [32+esp],xmm3 - pshufd xmm4,xmm5,177 - movdqa xmm3,[112+ebx] - pmuludq xmm2,xmm7 - paddq xmm1,[80+esp] - psubq xmm4,xmm5 - movdqa [48+esp],xmm0 - pmuludq xmm3,xmm7 - pcmpeqd xmm7,xmm7 - movdqa xmm0,[esp] - pslldq xmm7,8 - movdqa [64+esp],xmm1 - paddq xmm2,[96+esp] - paddq xmm2,xmm5 - paddq xmm3,xmm4 - movdqa [80+esp],xmm2 - movdqa [96+esp],xmm3 - movdqa xmm1,[16+esp] - movdqa xmm2,[32+esp] - movdqa xmm3,[48+esp] - movq xmm4,xmm0 - pand xmm0,xmm7 - xor ebp,ebp - pslldq xmm4,6 - movq xmm5,xmm1 - paddq xmm0,xmm4 - pand xmm1,xmm7 - psrldq xmm0,6 - movd eax,xmm0 - psrldq xmm0,4 - paddq xmm5,xmm0 - movdqa xmm0,[64+esp] - sub eax,-1 - pslldq xmm5,6 - movq xmm4,xmm2 - paddq xmm1,xmm5 - pand xmm2,xmm7 - psrldq xmm1,6 - mov DWORD [edi],eax - movd eax,xmm1 - psrldq xmm1,4 - paddq xmm4,xmm1 - movdqa xmm1,[80+esp] - sbb eax,-1 - pslldq xmm4,6 - movq xmm5,xmm3 - paddq xmm2,xmm4 - pand xmm3,xmm7 - psrldq xmm2,6 - mov DWORD [4+edi],eax - movd eax,xmm2 - psrldq xmm2,4 - paddq xmm5,xmm2 - movdqa xmm2,[96+esp] - sbb eax,-1 - pslldq xmm5,6 - movq xmm4,xmm0 - paddq xmm3,xmm5 - pand xmm0,xmm7 - psrldq xmm3,6 - mov DWORD [8+edi],eax - movd eax,xmm3 - psrldq xmm3,4 - paddq xmm4,xmm3 - sbb eax,0 - pslldq xmm4,6 - movq xmm5,xmm1 - paddq xmm0,xmm4 - pand xmm1,xmm7 - psrldq xmm0,6 - mov DWORD [12+edi],eax - movd eax,xmm0 - psrldq xmm0,4 - paddq xmm5,xmm0 - sbb eax,0 - pslldq xmm5,6 - movq xmm4,xmm2 - paddq xmm1,xmm5 - pand xmm2,xmm7 - psrldq xmm1,6 - movd ebx,xmm1 - psrldq xmm1,4 - mov esp,edx - paddq xmm4,xmm1 - pslldq xmm4,6 - paddq xmm2,xmm4 - psrldq xmm2,6 - movd ecx,xmm2 - psrldq xmm2,4 - sbb ebx,0 - movd edx,xmm2 - pextrw esi,xmm2,2 - sbb ecx,1 - sbb edx,-1 - sbb esi,0 - sub ebp,esi - add DWORD [edi],esi - adc DWORD [4+edi],esi - adc DWORD [8+edi],esi - adc DWORD [12+edi],0 - adc eax,0 - adc ebx,0 - mov DWORD [16+edi],eax - adc ecx,ebp - mov DWORD [20+edi],ebx - adc edx,esi - mov DWORD [24+edi],ecx - mov DWORD [28+edi],edx - ret -global _GFp_nistz256_point_double -align 16 -_GFp_nistz256_point_double: -L$_GFp_nistz256_point_double_begin: - push ebp - push ebx - push esi - push edi - mov esi,DWORD [24+esp] - sub esp,164 - call __picup_eax -L$002pic: - lea edx,[_GFp_ia32cap_P] - mov ebp,DWORD [edx] -L$point_double_shortcut: - mov eax,DWORD [esi] - mov ebx,DWORD [4+esi] - mov ecx,DWORD [8+esi] - mov edx,DWORD [12+esi] - mov DWORD [96+esp],eax - mov DWORD [100+esp],ebx - mov DWORD [104+esp],ecx - mov DWORD [108+esp],edx - mov eax,DWORD [16+esi] - mov ebx,DWORD [20+esi] - mov ecx,DWORD [24+esi] - mov edx,DWORD [28+esi] - mov DWORD [112+esp],eax - mov DWORD [116+esp],ebx - mov DWORD [120+esp],ecx - mov DWORD [124+esp],edx - mov DWORD [160+esp],ebp - lea ebp,[32+esi] - lea esi,[32+esi] - lea edi,[esp] - call __ecp_nistz256_add - mov eax,DWORD [160+esp] - mov esi,64 - add esi,DWORD [188+esp] - lea edi,[64+esp] - mov ebp,esi - call __ecp_nistz256_mul_mont - mov eax,DWORD [160+esp] - lea esi,[esp] - lea ebp,[esp] - lea edi,[esp] - call __ecp_nistz256_mul_mont - mov eax,DWORD [160+esp] - mov ebp,DWORD [188+esp] - lea esi,[32+ebp] - lea ebp,[64+ebp] - lea edi,[128+esp] - call __ecp_nistz256_mul_mont - lea esi,[96+esp] - lea ebp,[64+esp] - lea edi,[32+esp] - call __ecp_nistz256_add - mov edi,64 - lea esi,[128+esp] - lea ebp,[128+esp] - add edi,DWORD [184+esp] - call __ecp_nistz256_add - lea esi,[96+esp] - lea ebp,[64+esp] - lea edi,[64+esp] - call __ecp_nistz256_sub - mov eax,DWORD [160+esp] - lea esi,[esp] - lea ebp,[esp] - lea edi,[128+esp] - call __ecp_nistz256_mul_mont - mov eax,DWORD [160+esp] - lea esi,[32+esp] - lea ebp,[64+esp] - lea edi,[32+esp] - call __ecp_nistz256_mul_mont - mov edi,32 - lea esi,[128+esp] - add edi,DWORD [184+esp] - call __ecp_nistz256_div_by_2 - lea esi,[32+esp] - lea ebp,[32+esp] - lea edi,[128+esp] - call __ecp_nistz256_add - mov eax,DWORD [160+esp] - lea esi,[96+esp] - lea ebp,[esp] - lea edi,[esp] - call __ecp_nistz256_mul_mont - lea esi,[128+esp] - lea ebp,[32+esp] - lea edi,[32+esp] - call __ecp_nistz256_add - lea esi,[esp] - lea ebp,[esp] - lea edi,[128+esp] - call __ecp_nistz256_add - mov eax,DWORD [160+esp] - lea esi,[32+esp] - lea ebp,[32+esp] - mov edi,DWORD [184+esp] - call __ecp_nistz256_mul_mont - mov esi,edi - lea ebp,[128+esp] - call __ecp_nistz256_sub - lea esi,[esp] - mov ebp,edi - lea edi,[esp] - call __ecp_nistz256_sub - mov eax,DWORD [160+esp] - mov esi,edi - lea ebp,[32+esp] - call __ecp_nistz256_mul_mont - mov ebp,32 - lea esi,[esp] - add ebp,DWORD [184+esp] - mov edi,ebp - call __ecp_nistz256_sub - add esp,164 - pop edi - pop esi - pop ebx - pop ebp - ret -global _GFp_nistz256_point_add_affine -align 16 -_GFp_nistz256_point_add_affine: -L$_GFp_nistz256_point_add_affine_begin: - push ebp - push ebx - push esi - push edi - mov esi,DWORD [24+esp] - sub esp,492 - call __picup_eax -L$003pic: - lea edx,[_GFp_ia32cap_P] - mov ebp,DWORD [edx] - lea edi,[96+esp] - mov eax,DWORD [esi] - mov ebx,DWORD [4+esi] - mov ecx,DWORD [8+esi] - mov edx,DWORD [12+esi] - mov DWORD [edi],eax - mov DWORD [488+esp],ebp - mov DWORD [4+edi],ebx - mov DWORD [8+edi],ecx - mov DWORD [12+edi],edx - mov eax,DWORD [16+esi] - mov ebx,DWORD [20+esi] - mov ecx,DWORD [24+esi] - mov edx,DWORD [28+esi] - mov DWORD [16+edi],eax - mov DWORD [20+edi],ebx - mov DWORD [24+edi],ecx - mov DWORD [28+edi],edx - mov eax,DWORD [32+esi] - mov ebx,DWORD [36+esi] - mov ecx,DWORD [40+esi] - mov edx,DWORD [44+esi] - mov DWORD [32+edi],eax - mov DWORD [36+edi],ebx - mov DWORD [40+edi],ecx - mov DWORD [44+edi],edx - mov eax,DWORD [48+esi] - mov ebx,DWORD [52+esi] - mov ecx,DWORD [56+esi] - mov edx,DWORD [60+esi] - mov DWORD [48+edi],eax - mov DWORD [52+edi],ebx - mov DWORD [56+edi],ecx - mov DWORD [60+edi],edx - mov eax,DWORD [64+esi] - mov ebx,DWORD [68+esi] - mov ecx,DWORD [72+esi] - mov edx,DWORD [76+esi] - mov DWORD [64+edi],eax - mov ebp,eax - mov DWORD [68+edi],ebx - or ebp,ebx - mov DWORD [72+edi],ecx - or ebp,ecx - mov DWORD [76+edi],edx - or ebp,edx - mov eax,DWORD [80+esi] - mov ebx,DWORD [84+esi] - mov ecx,DWORD [88+esi] - mov edx,DWORD [92+esi] - mov DWORD [80+edi],eax - or ebp,eax - mov DWORD [84+edi],ebx - or ebp,ebx - mov DWORD [88+edi],ecx - or ebp,ecx - mov DWORD [92+edi],edx - or ebp,edx - xor eax,eax - mov esi,DWORD [520+esp] - sub eax,ebp - or ebp,eax - sar ebp,31 - mov DWORD [480+esp],ebp - lea edi,[192+esp] - mov eax,DWORD [esi] - mov ebx,DWORD [4+esi] - mov ecx,DWORD [8+esi] - mov edx,DWORD [12+esi] - mov DWORD [edi],eax - mov ebp,eax - mov DWORD [4+edi],ebx - or ebp,ebx - mov DWORD [8+edi],ecx - or ebp,ecx - mov DWORD [12+edi],edx - or ebp,edx - mov eax,DWORD [16+esi] - mov ebx,DWORD [20+esi] - mov ecx,DWORD [24+esi] - mov edx,DWORD [28+esi] - mov DWORD [16+edi],eax - or ebp,eax - mov DWORD [20+edi],ebx - or ebp,ebx - mov DWORD [24+edi],ecx - or ebp,ecx - mov DWORD [28+edi],edx - or ebp,edx - mov eax,DWORD [32+esi] - mov ebx,DWORD [36+esi] - mov ecx,DWORD [40+esi] - mov edx,DWORD [44+esi] - mov DWORD [32+edi],eax - or ebp,eax - mov DWORD [36+edi],ebx - or ebp,ebx - mov DWORD [40+edi],ecx - or ebp,ecx - mov DWORD [44+edi],edx - or ebp,edx - mov eax,DWORD [48+esi] - mov ebx,DWORD [52+esi] - mov ecx,DWORD [56+esi] - mov edx,DWORD [60+esi] - mov DWORD [48+edi],eax - or ebp,eax - mov DWORD [52+edi],ebx - or ebp,ebx - mov DWORD [56+edi],ecx - or ebp,ecx - mov DWORD [60+edi],edx - or ebp,edx - xor ebx,ebx - mov eax,DWORD [488+esp] - sub ebx,ebp - lea esi,[160+esp] - or ebx,ebp - lea ebp,[160+esp] - sar ebx,31 - lea edi,[288+esp] - mov DWORD [484+esp],ebx - call __ecp_nistz256_mul_mont - mov eax,DWORD [488+esp] - lea esi,[192+esp] - mov ebp,edi - lea edi,[256+esp] - call __ecp_nistz256_mul_mont - mov eax,DWORD [488+esp] - lea esi,[160+esp] - lea ebp,[288+esp] - lea edi,[288+esp] - call __ecp_nistz256_mul_mont - lea esi,[256+esp] - lea ebp,[96+esp] - lea edi,[320+esp] - call __ecp_nistz256_sub - mov eax,DWORD [488+esp] - lea esi,[224+esp] - lea ebp,[288+esp] - lea edi,[288+esp] - call __ecp_nistz256_mul_mont - mov eax,DWORD [488+esp] - lea esi,[160+esp] - lea ebp,[320+esp] - lea edi,[64+esp] - call __ecp_nistz256_mul_mont - lea esi,[288+esp] - lea ebp,[128+esp] - lea edi,[352+esp] - call __ecp_nistz256_sub - mov eax,DWORD [488+esp] - lea esi,[320+esp] - lea ebp,[320+esp] - lea edi,[384+esp] - call __ecp_nistz256_mul_mont - mov eax,DWORD [488+esp] - lea esi,[352+esp] - lea ebp,[352+esp] - lea edi,[448+esp] - call __ecp_nistz256_mul_mont - mov eax,DWORD [488+esp] - lea esi,[96+esp] - lea ebp,[384+esp] - lea edi,[256+esp] - call __ecp_nistz256_mul_mont - mov eax,DWORD [488+esp] - lea esi,[320+esp] - lea ebp,[384+esp] - lea edi,[416+esp] - call __ecp_nistz256_mul_mont - lea esi,[256+esp] - lea ebp,[256+esp] - lea edi,[384+esp] - call __ecp_nistz256_add - lea esi,[448+esp] - lea ebp,[384+esp] - lea edi,[esp] - call __ecp_nistz256_sub - lea esi,[esp] - lea ebp,[416+esp] - lea edi,[esp] - call __ecp_nistz256_sub - lea esi,[256+esp] - lea ebp,[esp] - lea edi,[32+esp] - call __ecp_nistz256_sub - mov eax,DWORD [488+esp] - lea esi,[416+esp] - lea ebp,[128+esp] - lea edi,[288+esp] - call __ecp_nistz256_mul_mont - mov eax,DWORD [488+esp] - lea esi,[352+esp] - lea ebp,[32+esp] - lea edi,[32+esp] - call __ecp_nistz256_mul_mont - lea esi,[32+esp] - lea ebp,[288+esp] - lea edi,[32+esp] - call __ecp_nistz256_sub - mov ebp,DWORD [480+esp] - mov esi,DWORD [484+esp] - mov edi,DWORD [512+esp] - mov edx,ebp - not ebp - and edx,esi - and ebp,esi - not esi - mov eax,edx - and eax,DWORD [64+esp] - mov ebx,ebp - and ebx,1 - mov ecx,esi - and ecx,DWORD [160+esp] - or eax,ebx - or eax,ecx - mov DWORD [64+edi],eax - mov eax,edx - and eax,DWORD [68+esp] - mov ecx,esi - and ecx,DWORD [164+esp] - or eax,ecx - mov DWORD [68+edi],eax - mov eax,edx - and eax,DWORD [72+esp] - mov ecx,esi - and ecx,DWORD [168+esp] - or eax,ecx - mov DWORD [72+edi],eax - mov eax,edx - and eax,DWORD [76+esp] - mov ecx,esi - and ecx,DWORD [172+esp] - or eax,ebp - or eax,ecx - mov DWORD [76+edi],eax - mov eax,edx - and eax,DWORD [80+esp] - mov ecx,esi - and ecx,DWORD [176+esp] - or eax,ebp - or eax,ecx - mov DWORD [80+edi],eax - mov eax,edx - and eax,DWORD [84+esp] - mov ecx,esi - and ecx,DWORD [180+esp] - or eax,ebp - or eax,ecx - mov DWORD [84+edi],eax - mov eax,edx - and eax,DWORD [88+esp] - mov ebx,ebp - and ebx,-2 - mov ecx,esi - and ecx,DWORD [184+esp] - or eax,ebx - or eax,ecx - mov DWORD [88+edi],eax - mov eax,edx - and eax,DWORD [92+esp] - mov ecx,esi - and ecx,DWORD [188+esp] - or eax,ecx - mov DWORD [92+edi],eax - mov eax,edx - and eax,DWORD [esp] - mov ebx,ebp - and ebx,DWORD [192+esp] - mov ecx,esi - and ecx,DWORD [96+esp] - or eax,ebx - or eax,ecx - mov DWORD [edi],eax - mov eax,edx - and eax,DWORD [4+esp] - mov ebx,ebp - and ebx,DWORD [196+esp] - mov ecx,esi - and ecx,DWORD [100+esp] - or eax,ebx - or eax,ecx - mov DWORD [4+edi],eax - mov eax,edx - and eax,DWORD [8+esp] - mov ebx,ebp - and ebx,DWORD [200+esp] - mov ecx,esi - and ecx,DWORD [104+esp] - or eax,ebx - or eax,ecx - mov DWORD [8+edi],eax - mov eax,edx - and eax,DWORD [12+esp] - mov ebx,ebp - and ebx,DWORD [204+esp] - mov ecx,esi - and ecx,DWORD [108+esp] - or eax,ebx - or eax,ecx - mov DWORD [12+edi],eax - mov eax,edx - and eax,DWORD [16+esp] - mov ebx,ebp - and ebx,DWORD [208+esp] - mov ecx,esi - and ecx,DWORD [112+esp] - or eax,ebx - or eax,ecx - mov DWORD [16+edi],eax - mov eax,edx - and eax,DWORD [20+esp] - mov ebx,ebp - and ebx,DWORD [212+esp] - mov ecx,esi - and ecx,DWORD [116+esp] - or eax,ebx - or eax,ecx - mov DWORD [20+edi],eax - mov eax,edx - and eax,DWORD [24+esp] - mov ebx,ebp - and ebx,DWORD [216+esp] - mov ecx,esi - and ecx,DWORD [120+esp] - or eax,ebx - or eax,ecx - mov DWORD [24+edi],eax - mov eax,edx - and eax,DWORD [28+esp] - mov ebx,ebp - and ebx,DWORD [220+esp] - mov ecx,esi - and ecx,DWORD [124+esp] - or eax,ebx - or eax,ecx - mov DWORD [28+edi],eax - mov eax,edx - and eax,DWORD [32+esp] - mov ebx,ebp - and ebx,DWORD [224+esp] - mov ecx,esi - and ecx,DWORD [128+esp] - or eax,ebx - or eax,ecx - mov DWORD [32+edi],eax - mov eax,edx - and eax,DWORD [36+esp] - mov ebx,ebp - and ebx,DWORD [228+esp] - mov ecx,esi - and ecx,DWORD [132+esp] - or eax,ebx - or eax,ecx - mov DWORD [36+edi],eax - mov eax,edx - and eax,DWORD [40+esp] - mov ebx,ebp - and ebx,DWORD [232+esp] - mov ecx,esi - and ecx,DWORD [136+esp] - or eax,ebx - or eax,ecx - mov DWORD [40+edi],eax - mov eax,edx - and eax,DWORD [44+esp] - mov ebx,ebp - and ebx,DWORD [236+esp] - mov ecx,esi - and ecx,DWORD [140+esp] - or eax,ebx - or eax,ecx - mov DWORD [44+edi],eax - mov eax,edx - and eax,DWORD [48+esp] - mov ebx,ebp - and ebx,DWORD [240+esp] - mov ecx,esi - and ecx,DWORD [144+esp] - or eax,ebx - or eax,ecx - mov DWORD [48+edi],eax - mov eax,edx - and eax,DWORD [52+esp] - mov ebx,ebp - and ebx,DWORD [244+esp] - mov ecx,esi - and ecx,DWORD [148+esp] - or eax,ebx - or eax,ecx - mov DWORD [52+edi],eax - mov eax,edx - and eax,DWORD [56+esp] - mov ebx,ebp - and ebx,DWORD [248+esp] - mov ecx,esi - and ecx,DWORD [152+esp] - or eax,ebx - or eax,ecx - mov DWORD [56+edi],eax - mov eax,edx - and eax,DWORD [60+esp] - mov ebx,ebp - and ebx,DWORD [252+esp] - mov ecx,esi - and ecx,DWORD [156+esp] - or eax,ebx - or eax,ecx - mov DWORD [60+edi],eax - add esp,492 - pop edi - pop esi - pop ebx - pop ebp - ret -segment .bss -common _GFp_ia32cap_P 16 diff --git a/pregenerated/tmp/ghash-x86-win32n.asm b/pregenerated/tmp/ghash-x86-win32n.asm index 2ac02cb..6a3f398 100644 --- a/pregenerated/tmp/ghash-x86-win32n.asm +++ b/pregenerated/tmp/ghash-x86-win32n.asm @@ -1,9 +1,7 @@ ; This file is generated from a similarly-named Perl script in the BoringSSL ; source tree. Do not edit by hand. -%ifdef BORINGSSL_PREFIX -%include "boringssl_prefix_symbols_nasm.inc" -%endif +%include "ring_core_generated/prefix_symbols_nasm.inc" %ifidn __OUTPUT_FORMAT__,obj section code use32 class=code align=64 %elifidn __OUTPUT_FORMAT__,win32 @@ -12,10 +10,10 @@ section .text code align=64 %else section .text code %endif -global _GFp_gcm_init_clmul +global _gcm_init_clmul align 16 -_GFp_gcm_init_clmul: -L$_GFp_gcm_init_clmul_begin: +_gcm_init_clmul: +L$_gcm_init_clmul_begin: mov edx,DWORD [4+esp] mov eax,DWORD [8+esp] call L$000pic @@ -79,10 +77,10 @@ db 102,15,58,68,220,0 db 102,15,58,15,227,8 movdqu [32+edx],xmm4 ret -global _GFp_gcm_gmult_clmul +global _gcm_gmult_clmul align 16 -_GFp_gcm_gmult_clmul: -L$_GFp_gcm_gmult_clmul_begin: +_gcm_gmult_clmul: +L$_gcm_gmult_clmul_begin: mov eax,DWORD [4+esp] mov edx,DWORD [8+esp] call L$001pic @@ -130,10 +128,10 @@ db 102,15,58,68,220,0 db 102,15,56,0,197 movdqu [eax],xmm0 ret -global _GFp_gcm_ghash_clmul +global _gcm_ghash_clmul align 16 -_GFp_gcm_ghash_clmul: -L$_GFp_gcm_ghash_clmul_begin: +_gcm_ghash_clmul: +L$_gcm_ghash_clmul_begin: push ebp push ebx push esi diff --git a/pregenerated/tmp/ghash-x86_64-nasm.asm b/pregenerated/tmp/ghash-x86_64-nasm.asm index 89e1185..7cb2d4d 100644 --- a/pregenerated/tmp/ghash-x86_64-nasm.asm +++ b/pregenerated/tmp/ghash-x86_64-nasm.asm @@ -5,16 +5,18 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P -global GFp_gcm_init_clmul +EXTERN OPENSSL_ia32cap_P +global gcm_init_clmul ALIGN 16 -GFp_gcm_init_clmul: +gcm_init_clmul: $L$_init_clmul: -$L$SEH_begin_GFp_gcm_init_clmul: +$L$SEH_begin_gcm_init_clmul: DB 0x48,0x83,0xec,0x18 DB 0x0f,0x29,0x34,0x24 @@ -169,14 +171,14 @@ DB 102,15,58,15,227,8 movdqu XMMWORD[80+rcx],xmm4 movaps xmm6,XMMWORD[rsp] lea rsp,[24+rsp] -$L$SEH_end_GFp_gcm_init_clmul: +$L$SEH_end_gcm_init_clmul: DB 0F3h,0C3h ;repret -global GFp_gcm_gmult_clmul +global gcm_gmult_clmul ALIGN 16 -GFp_gcm_gmult_clmul: +gcm_gmult_clmul: $L$_gmult_clmul: movdqu xmm0,XMMWORD[rcx] @@ -226,14 +228,14 @@ DB 102,15,56,0,197 DB 0F3h,0C3h ;repret -global GFp_gcm_ghash_clmul +global gcm_ghash_clmul ALIGN 32 -GFp_gcm_ghash_clmul: +gcm_ghash_clmul: $L$_ghash_clmul: lea rax,[((-136))+rsp] -$L$SEH_begin_GFp_gcm_ghash_clmul: +$L$SEH_begin_gcm_ghash_clmul: DB 0x48,0x8d,0x60,0xe0 DB 0x0f,0x29,0x70,0xe0 @@ -257,7 +259,7 @@ DB 102,65,15,56,0,194 jz NEAR $L$odd_tail movdqu xmm6,XMMWORD[16+rdx] - lea rax,[GFp_ia32cap_P] + lea rax,[OPENSSL_ia32cap_P] mov eax,DWORD[4+rax] cmp r9,0x30 jb NEAR $L$skip4x @@ -634,16 +636,16 @@ DB 102,65,15,56,0,194 movaps xmm14,XMMWORD[128+rsp] movaps xmm15,XMMWORD[144+rsp] lea rsp,[168+rsp] -$L$SEH_end_GFp_gcm_ghash_clmul: +$L$SEH_end_gcm_ghash_clmul: DB 0F3h,0C3h ;repret -global GFp_gcm_init_avx +global gcm_init_avx ALIGN 32 -GFp_gcm_init_avx: +gcm_init_avx: -$L$SEH_begin_GFp_gcm_init_avx: +$L$SEH_begin_gcm_init_avx: DB 0x48,0x83,0xec,0x18 DB 0x0f,0x29,0x34,0x24 @@ -750,17 +752,17 @@ $L$init_start_avx: vzeroupper movaps xmm6,XMMWORD[rsp] lea rsp,[24+rsp] -$L$SEH_end_GFp_gcm_init_avx: +$L$SEH_end_gcm_init_avx: DB 0F3h,0C3h ;repret -global GFp_gcm_ghash_avx +global gcm_ghash_avx ALIGN 32 -GFp_gcm_ghash_avx: +gcm_ghash_avx: lea rax,[((-136))+rsp] -$L$SEH_begin_GFp_gcm_ghash_avx: +$L$SEH_begin_gcm_ghash_avx: DB 0x48,0x8d,0x60,0xe0 DB 0x0f,0x29,0x70,0xe0 @@ -1154,7 +1156,7 @@ $L$tail_no_xor_avx: movaps xmm14,XMMWORD[128+rsp] movaps xmm15,XMMWORD[144+rsp] lea rsp,[168+rsp] -$L$SEH_end_GFp_gcm_ghash_avx: +$L$SEH_end_gcm_ghash_avx: DB 0F3h,0C3h ;repret @@ -1174,27 +1176,27 @@ DB 114,103,62,0 ALIGN 64 section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_gcm_init_clmul wrt ..imagebase - DD $L$SEH_end_GFp_gcm_init_clmul wrt ..imagebase - DD $L$SEH_info_GFp_gcm_init_clmul wrt ..imagebase - - DD $L$SEH_begin_GFp_gcm_ghash_clmul wrt ..imagebase - DD $L$SEH_end_GFp_gcm_ghash_clmul wrt ..imagebase - DD $L$SEH_info_GFp_gcm_ghash_clmul wrt ..imagebase - DD $L$SEH_begin_GFp_gcm_init_avx wrt ..imagebase - DD $L$SEH_end_GFp_gcm_init_avx wrt ..imagebase - DD $L$SEH_info_GFp_gcm_init_clmul wrt ..imagebase - - DD $L$SEH_begin_GFp_gcm_ghash_avx wrt ..imagebase - DD $L$SEH_end_GFp_gcm_ghash_avx wrt ..imagebase - DD $L$SEH_info_GFp_gcm_ghash_clmul wrt ..imagebase + DD $L$SEH_begin_gcm_init_clmul wrt ..imagebase + DD $L$SEH_end_gcm_init_clmul wrt ..imagebase + DD $L$SEH_info_gcm_init_clmul wrt ..imagebase + + DD $L$SEH_begin_gcm_ghash_clmul wrt ..imagebase + DD $L$SEH_end_gcm_ghash_clmul wrt ..imagebase + DD $L$SEH_info_gcm_ghash_clmul wrt ..imagebase + DD $L$SEH_begin_gcm_init_avx wrt ..imagebase + DD $L$SEH_end_gcm_init_avx wrt ..imagebase + DD $L$SEH_info_gcm_init_clmul wrt ..imagebase + + DD $L$SEH_begin_gcm_ghash_avx wrt ..imagebase + DD $L$SEH_end_gcm_ghash_avx wrt ..imagebase + DD $L$SEH_info_gcm_ghash_clmul wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_gcm_init_clmul: +$L$SEH_info_gcm_init_clmul: DB 0x01,0x08,0x03,0x00 DB 0x08,0x68,0x00,0x00 DB 0x04,0x22,0x00,0x00 -$L$SEH_info_GFp_gcm_ghash_clmul: +$L$SEH_info_gcm_ghash_clmul: DB 0x01,0x33,0x16,0x00 DB 0x33,0xf8,0x09,0x00 DB 0x2e,0xe8,0x08,0x00 diff --git a/pregenerated/tmp/p256-x86_64-asm-nasm.asm b/pregenerated/tmp/p256-x86_64-asm-nasm.asm index f1051be..00442f1 100644 --- a/pregenerated/tmp/p256-x86_64-asm-nasm.asm +++ b/pregenerated/tmp/p256-x86_64-asm-nasm.asm @@ -5,9 +5,11 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P +EXTERN OPENSSL_ia32cap_P ALIGN 64 @@ -31,71 +33,14 @@ $L$ordK: -global GFp_nistz256_add - -ALIGN 32 -GFp_nistz256_add: - mov QWORD[8+rsp],rdi ;WIN64 prologue - mov QWORD[16+rsp],rsi - mov rax,rsp -$L$SEH_begin_GFp_nistz256_add: - mov rdi,rcx - mov rsi,rdx - mov rdx,r8 - - - push r12 - push r13 - - mov r8,QWORD[rsi] - xor r13,r13 - mov r9,QWORD[8+rsi] - mov r10,QWORD[16+rsi] - mov r11,QWORD[24+rsi] - lea rsi,[$L$poly] - - add r8,QWORD[rdx] - adc r9,QWORD[8+rdx] - mov rax,r8 - adc r10,QWORD[16+rdx] - adc r11,QWORD[24+rdx] - mov rdx,r9 - adc r13,0 - - sub r8,QWORD[rsi] - mov rcx,r10 - sbb r9,QWORD[8+rsi] - sbb r10,QWORD[16+rsi] - mov r12,r11 - sbb r11,QWORD[24+rsi] - sbb r13,0 - - cmovc r8,rax - cmovc r9,rdx - mov QWORD[rdi],r8 - cmovc r10,rcx - mov QWORD[8+rdi],r9 - cmovc r11,r12 - mov QWORD[16+rdi],r10 - mov QWORD[24+rdi],r11 - - pop r13 - pop r12 - mov rdi,QWORD[8+rsp] ;WIN64 epilogue - mov rsi,QWORD[16+rsp] - DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_add: - - - -global GFp_nistz256_neg +global nistz256_neg ALIGN 32 -GFp_nistz256_neg: +nistz256_neg: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_neg: +$L$SEH_begin_nistz256_neg: mov rdi,rcx mov rsi,rdx @@ -150,28 +95,28 @@ $L$neg_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_neg: +$L$SEH_end_nistz256_neg: -global GFp_p256_scalar_mul_mont +global p256_scalar_mul_mont ALIGN 32 -GFp_p256_scalar_mul_mont: +p256_scalar_mul_mont: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_p256_scalar_mul_mont: +$L$SEH_begin_p256_scalar_mul_mont: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rcx,[GFp_ia32cap_P] + lea rcx,[OPENSSL_ia32cap_P] mov rcx,QWORD[8+rcx] and ecx,0x80100 cmp ecx,0x80100 @@ -487,7 +432,7 @@ $L$ord_mul_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_p256_scalar_mul_mont: +$L$SEH_end_p256_scalar_mul_mont: @@ -495,21 +440,21 @@ $L$SEH_end_GFp_p256_scalar_mul_mont: -global GFp_p256_scalar_sqr_rep_mont +global p256_scalar_sqr_rep_mont ALIGN 32 -GFp_p256_scalar_sqr_rep_mont: +p256_scalar_sqr_rep_mont: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_p256_scalar_sqr_rep_mont: +$L$SEH_begin_p256_scalar_sqr_rep_mont: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rcx,[GFp_ia32cap_P] + lea rcx,[OPENSSL_ia32cap_P] mov rcx,QWORD[8+rcx] and ecx,0x80100 cmp ecx,0x80100 @@ -795,7 +740,7 @@ $L$ord_sqr_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_p256_scalar_sqr_rep_mont: +$L$SEH_end_p256_scalar_sqr_rep_mont: ALIGN 32 @@ -1268,21 +1213,21 @@ $L$SEH_end_ecp_nistz256_ord_sqr_montx: -global GFp_nistz256_mul_mont +global p256_mul_mont ALIGN 32 -GFp_nistz256_mul_mont: +p256_mul_mont: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_mul_mont: +$L$SEH_begin_p256_mul_mont: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rcx,[GFp_ia32cap_P] + lea rcx,[OPENSSL_ia32cap_P] mov rcx,QWORD[8+rcx] and ecx,0x80100 $L$mul_mont: @@ -1342,7 +1287,7 @@ $L$mul_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_mul_mont: +$L$SEH_end_p256_mul_mont: ALIGN 32 @@ -1569,20 +1514,20 @@ __ecp_nistz256_mul_montq: -global GFp_nistz256_sqr_mont +global p256_sqr_mont ALIGN 32 -GFp_nistz256_sqr_mont: +p256_sqr_mont: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_sqr_mont: +$L$SEH_begin_p256_sqr_mont: mov rdi,rcx mov rsi,rdx - lea rcx,[GFp_ia32cap_P] + lea rcx,[OPENSSL_ia32cap_P] mov rcx,QWORD[8+rcx] and ecx,0x80100 push rbp @@ -1637,7 +1582,7 @@ $L$sqr_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_sqr_mont: +$L$SEH_end_p256_sqr_mont: ALIGN 32 @@ -2102,17 +2047,17 @@ DB 0x67,0x67 -global GFp_nistz256_select_w5 +global nistz256_select_w5 ALIGN 32 -GFp_nistz256_select_w5: +nistz256_select_w5: - lea rax,[GFp_ia32cap_P] + lea rax,[OPENSSL_ia32cap_P] mov rax,QWORD[8+rax] test eax,32 jnz NEAR $L$avx2_select_w5 lea rax,[((-136))+rsp] -$L$SEH_begin_GFp_nistz256_select_w5: +$L$SEH_begin_nistz256_select_w5: DB 0x48,0x8d,0x60,0xe0 DB 0x0f,0x29,0x70,0xe0 DB 0x0f,0x29,0x78,0xf0 @@ -2187,22 +2132,22 @@ $L$select_loop_sse_w5: lea rsp,[168+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_select_w5: +$L$SEH_end_nistz256_select_w5: -global GFp_nistz256_select_w7 +global nistz256_select_w7 ALIGN 32 -GFp_nistz256_select_w7: +nistz256_select_w7: - lea rax,[GFp_ia32cap_P] + lea rax,[OPENSSL_ia32cap_P] mov rax,QWORD[8+rax] test eax,32 jnz NEAR $L$avx2_select_w7 lea rax,[((-136))+rsp] -$L$SEH_begin_GFp_nistz256_select_w7: +$L$SEH_begin_nistz256_select_w7: DB 0x48,0x8d,0x60,0xe0 DB 0x0f,0x29,0x70,0xe0 DB 0x0f,0x29,0x78,0xf0 @@ -2266,19 +2211,19 @@ $L$select_loop_sse_w7: lea rsp,[168+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_select_w7: +$L$SEH_end_nistz256_select_w7: ALIGN 32 -GFp_nistz256_avx2_select_w5: +ecp_nistz256_avx2_select_w5: $L$avx2_select_w5: vzeroupper lea rax,[((-136))+rsp] mov r11,rsp -$L$SEH_begin_GFp_nistz256_avx2_select_w5: +$L$SEH_begin_ecp_nistz256_avx2_select_w5: DB 0x48,0x8d,0x60,0xe0 DB 0xc5,0xf8,0x29,0x70,0xe0 DB 0xc5,0xf8,0x29,0x78,0xf0 @@ -2354,21 +2299,20 @@ $L$select_loop_avx2_w5: lea rsp,[r11] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_avx2_select_w5: +$L$SEH_end_ecp_nistz256_avx2_select_w5: -global GFp_nistz256_avx2_select_w7 ALIGN 32 -GFp_nistz256_avx2_select_w7: +ecp_nistz256_avx2_select_w7: $L$avx2_select_w7: vzeroupper mov r11,rsp lea rax,[((-136))+rsp] -$L$SEH_begin_GFp_nistz256_avx2_select_w7: +$L$SEH_begin_ecp_nistz256_avx2_select_w7: DB 0x48,0x8d,0x60,0xe0 DB 0xc5,0xf8,0x29,0x70,0xe0 DB 0xc5,0xf8,0x29,0x78,0xf0 @@ -2459,7 +2403,7 @@ $L$select_loop_avx2_w7: lea rsp,[r11] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_avx2_select_w7: +$L$SEH_end_ecp_nistz256_avx2_select_w7: ALIGN 32 @@ -2590,20 +2534,20 @@ __ecp_nistz256_mul_by_2q: DB 0F3h,0C3h ;repret -global GFp_nistz256_point_double +global p256_point_double ALIGN 32 -GFp_nistz256_point_double: +p256_point_double: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_point_double: +$L$SEH_begin_p256_point_double: mov rdi,rcx mov rsi,rdx - lea rcx,[GFp_ia32cap_P] + lea rcx,[OPENSSL_ia32cap_P] mov rcx,QWORD[8+rcx] and ecx,0x80100 cmp ecx,0x80100 @@ -2826,22 +2770,22 @@ $L$point_doubleq_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_point_double: -global GFp_nistz256_point_add +$L$SEH_end_p256_point_double: +global p256_point_add ALIGN 32 -GFp_nistz256_point_add: +p256_point_add: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_point_add: +$L$SEH_begin_p256_point_add: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rcx,[GFp_ia32cap_P] + lea rcx,[OPENSSL_ia32cap_P] mov rcx,QWORD[8+rcx] and ecx,0x80100 cmp ecx,0x80100 @@ -3267,22 +3211,22 @@ $L$point_addq_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_point_add: -global GFp_nistz256_point_add_affine +$L$SEH_end_p256_point_add: +global p256_point_add_affine ALIGN 32 -GFp_nistz256_point_add_affine: +p256_point_add_affine: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_point_add_affine: +$L$SEH_begin_p256_point_add_affine: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea rcx,[GFp_ia32cap_P] + lea rcx,[OPENSSL_ia32cap_P] mov rcx,QWORD[8+rcx] and ecx,0x80100 cmp ecx,0x80100 @@ -3605,7 +3549,7 @@ $L$add_affineq_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_point_add_affine: +$L$SEH_end_p256_point_add_affine: ALIGN 32 __ecp_nistz256_add_tox: @@ -3743,11 +3687,11 @@ __ecp_nistz256_mul_by_2x: ALIGN 32 -GFp_nistz256_point_doublex: +p256_point_doublex: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_point_doublex: +$L$SEH_begin_p256_point_doublex: mov rdi,rcx mov rsi,rdx @@ -3972,14 +3916,14 @@ $L$point_doublex_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_point_doublex: +$L$SEH_end_p256_point_doublex: ALIGN 32 -GFp_nistz256_point_addx: +p256_point_addx: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_point_addx: +$L$SEH_begin_p256_point_addx: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -4408,14 +4352,14 @@ $L$point_addx_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_point_addx: +$L$SEH_end_p256_point_addx: ALIGN 32 -GFp_nistz256_point_add_affinex: +p256_point_add_affinex: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_nistz256_point_add_affinex: +$L$SEH_begin_p256_point_add_affinex: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -4741,7 +4685,7 @@ $L$add_affinex_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_nistz256_point_add_affinex: +$L$SEH_end_p256_point_add_affinex: EXTERN __imp_RtlVirtualUnwind @@ -4876,17 +4820,17 @@ $L$common_seh_tail: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_nistz256_neg wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_neg wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_neg wrt ..imagebase + DD $L$SEH_begin_nistz256_neg wrt ..imagebase + DD $L$SEH_end_nistz256_neg wrt ..imagebase + DD $L$SEH_info_nistz256_neg wrt ..imagebase - DD $L$SEH_begin_GFp_p256_scalar_mul_mont wrt ..imagebase - DD $L$SEH_end_GFp_p256_scalar_mul_mont wrt ..imagebase - DD $L$SEH_info_GFp_p256_scalar_mul_mont wrt ..imagebase + DD $L$SEH_begin_p256_scalar_mul_mont wrt ..imagebase + DD $L$SEH_end_p256_scalar_mul_mont wrt ..imagebase + DD $L$SEH_info_p256_scalar_mul_mont wrt ..imagebase - DD $L$SEH_begin_GFp_p256_scalar_sqr_rep_mont wrt ..imagebase - DD $L$SEH_end_GFp_p256_scalar_sqr_rep_mont wrt ..imagebase - DD $L$SEH_info_GFp_p256_scalar_sqr_rep_mont wrt ..imagebase + DD $L$SEH_begin_p256_scalar_sqr_rep_mont wrt ..imagebase + DD $L$SEH_end_p256_scalar_sqr_rep_mont wrt ..imagebase + DD $L$SEH_info_p256_scalar_sqr_rep_mont wrt ..imagebase DD $L$SEH_begin_ecp_nistz256_ord_mul_montx wrt ..imagebase DD $L$SEH_end_ecp_nistz256_ord_mul_montx wrt ..imagebase DD $L$SEH_info_ecp_nistz256_ord_mul_montx wrt ..imagebase @@ -4894,63 +4838,63 @@ ALIGN 4 DD $L$SEH_begin_ecp_nistz256_ord_sqr_montx wrt ..imagebase DD $L$SEH_end_ecp_nistz256_ord_sqr_montx wrt ..imagebase DD $L$SEH_info_ecp_nistz256_ord_sqr_montx wrt ..imagebase - DD $L$SEH_begin_GFp_nistz256_mul_mont wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_mul_mont wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_mul_mont wrt ..imagebase - - DD $L$SEH_begin_GFp_nistz256_sqr_mont wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_sqr_mont wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_sqr_mont wrt ..imagebase - - DD $L$SEH_begin_GFp_nistz256_select_w5 wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_select_w5 wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_select_wX wrt ..imagebase - - DD $L$SEH_begin_GFp_nistz256_select_w7 wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_select_w7 wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_select_wX wrt ..imagebase - DD $L$SEH_begin_GFp_nistz256_avx2_select_w5 wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_avx2_select_w5 wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_avx2_select_wX wrt ..imagebase - - DD $L$SEH_begin_GFp_nistz256_avx2_select_w7 wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_avx2_select_w7 wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_avx2_select_wX wrt ..imagebase - DD $L$SEH_begin_GFp_nistz256_point_double wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_point_double wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_point_double wrt ..imagebase - - DD $L$SEH_begin_GFp_nistz256_point_add wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_point_add wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_point_add wrt ..imagebase - - DD $L$SEH_begin_GFp_nistz256_point_add_affine wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_point_add_affine wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_point_add_affine wrt ..imagebase - DD $L$SEH_begin_GFp_nistz256_point_doublex wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_point_doublex wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_point_doublex wrt ..imagebase - - DD $L$SEH_begin_GFp_nistz256_point_addx wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_point_addx wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_point_addx wrt ..imagebase - - DD $L$SEH_begin_GFp_nistz256_point_add_affinex wrt ..imagebase - DD $L$SEH_end_GFp_nistz256_point_add_affinex wrt ..imagebase - DD $L$SEH_info_GFp_nistz256_point_add_affinex wrt ..imagebase + DD $L$SEH_begin_p256_mul_mont wrt ..imagebase + DD $L$SEH_end_p256_mul_mont wrt ..imagebase + DD $L$SEH_info_p256_mul_mont wrt ..imagebase + + DD $L$SEH_begin_p256_sqr_mont wrt ..imagebase + DD $L$SEH_end_p256_sqr_mont wrt ..imagebase + DD $L$SEH_info_p256_sqr_mont wrt ..imagebase + + DD $L$SEH_begin_nistz256_select_w5 wrt ..imagebase + DD $L$SEH_end_nistz256_select_w5 wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_select_wX wrt ..imagebase + + DD $L$SEH_begin_nistz256_select_w7 wrt ..imagebase + DD $L$SEH_end_nistz256_select_w7 wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_select_wX wrt ..imagebase + DD $L$SEH_begin_ecp_nistz256_avx2_select_w5 wrt ..imagebase + DD $L$SEH_end_ecp_nistz256_avx2_select_w5 wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_avx2_select_wX wrt ..imagebase + + DD $L$SEH_begin_ecp_nistz256_avx2_select_w7 wrt ..imagebase + DD $L$SEH_end_ecp_nistz256_avx2_select_w7 wrt ..imagebase + DD $L$SEH_info_ecp_nistz256_avx2_select_wX wrt ..imagebase + DD $L$SEH_begin_p256_point_double wrt ..imagebase + DD $L$SEH_end_p256_point_double wrt ..imagebase + DD $L$SEH_info_p256_point_double wrt ..imagebase + + DD $L$SEH_begin_p256_point_add wrt ..imagebase + DD $L$SEH_end_p256_point_add wrt ..imagebase + DD $L$SEH_info_p256_point_add wrt ..imagebase + + DD $L$SEH_begin_p256_point_add_affine wrt ..imagebase + DD $L$SEH_end_p256_point_add_affine wrt ..imagebase + DD $L$SEH_info_p256_point_add_affine wrt ..imagebase + DD $L$SEH_begin_p256_point_doublex wrt ..imagebase + DD $L$SEH_end_p256_point_doublex wrt ..imagebase + DD $L$SEH_info_p256_point_doublex wrt ..imagebase + + DD $L$SEH_begin_p256_point_addx wrt ..imagebase + DD $L$SEH_end_p256_point_addx wrt ..imagebase + DD $L$SEH_info_p256_point_addx wrt ..imagebase + + DD $L$SEH_begin_p256_point_add_affinex wrt ..imagebase + DD $L$SEH_end_p256_point_add_affinex wrt ..imagebase + DD $L$SEH_info_p256_point_add_affinex wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_nistz256_neg: +$L$SEH_info_nistz256_neg: DB 9,0,0,0 DD short_handler wrt ..imagebase DD $L$neg_body wrt ..imagebase,$L$neg_epilogue wrt ..imagebase -$L$SEH_info_GFp_p256_scalar_mul_mont: +$L$SEH_info_p256_scalar_mul_mont: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$ord_mul_body wrt ..imagebase,$L$ord_mul_epilogue wrt ..imagebase DD 48,0 -$L$SEH_info_GFp_p256_scalar_sqr_rep_mont: +$L$SEH_info_p256_scalar_sqr_rep_mont: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$ord_sqr_body wrt ..imagebase,$L$ord_sqr_epilogue wrt ..imagebase @@ -4965,17 +4909,17 @@ DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$ord_sqrx_body wrt ..imagebase,$L$ord_sqrx_epilogue wrt ..imagebase DD 48,0 -$L$SEH_info_GFp_nistz256_mul_mont: +$L$SEH_info_p256_mul_mont: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$mul_body wrt ..imagebase,$L$mul_epilogue wrt ..imagebase DD 48,0 -$L$SEH_info_GFp_nistz256_sqr_mont: +$L$SEH_info_p256_sqr_mont: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$sqr_body wrt ..imagebase,$L$sqr_epilogue wrt ..imagebase DD 48,0 -$L$SEH_info_GFp_nistz256_select_wX: +$L$SEH_info_ecp_nistz256_select_wX: DB 0x01,0x33,0x16,0x00 DB 0x33,0xf8,0x09,0x00 DB 0x2e,0xe8,0x08,0x00 @@ -4989,7 +4933,7 @@ DB 0x0c,0x78,0x01,0x00 DB 0x08,0x68,0x00,0x00 DB 0x04,0x01,0x15,0x00 ALIGN 8 -$L$SEH_info_GFp_nistz256_avx2_select_wX: +$L$SEH_info_ecp_nistz256_avx2_select_wX: DB 0x01,0x36,0x17,0x0b DB 0x36,0xf8,0x09,0x00 DB 0x31,0xe8,0x08,0x00 @@ -5004,33 +4948,33 @@ DB 0x09,0x68,0x00,0x00 DB 0x04,0x01,0x15,0x00 DB 0x00,0xb3,0x00,0x00 ALIGN 8 -$L$SEH_info_GFp_nistz256_point_double: +$L$SEH_info_p256_point_double: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$point_doubleq_body wrt ..imagebase,$L$point_doubleq_epilogue wrt ..imagebase DD 32*5+56,0 -$L$SEH_info_GFp_nistz256_point_add: +$L$SEH_info_p256_point_add: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$point_addq_body wrt ..imagebase,$L$point_addq_epilogue wrt ..imagebase DD 32*18+56,0 -$L$SEH_info_GFp_nistz256_point_add_affine: +$L$SEH_info_p256_point_add_affine: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$add_affineq_body wrt ..imagebase,$L$add_affineq_epilogue wrt ..imagebase DD 32*15+56,0 ALIGN 8 -$L$SEH_info_GFp_nistz256_point_doublex: +$L$SEH_info_p256_point_doublex: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$point_doublex_body wrt ..imagebase,$L$point_doublex_epilogue wrt ..imagebase DD 32*5+56,0 -$L$SEH_info_GFp_nistz256_point_addx: +$L$SEH_info_p256_point_addx: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$point_addx_body wrt ..imagebase,$L$point_addx_epilogue wrt ..imagebase DD 32*18+56,0 -$L$SEH_info_GFp_nistz256_point_add_affinex: +$L$SEH_info_p256_point_add_affinex: DB 9,0,0,0 DD full_handler wrt ..imagebase DD $L$add_affinex_body wrt ..imagebase,$L$add_affinex_epilogue wrt ..imagebase diff --git a/pregenerated/tmp/sha256-x86_64-nasm.asm b/pregenerated/tmp/sha256-x86_64-nasm.asm index 2c526b0..f91ec2f 100644 --- a/pregenerated/tmp/sha256-x86_64-nasm.asm +++ b/pregenerated/tmp/sha256-x86_64-nasm.asm @@ -5,25 +5,27 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P -global GFp_sha256_block_data_order +EXTERN OPENSSL_ia32cap_P +global sha256_block_data_order ALIGN 16 -GFp_sha256_block_data_order: +sha256_block_data_order: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_sha256_block_data_order: +$L$SEH_begin_sha256_block_data_order: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea r11,[GFp_ia32cap_P] + lea r11,[OPENSSL_ia32cap_P] mov r9d,DWORD[r11] mov r10d,DWORD[4+r11] mov r11d,DWORD[8+r11] @@ -1741,7 +1743,7 @@ $L$epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_sha256_block_data_order: +$L$SEH_end_sha256_block_data_order: ALIGN 64 K256: @@ -1791,11 +1793,11 @@ DB 32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46 DB 111,114,103,62,0 ALIGN 64 -GFp_sha256_block_data_order_ssse3: +sha256_block_data_order_ssse3: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_sha256_block_data_order_ssse3: +$L$SEH_begin_sha256_block_data_order_ssse3: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -2920,14 +2922,14 @@ $L$epilogue_ssse3: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_sha256_block_data_order_ssse3: +$L$SEH_end_sha256_block_data_order_ssse3: ALIGN 64 -GFp_sha256_block_data_order_avx: +sha256_block_data_order_avx: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_sha256_block_data_order_avx: +$L$SEH_begin_sha256_block_data_order_avx: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -4014,7 +4016,7 @@ $L$epilogue_avx: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_sha256_block_data_order_avx: +$L$SEH_end_sha256_block_data_order_avx: EXTERN __imp_RtlVirtualUnwind ALIGN 16 @@ -4113,26 +4115,26 @@ $L$in_prologue: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_sha256_block_data_order wrt ..imagebase - DD $L$SEH_end_GFp_sha256_block_data_order wrt ..imagebase - DD $L$SEH_info_GFp_sha256_block_data_order wrt ..imagebase - DD $L$SEH_begin_GFp_sha256_block_data_order_ssse3 wrt ..imagebase - DD $L$SEH_end_GFp_sha256_block_data_order_ssse3 wrt ..imagebase - DD $L$SEH_info_GFp_sha256_block_data_order_ssse3 wrt ..imagebase - DD $L$SEH_begin_GFp_sha256_block_data_order_avx wrt ..imagebase - DD $L$SEH_end_GFp_sha256_block_data_order_avx wrt ..imagebase - DD $L$SEH_info_GFp_sha256_block_data_order_avx wrt ..imagebase + DD $L$SEH_begin_sha256_block_data_order wrt ..imagebase + DD $L$SEH_end_sha256_block_data_order wrt ..imagebase + DD $L$SEH_info_sha256_block_data_order wrt ..imagebase + DD $L$SEH_begin_sha256_block_data_order_ssse3 wrt ..imagebase + DD $L$SEH_end_sha256_block_data_order_ssse3 wrt ..imagebase + DD $L$SEH_info_sha256_block_data_order_ssse3 wrt ..imagebase + DD $L$SEH_begin_sha256_block_data_order_avx wrt ..imagebase + DD $L$SEH_end_sha256_block_data_order_avx wrt ..imagebase + DD $L$SEH_info_sha256_block_data_order_avx wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_sha256_block_data_order: +$L$SEH_info_sha256_block_data_order: DB 9,0,0,0 DD se_handler wrt ..imagebase DD $L$prologue wrt ..imagebase,$L$epilogue wrt ..imagebase -$L$SEH_info_GFp_sha256_block_data_order_ssse3: +$L$SEH_info_sha256_block_data_order_ssse3: DB 9,0,0,0 DD se_handler wrt ..imagebase DD $L$prologue_ssse3 wrt ..imagebase,$L$epilogue_ssse3 wrt ..imagebase -$L$SEH_info_GFp_sha256_block_data_order_avx: +$L$SEH_info_sha256_block_data_order_avx: DB 9,0,0,0 DD se_handler wrt ..imagebase DD $L$prologue_avx wrt ..imagebase,$L$epilogue_avx wrt ..imagebase diff --git a/pregenerated/tmp/sha512-x86_64-nasm.asm b/pregenerated/tmp/sha512-x86_64-nasm.asm index 386de48..8568bed 100644 --- a/pregenerated/tmp/sha512-x86_64-nasm.asm +++ b/pregenerated/tmp/sha512-x86_64-nasm.asm @@ -5,25 +5,27 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P -global GFp_sha512_block_data_order +EXTERN OPENSSL_ia32cap_P +global sha512_block_data_order ALIGN 16 -GFp_sha512_block_data_order: +sha512_block_data_order: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_sha512_block_data_order: +$L$SEH_begin_sha512_block_data_order: mov rdi,rcx mov rsi,rdx mov rdx,r8 - lea r11,[GFp_ia32cap_P] + lea r11,[OPENSSL_ia32cap_P] mov r9d,DWORD[r11] mov r10d,DWORD[4+r11] mov r11d,DWORD[8+r11] @@ -1739,7 +1741,7 @@ $L$epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_sha512_block_data_order: +$L$SEH_end_sha512_block_data_order: ALIGN 64 K512: @@ -1833,11 +1835,11 @@ DB 32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46 DB 111,114,103,62,0 ALIGN 64 -GFp_sha512_block_data_order_avx: +sha512_block_data_order_avx: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_sha512_block_data_order_avx: +$L$SEH_begin_sha512_block_data_order_avx: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -3018,7 +3020,7 @@ $L$epilogue_avx: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_sha512_block_data_order_avx: +$L$SEH_end_sha512_block_data_order_avx: EXTERN __imp_RtlVirtualUnwind ALIGN 16 @@ -3117,19 +3119,19 @@ $L$in_prologue: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_sha512_block_data_order wrt ..imagebase - DD $L$SEH_end_GFp_sha512_block_data_order wrt ..imagebase - DD $L$SEH_info_GFp_sha512_block_data_order wrt ..imagebase - DD $L$SEH_begin_GFp_sha512_block_data_order_avx wrt ..imagebase - DD $L$SEH_end_GFp_sha512_block_data_order_avx wrt ..imagebase - DD $L$SEH_info_GFp_sha512_block_data_order_avx wrt ..imagebase + DD $L$SEH_begin_sha512_block_data_order wrt ..imagebase + DD $L$SEH_end_sha512_block_data_order wrt ..imagebase + DD $L$SEH_info_sha512_block_data_order wrt ..imagebase + DD $L$SEH_begin_sha512_block_data_order_avx wrt ..imagebase + DD $L$SEH_end_sha512_block_data_order_avx wrt ..imagebase + DD $L$SEH_info_sha512_block_data_order_avx wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_sha512_block_data_order: +$L$SEH_info_sha512_block_data_order: DB 9,0,0,0 DD se_handler wrt ..imagebase DD $L$prologue wrt ..imagebase,$L$epilogue wrt ..imagebase -$L$SEH_info_GFp_sha512_block_data_order_avx: +$L$SEH_info_sha512_block_data_order_avx: DB 9,0,0,0 DD se_handler wrt ..imagebase DD $L$prologue_avx wrt ..imagebase,$L$epilogue_avx wrt ..imagebase diff --git a/pregenerated/tmp/vpaes-x86-win32n.asm b/pregenerated/tmp/vpaes-x86-win32n.asm index 8061dc3..d15f4eb 100644 --- a/pregenerated/tmp/vpaes-x86-win32n.asm +++ b/pregenerated/tmp/vpaes-x86-win32n.asm @@ -1,9 +1,7 @@ ; This file is generated from a similarly-named Perl script in the BoringSSL ; source tree. Do not edit by hand. -%ifdef BORINGSSL_PREFIX -%include "boringssl_prefix_symbols_nasm.inc" -%endif +%include "ring_core_generated/prefix_symbols_nasm.inc" %ifidn __OUTPUT_FORMAT__,obj section code use32 class=code align=64 %elifidn __OUTPUT_FORMAT__,win32 @@ -318,10 +316,10 @@ db 102,15,56,0,217 and ecx,48 movdqu [edx],xmm3 ret -global _GFp_vpaes_set_encrypt_key +global _vpaes_set_encrypt_key align 16 -_GFp_vpaes_set_encrypt_key: -L$_GFp_vpaes_set_encrypt_key_begin: +_vpaes_set_encrypt_key: +L$_vpaes_set_encrypt_key_begin: push ebp push ebx push esi @@ -349,10 +347,10 @@ L$012pic_point: pop ebx pop ebp ret -global _GFp_vpaes_encrypt +global _vpaes_encrypt align 16 -_GFp_vpaes_encrypt: -L$_GFp_vpaes_encrypt_begin: +_vpaes_encrypt: +L$_vpaes_encrypt_begin: push ebp push ebx push esi diff --git a/pregenerated/tmp/vpaes-x86_64-nasm.asm b/pregenerated/tmp/vpaes-x86_64-nasm.asm index ba93485..aa99db0 100644 --- a/pregenerated/tmp/vpaes-x86_64-nasm.asm +++ b/pregenerated/tmp/vpaes-x86_64-nasm.asm @@ -5,6 +5,8 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 @@ -571,14 +573,14 @@ DB 102,15,56,0,217 -global GFp_vpaes_set_encrypt_key +global vpaes_set_encrypt_key ALIGN 16 -GFp_vpaes_set_encrypt_key: +vpaes_set_encrypt_key: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_vpaes_set_encrypt_key: +$L$SEH_begin_vpaes_set_encrypt_key: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -627,16 +629,16 @@ $L$enc_key_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_vpaes_set_encrypt_key: +$L$SEH_end_vpaes_set_encrypt_key: -global GFp_vpaes_encrypt +global vpaes_encrypt ALIGN 16 -GFp_vpaes_encrypt: +vpaes_encrypt: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_vpaes_encrypt: +$L$SEH_begin_vpaes_encrypt: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -675,15 +677,15 @@ $L$enc_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_vpaes_encrypt: -global GFp_vpaes_ctr32_encrypt_blocks +$L$SEH_end_vpaes_encrypt: +global vpaes_ctr32_encrypt_blocks ALIGN 16 -GFp_vpaes_ctr32_encrypt_blocks: +vpaes_ctr32_encrypt_blocks: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_vpaes_ctr32_encrypt_blocks: +$L$SEH_begin_vpaes_ctr32_encrypt_blocks: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -774,7 +776,7 @@ $L$ctr32_abort: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_vpaes_ctr32_encrypt_blocks: +$L$SEH_end_vpaes_ctr32_encrypt_blocks: @@ -955,28 +957,28 @@ $L$in_prologue: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_vpaes_set_encrypt_key wrt ..imagebase - DD $L$SEH_end_GFp_vpaes_set_encrypt_key wrt ..imagebase - DD $L$SEH_info_GFp_vpaes_set_encrypt_key wrt ..imagebase + DD $L$SEH_begin_vpaes_set_encrypt_key wrt ..imagebase + DD $L$SEH_end_vpaes_set_encrypt_key wrt ..imagebase + DD $L$SEH_info_vpaes_set_encrypt_key wrt ..imagebase - DD $L$SEH_begin_GFp_vpaes_encrypt wrt ..imagebase - DD $L$SEH_end_GFp_vpaes_encrypt wrt ..imagebase - DD $L$SEH_info_GFp_vpaes_encrypt wrt ..imagebase - DD $L$SEH_begin_GFp_vpaes_ctr32_encrypt_blocks wrt ..imagebase - DD $L$SEH_end_GFp_vpaes_ctr32_encrypt_blocks wrt ..imagebase - DD $L$SEH_info_GFp_vpaes_ctr32_encrypt_blocks wrt ..imagebase + DD $L$SEH_begin_vpaes_encrypt wrt ..imagebase + DD $L$SEH_end_vpaes_encrypt wrt ..imagebase + DD $L$SEH_info_vpaes_encrypt wrt ..imagebase + DD $L$SEH_begin_vpaes_ctr32_encrypt_blocks wrt ..imagebase + DD $L$SEH_end_vpaes_ctr32_encrypt_blocks wrt ..imagebase + DD $L$SEH_info_vpaes_ctr32_encrypt_blocks wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_vpaes_set_encrypt_key: +$L$SEH_info_vpaes_set_encrypt_key: DB 9,0,0,0 DD se_handler wrt ..imagebase DD $L$enc_key_body wrt ..imagebase,$L$enc_key_epilogue wrt ..imagebase -$L$SEH_info_GFp_vpaes_encrypt: +$L$SEH_info_vpaes_encrypt: DB 9,0,0,0 DD se_handler wrt ..imagebase DD $L$enc_body wrt ..imagebase,$L$enc_epilogue wrt ..imagebase -$L$SEH_info_GFp_vpaes_ctr32_encrypt_blocks: +$L$SEH_info_vpaes_ctr32_encrypt_blocks: DB 9,0,0,0 DD se_handler wrt ..imagebase DD $L$ctr32_body wrt ..imagebase,$L$ctr32_epilogue wrt ..imagebase diff --git a/pregenerated/tmp/x86-mont-win32n.asm b/pregenerated/tmp/x86-mont-win32n.asm index bb7a249..b711c89 100644 --- a/pregenerated/tmp/x86-mont-win32n.asm +++ b/pregenerated/tmp/x86-mont-win32n.asm @@ -1,9 +1,7 @@ ; This file is generated from a similarly-named Perl script in the BoringSSL ; source tree. Do not edit by hand. -%ifdef BORINGSSL_PREFIX -%include "boringssl_prefix_symbols_nasm.inc" -%endif +%include "ring_core_generated/prefix_symbols_nasm.inc" %ifidn __OUTPUT_FORMAT__,obj section code use32 class=code align=64 %elifidn __OUTPUT_FORMAT__,win32 @@ -12,11 +10,11 @@ section .text code align=64 %else section .text code %endif -;extern _GFp_ia32cap_P -global _GFp_bn_mul_mont +;extern _OPENSSL_ia32cap_P +global _bn_mul_mont align 16 -_GFp_bn_mul_mont: -L$_GFp_bn_mul_mont_begin: +_bn_mul_mont: +L$_bn_mul_mont_begin: push ebp push ebx push esi @@ -67,7 +65,7 @@ L$001page_walk_done: mov DWORD [20+esp],esi lea ebx,[edi-3] mov DWORD [24+esp],edx - lea eax,[_GFp_ia32cap_P] + lea eax,[_OPENSSL_ia32cap_P] bt DWORD [eax],26 mov eax,-1 movd mm7,eax @@ -224,4 +222,4 @@ db 54,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121 db 32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46 db 111,114,103,62,0 segment .bss -common _GFp_ia32cap_P 16 +common _OPENSSL_ia32cap_P 16 diff --git a/pregenerated/tmp/x86_64-mont-nasm.asm b/pregenerated/tmp/x86_64-mont-nasm.asm index 38f3553..0b97b70 100644 --- a/pregenerated/tmp/x86_64-mont-nasm.asm +++ b/pregenerated/tmp/x86_64-mont-nasm.asm @@ -5,19 +5,21 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P +EXTERN OPENSSL_ia32cap_P -global GFp_bn_mul_mont +global bn_mul_mont ALIGN 16 -GFp_bn_mul_mont: +bn_mul_mont: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_bn_mul_mont: +$L$SEH_begin_bn_mul_mont: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -34,7 +36,7 @@ $L$SEH_begin_GFp_bn_mul_mont: jnz NEAR $L$mul_enter cmp r9d,8 jb NEAR $L$mul_enter - mov r11d,DWORD[((GFp_ia32cap_P+8))] + mov r11d,DWORD[((OPENSSL_ia32cap_P+8))] cmp rdx,rsi jne NEAR $L$mul4x_enter test r9d,7 @@ -276,7 +278,7 @@ $L$mul_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_bn_mul_mont: +$L$SEH_end_bn_mul_mont: ALIGN 16 bn_mul4x_mont: @@ -725,8 +727,8 @@ $L$mul4x_epilogue: DB 0F3h,0C3h ;repret $L$SEH_end_bn_mul4x_mont: -EXTERN GFp_bn_sqrx8x_internal -EXTERN GFp_bn_sqr8x_internal +EXTERN bn_sqrx8x_internal +EXTERN bn_sqr8x_internal ALIGN 32 @@ -821,12 +823,12 @@ DB 102,72,15,110,209 pxor xmm0,xmm0 DB 102,72,15,110,207 DB 102,73,15,110,218 - mov eax,DWORD[((GFp_ia32cap_P+8))] + mov eax,DWORD[((OPENSSL_ia32cap_P+8))] and eax,0x80100 cmp eax,0x80100 jne NEAR $L$sqr8x_nox - call GFp_bn_sqrx8x_internal + call bn_sqrx8x_internal @@ -840,7 +842,7 @@ DB 102,72,15,126,207 ALIGN 32 $L$sqr8x_nox: - call GFp_bn_sqr8x_internal + call bn_sqr8x_internal @@ -1439,9 +1441,9 @@ $L$common_seh_tail: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_bn_mul_mont wrt ..imagebase - DD $L$SEH_end_GFp_bn_mul_mont wrt ..imagebase - DD $L$SEH_info_GFp_bn_mul_mont wrt ..imagebase + DD $L$SEH_begin_bn_mul_mont wrt ..imagebase + DD $L$SEH_end_bn_mul_mont wrt ..imagebase + DD $L$SEH_info_bn_mul_mont wrt ..imagebase DD $L$SEH_begin_bn_mul4x_mont wrt ..imagebase DD $L$SEH_end_bn_mul4x_mont wrt ..imagebase @@ -1455,7 +1457,7 @@ ALIGN 4 DD $L$SEH_info_bn_mulx4x_mont wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_bn_mul_mont: +$L$SEH_info_bn_mul_mont: DB 9,0,0,0 DD mul_handler wrt ..imagebase DD $L$mul_body wrt ..imagebase,$L$mul_epilogue wrt ..imagebase diff --git a/pregenerated/tmp/x86_64-mont5-nasm.asm b/pregenerated/tmp/x86_64-mont5-nasm.asm index 14f7ecb..82b309a 100644 --- a/pregenerated/tmp/x86_64-mont5-nasm.asm +++ b/pregenerated/tmp/x86_64-mont5-nasm.asm @@ -5,19 +5,21 @@ default rel %define XMMWORD %define YMMWORD %define ZMMWORD + +%include "ring_core_generated/prefix_symbols_nasm.inc" section .text code align=64 -EXTERN GFp_ia32cap_P +EXTERN OPENSSL_ia32cap_P -global GFp_bn_mul_mont_gather5 +global bn_mul_mont_gather5 ALIGN 64 -GFp_bn_mul_mont_gather5: +bn_mul_mont_gather5: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_bn_mul_mont_gather5: +$L$SEH_begin_bn_mul_mont_gather5: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -32,7 +34,7 @@ $L$SEH_begin_GFp_bn_mul_mont_gather5: test r9d,7 jnz NEAR $L$mul_enter - lea r11,[GFp_ia32cap_P] + lea r11,[OPENSSL_ia32cap_P] mov r11d,DWORD[8+r11] jmp NEAR $L$mul4x_enter @@ -463,7 +465,7 @@ $L$mul_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_bn_mul_mont_gather5: +$L$SEH_end_bn_mul_mont_gather5: ALIGN 32 bn_mul4x_mont_gather5: @@ -1111,14 +1113,14 @@ $L$inner4x: jmp NEAR $L$sqr4x_sub_entry -global GFp_bn_power5 +global bn_power5 ALIGN 32 -GFp_bn_power5: +bn_power5: mov QWORD[8+rsp],rdi ;WIN64 prologue mov QWORD[16+rsp],rsi mov rax,rsp -$L$SEH_begin_GFp_bn_power5: +$L$SEH_begin_bn_power5: mov rdi,rcx mov rsi,rdx mov rdx,r8 @@ -1130,7 +1132,7 @@ $L$SEH_begin_GFp_bn_power5: mov rax,rsp - lea r11,[GFp_ia32cap_P] + lea r11,[OPENSSL_ia32cap_P] mov r11d,DWORD[8+r11] and r11d,0x80108 cmp r11d,0x80108 @@ -1259,13 +1261,13 @@ $L$power5_epilogue: mov rsi,QWORD[16+rsp] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_bn_power5: +$L$SEH_end_bn_power5: -global GFp_bn_sqr8x_internal +global bn_sqr8x_internal ALIGN 32 -GFp_bn_sqr8x_internal: +bn_sqr8x_internal: __bn_sqr8x_internal: @@ -2100,10 +2102,10 @@ $L$sqr4x_sub_entry: DB 0F3h,0C3h ;repret -global GFp_bn_from_montgomery +global bn_from_montgomery ALIGN 32 -GFp_bn_from_montgomery: +bn_from_montgomery: test DWORD[48+rsp],7 jz NEAR bn_from_mont8x @@ -2238,7 +2240,7 @@ DB 102,72,15,110,209 DB 0x67 mov rbp,rcx DB 102,73,15,110,218 - lea r11,[GFp_ia32cap_P] + lea r11,[OPENSSL_ia32cap_P] mov r11d,DWORD[8+r11] and r11d,0x80108 cmp r11d,0x80108 @@ -2992,10 +2994,10 @@ $L$powerx5_epilogue: $L$SEH_end_bn_powerx5: -global GFp_bn_sqrx8x_internal +global bn_sqrx8x_internal ALIGN 32 -GFp_bn_sqrx8x_internal: +bn_sqrx8x_internal: __bn_sqrx8x_internal: @@ -3664,10 +3666,10 @@ $L$sqrx4x_sub_entry: DB 0F3h,0C3h ;repret -global GFp_bn_scatter5 +global bn_scatter5 ALIGN 16 -GFp_bn_scatter5: +bn_scatter5: cmp edx,0 jz NEAR $L$scatter_epilogue @@ -3684,12 +3686,12 @@ $L$scatter_epilogue: -global GFp_bn_gather5 +global bn_gather5 ALIGN 32 -GFp_bn_gather5: +bn_gather5: -$L$SEH_begin_GFp_bn_gather5: +$L$SEH_begin_bn_gather5: DB 0x4c,0x8d,0x14,0x24 @@ -3848,7 +3850,7 @@ $L$gather: lea rsp,[r10] DB 0F3h,0C3h ;repret -$L$SEH_end_GFp_bn_gather5: +$L$SEH_end_bn_gather5: ALIGN 64 @@ -3966,17 +3968,17 @@ $L$common_seh_tail: section .pdata rdata align=4 ALIGN 4 - DD $L$SEH_begin_GFp_bn_mul_mont_gather5 wrt ..imagebase - DD $L$SEH_end_GFp_bn_mul_mont_gather5 wrt ..imagebase - DD $L$SEH_info_GFp_bn_mul_mont_gather5 wrt ..imagebase + DD $L$SEH_begin_bn_mul_mont_gather5 wrt ..imagebase + DD $L$SEH_end_bn_mul_mont_gather5 wrt ..imagebase + DD $L$SEH_info_bn_mul_mont_gather5 wrt ..imagebase DD $L$SEH_begin_bn_mul4x_mont_gather5 wrt ..imagebase DD $L$SEH_end_bn_mul4x_mont_gather5 wrt ..imagebase DD $L$SEH_info_bn_mul4x_mont_gather5 wrt ..imagebase - DD $L$SEH_begin_GFp_bn_power5 wrt ..imagebase - DD $L$SEH_end_GFp_bn_power5 wrt ..imagebase - DD $L$SEH_info_GFp_bn_power5 wrt ..imagebase + DD $L$SEH_begin_bn_power5 wrt ..imagebase + DD $L$SEH_end_bn_power5 wrt ..imagebase + DD $L$SEH_info_bn_power5 wrt ..imagebase DD $L$SEH_begin_bn_from_mont8x wrt ..imagebase DD $L$SEH_end_bn_from_mont8x wrt ..imagebase @@ -3987,14 +3989,14 @@ ALIGN 4 DD $L$SEH_begin_bn_powerx5 wrt ..imagebase DD $L$SEH_end_bn_powerx5 wrt ..imagebase - DD $L$SEH_info_GFp_bn_powerx5 wrt ..imagebase - DD $L$SEH_begin_GFp_bn_gather5 wrt ..imagebase - DD $L$SEH_end_GFp_bn_gather5 wrt ..imagebase - DD $L$SEH_info_GFp_bn_gather5 wrt ..imagebase + DD $L$SEH_info_bn_powerx5 wrt ..imagebase + DD $L$SEH_begin_bn_gather5 wrt ..imagebase + DD $L$SEH_end_bn_gather5 wrt ..imagebase + DD $L$SEH_info_bn_gather5 wrt ..imagebase section .xdata rdata align=8 ALIGN 8 -$L$SEH_info_GFp_bn_mul_mont_gather5: +$L$SEH_info_bn_mul_mont_gather5: DB 9,0,0,0 DD mul_handler wrt ..imagebase DD $L$mul_body wrt ..imagebase,$L$mul_body wrt ..imagebase,$L$mul_epilogue wrt ..imagebase @@ -4004,7 +4006,7 @@ DB 9,0,0,0 DD mul_handler wrt ..imagebase DD $L$mul4x_prologue wrt ..imagebase,$L$mul4x_body wrt ..imagebase,$L$mul4x_epilogue wrt ..imagebase ALIGN 8 -$L$SEH_info_GFp_bn_power5: +$L$SEH_info_bn_power5: DB 9,0,0,0 DD mul_handler wrt ..imagebase DD $L$power5_prologue wrt ..imagebase,$L$power5_body wrt ..imagebase,$L$power5_epilogue wrt ..imagebase @@ -4019,12 +4021,12 @@ DB 9,0,0,0 DD mul_handler wrt ..imagebase DD $L$mulx4x_prologue wrt ..imagebase,$L$mulx4x_body wrt ..imagebase,$L$mulx4x_epilogue wrt ..imagebase ALIGN 8 -$L$SEH_info_GFp_bn_powerx5: +$L$SEH_info_bn_powerx5: DB 9,0,0,0 DD mul_handler wrt ..imagebase DD $L$powerx5_prologue wrt ..imagebase,$L$powerx5_body wrt ..imagebase,$L$powerx5_epilogue wrt ..imagebase ALIGN 8 -$L$SEH_info_GFp_bn_gather5: +$L$SEH_info_bn_gather5: DB 0x01,0x0b,0x03,0x0a DB 0x0b,0x01,0x21,0x00 DB 0x04,0xa3,0x00,0x00 diff --git a/pregenerated/vpaes-armv7-ios32.S b/pregenerated/vpaes-armv7-ios32.S deleted file mode 100644 index 10ca84e..0000000 --- a/pregenerated/vpaes-armv7-ios32.S +++ /dev/null @@ -1,769 +0,0 @@ -// This file is generated from a similarly-named Perl script in the BoringSSL -// source tree. Do not edit by hand. - -#if !defined(__has_feature) -#define __has_feature(x) 0 -#endif -#if __has_feature(memory_sanitizer) && !defined(OPENSSL_NO_ASM) -#define OPENSSL_NO_ASM -#endif - -#if !defined(OPENSSL_NO_ASM) -.syntax unified - - - - -#if defined(__thumb2__) -.thumb -#else -.code 32 -#endif - -.text - - -.align 7 @ totally strategic alignment -_vpaes_consts: -Lk_mc_forward:@ mc_forward -.quad 0x0407060500030201, 0x0C0F0E0D080B0A09 -.quad 0x080B0A0904070605, 0x000302010C0F0E0D -.quad 0x0C0F0E0D080B0A09, 0x0407060500030201 -.quad 0x000302010C0F0E0D, 0x080B0A0904070605 -Lk_mc_backward:@ mc_backward -.quad 0x0605040702010003, 0x0E0D0C0F0A09080B -.quad 0x020100030E0D0C0F, 0x0A09080B06050407 -.quad 0x0E0D0C0F0A09080B, 0x0605040702010003 -.quad 0x0A09080B06050407, 0x020100030E0D0C0F -Lk_sr:@ sr -.quad 0x0706050403020100, 0x0F0E0D0C0B0A0908 -.quad 0x030E09040F0A0500, 0x0B06010C07020D08 -.quad 0x0F060D040B020900, 0x070E050C030A0108 -.quad 0x0B0E0104070A0D00, 0x0306090C0F020508 - -@ -@ "Hot" constants -@ -Lk_inv:@ inv, inva -.quad 0x0E05060F0D080180, 0x040703090A0B0C02 -.quad 0x01040A060F0B0780, 0x030D0E0C02050809 -Lk_ipt:@ input transform (lo, hi) -.quad 0xC2B2E8985A2A7000, 0xCABAE09052227808 -.quad 0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81 -Lk_sbo:@ sbou, sbot -.quad 0xD0D26D176FBDC700, 0x15AABF7AC502A878 -.quad 0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA -Lk_sb1:@ sb1u, sb1t -.quad 0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF -.quad 0xB19BE18FCB503E00, 0xA5DF7A6E142AF544 -Lk_sb2:@ sb2u, sb2t -.quad 0x69EB88400AE12900, 0xC2A163C8AB82234A -.quad 0xE27A93C60B712400, 0x5EB7E955BC982FCD - -.byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,65,82,77,118,55,32,78,69,79,78,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0 -.align 2 - -.align 6 -@@ -@@ _aes_preheat -@@ -@@ Fills q9-q15 as specified below. -@@ -#ifdef __thumb2__ -.thumb_func _vpaes_preheat -#endif -.align 4 -_vpaes_preheat: - adr r10, Lk_inv - vmov.i8 q9, #0x0f @ Lk_s0F - vld1.64 {q10,q11}, [r10]! @ Lk_inv - add r10, r10, #64 @ Skip Lk_ipt, Lk_sbo - vld1.64 {q12,q13}, [r10]! @ Lk_sb1 - vld1.64 {q14,q15}, [r10] @ Lk_sb2 - bx lr - -@@ -@@ _aes_encrypt_core -@@ -@@ AES-encrypt q0. -@@ -@@ Inputs: -@@ q0 = input -@@ q9-q15 as in _vpaes_preheat -@@ [r2] = scheduled keys -@@ -@@ Output in q0 -@@ Clobbers q1-q5, r8-r11 -@@ Preserves q6-q8 so you get some local vectors -@@ -@@ -#ifdef __thumb2__ -.thumb_func _vpaes_encrypt_core -#endif -.align 4 -_vpaes_encrypt_core: - mov r9, r2 - ldr r8, [r2,#240] @ pull rounds - adr r11, Lk_ipt - @ vmovdqa .Lk_ipt(%rip), %xmm2 # iptlo - @ vmovdqa .Lk_ipt+16(%rip), %xmm3 # ipthi - vld1.64 {q2, q3}, [r11] - adr r11, Lk_mc_forward+16 - vld1.64 {q5}, [r9]! @ vmovdqu (%r9), %xmm5 # round0 key - vand q1, q0, q9 @ vpand %xmm9, %xmm0, %xmm1 - vshr.u8 q0, q0, #4 @ vpsrlb $4, %xmm0, %xmm0 - vtbl.8 d2, {q2}, d2 @ vpshufb %xmm1, %xmm2, %xmm1 - vtbl.8 d3, {q2}, d3 - vtbl.8 d4, {q3}, d0 @ vpshufb %xmm0, %xmm3, %xmm2 - vtbl.8 d5, {q3}, d1 - veor q0, q1, q5 @ vpxor %xmm5, %xmm1, %xmm0 - veor q0, q0, q2 @ vpxor %xmm2, %xmm0, %xmm0 - - @ .Lenc_entry ends with a bnz instruction which is normally paired with - @ subs in .Lenc_loop. - tst r8, r8 - b Lenc_entry - -.align 4 -Lenc_loop: - @ middle of middle round - add r10, r11, #0x40 - vtbl.8 d8, {q13}, d4 @ vpshufb %xmm2, %xmm13, %xmm4 # 4 = sb1u - vtbl.8 d9, {q13}, d5 - vld1.64 {q1}, [r11]! @ vmovdqa -0x40(%r11,%r10), %xmm1 # Lk_mc_forward[] - vtbl.8 d0, {q12}, d6 @ vpshufb %xmm3, %xmm12, %xmm0 # 0 = sb1t - vtbl.8 d1, {q12}, d7 - veor q4, q4, q5 @ vpxor %xmm5, %xmm4, %xmm4 # 4 = sb1u + k - vtbl.8 d10, {q15}, d4 @ vpshufb %xmm2, %xmm15, %xmm5 # 4 = sb2u - vtbl.8 d11, {q15}, d5 - veor q0, q0, q4 @ vpxor %xmm4, %xmm0, %xmm0 # 0 = A - vtbl.8 d4, {q14}, d6 @ vpshufb %xmm3, %xmm14, %xmm2 # 2 = sb2t - vtbl.8 d5, {q14}, d7 - vld1.64 {q4}, [r10] @ vmovdqa (%r11,%r10), %xmm4 # Lk_mc_backward[] - vtbl.8 d6, {q0}, d2 @ vpshufb %xmm1, %xmm0, %xmm3 # 0 = B - vtbl.8 d7, {q0}, d3 - veor q2, q2, q5 @ vpxor %xmm5, %xmm2, %xmm2 # 2 = 2A - @ Write to q5 instead of q0, so the table and destination registers do - @ not overlap. - vtbl.8 d10, {q0}, d8 @ vpshufb %xmm4, %xmm0, %xmm0 # 3 = D - vtbl.8 d11, {q0}, d9 - veor q3, q3, q2 @ vpxor %xmm2, %xmm3, %xmm3 # 0 = 2A+B - vtbl.8 d8, {q3}, d2 @ vpshufb %xmm1, %xmm3, %xmm4 # 0 = 2B+C - vtbl.8 d9, {q3}, d3 - @ Here we restore the original q0/q5 usage. - veor q0, q5, q3 @ vpxor %xmm3, %xmm0, %xmm0 # 3 = 2A+B+D - and r11, r11, #~(1<<6) @ and $0x30, %r11 # ... mod 4 - veor q0, q0, q4 @ vpxor %xmm4, %xmm0, %xmm0 # 0 = 2A+3B+C+D - subs r8, r8, #1 @ nr-- - -Lenc_entry: - @ top of round - vand q1, q0, q9 @ vpand %xmm0, %xmm9, %xmm1 # 0 = k - vshr.u8 q0, q0, #4 @ vpsrlb $4, %xmm0, %xmm0 # 1 = i - vtbl.8 d10, {q11}, d2 @ vpshufb %xmm1, %xmm11, %xmm5 # 2 = a/k - vtbl.8 d11, {q11}, d3 - veor q1, q1, q0 @ vpxor %xmm0, %xmm1, %xmm1 # 0 = j - vtbl.8 d6, {q10}, d0 @ vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - vtbl.8 d7, {q10}, d1 - vtbl.8 d8, {q10}, d2 @ vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - vtbl.8 d9, {q10}, d3 - veor q3, q3, q5 @ vpxor %xmm5, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - veor q4, q4, q5 @ vpxor %xmm5, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - vtbl.8 d4, {q10}, d6 @ vpshufb %xmm3, %xmm10, %xmm2 # 2 = 1/iak - vtbl.8 d5, {q10}, d7 - vtbl.8 d6, {q10}, d8 @ vpshufb %xmm4, %xmm10, %xmm3 # 3 = 1/jak - vtbl.8 d7, {q10}, d9 - veor q2, q2, q1 @ vpxor %xmm1, %xmm2, %xmm2 # 2 = io - veor q3, q3, q0 @ vpxor %xmm0, %xmm3, %xmm3 # 3 = jo - vld1.64 {q5}, [r9]! @ vmovdqu (%r9), %xmm5 - bne Lenc_loop - - @ middle of last round - add r10, r11, #0x80 - - adr r11, Lk_sbo - @ Read to q1 instead of q4, so the vtbl.8 instruction below does not - @ overlap table and destination registers. - vld1.64 {q1}, [r11]! @ vmovdqa -0x60(%r10), %xmm4 # 3 : sbou - vld1.64 {q0}, [r11] @ vmovdqa -0x50(%r10), %xmm0 # 0 : sbot Lk_sbo+16 - vtbl.8 d8, {q1}, d4 @ vpshufb %xmm2, %xmm4, %xmm4 # 4 = sbou - vtbl.8 d9, {q1}, d5 - vld1.64 {q1}, [r10] @ vmovdqa 0x40(%r11,%r10), %xmm1 # Lk_sr[] - @ Write to q2 instead of q0 below, to avoid overlapping table and - @ destination registers. - vtbl.8 d4, {q0}, d6 @ vpshufb %xmm3, %xmm0, %xmm0 # 0 = sb1t - vtbl.8 d5, {q0}, d7 - veor q4, q4, q5 @ vpxor %xmm5, %xmm4, %xmm4 # 4 = sb1u + k - veor q2, q2, q4 @ vpxor %xmm4, %xmm0, %xmm0 # 0 = A - @ Here we restore the original q0/q2 usage. - vtbl.8 d0, {q2}, d2 @ vpshufb %xmm1, %xmm0, %xmm0 - vtbl.8 d1, {q2}, d3 - bx lr - - -.globl _GFp_vpaes_encrypt -.private_extern _GFp_vpaes_encrypt -#ifdef __thumb2__ -.thumb_func _GFp_vpaes_encrypt -#endif -.align 4 -_GFp_vpaes_encrypt: - @ _vpaes_encrypt_core uses r8-r11. Round up to r7-r11 to maintain stack - @ alignment. - stmdb sp!, {r7,r8,r9,r10,r11,lr} - @ _vpaes_encrypt_core uses q4-q5 (d8-d11), which are callee-saved. - vstmdb sp!, {d8,d9,d10,d11} - - vld1.64 {q0}, [r0] - bl _vpaes_preheat - bl _vpaes_encrypt_core - vst1.64 {q0}, [r1] - - vldmia sp!, {d8,d9,d10,d11} - ldmia sp!, {r7,r8,r9,r10,r11, pc} @ return - -@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -@@ @@ -@@ AES key schedule @@ -@@ @@ -@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - -@ This function diverges from both x86_64 and armv7 in which constants are -@ pinned. x86_64 has a common preheat function for all operations. aarch64 -@ separates them because it has enough registers to pin nearly all constants. -@ armv7 does not have enough registers, but needing explicit loads and stores -@ also complicates using x86_64's register allocation directly. -@ -@ We pin some constants for convenience and leave q14 and q15 free to load -@ others on demand. - -@ -@ Key schedule constants -@ - -.align 4 -_vpaes_key_consts: -Lk_rcon:@ rcon -.quad 0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81 - -Lk_opt:@ output transform -.quad 0xFF9F4929D6B66000, 0xF7974121DEBE6808 -.quad 0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0 -Lk_deskew:@ deskew tables: inverts the sbox's "skew" -.quad 0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A -.quad 0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77 - - -#ifdef __thumb2__ -.thumb_func _vpaes_key_preheat -#endif -.align 4 -_vpaes_key_preheat: - adr r11, Lk_rcon - vmov.i8 q12, #0x5b @ Lk_s63 - adr r10, Lk_inv @ Must be aligned to 8 mod 16. - vmov.i8 q9, #0x0f @ Lk_s0F - vld1.64 {q10,q11}, [r10] @ Lk_inv - vld1.64 {q8}, [r11] @ Lk_rcon - bx lr - - -#ifdef __thumb2__ -.thumb_func _vpaes_schedule_core -#endif -.align 4 -_vpaes_schedule_core: - @ We only need to save lr, but ARM requires an 8-byte stack alignment, - @ so save an extra register. - stmdb sp!, {r3,lr} - - bl _vpaes_key_preheat @ load the tables - - adr r11, Lk_ipt @ Must be aligned to 8 mod 16. - vld1.64 {q0}, [r0]! @ vmovdqu (%rdi), %xmm0 # load key (unaligned) - - @ input transform - @ Use q4 here rather than q3 so .Lschedule_am_decrypting does not - @ overlap table and destination. - vmov q4, q0 @ vmovdqa %xmm0, %xmm3 - bl _vpaes_schedule_transform - adr r10, Lk_sr @ Must be aligned to 8 mod 16. - vmov q7, q0 @ vmovdqa %xmm0, %xmm7 - - add r8, r8, r10 - - @ encrypting, output zeroth round key after transform - vst1.64 {q0}, [r2] @ vmovdqu %xmm0, (%rdx) - - @ *ring*: Decryption removed. - -Lschedule_go: - cmp r1, #192 @ cmp $192, %esi - bhi Lschedule_256 - @ 128: fall though - -@@ -@@ .schedule_128 -@@ -@@ 128-bit specific part of key schedule. -@@ -@@ This schedule is really simple, because all its parts -@@ are accomplished by the subroutines. -@@ -Lschedule_128: - mov r0, #10 @ mov $10, %esi - -Loop_schedule_128: - bl _vpaes_schedule_round - subs r0, r0, #1 @ dec %esi - beq Lschedule_mangle_last - bl _vpaes_schedule_mangle @ write output - b Loop_schedule_128 - -@@ -@@ .aes_schedule_256 -@@ -@@ 256-bit specific part of key schedule. -@@ -@@ The structure here is very similar to the 128-bit -@@ schedule, but with an additional "low side" in -@@ q6. The low side's rounds are the same as the -@@ high side's, except no rcon and no rotation. -@@ -.align 4 -Lschedule_256: - vld1.64 {q0}, [r0] @ vmovdqu 16(%rdi),%xmm0 # load key part 2 (unaligned) - bl _vpaes_schedule_transform @ input transform - mov r0, #7 @ mov $7, %esi - -Loop_schedule_256: - bl _vpaes_schedule_mangle @ output low result - vmov q6, q0 @ vmovdqa %xmm0, %xmm6 # save cur_lo in xmm6 - - @ high round - bl _vpaes_schedule_round - subs r0, r0, #1 @ dec %esi - beq Lschedule_mangle_last - bl _vpaes_schedule_mangle - - @ low round. swap xmm7 and xmm6 - vdup.32 q0, d1[1] @ vpshufd $0xFF, %xmm0, %xmm0 - vmov.i8 q4, #0 - vmov q5, q7 @ vmovdqa %xmm7, %xmm5 - vmov q7, q6 @ vmovdqa %xmm6, %xmm7 - bl _vpaes_schedule_low_round - vmov q7, q5 @ vmovdqa %xmm5, %xmm7 - - b Loop_schedule_256 - -@@ -@@ .aes_schedule_mangle_last -@@ -@@ Mangler for last round of key schedule -@@ Mangles q0 -@@ when encrypting, outputs out(q0) ^ 63 -@@ when decrypting, outputs unskew(q0) -@@ -@@ Always called right before return... jumps to cleanup and exits -@@ -.align 4 -Lschedule_mangle_last: - @ schedule last round key from xmm0 - adr r11, Lk_deskew @ lea Lk_deskew(%rip),%r11 # prepare to deskew - - @ encrypting - vld1.64 {q1}, [r8] @ vmovdqa (%r8,%r10),%xmm1 - adr r11, Lk_opt @ lea Lk_opt(%rip), %r11 # prepare to output transform - add r2, r2, #32 @ add $32, %rdx - vmov q2, q0 - vtbl.8 d0, {q2}, d2 @ vpshufb %xmm1, %xmm0, %xmm0 # output permute - vtbl.8 d1, {q2}, d3 - -Lschedule_mangle_last_dec: - sub r2, r2, #16 @ add $-16, %rdx - veor q0, q0, q12 @ vpxor Lk_s63(%rip), %xmm0, %xmm0 - bl _vpaes_schedule_transform @ output transform - vst1.64 {q0}, [r2] @ vmovdqu %xmm0, (%rdx) # save last key - - @ cleanup - veor q0, q0, q0 @ vpxor %xmm0, %xmm0, %xmm0 - veor q1, q1, q1 @ vpxor %xmm1, %xmm1, %xmm1 - veor q2, q2, q2 @ vpxor %xmm2, %xmm2, %xmm2 - veor q3, q3, q3 @ vpxor %xmm3, %xmm3, %xmm3 - veor q4, q4, q4 @ vpxor %xmm4, %xmm4, %xmm4 - veor q5, q5, q5 @ vpxor %xmm5, %xmm5, %xmm5 - veor q6, q6, q6 @ vpxor %xmm6, %xmm6, %xmm6 - veor q7, q7, q7 @ vpxor %xmm7, %xmm7, %xmm7 - ldmia sp!, {r3,pc} @ return - - -@@ -@@ .aes_schedule_round -@@ -@@ Runs one main round of the key schedule on q0, q7 -@@ -@@ Specifically, runs subbytes on the high dword of q0 -@@ then rotates it by one byte and xors into the low dword of -@@ q7. -@@ -@@ Adds rcon from low byte of q8, then rotates q8 for -@@ next rcon. -@@ -@@ Smears the dwords of q7 by xoring the low into the -@@ second low, result into third, result into highest. -@@ -@@ Returns results in q7 = q0. -@@ Clobbers q1-q4, r11. -@@ -#ifdef __thumb2__ -.thumb_func _vpaes_schedule_round -#endif -.align 4 -_vpaes_schedule_round: - @ extract rcon from xmm8 - vmov.i8 q4, #0 @ vpxor %xmm4, %xmm4, %xmm4 - vext.8 q1, q8, q4, #15 @ vpalignr $15, %xmm8, %xmm4, %xmm1 - vext.8 q8, q8, q8, #15 @ vpalignr $15, %xmm8, %xmm8, %xmm8 - veor q7, q7, q1 @ vpxor %xmm1, %xmm7, %xmm7 - - @ rotate - vdup.32 q0, d1[1] @ vpshufd $0xFF, %xmm0, %xmm0 - vext.8 q0, q0, q0, #1 @ vpalignr $1, %xmm0, %xmm0, %xmm0 - - @ fall through... - - @ low round: same as high round, but no rotation and no rcon. -_vpaes_schedule_low_round: - @ The x86_64 version pins .Lk_sb1 in %xmm13 and .Lk_sb1+16 in %xmm12. - @ We pin other values in _vpaes_key_preheat, so load them now. - adr r11, Lk_sb1 - vld1.64 {q14,q15}, [r11] - - @ smear xmm7 - vext.8 q1, q4, q7, #12 @ vpslldq $4, %xmm7, %xmm1 - veor q7, q7, q1 @ vpxor %xmm1, %xmm7, %xmm7 - vext.8 q4, q4, q7, #8 @ vpslldq $8, %xmm7, %xmm4 - - @ subbytes - vand q1, q0, q9 @ vpand %xmm9, %xmm0, %xmm1 # 0 = k - vshr.u8 q0, q0, #4 @ vpsrlb $4, %xmm0, %xmm0 # 1 = i - veor q7, q7, q4 @ vpxor %xmm4, %xmm7, %xmm7 - vtbl.8 d4, {q11}, d2 @ vpshufb %xmm1, %xmm11, %xmm2 # 2 = a/k - vtbl.8 d5, {q11}, d3 - veor q1, q1, q0 @ vpxor %xmm0, %xmm1, %xmm1 # 0 = j - vtbl.8 d6, {q10}, d0 @ vpshufb %xmm0, %xmm10, %xmm3 # 3 = 1/i - vtbl.8 d7, {q10}, d1 - veor q3, q3, q2 @ vpxor %xmm2, %xmm3, %xmm3 # 3 = iak = 1/i + a/k - vtbl.8 d8, {q10}, d2 @ vpshufb %xmm1, %xmm10, %xmm4 # 4 = 1/j - vtbl.8 d9, {q10}, d3 - veor q7, q7, q12 @ vpxor Lk_s63(%rip), %xmm7, %xmm7 - vtbl.8 d6, {q10}, d6 @ vpshufb %xmm3, %xmm10, %xmm3 # 2 = 1/iak - vtbl.8 d7, {q10}, d7 - veor q4, q4, q2 @ vpxor %xmm2, %xmm4, %xmm4 # 4 = jak = 1/j + a/k - vtbl.8 d4, {q10}, d8 @ vpshufb %xmm4, %xmm10, %xmm2 # 3 = 1/jak - vtbl.8 d5, {q10}, d9 - veor q3, q3, q1 @ vpxor %xmm1, %xmm3, %xmm3 # 2 = io - veor q2, q2, q0 @ vpxor %xmm0, %xmm2, %xmm2 # 3 = jo - vtbl.8 d8, {q15}, d6 @ vpshufb %xmm3, %xmm13, %xmm4 # 4 = sbou - vtbl.8 d9, {q15}, d7 - vtbl.8 d2, {q14}, d4 @ vpshufb %xmm2, %xmm12, %xmm1 # 0 = sb1t - vtbl.8 d3, {q14}, d5 - veor q1, q1, q4 @ vpxor %xmm4, %xmm1, %xmm1 # 0 = sbox output - - @ add in smeared stuff - veor q0, q1, q7 @ vpxor %xmm7, %xmm1, %xmm0 - veor q7, q1, q7 @ vmovdqa %xmm0, %xmm7 - bx lr - - -@@ -@@ .aes_schedule_transform -@@ -@@ Linear-transform q0 according to tables at [r11] -@@ -@@ Requires that q9 = 0x0F0F... as in preheat -@@ Output in q0 -@@ Clobbers q1, q2, q14, q15 -@@ -#ifdef __thumb2__ -.thumb_func _vpaes_schedule_transform -#endif -.align 4 -_vpaes_schedule_transform: - vld1.64 {q14,q15}, [r11] @ vmovdqa (%r11), %xmm2 # lo - @ vmovdqa 16(%r11), %xmm1 # hi - vand q1, q0, q9 @ vpand %xmm9, %xmm0, %xmm1 - vshr.u8 q0, q0, #4 @ vpsrlb $4, %xmm0, %xmm0 - vtbl.8 d4, {q14}, d2 @ vpshufb %xmm1, %xmm2, %xmm2 - vtbl.8 d5, {q14}, d3 - vtbl.8 d0, {q15}, d0 @ vpshufb %xmm0, %xmm1, %xmm0 - vtbl.8 d1, {q15}, d1 - veor q0, q0, q2 @ vpxor %xmm2, %xmm0, %xmm0 - bx lr - - -@@ -@@ .aes_schedule_mangle -@@ -@@ Mangles q0 from (basis-transformed) standard version -@@ to our version. -@@ -@@ On encrypt, -@@ xor with 0x63 -@@ multiply by circulant 0,1,1,1 -@@ apply shiftrows transform -@@ -@@ On decrypt, -@@ xor with 0x63 -@@ multiply by "inverse mixcolumns" circulant E,B,D,9 -@@ deskew -@@ apply shiftrows transform -@@ -@@ -@@ Writes out to [r2], and increments or decrements it -@@ Keeps track of round number mod 4 in r8 -@@ Preserves q0 -@@ Clobbers q1-q5 -@@ -#ifdef __thumb2__ -.thumb_func _vpaes_schedule_mangle -#endif -.align 4 -_vpaes_schedule_mangle: - tst r3, r3 - vmov q4, q0 @ vmovdqa %xmm0, %xmm4 # save xmm0 for later - adr r11, Lk_mc_forward @ Must be aligned to 8 mod 16. - vld1.64 {q5}, [r11] @ vmovdqa Lk_mc_forward(%rip),%xmm5 - - @ encrypting - @ Write to q2 so we do not overlap table and destination below. - veor q2, q0, q12 @ vpxor Lk_s63(%rip), %xmm0, %xmm4 - add r2, r2, #16 @ add $16, %rdx - vtbl.8 d8, {q2}, d10 @ vpshufb %xmm5, %xmm4, %xmm4 - vtbl.8 d9, {q2}, d11 - vtbl.8 d2, {q4}, d10 @ vpshufb %xmm5, %xmm4, %xmm1 - vtbl.8 d3, {q4}, d11 - vtbl.8 d6, {q1}, d10 @ vpshufb %xmm5, %xmm1, %xmm3 - vtbl.8 d7, {q1}, d11 - veor q4, q4, q1 @ vpxor %xmm1, %xmm4, %xmm4 - vld1.64 {q1}, [r8] @ vmovdqa (%r8,%r10), %xmm1 - veor q3, q3, q4 @ vpxor %xmm4, %xmm3, %xmm3 - -Lschedule_mangle_both: - @ Write to q2 so table and destination do not overlap. - vtbl.8 d4, {q3}, d2 @ vpshufb %xmm1, %xmm3, %xmm3 - vtbl.8 d5, {q3}, d3 - add r8, r8, #64-16 @ add $-16, %r8 - and r8, r8, #~(1<<6) @ and $0x30, %r8 - vst1.64 {q2}, [r2] @ vmovdqu %xmm3, (%rdx) - bx lr - - -.globl _GFp_vpaes_set_encrypt_key -.private_extern _GFp_vpaes_set_encrypt_key -#ifdef __thumb2__ -.thumb_func _GFp_vpaes_set_encrypt_key -#endif -.align 4 -_GFp_vpaes_set_encrypt_key: - stmdb sp!, {r7,r8,r9,r10,r11, lr} - vstmdb sp!, {d8,d9,d10,d11,d12,d13,d14,d15} - - lsr r9, r1, #5 @ shr $5,%eax - add r9, r9, #5 @ $5,%eax - str r9, [r2,#240] @ mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; - - mov r3, #0 @ mov $0,%ecx - mov r8, #0x30 @ mov $0x30,%r8d - bl _vpaes_schedule_core - eor r0, r0, r0 - - vldmia sp!, {d8,d9,d10,d11,d12,d13,d14,d15} - ldmia sp!, {r7,r8,r9,r10,r11, pc} @ return - - -@ Additional constants for converting to bsaes. - -.align 4 -_vpaes_convert_consts: -@ .Lk_opt_then_skew applies skew(opt(x)) XOR 0x63, where skew is the linear -@ transform in the AES S-box. 0x63 is incorporated into the low half of the -@ table. This was computed with the following script: -@ -@ def u64s_to_u128(x, y): -@ return x | (y << 64) -@ def u128_to_u64s(w): -@ return w & ((1<<64)-1), w >> 64 -@ def get_byte(w, i): -@ return (w >> (i*8)) & 0xff -@ def apply_table(table, b): -@ lo = b & 0xf -@ hi = b >> 4 -@ return get_byte(table[0], lo) ^ get_byte(table[1], hi) -@ def opt(b): -@ table = [ -@ u64s_to_u128(0xFF9F4929D6B66000, 0xF7974121DEBE6808), -@ u64s_to_u128(0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0), -@ ] -@ return apply_table(table, b) -@ def rot_byte(b, n): -@ return 0xff & ((b << n) | (b >> (8-n))) -@ def skew(x): -@ return (x ^ rot_byte(x, 1) ^ rot_byte(x, 2) ^ rot_byte(x, 3) ^ -@ rot_byte(x, 4)) -@ table = [0, 0] -@ for i in range(16): -@ table[0] |= (skew(opt(i)) ^ 0x63) << (i*8) -@ table[1] |= skew(opt(i<<4)) << (i*8) -@ print(" .quad 0x%016x, 0x%016x" % u128_to_u64s(table[0])) -@ print(" .quad 0x%016x, 0x%016x" % u128_to_u64s(table[1])) -Lk_opt_then_skew: -.quad 0x9cb8436798bc4763, 0x6440bb9f6044bf9b -.quad 0x1f30062936192f00, 0xb49bad829db284ab - -@ void GFp_vpaes_encrypt_key_to_bsaes(AES_KEY *bsaes, const AES_KEY *vpaes); -.globl _GFp_vpaes_encrypt_key_to_bsaes -.private_extern _GFp_vpaes_encrypt_key_to_bsaes -#ifdef __thumb2__ -.thumb_func _GFp_vpaes_encrypt_key_to_bsaes -#endif -.align 4 -_GFp_vpaes_encrypt_key_to_bsaes: - stmdb sp!, {r11, lr} - - @ See _vpaes_schedule_core for the key schedule logic. In particular, - @ _vpaes_schedule_transform(.Lk_ipt) (section 2.2 of the paper), - @ _vpaes_schedule_mangle (section 4.3), and .Lschedule_mangle_last - @ contain the transformations not in the bsaes representation. This - @ function inverts those transforms. - @ - @ Note also that bsaes-armv7.pl expects aes-armv4.pl's key - @ representation, which does not match the other aes_nohw_* - @ implementations. The ARM aes_nohw_* stores each 32-bit word - @ byteswapped, as a convenience for (unsupported) big-endian ARM, at the - @ cost of extra REV and VREV32 operations in little-endian ARM. - - vmov.i8 q9, #0x0f @ Required by _vpaes_schedule_transform - adr r2, Lk_mc_forward @ Must be aligned to 8 mod 16. - add r3, r2, 0x90 @ Lk_sr+0x10-Lk_mc_forward = 0x90 (Apple's toolchain doesn't support the expression) - - vld1.64 {q12}, [r2] - vmov.i8 q10, #0x5b @ Lk_s63 from vpaes-x86_64 - adr r11, Lk_opt @ Must be aligned to 8 mod 16. - vmov.i8 q11, #0x63 @ LK_s63 without Lk_ipt applied - - @ vpaes stores one fewer round count than bsaes, but the number of keys - @ is the same. - ldr r2, [r1,#240] - add r2, r2, #1 - str r2, [r0,#240] - - @ The first key is transformed with _vpaes_schedule_transform(.Lk_ipt). - @ Invert this with .Lk_opt. - vld1.64 {q0}, [r1]! - bl _vpaes_schedule_transform - vrev32.8 q0, q0 - vst1.64 {q0}, [r0]! - - @ The middle keys have _vpaes_schedule_transform(.Lk_ipt) applied, - @ followed by _vpaes_schedule_mangle. _vpaes_schedule_mangle XORs 0x63, - @ multiplies by the circulant 0,1,1,1, then applies ShiftRows. -Loop_enc_key_to_bsaes: - vld1.64 {q0}, [r1]! - - @ Invert the ShiftRows step (see .Lschedule_mangle_both). Note we cycle - @ r3 in the opposite direction and start at .Lk_sr+0x10 instead of 0x30. - @ We use r3 rather than r8 to avoid a callee-saved register. - vld1.64 {q1}, [r3] - vtbl.8 d4, {q0}, d2 - vtbl.8 d5, {q0}, d3 - add r3, r3, #16 - and r3, r3, #~(1<<6) - vmov q0, q2 - - @ Handle the last key differently. - subs r2, r2, #1 - beq Loop_enc_key_to_bsaes_last - - @ Multiply by the circulant. This is its own inverse. - vtbl.8 d2, {q0}, d24 - vtbl.8 d3, {q0}, d25 - vmov q0, q1 - vtbl.8 d4, {q1}, d24 - vtbl.8 d5, {q1}, d25 - veor q0, q0, q2 - vtbl.8 d2, {q2}, d24 - vtbl.8 d3, {q2}, d25 - veor q0, q0, q1 - - @ XOR and finish. - veor q0, q0, q10 - bl _vpaes_schedule_transform - vrev32.8 q0, q0 - vst1.64 {q0}, [r0]! - b Loop_enc_key_to_bsaes - -Loop_enc_key_to_bsaes_last: - @ The final key does not have a basis transform (note - @ .Lschedule_mangle_last inverts the original transform). It only XORs - @ 0x63 and applies ShiftRows. The latter was already inverted in the - @ loop. Note that, because we act on the original representation, we use - @ q11, not q10. - veor q0, q0, q11 - vrev32.8 q0, q0 - vst1.64 {q0}, [r0] - - @ Wipe registers which contained key material. - veor q0, q0, q0 - veor q1, q1, q1 - veor q2, q2, q2 - - ldmia sp!, {r11, pc} @ return - -.globl _GFp_vpaes_ctr32_encrypt_blocks -.private_extern _GFp_vpaes_ctr32_encrypt_blocks -#ifdef __thumb2__ -.thumb_func _GFp_vpaes_ctr32_encrypt_blocks -#endif -.align 4 -_GFp_vpaes_ctr32_encrypt_blocks: - mov ip, sp - stmdb sp!, {r7,r8,r9,r10,r11, lr} - @ This function uses q4-q7 (d8-d15), which are callee-saved. - vstmdb sp!, {d8,d9,d10,d11,d12,d13,d14,d15} - - cmp r2, #0 - @ r8 is passed on the stack. - ldr r8, [ip] - beq Lctr32_done - - @ _vpaes_encrypt_core expects the key in r2, so swap r2 and r3. - mov r9, r3 - mov r3, r2 - mov r2, r9 - - @ Load the IV and counter portion. - ldr r7, [r8, #12] - vld1.8 {q7}, [r8] - - bl _vpaes_preheat - rev r7, r7 @ The counter is big-endian. - -Lctr32_loop: - vmov q0, q7 - vld1.8 {q6}, [r0]! @ Load input ahead of time - bl _vpaes_encrypt_core - veor q0, q0, q6 @ XOR input and result - vst1.8 {q0}, [r1]! - subs r3, r3, #1 - @ Update the counter. - add r7, r7, #1 - rev r9, r7 - vmov.32 d15[1], r9 - bne Lctr32_loop - -Lctr32_done: - vldmia sp!, {d8,d9,d10,d11,d12,d13,d14,d15} - ldmia sp!, {r7,r8,r9,r10,r11, pc} @ return - -#endif // !OPENSSL_NO_ASM diff --git a/pregenerated/vpaes-armv7-linux32.S b/pregenerated/vpaes-armv7-linux32.S index ae24ec9..1947ff9 100644 --- a/pregenerated/vpaes-armv7-linux32.S +++ b/pregenerated/vpaes-armv7-linux32.S @@ -10,6 +10,7 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__arm__) +#include "ring_core_generated/prefix_symbols_asm.h" .syntax unified .arch armv7-a @@ -198,11 +199,11 @@ _vpaes_encrypt_core: bx lr .size _vpaes_encrypt_core,.-_vpaes_encrypt_core -.globl GFp_vpaes_encrypt -.hidden GFp_vpaes_encrypt -.type GFp_vpaes_encrypt,%function +.globl vpaes_encrypt +.hidden vpaes_encrypt +.type vpaes_encrypt,%function .align 4 -GFp_vpaes_encrypt: +vpaes_encrypt: @ _vpaes_encrypt_core uses r8-r11. Round up to r7-r11 to maintain stack @ alignment. stmdb sp!, {r7,r8,r9,r10,r11,lr} @@ -216,7 +217,7 @@ GFp_vpaes_encrypt: vldmia sp!, {d8,d9,d10,d11} ldmia sp!, {r7,r8,r9,r10,r11, pc} @ return -.size GFp_vpaes_encrypt,.-GFp_vpaes_encrypt +.size vpaes_encrypt,.-vpaes_encrypt @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@ @@ AES key schedule @@ @@ -544,11 +545,11 @@ _vpaes_schedule_mangle: bx lr .size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle -.globl GFp_vpaes_set_encrypt_key -.hidden GFp_vpaes_set_encrypt_key -.type GFp_vpaes_set_encrypt_key,%function +.globl vpaes_set_encrypt_key +.hidden vpaes_set_encrypt_key +.type vpaes_set_encrypt_key,%function .align 4 -GFp_vpaes_set_encrypt_key: +vpaes_set_encrypt_key: stmdb sp!, {r7,r8,r9,r10,r11, lr} vstmdb sp!, {d8,d9,d10,d11,d12,d13,d14,d15} @@ -563,7 +564,7 @@ GFp_vpaes_set_encrypt_key: vldmia sp!, {d8,d9,d10,d11,d12,d13,d14,d15} ldmia sp!, {r7,r8,r9,r10,r11, pc} @ return -.size GFp_vpaes_set_encrypt_key,.-GFp_vpaes_set_encrypt_key +.size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key @ Additional constants for converting to bsaes. .type _vpaes_convert_consts,%object @@ -604,12 +605,12 @@ _vpaes_convert_consts: .quad 0x9cb8436798bc4763, 0x6440bb9f6044bf9b .quad 0x1f30062936192f00, 0xb49bad829db284ab -@ void GFp_vpaes_encrypt_key_to_bsaes(AES_KEY *bsaes, const AES_KEY *vpaes); -.globl GFp_vpaes_encrypt_key_to_bsaes -.hidden GFp_vpaes_encrypt_key_to_bsaes -.type GFp_vpaes_encrypt_key_to_bsaes,%function +@ void vpaes_encrypt_key_to_bsaes(AES_KEY *bsaes, const AES_KEY *vpaes); +.globl vpaes_encrypt_key_to_bsaes +.hidden vpaes_encrypt_key_to_bsaes +.type vpaes_encrypt_key_to_bsaes,%function .align 4 -GFp_vpaes_encrypt_key_to_bsaes: +vpaes_encrypt_key_to_bsaes: stmdb sp!, {r11, lr} @ See _vpaes_schedule_core for the key schedule logic. In particular, @@ -700,12 +701,12 @@ GFp_vpaes_encrypt_key_to_bsaes: veor q2, q2, q2 ldmia sp!, {r11, pc} @ return -.size GFp_vpaes_encrypt_key_to_bsaes,.-GFp_vpaes_encrypt_key_to_bsaes -.globl GFp_vpaes_ctr32_encrypt_blocks -.hidden GFp_vpaes_ctr32_encrypt_blocks -.type GFp_vpaes_ctr32_encrypt_blocks,%function +.size vpaes_encrypt_key_to_bsaes,.-vpaes_encrypt_key_to_bsaes +.globl vpaes_ctr32_encrypt_blocks +.hidden vpaes_ctr32_encrypt_blocks +.type vpaes_ctr32_encrypt_blocks,%function .align 4 -GFp_vpaes_ctr32_encrypt_blocks: +vpaes_ctr32_encrypt_blocks: mov ip, sp stmdb sp!, {r7,r8,r9,r10,r11, lr} @ This function uses q4-q7 (d8-d15), which are callee-saved. @@ -744,7 +745,7 @@ GFp_vpaes_ctr32_encrypt_blocks: .Lctr32_done: vldmia sp!, {d8,d9,d10,d11,d12,d13,d14,d15} ldmia sp!, {r7,r8,r9,r10,r11, pc} @ return -.size GFp_vpaes_ctr32_encrypt_blocks,.-GFp_vpaes_ctr32_encrypt_blocks +.size vpaes_ctr32_encrypt_blocks,.-vpaes_ctr32_encrypt_blocks #endif #endif // !OPENSSL_NO_ASM .section .note.GNU-stack,"",%progbits diff --git a/pregenerated/vpaes-armv8-ios64.S b/pregenerated/vpaes-armv8-ios64.S index 073d4e3..0d5fbe0 100644 --- a/pregenerated/vpaes-armv8-ios64.S +++ b/pregenerated/vpaes-armv8-ios64.S @@ -9,7 +9,8 @@ #endif #if !defined(OPENSSL_NO_ASM) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .section __TEXT,__const @@ -186,11 +187,11 @@ Lenc_entry: ret -.globl _GFp_vpaes_encrypt -.private_extern _GFp_vpaes_encrypt +.globl _vpaes_encrypt +.private_extern _vpaes_encrypt .align 4 -_GFp_vpaes_encrypt: +_vpaes_encrypt: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -661,17 +662,17 @@ _vpaes_schedule_mangle: Lschedule_mangle_both: tbl v3.16b, {v3.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm3 - add x8, x8, #64-16 // add $-16, %r8 + add x8, x8, #48 // add $-16, %r8 and x8, x8, #~(1<<6) // and $0x30, %r8 st1 {v3.2d}, [x2] // vmovdqu %xmm3, (%rdx) ret -.globl _GFp_vpaes_set_encrypt_key -.private_extern _GFp_vpaes_set_encrypt_key +.globl _vpaes_set_encrypt_key +.private_extern _vpaes_set_encrypt_key .align 4 -_GFp_vpaes_set_encrypt_key: +_vpaes_set_encrypt_key: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -691,11 +692,11 @@ _GFp_vpaes_set_encrypt_key: AARCH64_VALIDATE_LINK_REGISTER ret -.globl _GFp_vpaes_ctr32_encrypt_blocks -.private_extern _GFp_vpaes_ctr32_encrypt_blocks +.globl _vpaes_ctr32_encrypt_blocks +.private_extern _vpaes_ctr32_encrypt_blocks .align 4 -_GFp_vpaes_ctr32_encrypt_blocks: +_vpaes_ctr32_encrypt_blocks: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 diff --git a/pregenerated/vpaes-armv8-linux64.S b/pregenerated/vpaes-armv8-linux64.S index 74f986a..e5ac509 100644 --- a/pregenerated/vpaes-armv8-linux64.S +++ b/pregenerated/vpaes-armv8-linux64.S @@ -10,7 +10,8 @@ #if !defined(OPENSSL_NO_ASM) #if defined(__aarch64__) -#include <GFp/arm_arch.h> +#include "ring_core_generated/prefix_symbols_asm.h" +#include <ring-core/arm_arch.h> .section .rodata @@ -187,11 +188,11 @@ _vpaes_encrypt_core: ret .size _vpaes_encrypt_core,.-_vpaes_encrypt_core -.globl GFp_vpaes_encrypt -.hidden GFp_vpaes_encrypt -.type GFp_vpaes_encrypt,%function +.globl vpaes_encrypt +.hidden vpaes_encrypt +.type vpaes_encrypt,%function .align 4 -GFp_vpaes_encrypt: +vpaes_encrypt: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -204,7 +205,7 @@ GFp_vpaes_encrypt: ldp x29,x30,[sp],#16 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_vpaes_encrypt,.-GFp_vpaes_encrypt +.size vpaes_encrypt,.-vpaes_encrypt .type _vpaes_encrypt_2x,%function .align 4 @@ -662,17 +663,17 @@ _vpaes_schedule_mangle: .Lschedule_mangle_both: tbl v3.16b, {v3.16b}, v1.16b // vpshufb %xmm1, %xmm3, %xmm3 - add x8, x8, #64-16 // add $-16, %r8 + add x8, x8, #48 // add $-16, %r8 and x8, x8, #~(1<<6) // and $0x30, %r8 st1 {v3.2d}, [x2] // vmovdqu %xmm3, (%rdx) ret .size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle -.globl GFp_vpaes_set_encrypt_key -.hidden GFp_vpaes_set_encrypt_key -.type GFp_vpaes_set_encrypt_key,%function +.globl vpaes_set_encrypt_key +.hidden vpaes_set_encrypt_key +.type vpaes_set_encrypt_key,%function .align 4 -GFp_vpaes_set_encrypt_key: +vpaes_set_encrypt_key: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -691,12 +692,12 @@ GFp_vpaes_set_encrypt_key: ldp x29,x30,[sp],#16 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_vpaes_set_encrypt_key,.-GFp_vpaes_set_encrypt_key -.globl GFp_vpaes_ctr32_encrypt_blocks -.hidden GFp_vpaes_ctr32_encrypt_blocks -.type GFp_vpaes_ctr32_encrypt_blocks,%function +.size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key +.globl vpaes_ctr32_encrypt_blocks +.hidden vpaes_ctr32_encrypt_blocks +.type vpaes_ctr32_encrypt_blocks,%function .align 4 -GFp_vpaes_ctr32_encrypt_blocks: +vpaes_ctr32_encrypt_blocks: AARCH64_SIGN_LINK_REGISTER stp x29,x30,[sp,#-16]! add x29,sp,#0 @@ -767,7 +768,7 @@ GFp_vpaes_ctr32_encrypt_blocks: ldp x29,x30,[sp],#16 AARCH64_VALIDATE_LINK_REGISTER ret -.size GFp_vpaes_ctr32_encrypt_blocks,.-GFp_vpaes_ctr32_encrypt_blocks +.size vpaes_ctr32_encrypt_blocks,.-vpaes_ctr32_encrypt_blocks #endif #endif // !OPENSSL_NO_ASM .section .note.GNU-stack,"",%progbits diff --git a/pregenerated/vpaes-x86-elf.S b/pregenerated/vpaes-x86-elf.S index 81920ff..ccc1079 100644 --- a/pregenerated/vpaes-x86-elf.S +++ b/pregenerated/vpaes-x86-elf.S @@ -2,9 +2,7 @@ # source tree. Do not edit by hand. #if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif +#include "ring_core_generated/prefix_symbols_asm.h" .text .align 64 .L_vpaes_consts: @@ -330,12 +328,12 @@ _vpaes_schedule_mangle: movdqu %xmm3,(%edx) ret .size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle -.globl GFp_vpaes_set_encrypt_key -.hidden GFp_vpaes_set_encrypt_key -.type GFp_vpaes_set_encrypt_key,@function +.globl vpaes_set_encrypt_key +.hidden vpaes_set_encrypt_key +.type vpaes_set_encrypt_key,@function .align 16 -GFp_vpaes_set_encrypt_key: -.L_GFp_vpaes_set_encrypt_key_begin: +vpaes_set_encrypt_key: +.L_vpaes_set_encrypt_key_begin: pushl %ebp pushl %ebx pushl %esi @@ -363,13 +361,13 @@ GFp_vpaes_set_encrypt_key: popl %ebx popl %ebp ret -.size GFp_vpaes_set_encrypt_key,.-.L_GFp_vpaes_set_encrypt_key_begin -.globl GFp_vpaes_encrypt -.hidden GFp_vpaes_encrypt -.type GFp_vpaes_encrypt,@function +.size vpaes_set_encrypt_key,.-.L_vpaes_set_encrypt_key_begin +.globl vpaes_encrypt +.hidden vpaes_encrypt +.type vpaes_encrypt,@function .align 16 -GFp_vpaes_encrypt: -.L_GFp_vpaes_encrypt_begin: +vpaes_encrypt: +.L_vpaes_encrypt_begin: pushl %ebp pushl %ebx pushl %esi @@ -393,6 +391,6 @@ GFp_vpaes_encrypt: popl %ebx popl %ebp ret -.size GFp_vpaes_encrypt,.-.L_GFp_vpaes_encrypt_begin +.size vpaes_encrypt,.-.L_vpaes_encrypt_begin #endif .section .note.GNU-stack,"",@progbits diff --git a/pregenerated/vpaes-x86-macosx.S b/pregenerated/vpaes-x86-macosx.S deleted file mode 100644 index cce85ec..0000000 --- a/pregenerated/vpaes-x86-macosx.S +++ /dev/null @@ -1,381 +0,0 @@ -# This file is generated from a similarly-named Perl script in the BoringSSL -# source tree. Do not edit by hand. - -#if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif -.text -.align 6,0x90 -L_vpaes_consts: -.long 218628480,235210255,168496130,67568393 -.long 252381056,17041926,33884169,51187212 -.long 252645135,252645135,252645135,252645135 -.long 1512730624,3266504856,1377990664,3401244816 -.long 830229760,1275146365,2969422977,3447763452 -.long 3411033600,2979783055,338359620,2782886510 -.long 4209124096,907596821,221174255,1006095553 -.long 191964160,3799684038,3164090317,1589111125 -.long 182528256,1777043520,2877432650,3265356744 -.long 1874708224,3503451415,3305285752,363511674 -.long 1606117888,3487855781,1093350906,2384367825 -.long 197121,67569157,134941193,202313229 -.long 67569157,134941193,202313229,197121 -.long 134941193,202313229,197121,67569157 -.long 202313229,197121,67569157,134941193 -.long 33619971,100992007,168364043,235736079 -.long 235736079,33619971,100992007,168364043 -.long 168364043,235736079,33619971,100992007 -.long 100992007,168364043,235736079,33619971 -.long 50462976,117835012,185207048,252579084 -.long 252314880,51251460,117574920,184942860 -.long 184682752,252054788,50987272,118359308 -.long 118099200,185467140,251790600,50727180 -.long 2946363062,528716217,1300004225,1881839624 -.long 1532713819,1532713819,1532713819,1532713819 -.long 3602276352,4288629033,3737020424,4153884961 -.long 1354558464,32357713,2958822624,3775749553 -.long 1201988352,132424512,1572796698,503232858 -.long 2213177600,1597421020,4103937655,675398315 -.byte 86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105 -.byte 111,110,32,65,69,83,32,102,111,114,32,120,56,54,47,83 -.byte 83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117 -.byte 114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105 -.byte 118,101,114,115,105,116,121,41,0 -.align 6,0x90 -.private_extern __vpaes_preheat -.align 4 -__vpaes_preheat: - addl (%esp),%ebp - movdqa -48(%ebp),%xmm7 - movdqa -16(%ebp),%xmm6 - ret -.private_extern __vpaes_encrypt_core -.align 4 -__vpaes_encrypt_core: - movl $16,%ecx - movl 240(%edx),%eax - movdqa %xmm6,%xmm1 - movdqa (%ebp),%xmm2 - pandn %xmm0,%xmm1 - pand %xmm6,%xmm0 - movdqu (%edx),%xmm5 -.byte 102,15,56,0,208 - movdqa 16(%ebp),%xmm0 - pxor %xmm5,%xmm2 - psrld $4,%xmm1 - addl $16,%edx -.byte 102,15,56,0,193 - leal 192(%ebp),%ebx - pxor %xmm2,%xmm0 - jmp L000enc_entry -.align 4,0x90 -L001enc_loop: - movdqa 32(%ebp),%xmm4 - movdqa 48(%ebp),%xmm0 -.byte 102,15,56,0,226 -.byte 102,15,56,0,195 - pxor %xmm5,%xmm4 - movdqa 64(%ebp),%xmm5 - pxor %xmm4,%xmm0 - movdqa -64(%ebx,%ecx,1),%xmm1 -.byte 102,15,56,0,234 - movdqa 80(%ebp),%xmm2 - movdqa (%ebx,%ecx,1),%xmm4 -.byte 102,15,56,0,211 - movdqa %xmm0,%xmm3 - pxor %xmm5,%xmm2 -.byte 102,15,56,0,193 - addl $16,%edx - pxor %xmm2,%xmm0 -.byte 102,15,56,0,220 - addl $16,%ecx - pxor %xmm0,%xmm3 -.byte 102,15,56,0,193 - andl $48,%ecx - subl $1,%eax - pxor %xmm3,%xmm0 -L000enc_entry: - movdqa %xmm6,%xmm1 - movdqa -32(%ebp),%xmm5 - pandn %xmm0,%xmm1 - psrld $4,%xmm1 - pand %xmm6,%xmm0 -.byte 102,15,56,0,232 - movdqa %xmm7,%xmm3 - pxor %xmm1,%xmm0 -.byte 102,15,56,0,217 - movdqa %xmm7,%xmm4 - pxor %xmm5,%xmm3 -.byte 102,15,56,0,224 - movdqa %xmm7,%xmm2 - pxor %xmm5,%xmm4 -.byte 102,15,56,0,211 - movdqa %xmm7,%xmm3 - pxor %xmm0,%xmm2 -.byte 102,15,56,0,220 - movdqu (%edx),%xmm5 - pxor %xmm1,%xmm3 - jnz L001enc_loop - movdqa 96(%ebp),%xmm4 - movdqa 112(%ebp),%xmm0 -.byte 102,15,56,0,226 - pxor %xmm5,%xmm4 -.byte 102,15,56,0,195 - movdqa 64(%ebx,%ecx,1),%xmm1 - pxor %xmm4,%xmm0 -.byte 102,15,56,0,193 - ret -.private_extern __vpaes_schedule_core -.align 4 -__vpaes_schedule_core: - addl (%esp),%ebp - movdqu (%esi),%xmm0 - movdqa 320(%ebp),%xmm2 - movdqa %xmm0,%xmm3 - leal (%ebp),%ebx - movdqa %xmm2,4(%esp) - call __vpaes_schedule_transform - movdqa %xmm0,%xmm7 - testl %edi,%edi - jnz L002schedule_am_decrypting - movdqu %xmm0,(%edx) - jmp L003schedule_go -L002schedule_am_decrypting: - movdqa 256(%ebp,%ecx,1),%xmm1 -.byte 102,15,56,0,217 - movdqu %xmm3,(%edx) - xorl $48,%ecx -L003schedule_go: - cmpl $192,%eax - ja L004schedule_256 -L005schedule_128: - movl $10,%eax -L006loop_schedule_128: - call __vpaes_schedule_round - decl %eax - jz L007schedule_mangle_last - call __vpaes_schedule_mangle - jmp L006loop_schedule_128 -.align 4,0x90 -L004schedule_256: - movdqu 16(%esi),%xmm0 - call __vpaes_schedule_transform - movl $7,%eax -L008loop_schedule_256: - call __vpaes_schedule_mangle - movdqa %xmm0,%xmm6 - call __vpaes_schedule_round - decl %eax - jz L007schedule_mangle_last - call __vpaes_schedule_mangle - pshufd $255,%xmm0,%xmm0 - movdqa %xmm7,20(%esp) - movdqa %xmm6,%xmm7 - call L_vpaes_schedule_low_round - movdqa 20(%esp),%xmm7 - jmp L008loop_schedule_256 -.align 4,0x90 -L007schedule_mangle_last: - leal 384(%ebp),%ebx - testl %edi,%edi - jnz L009schedule_mangle_last_dec - movdqa 256(%ebp,%ecx,1),%xmm1 -.byte 102,15,56,0,193 - leal 352(%ebp),%ebx - addl $32,%edx -L009schedule_mangle_last_dec: - addl $-16,%edx - pxor 336(%ebp),%xmm0 - call __vpaes_schedule_transform - movdqu %xmm0,(%edx) - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - ret -.private_extern __vpaes_schedule_round -.align 4 -__vpaes_schedule_round: - movdqa 8(%esp),%xmm2 - pxor %xmm1,%xmm1 -.byte 102,15,58,15,202,15 -.byte 102,15,58,15,210,15 - pxor %xmm1,%xmm7 - pshufd $255,%xmm0,%xmm0 -.byte 102,15,58,15,192,1 - movdqa %xmm2,8(%esp) -L_vpaes_schedule_low_round: - movdqa %xmm7,%xmm1 - pslldq $4,%xmm7 - pxor %xmm1,%xmm7 - movdqa %xmm7,%xmm1 - pslldq $8,%xmm7 - pxor %xmm1,%xmm7 - pxor 336(%ebp),%xmm7 - movdqa -16(%ebp),%xmm4 - movdqa -48(%ebp),%xmm5 - movdqa %xmm4,%xmm1 - pandn %xmm0,%xmm1 - psrld $4,%xmm1 - pand %xmm4,%xmm0 - movdqa -32(%ebp),%xmm2 -.byte 102,15,56,0,208 - pxor %xmm1,%xmm0 - movdqa %xmm5,%xmm3 -.byte 102,15,56,0,217 - pxor %xmm2,%xmm3 - movdqa %xmm5,%xmm4 -.byte 102,15,56,0,224 - pxor %xmm2,%xmm4 - movdqa %xmm5,%xmm2 -.byte 102,15,56,0,211 - pxor %xmm0,%xmm2 - movdqa %xmm5,%xmm3 -.byte 102,15,56,0,220 - pxor %xmm1,%xmm3 - movdqa 32(%ebp),%xmm4 -.byte 102,15,56,0,226 - movdqa 48(%ebp),%xmm0 -.byte 102,15,56,0,195 - pxor %xmm4,%xmm0 - pxor %xmm7,%xmm0 - movdqa %xmm0,%xmm7 - ret -.private_extern __vpaes_schedule_transform -.align 4 -__vpaes_schedule_transform: - movdqa -16(%ebp),%xmm2 - movdqa %xmm2,%xmm1 - pandn %xmm0,%xmm1 - psrld $4,%xmm1 - pand %xmm2,%xmm0 - movdqa (%ebx),%xmm2 -.byte 102,15,56,0,208 - movdqa 16(%ebx),%xmm0 -.byte 102,15,56,0,193 - pxor %xmm2,%xmm0 - ret -.private_extern __vpaes_schedule_mangle -.align 4 -__vpaes_schedule_mangle: - movdqa %xmm0,%xmm4 - movdqa 128(%ebp),%xmm5 - testl %edi,%edi - jnz L010schedule_mangle_dec - addl $16,%edx - pxor 336(%ebp),%xmm4 -.byte 102,15,56,0,229 - movdqa %xmm4,%xmm3 -.byte 102,15,56,0,229 - pxor %xmm4,%xmm3 -.byte 102,15,56,0,229 - pxor %xmm4,%xmm3 - jmp L011schedule_mangle_both -.align 4,0x90 -L010schedule_mangle_dec: - movdqa -16(%ebp),%xmm2 - leal (%ebp),%esi - movdqa %xmm2,%xmm1 - pandn %xmm4,%xmm1 - psrld $4,%xmm1 - pand %xmm2,%xmm4 - movdqa (%esi),%xmm2 -.byte 102,15,56,0,212 - movdqa 16(%esi),%xmm3 -.byte 102,15,56,0,217 - pxor %xmm2,%xmm3 -.byte 102,15,56,0,221 - movdqa 32(%esi),%xmm2 -.byte 102,15,56,0,212 - pxor %xmm3,%xmm2 - movdqa 48(%esi),%xmm3 -.byte 102,15,56,0,217 - pxor %xmm2,%xmm3 -.byte 102,15,56,0,221 - movdqa 64(%esi),%xmm2 -.byte 102,15,56,0,212 - pxor %xmm3,%xmm2 - movdqa 80(%esi),%xmm3 -.byte 102,15,56,0,217 - pxor %xmm2,%xmm3 -.byte 102,15,56,0,221 - movdqa 96(%esi),%xmm2 -.byte 102,15,56,0,212 - pxor %xmm3,%xmm2 - movdqa 112(%esi),%xmm3 -.byte 102,15,56,0,217 - pxor %xmm2,%xmm3 - addl $-16,%edx -L011schedule_mangle_both: - movdqa 256(%ebp,%ecx,1),%xmm1 -.byte 102,15,56,0,217 - addl $-16,%ecx - andl $48,%ecx - movdqu %xmm3,(%edx) - ret -.globl _GFp_vpaes_set_encrypt_key -.private_extern _GFp_vpaes_set_encrypt_key -.align 4 -_GFp_vpaes_set_encrypt_key: -L_GFp_vpaes_set_encrypt_key_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - movl 20(%esp),%esi - leal -56(%esp),%ebx - movl 24(%esp),%eax - andl $-16,%ebx - movl 28(%esp),%edx - xchgl %esp,%ebx - movl %ebx,48(%esp) - movl %eax,%ebx - shrl $5,%ebx - addl $5,%ebx - movl %ebx,240(%edx) - movl $48,%ecx - movl $0,%edi - leal L_vpaes_consts+0x30-L012pic_point,%ebp - call __vpaes_schedule_core -L012pic_point: - movl 48(%esp),%esp - xorl %eax,%eax - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.globl _GFp_vpaes_encrypt -.private_extern _GFp_vpaes_encrypt -.align 4 -_GFp_vpaes_encrypt: -L_GFp_vpaes_encrypt_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - leal L_vpaes_consts+0x30-L013pic_point,%ebp - call __vpaes_preheat -L013pic_point: - movl 20(%esp),%esi - leal -56(%esp),%ebx - movl 24(%esp),%edi - andl $-16,%ebx - movl 28(%esp),%edx - xchgl %esp,%ebx - movl %ebx,48(%esp) - movdqu (%esi),%xmm0 - call __vpaes_encrypt_core - movdqu %xmm0,(%edi) - movl 48(%esp),%esp - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -#endif diff --git a/pregenerated/vpaes-x86-win32n.obj b/pregenerated/vpaes-x86-win32n.obj Binary files differindex 51cd4d6..c4c1718 100644 --- a/pregenerated/vpaes-x86-win32n.obj +++ b/pregenerated/vpaes-x86-win32n.obj diff --git a/pregenerated/vpaes-x86_64-elf.S b/pregenerated/vpaes-x86_64-elf.S index cc8244f..bee78b1 100644 --- a/pregenerated/vpaes-x86_64-elf.S +++ b/pregenerated/vpaes-x86_64-elf.S @@ -8,6 +8,7 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text @@ -573,11 +574,11 @@ _vpaes_schedule_mangle: -.globl GFp_vpaes_set_encrypt_key -.hidden GFp_vpaes_set_encrypt_key -.type GFp_vpaes_set_encrypt_key,@function +.globl vpaes_set_encrypt_key +.hidden vpaes_set_encrypt_key +.type vpaes_set_encrypt_key,@function .align 16 -GFp_vpaes_set_encrypt_key: +vpaes_set_encrypt_key: .cfi_startproc #ifdef BORINGSSL_DISPATCH_TEST .extern BORINGSSL_function_hit @@ -596,13 +597,13 @@ GFp_vpaes_set_encrypt_key: xorl %eax,%eax .byte 0xf3,0xc3 .cfi_endproc -.size GFp_vpaes_set_encrypt_key,.-GFp_vpaes_set_encrypt_key +.size vpaes_set_encrypt_key,.-vpaes_set_encrypt_key -.globl GFp_vpaes_encrypt -.hidden GFp_vpaes_encrypt -.type GFp_vpaes_encrypt,@function +.globl vpaes_encrypt +.hidden vpaes_encrypt +.type vpaes_encrypt,@function .align 16 -GFp_vpaes_encrypt: +vpaes_encrypt: .cfi_startproc movdqu (%rdi),%xmm0 call _vpaes_preheat @@ -610,12 +611,12 @@ GFp_vpaes_encrypt: movdqu %xmm0,(%rsi) .byte 0xf3,0xc3 .cfi_endproc -.size GFp_vpaes_encrypt,.-GFp_vpaes_encrypt -.globl GFp_vpaes_ctr32_encrypt_blocks -.hidden GFp_vpaes_ctr32_encrypt_blocks -.type GFp_vpaes_ctr32_encrypt_blocks,@function +.size vpaes_encrypt,.-vpaes_encrypt +.globl vpaes_ctr32_encrypt_blocks +.hidden vpaes_ctr32_encrypt_blocks +.type vpaes_ctr32_encrypt_blocks,@function .align 16 -GFp_vpaes_ctr32_encrypt_blocks: +vpaes_ctr32_encrypt_blocks: .cfi_startproc xchgq %rcx,%rdx @@ -673,7 +674,7 @@ GFp_vpaes_ctr32_encrypt_blocks: .Lctr32_abort: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_vpaes_ctr32_encrypt_blocks,.-GFp_vpaes_ctr32_encrypt_blocks +.size vpaes_ctr32_encrypt_blocks,.-vpaes_ctr32_encrypt_blocks diff --git a/pregenerated/vpaes-x86_64-macosx.S b/pregenerated/vpaes-x86_64-macosx.S index 86c019a..a25d1b6 100644 --- a/pregenerated/vpaes-x86_64-macosx.S +++ b/pregenerated/vpaes-x86_64-macosx.S @@ -8,6 +8,7 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text @@ -573,11 +574,11 @@ L$schedule_mangle_both: -.globl _GFp_vpaes_set_encrypt_key -.private_extern _GFp_vpaes_set_encrypt_key +.globl _vpaes_set_encrypt_key +.private_extern _vpaes_set_encrypt_key .p2align 4 -_GFp_vpaes_set_encrypt_key: +_vpaes_set_encrypt_key: #ifdef BORINGSSL_DISPATCH_TEST @@ -597,11 +598,11 @@ _GFp_vpaes_set_encrypt_key: -.globl _GFp_vpaes_encrypt -.private_extern _GFp_vpaes_encrypt +.globl _vpaes_encrypt +.private_extern _vpaes_encrypt .p2align 4 -_GFp_vpaes_encrypt: +_vpaes_encrypt: movdqu (%rdi),%xmm0 call _vpaes_preheat @@ -610,11 +611,11 @@ _GFp_vpaes_encrypt: .byte 0xf3,0xc3 -.globl _GFp_vpaes_ctr32_encrypt_blocks -.private_extern _GFp_vpaes_ctr32_encrypt_blocks +.globl _vpaes_ctr32_encrypt_blocks +.private_extern _vpaes_ctr32_encrypt_blocks .p2align 4 -_GFp_vpaes_ctr32_encrypt_blocks: +_vpaes_ctr32_encrypt_blocks: xchgq %rcx,%rdx diff --git a/pregenerated/vpaes-x86_64-nasm.obj b/pregenerated/vpaes-x86_64-nasm.obj Binary files differindex 146f5e1..d40d59a 100644 --- a/pregenerated/vpaes-x86_64-nasm.obj +++ b/pregenerated/vpaes-x86_64-nasm.obj diff --git a/pregenerated/x86-mont-elf.S b/pregenerated/x86-mont-elf.S index 46ca35d..9d1db6f 100644 --- a/pregenerated/x86-mont-elf.S +++ b/pregenerated/x86-mont-elf.S @@ -2,16 +2,14 @@ # source tree. Do not edit by hand. #if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl GFp_bn_mul_mont -.hidden GFp_bn_mul_mont -.type GFp_bn_mul_mont,@function +.globl bn_mul_mont +.hidden bn_mul_mont +.type bn_mul_mont,@function .align 16 -GFp_bn_mul_mont: -.L_GFp_bn_mul_mont_begin: +bn_mul_mont: +.L_bn_mul_mont_begin: pushl %ebp pushl %ebx pushl %esi @@ -65,7 +63,7 @@ GFp_bn_mul_mont: call .L002PIC_me_up .L002PIC_me_up: popl %eax - leal GFp_ia32cap_P-.L002PIC_me_up(%eax),%eax + leal OPENSSL_ia32cap_P-.L002PIC_me_up(%eax),%eax btl $26,(%eax) movl $-1,%eax movd %eax,%mm7 @@ -216,7 +214,7 @@ GFp_bn_mul_mont: popl %ebx popl %ebp ret -.size GFp_bn_mul_mont,.-.L_GFp_bn_mul_mont_begin +.size bn_mul_mont,.-.L_bn_mul_mont_begin .byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105 .byte 112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56 .byte 54,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121 diff --git a/pregenerated/x86-mont-macosx.S b/pregenerated/x86-mont-macosx.S deleted file mode 100644 index 713f608..0000000 --- a/pregenerated/x86-mont-macosx.S +++ /dev/null @@ -1,227 +0,0 @@ -# This file is generated from a similarly-named Perl script in the BoringSSL -# source tree. Do not edit by hand. - -#if defined(__i386__) -#if defined(BORINGSSL_PREFIX) -#include <boringssl_prefix_symbols_asm.h> -#endif -.text -.globl _GFp_bn_mul_mont -.private_extern _GFp_bn_mul_mont -.align 4 -_GFp_bn_mul_mont: -L_GFp_bn_mul_mont_begin: - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - xorl %eax,%eax - movl 40(%esp),%edi - leal 20(%esp),%esi - leal 24(%esp),%edx - addl $2,%edi - negl %edi - leal -32(%esp,%edi,4),%ebp - negl %edi - movl %ebp,%eax - subl %edx,%eax - andl $2047,%eax - subl %eax,%ebp - xorl %ebp,%edx - andl $2048,%edx - xorl $2048,%edx - subl %edx,%ebp - andl $-64,%ebp - movl %esp,%eax - subl %ebp,%eax - andl $-4096,%eax - movl %esp,%edx - leal (%ebp,%eax,1),%esp - movl (%esp),%eax - cmpl %ebp,%esp - ja L000page_walk - jmp L001page_walk_done -.align 4,0x90 -L000page_walk: - leal -4096(%esp),%esp - movl (%esp),%eax - cmpl %ebp,%esp - ja L000page_walk -L001page_walk_done: - movl (%esi),%eax - movl 4(%esi),%ebx - movl 8(%esi),%ecx - movl 12(%esi),%ebp - movl 16(%esi),%esi - movl (%esi),%esi - movl %eax,4(%esp) - movl %ebx,8(%esp) - movl %ecx,12(%esp) - movl %ebp,16(%esp) - movl %esi,20(%esp) - leal -3(%edi),%ebx - movl %edx,24(%esp) - call L002PIC_me_up -L002PIC_me_up: - popl %eax - movl L_GFp_ia32cap_P$non_lazy_ptr-L002PIC_me_up(%eax),%eax - btl $26,(%eax) - movl $-1,%eax - movd %eax,%mm7 - movl 8(%esp),%esi - movl 12(%esp),%edi - movl 16(%esp),%ebp - xorl %edx,%edx - xorl %ecx,%ecx - movd (%edi),%mm4 - movd (%esi),%mm5 - movd (%ebp),%mm3 - pmuludq %mm4,%mm5 - movq %mm5,%mm2 - movq %mm5,%mm0 - pand %mm7,%mm0 - pmuludq 20(%esp),%mm5 - pmuludq %mm5,%mm3 - paddq %mm0,%mm3 - movd 4(%ebp),%mm1 - movd 4(%esi),%mm0 - psrlq $32,%mm2 - psrlq $32,%mm3 - incl %ecx -.align 4,0x90 -L0031st: - pmuludq %mm4,%mm0 - pmuludq %mm5,%mm1 - paddq %mm0,%mm2 - paddq %mm1,%mm3 - movq %mm2,%mm0 - pand %mm7,%mm0 - movd 4(%ebp,%ecx,4),%mm1 - paddq %mm0,%mm3 - movd 4(%esi,%ecx,4),%mm0 - psrlq $32,%mm2 - movd %mm3,28(%esp,%ecx,4) - psrlq $32,%mm3 - leal 1(%ecx),%ecx - cmpl %ebx,%ecx - jl L0031st - pmuludq %mm4,%mm0 - pmuludq %mm5,%mm1 - paddq %mm0,%mm2 - paddq %mm1,%mm3 - movq %mm2,%mm0 - pand %mm7,%mm0 - paddq %mm0,%mm3 - movd %mm3,28(%esp,%ecx,4) - psrlq $32,%mm2 - psrlq $32,%mm3 - paddq %mm2,%mm3 - movq %mm3,32(%esp,%ebx,4) - incl %edx -L004outer: - xorl %ecx,%ecx - movd (%edi,%edx,4),%mm4 - movd (%esi),%mm5 - movd 32(%esp),%mm6 - movd (%ebp),%mm3 - pmuludq %mm4,%mm5 - paddq %mm6,%mm5 - movq %mm5,%mm0 - movq %mm5,%mm2 - pand %mm7,%mm0 - pmuludq 20(%esp),%mm5 - pmuludq %mm5,%mm3 - paddq %mm0,%mm3 - movd 36(%esp),%mm6 - movd 4(%ebp),%mm1 - movd 4(%esi),%mm0 - psrlq $32,%mm2 - psrlq $32,%mm3 - paddq %mm6,%mm2 - incl %ecx - decl %ebx -L005inner: - pmuludq %mm4,%mm0 - pmuludq %mm5,%mm1 - paddq %mm0,%mm2 - paddq %mm1,%mm3 - movq %mm2,%mm0 - movd 36(%esp,%ecx,4),%mm6 - pand %mm7,%mm0 - movd 4(%ebp,%ecx,4),%mm1 - paddq %mm0,%mm3 - movd 4(%esi,%ecx,4),%mm0 - psrlq $32,%mm2 - movd %mm3,28(%esp,%ecx,4) - psrlq $32,%mm3 - paddq %mm6,%mm2 - decl %ebx - leal 1(%ecx),%ecx - jnz L005inner - movl %ecx,%ebx - pmuludq %mm4,%mm0 - pmuludq %mm5,%mm1 - paddq %mm0,%mm2 - paddq %mm1,%mm3 - movq %mm2,%mm0 - pand %mm7,%mm0 - paddq %mm0,%mm3 - movd %mm3,28(%esp,%ecx,4) - psrlq $32,%mm2 - psrlq $32,%mm3 - movd 36(%esp,%ebx,4),%mm6 - paddq %mm2,%mm3 - paddq %mm6,%mm3 - movq %mm3,32(%esp,%ebx,4) - leal 1(%edx),%edx - cmpl %ebx,%edx - jle L004outer - emms -.align 4,0x90 -L006common_tail: - movl 16(%esp),%ebp - movl 4(%esp),%edi - leal 32(%esp),%esi - movl (%esi),%eax - movl %ebx,%ecx - xorl %edx,%edx -.align 4,0x90 -L007sub: - sbbl (%ebp,%edx,4),%eax - movl %eax,(%edi,%edx,4) - decl %ecx - movl 4(%esi,%edx,4),%eax - leal 1(%edx),%edx - jge L007sub - sbbl $0,%eax - movl $-1,%edx - xorl %eax,%edx - jmp L008copy -.align 4,0x90 -L008copy: - movl 32(%esp,%ebx,4),%esi - movl (%edi,%ebx,4),%ebp - movl %ecx,32(%esp,%ebx,4) - andl %eax,%esi - andl %edx,%ebp - orl %esi,%ebp - movl %ebp,(%edi,%ebx,4) - decl %ebx - jge L008copy - movl 24(%esp),%esp - movl $1,%eax - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.byte 77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105 -.byte 112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56 -.byte 54,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121 -.byte 32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46 -.byte 111,114,103,62,0 -.section __IMPORT,__pointers,non_lazy_symbol_pointers -L_GFp_ia32cap_P$non_lazy_ptr: -.indirect_symbol _GFp_ia32cap_P -.long 0 -#endif diff --git a/pregenerated/x86-mont-win32n.obj b/pregenerated/x86-mont-win32n.obj Binary files differindex 2770e17..2ad8e9d 100644 --- a/pregenerated/x86-mont-win32n.obj +++ b/pregenerated/x86-mont-win32n.obj diff --git a/pregenerated/x86_64-mont-elf.S b/pregenerated/x86_64-mont-elf.S index 5c97209..c0fe72f 100644 --- a/pregenerated/x86_64-mont-elf.S +++ b/pregenerated/x86_64-mont-elf.S @@ -8,16 +8,17 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P -.globl GFp_bn_mul_mont -.hidden GFp_bn_mul_mont -.type GFp_bn_mul_mont,@function +.globl bn_mul_mont +.hidden bn_mul_mont +.type bn_mul_mont,@function .align 16 -GFp_bn_mul_mont: +bn_mul_mont: .cfi_startproc movl %r9d,%r9d movq %rsp,%rax @@ -26,7 +27,7 @@ GFp_bn_mul_mont: jnz .Lmul_enter cmpl $8,%r9d jb .Lmul_enter - movl GFp_ia32cap_P+8(%rip),%r11d + movl OPENSSL_ia32cap_P+8(%rip),%r11d cmpq %rsi,%rdx jne .Lmul4x_enter testl $7,%r9d @@ -266,7 +267,7 @@ GFp_bn_mul_mont: .Lmul_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_bn_mul_mont,.-GFp_bn_mul_mont +.size bn_mul_mont,.-bn_mul_mont .type bn_mul4x_mont,@function .align 16 bn_mul4x_mont: @@ -701,10 +702,10 @@ bn_mul4x_mont: .byte 0xf3,0xc3 .cfi_endproc .size bn_mul4x_mont,.-bn_mul4x_mont -.extern GFp_bn_sqrx8x_internal -.hidden GFp_bn_sqrx8x_internal -.extern GFp_bn_sqr8x_internal -.hidden GFp_bn_sqr8x_internal +.extern bn_sqrx8x_internal +.hidden bn_sqrx8x_internal +.extern bn_sqr8x_internal +.hidden bn_sqr8x_internal .type bn_sqr8x_mont,@function .align 32 @@ -787,12 +788,12 @@ bn_sqr8x_mont: pxor %xmm0,%xmm0 .byte 102,72,15,110,207 .byte 102,73,15,110,218 - movl GFp_ia32cap_P+8(%rip),%eax + movl OPENSSL_ia32cap_P+8(%rip),%eax andl $0x80100,%eax cmpl $0x80100,%eax jne .Lsqr8x_nox - call GFp_bn_sqrx8x_internal + call bn_sqrx8x_internal @@ -806,7 +807,7 @@ bn_sqr8x_mont: .align 32 .Lsqr8x_nox: - call GFp_bn_sqr8x_internal + call bn_sqr8x_internal diff --git a/pregenerated/x86_64-mont-macosx.S b/pregenerated/x86_64-mont-macosx.S index a5cedc8..8e819c3 100644 --- a/pregenerated/x86_64-mont-macosx.S +++ b/pregenerated/x86_64-mont-macosx.S @@ -8,15 +8,16 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl _GFp_bn_mul_mont -.private_extern _GFp_bn_mul_mont +.globl _bn_mul_mont +.private_extern _bn_mul_mont .p2align 4 -_GFp_bn_mul_mont: +_bn_mul_mont: movl %r9d,%r9d movq %rsp,%rax @@ -25,7 +26,7 @@ _GFp_bn_mul_mont: jnz L$mul_enter cmpl $8,%r9d jb L$mul_enter - movl _GFp_ia32cap_P+8(%rip),%r11d + movl _OPENSSL_ia32cap_P+8(%rip),%r11d cmpq %rsi,%rdx jne L$mul4x_enter testl $7,%r9d @@ -784,12 +785,12 @@ L$sqr8x_body: pxor %xmm0,%xmm0 .byte 102,72,15,110,207 .byte 102,73,15,110,218 - movl _GFp_ia32cap_P+8(%rip),%eax + movl _OPENSSL_ia32cap_P+8(%rip),%eax andl $0x80100,%eax cmpl $0x80100,%eax jne L$sqr8x_nox - call _GFp_bn_sqrx8x_internal + call _bn_sqrx8x_internal @@ -803,7 +804,7 @@ L$sqr8x_body: .p2align 5 L$sqr8x_nox: - call _GFp_bn_sqr8x_internal + call _bn_sqr8x_internal diff --git a/pregenerated/x86_64-mont-nasm.obj b/pregenerated/x86_64-mont-nasm.obj Binary files differindex 3bf34b3..f71cb9f 100644 --- a/pregenerated/x86_64-mont-nasm.obj +++ b/pregenerated/x86_64-mont-nasm.obj diff --git a/pregenerated/x86_64-mont5-elf.S b/pregenerated/x86_64-mont5-elf.S index bbdfff3..ac46de6 100644 --- a/pregenerated/x86_64-mont5-elf.S +++ b/pregenerated/x86_64-mont5-elf.S @@ -8,23 +8,24 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.extern GFp_ia32cap_P -.hidden GFp_ia32cap_P +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P -.globl GFp_bn_mul_mont_gather5 -.hidden GFp_bn_mul_mont_gather5 -.type GFp_bn_mul_mont_gather5,@function +.globl bn_mul_mont_gather5 +.hidden bn_mul_mont_gather5 +.type bn_mul_mont_gather5,@function .align 64 -GFp_bn_mul_mont_gather5: +bn_mul_mont_gather5: .cfi_startproc movl %r9d,%r9d movq %rsp,%rax .cfi_def_cfa_register %rax testl $7,%r9d jnz .Lmul_enter - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 movl 8(%r11),%r11d jmp .Lmul4x_enter @@ -453,7 +454,7 @@ GFp_bn_mul_mont_gather5: .Lmul_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_bn_mul_mont_gather5,.-GFp_bn_mul_mont_gather5 +.size bn_mul_mont_gather5,.-bn_mul_mont_gather5 .type bn_mul4x_mont_gather5,@function .align 32 bn_mul4x_mont_gather5: @@ -1087,15 +1088,15 @@ mul4x_internal: jmp .Lsqr4x_sub_entry .cfi_endproc .size mul4x_internal,.-mul4x_internal -.globl GFp_bn_power5 -.hidden GFp_bn_power5 -.type GFp_bn_power5,@function +.globl bn_power5 +.hidden bn_power5 +.type bn_power5,@function .align 32 -GFp_bn_power5: +bn_power5: .cfi_startproc movq %rsp,%rax .cfi_def_cfa_register %rax - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 movl 8(%r11),%r11d andl $0x80108,%r11d cmpl $0x80108,%r11d @@ -1222,14 +1223,14 @@ GFp_bn_power5: .Lpower5_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_bn_power5,.-GFp_bn_power5 +.size bn_power5,.-bn_power5 -.globl GFp_bn_sqr8x_internal -.hidden GFp_bn_sqr8x_internal -.hidden GFp_bn_sqr8x_internal -.type GFp_bn_sqr8x_internal,@function +.globl bn_sqr8x_internal +.hidden bn_sqr8x_internal +.hidden bn_sqr8x_internal +.type bn_sqr8x_internal,@function .align 32 -GFp_bn_sqr8x_internal: +bn_sqr8x_internal: __bn_sqr8x_internal: .cfi_startproc @@ -2007,7 +2008,7 @@ __bn_sqr8x_reduction: jb .L8x_reduction_loop .byte 0xf3,0xc3 .cfi_endproc -.size GFp_bn_sqr8x_internal,.-GFp_bn_sqr8x_internal +.size bn_sqr8x_internal,.-bn_sqr8x_internal .type __bn_post4x_internal,@function .align 32 __bn_post4x_internal: @@ -2064,18 +2065,18 @@ __bn_post4x_internal: .byte 0xf3,0xc3 .cfi_endproc .size __bn_post4x_internal,.-__bn_post4x_internal -.globl GFp_bn_from_montgomery -.hidden GFp_bn_from_montgomery -.type GFp_bn_from_montgomery,@function +.globl bn_from_montgomery +.hidden bn_from_montgomery +.type bn_from_montgomery,@function .align 32 -GFp_bn_from_montgomery: +bn_from_montgomery: .cfi_startproc testl $7,%r9d jz bn_from_mont8x xorl %eax,%eax .byte 0xf3,0xc3 .cfi_endproc -.size GFp_bn_from_montgomery,.-GFp_bn_from_montgomery +.size bn_from_montgomery,.-bn_from_montgomery .type bn_from_mont8x,@function .align 32 @@ -2191,7 +2192,7 @@ bn_from_mont8x: .byte 0x67 movq %rcx,%rbp .byte 102,73,15,110,218 - leaq GFp_ia32cap_P(%rip),%r11 + leaq OPENSSL_ia32cap_P(%rip),%r11 movl 8(%r11),%r11d andl $0x80108,%r11d cmpl $0x80108,%r11d @@ -2915,11 +2916,11 @@ bn_powerx5: .cfi_endproc .size bn_powerx5,.-bn_powerx5 -.globl GFp_bn_sqrx8x_internal -.hidden GFp_bn_sqrx8x_internal -.type GFp_bn_sqrx8x_internal,@function +.globl bn_sqrx8x_internal +.hidden bn_sqrx8x_internal +.type bn_sqrx8x_internal,@function .align 32 -GFp_bn_sqrx8x_internal: +bn_sqrx8x_internal: __bn_sqrx8x_internal: .cfi_startproc @@ -3534,7 +3535,7 @@ __bn_sqrx8x_reduction: jb .Lsqrx8x_reduction_loop .byte 0xf3,0xc3 .cfi_endproc -.size GFp_bn_sqrx8x_internal,.-GFp_bn_sqrx8x_internal +.size bn_sqrx8x_internal,.-bn_sqrx8x_internal .align 32 .type __bn_postx4x_internal,@function __bn_postx4x_internal: @@ -3588,11 +3589,11 @@ __bn_postx4x_internal: .byte 0xf3,0xc3 .cfi_endproc .size __bn_postx4x_internal,.-__bn_postx4x_internal -.globl GFp_bn_scatter5 -.hidden GFp_bn_scatter5 -.type GFp_bn_scatter5,@function +.globl bn_scatter5 +.hidden bn_scatter5 +.type bn_scatter5,@function .align 16 -GFp_bn_scatter5: +bn_scatter5: .cfi_startproc cmpl $0,%esi jz .Lscatter_epilogue @@ -3607,15 +3608,15 @@ GFp_bn_scatter5: .Lscatter_epilogue: .byte 0xf3,0xc3 .cfi_endproc -.size GFp_bn_scatter5,.-GFp_bn_scatter5 +.size bn_scatter5,.-bn_scatter5 -.globl GFp_bn_gather5 -.hidden GFp_bn_gather5 -.type GFp_bn_gather5,@function +.globl bn_gather5 +.hidden bn_gather5 +.type bn_gather5,@function .align 32 -GFp_bn_gather5: +bn_gather5: .cfi_startproc -.LSEH_begin_GFp_bn_gather5: +.LSEH_begin_bn_gather5: .byte 0x4c,0x8d,0x14,0x24 .cfi_def_cfa_register %r10 @@ -3774,9 +3775,9 @@ GFp_bn_gather5: leaq (%r10),%rsp .cfi_def_cfa_register %rsp .byte 0xf3,0xc3 -.LSEH_end_GFp_bn_gather5: +.LSEH_end_bn_gather5: .cfi_endproc -.size GFp_bn_gather5,.-GFp_bn_gather5 +.size bn_gather5,.-bn_gather5 .align 64 .Linc: .long 0,0, 1,1 diff --git a/pregenerated/x86_64-mont5-macosx.S b/pregenerated/x86_64-mont5-macosx.S index 9bef8fd..4c4ac09 100644 --- a/pregenerated/x86_64-mont5-macosx.S +++ b/pregenerated/x86_64-mont5-macosx.S @@ -8,22 +8,23 @@ #endif #if defined(__x86_64__) && !defined(OPENSSL_NO_ASM) +#include "ring_core_generated/prefix_symbols_asm.h" .text -.globl _GFp_bn_mul_mont_gather5 -.private_extern _GFp_bn_mul_mont_gather5 +.globl _bn_mul_mont_gather5 +.private_extern _bn_mul_mont_gather5 .p2align 6 -_GFp_bn_mul_mont_gather5: +_bn_mul_mont_gather5: movl %r9d,%r9d movq %rsp,%rax testl $7,%r9d jnz L$mul_enter - leaq _GFp_ia32cap_P(%rip),%r11 + leaq _OPENSSL_ia32cap_P(%rip),%r11 movl 8(%r11),%r11d jmp L$mul4x_enter @@ -1086,15 +1087,15 @@ L$inner4x: jmp L$sqr4x_sub_entry -.globl _GFp_bn_power5 -.private_extern _GFp_bn_power5 +.globl _bn_power5 +.private_extern _bn_power5 .p2align 5 -_GFp_bn_power5: +_bn_power5: movq %rsp,%rax - leaq _GFp_ia32cap_P(%rip),%r11 + leaq _OPENSSL_ia32cap_P(%rip),%r11 movl 8(%r11),%r11d andl $0x80108,%r11d cmpl $0x80108,%r11d @@ -1223,12 +1224,12 @@ L$power5_epilogue: -.globl _GFp_bn_sqr8x_internal -.private_extern _GFp_bn_sqr8x_internal -.private_extern _GFp_bn_sqr8x_internal +.globl _bn_sqr8x_internal +.private_extern _bn_sqr8x_internal +.private_extern _bn_sqr8x_internal .p2align 5 -_GFp_bn_sqr8x_internal: +_bn_sqr8x_internal: __bn_sqr8x_internal: @@ -2063,11 +2064,11 @@ L$sqr4x_sub_entry: .byte 0xf3,0xc3 -.globl _GFp_bn_from_montgomery -.private_extern _GFp_bn_from_montgomery +.globl _bn_from_montgomery +.private_extern _bn_from_montgomery .p2align 5 -_GFp_bn_from_montgomery: +_bn_from_montgomery: testl $7,%r9d jz bn_from_mont8x @@ -2190,7 +2191,7 @@ L$mul_by_1: .byte 0x67 movq %rcx,%rbp .byte 102,73,15,110,218 - leaq _GFp_ia32cap_P(%rip),%r11 + leaq _OPENSSL_ia32cap_P(%rip),%r11 movl 8(%r11),%r11d andl $0x80108,%r11d cmpl $0x80108,%r11d @@ -2914,11 +2915,11 @@ L$powerx5_epilogue: -.globl _GFp_bn_sqrx8x_internal -.private_extern _GFp_bn_sqrx8x_internal +.globl _bn_sqrx8x_internal +.private_extern _bn_sqrx8x_internal .p2align 5 -_GFp_bn_sqrx8x_internal: +_bn_sqrx8x_internal: __bn_sqrx8x_internal: @@ -3587,11 +3588,11 @@ L$sqrx4x_sub_entry: .byte 0xf3,0xc3 -.globl _GFp_bn_scatter5 -.private_extern _GFp_bn_scatter5 +.globl _bn_scatter5 +.private_extern _bn_scatter5 .p2align 4 -_GFp_bn_scatter5: +_bn_scatter5: cmpl $0,%esi jz L$scatter_epilogue @@ -3608,13 +3609,13 @@ L$scatter_epilogue: -.globl _GFp_bn_gather5 -.private_extern _GFp_bn_gather5 +.globl _bn_gather5 +.private_extern _bn_gather5 .p2align 5 -_GFp_bn_gather5: +_bn_gather5: -L$SEH_begin_GFp_bn_gather5: +L$SEH_begin_bn_gather5: .byte 0x4c,0x8d,0x14,0x24 @@ -3773,7 +3774,7 @@ L$gather: leaq (%r10),%rsp .byte 0xf3,0xc3 -L$SEH_end_GFp_bn_gather5: +L$SEH_end_bn_gather5: .p2align 6 diff --git a/pregenerated/x86_64-mont5-nasm.obj b/pregenerated/x86_64-mont5-nasm.obj Binary files differindex fe5b7d6..fa79a83 100644 --- a/pregenerated/x86_64-mont5-nasm.obj +++ b/pregenerated/x86_64-mont5-nasm.obj diff --git a/ring_core_generated/prefix_symbols.h b/ring_core_generated/prefix_symbols.h new file mode 100644 index 0000000..fef5a3e --- /dev/null +++ b/ring_core_generated/prefix_symbols.h @@ -0,0 +1,106 @@ + +#ifndef ring_core_generated_PREFIX_SYMBOLS_H +#define ring_core_generated_PREFIX_SYMBOLS_H + +#define CRYPTO_poly1305_finish ring_core_android_platform_CRYPTO_poly1305_finish +#define CRYPTO_poly1305_finish_neon ring_core_android_platform_CRYPTO_poly1305_finish_neon +#define CRYPTO_poly1305_init ring_core_android_platform_CRYPTO_poly1305_init +#define CRYPTO_poly1305_init_neon ring_core_android_platform_CRYPTO_poly1305_init_neon +#define CRYPTO_poly1305_update ring_core_android_platform_CRYPTO_poly1305_update +#define CRYPTO_poly1305_update_neon ring_core_android_platform_CRYPTO_poly1305_update_neon +#define ChaCha20_ctr32 ring_core_android_platform_ChaCha20_ctr32 +#define LIMBS_add_mod ring_core_android_platform_LIMBS_add_mod +#define LIMBS_are_even ring_core_android_platform_LIMBS_are_even +#define LIMBS_are_zero ring_core_android_platform_LIMBS_are_zero +#define LIMBS_equal ring_core_android_platform_LIMBS_equal +#define LIMBS_equal_limb ring_core_android_platform_LIMBS_equal_limb +#define LIMBS_less_than ring_core_android_platform_LIMBS_less_than +#define LIMBS_less_than_limb ring_core_android_platform_LIMBS_less_than_limb +#define LIMBS_reduce_once ring_core_android_platform_LIMBS_reduce_once +#define LIMBS_select_512_32 ring_core_android_platform_LIMBS_select_512_32 +#define LIMBS_shl_mod ring_core_android_platform_LIMBS_shl_mod +#define LIMBS_sub_mod ring_core_android_platform_LIMBS_sub_mod +#define LIMBS_window5_split_window ring_core_android_platform_LIMBS_window5_split_window +#define LIMBS_window5_unsplit_window ring_core_android_platform_LIMBS_window5_unsplit_window +#define LIMB_shr ring_core_android_platform_LIMB_shr +#define OPENSSL_armcap_P ring_core_android_platform_OPENSSL_armcap_P +#define OPENSSL_cpuid_setup ring_core_android_platform_OPENSSL_cpuid_setup +#define OPENSSL_ia32cap_P ring_core_android_platform_OPENSSL_ia32cap_P +#define OPENSSL_memcmp ring_core_android_platform_OPENSSL_memcmp +#define RSA_padding_check_oaep ring_core_android_platform_RSA_padding_check_oaep +#define aes_hw_ctr32_encrypt_blocks ring_core_android_platform_aes_hw_ctr32_encrypt_blocks +#define aes_hw_encrypt ring_core_android_platform_aes_hw_encrypt +#define aes_hw_set_encrypt_key ring_core_android_platform_aes_hw_set_encrypt_key +#define aes_nohw_ctr32_encrypt_blocks ring_core_android_platform_aes_nohw_ctr32_encrypt_blocks +#define aes_nohw_encrypt ring_core_android_platform_aes_nohw_encrypt +#define aes_nohw_set_encrypt_key ring_core_android_platform_aes_nohw_set_encrypt_key +#define aesni_gcm_decrypt ring_core_android_platform_aesni_gcm_decrypt +#define aesni_gcm_encrypt ring_core_android_platform_aesni_gcm_encrypt +#define bn_from_montgomery ring_core_android_platform_bn_from_montgomery +#define bn_from_montgomery_in_place ring_core_android_platform_bn_from_montgomery_in_place +#define bn_gather5 ring_core_android_platform_bn_gather5 +#define bn_mul_mont ring_core_android_platform_bn_mul_mont +#define bn_mul_mont_gather5 ring_core_android_platform_bn_mul_mont_gather5 +#define bn_neg_inv_mod_r_u64 ring_core_android_platform_bn_neg_inv_mod_r_u64 +#define bn_power5 ring_core_android_platform_bn_power5 +#define bn_scatter5 ring_core_android_platform_bn_scatter5 +#define bn_sqr8x_internal ring_core_android_platform_bn_sqr8x_internal +#define bn_sqrx8x_internal ring_core_android_platform_bn_sqrx8x_internal +#define bsaes_ctr32_encrypt_blocks ring_core_android_platform_bsaes_ctr32_encrypt_blocks +#define bssl_constant_time_test_main ring_core_android_platform_bssl_constant_time_test_main +#define chacha20_poly1305_open ring_core_android_platform_chacha20_poly1305_open +#define chacha20_poly1305_seal ring_core_android_platform_chacha20_poly1305_seal +#define gcm_ghash_avx ring_core_android_platform_gcm_ghash_avx +#define gcm_ghash_clmul ring_core_android_platform_gcm_ghash_clmul +#define gcm_ghash_neon ring_core_android_platform_gcm_ghash_neon +#define gcm_gmult_clmul ring_core_android_platform_gcm_gmult_clmul +#define gcm_gmult_neon ring_core_android_platform_gcm_gmult_neon +#define gcm_init_avx ring_core_android_platform_gcm_init_avx +#define gcm_init_clmul ring_core_android_platform_gcm_init_clmul +#define gcm_init_neon ring_core_android_platform_gcm_init_neon +#define limbs_mul_add_limb ring_core_android_platform_limbs_mul_add_limb +#define little_endian_bytes_from_scalar ring_core_android_platform_little_endian_bytes_from_scalar +#define nistz256_neg ring_core_android_platform_nistz256_neg +#define nistz256_select_w5 ring_core_android_platform_nistz256_select_w5 +#define nistz256_select_w7 ring_core_android_platform_nistz256_select_w7 +#define nistz384_point_add ring_core_android_platform_nistz384_point_add +#define nistz384_point_double ring_core_android_platform_nistz384_point_double +#define nistz384_point_mul ring_core_android_platform_nistz384_point_mul +#define p256_mul_mont ring_core_android_platform_p256_mul_mont +#define p256_point_add ring_core_android_platform_p256_point_add +#define p256_point_add_affine ring_core_android_platform_p256_point_add_affine +#define p256_point_double ring_core_android_platform_p256_point_double +#define p256_point_mul ring_core_android_platform_p256_point_mul +#define p256_point_mul_base ring_core_android_platform_p256_point_mul_base +#define p256_scalar_mul_mont ring_core_android_platform_p256_scalar_mul_mont +#define p256_scalar_sqr_rep_mont ring_core_android_platform_p256_scalar_sqr_rep_mont +#define p256_sqr_mont ring_core_android_platform_p256_sqr_mont +#define p384_elem_div_by_2 ring_core_android_platform_p384_elem_div_by_2 +#define p384_elem_mul_mont ring_core_android_platform_p384_elem_mul_mont +#define p384_elem_neg ring_core_android_platform_p384_elem_neg +#define p384_elem_sub ring_core_android_platform_p384_elem_sub +#define p384_scalar_mul_mont ring_core_android_platform_p384_scalar_mul_mont +#define poly1305_neon2_addmulmod ring_core_android_platform_poly1305_neon2_addmulmod +#define poly1305_neon2_blocks ring_core_android_platform_poly1305_neon2_blocks +#define sha256_block_data_order ring_core_android_platform_sha256_block_data_order +#define sha512_block_data_order ring_core_android_platform_sha512_block_data_order +#define vpaes_ctr32_encrypt_blocks ring_core_android_platform_vpaes_ctr32_encrypt_blocks +#define vpaes_encrypt ring_core_android_platform_vpaes_encrypt +#define vpaes_encrypt_key_to_bsaes ring_core_android_platform_vpaes_encrypt_key_to_bsaes +#define vpaes_set_encrypt_key ring_core_android_platform_vpaes_set_encrypt_key +#define x25519_NEON ring_core_android_platform_x25519_NEON +#define x25519_fe_invert ring_core_android_platform_x25519_fe_invert +#define x25519_fe_isnegative ring_core_android_platform_x25519_fe_isnegative +#define x25519_fe_mul_ttt ring_core_android_platform_x25519_fe_mul_ttt +#define x25519_fe_neg ring_core_android_platform_x25519_fe_neg +#define x25519_fe_tobytes ring_core_android_platform_x25519_fe_tobytes +#define x25519_ge_double_scalarmult_vartime ring_core_android_platform_x25519_ge_double_scalarmult_vartime +#define x25519_ge_frombytes_vartime ring_core_android_platform_x25519_ge_frombytes_vartime +#define x25519_ge_scalarmult_base ring_core_android_platform_x25519_ge_scalarmult_base +#define x25519_public_from_private_generic_masked ring_core_android_platform_x25519_public_from_private_generic_masked +#define x25519_sc_mask ring_core_android_platform_x25519_sc_mask +#define x25519_sc_muladd ring_core_android_platform_x25519_sc_muladd +#define x25519_sc_reduce ring_core_android_platform_x25519_sc_reduce +#define x25519_scalar_mult_generic_masked ring_core_android_platform_x25519_scalar_mult_generic_masked + +#endif diff --git a/ring_core_generated/prefix_symbols_asm.h b/ring_core_generated/prefix_symbols_asm.h new file mode 100644 index 0000000..8953a7d --- /dev/null +++ b/ring_core_generated/prefix_symbols_asm.h @@ -0,0 +1,210 @@ + +#ifndef ring_core_generated_PREFIX_SYMBOLS_ASM_H +#define ring_core_generated_PREFIX_SYMBOLS_ASM_H + +#if defined(__APPLE__) +#define _CRYPTO_poly1305_finish _ring_core_android_platform_CRYPTO_poly1305_finish +#define _CRYPTO_poly1305_finish_neon _ring_core_android_platform_CRYPTO_poly1305_finish_neon +#define _CRYPTO_poly1305_init _ring_core_android_platform_CRYPTO_poly1305_init +#define _CRYPTO_poly1305_init_neon _ring_core_android_platform_CRYPTO_poly1305_init_neon +#define _CRYPTO_poly1305_update _ring_core_android_platform_CRYPTO_poly1305_update +#define _CRYPTO_poly1305_update_neon _ring_core_android_platform_CRYPTO_poly1305_update_neon +#define _ChaCha20_ctr32 _ring_core_android_platform_ChaCha20_ctr32 +#define _LIMBS_add_mod _ring_core_android_platform_LIMBS_add_mod +#define _LIMBS_are_even _ring_core_android_platform_LIMBS_are_even +#define _LIMBS_are_zero _ring_core_android_platform_LIMBS_are_zero +#define _LIMBS_equal _ring_core_android_platform_LIMBS_equal +#define _LIMBS_equal_limb _ring_core_android_platform_LIMBS_equal_limb +#define _LIMBS_less_than _ring_core_android_platform_LIMBS_less_than +#define _LIMBS_less_than_limb _ring_core_android_platform_LIMBS_less_than_limb +#define _LIMBS_reduce_once _ring_core_android_platform_LIMBS_reduce_once +#define _LIMBS_select_512_32 _ring_core_android_platform_LIMBS_select_512_32 +#define _LIMBS_shl_mod _ring_core_android_platform_LIMBS_shl_mod +#define _LIMBS_sub_mod _ring_core_android_platform_LIMBS_sub_mod +#define _LIMBS_window5_split_window _ring_core_android_platform_LIMBS_window5_split_window +#define _LIMBS_window5_unsplit_window _ring_core_android_platform_LIMBS_window5_unsplit_window +#define _LIMB_shr _ring_core_android_platform_LIMB_shr +#define _OPENSSL_armcap_P _ring_core_android_platform_OPENSSL_armcap_P +#define _OPENSSL_cpuid_setup _ring_core_android_platform_OPENSSL_cpuid_setup +#define _OPENSSL_ia32cap_P _ring_core_android_platform_OPENSSL_ia32cap_P +#define _OPENSSL_memcmp _ring_core_android_platform_OPENSSL_memcmp +#define _RSA_padding_check_oaep _ring_core_android_platform_RSA_padding_check_oaep +#define _aes_hw_ctr32_encrypt_blocks _ring_core_android_platform_aes_hw_ctr32_encrypt_blocks +#define _aes_hw_encrypt _ring_core_android_platform_aes_hw_encrypt +#define _aes_hw_set_encrypt_key _ring_core_android_platform_aes_hw_set_encrypt_key +#define _aes_nohw_ctr32_encrypt_blocks _ring_core_android_platform_aes_nohw_ctr32_encrypt_blocks +#define _aes_nohw_encrypt _ring_core_android_platform_aes_nohw_encrypt +#define _aes_nohw_set_encrypt_key _ring_core_android_platform_aes_nohw_set_encrypt_key +#define _aesni_gcm_decrypt _ring_core_android_platform_aesni_gcm_decrypt +#define _aesni_gcm_encrypt _ring_core_android_platform_aesni_gcm_encrypt +#define _bn_from_montgomery _ring_core_android_platform_bn_from_montgomery +#define _bn_from_montgomery_in_place _ring_core_android_platform_bn_from_montgomery_in_place +#define _bn_gather5 _ring_core_android_platform_bn_gather5 +#define _bn_mul_mont _ring_core_android_platform_bn_mul_mont +#define _bn_mul_mont_gather5 _ring_core_android_platform_bn_mul_mont_gather5 +#define _bn_neg_inv_mod_r_u64 _ring_core_android_platform_bn_neg_inv_mod_r_u64 +#define _bn_power5 _ring_core_android_platform_bn_power5 +#define _bn_scatter5 _ring_core_android_platform_bn_scatter5 +#define _bn_sqr8x_internal _ring_core_android_platform_bn_sqr8x_internal +#define _bn_sqrx8x_internal _ring_core_android_platform_bn_sqrx8x_internal +#define _bsaes_ctr32_encrypt_blocks _ring_core_android_platform_bsaes_ctr32_encrypt_blocks +#define _bssl_constant_time_test_main _ring_core_android_platform_bssl_constant_time_test_main +#define _chacha20_poly1305_open _ring_core_android_platform_chacha20_poly1305_open +#define _chacha20_poly1305_seal _ring_core_android_platform_chacha20_poly1305_seal +#define _gcm_ghash_avx _ring_core_android_platform_gcm_ghash_avx +#define _gcm_ghash_clmul _ring_core_android_platform_gcm_ghash_clmul +#define _gcm_ghash_neon _ring_core_android_platform_gcm_ghash_neon +#define _gcm_gmult_clmul _ring_core_android_platform_gcm_gmult_clmul +#define _gcm_gmult_neon _ring_core_android_platform_gcm_gmult_neon +#define _gcm_init_avx _ring_core_android_platform_gcm_init_avx +#define _gcm_init_clmul _ring_core_android_platform_gcm_init_clmul +#define _gcm_init_neon _ring_core_android_platform_gcm_init_neon +#define _limbs_mul_add_limb _ring_core_android_platform_limbs_mul_add_limb +#define _little_endian_bytes_from_scalar _ring_core_android_platform_little_endian_bytes_from_scalar +#define _nistz256_neg _ring_core_android_platform_nistz256_neg +#define _nistz256_select_w5 _ring_core_android_platform_nistz256_select_w5 +#define _nistz256_select_w7 _ring_core_android_platform_nistz256_select_w7 +#define _nistz384_point_add _ring_core_android_platform_nistz384_point_add +#define _nistz384_point_double _ring_core_android_platform_nistz384_point_double +#define _nistz384_point_mul _ring_core_android_platform_nistz384_point_mul +#define _p256_mul_mont _ring_core_android_platform_p256_mul_mont +#define _p256_point_add _ring_core_android_platform_p256_point_add +#define _p256_point_add_affine _ring_core_android_platform_p256_point_add_affine +#define _p256_point_double _ring_core_android_platform_p256_point_double +#define _p256_point_mul _ring_core_android_platform_p256_point_mul +#define _p256_point_mul_base _ring_core_android_platform_p256_point_mul_base +#define _p256_scalar_mul_mont _ring_core_android_platform_p256_scalar_mul_mont +#define _p256_scalar_sqr_rep_mont _ring_core_android_platform_p256_scalar_sqr_rep_mont +#define _p256_sqr_mont _ring_core_android_platform_p256_sqr_mont +#define _p384_elem_div_by_2 _ring_core_android_platform_p384_elem_div_by_2 +#define _p384_elem_mul_mont _ring_core_android_platform_p384_elem_mul_mont +#define _p384_elem_neg _ring_core_android_platform_p384_elem_neg +#define _p384_elem_sub _ring_core_android_platform_p384_elem_sub +#define _p384_scalar_mul_mont _ring_core_android_platform_p384_scalar_mul_mont +#define _poly1305_neon2_addmulmod _ring_core_android_platform_poly1305_neon2_addmulmod +#define _poly1305_neon2_blocks _ring_core_android_platform_poly1305_neon2_blocks +#define _sha256_block_data_order _ring_core_android_platform_sha256_block_data_order +#define _sha512_block_data_order _ring_core_android_platform_sha512_block_data_order +#define _vpaes_ctr32_encrypt_blocks _ring_core_android_platform_vpaes_ctr32_encrypt_blocks +#define _vpaes_encrypt _ring_core_android_platform_vpaes_encrypt +#define _vpaes_encrypt_key_to_bsaes _ring_core_android_platform_vpaes_encrypt_key_to_bsaes +#define _vpaes_set_encrypt_key _ring_core_android_platform_vpaes_set_encrypt_key +#define _x25519_NEON _ring_core_android_platform_x25519_NEON +#define _x25519_fe_invert _ring_core_android_platform_x25519_fe_invert +#define _x25519_fe_isnegative _ring_core_android_platform_x25519_fe_isnegative +#define _x25519_fe_mul_ttt _ring_core_android_platform_x25519_fe_mul_ttt +#define _x25519_fe_neg _ring_core_android_platform_x25519_fe_neg +#define _x25519_fe_tobytes _ring_core_android_platform_x25519_fe_tobytes +#define _x25519_ge_double_scalarmult_vartime _ring_core_android_platform_x25519_ge_double_scalarmult_vartime +#define _x25519_ge_frombytes_vartime _ring_core_android_platform_x25519_ge_frombytes_vartime +#define _x25519_ge_scalarmult_base _ring_core_android_platform_x25519_ge_scalarmult_base +#define _x25519_public_from_private_generic_masked _ring_core_android_platform_x25519_public_from_private_generic_masked +#define _x25519_sc_mask _ring_core_android_platform_x25519_sc_mask +#define _x25519_sc_muladd _ring_core_android_platform_x25519_sc_muladd +#define _x25519_sc_reduce _ring_core_android_platform_x25519_sc_reduce +#define _x25519_scalar_mult_generic_masked _ring_core_android_platform_x25519_scalar_mult_generic_masked + +#else +#define CRYPTO_poly1305_finish ring_core_android_platform_CRYPTO_poly1305_finish +#define CRYPTO_poly1305_finish_neon ring_core_android_platform_CRYPTO_poly1305_finish_neon +#define CRYPTO_poly1305_init ring_core_android_platform_CRYPTO_poly1305_init +#define CRYPTO_poly1305_init_neon ring_core_android_platform_CRYPTO_poly1305_init_neon +#define CRYPTO_poly1305_update ring_core_android_platform_CRYPTO_poly1305_update +#define CRYPTO_poly1305_update_neon ring_core_android_platform_CRYPTO_poly1305_update_neon +#define ChaCha20_ctr32 ring_core_android_platform_ChaCha20_ctr32 +#define LIMBS_add_mod ring_core_android_platform_LIMBS_add_mod +#define LIMBS_are_even ring_core_android_platform_LIMBS_are_even +#define LIMBS_are_zero ring_core_android_platform_LIMBS_are_zero +#define LIMBS_equal ring_core_android_platform_LIMBS_equal +#define LIMBS_equal_limb ring_core_android_platform_LIMBS_equal_limb +#define LIMBS_less_than ring_core_android_platform_LIMBS_less_than +#define LIMBS_less_than_limb ring_core_android_platform_LIMBS_less_than_limb +#define LIMBS_reduce_once ring_core_android_platform_LIMBS_reduce_once +#define LIMBS_select_512_32 ring_core_android_platform_LIMBS_select_512_32 +#define LIMBS_shl_mod ring_core_android_platform_LIMBS_shl_mod +#define LIMBS_sub_mod ring_core_android_platform_LIMBS_sub_mod +#define LIMBS_window5_split_window ring_core_android_platform_LIMBS_window5_split_window +#define LIMBS_window5_unsplit_window ring_core_android_platform_LIMBS_window5_unsplit_window +#define LIMB_shr ring_core_android_platform_LIMB_shr +#define OPENSSL_armcap_P ring_core_android_platform_OPENSSL_armcap_P +#define OPENSSL_cpuid_setup ring_core_android_platform_OPENSSL_cpuid_setup +#define OPENSSL_ia32cap_P ring_core_android_platform_OPENSSL_ia32cap_P +#define OPENSSL_memcmp ring_core_android_platform_OPENSSL_memcmp +#define RSA_padding_check_oaep ring_core_android_platform_RSA_padding_check_oaep +#define aes_hw_ctr32_encrypt_blocks ring_core_android_platform_aes_hw_ctr32_encrypt_blocks +#define aes_hw_encrypt ring_core_android_platform_aes_hw_encrypt +#define aes_hw_set_encrypt_key ring_core_android_platform_aes_hw_set_encrypt_key +#define aes_nohw_ctr32_encrypt_blocks ring_core_android_platform_aes_nohw_ctr32_encrypt_blocks +#define aes_nohw_encrypt ring_core_android_platform_aes_nohw_encrypt +#define aes_nohw_set_encrypt_key ring_core_android_platform_aes_nohw_set_encrypt_key +#define aesni_gcm_decrypt ring_core_android_platform_aesni_gcm_decrypt +#define aesni_gcm_encrypt ring_core_android_platform_aesni_gcm_encrypt +#define bn_from_montgomery ring_core_android_platform_bn_from_montgomery +#define bn_from_montgomery_in_place ring_core_android_platform_bn_from_montgomery_in_place +#define bn_gather5 ring_core_android_platform_bn_gather5 +#define bn_mul_mont ring_core_android_platform_bn_mul_mont +#define bn_mul_mont_gather5 ring_core_android_platform_bn_mul_mont_gather5 +#define bn_neg_inv_mod_r_u64 ring_core_android_platform_bn_neg_inv_mod_r_u64 +#define bn_power5 ring_core_android_platform_bn_power5 +#define bn_scatter5 ring_core_android_platform_bn_scatter5 +#define bn_sqr8x_internal ring_core_android_platform_bn_sqr8x_internal +#define bn_sqrx8x_internal ring_core_android_platform_bn_sqrx8x_internal +#define bsaes_ctr32_encrypt_blocks ring_core_android_platform_bsaes_ctr32_encrypt_blocks +#define bssl_constant_time_test_main ring_core_android_platform_bssl_constant_time_test_main +#define chacha20_poly1305_open ring_core_android_platform_chacha20_poly1305_open +#define chacha20_poly1305_seal ring_core_android_platform_chacha20_poly1305_seal +#define gcm_ghash_avx ring_core_android_platform_gcm_ghash_avx +#define gcm_ghash_clmul ring_core_android_platform_gcm_ghash_clmul +#define gcm_ghash_neon ring_core_android_platform_gcm_ghash_neon +#define gcm_gmult_clmul ring_core_android_platform_gcm_gmult_clmul +#define gcm_gmult_neon ring_core_android_platform_gcm_gmult_neon +#define gcm_init_avx ring_core_android_platform_gcm_init_avx +#define gcm_init_clmul ring_core_android_platform_gcm_init_clmul +#define gcm_init_neon ring_core_android_platform_gcm_init_neon +#define limbs_mul_add_limb ring_core_android_platform_limbs_mul_add_limb +#define little_endian_bytes_from_scalar ring_core_android_platform_little_endian_bytes_from_scalar +#define nistz256_neg ring_core_android_platform_nistz256_neg +#define nistz256_select_w5 ring_core_android_platform_nistz256_select_w5 +#define nistz256_select_w7 ring_core_android_platform_nistz256_select_w7 +#define nistz384_point_add ring_core_android_platform_nistz384_point_add +#define nistz384_point_double ring_core_android_platform_nistz384_point_double +#define nistz384_point_mul ring_core_android_platform_nistz384_point_mul +#define p256_mul_mont ring_core_android_platform_p256_mul_mont +#define p256_point_add ring_core_android_platform_p256_point_add +#define p256_point_add_affine ring_core_android_platform_p256_point_add_affine +#define p256_point_double ring_core_android_platform_p256_point_double +#define p256_point_mul ring_core_android_platform_p256_point_mul +#define p256_point_mul_base ring_core_android_platform_p256_point_mul_base +#define p256_scalar_mul_mont ring_core_android_platform_p256_scalar_mul_mont +#define p256_scalar_sqr_rep_mont ring_core_android_platform_p256_scalar_sqr_rep_mont +#define p256_sqr_mont ring_core_android_platform_p256_sqr_mont +#define p384_elem_div_by_2 ring_core_android_platform_p384_elem_div_by_2 +#define p384_elem_mul_mont ring_core_android_platform_p384_elem_mul_mont +#define p384_elem_neg ring_core_android_platform_p384_elem_neg +#define p384_elem_sub ring_core_android_platform_p384_elem_sub +#define p384_scalar_mul_mont ring_core_android_platform_p384_scalar_mul_mont +#define poly1305_neon2_addmulmod ring_core_android_platform_poly1305_neon2_addmulmod +#define poly1305_neon2_blocks ring_core_android_platform_poly1305_neon2_blocks +#define sha256_block_data_order ring_core_android_platform_sha256_block_data_order +#define sha512_block_data_order ring_core_android_platform_sha512_block_data_order +#define vpaes_ctr32_encrypt_blocks ring_core_android_platform_vpaes_ctr32_encrypt_blocks +#define vpaes_encrypt ring_core_android_platform_vpaes_encrypt +#define vpaes_encrypt_key_to_bsaes ring_core_android_platform_vpaes_encrypt_key_to_bsaes +#define vpaes_set_encrypt_key ring_core_android_platform_vpaes_set_encrypt_key +#define x25519_NEON ring_core_android_platform_x25519_NEON +#define x25519_fe_invert ring_core_android_platform_x25519_fe_invert +#define x25519_fe_isnegative ring_core_android_platform_x25519_fe_isnegative +#define x25519_fe_mul_ttt ring_core_android_platform_x25519_fe_mul_ttt +#define x25519_fe_neg ring_core_android_platform_x25519_fe_neg +#define x25519_fe_tobytes ring_core_android_platform_x25519_fe_tobytes +#define x25519_ge_double_scalarmult_vartime ring_core_android_platform_x25519_ge_double_scalarmult_vartime +#define x25519_ge_frombytes_vartime ring_core_android_platform_x25519_ge_frombytes_vartime +#define x25519_ge_scalarmult_base ring_core_android_platform_x25519_ge_scalarmult_base +#define x25519_public_from_private_generic_masked ring_core_android_platform_x25519_public_from_private_generic_masked +#define x25519_sc_mask ring_core_android_platform_x25519_sc_mask +#define x25519_sc_muladd ring_core_android_platform_x25519_sc_muladd +#define x25519_sc_reduce ring_core_android_platform_x25519_sc_reduce +#define x25519_scalar_mult_generic_masked ring_core_android_platform_x25519_scalar_mult_generic_masked + +#endif +#endif diff --git a/src/aead.rs b/src/aead.rs index 4d6bdb7..3c233c5 100644 --- a/src/aead.rs +++ b/src/aead.rs @@ -1,4 +1,4 @@ -// Copyright 2015-2016 Brian Smith. +// Copyright 2015-2021 Brian Smith. // // Permission to use, copy, modify, and/or distribute this software for any // purpose with or without fee is hereby granted, provided that the above @@ -21,14 +21,17 @@ //! [AEAD]: http://www-cse.ucsd.edu/~mihir/papers/oem.html //! [`crypto.cipher.AEAD`]: https://golang.org/pkg/crypto/cipher/#AEAD -use self::block::{Block, BLOCK_LEN}; -use crate::{constant_time, cpu, error, hkdf, polyfill}; +use crate::{cpu, error, hkdf, polyfill}; use core::ops::RangeFrom; pub use self::{ aes_gcm::{AES_128_GCM, AES_256_GCM}, chacha20_poly1305::CHACHA20_POLY1305, + less_safe_key::LessSafeKey, nonce::{Nonce, NONCE_LEN}, + opening_key::OpeningKey, + sealing_key::SealingKey, + unbound_key::UnboundKey, }; /// A sequences of unique nonces. @@ -60,310 +63,18 @@ pub trait BoundKey<N: NonceSequence>: core::fmt::Debug { fn algorithm(&self) -> &'static Algorithm; } -/// An AEAD key for authenticating and decrypting ("opening"), bound to a nonce -/// sequence. -/// -/// Intentionally not `Clone` or `Copy` since cloning would allow duplication -/// of the nonce sequence. -pub struct OpeningKey<N: NonceSequence> { - key: UnboundKey, - nonce_sequence: N, -} - -impl<N: NonceSequence> BoundKey<N> for OpeningKey<N> { - fn new(key: UnboundKey, nonce_sequence: N) -> Self { - Self { - key, - nonce_sequence, - } - } - - #[inline] - fn algorithm(&self) -> &'static Algorithm { - self.key.algorithm - } -} - -impl<N: NonceSequence> core::fmt::Debug for OpeningKey<N> { - fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { - f.debug_struct("OpeningKey") - .field("algorithm", &self.algorithm()) - .finish() - } -} - -impl<N: NonceSequence> OpeningKey<N> { - /// Authenticates and decrypts (“opens”) data in place. - /// - /// `aad` is the additional authenticated data (AAD), if any. - /// - /// On input, `in_out` must be the ciphertext followed by the tag. When - /// `open_in_place()` returns `Ok(plaintext)`, the input ciphertext - /// has been overwritten by the plaintext; `plaintext` will refer to the - /// plaintext without the tag. - /// - /// When `open_in_place()` returns `Err(..)`, `in_out` may have been - /// overwritten in an unspecified way. - #[inline] - pub fn open_in_place<'in_out, A>( - &mut self, - aad: Aad<A>, - in_out: &'in_out mut [u8], - ) -> Result<&'in_out mut [u8], error::Unspecified> - where - A: AsRef<[u8]>, - { - self.open_within(aad, in_out, 0..) - } - - /// Authenticates and decrypts (“opens”) data in place, with a shift. - /// - /// `aad` is the additional authenticated data (AAD), if any. - /// - /// On input, `in_out[ciphertext_and_tag]` must be the ciphertext followed - /// by the tag. When `open_within()` returns `Ok(plaintext)`, the plaintext - /// will be at `in_out[0..plaintext.len()]`. In other words, the following - /// two code fragments are equivalent for valid values of - /// `ciphertext_and_tag`, except `open_within` will often be more efficient: - /// - /// - /// ```skip - /// let plaintext = key.open_within(aad, in_out, cipertext_and_tag)?; - /// ``` - /// - /// ```skip - /// let ciphertext_and_tag_len = in_out[ciphertext_and_tag].len(); - /// in_out.copy_within(ciphertext_and_tag, 0); - /// let plaintext = key.open_in_place(aad, &mut in_out[..ciphertext_and_tag_len])?; - /// ``` - /// - /// Similarly, `key.open_within(aad, in_out, 0..)` is equivalent to - /// `key.open_in_place(aad, in_out)`. - /// - /// When `open_in_place()` returns `Err(..)`, `in_out` may have been - /// overwritten in an unspecified way. - /// - /// The shifting feature is useful in the case where multiple packets are - /// being reassembled in place. Consider this example where the peer has - /// sent the message “Split stream reassembled in place” split into - /// three sealed packets: - /// - /// ```ascii-art - /// Packet 1 Packet 2 Packet 3 - /// Input: [Header][Ciphertext][Tag][Header][Ciphertext][Tag][Header][Ciphertext][Tag] - /// | +--------------+ | - /// +------+ +-----+ +----------------------------------+ - /// v v v - /// Output: [Plaintext][Plaintext][Plaintext] - /// “Split stream reassembled in place” - /// ``` - /// - /// This reassembly be accomplished with three calls to `open_within()`. - #[inline] - pub fn open_within<'in_out, A>( - &mut self, - aad: Aad<A>, - in_out: &'in_out mut [u8], - ciphertext_and_tag: RangeFrom<usize>, - ) -> Result<&'in_out mut [u8], error::Unspecified> - where - A: AsRef<[u8]>, - { - open_within_( - &self.key, - self.nonce_sequence.advance()?, - aad, - in_out, - ciphertext_and_tag, - ) - } -} - -#[inline] -fn open_within_<'in_out, A: AsRef<[u8]>>( - key: &UnboundKey, - nonce: Nonce, - Aad(aad): Aad<A>, - in_out: &'in_out mut [u8], - ciphertext_and_tag: RangeFrom<usize>, -) -> Result<&'in_out mut [u8], error::Unspecified> { - fn open_within<'in_out>( - key: &UnboundKey, - nonce: Nonce, - aad: Aad<&[u8]>, - in_out: &'in_out mut [u8], - ciphertext_and_tag: RangeFrom<usize>, - ) -> Result<&'in_out mut [u8], error::Unspecified> { - let in_prefix_len = ciphertext_and_tag.start; - let ciphertext_and_tag_len = in_out - .len() - .checked_sub(in_prefix_len) - .ok_or(error::Unspecified)?; - let ciphertext_len = ciphertext_and_tag_len - .checked_sub(TAG_LEN) - .ok_or(error::Unspecified)?; - check_per_nonce_max_bytes(key.algorithm, ciphertext_len)?; - let (in_out, received_tag) = in_out.split_at_mut(in_prefix_len + ciphertext_len); - let Tag(calculated_tag) = (key.algorithm.open)( - &key.inner, - nonce, - aad, - in_prefix_len, - in_out, - key.cpu_features, - ); - if constant_time::verify_slices_are_equal(calculated_tag.as_ref(), received_tag).is_err() { - // Zero out the plaintext so that it isn't accidentally leaked or used - // after verification fails. It would be safest if we could check the - // tag before decrypting, but some `open` implementations interleave - // authentication with decryption for performance. - for b in &mut in_out[..ciphertext_len] { - *b = 0; - } - return Err(error::Unspecified); - } - // `ciphertext_len` is also the plaintext length. - Ok(&mut in_out[..ciphertext_len]) - } - - open_within( - key, - nonce, - Aad::from(aad.as_ref()), - in_out, - ciphertext_and_tag, - ) -} - -/// An AEAD key for encrypting and signing ("sealing"), bound to a nonce -/// sequence. -/// -/// Intentionally not `Clone` or `Copy` since cloning would allow duplication -/// of the nonce sequence. -pub struct SealingKey<N: NonceSequence> { - key: UnboundKey, - nonce_sequence: N, -} - -impl<N: NonceSequence> BoundKey<N> for SealingKey<N> { - fn new(key: UnboundKey, nonce_sequence: N) -> Self { - Self { - key, - nonce_sequence, - } - } - - #[inline] - fn algorithm(&self) -> &'static Algorithm { - self.key.algorithm - } -} - -impl<N: NonceSequence> core::fmt::Debug for SealingKey<N> { - fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { - f.debug_struct("SealingKey") - .field("algorithm", &self.algorithm()) - .finish() - } -} - -impl<N: NonceSequence> SealingKey<N> { - /// Deprecated. Renamed to `seal_in_place_append_tag()`. - #[deprecated(note = "Renamed to `seal_in_place_append_tag`.")] - #[inline] - pub fn seal_in_place<A, InOut>( - &mut self, - aad: Aad<A>, - in_out: &mut InOut, - ) -> Result<(), error::Unspecified> - where - A: AsRef<[u8]>, - InOut: AsMut<[u8]> + for<'in_out> Extend<&'in_out u8>, - { - self.seal_in_place_append_tag(aad, in_out) - } - - /// Encrypts and signs (“seals”) data in place, appending the tag to the - /// resulting ciphertext. - /// - /// `key.seal_in_place_append_tag(aad, in_out)` is equivalent to: - /// - /// ```skip - /// key.seal_in_place_separate_tag(aad, in_out.as_mut()) - /// .map(|tag| in_out.extend(tag.as_ref())) - /// ``` - #[inline] - pub fn seal_in_place_append_tag<A, InOut>( - &mut self, - aad: Aad<A>, - in_out: &mut InOut, - ) -> Result<(), error::Unspecified> - where - A: AsRef<[u8]>, - InOut: AsMut<[u8]> + for<'in_out> Extend<&'in_out u8>, - { - self.seal_in_place_separate_tag(aad, in_out.as_mut()) - .map(|tag| in_out.extend(tag.as_ref())) - } - - /// Encrypts and signs (“seals”) data in place. - /// - /// `aad` is the additional authenticated data (AAD), if any. This is - /// authenticated but not encrypted. The type `A` could be a byte slice - /// `&[u8]`, a byte array `[u8; N]` for some constant `N`, `Vec<u8>`, etc. - /// If there is no AAD then use `Aad::empty()`. - /// - /// The plaintext is given as the input value of `in_out`. `seal_in_place()` - /// will overwrite the plaintext with the ciphertext and return the tag. - /// For most protocols, the caller must append the tag to the ciphertext. - /// The tag will be `self.algorithm.tag_len()` bytes long. - #[inline] - pub fn seal_in_place_separate_tag<A>( - &mut self, - aad: Aad<A>, - in_out: &mut [u8], - ) -> Result<Tag, error::Unspecified> - where - A: AsRef<[u8]>, - { - seal_in_place_separate_tag_( - &self.key, - self.nonce_sequence.advance()?, - Aad::from(aad.as_ref()), - in_out, - ) - } -} - -#[inline] -fn seal_in_place_separate_tag_( - key: &UnboundKey, - nonce: Nonce, - aad: Aad<&[u8]>, - in_out: &mut [u8], -) -> Result<Tag, error::Unspecified> { - check_per_nonce_max_bytes(key.algorithm, in_out.len())?; - Ok((key.algorithm.seal)( - &key.inner, - nonce, - aad, - in_out, - key.cpu_features, - )) -} - /// The additionally authenticated data (AAD) for an opening or sealing /// operation. This data is authenticated but is **not** encrypted. /// /// The type `A` could be a byte slice `&[u8]`, a byte array `[u8; N]` /// for some constant `N`, `Vec<u8>`, etc. -pub struct Aad<A: AsRef<[u8]>>(A); +pub struct Aad<A>(A); impl<A: AsRef<[u8]>> Aad<A> { /// Construct the `Aad` from the given bytes. #[inline] pub fn from(aad: A) -> Self { - Aad(aad) + Self(aad) } } @@ -383,58 +94,43 @@ impl Aad<[u8; 0]> { } } -/// An AEAD key without a designated role or nonce sequence. -pub struct UnboundKey { - inner: KeyInner, - algorithm: &'static Algorithm, - cpu_features: cpu::Features, -} - -impl core::fmt::Debug for UnboundKey { - fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { - f.debug_struct("UnboundKey") - .field("algorithm", &self.algorithm) - .finish() +impl<A> Clone for Aad<A> +where + A: Clone, +{ + #[inline] + fn clone(&self) -> Self { + Self(self.0.clone()) } } -#[allow(clippy::large_enum_variant, variant_size_differences)] -enum KeyInner { - AesGcm(aes_gcm::Key), - ChaCha20Poly1305(chacha20_poly1305::Key), -} +impl<A> Copy for Aad<A> where A: Copy {} -impl UnboundKey { - /// Constructs an `UnboundKey`. - /// - /// Fails if `key_bytes.len() != algorithm.key_len()`. - pub fn new( - algorithm: &'static Algorithm, - key_bytes: &[u8], - ) -> Result<Self, error::Unspecified> { - let cpu_features = cpu::features(); - Ok(Self { - inner: (algorithm.init)(key_bytes, cpu_features)?, - algorithm, - cpu_features, - }) +impl<A> core::fmt::Debug for Aad<A> +where + A: core::fmt::Debug, +{ + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { + f.debug_tuple("Aad").field(&self.0).finish() } +} - /// The key's AEAD algorithm. +impl<A> PartialEq for Aad<A> +where + A: PartialEq, +{ #[inline] - pub fn algorithm(&self) -> &'static Algorithm { - self.algorithm + fn eq(&self, other: &Self) -> bool { + self.0.eq(&other.0) } } -impl From<hkdf::Okm<'_, &'static Algorithm>> for UnboundKey { - fn from(okm: hkdf::Okm<&'static Algorithm>) -> Self { - let mut key_bytes = [0; MAX_KEY_LEN]; - let key_bytes = &mut key_bytes[..okm.len().key_len]; - let algorithm = *okm.len(); - okm.fill(key_bytes).unwrap(); - Self::new(algorithm, key_bytes).unwrap() - } +impl<A> Eq for Aad<A> where A: Eq {} + +#[allow(clippy::large_enum_variant, variant_size_differences)] +enum KeyInner { + AesGcm(aes_gcm::Key), + ChaCha20Poly1305(chacha20_poly1305::Key), } impl hkdf::KeyType for &'static Algorithm { @@ -444,138 +140,17 @@ impl hkdf::KeyType for &'static Algorithm { } } -/// Immutable keys for use in situations where `OpeningKey`/`SealingKey` and -/// `NonceSequence` cannot reasonably be used. -/// -/// Prefer to use `OpeningKey`/`SealingKey` and `NonceSequence` when practical. -pub struct LessSafeKey { - key: UnboundKey, -} - -impl LessSafeKey { - /// Constructs a `LessSafeKey` from an `UnboundKey`. - pub fn new(key: UnboundKey) -> Self { - Self { key } - } - - /// Like [`OpeningKey::open_in_place()`], except it accepts an arbitrary nonce. - /// - /// `nonce` must be unique for every use of the key to open data. - #[inline] - pub fn open_in_place<'in_out, A>( - &self, - nonce: Nonce, - aad: Aad<A>, - in_out: &'in_out mut [u8], - ) -> Result<&'in_out mut [u8], error::Unspecified> - where - A: AsRef<[u8]>, - { - self.open_within(nonce, aad, in_out, 0..) - } - - /// Like [`OpeningKey::open_within()`], except it accepts an arbitrary nonce. - /// - /// `nonce` must be unique for every use of the key to open data. - #[inline] - pub fn open_within<'in_out, A>( - &self, - nonce: Nonce, - aad: Aad<A>, - in_out: &'in_out mut [u8], - ciphertext_and_tag: RangeFrom<usize>, - ) -> Result<&'in_out mut [u8], error::Unspecified> - where - A: AsRef<[u8]>, - { - open_within_(&self.key, nonce, aad, in_out, ciphertext_and_tag) - } - - /// Deprecated. Renamed to `seal_in_place_append_tag()`. - #[deprecated(note = "Renamed to `seal_in_place_append_tag`.")] - #[inline] - pub fn seal_in_place<A, InOut>( - &self, - nonce: Nonce, - aad: Aad<A>, - in_out: &mut InOut, - ) -> Result<(), error::Unspecified> - where - A: AsRef<[u8]>, - InOut: AsMut<[u8]> + for<'in_out> Extend<&'in_out u8>, - { - self.seal_in_place_append_tag(nonce, aad, in_out) - } - - /// Like [`SealingKey::seal_in_place_append_tag()`], except it accepts an - /// arbitrary nonce. - /// - /// `nonce` must be unique for every use of the key to seal data. - #[inline] - pub fn seal_in_place_append_tag<A, InOut>( - &self, - nonce: Nonce, - aad: Aad<A>, - in_out: &mut InOut, - ) -> Result<(), error::Unspecified> - where - A: AsRef<[u8]>, - InOut: AsMut<[u8]> + for<'in_out> Extend<&'in_out u8>, - { - self.seal_in_place_separate_tag(nonce, aad, in_out.as_mut()) - .map(|tag| in_out.extend(tag.as_ref())) - } - - /// Like `SealingKey::seal_in_place_separate_tag()`, except it accepts an - /// arbitrary nonce. - /// - /// `nonce` must be unique for every use of the key to seal data. - #[inline] - pub fn seal_in_place_separate_tag<A>( - &self, - nonce: Nonce, - aad: Aad<A>, - in_out: &mut [u8], - ) -> Result<Tag, error::Unspecified> - where - A: AsRef<[u8]>, - { - seal_in_place_separate_tag_(&self.key, nonce, Aad::from(aad.as_ref()), in_out) - } - - /// The key's AEAD algorithm. - #[inline] - pub fn algorithm(&self) -> &'static Algorithm { - &self.key.algorithm - } -} - -impl core::fmt::Debug for LessSafeKey { - fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { - f.debug_struct("LessSafeKey") - .field("algorithm", self.algorithm()) - .finish() - } -} - /// An AEAD Algorithm. pub struct Algorithm { init: fn(key: &[u8], cpu_features: cpu::Features) -> Result<KeyInner, error::Unspecified>, - seal: fn( - key: &KeyInner, - nonce: Nonce, - aad: Aad<&[u8]>, - in_out: &mut [u8], - cpu_features: cpu::Features, - ) -> Tag, + seal: fn(key: &KeyInner, nonce: Nonce, aad: Aad<&[u8]>, in_out: &mut [u8]) -> Tag, open: fn( key: &KeyInner, nonce: Nonce, aad: Aad<&[u8]>, - in_prefix_len: usize, in_out: &mut [u8], - cpu_features: cpu::Features, + src: RangeFrom<usize>, ) -> Tag, key_len: usize, @@ -646,34 +221,23 @@ impl AsRef<[u8]> for Tag { const MAX_KEY_LEN: usize = 32; // All the AEADs we support use 128-bit tags. -const TAG_LEN: usize = BLOCK_LEN; +const TAG_LEN: usize = 16; /// The maximum length of a tag for the algorithms in this module. pub const MAX_TAG_LEN: usize = TAG_LEN; -fn check_per_nonce_max_bytes(alg: &Algorithm, in_out_len: usize) -> Result<(), error::Unspecified> { - if polyfill::u64_from_usize(in_out_len) > alg.max_input_len { - return Err(error::Unspecified); - } - Ok(()) -} - -#[derive(Clone, Copy)] -enum Direction { - Opening { in_prefix_len: usize }, - Sealing, -} - mod aes; mod aes_gcm; mod block; mod chacha; mod chacha20_poly1305; pub mod chacha20_poly1305_openssh; -mod counter; mod gcm; -mod iv; +mod less_safe_key; mod nonce; +mod opening_key; mod poly1305; pub mod quic; +mod sealing_key; mod shift; +mod unbound_key; diff --git a/src/aead/aes.rs b/src/aead/aes.rs index 5028e24..16d41a8 100644 --- a/src/aead/aes.rs +++ b/src/aead/aes.rs @@ -12,8 +12,19 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -use super::{counter, iv::Iv, quic::Sample, Block, Direction, BLOCK_LEN}; -use crate::{bits::BitLength, c, cpu, endian::*, error, polyfill}; +use super::{ + block::{Block, BLOCK_LEN}, + nonce::Nonce, + quic::Sample, +}; +use crate::{ + bits::BitLength, + c, cpu, + endian::{ArrayEncoding, BigEndian}, + error, + polyfill::{self, ChunksFixed}, +}; +use core::ops::RangeFrom; pub(crate) struct Key { inner: AES_KEY, @@ -22,7 +33,7 @@ pub(crate) struct Key { macro_rules! set_encrypt_key { ( $name:ident, $bytes:expr, $key_bits:expr, $key:expr ) => {{ - extern "C" { + prefixed_extern! { fn $name(user_key: *const u8, bits: c::uint, key: &mut AES_KEY) -> c::int; } set_encrypt_key($name, $bytes, $key_bits, $key) @@ -46,7 +57,7 @@ fn set_encrypt_key( macro_rules! encrypt_block { ($name:ident, $block:expr, $key:expr) => {{ - extern "C" { + prefixed_extern! { fn $name(a: &Block, r: *mut Block, key: &AES_KEY); } encrypt_block_($name, $block, $key) @@ -67,8 +78,8 @@ fn encrypt_block_( } macro_rules! ctr32_encrypt_blocks { - ($name:ident, $in_out:expr, $in_prefix_len:expr, $key:expr, $ivec:expr ) => {{ - extern "C" { + ($name:ident, $in_out:expr, $src:expr, $key:expr, $ivec:expr ) => {{ + prefixed_extern! { fn $name( input: *const u8, output: *mut u8, @@ -77,7 +88,7 @@ macro_rules! ctr32_encrypt_blocks { ivec: &Counter, ); } - ctr32_encrypt_blocks_($name, $in_out, $in_prefix_len, $key, $ivec) + ctr32_encrypt_blocks_($name, $in_out, $src, $key, $ivec) }}; } @@ -91,18 +102,18 @@ fn ctr32_encrypt_blocks_( ivec: &Counter, ), in_out: &mut [u8], - in_prefix_len: usize, + src: RangeFrom<usize>, key: &AES_KEY, ctr: &mut Counter, ) { - let in_out_len = in_out.len().checked_sub(in_prefix_len).unwrap(); + let in_out_len = in_out[src.clone()].len(); assert_eq!(in_out_len % BLOCK_LEN, 0); let blocks = in_out_len / BLOCK_LEN; let blocks_u32 = blocks as u32; assert_eq!(blocks, polyfill::usize_from_u32(blocks_u32)); - let input = in_out[in_prefix_len..].as_ptr(); + let input = in_out[src].as_ptr(); let output = in_out.as_mut_ptr(); unsafe { @@ -139,7 +150,7 @@ impl Key { target_arch = "x86" ))] Implementation::HWAES => { - set_encrypt_key!(GFp_aes_hw_set_encrypt_key, bytes, key_bits, &mut key)? + set_encrypt_key!(aes_hw_set_encrypt_key, bytes, key_bits, &mut key)? } #[cfg(any( @@ -149,12 +160,12 @@ impl Key { target_arch = "x86" ))] Implementation::VPAES_BSAES => { - set_encrypt_key!(GFp_vpaes_set_encrypt_key, bytes, key_bits, &mut key)? + set_encrypt_key!(vpaes_set_encrypt_key, bytes, key_bits, &mut key)? } #[cfg(not(target_arch = "aarch64"))] Implementation::NOHW => { - set_encrypt_key!(GFp_aes_nohw_set_encrypt_key, bytes, key_bits, &mut key)? + set_encrypt_key!(aes_nohw_set_encrypt_key, bytes, key_bits, &mut key)? } }; @@ -173,7 +184,7 @@ impl Key { target_arch = "x86_64", target_arch = "x86" ))] - Implementation::HWAES => encrypt_block!(GFp_aes_hw_encrypt, a, self), + Implementation::HWAES => encrypt_block!(aes_hw_encrypt, a, self), #[cfg(any( target_arch = "aarch64", @@ -181,33 +192,27 @@ impl Key { target_arch = "x86_64", target_arch = "x86" ))] - Implementation::VPAES_BSAES => encrypt_block!(GFp_vpaes_encrypt, a, self), + Implementation::VPAES_BSAES => encrypt_block!(vpaes_encrypt, a, self), #[cfg(not(target_arch = "aarch64"))] - Implementation::NOHW => encrypt_block!(GFp_aes_nohw_encrypt, a, self), + Implementation::NOHW => encrypt_block!(aes_nohw_encrypt, a, self), } } #[inline] pub fn encrypt_iv_xor_block(&self, iv: Iv, input: Block) -> Block { - let mut output = self.encrypt_block(Block::from(&iv.into_bytes_less_safe())); - output.bitxor_assign(input); - output + let encrypted_iv = self.encrypt_block(Block::from(iv.as_bytes_less_safe())); + encrypted_iv ^ input } #[inline] - pub(super) fn ctr32_encrypt_blocks( + pub(super) fn ctr32_encrypt_within( &self, in_out: &mut [u8], - direction: Direction, + src: RangeFrom<usize>, ctr: &mut Counter, ) { - let in_prefix_len = match direction { - Direction::Opening { in_prefix_len } => in_prefix_len, - Direction::Sealing => 0, - }; - - let in_out_len = in_out.len().checked_sub(in_prefix_len).unwrap(); + let in_out_len = in_out[src.clone()].len(); assert_eq!(in_out_len % BLOCK_LEN, 0); @@ -218,13 +223,9 @@ impl Key { target_arch = "x86_64", target_arch = "x86" ))] - Implementation::HWAES => ctr32_encrypt_blocks!( - GFp_aes_hw_ctr32_encrypt_blocks, - in_out, - in_prefix_len, - &self.inner, - ctr - ), + Implementation::HWAES => { + ctr32_encrypt_blocks!(aes_hw_ctr32_encrypt_blocks, in_out, src, &self.inner, ctr) + } #[cfg(any(target_arch = "aarch64", target_arch = "arm", target_arch = "x86_64"))] Implementation::VPAES_BSAES => { @@ -242,52 +243,39 @@ impl Key { rd_key: [0u32; 4 * (MAX_ROUNDS + 1)], rounds: 0, }; - extern "C" { - fn GFp_vpaes_encrypt_key_to_bsaes( - bsaes_key: &mut AES_KEY, - vpaes_key: &AES_KEY, - ); + prefixed_extern! { + fn vpaes_encrypt_key_to_bsaes(bsaes_key: &mut AES_KEY, vpaes_key: &AES_KEY); } unsafe { - GFp_vpaes_encrypt_key_to_bsaes(&mut bsaes_key, &self.inner); + vpaes_encrypt_key_to_bsaes(&mut bsaes_key, &self.inner); } ctr32_encrypt_blocks!( - GFp_bsaes_ctr32_encrypt_blocks, - &mut in_out[..(bsaes_in_out_len + in_prefix_len)], - in_prefix_len, + bsaes_ctr32_encrypt_blocks, + &mut in_out[src.clone()][bsaes_in_out_len..], + src.clone(), &bsaes_key, ctr ); - &mut in_out[bsaes_in_out_len..] + &mut in_out[src.clone()][bsaes_in_out_len..] } else { in_out }; - ctr32_encrypt_blocks!( - GFp_vpaes_ctr32_encrypt_blocks, - in_out, - in_prefix_len, - &self.inner, - ctr - ) + ctr32_encrypt_blocks!(vpaes_ctr32_encrypt_blocks, in_out, src, &self.inner, ctr) } #[cfg(any(target_arch = "x86"))] Implementation::VPAES_BSAES => { - super::shift::shift_full_blocks(in_out, in_prefix_len, |input| { + super::shift::shift_full_blocks(in_out, src, |input| { self.encrypt_iv_xor_block(ctr.increment(), Block::from(input)) }); } #[cfg(not(target_arch = "aarch64"))] - Implementation::NOHW => ctr32_encrypt_blocks!( - GFp_aes_nohw_ctr32_encrypt_blocks, - in_out, - in_prefix_len, - &self.inner, - ctr - ), + Implementation::NOHW => { + ctr32_encrypt_blocks!(aes_nohw_ctr32_encrypt_blocks, in_out, src, &self.inner, ctr) + } } } @@ -300,17 +288,13 @@ impl Key { out } - // TODO: use `matches!` when MSRV increases to 1.42.0 and remove this - // `#[allow(...)]` - #[allow(clippy::unknown_clippy_lints)] - #[allow(clippy::match_like_matches_macro)] #[cfg(target_arch = "x86_64")] #[must_use] pub fn is_aes_hw(&self) -> bool { - match detect_implementation(self.cpu_features) { - Implementation::HWAES => true, - _ => false, - } + matches!( + detect_implementation(self.cpu_features), + Implementation::HWAES + ) } #[cfg(target_arch = "x86_64")] @@ -335,7 +319,44 @@ pub enum Variant { AES_256, } -pub type Counter = counter::Counter<BigEndian<u32>>; +/// Nonce || Counter, all big-endian. +#[repr(transparent)] +pub(super) struct Counter([BigEndian<u32>; 4]); + +impl Counter { + pub fn one(nonce: Nonce) -> Self { + let nonce = nonce.as_ref().chunks_fixed(); + Self([nonce[0].into(), nonce[1].into(), nonce[2].into(), 1.into()]) + } + + pub fn increment(&mut self) -> Iv { + let iv = Iv(self.0); + self.increment_by_less_safe(1); + iv + } + + fn increment_by_less_safe(&mut self, increment_by: u32) { + let old_value: u32 = self.0[3].into(); + self.0[3] = (old_value + increment_by).into(); + } +} + +/// The IV for a single block encryption. +/// +/// Intentionally not `Clone` to ensure each is used only once. +pub struct Iv([BigEndian<u32>; 4]); + +impl From<Counter> for Iv { + fn from(counter: Counter) -> Self { + Self(counter.0) + } +} + +impl Iv { + pub(super) fn as_bytes_less_safe(&self) -> &[u8; 16] { + self.0.as_byte_array() + } +} #[repr(C)] // Only so `Key` can be `#[repr(C)]` #[derive(Clone, Copy)] @@ -410,7 +431,7 @@ fn detect_implementation(cpu_features: cpu::Features) -> Implementation { #[cfg(test)] mod tests { - use super::{super::BLOCK_LEN, *}; + use super::*; use crate::test; use core::convert::TryInto; diff --git a/src/aead/aes_gcm.rs b/src/aead/aes_gcm.rs index b225e76..0f7253c 100644 --- a/src/aead/aes_gcm.rs +++ b/src/aead/aes_gcm.rs @@ -14,9 +14,11 @@ use super::{ aes::{self, Counter}, - gcm, shift, Aad, Block, Direction, Nonce, Tag, BLOCK_LEN, + block::{Block, BLOCK_LEN}, + gcm, shift, Aad, Nonce, Tag, }; -use crate::{aead, cpu, endian::*, error, polyfill}; +use crate::{aead, cpu, error, polyfill}; +use core::ops::RangeFrom; /// AES-128 in GCM mode with 128-bit tags and 96 bit nonces. pub static AES_128_GCM: aead::Algorithm = aead::Algorithm { @@ -63,42 +65,79 @@ fn init( const CHUNK_BLOCKS: usize = 3 * 1024 / 16; -fn aes_gcm_seal( - key: &aead::KeyInner, - nonce: Nonce, - aad: Aad<&[u8]>, - in_out: &mut [u8], - cpu_features: cpu::Features, -) -> Tag { - aead(key, nonce, aad, in_out, Direction::Sealing, cpu_features) -} +fn aes_gcm_seal(key: &aead::KeyInner, nonce: Nonce, aad: Aad<&[u8]>, in_out: &mut [u8]) -> Tag { + let Key { aes_key, gcm_key } = match key { + aead::KeyInner::AesGcm(key) => key, + _ => unreachable!(), + }; -fn aes_gcm_open( - key: &aead::KeyInner, - nonce: Nonce, - aad: Aad<&[u8]>, - in_prefix_len: usize, - in_out: &mut [u8], - cpu_features: cpu::Features, -) -> Tag { - aead( - key, - nonce, - aad, - in_out, - Direction::Opening { in_prefix_len }, - cpu_features, - ) + let mut ctr = Counter::one(nonce); + let tag_iv = ctr.increment(); + + let total_in_out_len = in_out.len(); + let aad_len = aad.0.len(); + let mut auth = gcm::Context::new(gcm_key, aad); + + #[cfg(target_arch = "x86_64")] + let in_out = { + if !aes_key.is_aes_hw() || !auth.is_avx2() { + in_out + } else { + use crate::c; + prefixed_extern! { + fn aesni_gcm_encrypt( + input: *const u8, + output: *mut u8, + len: c::size_t, + key: &aes::AES_KEY, + ivec: &mut Counter, + gcm: &mut gcm::ContextInner, + ) -> c::size_t; + } + let processed = unsafe { + aesni_gcm_encrypt( + in_out.as_ptr(), + in_out.as_mut_ptr(), + in_out.len(), + aes_key.inner_less_safe(), + &mut ctr, + auth.inner(), + ) + }; + + &mut in_out[processed..] + } + }; + + let (whole, remainder) = { + let in_out_len = in_out.len(); + let whole_len = in_out_len - (in_out_len % BLOCK_LEN); + in_out.split_at_mut(whole_len) + }; + + for chunk in whole.chunks_mut(CHUNK_BLOCKS * BLOCK_LEN) { + aes_key.ctr32_encrypt_within(chunk, 0.., &mut ctr); + auth.update_blocks(chunk); + } + + if !remainder.is_empty() { + let mut input = Block::zero(); + input.overwrite_part_at(0, remainder); + let mut output = aes_key.encrypt_iv_xor_block(ctr.into(), input); + output.zero_from(remainder.len()); + auth.update_block(output); + remainder.copy_from_slice(&output.as_ref()[..remainder.len()]); + } + + finish(aes_key, auth, tag_iv, aad_len, total_in_out_len) } -#[inline(always)] // Avoid branching on `direction`. -fn aead( +fn aes_gcm_open( key: &aead::KeyInner, nonce: Nonce, aad: Aad<&[u8]>, in_out: &mut [u8], - direction: Direction, - cpu_features: cpu::Features, + src: RangeFrom<usize>, ) -> Tag { let Key { aes_key, gcm_key } = match key { aead::KeyInner::AesGcm(key) => key, @@ -109,27 +148,48 @@ fn aead( let tag_iv = ctr.increment(); let aad_len = aad.0.len(); - let mut gcm_ctx = gcm::Context::new(gcm_key, aad, cpu_features); + let mut auth = gcm::Context::new(gcm_key, aad); - let in_prefix_len = match direction { - Direction::Opening { in_prefix_len } => in_prefix_len, - Direction::Sealing => 0, - }; + let in_prefix_len = src.start; let total_in_out_len = in_out.len() - in_prefix_len; - let in_out = integrated_aes_gcm( - aes_key, - &mut gcm_ctx, - in_out, - &mut ctr, - direction, - cpu_features, - ); - let in_out_len = in_out.len() - in_prefix_len; - - // Process any (remaining) whole blocks. - let whole_len = in_out_len - (in_out_len % BLOCK_LEN); + #[cfg(target_arch = "x86_64")] + let in_out = { + if !aes_key.is_aes_hw() || !auth.is_avx2() { + in_out + } else { + use crate::c; + + prefixed_extern! { + fn aesni_gcm_decrypt( + input: *const u8, + output: *mut u8, + len: c::size_t, + key: &aes::AES_KEY, + ivec: &mut Counter, + gcm: &mut gcm::ContextInner, + ) -> c::size_t; + } + + let processed = unsafe { + aesni_gcm_decrypt( + in_out[src.clone()].as_ptr(), + in_out.as_mut_ptr(), + in_out.len() - src.start, + aes_key.inner_less_safe(), + &mut ctr, + auth.inner(), + ) + }; + &mut in_out[processed..] + } + }; + + let whole_len = { + let in_out_len = in_out.len() - in_prefix_len; + in_out_len - (in_out_len % BLOCK_LEN) + }; { let mut chunk_len = CHUNK_BLOCKS * BLOCK_LEN; let mut output = 0; @@ -142,138 +202,48 @@ fn aead( break; } - if let Direction::Opening { .. } = direction { - gcm_ctx.update_blocks(&in_out[input..][..chunk_len]); - } - - aes_key.ctr32_encrypt_blocks( + auth.update_blocks(&in_out[input..][..chunk_len]); + aes_key.ctr32_encrypt_within( &mut in_out[output..][..(chunk_len + in_prefix_len)], - direction, + in_prefix_len.., &mut ctr, ); - - if let Direction::Sealing = direction { - gcm_ctx.update_blocks(&in_out[output..][..chunk_len]); - } - output += chunk_len; input += chunk_len; } } - // Process any remaining partial block. let remainder = &mut in_out[whole_len..]; shift::shift_partial((in_prefix_len, remainder), |remainder| { let mut input = Block::zero(); input.overwrite_part_at(0, remainder); - if let Direction::Opening { .. } = direction { - gcm_ctx.update_block(input); - } - let mut output = aes_key.encrypt_iv_xor_block(ctr.into(), input); - if let Direction::Sealing = direction { - output.zero_from(remainder.len()); - gcm_ctx.update_block(output); - } - output + auth.update_block(input); + aes_key.encrypt_iv_xor_block(ctr.into(), input) }); + finish(aes_key, auth, tag_iv, aad_len, total_in_out_len) +} + +fn finish( + aes_key: &aes::Key, + mut gcm_ctx: gcm::Context, + tag_iv: aes::Iv, + aad_len: usize, + in_out_len: usize, +) -> Tag { // Authenticate the final block containing the input lengths. let aad_bits = polyfill::u64_from_usize(aad_len) << 3; - let ciphertext_bits = polyfill::u64_from_usize(total_in_out_len) << 3; - gcm_ctx.update_block(Block::from_u64_be( - BigEndian::from(aad_bits), - BigEndian::from(ciphertext_bits), - )); + let ciphertext_bits = polyfill::u64_from_usize(in_out_len) << 3; + gcm_ctx.update_block(Block::from([aad_bits, ciphertext_bits])); // Finalize the tag and return it. gcm_ctx.pre_finish(|pre_tag| { - let bytes = tag_iv.into_bytes_less_safe(); - let mut tag = aes_key.encrypt_block(Block::from(&bytes)); - tag.bitxor_assign(pre_tag.into()); + let encrypted_iv = aes_key.encrypt_block(Block::from(tag_iv.as_bytes_less_safe())); + let tag = pre_tag ^ encrypted_iv; Tag(*tag.as_ref()) }) } -// Returns the data that wasn't processed. -#[cfg(target_arch = "x86_64")] -#[inline] // Optimize out the match on `direction`. -fn integrated_aes_gcm<'a>( - aes_key: &aes::Key, - gcm_ctx: &mut gcm::Context, - in_out: &'a mut [u8], - ctr: &mut Counter, - direction: Direction, - cpu_features: cpu::Features, -) -> &'a mut [u8] { - use crate::c; - - if !aes_key.is_aes_hw() || !gcm_ctx.is_avx2(cpu_features) { - return in_out; - } - - let processed = match direction { - Direction::Opening { in_prefix_len } => { - extern "C" { - fn GFp_aesni_gcm_decrypt( - input: *const u8, - output: *mut u8, - len: c::size_t, - key: &aes::AES_KEY, - ivec: &mut Counter, - gcm: &mut gcm::ContextInner, - ) -> c::size_t; - } - unsafe { - GFp_aesni_gcm_decrypt( - in_out[in_prefix_len..].as_ptr(), - in_out.as_mut_ptr(), - in_out.len() - in_prefix_len, - aes_key.inner_less_safe(), - ctr, - gcm_ctx.inner(), - ) - } - } - Direction::Sealing => { - extern "C" { - fn GFp_aesni_gcm_encrypt( - input: *const u8, - output: *mut u8, - len: c::size_t, - key: &aes::AES_KEY, - ivec: &mut Counter, - gcm: &mut gcm::ContextInner, - ) -> c::size_t; - } - unsafe { - GFp_aesni_gcm_encrypt( - in_out.as_ptr(), - in_out.as_mut_ptr(), - in_out.len(), - aes_key.inner_less_safe(), - ctr, - gcm_ctx.inner(), - ) - } - } - }; - - &mut in_out[processed..] -} - -#[cfg(not(target_arch = "x86_64"))] -#[inline] -fn integrated_aes_gcm<'a>( - _: &aes::Key, - _: &mut gcm::Context, - in_out: &'a mut [u8], - _: &mut Counter, - _: Direction, - _: cpu::Features, -) -> &'a mut [u8] { - in_out // This doesn't process any of the input so it all remains. -} - const AES_GCM_MAX_INPUT_LEN: u64 = super::max_input_len(BLOCK_LEN, 2); #[cfg(test)] diff --git a/src/aead/block.rs b/src/aead/block.rs index 157f8ad..bab9d2d 100644 --- a/src/aead/block.rs +++ b/src/aead/block.rs @@ -13,48 +13,18 @@ // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. use crate::{endian::*, polyfill}; +use core::ops::{BitXor, BitXorAssign}; -/// An array of 16 bytes that can (in the x86_64 and AAarch64 ABIs, at least) -/// be efficiently passed by value and returned by value (i.e. in registers), -/// and which meets the alignment requirements of `u32` and `u64` (at least) -/// for the target. -#[repr(C)] +#[repr(transparent)] #[derive(Copy, Clone)] -pub struct Block { - subblocks: [u64; 2], -} +pub struct Block([BigEndian<u64>; 2]); pub const BLOCK_LEN: usize = 16; impl Block { #[inline] pub fn zero() -> Self { - Self { subblocks: [0, 0] } - } - - // TODO: Remove this. - #[inline] - pub fn from_u64_le(first: LittleEndian<u64>, second: LittleEndian<u64>) -> Self { - #[allow(deprecated)] - Self { - subblocks: [first.into_raw_value(), second.into_raw_value()], - } - } - - // TODO: Remove this. - #[inline] - pub fn from_u64_be(first: BigEndian<u64>, second: BigEndian<u64>) -> Self { - #[allow(deprecated)] - Self { - subblocks: [first.into_raw_value(), second.into_raw_value()], - } - } - - pub fn u64s_be_to_native(&self) -> [u64; 2] { - [ - u64::from_be(self.subblocks[0]), - u64::from_be(self.subblocks[1]), - ] + Self([Encoding::ZERO; 2]) } #[inline] @@ -70,53 +40,52 @@ impl Block { polyfill::slice::fill(&mut tmp[index..], 0); *self = Self::from(&tmp) } +} + +impl From<[u64; 2]> for Block { + #[inline] + fn from(other: [u64; 2]) -> Self { + Self([other[0].into(), other[1].into()]) + } +} +impl Into<[u64; 2]> for Block { #[inline] - pub fn bitxor_assign(&mut self, a: Block) { - for (r, a) in self.subblocks.iter_mut().zip(a.subblocks.iter()) { + fn into(self) -> [u64; 2] { + [self.0[0].into(), self.0[1].into()] + } +} + +impl BitXorAssign for Block { + #[inline] + fn bitxor_assign(&mut self, a: Self) { + for (r, a) in self.0.iter_mut().zip(a.0.iter()) { *r ^= *a; } } } +impl BitXor for Block { + type Output = Self; + + #[inline] + fn bitxor(self, a: Self) -> Self { + let mut r = self; + r.bitxor_assign(a); + r + } +} + impl From<&'_ [u8; BLOCK_LEN]> for Block { #[inline] fn from(bytes: &[u8; BLOCK_LEN]) -> Self { - unsafe { core::mem::transmute_copy(bytes) } + Self(FromByteArray::from_byte_array(bytes)) } } impl AsRef<[u8; BLOCK_LEN]> for Block { - #[allow(clippy::transmute_ptr_to_ptr)] #[inline] fn as_ref(&self) -> &[u8; BLOCK_LEN] { - unsafe { core::mem::transmute(self) } - } -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn test_bitxor_assign() { - const ONES: u64 = -1i64 as u64; - const TEST_CASES: &[([u64; 2], [u64; 2], [u64; 2])] = &[ - ([0, 0], [0, 0], [0, 0]), - ([0, 0], [ONES, ONES], [ONES, ONES]), - ([0, ONES], [ONES, 0], [ONES, ONES]), - ([ONES, 0], [0, ONES], [ONES, ONES]), - ([ONES, ONES], [ONES, ONES], [0, 0]), - ]; - for (expected_result, a, b) in TEST_CASES { - let mut r = Block::from_u64_le(a[0].into(), a[1].into()); - r.bitxor_assign(Block::from_u64_le(b[0].into(), b[1].into())); - assert_eq!(*expected_result, r.subblocks); - - // XOR is symmetric. - let mut r = Block::from_u64_le(b[0].into(), b[1].into()); - r.bitxor_assign(Block::from_u64_le(a[0].into(), a[1].into())); - assert_eq!(*expected_result, r.subblocks); - } + self.0.as_byte_array() } } diff --git a/src/aead/chacha.rs b/src/aead/chacha.rs index 668c41d..e1c62f5 100644 --- a/src/aead/chacha.rs +++ b/src/aead/chacha.rs @@ -13,42 +13,56 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -use super::{counter, iv::Iv, quic::Sample, BLOCK_LEN}; -use crate::{c, endian::*}; +use super::{quic::Sample, Nonce}; +use crate::{ + cpu, + polyfill::{array_map::Map, ChunksFixed}, +}; -#[repr(transparent)] -pub struct Key([LittleEndian<u32>; KEY_LEN / 4]); +#[cfg(any( + test, + not(any( + target_arch = "aarch64", + target_arch = "arm", + target_arch = "x86", + target_arch = "x86_64" + )) +))] +mod fallback; -impl From<[u8; KEY_LEN]> for Key { - #[inline] - fn from(value: [u8; KEY_LEN]) -> Self { - Self(FromByteArray::from_byte_array(&value)) +use core::ops::RangeFrom; + +pub struct Key { + words: [u32; KEY_LEN / 4], + cpu_features: cpu::Features, +} + +impl Key { + pub(super) fn new(value: [u8; KEY_LEN], cpu_features: cpu::Features) -> Self { + let value: &[[u8; 4]; KEY_LEN / 4] = value.chunks_fixed(); + Self { + words: value.array_map(u32::from_le_bytes), + cpu_features, + } + } + + pub(super) fn cpu_features(&self) -> cpu::Features { + self.cpu_features } } impl Key { - #[inline] // Optimize away match on `counter`. + #[inline] pub fn encrypt_in_place(&self, counter: Counter, in_out: &mut [u8]) { - unsafe { - self.encrypt( - CounterOrIv::Counter(counter), - in_out.as_ptr(), - in_out.len(), - in_out.as_mut_ptr(), - ); - } + self.encrypt_less_safe(counter, in_out, 0..); } - #[inline] // Optimize away match on `iv` and length check. - pub fn encrypt_iv_xor_blocks_in_place(&self, iv: Iv, in_out: &mut [u8; 2 * BLOCK_LEN]) { - unsafe { - self.encrypt( - CounterOrIv::Iv(iv), - in_out.as_ptr(), - in_out.len(), - in_out.as_mut_ptr(), - ); - } + #[inline] + pub fn encrypt_iv_xor_in_place(&self, iv: Iv, in_out: &mut [u8; 32]) { + // It is safe to use `into_counter_for_single_block_less_safe()` + // because `in_out` is exactly one block long. + debug_assert!(in_out.len() <= BLOCK_LEN); + self.encrypt_less_safe(iv.into_counter_for_single_block_less_safe(), in_out, 0..); } #[inline] @@ -56,135 +70,224 @@ impl Key { let mut out: [u8; 5] = [0; 5]; let iv = Iv::assume_unique_for_key(sample); - unsafe { - self.encrypt( - CounterOrIv::Iv(iv), - out.as_ptr(), - out.len(), - out.as_mut_ptr(), - ); - } + debug_assert!(out.len() <= BLOCK_LEN); + self.encrypt_less_safe(iv.into_counter_for_single_block_less_safe(), &mut out, 0..); out } - pub fn encrypt_overlapping(&self, counter: Counter, in_out: &mut [u8], in_prefix_len: usize) { + /// Analogous to `slice::copy_within()`. + pub fn encrypt_within(&self, counter: Counter, in_out: &mut [u8], src: RangeFrom<usize>) { // XXX: The x86 and at least one branch of the ARM assembly language // code doesn't allow overlapping input and output unless they are // exactly overlapping. TODO: Figure out which branch of the ARM code // has this limitation and come up with a better solution. // // https://rt.openssl.org/Ticket/Display.html?id=4362 - let len = in_out.len() - in_prefix_len; - if cfg!(any(target_arch = "arm", target_arch = "x86")) && in_prefix_len != 0 { - in_out.copy_within(in_prefix_len.., 0); + if cfg!(any(target_arch = "arm", target_arch = "x86")) && src.start != 0 { + let len = in_out.len() - src.start; + in_out.copy_within(src, 0); self.encrypt_in_place(counter, &mut in_out[..len]); } else { + self.encrypt_less_safe(counter, in_out, src); + } + } + + /// This is "less safe" because it skips the important check that `encrypt_within` does. + /// Only call this with `src` equal to `0..` or from `encrypt_within`. + #[inline] + fn encrypt_less_safe(&self, counter: Counter, in_out: &mut [u8], src: RangeFrom<usize>) { + #[cfg(any( + target_arch = "aarch64", + target_arch = "arm", + target_arch = "x86", + target_arch = "x86_64" + ))] + #[inline(always)] + pub(super) fn ChaCha20_ctr32( + key: &Key, + counter: Counter, + in_out: &mut [u8], + src: RangeFrom<usize>, + ) { + let in_out_len = in_out.len().checked_sub(src.start).unwrap(); + + // There's no need to worry if `counter` is incremented because it is + // owned here and we drop immediately after the call. + prefixed_extern! { + fn ChaCha20_ctr32( + out: *mut u8, + in_: *const u8, + in_len: crate::c::size_t, + key: &[u32; KEY_LEN / 4], + counter: &Counter, + ); + } unsafe { - self.encrypt( - CounterOrIv::Counter(counter), - in_out[in_prefix_len..].as_ptr(), - len, + ChaCha20_ctr32( in_out.as_mut_ptr(), - ); + in_out[src].as_ptr(), + in_out_len, + key.words_less_safe(), + &counter, + ) } } + + #[cfg(not(any( + target_arch = "aarch64", + target_arch = "arm", + target_arch = "x86", + target_arch = "x86_64" + )))] + use fallback::ChaCha20_ctr32; + + ChaCha20_ctr32(self, counter, in_out, src); } - #[inline] // Optimize away match on `counter.` - unsafe fn encrypt( - &self, - counter: CounterOrIv, - input: *const u8, - in_out_len: usize, - output: *mut u8, - ) { - let iv = match counter { - CounterOrIv::Counter(counter) => counter.into(), - CounterOrIv::Iv(iv) => { - assert!(in_out_len <= 32); - iv - } - }; + #[inline] + pub(super) fn words_less_safe(&self) -> &[u32; KEY_LEN / 4] { + &self.words + } +} - /// XXX: Although this takes an `Iv`, this actually uses it like a - /// `Counter`. - extern "C" { - fn GFp_ChaCha20_ctr32( - out: *mut u8, - in_: *const u8, - in_len: c::size_t, - key: &Key, - first_iv: &Iv, - ); - } +/// Counter || Nonce, all native endian. +#[repr(transparent)] +pub struct Counter([u32; 4]); - GFp_ChaCha20_ctr32(output, input, in_out_len, self, &iv); +impl Counter { + pub fn zero(nonce: Nonce) -> Self { + Self::from_nonce_and_ctr(nonce, 0) } - #[cfg(target_arch = "x86_64")] - #[inline] - pub(super) fn words_less_safe(&self) -> &[LittleEndian<u32>; KEY_LEN / 4] { - &self.0 + fn from_nonce_and_ctr(nonce: Nonce, ctr: u32) -> Self { + let nonce = nonce.as_ref().chunks_fixed(); + Self([ + ctr, + u32::from_le_bytes(nonce[0]), + u32::from_le_bytes(nonce[1]), + u32::from_le_bytes(nonce[2]), + ]) + } + + pub fn increment(&mut self) -> Iv { + let iv = Iv(self.0); + self.0[0] += 1; + iv + } + + /// This is "less safe" because it hands off management of the counter to + /// the caller. + #[cfg(any( + test, + not(any( + target_arch = "aarch64", + target_arch = "arm", + target_arch = "x86", + target_arch = "x86_64" + )) + ))] + fn into_words_less_safe(self) -> [u32; 4] { + self.0 } } -pub type Counter = counter::Counter<LittleEndian<u32>>; +/// The IV for a single block encryption. +/// +/// Intentionally not `Clone` to ensure each is used only once. +pub struct Iv([u32; 4]); -enum CounterOrIv { - Counter(Counter), - Iv(Iv), +impl Iv { + fn assume_unique_for_key(value: [u8; 16]) -> Self { + let value: &[[u8; 4]; 4] = value.chunks_fixed(); + Self(value.array_map(u32::from_le_bytes)) + } + + fn into_counter_for_single_block_less_safe(self) -> Counter { + Counter(self.0) + } } -const KEY_BLOCKS: usize = 2; -pub const KEY_LEN: usize = KEY_BLOCKS * BLOCK_LEN; +pub const KEY_LEN: usize = 32; + +const BLOCK_LEN: usize = 64; #[cfg(test)] mod tests { use super::*; - use crate::test; + use crate::{polyfill, test}; use alloc::vec; use core::convert::TryInto; - // This verifies the encryption functionality provided by ChaCha20_ctr32 - // is successful when either computed on disjoint input/output buffers, - // or on overlapping input/output buffers. On some branches of the 32-bit - // x86 and ARM code the in-place operation fails in some situations where - // the input/output buffers are not exactly overlapping. Such failures are - // dependent not only on the degree of overlapping but also the length of - // the data. `open()` works around that by moving the input data to the - // output location so that the buffers exactly overlap, for those targets. - // This test exists largely as a canary for detecting if/when that type of - // problem spreads to other platforms. + const MAX_ALIGNMENT_AND_OFFSET: (usize, usize) = (15, 259); + const MAX_ALIGNMENT_AND_OFFSET_SUBSET: (usize, usize) = + if cfg!(any(debug_assertions = "false", feature = "slow_tests")) { + MAX_ALIGNMENT_AND_OFFSET + } else { + (0, 0) + }; + #[test] - pub fn chacha20_tests() { - test::run(test_file!("chacha_tests.txt"), |section, test_case| { + fn chacha20_test_default() { + // Always use `MAX_OFFSET` if we hav assembly code. + let max_offset = if cfg!(any( + target_arch = "aarch64", + target_arch = "arm", + target_arch = "x86", + target_arch = "x86_64" + )) { + MAX_ALIGNMENT_AND_OFFSET + } else { + MAX_ALIGNMENT_AND_OFFSET_SUBSET + }; + chacha20_test(max_offset, Key::encrypt_within); + } + + // Smoketest the fallback implementation. + #[test] + fn chacha20_test_fallback() { + chacha20_test(MAX_ALIGNMENT_AND_OFFSET_SUBSET, fallback::ChaCha20_ctr32); + } + + // Verifies the encryption is successful when done on overlapping buffers. + // + // On some branches of the 32-bit x86 and ARM assembly code the in-place + // operation fails in some situations where the input/output buffers are + // not exactly overlapping. Such failures are dependent not only on the + // degree of overlapping but also the length of the data. `encrypt_within` + // works around that. + fn chacha20_test( + max_alignment_and_offset: (usize, usize), + f: impl for<'k, 'i> Fn(&'k Key, Counter, &'i mut [u8], RangeFrom<usize>), + ) { + // Reuse a buffer to avoid slowing down the tests with allocations. + let mut buf = vec![0u8; 1300]; + + test::run(test_file!("chacha_tests.txt"), move |section, test_case| { assert_eq!(section, ""); let key = test_case.consume_bytes("Key"); let key: &[u8; KEY_LEN] = key.as_slice().try_into()?; - let key = Key::from(*key); + let key = Key::new(*key, cpu::features()); let ctr = test_case.consume_usize("Ctr"); let nonce = test_case.consume_bytes("Nonce"); let input = test_case.consume_bytes("Input"); let output = test_case.consume_bytes("Output"); - // Pre-allocate buffer for use in test_cases. - let mut in_out_buf = vec![0u8; input.len() + 276]; - // Run the test case over all prefixes of the input because the // behavior of ChaCha20 implementation changes dependent on the // length of the input. - for len in 0..(input.len() + 1) { + for len in 0..=input.len() { chacha20_test_case_inner( &key, &nonce, ctr as u32, &input[..len], &output[..len], - len, - &mut in_out_buf, + &mut buf, + max_alignment_and_offset, + &f, ); } @@ -198,37 +301,27 @@ mod tests { ctr: u32, input: &[u8], expected: &[u8], - len: usize, - in_out_buf: &mut [u8], + buf: &mut [u8], + (max_alignment, max_offset): (usize, usize), + f: &impl for<'k, 'i> Fn(&'k Key, Counter, &'i mut [u8], RangeFrom<usize>), ) { - // Straightforward encryption into disjoint buffers is computed - // correctly. - unsafe { - key.encrypt( - CounterOrIv::Counter(Counter::from_test_vector(nonce, ctr)), - input[..len].as_ptr(), - len, - in_out_buf.as_mut_ptr(), - ); - } - assert_eq!(&in_out_buf[..len], expected); + const ARBITRARY: u8 = 123; - // Do not test offset buffers for x86 and ARM architectures (see above - // for rationale). - let max_offset = if cfg!(any(target_arch = "x86", target_arch = "arm")) { - 0 - } else { - 259 - }; + for alignment in 0..=max_alignment { + polyfill::slice::fill(&mut buf[..alignment], ARBITRARY); + let buf = &mut buf[alignment..]; + for offset in 0..=max_offset { + let buf = &mut buf[..(offset + input.len())]; + polyfill::slice::fill(&mut buf[..offset], ARBITRARY); + let src = offset..; + buf[src.clone()].copy_from_slice(input); - // Check that in-place encryption works successfully when the pointers - // to the input/output buffers are (partially) overlapping. - for alignment in 0..16 { - for offset in 0..(max_offset + 1) { - in_out_buf[alignment + offset..][..len].copy_from_slice(input); - let ctr = Counter::from_test_vector(nonce, ctr); - key.encrypt_overlapping(ctr, &mut in_out_buf[alignment..], offset); - assert_eq!(&in_out_buf[alignment..][..len], expected); + let ctr = Counter::from_nonce_and_ctr( + Nonce::try_assume_unique_for_key(nonce).unwrap(), + ctr, + ); + f(key, ctr, buf, src); + assert_eq!(&buf[..input.len()], expected) } } } diff --git a/src/aead/chacha/fallback.rs b/src/aead/chacha/fallback.rs new file mode 100644 index 0000000..9e3fff1 --- /dev/null +++ b/src/aead/chacha/fallback.rs @@ -0,0 +1,103 @@ +// Copyright 2021 Brian Smith. +// Portions Copyright (c) 2014, Google Inc. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +// Adapted from the public domain, estream code by D. Bernstein. +// Adapted from the BoringSSL crypto/chacha/chacha.c. + +use super::{Counter, Key, BLOCK_LEN}; +use crate::polyfill::ChunksFixedMut; +use core::ops::RangeFrom; + +pub(super) fn ChaCha20_ctr32( + key: &Key, + counter: Counter, + in_out: &mut [u8], + src: RangeFrom<usize>, +) { + const SIGMA: [u32; 4] = [ + u32::from_le_bytes(*b"expa"), + u32::from_le_bytes(*b"nd 3"), + u32::from_le_bytes(*b"2-by"), + u32::from_le_bytes(*b"te k"), + ]; + + let key = key.words_less_safe(); + let counter = counter.into_words_less_safe(); + + let mut state = [ + SIGMA[0], SIGMA[1], SIGMA[2], SIGMA[3], key[0], key[1], key[2], key[3], key[4], key[5], + key[6], key[7], counter[0], counter[1], counter[2], counter[3], + ]; + + let mut in_out_len = in_out.len().checked_sub(src.start).unwrap(); + let mut input = in_out[src].as_ptr(); + let mut output = in_out.as_mut_ptr(); + + let mut buf = [0u8; BLOCK_LEN]; + while in_out_len > 0 { + chacha_core(&mut buf, &state); + state[12] += 1; + + let todo = core::cmp::min(BLOCK_LEN, in_out_len); + for i in 0..todo { + let input = unsafe { *input.add(i) }; + let b = input ^ buf[i]; + unsafe { *output.add(i) = b }; + } + + in_out_len -= todo; + input = unsafe { input.add(todo) }; + output = unsafe { output.add(todo) }; + } +} + +// Performs 20 rounds of ChaCha on `input`, storing the result in `output`. +#[inline(always)] +fn chacha_core(output: &mut [u8; BLOCK_LEN], input: &State) { + let mut x = *input; + + for _ in (0..20).step_by(2) { + quarterround(&mut x, 0, 4, 8, 12); + quarterround(&mut x, 1, 5, 9, 13); + quarterround(&mut x, 2, 6, 10, 14); + quarterround(&mut x, 3, 7, 11, 15); + quarterround(&mut x, 0, 5, 10, 15); + quarterround(&mut x, 1, 6, 11, 12); + quarterround(&mut x, 2, 7, 8, 13); + quarterround(&mut x, 3, 4, 9, 14); + } + + for (x, input) in x.iter_mut().zip(input.iter()) { + *x = x.wrapping_add(*input); + } + + for (output, &x) in ChunksFixedMut::<[u8; 4]>::chunks_fixed_mut(output).zip(x.iter()) { + *output = u32::to_le_bytes(x) + } +} + +#[inline(always)] +fn quarterround(x: &mut State, a: usize, b: usize, c: usize, d: usize) { + #[inline(always)] + fn step(x: &mut State, a: usize, b: usize, c: usize, rotation: u32) { + x[a] = x[a].wrapping_add(x[b]); + x[c] = (x[c] ^ x[a]).rotate_left(rotation); + } + step(x, a, b, d, 16); + step(x, c, d, b, 12); + step(x, a, b, d, 8); + step(x, c, d, b, 7); +} + +type State = [u32; BLOCK_LEN / 4]; diff --git a/src/aead/chacha20_poly1305.rs b/src/aead/chacha20_poly1305.rs index 497d760..deb1a09 100644 --- a/src/aead/chacha20_poly1305.rs +++ b/src/aead/chacha20_poly1305.rs @@ -13,12 +13,11 @@ // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. use super::{ - chacha::{self, Counter}, - iv::Iv, - poly1305, Aad, Block, Direction, Nonce, Tag, BLOCK_LEN, + chacha::{self, Counter, Iv}, + poly1305, Aad, Nonce, Tag, }; use crate::{aead, cpu, endian::*, error, polyfill}; -use core::convert::TryInto; +use core::{convert::TryInto, ops::RangeFrom}; /// ChaCha20-Poly1305 as described in [RFC 7539]. /// @@ -37,10 +36,13 @@ pub static CHACHA20_POLY1305: aead::Algorithm = aead::Algorithm { /// Copies |key| into |ctx_buf|. fn chacha20_poly1305_init( key: &[u8], - _todo: cpu::Features, + cpu_features: cpu::Features, ) -> Result<aead::KeyInner, error::Unspecified> { let key: [u8; chacha::KEY_LEN] = key.try_into()?; - Ok(aead::KeyInner::ChaCha20Poly1305(chacha::Key::from(key))) + Ok(aead::KeyInner::ChaCha20Poly1305(chacha::Key::new( + key, + cpu_features, + ))) } fn chacha20_poly1305_seal( @@ -48,16 +50,15 @@ fn chacha20_poly1305_seal( nonce: Nonce, aad: Aad<&[u8]>, in_out: &mut [u8], - cpu_features: cpu::Features, ) -> Tag { - let key = match key { + let chacha20_key = match key { aead::KeyInner::ChaCha20Poly1305(key) => key, _ => unreachable!(), }; #[cfg(target_arch = "x86_64")] { - if cpu::intel::SSE41.available(cpu_features) { + if cpu::intel::SSE41.available(chacha20_key.cpu_features()) { // XXX: BoringSSL uses `alignas(16)` on `key` instead of on the // structure, but Rust can't do that yet; see // https://github.com/rust-lang/rust/issues/73557. @@ -67,7 +68,7 @@ fn chacha20_poly1305_seal( #[repr(align(16), C)] #[derive(Clone, Copy)] struct seal_data_in { - key: [u8; chacha::KEY_LEN], + key: [u32; chacha::KEY_LEN / 4], counter: u32, nonce: [u8; super::NONCE_LEN], extra_ciphertext: *const u8, @@ -76,7 +77,7 @@ fn chacha20_poly1305_seal( let mut data = InOut { input: seal_data_in { - key: *key.words_less_safe().as_byte_array(), + key: *chacha20_key.words_less_safe(), counter: 0, nonce: *nonce.as_ref(), extra_ciphertext: core::ptr::null(), @@ -85,8 +86,8 @@ fn chacha20_poly1305_seal( }; // Encrypts `plaintext_len` bytes from `plaintext` and writes them to `out_ciphertext`. - extern "C" { - fn GFp_chacha20_poly1305_seal( + prefixed_extern! { + fn chacha20_poly1305_seal( out_ciphertext: *mut u8, plaintext: *const u8, plaintext_len: usize, @@ -97,7 +98,7 @@ fn chacha20_poly1305_seal( } let out = unsafe { - GFp_chacha20_poly1305_seal( + chacha20_poly1305_seal( in_out.as_mut_ptr(), in_out.as_ptr(), in_out.len(), @@ -112,25 +113,33 @@ fn chacha20_poly1305_seal( } } - aead(key, nonce, aad, in_out, Direction::Sealing, cpu_features) + let mut counter = Counter::zero(nonce); + let mut auth = { + let key = derive_poly1305_key(chacha20_key, counter.increment()); + poly1305::Context::from_key(key) + }; + + poly1305_update_padded_16(&mut auth, aad.as_ref()); + chacha20_key.encrypt_in_place(counter, in_out); + poly1305_update_padded_16(&mut auth, in_out); + finish(auth, aad.as_ref().len(), in_out.len()) } fn chacha20_poly1305_open( key: &aead::KeyInner, nonce: Nonce, aad: Aad<&[u8]>, - in_prefix_len: usize, in_out: &mut [u8], - cpu_features: cpu::Features, + src: RangeFrom<usize>, ) -> Tag { - let key = match key { + let chacha20_key = match key { aead::KeyInner::ChaCha20Poly1305(key) => key, _ => unreachable!(), }; #[cfg(target_arch = "x86_64")] { - if cpu::intel::SSE41.available(cpu_features) { + if cpu::intel::SSE41.available(chacha20_key.cpu_features()) { // XXX: BoringSSL uses `alignas(16)` on `key` instead of on the // structure, but Rust can't do that yet; see // https://github.com/rust-lang/rust/issues/73557. @@ -140,22 +149,22 @@ fn chacha20_poly1305_open( #[derive(Copy, Clone)] #[repr(align(16), C)] struct open_data_in { - key: [u8; chacha::KEY_LEN], + key: [u32; chacha::KEY_LEN / 4], counter: u32, nonce: [u8; super::NONCE_LEN], } let mut data = InOut { input: open_data_in { - key: *key.words_less_safe().as_byte_array(), + key: *chacha20_key.words_less_safe(), counter: 0, nonce: *nonce.as_ref(), }, }; // Decrypts `plaintext_len` bytes from `ciphertext` and writes them to `out_plaintext`. - extern "C" { - fn GFp_chacha20_poly1305_open( + prefixed_extern! { + fn chacha20_poly1305_open( out_plaintext: *mut u8, ciphertext: *const u8, plaintext_len: usize, @@ -166,10 +175,10 @@ fn chacha20_poly1305_open( } let out = unsafe { - GFp_chacha20_poly1305_open( + chacha20_poly1305_open( in_out.as_mut_ptr(), - in_out.as_ptr().add(in_prefix_len), - in_out.len() - in_prefix_len, + in_out.as_ptr().add(src.start), + in_out.len() - src.start, aad.as_ref().as_ptr(), aad.as_ref().len(), &mut data, @@ -181,14 +190,27 @@ fn chacha20_poly1305_open( } } - aead( - key, - nonce, - aad, - in_out, - Direction::Opening { in_prefix_len }, - cpu_features, - ) + let mut counter = Counter::zero(nonce); + let mut auth = { + let key = derive_poly1305_key(chacha20_key, counter.increment()); + poly1305::Context::from_key(key) + }; + + poly1305_update_padded_16(&mut auth, aad.as_ref()); + poly1305_update_padded_16(&mut auth, &in_out[src.clone()]); + chacha20_key.encrypt_within(counter, in_out, src.clone()); + finish(auth, aad.as_ref().len(), in_out[src].len()) +} + +fn finish(mut auth: poly1305::Context, aad_len: usize, in_out_len: usize) -> Tag { + auth.update( + [ + LittleEndian::from(polyfill::u64_from_usize(aad_len)), + LittleEndian::from(polyfill::u64_from_usize(in_out_len)), + ] + .as_byte_array(), + ); + auth.finish() } pub type Key = chacha::Key; @@ -216,69 +238,23 @@ struct Out { tag: [u8; super::TAG_LEN], } -#[inline(always)] // Statically eliminate branches on `direction`. -fn aead( - chacha20_key: &Key, - nonce: Nonce, - Aad(aad): Aad<&[u8]>, - in_out: &mut [u8], - direction: Direction, - cpu_features: cpu::Features, -) -> Tag { - let mut counter = Counter::zero(nonce); - let mut ctx = { - let key = derive_poly1305_key(chacha20_key, counter.increment(), cpu_features); - poly1305::Context::from_key(key) - }; - - poly1305_update_padded_16(&mut ctx, aad); - - let in_out_len = match direction { - Direction::Opening { in_prefix_len } => { - poly1305_update_padded_16(&mut ctx, &in_out[in_prefix_len..]); - chacha20_key.encrypt_overlapping(counter, in_out, in_prefix_len); - in_out.len() - in_prefix_len - } - Direction::Sealing => { - chacha20_key.encrypt_in_place(counter, in_out); - poly1305_update_padded_16(&mut ctx, in_out); - in_out.len() - } - }; - - ctx.update( - Block::from_u64_le( - LittleEndian::from(polyfill::u64_from_usize(aad.len())), - LittleEndian::from(polyfill::u64_from_usize(in_out_len)), - ) - .as_ref(), - ); - ctx.finish() -} - #[inline] fn poly1305_update_padded_16(ctx: &mut poly1305::Context, input: &[u8]) { - let remainder_len = input.len() % BLOCK_LEN; - let whole_len = input.len() - remainder_len; - if whole_len > 0 { - ctx.update(&input[..whole_len]); - } - if remainder_len > 0 { - let mut block = Block::zero(); - block.overwrite_part_at(0, &input[whole_len..]); - ctx.update(block.as_ref()) + if input.len() > 0 { + ctx.update(input); + let remainder_len = input.len() % poly1305::BLOCK_LEN; + if remainder_len != 0 { + const ZEROES: [u8; poly1305::BLOCK_LEN] = [0; poly1305::BLOCK_LEN]; + ctx.update(&ZEROES[..(poly1305::BLOCK_LEN - remainder_len)]) + } } } // Also used by chacha20_poly1305_openssh. -pub(super) fn derive_poly1305_key( - chacha_key: &chacha::Key, - iv: Iv, - cpu_features: cpu::Features, -) -> poly1305::Key { - let mut key_bytes = [0u8; 2 * BLOCK_LEN]; - chacha_key.encrypt_iv_xor_blocks_in_place(iv, &mut key_bytes); - poly1305::Key::new(key_bytes, cpu_features) +pub(super) fn derive_poly1305_key(chacha_key: &chacha::Key, iv: Iv) -> poly1305::Key { + let mut key_bytes = [0u8; poly1305::KEY_LEN]; + chacha_key.encrypt_iv_xor_in_place(iv, &mut key_bytes); + poly1305::Key::new(key_bytes, chacha_key.cpu_features()) } #[cfg(test)] diff --git a/src/aead/chacha20_poly1305_openssh.rs b/src/aead/chacha20_poly1305_openssh.rs index cb6f691..585914b 100644 --- a/src/aead/chacha20_poly1305_openssh.rs +++ b/src/aead/chacha20_poly1305_openssh.rs @@ -32,10 +32,11 @@ use super::{ chacha::{self, *}, chacha20_poly1305::derive_poly1305_key, - cpu, poly1305, Nonce, Tag, + cpu, poly1305, + polyfill::ChunksFixed, + Nonce, Tag, }; use crate::{constant_time, endian::*, error}; -use core::convert::TryInto; /// A key for sealing packets. pub struct SealingKey { @@ -44,8 +45,8 @@ pub struct SealingKey { impl SealingKey { /// Constructs a new `SealingKey`. - pub fn new(key_material: &[u8; KEY_LEN]) -> SealingKey { - SealingKey { + pub fn new(key_material: &[u8; KEY_LEN]) -> Self { + Self { key: Key::new(key_material, cpu::features()), } } @@ -64,8 +65,7 @@ impl SealingKey { tag_out: &mut [u8; TAG_LEN], ) { let mut counter = make_counter(sequence_number); - let poly_key = - derive_poly1305_key(&self.key.k_2, counter.increment(), self.key.cpu_features); + let poly_key = derive_poly1305_key(&self.key.k_2, counter.increment()); { let (len_in_out, data_and_padding_in_out) = @@ -91,8 +91,8 @@ pub struct OpeningKey { impl OpeningKey { /// Constructs a new `OpeningKey`. - pub fn new(key_material: &[u8; KEY_LEN]) -> OpeningKey { - OpeningKey { + pub fn new(key_material: &[u8; KEY_LEN]) -> Self { + Self { key: Key::new(key_material, cpu::features()), } } @@ -132,8 +132,7 @@ impl OpeningKey { // We must verify the tag before decrypting so that // `ciphertext_in_plaintext_out` is unmodified if verification fails. // This is beyond what we guarantee. - let poly_key = - derive_poly1305_key(&self.key.k_2, counter.increment(), self.key.cpu_features); + let poly_key = derive_poly1305_key(&self.key.k_2, counter.increment()); verify(poly_key, ciphertext_in_plaintext_out, tag)?; let plaintext_in_ciphertext_out = &mut ciphertext_in_plaintext_out[PACKET_LENGTH_LEN..]; @@ -148,19 +147,15 @@ impl OpeningKey { struct Key { k_1: chacha::Key, k_2: chacha::Key, - cpu_features: cpu::Features, } impl Key { - fn new(key_material: &[u8; KEY_LEN], cpu_features: cpu::Features) -> Key { + fn new(key_material: &[u8; KEY_LEN], cpu_features: cpu::Features) -> Self { // The first half becomes K_2 and the second half becomes K_1. - let (k_2, k_1) = key_material.split_at(chacha::KEY_LEN); - let k_1: [u8; chacha::KEY_LEN] = k_1.try_into().unwrap(); - let k_2: [u8; chacha::KEY_LEN] = k_2.try_into().unwrap(); - Key { - k_1: chacha::Key::from(k_1), - k_2: chacha::Key::from(k_2), - cpu_features, + let &[k_2, k_1]: &[[u8; chacha::KEY_LEN]; 2] = key_material.chunks_fixed(); + Self { + k_1: chacha::Key::new(k_1, cpu_features), + k_2: chacha::Key::new(k_2, cpu_features), } } } @@ -181,7 +176,7 @@ pub const KEY_LEN: usize = chacha::KEY_LEN * 2; pub const PACKET_LENGTH_LEN: usize = 4; // 32 bits /// The length in bytes of an authentication tag. -pub const TAG_LEN: usize = super::BLOCK_LEN; +pub const TAG_LEN: usize = super::TAG_LEN; fn verify(key: poly1305::Key, msg: &[u8], tag: &[u8; TAG_LEN]) -> Result<(), error::Unspecified> { let Tag(calculated_tag) = poly1305::sign(key, msg); diff --git a/src/aead/counter.rs b/src/aead/counter.rs deleted file mode 100644 index 3fd373d..0000000 --- a/src/aead/counter.rs +++ /dev/null @@ -1,105 +0,0 @@ -// Copyright 2018 Brian Smith. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -use super::{ - iv::{Iv, IV_LEN}, - Nonce, -}; -use crate::endian::*; -use core::convert::TryInto; - -/// A generator of a monotonically increasing series of `Iv`s. -/// -/// Intentionally not `Clone` to ensure counters aren't forked. -#[repr(C)] -pub struct Counter<U32> { - u32s: [U32; COUNTER_LEN], -} - -const COUNTER_LEN: usize = 4; - -impl<U32> Counter<U32> -where - U32: Copy, - U32: Encoding<u32>, - U32: From<[u8; 4]>, - U32: Layout, - [U32; 4]: ArrayEncoding<[u8; IV_LEN]>, -{ - pub fn zero(nonce: Nonce) -> Self { - Self::new(nonce, 0) - } - pub fn one(nonce: Nonce) -> Self { - Self::new(nonce, 1) - } - - #[cfg(test)] - pub fn from_test_vector(nonce: &[u8], initial_counter: u32) -> Self { - Self::new( - Nonce::try_assume_unique_for_key(nonce).unwrap(), - initial_counter, - ) - } - - fn new(nonce: Nonce, initial_counter: u32) -> Self { - let mut r = Self { - u32s: [U32::ZERO; COUNTER_LEN], - }; - let nonce_index = (U32::COUNTER_INDEX + 1) % COUNTER_LEN; - (&mut r.u32s[nonce_index..][..3]) - .iter_mut() - .zip(nonce.as_ref().chunks_exact(4)) - .for_each(|(initial, nonce)| { - let nonce: &[u8; 4] = nonce.try_into().unwrap(); - *initial = U32::from(*nonce); - }); - r.u32s[U32::COUNTER_INDEX] = U32::from(initial_counter); - r - } - - #[inline] - pub fn increment(&mut self) -> Iv { - let current = Self { u32s: self.u32s }; - self.increment_by_less_safe(1); - current.into() - } - - #[inline] - pub fn increment_by_less_safe(&mut self, increment_by: u32) { - let counter = &mut self.u32s[U32::COUNTER_INDEX]; - let old_value: u32 = (*counter).into(); - *counter = U32::from(old_value + increment_by); - } -} - -pub trait Layout { - const COUNTER_INDEX: usize; -} - -impl Layout for BigEndian<u32> { - const COUNTER_INDEX: usize = 3; -} - -impl Layout for LittleEndian<u32> { - const COUNTER_INDEX: usize = 0; -} - -impl<U32> Into<Iv> for Counter<U32> -where - [U32; 4]: ArrayEncoding<[u8; IV_LEN]>, -{ - fn into(self) -> Iv { - Iv::assume_unique_for_key(*self.u32s.as_byte_array()) - } -} diff --git a/src/aead/gcm.rs b/src/aead/gcm.rs index 6696f77..40d9cf7 100644 --- a/src/aead/gcm.rs +++ b/src/aead/gcm.rs @@ -12,31 +12,41 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -use super::{Aad, Block, BLOCK_LEN}; +use super::{ + block::{Block, BLOCK_LEN}, + Aad, +}; use crate::cpu; +use core::ops::BitXorAssign; #[cfg(not(target_arch = "aarch64"))] mod gcm_nohw; -pub struct Key(HTable); +pub struct Key { + h_table: HTable, + cpu_features: cpu::Features, +} impl Key { pub(super) fn new(h_be: Block, cpu_features: cpu::Features) -> Self { - let h = h_be.u64s_be_to_native(); + let h: [u64; 2] = h_be.into(); - let mut key = Self(HTable { - Htable: [u128 { hi: 0, lo: 0 }; HTABLE_LEN], - }); - let h_table = &mut key.0; + let mut key = Self { + h_table: HTable { + Htable: [u128 { hi: 0, lo: 0 }; HTABLE_LEN], + }, + cpu_features, + }; + let h_table = &mut key.h_table; match detect_implementation(cpu_features) { #[cfg(target_arch = "x86_64")] Implementation::CLMUL if has_avx_movbe(cpu_features) => { - extern "C" { - fn GFp_gcm_init_avx(HTable: &mut HTable, h: &[u64; 2]); + prefixed_extern! { + fn gcm_init_avx(HTable: &mut HTable, h: &[u64; 2]); } unsafe { - GFp_gcm_init_avx(h_table, &h); + gcm_init_avx(h_table, &h); } } @@ -47,21 +57,21 @@ impl Key { target_arch = "x86" ))] Implementation::CLMUL => { - extern "C" { - fn GFp_gcm_init_clmul(Htable: &mut HTable, h: &[u64; 2]); + prefixed_extern! { + fn gcm_init_clmul(Htable: &mut HTable, h: &[u64; 2]); } unsafe { - GFp_gcm_init_clmul(h_table, &h); + gcm_init_clmul(h_table, &h); } } #[cfg(any(target_arch = "aarch64", target_arch = "arm"))] Implementation::NEON => { - extern "C" { - fn GFp_gcm_init_neon(Htable: &mut HTable, h: &[u64; 2]); + prefixed_extern! { + fn gcm_init_neon(Htable: &mut HTable, h: &[u64; 2]); } unsafe { - GFp_gcm_init_neon(h_table, &h); + gcm_init_neon(h_table, &h); } } @@ -81,14 +91,14 @@ pub struct Context { } impl Context { - pub(crate) fn new(key: &Key, aad: Aad<&[u8]>, cpu_features: cpu::Features) -> Self { - let mut ctx = Context { + pub(crate) fn new(key: &Key, aad: Aad<&[u8]>) -> Self { + let mut ctx = Self { inner: ContextInner { Xi: Xi(Block::zero()), _unused: Block::zero(), - Htable: key.0.clone(), + Htable: key.h_table.clone(), }, - cpu_features, + cpu_features: key.cpu_features, }; for ad in aad.0.chunks(BLOCK_LEN) { @@ -108,8 +118,14 @@ impl Context { } pub fn update_blocks(&mut self, input: &[u8]) { - debug_assert!(input.len() > 0); - debug_assert_eq!(input.len() % BLOCK_LEN, 0); + // Th assembly functions take the input length in bytes, not blocks. + let input_bytes = input.len(); + + debug_assert_eq!(input_bytes % BLOCK_LEN, 0); + debug_assert!(input_bytes > 0); + + let input = input.as_ptr() as *const [u8; BLOCK_LEN]; + let input = unsafe { core::slice::from_raw_parts(input, input_bytes / BLOCK_LEN) }; // Although these functions take `Xi` and `h_table` as separate // parameters, one or more of them might assume that they are part of @@ -120,16 +136,16 @@ impl Context { match detect_implementation(self.cpu_features) { #[cfg(target_arch = "x86_64")] Implementation::CLMUL if has_avx_movbe(self.cpu_features) => { - extern "C" { - fn GFp_gcm_ghash_avx( + prefixed_extern! { + fn gcm_ghash_avx( xi: &mut Xi, Htable: &HTable, - inp: *const u8, + inp: *const [u8; BLOCK_LEN], len: crate::c::size_t, ); } unsafe { - GFp_gcm_ghash_avx(xi, h_table, input.as_ptr(), input.len()); + gcm_ghash_avx(xi, h_table, input.as_ptr(), input_bytes); } } @@ -140,31 +156,31 @@ impl Context { target_arch = "x86" ))] Implementation::CLMUL => { - extern "C" { - fn GFp_gcm_ghash_clmul( + prefixed_extern! { + fn gcm_ghash_clmul( xi: &mut Xi, Htable: &HTable, - inp: *const u8, + inp: *const [u8; BLOCK_LEN], len: crate::c::size_t, ); } unsafe { - GFp_gcm_ghash_clmul(xi, h_table, input.as_ptr(), input.len()); + gcm_ghash_clmul(xi, h_table, input.as_ptr(), input_bytes); } } #[cfg(any(target_arch = "aarch64", target_arch = "arm"))] Implementation::NEON => { - extern "C" { - fn GFp_gcm_ghash_neon( + prefixed_extern! { + fn gcm_ghash_neon( xi: &mut Xi, Htable: &HTable, - inp: *const u8, + inp: *const [u8; BLOCK_LEN], len: crate::c::size_t, ); } unsafe { - GFp_gcm_ghash_neon(xi, h_table, input.as_ptr(), input.len()); + gcm_ghash_neon(xi, h_table, input.as_ptr(), input_bytes); } } @@ -192,21 +208,21 @@ impl Context { target_arch = "x86" ))] Implementation::CLMUL => { - extern "C" { - fn GFp_gcm_gmult_clmul(xi: &mut Xi, Htable: &HTable); + prefixed_extern! { + fn gcm_gmult_clmul(xi: &mut Xi, Htable: &HTable); } unsafe { - GFp_gcm_gmult_clmul(xi, h_table); + gcm_gmult_clmul(xi, h_table); } } #[cfg(any(target_arch = "aarch64", target_arch = "arm"))] Implementation::NEON => { - extern "C" { - fn GFp_gcm_gmult_neon(xi: &mut Xi, Htable: &HTable); + prefixed_extern! { + fn gcm_gmult_neon(xi: &mut Xi, Htable: &HTable); } unsafe { - GFp_gcm_gmult_neon(xi, h_table); + gcm_gmult_neon(xi, h_table); } } @@ -219,14 +235,14 @@ impl Context { pub(super) fn pre_finish<F>(self, f: F) -> super::Tag where - F: FnOnce(Xi) -> super::Tag, + F: FnOnce(Block) -> super::Tag, { - f(self.inner.Xi) + f(self.inner.Xi.0) } #[cfg(target_arch = "x86_64")] - pub(super) fn is_avx2(&self, cpu_features: cpu::Features) -> bool { - match detect_implementation(cpu_features) { + pub(super) fn is_avx2(&self) -> bool { + match detect_implementation(self.cpu_features) { Implementation::CLMUL => has_avx_movbe(self.cpu_features), _ => false, } @@ -252,10 +268,10 @@ const HTABLE_LEN: usize = 16; #[repr(transparent)] pub struct Xi(Block); -impl Xi { +impl BitXorAssign<Block> for Xi { #[inline] fn bitxor_assign(&mut self, a: Block) { - self.0.bitxor_assign(a) + self.0 ^= a; } } diff --git a/src/aead/gcm/gcm_nohw.rs b/src/aead/gcm/gcm_nohw.rs index 0850315..8effbd4 100644 --- a/src/aead/gcm/gcm_nohw.rs +++ b/src/aead/gcm/gcm_nohw.rs @@ -22,9 +22,8 @@ // // Unlike the BearSSL notes, we use u128 in the 64-bit implementation. -use super::{super::Block, Xi}; -use crate::endian::BigEndian; -use core::convert::TryInto; +use super::{Block, Xi, BLOCK_LEN}; +use crate::polyfill::ChunksFixed; #[cfg(target_pointer_width = "64")] fn gcm_mul64_nohw(a: u64, b: u64) -> (u64, u64) { @@ -223,11 +222,12 @@ pub(super) fn gmult(xi: &mut Xi, h: super::u128) { }) } -pub(super) fn ghash(xi: &mut Xi, h: super::u128, input: &[u8]) { +pub(super) fn ghash(xi: &mut Xi, h: super::u128, input: &[[u8; BLOCK_LEN]]) { with_swapped_xi(xi, |swapped| { - input.chunks_exact(16).for_each(|inp| { - swapped[0] ^= u64::from_be_bytes(inp[8..].try_into().unwrap()); - swapped[1] ^= u64::from_be_bytes(inp[..8].try_into().unwrap()); + input.iter().for_each(|input| { + let input: &[[u8; 8]; 2] = input.chunks_fixed(); + swapped[0] ^= u64::from_be_bytes(input[1]); + swapped[1] ^= u64::from_be_bytes(input[0]); gcm_polyval_nohw(swapped, h); }); }); @@ -235,8 +235,8 @@ pub(super) fn ghash(xi: &mut Xi, h: super::u128, input: &[u8]) { #[inline] fn with_swapped_xi(Xi(xi): &mut Xi, f: impl FnOnce(&mut [u64; 2])) { - let unswapped = xi.u64s_be_to_native(); + let unswapped: [u64; 2] = (*xi).into(); let mut swapped: [u64; 2] = [unswapped[1], unswapped[0]]; f(&mut swapped); - *xi = Block::from_u64_be(BigEndian::from(swapped[1]), BigEndian::from(swapped[0])) + *xi = Block::from([swapped[1], swapped[0]]) } diff --git a/src/aead/less_safe_key.rs b/src/aead/less_safe_key.rs new file mode 100644 index 0000000..55bb616 --- /dev/null +++ b/src/aead/less_safe_key.rs @@ -0,0 +1,191 @@ +// Copyright 2015-2021 Brian Smith. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +use super::{Aad, Algorithm, KeyInner, Nonce, Tag, UnboundKey, TAG_LEN}; +use crate::{constant_time, cpu, error, polyfill}; +use core::ops::RangeFrom; + +/// Immutable keys for use in situations where `OpeningKey`/`SealingKey` and +/// `NonceSequence` cannot reasonably be used. +/// +/// Prefer to use `OpeningKey`/`SealingKey` and `NonceSequence` when practical. +pub struct LessSafeKey { + inner: KeyInner, + algorithm: &'static Algorithm, +} + +impl LessSafeKey { + /// Constructs a `LessSafeKey`. + #[inline] + pub fn new(key: UnboundKey) -> Self { + key.into_inner() + } + + pub(super) fn new_( + algorithm: &'static Algorithm, + key_bytes: &[u8], + ) -> Result<Self, error::Unspecified> { + let cpu_features = cpu::features(); + Ok(Self { + inner: (algorithm.init)(key_bytes, cpu_features)?, + algorithm, + }) + } + + /// Like [`OpeningKey::open_in_place()`], except it accepts an arbitrary nonce. + /// + /// `nonce` must be unique for every use of the key to open data. + #[inline] + pub fn open_in_place<'in_out, A>( + &self, + nonce: Nonce, + aad: Aad<A>, + in_out: &'in_out mut [u8], + ) -> Result<&'in_out mut [u8], error::Unspecified> + where + A: AsRef<[u8]>, + { + self.open_within(nonce, aad, in_out, 0..) + } + + /// Like [`OpeningKey::open_within()`], except it accepts an arbitrary nonce. + /// + /// `nonce` must be unique for every use of the key to open data. + #[inline] + pub fn open_within<'in_out, A>( + &self, + nonce: Nonce, + aad: Aad<A>, + in_out: &'in_out mut [u8], + ciphertext_and_tag: RangeFrom<usize>, + ) -> Result<&'in_out mut [u8], error::Unspecified> + where + A: AsRef<[u8]>, + { + open_within_( + self, + nonce, + Aad::from(aad.as_ref()), + in_out, + ciphertext_and_tag, + ) + } + + /// Like [`SealingKey::seal_in_place_append_tag()`], except it accepts an + /// arbitrary nonce. + /// + /// `nonce` must be unique for every use of the key to seal data. + #[inline] + pub fn seal_in_place_append_tag<A, InOut>( + &self, + nonce: Nonce, + aad: Aad<A>, + in_out: &mut InOut, + ) -> Result<(), error::Unspecified> + where + A: AsRef<[u8]>, + InOut: AsMut<[u8]> + for<'in_out> Extend<&'in_out u8>, + { + self.seal_in_place_separate_tag(nonce, aad, in_out.as_mut()) + .map(|tag| in_out.extend(tag.as_ref())) + } + + /// Like `SealingKey::seal_in_place_separate_tag()`, except it accepts an + /// arbitrary nonce. + /// + /// `nonce` must be unique for every use of the key to seal data. + #[inline] + pub fn seal_in_place_separate_tag<A>( + &self, + nonce: Nonce, + aad: Aad<A>, + in_out: &mut [u8], + ) -> Result<Tag, error::Unspecified> + where + A: AsRef<[u8]>, + { + seal_in_place_separate_tag_(&self, nonce, Aad::from(aad.as_ref()), in_out) + } + + /// The key's AEAD algorithm. + #[inline] + pub fn algorithm(&self) -> &'static Algorithm { + &self.algorithm + } + + pub(super) fn fmt_debug( + &self, + type_name: &'static str, + f: &mut core::fmt::Formatter, + ) -> Result<(), core::fmt::Error> { + f.debug_struct(type_name) + .field("algorithm", &self.algorithm()) + .finish() + } +} + +fn open_within_<'in_out>( + key: &LessSafeKey, + nonce: Nonce, + aad: Aad<&[u8]>, + in_out: &'in_out mut [u8], + src: RangeFrom<usize>, +) -> Result<&'in_out mut [u8], error::Unspecified> { + let ciphertext_and_tag_len = in_out + .len() + .checked_sub(src.start) + .ok_or(error::Unspecified)?; + let ciphertext_len = ciphertext_and_tag_len + .checked_sub(TAG_LEN) + .ok_or(error::Unspecified)?; + check_per_nonce_max_bytes(key.algorithm, ciphertext_len)?; + let (in_out, received_tag) = in_out.split_at_mut(src.start + ciphertext_len); + let Tag(calculated_tag) = (key.algorithm.open)(&key.inner, nonce, aad, in_out, src); + if constant_time::verify_slices_are_equal(calculated_tag.as_ref(), received_tag).is_err() { + // Zero out the plaintext so that it isn't accidentally leaked or used + // after verification fails. It would be safest if we could check the + // tag before decrypting, but some `open` implementations interleave + // authentication with decryption for performance. + for b in &mut in_out[..ciphertext_len] { + *b = 0; + } + return Err(error::Unspecified); + } + // `ciphertext_len` is also the plaintext length. + Ok(&mut in_out[..ciphertext_len]) +} + +#[inline] +pub(super) fn seal_in_place_separate_tag_( + key: &LessSafeKey, + nonce: Nonce, + aad: Aad<&[u8]>, + in_out: &mut [u8], +) -> Result<Tag, error::Unspecified> { + check_per_nonce_max_bytes(key.algorithm(), in_out.len())?; + Ok((key.algorithm.seal)(&key.inner, nonce, aad, in_out)) +} + +fn check_per_nonce_max_bytes(alg: &Algorithm, in_out_len: usize) -> Result<(), error::Unspecified> { + if polyfill::u64_from_usize(in_out_len) > alg.max_input_len { + return Err(error::Unspecified); + } + Ok(()) +} + +impl core::fmt::Debug for LessSafeKey { + fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { + self.fmt_debug("LessSafeKey", f) + } +} diff --git a/src/aead/opening_key.rs b/src/aead/opening_key.rs new file mode 100644 index 0000000..f3e53d4 --- /dev/null +++ b/src/aead/opening_key.rs @@ -0,0 +1,143 @@ +// Copyright 2015-2021 Brian Smith. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +//! Authenticated Encryption with Associated Data (AEAD). +//! +//! See [Authenticated encryption: relations among notions and analysis of the +//! generic composition paradigm][AEAD] for an introduction to the concept of +//! AEADs. +//! +//! [AEAD]: http://www-cse.ucsd.edu/~mihir/papers/oem.html +//! [`crypto.cipher.AEAD`]: https://golang.org/pkg/crypto/cipher/#AEAD + +use super::{Aad, Algorithm, BoundKey, LessSafeKey, NonceSequence, UnboundKey}; +use crate::error; +use core::ops::RangeFrom; + +/// An AEAD key for authenticating and decrypting ("opening"), bound to a nonce +/// sequence. +/// +/// Intentionally not `Clone` or `Copy` since cloning would allow duplication +/// of the nonce sequence. +pub struct OpeningKey<N: NonceSequence> { + key: LessSafeKey, + nonce_sequence: N, +} + +impl<N: NonceSequence> BoundKey<N> for OpeningKey<N> { + fn new(key: UnboundKey, nonce_sequence: N) -> Self { + Self { + key: key.into_inner(), + nonce_sequence, + } + } + + #[inline] + fn algorithm(&self) -> &'static Algorithm { + self.key.algorithm() + } +} + +impl<N: NonceSequence> core::fmt::Debug for OpeningKey<N> { + fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { + self.key.fmt_debug("OpeningKey", f) + } +} + +impl<N: NonceSequence> OpeningKey<N> { + /// Authenticates and decrypts (“opens”) data in place. + /// + /// `aad` is the additional authenticated data (AAD), if any. + /// + /// On input, `in_out` must be the ciphertext followed by the tag. When + /// `open_in_place()` returns `Ok(plaintext)`, the input ciphertext + /// has been overwritten by the plaintext; `plaintext` will refer to the + /// plaintext without the tag. + /// + /// When `open_in_place()` returns `Err(..)`, `in_out` may have been + /// overwritten in an unspecified way. + #[inline] + pub fn open_in_place<'in_out, A>( + &mut self, + aad: Aad<A>, + in_out: &'in_out mut [u8], + ) -> Result<&'in_out mut [u8], error::Unspecified> + where + A: AsRef<[u8]>, + { + self.key + .open_in_place(self.nonce_sequence.advance()?, aad, in_out) + } + + /// Authenticates and decrypts (“opens”) data in place, with a shift. + /// + /// `aad` is the additional authenticated data (AAD), if any. + /// + /// On input, `in_out[ciphertext_and_tag]` must be the ciphertext followed + /// by the tag. When `open_within()` returns `Ok(plaintext)`, the plaintext + /// will be at `in_out[0..plaintext.len()]`. In other words, the following + /// two code fragments are equivalent for valid values of + /// `ciphertext_and_tag`, except `open_within` will often be more efficient: + /// + /// + /// ```skip + /// let plaintext = key.open_within(aad, in_out, cipertext_and_tag)?; + /// ``` + /// + /// ```skip + /// let ciphertext_and_tag_len = in_out[ciphertext_and_tag].len(); + /// in_out.copy_within(ciphertext_and_tag, 0); + /// let plaintext = key.open_in_place(aad, &mut in_out[..ciphertext_and_tag_len])?; + /// ``` + /// + /// Similarly, `key.open_within(aad, in_out, 0..)` is equivalent to + /// `key.open_in_place(aad, in_out)`. + /// + /// When `open_in_place()` returns `Err(..)`, `in_out` may have been + /// overwritten in an unspecified way. + /// + /// The shifting feature is useful in the case where multiple packets are + /// being reassembled in place. Consider this example where the peer has + /// sent the message “Split stream reassembled in place” split into + /// three sealed packets: + /// + /// ```ascii-art + /// Packet 1 Packet 2 Packet 3 + /// Input: [Header][Ciphertext][Tag][Header][Ciphertext][Tag][Header][Ciphertext][Tag] + /// | +--------------+ | + /// +------+ +-----+ +----------------------------------+ + /// v v v + /// Output: [Plaintext][Plaintext][Plaintext] + /// “Split stream reassembled in place” + /// ``` + /// + /// This reassembly can be accomplished with three calls to `open_within()`. + #[inline] + pub fn open_within<'in_out, A>( + &mut self, + aad: Aad<A>, + in_out: &'in_out mut [u8], + ciphertext_and_tag: RangeFrom<usize>, + ) -> Result<&'in_out mut [u8], error::Unspecified> + where + A: AsRef<[u8]>, + { + self.key.open_within( + self.nonce_sequence.advance()?, + aad, + in_out, + ciphertext_and_tag, + ) + } +} diff --git a/src/aead/poly1305.rs b/src/aead/poly1305.rs index a87f709..a2cb11e 100644 --- a/src/aead/poly1305.rs +++ b/src/aead/poly1305.rs @@ -15,7 +15,7 @@ // TODO: enforce maximum input length. -use super::{block::BLOCK_LEN, Tag, TAG_LEN}; +use super::{Tag, TAG_LEN}; use crate::{c, cpu}; /// A Poly1305 key. @@ -24,7 +24,8 @@ pub(super) struct Key { cpu_features: cpu::Features, } -const KEY_LEN: usize = 2 * BLOCK_LEN; +pub(super) const BLOCK_LEN: usize = 16; +pub(super) const KEY_LEN: usize = 2 * BLOCK_LEN; impl Key { #[inline] @@ -42,7 +43,7 @@ pub struct Context { cpu_features: cpu::Features, } -// Keep in sync with `poly1305_state` in GFp/poly1305.h. +// Keep in sync with `poly1305_state` in ring-core/poly1305.h. // // The C code, in particular the way the `poly1305_aligned_state` functions // are used, is only correct when the state buffer is 64-byte aligned. @@ -61,13 +62,13 @@ macro_rules! dispatch { // Apple's 32-bit ARM ABI is incompatible with the assembly code. #[cfg(all(target_arch = "arm", not(target_vendor = "apple")))] () if cpu::arm::NEON.available($features) => { - extern "C" { + prefixed_extern! { fn $neon_f( $( $p : $t ),+ ); } unsafe { $neon_f( $( $a ),+ ) } } () => { - extern "C" { + prefixed_extern! { fn $f( $( $p : $t ),+ ); } unsafe { $f( $( $a ),+ ) } @@ -91,7 +92,7 @@ impl Context { dispatch!( cpu_features => - (GFp_poly1305_init | GFp_poly1305_init_neon) + (CRYPTO_poly1305_init | CRYPTO_poly1305_init_neon) (statep: &mut poly1305_state, key: &[u8; KEY_LEN]) (&mut ctx.state, &key_and_nonce)); @@ -102,7 +103,7 @@ impl Context { pub fn update(&mut self, input: &[u8]) { dispatch!( self.cpu_features => - (GFp_poly1305_update | GFp_poly1305_update_neon) + (CRYPTO_poly1305_update | CRYPTO_poly1305_update_neon) (statep: &mut poly1305_state, input: *const u8, in_len: c::size_t) (&mut self.state, input.as_ptr(), input.len())); } @@ -111,7 +112,7 @@ impl Context { let mut tag = Tag([0u8; TAG_LEN]); dispatch!( self.cpu_features => - (GFp_poly1305_finish | GFp_poly1305_finish_neon) + (CRYPTO_poly1305_finish | CRYPTO_poly1305_finish_neon) (statep: &mut poly1305_state, mac: &mut [u8; TAG_LEN]) (&mut self.state, &mut tag.0)); tag @@ -141,7 +142,7 @@ mod tests { test::run(test_file!("poly1305_test.txt"), |section, test_case| { assert_eq!(section, ""); let key = test_case.consume_bytes("Key"); - let key: &[u8; BLOCK_LEN * 2] = key.as_slice().try_into().unwrap(); + let key: &[u8; KEY_LEN] = key.as_slice().try_into().unwrap(); let input = test_case.consume_bytes("Input"); let expected_mac = test_case.consume_bytes("MAC"); let key = Key::new(*key, cpu_features); diff --git a/src/aead/quic.rs b/src/aead/quic.rs index ac667ae..1996121 100644 --- a/src/aead/quic.rs +++ b/src/aead/quic.rs @@ -171,9 +171,12 @@ pub static CHACHA20: Algorithm = Algorithm { id: AlgorithmID::CHACHA20, }; -fn chacha20_init(key: &[u8], _todo: cpu::Features) -> Result<KeyInner, error::Unspecified> { +fn chacha20_init(key: &[u8], cpu_features: cpu::Features) -> Result<KeyInner, error::Unspecified> { let chacha20_key: [u8; chacha::KEY_LEN] = key.try_into()?; - Ok(KeyInner::ChaCha20(chacha::Key::from(chacha20_key))) + Ok(KeyInner::ChaCha20(chacha::Key::new( + chacha20_key, + cpu_features, + ))) } fn chacha20_new_mask(key: &KeyInner, sample: Sample) -> [u8; 5] { diff --git a/src/aead/sealing_key.rs b/src/aead/sealing_key.rs new file mode 100644 index 0000000..70d6081 --- /dev/null +++ b/src/aead/sealing_key.rs @@ -0,0 +1,104 @@ +// Copyright 2015-2021 Brian Smith. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +//! Authenticated Encryption with Associated Data (AEAD). +//! +//! See [Authenticated encryption: relations among notions and analysis of the +//! generic composition paradigm][AEAD] for an introduction to the concept of +//! AEADs. +//! +//! [AEAD]: http://www-cse.ucsd.edu/~mihir/papers/oem.html +//! [`crypto.cipher.AEAD`]: https://golang.org/pkg/crypto/cipher/#AEAD + +use super::{Aad, Algorithm, BoundKey, LessSafeKey, NonceSequence, Tag, UnboundKey}; +use crate::error; + +/// An AEAD key for encrypting and signing ("sealing"), bound to a nonce +/// sequence. +/// +/// Intentionally not `Clone` or `Copy` since cloning would allow duplication +/// of the nonce sequence. +pub struct SealingKey<N: NonceSequence> { + key: LessSafeKey, + nonce_sequence: N, +} + +impl<N: NonceSequence> BoundKey<N> for SealingKey<N> { + fn new(key: UnboundKey, nonce_sequence: N) -> Self { + Self { + key: key.into_inner(), + nonce_sequence, + } + } + + #[inline] + fn algorithm(&self) -> &'static Algorithm { + self.key.algorithm() + } +} + +impl<N: NonceSequence> core::fmt::Debug for SealingKey<N> { + fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { + self.key.fmt_debug("SealingKey", f) + } +} + +impl<N: NonceSequence> SealingKey<N> { + /// Encrypts and signs (“seals”) data in place, appending the tag to the + /// resulting ciphertext. + /// + /// `key.seal_in_place_append_tag(aad, in_out)` is equivalent to: + /// + /// ```skip + /// key.seal_in_place_separate_tag(aad, in_out.as_mut()) + /// .map(|tag| in_out.extend(tag.as_ref())) + /// ``` + #[inline] + pub fn seal_in_place_append_tag<A, InOut>( + &mut self, + aad: Aad<A>, + in_out: &mut InOut, + ) -> Result<(), error::Unspecified> + where + A: AsRef<[u8]>, + InOut: AsMut<[u8]> + for<'in_out> Extend<&'in_out u8>, + { + self.key + .seal_in_place_append_tag(self.nonce_sequence.advance()?, aad, in_out) + } + + /// Encrypts and signs (“seals”) data in place. + /// + /// `aad` is the additional authenticated data (AAD), if any. This is + /// authenticated but not encrypted. The type `A` could be a byte slice + /// `&[u8]`, a byte array `[u8; N]` for some constant `N`, `Vec<u8>`, etc. + /// If there is no AAD then use `Aad::empty()`. + /// + /// The plaintext is given as the input value of `in_out`. `seal_in_place()` + /// will overwrite the plaintext with the ciphertext and return the tag. + /// For most protocols, the caller must append the tag to the ciphertext. + /// The tag will be `self.algorithm.tag_len()` bytes long. + #[inline] + pub fn seal_in_place_separate_tag<A>( + &mut self, + aad: Aad<A>, + in_out: &mut [u8], + ) -> Result<Tag, error::Unspecified> + where + A: AsRef<[u8]>, + { + self.key + .seal_in_place_separate_tag(self.nonce_sequence.advance()?, aad, in_out) + } +} diff --git a/src/aead/shift.rs b/src/aead/shift.rs index b3a2e71..9146306 100644 --- a/src/aead/shift.rs +++ b/src/aead/shift.rs @@ -15,18 +15,18 @@ use super::block::{Block, BLOCK_LEN}; #[cfg(target_arch = "x86")] -pub fn shift_full_blocks<F>(in_out: &mut [u8], in_prefix_len: usize, mut transform: F) +pub fn shift_full_blocks<F>(in_out: &mut [u8], src: core::ops::RangeFrom<usize>, mut transform: F) where F: FnMut(&[u8; BLOCK_LEN]) -> Block, { use core::convert::TryFrom; - let in_out_len = in_out.len().checked_sub(in_prefix_len).unwrap(); + let in_out_len = in_out[src.clone()].len(); for i in (0..in_out_len).step_by(BLOCK_LEN) { let block = { let input = - <&[u8; BLOCK_LEN]>::try_from(&in_out[(in_prefix_len + i)..][..BLOCK_LEN]).unwrap(); + <&[u8; BLOCK_LEN]>::try_from(&in_out[(src.start + i)..][..BLOCK_LEN]).unwrap(); transform(input) }; let output = <&mut [u8; BLOCK_LEN]>::try_from(&mut in_out[i..][..BLOCK_LEN]).unwrap(); diff --git a/src/aead/unbound_key.rs b/src/aead/unbound_key.rs new file mode 100644 index 0000000..969e174 --- /dev/null +++ b/src/aead/unbound_key.rs @@ -0,0 +1,74 @@ +// Copyright 2015-2021 Brian Smith. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +//! Authenticated Encryption with Associated Data (AEAD). +//! +//! See [Authenticated encryption: relations among notions and analysis of the +//! generic composition paradigm][AEAD] for an introduction to the concept of +//! AEADs. +//! +//! [AEAD]: http://www-cse.ucsd.edu/~mihir/papers/oem.html +//! [`crypto.cipher.AEAD`]: https://golang.org/pkg/crypto/cipher/#AEAD + +use super::{Algorithm, LessSafeKey, MAX_KEY_LEN}; +use crate::{error, hkdf}; + +/// An AEAD key without a designated role or nonce sequence. +pub struct UnboundKey { + inner: LessSafeKey, +} + +impl UnboundKey { + /// Constructs a `UnboundKey`. + /// + /// Fails if `key_bytes.len() != algorithm.key_len()`. + #[inline] + pub fn new( + algorithm: &'static Algorithm, + key_bytes: &[u8], + ) -> Result<Self, error::Unspecified> { + Ok(Self { + inner: LessSafeKey::new_(algorithm, key_bytes)?, + }) + } + + /// The key's AEAD algorithm. + #[inline] + pub fn algorithm(&self) -> &'static Algorithm { + self.inner.algorithm() + } + + #[inline] + pub(super) fn into_inner(self) -> LessSafeKey { + self.inner + } +} + +impl core::fmt::Debug for UnboundKey { + fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { + self.inner.fmt_debug("UnboundKey", f) + } +} + +impl From<hkdf::Okm<'_, &'static Algorithm>> for UnboundKey { + fn from(okm: hkdf::Okm<&'static Algorithm>) -> Self { + let mut key_bytes = [0; MAX_KEY_LEN]; + let key_bytes = &mut key_bytes[..okm.len().key_len]; + let algorithm = *okm.len(); + okm.fill(key_bytes).unwrap(); + Self { + inner: LessSafeKey::new_(algorithm, key_bytes).unwrap(), + } + } +} diff --git a/src/agreement.rs b/src/agreement.rs index d116c8f..bdd2abc 100644 --- a/src/agreement.rs +++ b/src/agreement.rs @@ -47,12 +47,10 @@ //! agreement::agree_ephemeral( //! my_private_key, //! &peer_public_key, -//! ring::error::Unspecified, //! |_key_material| { //! // In a real application, we'd apply a KDF to the key material and the //! // public keys (as recommended in RFC 7748) and then derive session //! // keys from the result. We omit all that here. -//! Ok(()) //! }, //! )?; //! @@ -83,7 +81,7 @@ derive_debug_via_field!(Algorithm, curve); impl Eq for Algorithm {} impl PartialEq for Algorithm { - fn eq(&self, other: &Algorithm) -> bool { + fn eq(&self, other: &Self) -> bool { self.curve.id == other.curve.id } } @@ -244,46 +242,34 @@ impl<B: AsRef<[u8]>> UnparsedPublicKey<B> { /// details on how keys are to be encoded and what constitutes a valid key for /// that algorithm. /// -/// `error_value` is the value to return if an error occurs before `kdf` is -/// called, e.g. when decoding of the peer's public key fails or when the public -/// key is otherwise invalid. -/// /// After the key agreement is done, `agree_ephemeral` calls `kdf` with the raw /// key material from the key agreement operation and then returns what `kdf` /// returns. #[inline] -pub fn agree_ephemeral<B: AsRef<[u8]>, F, R, E>( +pub fn agree_ephemeral<B: AsRef<[u8]>, R>( my_private_key: EphemeralPrivateKey, peer_public_key: &UnparsedPublicKey<B>, - error_value: E, - kdf: F, -) -> Result<R, E> -where - F: FnOnce(&[u8]) -> Result<R, E>, -{ + kdf: impl FnOnce(&[u8]) -> R, +) -> Result<R, error::Unspecified> { let peer_public_key = UnparsedPublicKey { algorithm: peer_public_key.algorithm, bytes: peer_public_key.bytes.as_ref(), }; - agree_ephemeral_(my_private_key, peer_public_key, error_value, kdf) + agree_ephemeral_(my_private_key, peer_public_key, kdf) } -fn agree_ephemeral_<F, R, E>( +fn agree_ephemeral_<R>( my_private_key: EphemeralPrivateKey, peer_public_key: UnparsedPublicKey<&[u8]>, - error_value: E, - kdf: F, -) -> Result<R, E> -where - F: FnOnce(&[u8]) -> Result<R, E>, -{ + kdf: impl FnOnce(&[u8]) -> R, +) -> Result<R, error::Unspecified> { // NSA Guide Prerequisite 1. // // The domain parameters are hard-coded. This check verifies that the // peer's public key's domain parameters match the domain parameters of // this private key. if peer_public_key.algorithm != my_private_key.algorithm { - return Err(error_value); + return Err(error::Unspecified); } let alg = &my_private_key.algorithm; @@ -309,12 +295,11 @@ where shared_key, &my_private_key.private_key, untrusted::Input::from(peer_public_key.bytes), - ) - .map_err(|_| error_value)?; + )?; // NSA Guide Steps 5 and 6. // // Again, we have a pretty liberal interpretation of the NIST's spec's // "Destroy" that doesn't meet the NSA requirement to "zeroize." - kdf(shared_key) + Ok(kdf(shared_key)) } diff --git a/src/arithmetic/bigint.rs b/src/arithmetic/bigint.rs index 620595e..1eb90fe 100644 --- a/src/arithmetic/bigint.rs +++ b/src/arithmetic/bigint.rs @@ -38,7 +38,7 @@ use crate::{ arithmetic::montgomery::*, - bits, bssl, c, error, + bits, bssl, c, debug, error, limb::{self, Limb, LimbMask, LIMB_BITS, LIMB_BYTES}, }; use alloc::{borrow::ToOwned as _, boxed::Box, vec, vec::Vec}; @@ -47,6 +47,8 @@ use core::{ ops::{Deref, DerefMut}, }; +mod bn_mul_mont_fallback; + pub unsafe trait Prime {} struct Width<M> { @@ -165,7 +167,7 @@ pub unsafe trait NotMuchSmallerModulus<L>: SmallerModulus<L> {} pub unsafe trait PublicModulus {} -/// The x86 implementation of `GFp_bn_mul_mont`, at least, requires at least 4 +/// The x86 implementation of `bn_mul_mont`, at least, requires at least 4 /// limbs. For a long time we have required 4 limbs for all targets, though /// this may be unnecessary. TODO: Replace this with /// `n.len() < 256 / LIMB_BITS` so that 32-bit and 64-bit platforms behave the @@ -221,11 +223,36 @@ pub struct Modulus<M> { oneRR: One<M, RR>, } +impl<M: PublicModulus> Modulus<M> { + pub fn to_be_bytes(&self) -> Box<[u8]> { + let mut padded = vec![0u8; self.limbs.len() * LIMB_BYTES]; + // See Falko Strenzke, "Manger's Attack revisited", ICICS 2010. + limb::big_endian_from_limbs(&self.limbs, &mut padded); + strip_leading_zeros(&padded) + } +} + +impl<M: PublicModulus> Clone for Modulus<M> { + fn clone(&self) -> Self { + Self { + limbs: self.limbs.clone(), + n0: self.n0.clone(), + oneRR: self.oneRR.clone(), + } + } +} + impl<M: PublicModulus> core::fmt::Debug for Modulus<M> { fn fmt(&self, fmt: &mut ::core::fmt::Formatter) -> Result<(), ::core::fmt::Error> { - fmt.debug_struct("Modulus") - // TODO: Print modulus value. - .finish() + let mut state = fmt.debug_tuple("Modulus"); + + #[cfg(feature = "alloc")] + let state = { + let value = self.to_be_bytes(); // XXX: Allocates + state.field(&debug::HexStr(&value)) + }; + + state.finish() } } @@ -265,8 +292,8 @@ impl<M> Modulus<M> { // done by taking the lowest `N0_LIMBS_USED` limbs of `n`. #[allow(clippy::useless_conversion)] let n0 = { - extern "C" { - fn GFp_bn_neg_inv_mod_r_u64(n: u64) -> u64; + prefixed_extern! { + fn bn_neg_inv_mod_r_u64(n: u64) -> u64; } // XXX: u64::from isn't guaranteed to be constant time. @@ -278,7 +305,7 @@ impl<M> Modulus<M> { debug_assert_eq!(LIMB_BITS, 32); n_mod_r |= u64::from(n[1]) << 32; } - N0::from(unsafe { GFp_bn_neg_inv_mod_r_u64(n_mod_r) }) + N0::from(unsafe { bn_neg_inv_mod_r_u64(n_mod_r) }) }; let bits = limb::limbs_minimal_bits(&n.limbs); @@ -432,7 +459,7 @@ impl<M> Elem<M, Unencoded> { input: untrusted::Input, m: &Modulus<M>, ) -> Result<Self, error::Unspecified> { - Ok(Elem { + Ok(Self { limbs: BoxedLimbs::from_be_bytes_padded_less_than(input, m)?, encoding: PhantomData, }) @@ -482,7 +509,7 @@ where } fn elem_mul_by_2<M, AF>(a: &mut Elem<M, AF>, m: &PartialModulus<M>) { - extern "C" { + prefixed_extern! { fn LIMBS_shl_mod(r: *mut Limb, a: *const Limb, m: *const Limb, num_limbs: c::size_t); } unsafe { @@ -550,31 +577,13 @@ pub fn elem_widen<Larger, Smaller: SmallerModulus<Larger>>( // TODO: Document why this works for all Montgomery factors. pub fn elem_add<M, E>(mut a: Elem<M, E>, b: Elem<M, E>, m: &Modulus<M>) -> Elem<M, E> { - extern "C" { - // `r` and `a` may alias. - fn LIMBS_add_mod( - r: *mut Limb, - a: *const Limb, - b: *const Limb, - m: *const Limb, - num_limbs: c::size_t, - ); - } - unsafe { - LIMBS_add_mod( - a.limbs.as_mut_ptr(), - a.limbs.as_ptr(), - b.limbs.as_ptr(), - m.limbs.as_ptr(), - m.limbs.len(), - ) - } + limb::limbs_add_assign_mod(&mut a.limbs, &b.limbs, &m.limbs); a } // TODO: Document why this works for all Montgomery factors. pub fn elem_sub<M, E>(mut a: Elem<M, E>, b: &Elem<M, E>, m: &Modulus<M>) -> Elem<M, E> { - extern "C" { + prefixed_extern! { // `r` and `a` may alias. fn LIMBS_sub_mod( r: *mut Limb, @@ -646,6 +655,12 @@ impl<M> One<M, RR> { } } +impl<M: PublicModulus, E> Clone for One<M, E> { + fn clone(&self) -> Self { + Self(self.0.clone()) + } +} + impl<M, E> AsRef<Elem<M, E>> for One<M, E> { fn as_ref(&self) -> &Elem<M, E> { &self.0 @@ -654,9 +669,15 @@ impl<M, E> AsRef<Elem<M, E>> for One<M, E> { /// A non-secret odd positive value in the range /// [3, PUBLIC_EXPONENT_MAX_VALUE]. -#[derive(Clone, Copy, Debug)] +#[derive(Clone, Copy)] pub struct PublicExponent(u64); +impl core::fmt::Debug for PublicExponent { + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> { + write!(f, "{}", self.0) + } +} + impl PublicExponent { pub fn from_be_bytes( input: untrusted::Input, @@ -704,6 +725,11 @@ impl PublicExponent { Ok(Self(value)) } + + #[inline] + pub fn to_be_bytes(&self) -> Box<[u8]> { + strip_leading_zeros(&u64::to_be_bytes(self.0)) + } } // This limit was chosen to bound the performance of the simple @@ -823,7 +849,7 @@ pub fn elem_exp_consttime<M>( let mut table = vec![0; TABLE_ENTRIES * num_limbs]; fn gather<M>(table: &[Limb], i: Window, r: &mut Elem<M, R>) { - extern "C" { + prefixed_extern! { fn LIMBS_select_512_32( r: *mut Limb, table: *const Limb, @@ -950,11 +976,11 @@ pub fn elem_exp_consttime<M>( entry_mut(state, M, num_limbs).copy_from_slice(&m.limbs); fn scatter(table: &mut [Limb], state: &[Limb], i: Window, num_limbs: usize) { - extern "C" { - fn GFp_bn_scatter5(a: *const Limb, a_len: c::size_t, table: *mut Limb, i: Window); + prefixed_extern! { + fn bn_scatter5(a: *const Limb, a_len: c::size_t, table: *mut Limb, i: Window); } unsafe { - GFp_bn_scatter5( + bn_scatter5( entry(state, ACC, num_limbs).as_ptr(), num_limbs, table.as_mut_ptr(), @@ -964,11 +990,11 @@ pub fn elem_exp_consttime<M>( } fn gather(table: &[Limb], state: &mut [Limb], i: Window, num_limbs: usize) { - extern "C" { - fn GFp_bn_gather5(r: *mut Limb, a_len: c::size_t, table: *const Limb, i: Window); + prefixed_extern! { + fn bn_gather5(r: *mut Limb, a_len: c::size_t, table: *const Limb, i: Window); } unsafe { - GFp_bn_gather5( + bn_gather5( entry_mut(state, ACC, num_limbs).as_mut_ptr(), num_limbs, table.as_ptr(), @@ -986,8 +1012,8 @@ pub fn elem_exp_consttime<M>( } fn gather_mul_base(table: &[Limb], state: &mut [Limb], n0: &N0, i: Window, num_limbs: usize) { - extern "C" { - fn GFp_bn_mul_mont_gather5( + prefixed_extern! { + fn bn_mul_mont_gather5( rp: *mut Limb, ap: *const Limb, table: *const Limb, @@ -998,7 +1024,7 @@ pub fn elem_exp_consttime<M>( ); } unsafe { - GFp_bn_mul_mont_gather5( + bn_mul_mont_gather5( entry_mut(state, ACC, num_limbs).as_mut_ptr(), entry(state, BASE, num_limbs).as_ptr(), table.as_ptr(), @@ -1011,8 +1037,8 @@ pub fn elem_exp_consttime<M>( } fn power(table: &[Limb], state: &mut [Limb], n0: &N0, i: Window, num_limbs: usize) { - extern "C" { - fn GFp_bn_power5( + prefixed_extern! { + fn bn_power5( r: *mut Limb, a: *const Limb, table: *const Limb, @@ -1023,7 +1049,7 @@ pub fn elem_exp_consttime<M>( ); } unsafe { - GFp_bn_power5( + bn_power5( entry_mut(state, ACC, num_limbs).as_mut_ptr(), entry_mut(state, ACC, num_limbs).as_mut_ptr(), table.as_ptr(), @@ -1069,8 +1095,8 @@ pub fn elem_exp_consttime<M>( }, ); - extern "C" { - fn GFp_bn_from_montgomery( + prefixed_extern! { + fn bn_from_montgomery( r: *mut Limb, a: *const Limb, not_used: *const Limb, @@ -1080,7 +1106,7 @@ pub fn elem_exp_consttime<M>( ) -> bssl::Result; } Result::from(unsafe { - GFp_bn_from_montgomery( + bn_from_montgomery( entry_mut(state, ACC, num_limbs).as_mut_ptr(), entry(state, ACC, num_limbs).as_ptr(), core::ptr::null(), @@ -1207,15 +1233,8 @@ impl From<u64> for N0 { fn limbs_mont_mul(r: &mut [Limb], a: &[Limb], m: &[Limb], n0: &N0) { debug_assert_eq!(r.len(), m.len()); debug_assert_eq!(a.len(), m.len()); - - #[cfg(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" - ))] unsafe { - GFp_bn_mul_mont( + bn_mul_mont( r.as_mut_ptr(), r.as_ptr(), a.as_ptr(), @@ -1224,24 +1243,11 @@ fn limbs_mont_mul(r: &mut [Limb], a: &[Limb], m: &[Limb], n0: &N0) { r.len(), ) } - - #[cfg(not(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" - )))] - { - let mut tmp = [0; 2 * MODULUS_MAX_LIMBS]; - let tmp = &mut tmp[..(2 * a.len())]; - limbs_mul(tmp, r, a); - limbs_from_mont_in_place(r, tmp, m, n0); - } } fn limbs_from_mont_in_place(r: &mut [Limb], tmp: &mut [Limb], m: &[Limb], n0: &N0) { - extern "C" { - fn GFp_bn_from_montgomery_in_place( + prefixed_extern! { + fn bn_from_montgomery_in_place( r: *mut Limb, num_r: c::size_t, a: *mut Limb, @@ -1252,7 +1258,7 @@ fn limbs_from_mont_in_place(r: &mut [Limb], tmp: &mut [Limb], m: &[Limb], n0: &N ) -> bssl::Result; } Result::from(unsafe { - GFp_bn_from_montgomery_in_place( + bn_from_montgomery_in_place( r.as_mut_ptr(), r.len(), tmp.as_mut_ptr(), @@ -1268,8 +1274,8 @@ fn limbs_from_mont_in_place(r: &mut [Limb], tmp: &mut [Limb], m: &[Limb], n0: &N #[cfg(not(any( target_arch = "aarch64", target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" + target_arch = "x86", + target_arch = "x86_64" )))] fn limbs_mul(r: &mut [Limb], a: &[Limb], b: &[Limb]) { debug_assert_eq!(r.len(), 2 * a.len()); @@ -1279,7 +1285,7 @@ fn limbs_mul(r: &mut [Limb], a: &[Limb], b: &[Limb]) { crate::polyfill::slice::fill(&mut r[..ab_len], 0); for (i, &b_limb) in b.iter().enumerate() { r[ab_len + i] = unsafe { - GFp_limbs_mul_add_limb( + limbs_mul_add_limb( (&mut r[i..][..ab_len]).as_mut_ptr(), a.as_ptr(), b_limb, @@ -1296,14 +1302,8 @@ fn limbs_mont_product(r: &mut [Limb], a: &[Limb], b: &[Limb], m: &[Limb], n0: &N debug_assert_eq!(a.len(), m.len()); debug_assert_eq!(b.len(), m.len()); - #[cfg(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" - ))] unsafe { - GFp_bn_mul_mont( + bn_mul_mont( r.as_mut_ptr(), a.as_ptr(), b.as_ptr(), @@ -1312,32 +1312,13 @@ fn limbs_mont_product(r: &mut [Limb], a: &[Limb], b: &[Limb], m: &[Limb], n0: &N r.len(), ) } - - #[cfg(not(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" - )))] - { - let mut tmp = [0; 2 * MODULUS_MAX_LIMBS]; - let tmp = &mut tmp[..(2 * a.len())]; - limbs_mul(tmp, a, b); - limbs_from_mont_in_place(r, tmp, m, n0) - } } /// r = r**2 fn limbs_mont_square(r: &mut [Limb], m: &[Limb], n0: &N0) { debug_assert_eq!(r.len(), m.len()); - #[cfg(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" - ))] unsafe { - GFp_bn_mul_mont( + bn_mul_mont( r.as_mut_ptr(), r.as_ptr(), r.as_ptr(), @@ -1346,30 +1327,11 @@ fn limbs_mont_square(r: &mut [Limb], m: &[Limb], n0: &N0) { r.len(), ) } - - #[cfg(not(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" - )))] - { - let mut tmp = [0; 2 * MODULUS_MAX_LIMBS]; - let tmp = &mut tmp[..(2 * r.len())]; - limbs_mul(tmp, r, r); - limbs_from_mont_in_place(r, tmp, m, n0) - } } -extern "C" { - #[cfg(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" - ))] +prefixed_extern! { // `r` and/or 'a' and/or 'b' may alias. - fn GFp_bn_mul_mont( + fn bn_mul_mont( r: *mut Limb, a: *const Limb, b: *const Limb, @@ -1377,19 +1339,33 @@ extern "C" { n0: &N0, num_limbs: c::size_t, ); +} +#[cfg(any( + test, + not(any( + target_arch = "aarch64", + target_arch = "arm", + target_arch = "x86_64", + target_arch = "x86" + )) +))] +prefixed_extern! { // `r` must not alias `a` - #[cfg(any( - test, - not(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" - )) - ))] #[must_use] - fn GFp_limbs_mul_add_limb(r: *mut Limb, a: *const Limb, b: Limb, num_limbs: c::size_t) -> Limb; + fn limbs_mul_add_limb(r: *mut Limb, a: *const Limb, b: Limb, num_limbs: c::size_t) -> Limb; +} + +fn strip_leading_zeros(value: &[u8]) -> Box<[u8]> { + fn index_after_zeros(bytes: &[u8]) -> usize { + for (i, &value) in bytes.iter().enumerate() { + if value != 0 { + return i; + } + } + bytes.len() + } + (&value[index_after_zeros(value)..]).into() } #[cfg(test)] @@ -1528,11 +1504,13 @@ mod tests { #[test] fn test_modulus_debug() { - let (modulus, _) = Modulus::<M>::from_be_bytes_with_bit_length(untrusted::Input::from( - &[0xff; LIMB_BYTES * MODULUS_MIN_LIMBS], - )) - .unwrap(); - assert_eq!("Modulus", format!("{:?}", modulus)); + let (modulus, _) = + Modulus::<M>::from_be_bytes_with_bit_length(untrusted::Input::from(&[0xff; 1024 / 8])) + .unwrap(); + assert_eq!( + "Modulus(\"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff\")", + format!("{:?}", modulus) + ); } #[test] @@ -1540,7 +1518,7 @@ mod tests { let exponent = PublicExponent::from_be_bytes(untrusted::Input::from(&[0x1, 0x00, 0x01]), 65537) .unwrap(); - assert_eq!("PublicExponent(65537)", format!("{:?}", exponent)); + assert_eq!("65537", format!("{:?}", exponent)); } fn consume_elem<M>( @@ -1615,7 +1593,7 @@ mod tests { let mut r = std::vec::Vec::from(*r_input); assert_eq!(r.len(), a.len()); // Sanity check let actual_retval = - unsafe { GFp_limbs_mul_add_limb(r.as_mut_ptr(), a.as_ptr(), *w, a.len()) }; + unsafe { limbs_mul_add_limb(r.as_mut_ptr(), a.as_ptr(), *w, a.len()) }; assert_eq!(&r, expected_r, "{}: {:x?} != {:x?}", i, &r[..], expected_r); assert_eq!( actual_retval, *expected_retval, diff --git a/src/arithmetic/bigint/bn_mul_mont_fallback.rs b/src/arithmetic/bigint/bn_mul_mont_fallback.rs new file mode 100644 index 0000000..1357858 --- /dev/null +++ b/src/arithmetic/bigint/bn_mul_mont_fallback.rs @@ -0,0 +1,51 @@ +// Copyright 2015-2022 Brian Smith. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +#![cfg(not(any( + target_arch = "aarch64", + target_arch = "arm", + target_arch = "x86", + target_arch = "x86_64" +)))] + +use super::{limbs_from_mont_in_place, limbs_mul, Limb, MODULUS_MAX_LIMBS, N0}; +use crate::c; + +prefixed_export! { + unsafe fn bn_mul_mont( + r: *mut Limb, + a: *const Limb, + b: *const Limb, + n: *const Limb, + n0: &N0, + num_limbs: c::size_t, + ) { + // The mutable pointer `r` may alias `a` and/or `b`, so the lifetimes of + // any slices for `a` or `b` must not overlap with the lifetime of any + // mutable for `r`. + + // Nothing aliases `n` + let n = unsafe { core::slice::from_raw_parts(n, num_limbs) }; + + let mut tmp = [0; 2 * MODULUS_MAX_LIMBS]; + let tmp = &mut tmp[..(2 * num_limbs)]; + { + let a: &[Limb] = unsafe { core::slice::from_raw_parts(a, num_limbs) }; + let b: &[Limb] = unsafe { core::slice::from_raw_parts(b, num_limbs) }; + limbs_mul(tmp, a, b); + } + let r: &mut [Limb] = unsafe { core::slice::from_raw_parts_mut(r, num_limbs) }; + limbs_from_mont_in_place(r, tmp, n, n0); + } +} diff --git a/src/bits.rs b/src/bits.rs index b228466..cbd0830 100644 --- a/src/bits.rs +++ b/src/bits.rs @@ -12,19 +12,22 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +//! Bit Lengths. + use crate::error; +/// A length of an integer value, measured in bits. #[derive(Clone, Copy, Debug, Eq, PartialEq, PartialOrd)] pub struct BitLength(usize); -// Lengths measured in bits, where all arithmetic is guaranteed not to -// overflow. impl BitLength { + /// Constructs a `BitLength` from `bits`, where bits is interpreted as a bit length. #[inline] pub const fn from_usize_bits(bits: usize) -> Self { Self(bits) } + /// Constructs a `BitLength` from `bits`, where bits is interpreted as a byte length. #[inline] pub fn from_usize_bytes(bytes: usize) -> Result<Self, error::Unspecified> { let bits = bytes.checked_mul(8).ok_or(error::Unspecified)?; @@ -33,19 +36,19 @@ impl BitLength { #[cfg(feature = "alloc")] #[inline] - pub fn half_rounded_up(&self) -> Self { + pub(crate) fn half_rounded_up(&self) -> Self { let round_up = self.0 & 1; Self((self.0 / 2) + round_up) } #[inline] - pub fn as_usize_bits(&self) -> usize { + pub(crate) fn as_usize_bits(&self) -> usize { self.0 } #[cfg(feature = "alloc")] #[inline] - pub fn as_usize_bytes_rounded_up(&self) -> usize { + pub(crate) const fn as_usize_bytes_rounded_up(&self) -> usize { // Equivalent to (self.0 + 7) / 8, except with no potential for // overflow and without branches. @@ -57,8 +60,8 @@ impl BitLength { #[cfg(feature = "alloc")] #[inline] - pub fn try_sub_1(self) -> Result<BitLength, error::Unspecified> { + pub(crate) fn try_sub_1(self) -> Result<Self, error::Unspecified> { let sum = self.0.checked_sub(1).ok_or(error::Unspecified)?; - Ok(BitLength(sum)) + Ok(Self(sum)) } } diff --git a/src/constant_time.rs b/src/constant_time.rs index 7844659..24d5700 100644 --- a/src/constant_time.rs +++ b/src/constant_time.rs @@ -24,15 +24,15 @@ pub fn verify_slices_are_equal(a: &[u8], b: &[u8]) -> Result<(), error::Unspecif if a.len() != b.len() { return Err(error::Unspecified); } - let result = unsafe { GFp_memcmp(a.as_ptr(), b.as_ptr(), a.len()) }; + let result = unsafe { OPENSSL_memcmp(a.as_ptr(), b.as_ptr(), a.len()) }; match result { 0 => Ok(()), _ => Err(error::Unspecified), } } -extern "C" { - fn GFp_memcmp(a: *const u8, b: *const u8, len: c::size_t) -> c::int; +prefixed_extern! { + fn OPENSSL_memcmp(a: *const u8, b: *const u8, len: c::size_t) -> c::size_t; } #[cfg(test)] @@ -41,7 +41,7 @@ mod tests { #[test] fn test_constant_time() -> Result<(), error::Unspecified> { - extern "C" { + prefixed_extern! { fn bssl_constant_time_test_main() -> bssl::Result; } Result::from(unsafe { bssl_constant_time_test_main() }) @@ -39,11 +39,11 @@ pub(crate) fn features() -> Features { let () = INIT.call_once(|| { #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] { - extern "C" { - fn GFp_cpuid_setup(); + prefixed_extern! { + fn OPENSSL_cpuid_setup(); } unsafe { - GFp_cpuid_setup(); + OPENSSL_cpuid_setup(); } } @@ -120,7 +120,7 @@ pub(crate) mod arm { features |= SHA256.mask; } - unsafe { GFp_armcap_P = features }; + unsafe { OPENSSL_armcap_P = features }; } } @@ -158,7 +158,7 @@ pub(crate) mod arm { features |= 1 << 4; } - unsafe { GFp_armcap_P = features }; + unsafe { OPENSSL_armcap_P = features }; } } @@ -241,7 +241,7 @@ pub(crate) mod arm { any(target_arch = "arm", target_arch = "aarch64") ))] { - if self.mask == self.mask & unsafe { GFp_armcap_P } { + if self.mask == self.mask & unsafe { OPENSSL_armcap_P } { return true; } } @@ -284,8 +284,10 @@ pub(crate) mod arm { // TODO: This should have "hidden" visibility but we don't have a way of // controlling that yet: https://github.com/rust-lang/rust/issues/73958. #[cfg(any(target_arch = "arm", target_arch = "aarch64"))] - #[no_mangle] - static mut GFp_armcap_P: u32 = ARMCAP_STATIC; + prefixed_export! { + #[allow(non_upper_case_globals)] + static mut OPENSSL_armcap_P: u32 = ARMCAP_STATIC; + } #[cfg(all( any(target_arch = "arm", target_arch = "aarch64"), @@ -294,7 +296,7 @@ pub(crate) mod arm { #[test] fn test_armcap_static_matches_armcap_dynamic() { assert_eq!(ARMCAP_STATIC, 1 | 4 | 16 | 32); - assert_eq!(ARMCAP_STATIC, unsafe { GFp_armcap_P }); + assert_eq!(ARMCAP_STATIC, unsafe { OPENSSL_armcap_P }); } } @@ -314,10 +316,10 @@ pub(crate) mod intel { pub fn available(&self, _: super::Features) -> bool { #[cfg(any(target_arch = "x86", target_arch = "x86_64"))] { - extern "C" { - static mut GFp_ia32cap_P: [u32; 4]; + prefixed_extern! { + static mut OPENSSL_ia32cap_P: [u32; 4]; } - return self.mask == self.mask & unsafe { GFp_ia32cap_P[self.word] }; + return self.mask == self.mask & unsafe { OPENSSL_ia32cap_P[self.word] }; } #[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))] diff --git a/src/digest.rs b/src/digest.rs index 944efd3..6703c9a 100644 --- a/src/digest.rs +++ b/src/digest.rs @@ -24,9 +24,10 @@ // The goal for this implementation is to drive the overhead as close to zero // as possible. +use crate::polyfill::array_map::Map; use crate::{ c, cpu, debug, - endian::{self, BigEndian}, + endian::{ArrayEncoding, BigEndian}, polyfill, }; use core::num::Wrapping; @@ -63,7 +64,9 @@ impl BlockContext { pub(crate) fn update(&mut self, input: &[u8]) { let num_blocks = input.len() / self.algorithm.block_len; assert_eq!(num_blocks * self.algorithm.block_len, input.len()); + if num_blocks > 0 { + let _cpu_features = self.cpu_features; unsafe { (self.algorithm.block_data_order)(&mut self.state, input.as_ptr(), num_blocks); } @@ -248,7 +251,7 @@ impl AsRef<[u8]> for Digest { #[inline(always)] fn as_ref(&self) -> &[u8] { let as64 = unsafe { &self.value.as64 }; - &endian::as_byte_slice(as64)[..self.algorithm.output_len] + &as64.as_byte_array()[..self.algorithm.output_len] } } @@ -338,7 +341,7 @@ pub static SHA256: Algorithm = Algorithm { chaining_len: SHA256_OUTPUT_LEN, block_len: 512 / 8, len_len: 64 / 8, - block_data_order: sha2::GFp_sha256_block_data_order, + block_data_order: sha2::sha256_block_data_order, format_output: sha256_format_output, initial_state: State { as32: [ @@ -363,7 +366,7 @@ pub static SHA384: Algorithm = Algorithm { chaining_len: SHA512_OUTPUT_LEN, block_len: SHA512_BLOCK_LEN, len_len: SHA512_LEN_LEN, - block_data_order: sha2::GFp_sha512_block_data_order, + block_data_order: sha2::sha512_block_data_order, format_output: sha512_format_output, initial_state: State { as64: [ @@ -388,7 +391,7 @@ pub static SHA512: Algorithm = Algorithm { chaining_len: SHA512_OUTPUT_LEN, block_len: SHA512_BLOCK_LEN, len_len: SHA512_LEN_LEN, - block_data_order: sha2::GFp_sha512_block_data_order, + block_data_order: sha2::sha512_block_data_order, format_output: sha512_format_output, initial_state: State { as64: [ @@ -417,7 +420,7 @@ pub static SHA512_256: Algorithm = Algorithm { chaining_len: SHA512_OUTPUT_LEN, block_len: SHA512_BLOCK_LEN, len_len: SHA512_LEN_LEN, - block_data_order: sha2::GFp_sha512_block_data_order, + block_data_order: sha2::sha512_block_data_order, format_output: sha512_format_output, initial_state: State { as64: [ @@ -463,32 +466,14 @@ pub const MAX_CHAINING_LEN: usize = MAX_OUTPUT_LEN; fn sha256_format_output(input: State) -> Output { let input = unsafe { &input.as32 }; Output { - as32: [ - BigEndian::from(input[0]), - BigEndian::from(input[1]), - BigEndian::from(input[2]), - BigEndian::from(input[3]), - BigEndian::from(input[4]), - BigEndian::from(input[5]), - BigEndian::from(input[6]), - BigEndian::from(input[7]), - ], + as32: input.array_map(BigEndian::from), } } fn sha512_format_output(input: State) -> Output { let input = unsafe { &input.as64 }; Output { - as64: [ - BigEndian::from(input[0]), - BigEndian::from(input[1]), - BigEndian::from(input[2]), - BigEndian::from(input[3]), - BigEndian::from(input[4]), - BigEndian::from(input[5]), - BigEndian::from(input[6]), - BigEndian::from(input[7]), - ], + as64: input.array_map(BigEndian::from), } } diff --git a/src/digest/sha1.rs b/src/digest/sha1.rs index 2bdee6b..5301c3e 100644 --- a/src/digest/sha1.rs +++ b/src/digest/sha1.rs @@ -14,7 +14,7 @@ // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. use super::sha2::{ch, maj, Word}; -use crate::c; +use crate::{c, polyfill::ChunksFixed}; use core::{convert::TryInto, num::Wrapping}; pub const BLOCK_LEN: usize = 512 / 8; @@ -60,17 +60,14 @@ fn block_data_order_(mut H: State, M: &[[<W32 as Word>::InputBytes; 16]]) -> Sta } // FIPS 180-4 6.1.2 Step 2 - let a = H[0]; - let b = H[1]; - let c = H[2]; - let d = H[3]; - let e = H[4]; + let [a, b, c, d, e] = H; // FIPS 180-4 6.1.2 Step 3 with constants and functions from FIPS 180-4 {4.1.1, 4.2.1} - let (a, b, c, d, e) = step3(a, b, c, d, e, W[ 0..20].try_into().unwrap(), Wrapping(0x5a827999), ch); - let (a, b, c, d, e) = step3(a, b, c, d, e, W[20..40].try_into().unwrap(), Wrapping(0x6ed9eba1), parity); - let (a, b, c, d, e) = step3(a, b, c, d, e, W[40..60].try_into().unwrap(), Wrapping(0x8f1bbcdc), maj); - let (a, b, c, d, e) = step3(a, b, c, d, e, W[60..80].try_into().unwrap(), Wrapping(0xca62c1d6), parity); + let W: &[[W32; 20]; 4] = W.chunks_fixed(); + let (a, b, c, d, e) = step3(a, b, c, d, e, W[0], Wrapping(0x5a827999), ch); + let (a, b, c, d, e) = step3(a, b, c, d, e, W[1], Wrapping(0x6ed9eba1), parity); + let (a, b, c, d, e) = step3(a, b, c, d, e, W[2], Wrapping(0x8f1bbcdc), maj); + let (a, b, c, d, e) = step3(a, b, c, d, e, W[3], Wrapping(0xca62c1d6), parity); // FIPS 180-4 6.1.2 Step 4 H[0] += a; diff --git a/src/digest/sha2.rs b/src/digest/sha2.rs index fadaa33..535e09b 100644 --- a/src/digest/sha2.rs +++ b/src/digest/sha2.rs @@ -19,7 +19,7 @@ use core::{ }; #[cfg(not(any(target_arch = "aarch64", target_arch = "arm", target_arch = "x86_64")))] -pub(super) extern "C" fn GFp_sha256_block_data_order( +pub(super) extern "C" fn sha256_block_data_order( state: &mut super::State, data: *const u8, num: c::size_t, @@ -29,7 +29,7 @@ pub(super) extern "C" fn GFp_sha256_block_data_order( } #[cfg(not(any(target_arch = "aarch64", target_arch = "arm", target_arch = "x86_64")))] -pub(super) extern "C" fn GFp_sha512_block_data_order( +pub(super) extern "C" fn sha512_block_data_order( state: &mut super::State, data: *const u8, num: c::size_t, @@ -71,14 +71,7 @@ fn block_data_order<S: Sha2>( }; // FIPS 180-4 {6.2.2, 6.4.2} Step 2 - let mut a = H[0]; - let mut b = H[1]; - let mut c = H[2]; - let mut d = H[3]; - let mut e = H[4]; - let mut f = H[5]; - let mut g = H[6]; - let mut h = H[7]; + let [mut a, mut b, mut c, mut d, mut e, mut f, mut g, mut h] = H; // FIPS 180-4 {6.2.2, 6.4.2} Step 3 for (Kt, Wt) in S::K.iter().zip(W.iter()) { @@ -178,17 +171,17 @@ const MAX_ROUNDS: usize = 80; pub(super) const CHAINING_WORDS: usize = 8; impl Word for Wrapping<u32> { - const ZERO: Self = Wrapping(0); + const ZERO: Self = Self(0); type InputBytes = [u8; 4]; #[inline(always)] fn from_be_bytes(input: Self::InputBytes) -> Self { - Wrapping(u32::from_be_bytes(input)) + Self(u32::from_be_bytes(input)) } #[inline(always)] fn rotr(self, count: u32) -> Self { - Wrapping(self.0.rotate_right(count)) + Self(self.0.rotate_right(count)) } } @@ -270,17 +263,17 @@ impl Sha2 for Wrapping<u32> { } impl Word for Wrapping<u64> { - const ZERO: Self = Wrapping(0); + const ZERO: Self = Self(0); type InputBytes = [u8; 8]; #[inline(always)] fn from_be_bytes(input: Self::InputBytes) -> Self { - Wrapping(u64::from_be_bytes(input)) + Self(u64::from_be_bytes(input)) } #[inline(always)] fn rotr(self, count: u32) -> Self { - Wrapping(self.0.rotate_right(count)) + Self(self.0.rotate_right(count)) } } @@ -378,13 +371,13 @@ impl Sha2 for Wrapping<u64> { } #[cfg(any(target_arch = "aarch64", target_arch = "arm", target_arch = "x86_64"))] -extern "C" { - pub(super) fn GFp_sha256_block_data_order( +prefixed_extern! { + pub(super) fn sha256_block_data_order( state: &mut super::State, data: *const u8, num: c::size_t, ); - pub(super) fn GFp_sha512_block_data_order( + pub(super) fn sha512_block_data_order( state: &mut super::State, data: *const u8, num: c::size_t, @@ -36,6 +36,7 @@ derive_debug_via_id!(Curve); #[derive(Clone, Copy, Debug, PartialEq)] pub enum CurveID { + #[cfg(not(target_arch = "wasm32"))] Curve25519, P256, P384, diff --git a/src/ec/curve25519.rs b/src/ec/curve25519.rs index b6e32e2..074f85c 100644 --- a/src/ec/curve25519.rs +++ b/src/ec/curve25519.rs @@ -15,6 +15,8 @@ //! Elliptic curve operations and schemes using Curve25519. pub mod ed25519; + +#[cfg(not(target_arch = "wasm32"))] pub mod x25519; mod ops; diff --git a/src/ec/curve25519/ed25519/signing.rs b/src/ec/curve25519/ed25519/signing.rs index 3b522e8..a7a235a 100644 --- a/src/ec/curve25519/ed25519/signing.rs +++ b/src/ec/curve25519/ed25519/signing.rs @@ -165,7 +165,7 @@ impl Ed25519KeyPair { let mut a = ExtPoint::new_at_infinity(); unsafe { - GFp_x25519_ge_scalarmult_base(&mut a, &private_scalar); + x25519_ge_scalarmult_base(&mut a, &private_scalar); } Self { @@ -178,8 +178,8 @@ impl Ed25519KeyPair { /// Returns the signature of the message `msg`. pub fn sign(&self, msg: &[u8]) -> signature::Signature { signature::Signature::new(|signature_bytes| { - extern "C" { - fn GFp_x25519_sc_muladd( + prefixed_extern! { + fn x25519_sc_muladd( s: &mut [u8; SCALAR_LEN], a: &Scalar, b: &Scalar, @@ -199,13 +199,13 @@ impl Ed25519KeyPair { let mut r = ExtPoint::new_at_infinity(); unsafe { - GFp_x25519_ge_scalarmult_base(&mut r, &nonce); + x25519_ge_scalarmult_base(&mut r, &nonce); } signature_r.copy_from_slice(&r.into_encoded_point()); let hram_digest = eddsa_digest(signature_r, &self.public_key.as_ref(), msg); let hram = Scalar::from_sha512_digest_reduced(hram_digest); unsafe { - GFp_x25519_sc_muladd( + x25519_sc_muladd( signature_s.try_into().unwrap(), &hram, &self.private_scalar, @@ -250,8 +250,8 @@ fn unwrap_pkcs8( Ok((private_key, public_key)) } -extern "C" { - fn GFp_x25519_ge_scalarmult_base(h: &mut ExtPoint, a: &Scalar); +prefixed_extern! { + fn x25519_ge_scalarmult_base(h: &mut ExtPoint, a: &Scalar); } type Prefix = [u8; PREFIX_LEN]; diff --git a/src/ec/curve25519/ed25519/verification.rs b/src/ec/curve25519/ed25519/verification.rs index e0c1b65..40e8211 100644 --- a/src/ec/curve25519/ed25519/verification.rs +++ b/src/ec/curve25519/ed25519/verification.rs @@ -63,7 +63,7 @@ impl signature::VerificationAlgorithm for EdDSAParameters { let h = Scalar::from_sha512_digest_reduced(h_digest); let mut r = Point::new_at_infinity(); - unsafe { GFp_x25519_ge_double_scalarmult_vartime(&mut r, &h, &a, &signature_s) }; + unsafe { x25519_ge_double_scalarmult_vartime(&mut r, &h, &a, &signature_s) }; let r_check = r.into_encoded_point(); if *signature_r != r_check { return Err(error::Unspecified); @@ -74,8 +74,8 @@ impl signature::VerificationAlgorithm for EdDSAParameters { impl sealed::Sealed for EdDSAParameters {} -extern "C" { - fn GFp_x25519_ge_double_scalarmult_vartime( +prefixed_extern! { + fn x25519_ge_double_scalarmult_vartime( r: &mut Point, a_coeff: &Scalar, a: &ExtPoint, diff --git a/src/ec/curve25519/ops.rs b/src/ec/curve25519/ops.rs index 0b9cad4..c0bb542 100644 --- a/src/ec/curve25519/ops.rs +++ b/src/ec/curve25519/ops.rs @@ -49,7 +49,7 @@ impl<E: Encoding> Elem<E> { impl Elem<T> { fn negate(&mut self) { unsafe { - GFp_x25519_fe_neg(self); + x25519_fe_neg(self); } } } @@ -85,8 +85,7 @@ impl ExtPoint { pub fn from_encoded_point_vartime(encoded: &EncodedPoint) -> Result<Self, error::Unspecified> { let mut point = Self::new_at_infinity(); - Result::from(unsafe { GFp_x25519_ge_frombytes_vartime(&mut point, encoded) }) - .map(|()| point) + Result::from(unsafe { x25519_ge_frombytes_vartime(&mut point, encoded) }).map(|()| point) } pub fn into_encoded_point(self) -> EncodedPoint { @@ -126,16 +125,16 @@ fn encode_point(x: Elem<T>, y: Elem<T>, z: Elem<T>) -> EncodedPoint { let sign_bit: u8 = unsafe { let mut recip = Elem::zero(); - GFp_x25519_fe_invert(&mut recip, &z); + x25519_fe_invert(&mut recip, &z); let mut x_over_z = Elem::zero(); - GFp_x25519_fe_mul_ttt(&mut x_over_z, &x, &recip); + x25519_fe_mul_ttt(&mut x_over_z, &x, &recip); let mut y_over_z = Elem::zero(); - GFp_x25519_fe_mul_ttt(&mut y_over_z, &y, &recip); - GFp_x25519_fe_tobytes(&mut bytes, &y_over_z); + x25519_fe_mul_ttt(&mut y_over_z, &y, &recip); + x25519_fe_tobytes(&mut bytes, &y_over_z); - GFp_x25519_fe_isnegative(&x_over_z) + x25519_fe_isnegative(&x_over_z) }; // The preceding computations must execute in constant time, but this @@ -145,11 +144,11 @@ fn encode_point(x: Elem<T>, y: Elem<T>, z: Elem<T>) -> EncodedPoint { bytes } -extern "C" { - fn GFp_x25519_fe_invert(out: &mut Elem<T>, z: &Elem<T>); - fn GFp_x25519_fe_isnegative(elem: &Elem<T>) -> u8; - fn GFp_x25519_fe_mul_ttt(h: &mut Elem<T>, f: &Elem<T>, g: &Elem<T>); - fn GFp_x25519_fe_neg(f: &mut Elem<T>); - fn GFp_x25519_fe_tobytes(bytes: &mut EncodedPoint, elem: &Elem<T>); - fn GFp_x25519_ge_frombytes_vartime(h: &mut ExtPoint, s: &EncodedPoint) -> bssl::Result; +prefixed_extern! { + fn x25519_fe_invert(out: &mut Elem<T>, z: &Elem<T>); + fn x25519_fe_isnegative(elem: &Elem<T>) -> u8; + fn x25519_fe_mul_ttt(h: &mut Elem<T>, f: &Elem<T>, g: &Elem<T>); + fn x25519_fe_neg(f: &mut Elem<T>); + fn x25519_fe_tobytes(bytes: &mut EncodedPoint, elem: &Elem<T>); + fn x25519_ge_frombytes_vartime(h: &mut ExtPoint, s: &EncodedPoint) -> bssl::Result; } diff --git a/src/ec/curve25519/scalar.rs b/src/ec/curve25519/scalar.rs index 3972808..9614329 100644 --- a/src/ec/curve25519/scalar.rs +++ b/src/ec/curve25519/scalar.rs @@ -44,12 +44,12 @@ impl Scalar { // Constructs a `Scalar` from `digest` reduced modulo n. pub fn from_sha512_digest_reduced(digest: digest::Digest) -> Self { - extern "C" { - fn GFp_x25519_sc_reduce(s: &mut UnreducedScalar); + prefixed_extern! { + fn x25519_sc_reduce(s: &mut UnreducedScalar); } let mut unreduced = [0u8; digest::SHA512_OUTPUT_LEN]; unreduced.copy_from_slice(digest.as_ref()); - unsafe { GFp_x25519_sc_reduce(&mut unreduced) }; + unsafe { x25519_sc_reduce(&mut unreduced) }; Self((&unreduced[..SCALAR_LEN]).try_into().unwrap()) } } @@ -59,11 +59,11 @@ pub struct MaskedScalar([u8; SCALAR_LEN]); impl MaskedScalar { pub fn from_bytes_masked(bytes: [u8; SCALAR_LEN]) -> Self { - extern "C" { - fn GFp_x25519_sc_mask(a: &mut [u8; SCALAR_LEN]); + prefixed_extern! { + fn x25519_sc_mask(a: &mut [u8; SCALAR_LEN]); } let mut r = Self(bytes); - unsafe { GFp_x25519_sc_mask(&mut r.0) }; + unsafe { x25519_sc_mask(&mut r.0) }; r } } diff --git a/src/ec/curve25519/x25519.rs b/src/ec/curve25519/x25519.rs index 53a2a5c..fea0378 100644 --- a/src/ec/curve25519/x25519.rs +++ b/src/ec/curve25519/x25519.rs @@ -40,6 +40,7 @@ pub static X25519: agreement::Algorithm = agreement::Algorithm { ecdh: x25519_ecdh, }; +#[allow(clippy::unnecessary_wraps)] fn x25519_check_private_key_bytes(bytes: &[u8]) -> Result<(), error::Unspecified> { debug_assert_eq!(bytes.len(), PRIVATE_KEY_LEN); Ok(()) @@ -76,14 +77,14 @@ fn x25519_public_from_private( } } - extern "C" { - fn GFp_x25519_public_from_private_generic_masked( + prefixed_extern! { + fn x25519_public_from_private_generic_masked( public_key_out: &mut PublicKey, private_key: &PrivateKey, ); } unsafe { - GFp_x25519_public_from_private_generic_masked(public_out, &private_key); + x25519_public_from_private_generic_masked(public_out, &private_key); } Ok(()) @@ -116,15 +117,15 @@ fn x25519_ecdh( } } - extern "C" { - fn GFp_x25519_scalar_mult_generic_masked( + prefixed_extern! { + fn x25519_scalar_mult_generic_masked( out: &mut ops::EncodedPoint, scalar: &ops::MaskedScalar, point: &ops::EncodedPoint, ); } unsafe { - GFp_x25519_scalar_mult_generic_masked(out, scalar, point); + x25519_scalar_mult_generic_masked(out, scalar, point); } } @@ -146,14 +147,14 @@ fn x25519_ecdh( #[cfg(all(not(target_os = "ios"), target_arch = "arm"))] fn x25519_neon(out: &mut ops::EncodedPoint, scalar: &ops::MaskedScalar, point: &ops::EncodedPoint) { - extern "C" { - fn GFp_x25519_NEON( + prefixed_extern! { + fn x25519_NEON( out: &mut ops::EncodedPoint, scalar: &ops::MaskedScalar, point: &ops::EncodedPoint, ); } - unsafe { GFp_x25519_NEON(out, scalar, point) } + unsafe { x25519_NEON(out, scalar, point) } } const ELEM_AND_SCALAR_LEN: usize = ops::ELEM_LEN; diff --git a/src/ec/keys.rs b/src/ec/keys.rs index abf3388..83917ed 100644 --- a/src/ec/keys.rs +++ b/src/ec/keys.rs @@ -23,6 +23,7 @@ impl KeyPair { pub struct Seed { bytes: [u8; SEED_MAX_BYTES], curve: &'static Curve, + #[cfg_attr(target_arch = "wasm32", allow(dead_code))] pub(crate) cpu_features: cpu::Features, } @@ -45,7 +46,7 @@ impl Seed { curve: &'static Curve, bytes: untrusted::Input, cpu_features: cpu::Features, - ) -> Result<Seed, error::Unspecified> { + ) -> Result<Self, error::Unspecified> { let bytes = bytes.as_slice_less_safe(); if curve.elem_scalar_seed_len != bytes.len() { return Err(error::Unspecified); diff --git a/src/ec/suite_b.rs b/src/ec/suite_b.rs index 9e36356..d6494e5 100644 --- a/src/ec/suite_b.rs +++ b/src/ec/suite_b.rs @@ -228,7 +228,10 @@ pub(crate) fn key_pair_from_bytes( } pub mod curve; + +#[cfg(not(target_arch = "wasm32"))] pub mod ecdh; + pub mod ecdsa; mod ops; diff --git a/src/ec/suite_b/ecdsa/signing.rs b/src/ec/suite_b/ecdsa/signing.rs index 5422e06..b9f1f73 100644 --- a/src/ec/suite_b/ecdsa/signing.rs +++ b/src/ec/suite_b/ecdsa/signing.rs @@ -358,7 +358,7 @@ impl NonceRandomKey { let mut ctx = digest::Context::new(alg.digest_alg); ctx.update(rand); ctx.update(seed.bytes_less_safe()); - Ok(NonceRandomKey(ctx.finish())) + Ok(Self(ctx.finish())) } } diff --git a/src/ec/suite_b/ecdsa/verification.rs b/src/ec/suite_b/ecdsa/verification.rs index be551e6..28d4621 100644 --- a/src/ec/suite_b/ecdsa/verification.rs +++ b/src/ec/suite_b/ecdsa/verification.rs @@ -150,15 +150,18 @@ impl EcdsaVerificationAlgorithm { let cops = ops.public_key_ops.common; let r_jacobian = cops.elem_product(z2, r); let x = cops.elem_unencoded(x); - ops.elem_equals(&r_jacobian, &x) + ops.elem_equals_vartime(&r_jacobian, &x) } - let r = self.ops.scalar_as_elem(&r); + let mut r = self.ops.scalar_as_elem(&r); if sig_r_equals_x(self.ops, &r, &x, &z2) { return Ok(()); } if self.ops.elem_less_than(&r, &self.ops.q_minus_n) { - let r_plus_n = self.ops.elem_sum(&r, &public_key_ops.common.n); - if sig_r_equals_x(self.ops, &r_plus_n, &x, &z2) { + self.ops + .private_key_ops + .common + .elem_add(&mut r, &public_key_ops.common.n); + if sig_r_equals_x(self.ops, &r, &x, &z2) { return Ok(()); } } diff --git a/src/ec/suite_b/ops.rs b/src/ec/suite_b/ops.rs index 13d80c0..33b0b60 100644 --- a/src/ec/suite_b/ops.rs +++ b/src/ec/suite_b/ops.rs @@ -38,13 +38,13 @@ pub struct Point { // `ops.num_limbs` elements are the X coordinate, the next // `ops.num_limbs` elements are the Y coordinate, and the next // `ops.num_limbs` elements are the Z coordinate. This layout is dictated - // by the requirements of the GFp_nistz256 code. + // by the requirements of the nistz256 code. xyz: [Limb; 3 * MAX_LIMBS], } impl Point { - pub fn new_at_infinity() -> Point { - Point { + pub fn new_at_infinity() -> Self { + Self { xyz: [0; 3 * MAX_LIMBS], } } @@ -66,7 +66,6 @@ pub struct CommonOps { pub b: Elem<R>, // In all cases, `r`, `a`, and `b` may all alias each other. - elem_add_impl: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), elem_mul_mont: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, b: *const Limb), elem_sqr_mont: unsafe extern "C" fn(r: *mut Limb, a: *const Limb), @@ -76,7 +75,12 @@ pub struct CommonOps { impl CommonOps { #[inline] pub fn elem_add<E: Encoding>(&self, a: &mut Elem<E>, b: &Elem<E>) { - binary_op_assign(self.elem_add_impl, a, b) + let num_limbs = self.num_limbs; + limbs_add_assign_mod( + &mut a.limbs[..num_limbs], + &b.limbs[..num_limbs], + &self.q.p[..num_limbs], + ); } #[inline] @@ -287,24 +291,15 @@ impl PublicScalarOps { } } - pub fn elem_equals(&self, a: &Elem<Unencoded>, b: &Elem<Unencoded>) -> bool { - for i in 0..self.public_key_ops.common.num_limbs { - if a.limbs[i] != b.limbs[i] { - return false; - } - } - true + pub fn elem_equals_vartime(&self, a: &Elem<Unencoded>, b: &Elem<Unencoded>) -> bool { + a.limbs[..self.public_key_ops.common.num_limbs] + == b.limbs[..self.public_key_ops.common.num_limbs] } pub fn elem_less_than(&self, a: &Elem<Unencoded>, b: &Elem<Unencoded>) -> bool { let num_limbs = self.public_key_ops.common.num_limbs; limbs_less_than_limbs_vartime(&a.limbs[..num_limbs], &b.limbs[..num_limbs]) } - - #[inline] - pub fn elem_sum(&self, a: &Elem<Unencoded>, b: &Elem<Unencoded>) -> Elem<Unencoded> { - binary_op(self.public_key_ops.common.elem_add_impl, a, b) - } } #[allow(non_snake_case)] @@ -425,7 +420,7 @@ fn parse_big_endian_fixed_consttime<M>( Ok(r) } -extern "C" { +prefixed_extern! { fn LIMBS_add_mod( r: *mut Limb, a: *const Limb, @@ -501,17 +496,17 @@ mod tests { }) } - // XXX: There's no `GFp_nistz256_sub` in *ring*; it's logic is inlined into + // XXX: There's no `p256_sub` in *ring*; it's logic is inlined into // the point arithmetic functions. Thus, we can't test it. #[test] fn p384_elem_sub_test() { - extern "C" { - fn GFp_p384_elem_sub(r: *mut Limb, a: *const Limb, b: *const Limb); + prefixed_extern! { + fn p384_elem_sub(r: *mut Limb, a: *const Limb, b: *const Limb); } elem_sub_test( &p384::COMMON_OPS, - GFp_p384_elem_sub, + p384_elem_sub, test_file!("ops/p384_elem_sum_tests.txt"), ); } @@ -552,17 +547,17 @@ mod tests { }) } - // XXX: There's no `GFp_nistz256_div_by_2` in *ring*; it's logic is inlined + // XXX: There's no `p256_div_by_2` in *ring*; it's logic is inlined // into the point arithmetic functions. Thus, we can't test it. #[test] fn p384_elem_div_by_2_test() { - extern "C" { - fn GFp_p384_elem_div_by_2(r: *mut Limb, a: *const Limb); + prefixed_extern! { + fn p384_elem_div_by_2(r: *mut Limb, a: *const Limb); } elem_div_by_2_test( &p384::COMMON_OPS, - GFp_p384_elem_div_by_2, + p384_elem_div_by_2, test_file!("ops/p384_elem_div_by_2_tests.txt"), ); } @@ -588,27 +583,28 @@ mod tests { }) } - // TODO: Add test vectors that test the range of values above `q`. + // There is no `nistz256_neg` on other targets. + #[cfg(target_arch = "x86_64")] #[test] fn p256_elem_neg_test() { - extern "C" { - fn GFp_nistz256_neg(r: *mut Limb, a: *const Limb); + prefixed_extern! { + fn nistz256_neg(r: *mut Limb, a: *const Limb); } elem_neg_test( &p256::COMMON_OPS, - GFp_nistz256_neg, + nistz256_neg, test_file!("ops/p256_elem_neg_tests.txt"), ); } #[test] fn p384_elem_neg_test() { - extern "C" { - fn GFp_p384_elem_neg(r: *mut Limb, a: *const Limb); + prefixed_extern! { + fn p384_elem_neg(r: *mut Limb, a: *const Limb); } elem_neg_test( &p384::COMMON_OPS, - GFp_p384_elem_neg, + p384_elem_neg, test_file!("ops/p384_elem_neg_tests.txt"), ); } @@ -702,18 +698,18 @@ mod tests { #[test] fn p256_scalar_square_test() { - extern "C" { - fn GFp_p256_scalar_sqr_rep_mont(r: *mut Limb, a: *const Limb, rep: Limb); + prefixed_extern! { + fn p256_scalar_sqr_rep_mont(r: *mut Limb, a: *const Limb, rep: Limb); } scalar_square_test( &p256::SCALAR_OPS, - GFp_p256_scalar_sqr_rep_mont, + p256_scalar_sqr_rep_mont, test_file!("ops/p256_scalar_square_tests.txt"), ); } // XXX: There's no `p384_scalar_square_test()` because there's no dedicated - // `GFp_p384_scalar_sqr_rep_mont()`. + // `p384_scalar_sqr_rep_mont()`. fn scalar_square_test( ops: &ScalarOps, @@ -790,14 +786,10 @@ mod tests { }); } - // Keep this in sync with the logic for defining `GFp_USE_LARGE_TABLE` and - // with the corresponding code in p256.rs that decides which base point - // multiplication to use. - #[cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))] #[test] fn p256_point_sum_mixed_test() { - extern "C" { - fn GFp_nistz256_point_add_affine( + prefixed_extern! { + fn p256_point_add_affine( r: *mut Limb, // [p256::COMMON_OPS.num_limbs*3] a: *const Limb, // [p256::COMMON_OPS.num_limbs*3] b: *const Limb, // [p256::COMMON_OPS.num_limbs*2] @@ -805,14 +797,13 @@ mod tests { } point_sum_mixed_test( &p256::PRIVATE_KEY_OPS, - GFp_nistz256_point_add_affine, + p256_point_add_affine, test_file!("ops/p256_point_sum_mixed_tests.txt"), ); } - // XXX: There is no `GFp_nistz384_point_add_affine()`. + // XXX: There is no `nistz384_point_add_affine()`. - #[cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))] fn point_sum_mixed_test( ops: &PrivateKeyOps, point_add_affine: unsafe extern "C" fn( @@ -842,30 +833,30 @@ mod tests { #[test] fn p256_point_double_test() { - extern "C" { - fn GFp_nistz256_point_double( + prefixed_extern! { + fn p256_point_double( r: *mut Limb, // [p256::COMMON_OPS.num_limbs*3] a: *const Limb, // [p256::COMMON_OPS.num_limbs*3] ); } point_double_test( &p256::PRIVATE_KEY_OPS, - GFp_nistz256_point_double, + p256_point_double, test_file!("ops/p256_point_double_tests.txt"), ); } #[test] fn p384_point_double_test() { - extern "C" { - fn GFp_nistz384_point_double( + prefixed_extern! { + fn nistz384_point_double( r: *mut Limb, // [p384::COMMON_OPS.num_limbs*3] a: *const Limb, // [p384::COMMON_OPS.num_limbs*3] ); } point_double_test( &p384::PRIVATE_KEY_OPS, - GFp_nistz384_point_double, + nistz384_point_double, test_file!("ops/p384_point_double_tests.txt"), ); } @@ -1048,12 +1039,10 @@ mod tests { p } - #[cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))] struct AffinePoint { xy: [Limb; 2 * MAX_LIMBS], } - #[cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))] fn consume_affine_point( ops: &PrivateKeyOps, test_case: &mut test::TestCase, @@ -1118,15 +1107,19 @@ mod tests { actual: &[Limb; MAX_LIMBS], expected: &[Limb; MAX_LIMBS], ) { - for i in 0..ops.num_limbs { - if actual[i] != expected[i] { - let mut s = alloc::string::String::new(); - for j in 0..ops.num_limbs { - let formatted = format!("{:016x}", actual[ops.num_limbs - j - 1]); - s.push_str(&formatted); - } - panic!("Actual != Expected,\nActual = {}", s); + if actual[..ops.num_limbs] != expected[..ops.num_limbs] { + let mut actual_s = alloc::string::String::new(); + let mut expected_s = alloc::string::String::new(); + for j in 0..ops.num_limbs { + let formatted = format!("{:016x}", actual[ops.num_limbs - j - 1]); + actual_s.push_str(&formatted); + let formatted = format!("{:016x}", expected[ops.num_limbs - j - 1]); + expected_s.push_str(&formatted); } + panic!( + "Actual != Expected,\nActual = {}, Expected = {}", + actual_s, expected_s + ); } } diff --git a/src/ec/suite_b/ops/p256.rs b/src/ec/suite_b/ops/p256.rs index 4c54f5c..4cff49e 100644 --- a/src/ec/suite_b/ops/p256.rs +++ b/src/ec/suite_b/ops/p256.rs @@ -64,18 +64,17 @@ pub static COMMON_OPS: CommonOps = CommonOps { encoding: PhantomData, // R }, - elem_add_impl: GFp_nistz256_add, - elem_mul_mont: GFp_nistz256_mul_mont, - elem_sqr_mont: GFp_nistz256_sqr_mont, + elem_mul_mont: p256_mul_mont, + elem_sqr_mont: p256_sqr_mont, - point_add_jacobian_impl: GFp_nistz256_point_add, + point_add_jacobian_impl: p256_point_add, }; pub static PRIVATE_KEY_OPS: PrivateKeyOps = PrivateKeyOps { common: &COMMON_OPS, elem_inv_squared: p256_elem_inv_squared, point_mul_base_impl: p256_point_mul_base_impl, - point_mul_impl: GFp_nistz256_point_mul, + point_mul_impl: p256_point_mul, }; fn p256_elem_inv_squared(a: &Elem<R>) -> Elem<R> { @@ -124,56 +123,17 @@ fn p256_elem_inv_squared(a: &Elem<R>) -> Elem<R> { } fn p256_point_mul_base_impl(g_scalar: &Scalar) -> Point { - let mut r = Point::new_at_infinity(); - - // Keep this in sync with the logic for defining `GFp_USE_LARGE_TABLE` and - // with the logic for deciding whether to test `GFp_nistz256_point_add_affine` - // in suite_b/ops.rs. - - #[cfg(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64"))] - { - extern "C" { - fn GFp_nistz256_point_mul_base( - r: *mut Limb, // [3][COMMON_OPS.num_limbs] - g_scalar: *const Limb, // [COMMON_OPS.num_limbs] - ); - } - unsafe { - GFp_nistz256_point_mul_base(r.xyz.as_mut_ptr(), g_scalar.limbs.as_ptr()); - } - } - - #[cfg(not(any(target_arch = "aarch64", target_arch = "x86", target_arch = "x86_64")))] - { - static GENERATOR: (Elem<R>, Elem<R>) = ( - Elem { - limbs: p256_limbs![ - 0x18a9143c, 0x79e730d4, 0x5fedb601, 0x75ba95fc, 0x77622510, 0x79fb732b, - 0xa53755c6, 0x18905f76 - ], - m: PhantomData, - encoding: PhantomData, - }, - Elem { - limbs: p256_limbs![ - 0xce95560a, 0xddf25357, 0xba19e45c, 0x8b4ab8e4, 0xdd21f325, 0xd2e88688, - 0x25885d85, 0x8571ff18 - ], - m: PhantomData, - encoding: PhantomData, - }, + prefixed_extern! { + fn p256_point_mul_base( + r: *mut Limb, // [3][COMMON_OPS.num_limbs] + g_scalar: *const Limb, // [COMMON_OPS.num_limbs] ); - - unsafe { - GFp_nistz256_point_mul( - r.xyz.as_mut_ptr(), - g_scalar.limbs.as_ptr(), - GENERATOR.0.limbs.as_ptr(), - GENERATOR.1.limbs.as_ptr(), - ); - } } + let mut r = Point::new_at_infinity(); + unsafe { + p256_point_mul_base(r.xyz.as_mut_ptr(), g_scalar.limbs.as_ptr()); + } r } @@ -184,7 +144,7 @@ pub static PUBLIC_KEY_OPS: PublicKeyOps = PublicKeyOps { pub static SCALAR_OPS: ScalarOps = ScalarOps { common: &COMMON_OPS, scalar_inv_to_mont_impl: p256_scalar_inv_to_mont, - scalar_mul_mont: GFp_p256_scalar_mul_mont, + scalar_mul_mont: p256_scalar_mul_mont, }; pub static PUBLIC_SCALAR_OPS: PublicScalarOps = PublicScalarOps { @@ -224,29 +184,29 @@ fn p256_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> { #[inline] fn mul(a: &Scalar<R>, b: &Scalar<R>) -> Scalar<R> { - binary_op(GFp_p256_scalar_mul_mont, a, b) + binary_op(p256_scalar_mul_mont, a, b) } #[inline] fn sqr(a: &Scalar<R>) -> Scalar<R> { - unary_op(GFp_p256_scalar_sqr_mont, a) + let mut tmp = Scalar::zero(); + unsafe { p256_scalar_sqr_rep_mont(tmp.limbs.as_mut_ptr(), a.limbs.as_ptr(), 1) } + tmp } // Returns (`a` squared `squarings` times) * `b`. fn sqr_mul(a: &Scalar<R>, squarings: Limb, b: &Scalar<R>) -> Scalar<R> { debug_assert!(squarings >= 1); let mut tmp = Scalar::zero(); - unsafe { GFp_p256_scalar_sqr_rep_mont(tmp.limbs.as_mut_ptr(), a.limbs.as_ptr(), squarings) } + unsafe { p256_scalar_sqr_rep_mont(tmp.limbs.as_mut_ptr(), a.limbs.as_ptr(), squarings) } mul(&tmp, b) } // Sets `acc` = (`acc` squared `squarings` times) * `b`. fn sqr_mul_acc(acc: &mut Scalar<R>, squarings: Limb, b: &Scalar<R>) { debug_assert!(squarings >= 1); - unsafe { - GFp_p256_scalar_sqr_rep_mont(acc.limbs.as_mut_ptr(), acc.limbs.as_ptr(), squarings) - } - binary_op_assign(GFp_p256_scalar_mul_mont, acc, b); + unsafe { p256_scalar_sqr_rep_mont(acc.limbs.as_mut_ptr(), acc.limbs.as_ptr(), squarings) } + binary_op_assign(p256_scalar_mul_mont, acc, b); } fn to_mont(a: &Scalar) -> Scalar<R> { @@ -258,7 +218,7 @@ fn p256_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> { m: PhantomData, encoding: PhantomData, }; - binary_op(GFp_p256_scalar_mul_mont, a, &N_RR) + binary_op(p256_scalar_mul_mont, a, &N_RR) } // Indexes into `d`. @@ -337,44 +297,35 @@ fn p256_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> { acc } -extern "C" { - fn GFp_nistz256_add( +prefixed_extern! { + pub(super) fn p256_mul_mont( r: *mut Limb, // [COMMON_OPS.num_limbs] a: *const Limb, // [COMMON_OPS.num_limbs] b: *const Limb, // [COMMON_OPS.num_limbs] ); - fn GFp_nistz256_mul_mont( - r: *mut Limb, // [COMMON_OPS.num_limbs] - a: *const Limb, // [COMMON_OPS.num_limbs] - b: *const Limb, // [COMMON_OPS.num_limbs] - ); - fn GFp_nistz256_sqr_mont( + pub(super) fn p256_sqr_mont( r: *mut Limb, // [COMMON_OPS.num_limbs] a: *const Limb, // [COMMON_OPS.num_limbs] ); - fn GFp_nistz256_point_add( + fn p256_point_add( r: *mut Limb, // [3][COMMON_OPS.num_limbs] a: *const Limb, // [3][COMMON_OPS.num_limbs] b: *const Limb, // [3][COMMON_OPS.num_limbs] ); - fn GFp_nistz256_point_mul( + fn p256_point_mul( r: *mut Limb, // [3][COMMON_OPS.num_limbs] p_scalar: *const Limb, // [COMMON_OPS.num_limbs] p_x: *const Limb, // [COMMON_OPS.num_limbs] p_y: *const Limb, // [COMMON_OPS.num_limbs] ); - fn GFp_p256_scalar_mul_mont( + fn p256_scalar_mul_mont( r: *mut Limb, // [COMMON_OPS.num_limbs] a: *const Limb, // [COMMON_OPS.num_limbs] b: *const Limb, // [COMMON_OPS.num_limbs] ); - fn GFp_p256_scalar_sqr_mont( - r: *mut Limb, // [COMMON_OPS.num_limbs] - a: *const Limb, // [COMMON_OPS.num_limbs] - ); - fn GFp_p256_scalar_sqr_rep_mont( + fn p256_scalar_sqr_rep_mont( r: *mut Limb, // [COMMON_OPS.num_limbs] a: *const Limb, // [COMMON_OPS.num_limbs] rep: Limb, diff --git a/src/ec/suite_b/ops/p384.rs b/src/ec/suite_b/ops/p384.rs index 7ecba1f..e04c5db 100644 --- a/src/ec/suite_b/ops/p384.rs +++ b/src/ec/suite_b/ops/p384.rs @@ -60,18 +60,17 @@ pub static COMMON_OPS: CommonOps = CommonOps { encoding: PhantomData, // Unreduced }, - elem_add_impl: GFp_p384_elem_add, - elem_mul_mont: GFp_p384_elem_mul_mont, - elem_sqr_mont: GFp_p384_elem_sqr_mont, + elem_mul_mont: p384_elem_mul_mont, + elem_sqr_mont: p384_elem_sqr_mont, - point_add_jacobian_impl: GFp_nistz384_point_add, + point_add_jacobian_impl: nistz384_point_add, }; pub static PRIVATE_KEY_OPS: PrivateKeyOps = PrivateKeyOps { common: &COMMON_OPS, elem_inv_squared: p384_elem_inv_squared, point_mul_base_impl: p384_point_mul_base_impl, - point_mul_impl: GFp_nistz384_point_mul, + point_mul_impl: nistz384_point_mul, }; fn p384_elem_inv_squared(a: &Elem<R>) -> Elem<R> { @@ -161,7 +160,7 @@ pub static PUBLIC_KEY_OPS: PublicKeyOps = PublicKeyOps { pub static SCALAR_OPS: ScalarOps = ScalarOps { common: &COMMON_OPS, scalar_inv_to_mont_impl: p384_scalar_inv_to_mont, - scalar_mul_mont: GFp_p384_scalar_mul_mont, + scalar_mul_mont: p384_scalar_mul_mont, }; pub static PUBLIC_SCALAR_OPS: PublicScalarOps = PublicScalarOps { @@ -202,15 +201,15 @@ fn p384_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> { // 581a0db248b0a77aecec196accc52971. fn mul(a: &Scalar<R>, b: &Scalar<R>) -> Scalar<R> { - binary_op(GFp_p384_scalar_mul_mont, a, b) + binary_op(p384_scalar_mul_mont, a, b) } fn sqr(a: &Scalar<R>) -> Scalar<R> { - binary_op(GFp_p384_scalar_mul_mont, a, a) + binary_op(p384_scalar_mul_mont, a, a) } fn sqr_mut(a: &mut Scalar<R>) { - unary_op_from_binary_op_assign(GFp_p384_scalar_mul_mont, a); + unary_op_from_binary_op_assign(p384_scalar_mul_mont, a); } // Returns (`a` squared `squarings` times) * `b`. @@ -229,7 +228,7 @@ fn p384_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> { for _ in 0..squarings { sqr_mut(acc); } - binary_op_assign(GFp_p384_scalar_mul_mont, acc, b) + binary_op_assign(p384_scalar_mul_mont, acc, b) } fn to_mont(a: &Scalar<Unencoded>) -> Scalar<R> { @@ -238,7 +237,7 @@ fn p384_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> { m: PhantomData, encoding: PhantomData, }; - binary_op(GFp_p384_scalar_mul_mont, a, &N_RR) + binary_op(p384_scalar_mul_mont, a, &N_RR) } // Indexes into `d`. @@ -325,12 +324,12 @@ fn p384_scalar_inv_to_mont(a: &Scalar<Unencoded>) -> Scalar<R> { acc } -unsafe extern "C" fn GFp_p384_elem_sqr_mont( +unsafe extern "C" fn p384_elem_sqr_mont( r: *mut Limb, // [COMMON_OPS.num_limbs] a: *const Limb, // [COMMON_OPS.num_limbs] ) { // XXX: Inefficient. TODO: Make a dedicated squaring routine. - GFp_p384_elem_mul_mont(r, a, a); + p384_elem_mul_mont(r, a, a); } const N_RR_LIMBS: [Limb; MAX_LIMBS] = p384_limbs![ @@ -338,31 +337,26 @@ const N_RR_LIMBS: [Limb; MAX_LIMBS] = p384_limbs![ 0x28266895, 0x3fb05b7a, 0x2b39bf21, 0x0c84ee01 ]; -extern "C" { - fn GFp_p384_elem_add( - r: *mut Limb, // [COMMON_OPS.num_limbs] - a: *const Limb, // [COMMON_OPS.num_limbs] - b: *const Limb, // [COMMON_OPS.num_limbs] - ); - fn GFp_p384_elem_mul_mont( +prefixed_extern! { + fn p384_elem_mul_mont( r: *mut Limb, // [COMMON_OPS.num_limbs] a: *const Limb, // [COMMON_OPS.num_limbs] b: *const Limb, // [COMMON_OPS.num_limbs] ); - fn GFp_nistz384_point_add( + fn nistz384_point_add( r: *mut Limb, // [3][COMMON_OPS.num_limbs] a: *const Limb, // [3][COMMON_OPS.num_limbs] b: *const Limb, // [3][COMMON_OPS.num_limbs] ); - fn GFp_nistz384_point_mul( + fn nistz384_point_mul( r: *mut Limb, // [3][COMMON_OPS.num_limbs] p_scalar: *const Limb, // [COMMON_OPS.num_limbs] p_x: *const Limb, // [COMMON_OPS.num_limbs] p_y: *const Limb, // [COMMON_OPS.num_limbs] ); - fn GFp_p384_scalar_mul_mont( + fn p384_scalar_mul_mont( r: *mut Limb, // [COMMON_OPS.num_limbs] a: *const Limb, // [COMMON_OPS.num_limbs] b: *const Limb, // [COMMON_OPS.num_limbs] diff --git a/src/endian.rs b/src/endian.rs index 94979e1..d1d1aaf 100644 --- a/src/endian.rs +++ b/src/endian.rs @@ -11,13 +11,6 @@ where const ZERO: Self; } -/// Allow access to a slice of of `Encoding<T>` as a slice of bytes. -pub fn as_byte_slice<E: Encoding<T>, T>(x: &[E]) -> &[u8] { - unsafe { - core::slice::from_raw_parts(x.as_ptr() as *const u8, x.len() * core::mem::size_of::<E>()) - } -} - /// Work around the inability to implement `AsRef` for arrays of `Encoding`s /// due to the coherence rules. pub trait ArrayEncoding<T> { @@ -35,23 +28,27 @@ macro_rules! define_endian { #[repr(transparent)] pub struct $endian<T>(T); - impl<T> $endian<T> { - #[deprecated] - pub fn into_raw_value(self) -> T { - self.0 - } - } - impl<T> Copy for $endian<T> where T: Copy {} impl<T> Clone for $endian<T> where T: Clone, { + #[inline] fn clone(&self) -> Self { Self(self.0.clone()) } } + + impl<T> core::ops::BitXorAssign for $endian<T> + where + T: core::ops::BitXorAssign, + { + #[inline(always)] + fn bitxor_assign(&mut self, a: Self) { + self.0 ^= a.0; + } + } }; } @@ -60,6 +57,7 @@ macro_rules! impl_from_byte_array { impl FromByteArray<[u8; $elems * core::mem::size_of::<$base>()]> for [$endian<$base>; $elems] { + #[inline] fn from_byte_array(a: &[u8; $elems * core::mem::size_of::<$base>()]) -> Self { unsafe { core::mem::transmute_copy(a) } } @@ -72,10 +70,8 @@ macro_rules! impl_array_encoding { impl ArrayEncoding<[u8; $elems * core::mem::size_of::<$base>()]> for [$endian<$base>; $elems] { + #[inline] fn as_byte_array(&self) -> &[u8; $elems * core::mem::size_of::<$base>()] { - // TODO: When we can require Rust 1.47.0 or later we could avoid - // `as` and `unsafe` here using - // `as_byte_slice(self).try_into().unwrap()`. let as_bytes_ptr = self.as_ptr() as *const [u8; $elems * core::mem::size_of::<$base>()]; unsafe { &*as_bytes_ptr } diff --git a/src/error.rs b/src/error.rs index 23e2ab3..b9ce929 100644 --- a/src/error.rs +++ b/src/error.rs @@ -76,49 +76,34 @@ extern crate std; #[derive(Clone, Copy, Debug, PartialEq)] pub struct Unspecified; -impl Unspecified { - fn description_() -> &'static str { - "ring::error::Unspecified" - } -} - // This is required for the implementation of `std::error::Error`. impl core::fmt::Display for Unspecified { fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result { - f.write_str(Self::description_()) + f.write_str("ring::error::Unspecified") } } #[cfg(feature = "std")] -impl std::error::Error for Unspecified { - #[inline] - fn cause(&self) -> Option<&dyn std::error::Error> { - None - } - - fn description(&self) -> &str { - Self::description_() - } -} +impl std::error::Error for Unspecified {} impl From<untrusted::EndOfInput> for Unspecified { fn from(_: untrusted::EndOfInput) -> Self { - Unspecified + Self } } impl From<core::array::TryFromSliceError> for Unspecified { fn from(_: core::array::TryFromSliceError) -> Self { - Unspecified + Self } } /// An error parsing or validating a key. /// -/// The `Display` implementation and `<KeyRejected as Error>::description()` -/// will return a string that will help you better understand why a key was -/// rejected change which errors are reported in which situations while -/// minimizing the likelihood that any applications will be broken. +/// The `Display` implementation will return a string that will help you better +/// understand why a key was rejected change which errors are reported in which +/// situations while minimizing the likelihood that any applications will be +/// broken. /// /// Here is an incomplete list of reasons a key may be unsupported: /// @@ -147,80 +132,67 @@ impl From<core::array::TryFromSliceError> for Unspecified { pub struct KeyRejected(&'static str); impl KeyRejected { - /// The value returned from <Self as std::error::Error>::description() - pub fn description_(&self) -> &'static str { - self.0 - } - pub(crate) fn inconsistent_components() -> Self { - KeyRejected("InconsistentComponents") + Self("InconsistentComponents") } pub(crate) fn invalid_component() -> Self { - KeyRejected("InvalidComponent") + Self("InvalidComponent") } #[inline] pub(crate) fn invalid_encoding() -> Self { - KeyRejected("InvalidEncoding") + Self("InvalidEncoding") } // XXX: See the comment at the call site. pub(crate) fn rng_failed() -> Self { - KeyRejected("RNG failed") + Self("RNG failed") } pub(crate) fn public_key_is_missing() -> Self { - KeyRejected("PublicKeyIsMissing") + Self("PublicKeyIsMissing") } #[cfg(feature = "alloc")] pub(crate) fn too_small() -> Self { - KeyRejected("TooSmall") + Self("TooSmall") } #[cfg(feature = "alloc")] pub(crate) fn too_large() -> Self { - KeyRejected("TooLarge") + Self("TooLarge") } pub(crate) fn version_not_supported() -> Self { - KeyRejected("VersionNotSupported") + Self("VersionNotSupported") } pub(crate) fn wrong_algorithm() -> Self { - KeyRejected("WrongAlgorithm") + Self("WrongAlgorithm") } #[cfg(feature = "alloc")] pub(crate) fn private_modulus_len_not_multiple_of_512_bits() -> Self { - KeyRejected("PrivateModulusLenNotMultipleOf512Bits") + Self("PrivateModulusLenNotMultipleOf512Bits") } pub(crate) fn unexpected_error() -> Self { - KeyRejected("UnexpectedError") + Self("UnexpectedError") } } #[cfg(feature = "std")] -impl std::error::Error for KeyRejected { - fn cause(&self) -> Option<&dyn std::error::Error> { - None - } - - fn description(&self) -> &str { - self.description_() - } -} +impl std::error::Error for KeyRejected {} impl core::fmt::Display for KeyRejected { fn fmt(&self, f: &mut core::fmt::Formatter) -> core::fmt::Result { - f.write_str(self.description_()) + f.write_str(self.0) } } impl From<KeyRejected> for Unspecified { fn from(_: KeyRejected) -> Self { - Unspecified + Self } } diff --git a/src/hkdf.rs b/src/hkdf.rs index 7f14dae..5ca4ace 100644 --- a/src/hkdf.rs +++ b/src/hkdf.rs @@ -62,7 +62,7 @@ impl Salt { /// Constructing a `Salt` is relatively expensive so it is good to reuse a /// `Salt` object instead of re-constructing `Salt`s with the same value. pub fn new(algorithm: Algorithm, value: &[u8]) -> Self { - Salt(hmac::Key::new(algorithm.0, value)) + Self(hmac::Key::new(algorithm.0, value)) } /// The [HKDF-Extract] operation. diff --git a/src/hmac.rs b/src/hmac.rs index 3e2d7e7..f5a940c 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -135,10 +135,6 @@ pub static HMAC_SHA384: Algorithm = Algorithm(&digest::SHA384); /// HMAC using SHA-512. pub static HMAC_SHA512: Algorithm = Algorithm(&digest::SHA512); -/// A deprecated alias for `Tag`. -#[deprecated(note = "`Signature` was renamed to `Tag`. This alias will be removed soon.")] -pub type Signature = Tag; - /// An HMAC tag. /// /// For a given tag `t`, use `t.as_ref()` to get the tag value as a byte slice. @@ -159,16 +155,6 @@ pub struct Key { outer: digest::BlockContext, } -/// `hmac::SigningKey` was renamed to `hmac::Key`. -#[deprecated(note = "Renamed to `hmac::Key`.")] -pub type SigningKey = Key; - -/// `hmac::VerificationKey` was merged into `hmac::Key`. -#[deprecated( - note = "The distinction between verification & signing keys was removed. Use `hmac::Key`." -)] -pub type VerificationKey = Key; - impl core::fmt::Debug for Key { fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { f.debug_struct("Key") @@ -276,7 +262,7 @@ impl hkdf::KeyType for Algorithm { impl From<hkdf::Okm<'_, Algorithm>> for Key { fn from(okm: hkdf::Okm<Algorithm>) -> Self { - Key::construct(*okm.len(), |buf| okm.fill(buf)).unwrap() + Self::construct(*okm.len(), |buf| okm.fill(buf)).unwrap() } } @@ -289,10 +275,6 @@ pub struct Context { outer: digest::BlockContext, } -/// `hmac::SigningContext` was renamed to `hmac::Context`. -#[deprecated(note = "Renamed to `hmac::Context`.")] -pub type SigningContext = Context; - impl core::fmt::Debug for Context { fn fmt(&self, f: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { f.debug_struct("Context") diff --git a/src/io/der.rs b/src/io/der.rs index 1a00d85..23bee9f 100644 --- a/src/io/der.rs +++ b/src/io/der.rs @@ -128,7 +128,7 @@ where inner.read_all(error, decoder) } -fn nonnegative_integer<'a>( +pub(crate) fn nonnegative_integer<'a>( input: &mut untrusted::Reader<'a>, min_value: u8, ) -> Result<untrusted::Input<'a>, error::Unspecified> { @@ -140,7 +140,7 @@ fn nonnegative_integer<'a>( if input.at_end() && first_byte < min_value { return Err(error::Unspecified); } - let _ = input.read_bytes_to_end(); + input.skip_to_end(); Ok(()) }) } @@ -168,7 +168,7 @@ fn nonnegative_integer<'a>( // is set. return Err(error::Unspecified); } - let _ = input.read_bytes_to_end(); + input.skip_to_end(); Ok(()) })?; check_minimum(r, min_value)?; @@ -180,7 +180,7 @@ fn nonnegative_integer<'a>( return Err(error::Unspecified); } - let _ = input.read_bytes_to_end(); + input.skip_to_end(); check_minimum(value, min_value)?; Ok(value) }) @@ -202,9 +202,7 @@ pub fn small_nonnegative_integer(input: &mut untrusted::Reader) -> Result<u8, er pub fn positive_integer<'a>( input: &mut untrusted::Reader<'a>, ) -> Result<Positive<'a>, error::Unspecified> { - Ok(Positive::new_non_empty_without_leading_zeros( - nonnegative_integer(input, 1)?, - )) + Positive::new_non_empty_without_leading_zeros(nonnegative_integer(input, 1)?) } #[cfg(test)] diff --git a/src/io/positive.rs b/src/io/positive.rs index 06f2625..42391e2 100644 --- a/src/io/positive.rs +++ b/src/io/positive.rs @@ -14,16 +14,24 @@ //! Serialization and deserialization. +use crate::error; + /// A serialized positive integer. #[derive(Copy, Clone)] pub struct Positive<'a>(untrusted::Input<'a>); impl<'a> Positive<'a> { #[inline] - pub(crate) fn new_non_empty_without_leading_zeros(input: untrusted::Input<'a>) -> Self { - debug_assert!(!input.is_empty()); - debug_assert!(input.len() == 1 || input.as_slice_less_safe()[0] != 0); - Self(input) + pub(crate) fn new_non_empty_without_leading_zeros( + input: untrusted::Input<'a>, + ) -> Result<Self, error::Unspecified> { + if input.is_empty() { + return Err(error::Unspecified); + } + if input.len() > 1 && input.as_slice_less_safe()[0] == 0 { + return Err(error::Unspecified); + } + Ok(Self(input)) } /// Returns the value, ordered from significant byte to least significant @@ -45,22 +45,10 @@ //! requiring these hacks, and without requiring a C compiler.) //! </table> +// When running mk/package.sh, don't actually build any code. +#![cfg(not(pregenerate_asm_only))] #![doc(html_root_url = "https://briansmith.org/rustdoc/")] #![allow( - clippy::collapsible_if, - clippy::identity_op, - clippy::len_without_is_empty, - clippy::len_zero, - clippy::let_unit_value, - clippy::many_single_char_names, - clippy::needless_range_loop, - clippy::new_without_default, - clippy::neg_cmp_op_on_partial_ord, - clippy::range_plus_one, - clippy::too_many_arguments, - clippy::trivially_copy_pass_by_ref, - clippy::type_complexity, - clippy::unreadable_literal, missing_copy_implementations, missing_debug_implementations, non_camel_case_types, @@ -80,6 +68,9 @@ extern crate alloc; mod debug; #[macro_use] +mod prefixed; + +#[macro_use] pub mod test; #[macro_use] @@ -92,9 +83,11 @@ mod bssl; mod polyfill; pub mod aead; + +#[cfg(not(target_arch = "wasm32"))] pub mod agreement; -mod bits; +pub mod bits; pub(crate) mod c; pub mod constant_time; @@ -114,7 +107,7 @@ pub mod pkcs8; pub mod rand; #[cfg(feature = "alloc")] -mod rsa; +pub mod rsa; pub mod signature; diff --git a/src/limb.rs b/src/limb.rs index eb5aed5..7bd1123 100644 --- a/src/limb.rs +++ b/src/limb.rs @@ -56,7 +56,7 @@ pub const LIMB_BYTES: usize = (LIMB_BITS + 7) / 8; #[inline] pub fn limbs_equal_limbs_consttime(a: &[Limb], b: &[Limb]) -> LimbMask { - extern "C" { + prefixed_extern! { fn LIMBS_equal(a: *const Limb, b: *const Limb, num_limbs: c::size_t) -> LimbMask; } @@ -278,7 +278,7 @@ pub fn fold_5_bit_windows<R, I: FnOnce(Window) -> R, F: Fn(R, Window) -> R>( const WINDOW_BITS: Wrapping<c::size_t> = Wrapping(5); - extern "C" { + prefixed_extern! { fn LIMBS_window5_split_window( lower_limb: Limb, higher_limb: Limb, @@ -331,21 +331,37 @@ pub fn fold_5_bit_windows<R, I: FnOnce(Window) -> R, F: Fn(R, Window) -> R>( }) } -extern "C" { - #[cfg(feature = "alloc")] - fn LIMB_shr(a: Limb, shift: c::size_t) -> Limb; +#[inline] +pub(crate) fn limbs_add_assign_mod(a: &mut [Limb], b: &[Limb], m: &[Limb]) { + debug_assert_eq!(a.len(), m.len()); + debug_assert_eq!(b.len(), m.len()); + prefixed_extern! { + // `r` and `a` may alias. + fn LIMBS_add_mod( + r: *mut Limb, + a: *const Limb, + b: *const Limb, + m: *const Limb, + num_limbs: c::size_t, + ); + } + unsafe { LIMBS_add_mod(a.as_mut_ptr(), a.as_ptr(), b.as_ptr(), m.as_ptr(), m.len()) } +} - #[cfg(feature = "alloc")] - fn LIMBS_are_even(a: *const Limb, num_limbs: c::size_t) -> LimbMask; +prefixed_extern! { fn LIMBS_are_zero(a: *const Limb, num_limbs: c::size_t) -> LimbMask; - #[cfg(feature = "alloc")] - fn LIMBS_equal_limb(a: *const Limb, b: Limb, num_limbs: c::size_t) -> LimbMask; fn LIMBS_less_than(a: *const Limb, b: *const Limb, num_limbs: c::size_t) -> LimbMask; - #[cfg(feature = "alloc")] - fn LIMBS_less_than_limb(a: *const Limb, b: Limb, num_limbs: c::size_t) -> LimbMask; fn LIMBS_reduce_once(r: *mut Limb, m: *const Limb, num_limbs: c::size_t); } +#[cfg(feature = "alloc")] +prefixed_extern! { + fn LIMB_shr(a: Limb, shift: c::size_t) -> Limb; + fn LIMBS_are_even(a: *const Limb, num_limbs: c::size_t) -> LimbMask; + fn LIMBS_equal_limb(a: *const Limb, b: Limb, num_limbs: c::size_t) -> LimbMask; + fn LIMBS_less_than_limb(a: *const Limb, b: Limb, num_limbs: c::size_t) -> LimbMask; +} + #[cfg(test)] mod tests { use super::*; diff --git a/src/polyfill.rs b/src/polyfill.rs index c7e93c2..c621c0b 100644 --- a/src/polyfill.rs +++ b/src/polyfill.rs @@ -37,3 +37,10 @@ pub mod slice { } } } + +#[macro_use] +mod chunks_fixed; + +pub(crate) mod array_map; + +pub use chunks_fixed::*; diff --git a/src/polyfill/array_map.rs b/src/polyfill/array_map.rs new file mode 100644 index 0000000..c538b92 --- /dev/null +++ b/src/polyfill/array_map.rs @@ -0,0 +1,35 @@ +// Copyright 2015-2016 Brian Smith. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// TODO: Replace this with use of the array_map feature +// (https://github.com/rust-lang/rust/issues/75243) when it becomes stable. + +pub(crate) trait Map<A, B, BArray> { + fn array_map(self, f: impl Fn(A) -> B) -> BArray; +} + +macro_rules! impl_map { + ( $n:expr, [ $( $elem:ident ),+ ] ) => { + impl<A, B> Map<A, B, [B; $n]> for [A; $n] { + #[inline] + fn array_map(self, f: impl Fn(A) -> B) -> [B; $n] { + let [ $( $elem ),+ ] = self; + [ $( f($elem) ),+ ] + } + } + } +} + +impl_map!(4, [a, b, c, d]); +impl_map!(8, [a, b, c, d, e, f, g, h]); diff --git a/src/polyfill/chunks_fixed.rs b/src/polyfill/chunks_fixed.rs new file mode 100644 index 0000000..7b792cb --- /dev/null +++ b/src/polyfill/chunks_fixed.rs @@ -0,0 +1,70 @@ +use core::convert::TryInto; + +/// Allows splitting a reference to an array type into fixed-length chunks. +pub trait ChunksFixed<'a, Chunks> +where + Chunks: 'a, +{ + fn chunks_fixed(self) -> Chunks; +} + +/// Allows iterating over a mutable array in fixed-length chunks. +/// +/// The design of this is different than that for `ChunksFixed` because it +/// isn't clear that we can legally (according to Rust's rules) convert create +/// a mutable reference to the chunked type from a mutable reference. +/// +/// TODO: Get clarification on the rules and refactor this tp be more like +/// `ChunksFixed`. +pub trait ChunksFixedMut<'a, Chunk> +where + Chunk: 'a, +{ + type MutIterator: Iterator<Item = &'a mut Chunk>; + + fn chunks_fixed_mut(self) -> Self::MutIterator; +} + +/// `$unchuncked_len` must be divisible by `$chunk_len`. +macro_rules! define_chunks_fixed { + ( $unchuncked_len:expr, $chunk_len:expr ) => { + define_chunks_fixed!($unchuncked_len, $chunk_len, $unchuncked_len / $chunk_len); + }; + + ( $unchuncked_len:expr, $chunk_len:expr, $chunked_len:expr ) => { + impl<'a, T> ChunksFixed<'a, &'a [[T; $chunk_len]; $chunked_len]> + for &'a [T; $unchuncked_len] + { + #[inline(always)] + fn chunks_fixed(self) -> &'a [[T; $chunk_len]; $chunked_len] { + let as_ptr: *const [T; $chunk_len] = self.as_ptr() as *const [T; $chunk_len]; + let as_ptr = as_ptr as *const [[T; $chunk_len]; $chunked_len]; + unsafe { &*as_ptr } + } + } + + impl<'a, T> ChunksFixedMut<'a, [T; $chunk_len]> for &'a mut [T; $unchuncked_len] { + type MutIterator = core::iter::Map< + core::slice::ChunksExactMut<'a, T>, + fn(&'a mut [T]) -> &'a mut [T; $chunk_len], + >; + + #[inline(always)] + fn chunks_fixed_mut(self) -> Self::MutIterator { + // There will be no remainder because `$unchuncked_len` must be divisible by + // `$chunk_len`. The `unwrap()` will not fail for the same reason. + self.chunks_exact_mut($chunk_len) + .map(|slice| slice.try_into().unwrap()) + } + } + }; +} + +// Sorted by the first value, then the second value. +define_chunks_fixed!(12, 4); +define_chunks_fixed!(16, 4); +define_chunks_fixed!(16, 8); +define_chunks_fixed!(32, 4); +define_chunks_fixed!(64, 4); +define_chunks_fixed!(64, 32); +define_chunks_fixed!(80, 20); diff --git a/src/prefixed.rs b/src/prefixed.rs new file mode 100644 index 0000000..a35f921 --- /dev/null +++ b/src/prefixed.rs @@ -0,0 +1,102 @@ +macro_rules! prefixed_extern { + // Functions. + { + $( + $( #[$meta:meta] )* + $vis:vis fn $name:ident ( $( $arg_pat:ident : $arg_ty:ty ),* $(,)? ) + $( -> $ret_ty:ty )?; + )+ + } => { + extern "C" { + $( + prefixed_item! { + link_name + $name + { + $( #[$meta] )* + $vis fn $name ( $( $arg_pat : $arg_ty ),* ) $( -> $ret_ty )?; + } + + } + )+ + } + }; + + // A global variable. + { + $( #[$meta:meta] )* + $vis:vis static mut $name:ident: $typ:ty; + } => { + extern "C" { + prefixed_item! { + link_name + $name + { + $( #[$meta] )* + $vis static mut $name: $typ; + } + } + } + }; +} + +#[cfg(not(any(target_arch = "x86", target_arch = "x86_64")))] +macro_rules! prefixed_export { + // A function. + { + $( #[$meta:meta] )* + $vis:vis unsafe fn $name:ident ( $( $arg_pat:ident : $arg_ty:ty ),* $(,)? ) $body:block + } => { + prefixed_item! { + export_name + $name + { + $( #[$meta] )* + $vis unsafe fn $name ( $( $arg_pat : $arg_ty ),* ) $body + } + } + }; + + // A global variable. + { + $( #[$meta:meta] )* + $vis:vis static mut $name:ident: $typ:ty = $initial_value:expr; + } => { + prefixed_item! { + export_name + $name + { + $( #[$meta] )* + $vis static mut $name: $typ = $initial_value; + } + } + }; +} + +macro_rules! prefixed_item { + // Calculate the prefixed name in a separate layer of macro expansion + // because rustc won't currently accept a non-literal expression as + // the value for `#[link_name = value]`. + { + $attr:ident + $name:ident + { $( $item:tt )+ } + } => { + prefixed_item! { + $attr + //{ concat!(env!("RING_CORE_PREFIX"), stringify!($name)) } + { concat!("ring_core_android_platform_", stringify!($name)) } + { $( $item )+ } + } + }; + + // Output the item. + { + $attr:ident + { $prefixed_name:expr } + { $( $item:tt )+ } + } => { + #[$attr = $prefixed_name] + $( $item )+ + }; +} diff --git a/src/rand.rs b/src/rand.rs index 9d1864f..c633e0e 100644 --- a/src/rand.rs +++ b/src/rand.rs @@ -201,24 +201,8 @@ mod sysrand_chunk { #[inline] pub fn chunk(dest: &mut [u8]) -> Result<usize, error::Unspecified> { - use libc::c_long; - - // See `SYS_getrandom` in #include <sys/syscall.h>. - - #[cfg(target_arch = "aarch64")] - const SYS_GETRANDOM: c_long = 278; - - #[cfg(target_arch = "arm")] - const SYS_GETRANDOM: c_long = 384; - - #[cfg(target_arch = "x86")] - const SYS_GETRANDOM: c_long = 355; - - #[cfg(target_arch = "x86_64")] - const SYS_GETRANDOM: c_long = 318; - let chunk_len: c::size_t = dest.len(); - let r = unsafe { libc::syscall(SYS_GETRANDOM, dest.as_mut_ptr(), chunk_len, 0) }; + let r = unsafe { libc::syscall(libc::SYS_getrandom, dest.as_mut_ptr(), chunk_len, 0) }; if r < 0 { let errno; @@ -17,7 +17,8 @@ // naming conventions. Also the standard camelCase names are used for `KeyPair` // components. -/// RSA signatures. +//! Low-level RSA primitives. + use crate::{ arithmetic::bigint, bits, error, @@ -25,20 +26,12 @@ use crate::{ limb, }; -mod padding; - -// `RSA_PKCS1_SHA1` is intentionally not exposed. -pub use self::padding::{ - RsaEncoding, RSA_PKCS1_SHA256, RSA_PKCS1_SHA384, RSA_PKCS1_SHA512, RSA_PSS_SHA256, - RSA_PSS_SHA384, RSA_PSS_SHA512, -}; +mod bounds; +pub(crate) mod padding; // Maximum RSA modulus size supported for signature verification (in bytes). const PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN: usize = bigint::MODULUS_MAX_LIMBS * limb::LIMB_BYTES; -// Keep in sync with the documentation comment for `KeyPair`. -const PRIVATE_KEY_PUBLIC_MODULUS_MAX_BITS: bits::BitLength = bits::BitLength::from_usize_bits(4096); - /// Parameters for RSA verification. #[derive(Debug)] pub struct RsaParameters { @@ -46,6 +39,20 @@ pub struct RsaParameters { min_bits: bits::BitLength, } +impl Bounds for RsaParameters { + fn n_min_bits(&self) -> bits::BitLength { + self.min_bits + } + + fn n_max_bits(&self) -> bits::BitLength { + bits::BitLength::from_usize_bytes(PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN).unwrap() + } + + fn e_min_value(&self) -> u64 { + 3 + } +} + fn parse_public_key( input: untrusted::Input, ) -> Result<(io::Positive, io::Positive), error::Unspecified> { @@ -61,10 +68,20 @@ fn parse_public_key( // Type-level representation of an RSA public modulus *n*. See // `super::bigint`'s modulue-level documentation. #[derive(Copy, Clone)] -pub enum N {} +enum N {} unsafe impl bigint::PublicModulus for N {} -pub mod verification; +pub(crate) mod keypair; +pub(crate) mod public; -pub mod signing; +pub(crate) mod verification; + +pub use self::{ + bounds::Bounds, + keypair::{Components as RsaKeyPairComponents, RsaKeyPair}, + padding::{ + OaepEncoding, RSA_OAEP_2048_8192_SHA1_FOR_LEGACY_USE_ONLY, RSA_OAEP_2048_8192_SHA256, + }, + public::{Components as RsaPublicKeyComponents, Key as RsaPublicKey}, +}; diff --git a/src/rsa/bounds.rs b/src/rsa/bounds.rs new file mode 100644 index 0000000..ccc6cca --- /dev/null +++ b/src/rsa/bounds.rs @@ -0,0 +1,13 @@ +use crate::bits; + +/// The bounds that determine whether an RSA key is acceptable. +pub trait Bounds: crate::sealed::Sealed { + /// The minimum length of the public modulus. + fn n_min_bits(&self) -> bits::BitLength; + + /// The maximum length of the public modulus. + fn n_max_bits(&self) -> bits::BitLength; + + /// The minimum length of the public exponent. + fn e_min_value(&self) -> u64; +} diff --git a/src/rsa/keypair.rs b/src/rsa/keypair.rs new file mode 100644 index 0000000..2fb87bd --- /dev/null +++ b/src/rsa/keypair.rs @@ -0,0 +1,9 @@ +//! Low-level RSA key pair (private key) API. + +mod asn1; +mod components; +mod core; +mod oaep; +pub(crate) mod signing; + +pub use self::{components::Components, core::RsaKeyPair}; diff --git a/src/rsa/keypair/asn1.rs b/src/rsa/keypair/asn1.rs new file mode 100644 index 0000000..d41de77 --- /dev/null +++ b/src/rsa/keypair/asn1.rs @@ -0,0 +1,180 @@ +//! Construction of `RsaKeyPair` from ASN1. + +use super::super::{keypair, public}; +use crate::{ + error::{self, KeyRejected}, + io::der, + pkcs8, +}; +use core::convert::TryFrom; + +impl keypair::RsaKeyPair { + /// Parses an unencrypted PKCS#8-encoded RSA private key. + /// + /// Only two-prime (not multi-prime) keys are supported. The public modulus + /// (n) must be at least 2047 bits. The public modulus must be no larger + /// than 4096 bits. It is recommended that the public modulus be exactly + /// 2048 or 3072 bits. The public exponent must be at least 65537. + /// + /// This will generate a 2048-bit RSA private key of the correct form using + /// OpenSSL's command line tool: + /// + /// ```sh + /// openssl genpkey -algorithm RSA \ + /// -pkeyopt rsa_keygen_bits:2048 \ + /// -pkeyopt rsa_keygen_pubexp:65537 | \ + /// openssl pkcs8 -topk8 -nocrypt -outform der > rsa-2048-private-key.pk8 + /// ``` + /// + /// This will generate a 3072-bit RSA private key of the correct form: + /// + /// ```sh + /// openssl genpkey -algorithm RSA \ + /// -pkeyopt rsa_keygen_bits:3072 \ + /// -pkeyopt rsa_keygen_pubexp:65537 | \ + /// openssl pkcs8 -topk8 -nocrypt -outform der > rsa-3072-private-key.pk8 + /// ``` + /// + /// Often, keys generated for use in OpenSSL-based software are stored in + /// the Base64 “PEM” format without the PKCS#8 wrapper. Such keys can be + /// converted to binary PKCS#8 form using the OpenSSL command line tool like + /// this: + /// + /// ```sh + /// openssl pkcs8 -topk8 -nocrypt -outform der \ + /// -in rsa-2048-private-key.pem > rsa-2048-private-key.pk8 + /// ``` + /// + /// Base64 (“PEM”) PKCS#8-encoded keys can be converted to the binary PKCS#8 + /// form like this: + /// + /// ```sh + /// openssl pkcs8 -nocrypt -outform der \ + /// -in rsa-2048-private-key.pem > rsa-2048-private-key.pk8 + /// ``` + /// + /// The private key is validated according to [NIST SP-800-56B rev. 1] + /// section 6.4.1.4.3, crt_pkv (Intended Exponent-Creation Method Unknown), + /// with the following exceptions: + /// + /// * Section 6.4.1.2.1, Step 1: Neither a target security level nor an + /// expected modulus length is provided as a parameter, so checks + /// regarding these expectations are not done. + /// * Section 6.4.1.2.1, Step 3: Since neither the public key nor the + /// expected modulus length is provided as a parameter, the consistency + /// check between these values and the private key's value of n isn't + /// done. + /// * Section 6.4.1.2.1, Step 5: No primality tests are done, both for + /// performance reasons and to avoid any side channels that such tests + /// would provide. + /// * Section 6.4.1.2.1, Step 6, and 6.4.1.4.3, Step 7: + /// * *ring* has a slightly looser lower bound for the values of `p` + /// and `q` than what the NIST document specifies. This looser lower + /// bound matches what most other crypto libraries do. The check might + /// be tightened to meet NIST's requirements in the future. Similarly, + /// the check that `p` and `q` are not too close together is skipped + /// currently, but may be added in the future. + /// - The validity of the mathematical relationship of `dP`, `dQ`, `e` + /// and `n` is verified only during signing. Some size checks of `d`, + /// `dP` and `dQ` are performed at construction, but some NIST checks + /// are skipped because they would be expensive and/or they would leak + /// information through side channels. If a preemptive check of the + /// consistency of `dP`, `dQ`, `e` and `n` with each other is + /// necessary, that can be done by signing any message with the key + /// pair. + /// + /// * `d` is not fully validated, neither at construction nor during + /// signing. This is OK as far as *ring*'s usage of the key is + /// concerned because *ring* never uses the value of `d` (*ring* always + /// uses `p`, `q`, `dP` and `dQ` via the Chinese Remainder Theorem, + /// instead). However, *ring*'s checks would not be sufficient for + /// validating a key pair for use by some other system; that other + /// system must check the value of `d` itself if `d` is to be used. + /// + /// In addition to the NIST requirements, *ring* requires that `p > q` and + /// that `e` must be no more than 33 bits. + /// + /// See [RFC 5958] and [RFC 3447 Appendix A.1.2] for more details of the + /// encoding of the key. + /// + /// [NIST SP-800-56B rev. 1]: + /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf + /// + /// [RFC 3447 Appendix A.1.2]: + /// https://tools.ietf.org/html/rfc3447#appendix-A.1.2 + /// + /// [RFC 5958]: + /// https://tools.ietf.org/html/rfc5958 + pub fn from_pkcs8(pkcs8: &[u8]) -> Result<Self, KeyRejected> { + const RSA_ENCRYPTION: &[u8] = include_bytes!("../../data/alg-rsa-encryption.der"); + let (der, _) = pkcs8::unwrap_key_( + untrusted::Input::from(&RSA_ENCRYPTION), + pkcs8::Version::V1Only, + untrusted::Input::from(pkcs8), + )?; + Self::from_der(der.as_slice_less_safe()) + } + + /// Parses an RSA private key that is not inside a PKCS#8 wrapper. + /// + /// The private key must be encoded as a binary DER-encoded ASN.1 + /// `RSAPrivateKey` as described in [RFC 3447 Appendix A.1.2]). In all other + /// respects, this is just like `from_pkcs8()`. See the documentation for + /// `from_pkcs8()` for more details. + /// + /// It is recommended to use `from_pkcs8()` (with a PKCS#8-encoded key) + /// instead. + /// + /// [RFC 3447 Appendix A.1.2]: + /// https://tools.ietf.org/html/rfc3447#appendix-A.1.2 + /// + /// [NIST SP-800-56B rev. 1]: + /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf + pub fn from_der(input: &[u8]) -> Result<Self, KeyRejected> { + untrusted::Input::from(input).read_all(KeyRejected::invalid_encoding(), |input| { + der::nested( + input, + der::Tag::Sequence, + KeyRejected::invalid_encoding(), + Self::from_der_reader, + ) + }) + } + + fn from_der_reader(input: &mut untrusted::Reader) -> Result<Self, KeyRejected> { + let version = der::small_nonnegative_integer(input) + .map_err(|error::Unspecified| KeyRejected::invalid_encoding())?; + if version != 0 { + return Err(KeyRejected::version_not_supported()); + } + + fn nonnegative_integer<'a>( + input: &mut untrusted::Reader<'a>, + ) -> Result<&'a [u8], KeyRejected> { + der::nonnegative_integer(input, 0) + .map(|input| input.as_slice_less_safe()) + .map_err(|error::Unspecified| KeyRejected::invalid_encoding()) + } + + let n = nonnegative_integer(input)?; + let e = nonnegative_integer(input)?; + let d = nonnegative_integer(input)?; + let p = nonnegative_integer(input)?; + let q = nonnegative_integer(input)?; + let dP = nonnegative_integer(input)?; + let dQ = nonnegative_integer(input)?; + let qInv = nonnegative_integer(input)?; + + let components = keypair::Components { + public_key: public::Components { n, e }, + d, + p, + q, + dP, + dQ, + qInv, + }; + + Self::try_from(&components) + } +} diff --git a/src/rsa/keypair/components.rs b/src/rsa/keypair/components.rs new file mode 100644 index 0000000..9800b31 --- /dev/null +++ b/src/rsa/keypair/components.rs @@ -0,0 +1,63 @@ +/// RSA key pair components. +pub struct Components<Public, Private = Public> +where + Public: AsRef<[u8]> + core::fmt::Debug, +{ + /// The public key components. + pub public_key: super::super::public::Components<Public>, + + /// The private exponent. + pub d: Private, + + /// The first prime factor of `d`. + pub p: Private, + + /// The second prime factor of `d`. + pub q: Private, + + /// `p`'s public Chinese Remainder Theorem exponent. + pub dP: Private, + + /// `q`'s public Chinese Remainder Theorem exponent. + pub dQ: Private, + + /// `q**-1 mod p`. + pub qInv: Private, +} + +impl<Public, Private> Copy for Components<Public, Private> +where + Public: AsRef<[u8]> + Copy + core::fmt::Debug, + Private: Copy, +{ +} + +impl<Public, Private> Clone for Components<Public, Private> +where + Public: AsRef<[u8]> + Clone + core::fmt::Debug, + Private: Clone, +{ + fn clone(&self) -> Self { + Self { + public_key: self.public_key.clone(), + d: self.d.clone(), + p: self.p.clone(), + q: self.q.clone(), + dP: self.dP.clone(), + dQ: self.dQ.clone(), + qInv: self.qInv.clone(), + } + } +} + +impl<Public, Private> core::fmt::Debug for Components<Public, Private> +where + Public: AsRef<[u8]> + core::fmt::Debug, +{ + fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> Result<(), core::fmt::Error> { + // Non-public components are intentionally skipped + f.debug_struct("Components") + .field("public_key", &self.public_key) + .finish() + } +} diff --git a/src/rsa/keypair/core.rs b/src/rsa/keypair/core.rs new file mode 100644 index 0000000..524ad48 --- /dev/null +++ b/src/rsa/keypair/core.rs @@ -0,0 +1,449 @@ +// Copyright 2015-2016 Brian Smith. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +//! RSA key pairs. + +use super::{ + super::{public, N}, + Components, +}; +use crate::{ + arithmetic::{ + bigint::{self, Prime}, + montgomery::R, + }, + bits, + error::{self, KeyRejected}, +}; +use core::convert::TryFrom; + +// Keep in sync with the documentation comment for `KeyPair`. +const PRIVATE_KEY_PUBLIC_MODULUS_MAX_BITS: bits::BitLength = bits::BitLength::from_usize_bits(4096); + +/// An RSA key pair. +pub struct RsaKeyPair { + p: PrivatePrime<P>, + q: PrivatePrime<Q>, + qInv: bigint::Elem<P, R>, + qq: bigint::Modulus<QQ>, + q_mod_n: bigint::Elem<N, R>, + public: public::Key, +} + +derive_debug_via_field!(RsaKeyPair, stringify!(RsaKeyPair), public); + +impl RsaKeyPair { + fn try_from_( + &Components { + public_key, + d, + p, + q, + dP, + dQ, + qInv, + }: &Components<&[u8]>, + ) -> Result<Self, KeyRejected> { + let d = untrusted::Input::from(d); + let p = untrusted::Input::from(p); + let q = untrusted::Input::from(q); + let dP = untrusted::Input::from(dP); + let dQ = untrusted::Input::from(dQ); + let qInv = untrusted::Input::from(qInv); + + let (p, p_bits) = bigint::Nonnegative::from_be_bytes_with_bit_length(p) + .map_err(|error::Unspecified| KeyRejected::invalid_encoding())?; + let (q, q_bits) = bigint::Nonnegative::from_be_bytes_with_bit_length(q) + .map_err(|error::Unspecified| KeyRejected::invalid_encoding())?; + + // Our implementation of CRT-based modular exponentiation used requires + // that `p > q` so swap them if `p < q`. If swapped, `qInv` is + // recalculated below. `p != q` is verified implicitly below, e.g. when + // `q_mod_p` is constructed. + let ((p, p_bits, dP), (q, q_bits, dQ, qInv)) = match q.verify_less_than(&p) { + Ok(_) => ((p, p_bits, dP), (q, q_bits, dQ, Some(qInv))), + Err(error::Unspecified) => { + // TODO: verify `q` and `qInv` are inverses (mod p). + ((q, q_bits, dQ), (p, p_bits, dP, None)) + } + }; + + // XXX: Some steps are done out of order, but the NIST steps are worded + // in such a way that it is clear that NIST intends for them to be done + // in order. TODO: Does this matter at all? + + // 6.4.1.4.3/6.4.1.2.1 - Step 1. + + // Step 1.a is omitted, as explained above. + + // Step 1.b is omitted per above. Instead, we check that the public + // modulus is 2048 to `PRIVATE_KEY_PUBLIC_MODULUS_MAX_BITS` bits. + // XXX: The maximum limit of 4096 bits is primarily due to lack of + // testing of larger key sizes; see, in particular, + // https://www.mail-archive.com/openssl-dev@openssl.org/msg44586.html + // and + // https://www.mail-archive.com/openssl-dev@openssl.org/msg44759.html. + // Also, this limit might help with memory management decisions later. + + // Step 1.c. We validate e >= 65537. + let public_key = + public::Key::from_modulus_and_exponent(public_key.n, public_key.e, &KeyPairBounds)?; + + // 6.4.1.4.3 says to skip 6.4.1.2.1 Step 2. + + // 6.4.1.4.3 Step 3. + + // Step 3.a is done below, out of order. + // Step 3.b is unneeded since `n_bits` is derived here from `n`. + + // 6.4.1.4.3 says to skip 6.4.1.2.1 Step 4. (We don't need to recover + // the prime factors since they are already given.) + + // 6.4.1.4.3 - Step 5. + + // Steps 5.a and 5.b are omitted, as explained above. + + // Step 5.c. + // + // TODO: First, stop if `p < (√2) * 2**((nBits/2) - 1)`. + // + // Second, stop if `p > 2**(nBits/2) - 1`. + let half_n_bits = public_key.n().len_bits().half_rounded_up(); + if p_bits != half_n_bits { + return Err(KeyRejected::inconsistent_components()); + } + + // TODO: Step 5.d: Verify GCD(p - 1, e) == 1. + + // Steps 5.e and 5.f are omitted as explained above. + + // Step 5.g. + // + // TODO: First, stop if `q < (√2) * 2**((nBits/2) - 1)`. + // + // Second, stop if `q > 2**(nBits/2) - 1`. + if p_bits != q_bits { + return Err(KeyRejected::inconsistent_components()); + } + + // TODO: Step 5.h: Verify GCD(p - 1, e) == 1. + + let n = &public_key.n().value; + + let q_mod_n_decoded = q + .to_elem(n) + .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; + + // TODO: Step 5.i + // + // 3.b is unneeded since `n_bits` is derived here from `n`. + + // 6.4.1.4.3 - Step 3.a (out of order). + // + // Verify that p * q == n. We restrict ourselves to modular + // multiplication. We rely on the fact that we've verified + // 0 < q < p < n. We check that q and p are close to sqrt(n) and then + // assume that these preconditions are enough to let us assume that + // checking p * q == 0 (mod n) is equivalent to checking p * q == n. + let q_mod_n = bigint::elem_mul(n.oneRR().as_ref(), q_mod_n_decoded.clone(), n); + let p_mod_n = p + .to_elem(n) + .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; + let pq_mod_n = bigint::elem_mul(&q_mod_n, p_mod_n, n); + if !pq_mod_n.is_zero() { + return Err(KeyRejected::inconsistent_components()); + } + + // 6.4.1.4.3/6.4.1.2.1 - Step 6. + + // Step 6.a, partial. + // + // First, validate `2**half_n_bits < d`. Since 2**half_n_bits has a bit + // length of half_n_bits + 1, this check gives us 2**half_n_bits <= d, + // and knowing d is odd makes the inequality strict. + let (d, d_bits) = bigint::Nonnegative::from_be_bytes_with_bit_length(d) + .map_err(|_| error::KeyRejected::invalid_encoding())?; + if !(half_n_bits < d_bits) { + return Err(KeyRejected::inconsistent_components()); + } + // XXX: This check should be `d < LCM(p - 1, q - 1)`, but we don't have + // a good way of calculating LCM, so it is omitted, as explained above. + d.verify_less_than_modulus(n) + .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; + if !d.is_odd() { + return Err(KeyRejected::invalid_component()); + } + + // Step 6.b is omitted as explained above. + + // 6.4.1.4.3 - Step 7. + + // Step 7.a. + let p = PrivatePrime::new(p, dP)?; + + // Step 7.b. + let q = PrivatePrime::new(q, dQ)?; + + let q_mod_p = q.modulus.to_elem(&p.modulus); + + // Step 7.c. + let qInv = if let Some(qInv) = qInv { + bigint::Elem::from_be_bytes_padded(qInv, &p.modulus) + .map_err(|error::Unspecified| KeyRejected::invalid_component())? + } else { + // We swapped `p` and `q` above, so we need to calculate `qInv`. + // Step 7.f below will verify `qInv` is correct. + let q_mod_p = bigint::elem_mul(p.modulus.oneRR().as_ref(), q_mod_p.clone(), &p.modulus); + bigint::elem_inverse_consttime(q_mod_p, &p.modulus) + .map_err(|error::Unspecified| KeyRejected::unexpected_error())? + }; + + // Steps 7.d and 7.e are omitted per the documentation above, and + // because we don't (in the long term) have a good way to do modulo + // with an even modulus. + + // Step 7.f. + let qInv = bigint::elem_mul(p.modulus.oneRR().as_ref(), qInv, &p.modulus); + bigint::verify_inverses_consttime(&qInv, q_mod_p, &p.modulus) + .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; + + let qq = bigint::elem_mul(&q_mod_n, q_mod_n_decoded, n).into_modulus::<QQ>()?; + + Ok(Self { + p, + q, + qInv, + q_mod_n, + qq, + public: public_key, + }) + } + + /// Returns a reference to the public key. + pub fn public(&self) -> &public::Key { + &self.public + } +} + +// TODO: +struct KeyPairBounds; + +impl crate::sealed::Sealed for KeyPairBounds {} + +impl super::super::Bounds for KeyPairBounds { + fn n_min_bits(&self) -> bits::BitLength { + bits::BitLength::from_usize_bits(2048) + } + + fn n_max_bits(&self) -> bits::BitLength { + PRIVATE_KEY_PUBLIC_MODULUS_MAX_BITS + } + + fn e_min_value(&self) -> u64 { + 65537 + } +} + +impl<Public, Private> TryFrom<&Components<Public, Private>> for RsaKeyPair +where + Public: AsRef<[u8]> + core::fmt::Debug, + Private: AsRef<[u8]>, +{ + type Error = KeyRejected; + + fn try_from( + Components { + public_key, + d, + p, + q, + dP, + dQ, + qInv, + }: &Components<Public, Private>, + ) -> Result<Self, Self::Error> { + let components = Components { + public_key: public::Components { + n: public_key.n.as_ref(), + e: public_key.e.as_ref(), + }, + d: d.as_ref(), + p: p.as_ref(), + q: q.as_ref(), + dP: dP.as_ref(), + dQ: dQ.as_ref(), + qInv: qInv.as_ref(), + }; + Self::try_from_(&components) + } +} + +struct PrivatePrime<M: Prime> { + modulus: bigint::Modulus<M>, + exponent: bigint::PrivateExponent<M>, +} + +impl<M: Prime + Clone> PrivatePrime<M> { + /// Constructs a `PrivatePrime` from the private prime `p` and `dP` where + /// dP == d % (p - 1). + fn new(p: bigint::Nonnegative, dP: untrusted::Input) -> Result<Self, KeyRejected> { + let (p, p_bits) = bigint::Modulus::from_nonnegative_with_bit_length(p)?; + if p_bits.as_usize_bits() % 512 != 0 { + return Err(error::KeyRejected::private_modulus_len_not_multiple_of_512_bits()); + } + + // [NIST SP-800-56B rev. 1] 6.4.1.4.3 - Steps 7.a & 7.b. + let dP = bigint::PrivateExponent::from_be_bytes_padded(dP, &p) + .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; + + // XXX: Steps 7.d and 7.e are omitted. We don't check that + // `dP == d % (p - 1)` because we don't (in the long term) have a good + // way to do modulo with an even modulus. Instead we just check that + // `1 <= dP < p - 1`. We'll check it, to some unknown extent, when we + // do the private key operation, since we verify that the result of the + // private key operation using the CRT parameters is consistent with `n` + // and `e`. TODO: Either prove that what we do is sufficient, or make + // it so. + + Ok(PrivatePrime { + modulus: p, + exponent: dP, + }) + } +} + +fn elem_exp_consttime<M, MM>( + c: &bigint::Elem<MM>, + p: &PrivatePrime<M>, +) -> Result<bigint::Elem<M>, error::Unspecified> +where + M: bigint::NotMuchSmallerModulus<MM>, + M: Prime, +{ + let c_mod_m = bigint::elem_reduced(c, &p.modulus); + // We could precompute `oneRRR = elem_squared(&p.oneRR`) as mentioned + // in the Smooth CRT-RSA paper. + let c_mod_m = bigint::elem_mul(p.modulus.oneRR().as_ref(), c_mod_m, &p.modulus); + let c_mod_m = bigint::elem_mul(p.modulus.oneRR().as_ref(), c_mod_m, &p.modulus); + bigint::elem_exp_consttime(c_mod_m, &p.exponent, &p.modulus) +} + +// Type-level representations of the different moduli used in RSA signing, in +// addition to `super::N`. See `super::bigint`'s modulue-level documentation. + +#[derive(Copy, Clone)] +enum P {} +unsafe impl Prime for P {} +unsafe impl bigint::SmallerModulus<N> for P {} +unsafe impl bigint::NotMuchSmallerModulus<N> for P {} + +#[derive(Copy, Clone)] +enum QQ {} +unsafe impl bigint::SmallerModulus<N> for QQ {} +unsafe impl bigint::NotMuchSmallerModulus<N> for QQ {} + +// `q < p < 2*q` since `q` is slightly smaller than `p` (see below). Thus: +// +// q < p < 2*q +// q*q < p*q < 2*q*q. +// q**2 < n < 2*(q**2). +unsafe impl bigint::SlightlySmallerModulus<N> for QQ {} + +#[derive(Copy, Clone)] +enum Q {} +unsafe impl Prime for Q {} +unsafe impl bigint::SmallerModulus<N> for Q {} +unsafe impl bigint::SmallerModulus<P> for Q {} + +// q < p && `p.bit_length() == q.bit_length()` implies `q < p < 2*q`. +unsafe impl bigint::SlightlySmallerModulus<P> for Q {} + +unsafe impl bigint::SmallerModulus<QQ> for Q {} +unsafe impl bigint::NotMuchSmallerModulus<QQ> for Q {} + +impl RsaKeyPair { + pub(super) fn rsa_private_in_place(&self, in_out: &mut [u8]) -> Result<(), error::Unspecified> { + if in_out.len() != self.public.n().len_bits().as_usize_bytes_rounded_up() { + return Err(error::Unspecified); + } + + // RFC 8017 Section 5.1.2: RSADP, using the Chinese Remainder Theorem + // with Garner's algorithm. + + let n = &self.public.n().value; + + // Step 1. The value zero is also rejected. + let base = bigint::Elem::from_be_bytes_padded(untrusted::Input::from(in_out), n)?; + + // Step 2 + let c = base; + + // Step 2.b.i. + let m_1 = elem_exp_consttime(&c, &self.p)?; + let c_mod_qq = bigint::elem_reduced_once(&c, &self.qq); + let m_2 = elem_exp_consttime(&c_mod_qq, &self.q)?; + + // Step 2.b.ii isn't needed since there are only two primes. + + // Step 2.b.iii. + let p = &self.p.modulus; + let m_2 = bigint::elem_widen(m_2, p); + let m_1_minus_m_2 = bigint::elem_sub(m_1, &m_2, p); + let h = bigint::elem_mul(&self.qInv, m_1_minus_m_2, p); + + // Step 2.b.iv. The reduction in the modular multiplication isn't + // necessary because `h < p` and `p * q == n` implies `h * q < n`. + // Modular arithmetic is used simply to avoid implementing + // non-modular arithmetic. + let h = bigint::elem_widen(h, n); + let q_times_h = bigint::elem_mul(&self.q_mod_n, h, n); + let m_2 = bigint::elem_widen(m_2, n); + let m = bigint::elem_add(m_2, q_times_h, n); + + // Step 2.b.v isn't needed since there are only two primes. + + // Verify the result to protect against fault attacks as described + // in "On the Importance of Checking Cryptographic Protocols for + // Faults" by Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. + // This check is cheap assuming `e` is small, which is ensured during + // `KeyPair` construction. Note that this is the only validation of `e` + // that is done other than basic checks on its size, oddness, and + // minimum value, since the relationship of `e` to `d`, `p`, and `q` is + // not verified during `KeyPair` construction. + { + let verify = bigint::elem_exp_vartime(m.clone(), self.public.e().0, n); + let verify = verify.into_unencoded(n); + bigint::elem_verify_equal_consttime(&verify, &c)?; + } + + // Step 3. + // + // See Falko Strenzke, "Manger's Attack revisited", ICICS 2010. + m.fill_be_bytes(in_out); + + Ok(()) + } + + pub(super) fn rsa_private<R>( + &self, + input: &[u8], + f: impl FnOnce(&mut [u8]) -> Result<R, error::Unspecified>, + ) -> Result<R, error::Unspecified> { + let mut buffer = [0u8; PRIVATE_KEY_PUBLIC_MODULUS_MAX_BITS.as_usize_bytes_rounded_up()]; + let buffer = buffer.get_mut(..input.len()).ok_or(error::Unspecified)?; + buffer.copy_from_slice(input); + self.rsa_private_in_place(buffer)?; + f(buffer) + } +} diff --git a/src/aead/iv.rs b/src/rsa/keypair/oaep.rs index 09d96ee..f5422d6 100644 --- a/src/aead/iv.rs +++ b/src/rsa/keypair/oaep.rs @@ -1,4 +1,4 @@ -// Copyright 2018 Brian Smith. +// Copyright 2015-2019 Brian Smith. // // Permission to use, copy, modify, and/or distribute this software for any // purpose with or without fee is hereby granted, provided that the above @@ -12,22 +12,23 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -/// The IV for a single block encryption. -/// -/// Intentionally not `Clone` to ensure each is used only once. -#[repr(C)] -pub struct Iv([u8; IV_LEN]); +//! RSA OAEP decryption. -pub const IV_LEN: usize = 16; +use super::RsaKeyPair; +use crate::{error, rsa::padding}; +use alloc::boxed::Box; -impl Iv { - #[inline] - pub fn assume_unique_for_key(a: [u8; IV_LEN]) -> Self { - Self(a) - } - - #[inline] - pub fn into_bytes_less_safe(self) -> [u8; IV_LEN] { - self.0 +impl RsaKeyPair { + /// OAEP decrypts `ciphertext`, returning the plaintext. + pub fn decrypt_oaep_bytes_less_safe( + &self, + encoding: &'static padding::OaepEncoding, + ciphertext: &[u8], + ) -> Result<Box<[u8]>, error::Unspecified> { + self.rsa_private(ciphertext, |padded_buffer| { + let plaintext = + padding::oaep_decode(encoding, padded_buffer, self.public().n().len_bits())?; + Ok(plaintext.into()) + }) } } diff --git a/src/rsa/signature_rsa_example_private_key.der b/src/rsa/keypair/signature_rsa_example_private_key.der Binary files differindex 47f08a4..47f08a4 100644 --- a/src/rsa/signature_rsa_example_private_key.der +++ b/src/rsa/keypair/signature_rsa_example_private_key.der diff --git a/src/rsa/signature_rsa_example_public_key.der b/src/rsa/keypair/signature_rsa_example_public_key.der Binary files differindex 19e944f..19e944f 100644 --- a/src/rsa/signature_rsa_example_public_key.der +++ b/src/rsa/keypair/signature_rsa_example_public_key.der diff --git a/src/rsa/keypair/signing.rs b/src/rsa/keypair/signing.rs new file mode 100644 index 0000000..1a25d8a --- /dev/null +++ b/src/rsa/keypair/signing.rs @@ -0,0 +1,319 @@ +// Copyright 2015-2016 Brian Smith. +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +use super::super::{keypair, padding::RsaEncoding, public}; + +/// RSA PKCS#1 1.5 signatures. +use crate::{ + digest, + error::{self, KeyRejected}, + io::{self, der, der_writer}, + rand, signature, +}; +use alloc::boxed::Box; +use core::convert::TryFrom; + +/// An RSA key pair, used for signing. +pub struct RsaKeyPair { + inner: keypair::RsaKeyPair, + public_key: RsaSubjectPublicKey, +} + +impl core::fmt::Debug for RsaKeyPair { + fn fmt(&self, fmt: &mut core::fmt::Formatter) -> Result<(), core::fmt::Error> { + self.inner.fmt(fmt) + } +} + +impl RsaKeyPair { + /// Parses an unencrypted PKCS#8-encoded RSA private key. + /// + /// Only two-prime (not multi-prime) keys are supported. The public modulus + /// (n) must be at least 2047 bits. The public modulus must be no larger + /// than 4096 bits. It is recommended that the public modulus be exactly + /// 2048 or 3072 bits. The public exponent must be at least 65537. + /// + /// This will generate a 2048-bit RSA private key of the correct form using + /// OpenSSL's command line tool: + /// + /// ```sh + /// openssl genpkey -algorithm RSA \ + /// -pkeyopt rsa_keygen_bits:2048 \ + /// -pkeyopt rsa_keygen_pubexp:65537 | \ + /// openssl pkcs8 -topk8 -nocrypt -outform der > rsa-2048-private-key.pk8 + /// ``` + /// + /// This will generate a 3072-bit RSA private key of the correct form: + /// + /// ```sh + /// openssl genpkey -algorithm RSA \ + /// -pkeyopt rsa_keygen_bits:3072 \ + /// -pkeyopt rsa_keygen_pubexp:65537 | \ + /// openssl pkcs8 -topk8 -nocrypt -outform der > rsa-3072-private-key.pk8 + /// ``` + /// + /// Often, keys generated for use in OpenSSL-based software are stored in + /// the Base64 “PEM” format without the PKCS#8 wrapper. Such keys can be + /// converted to binary PKCS#8 form using the OpenSSL command line tool like + /// this: + /// + /// ```sh + /// openssl pkcs8 -topk8 -nocrypt -outform der \ + /// -in rsa-2048-private-key.pem > rsa-2048-private-key.pk8 + /// ``` + /// + /// Base64 (“PEM”) PKCS#8-encoded keys can be converted to the binary PKCS#8 + /// form like this: + /// + /// ```sh + /// openssl pkcs8 -nocrypt -outform der \ + /// -in rsa-2048-private-key.pem > rsa-2048-private-key.pk8 + /// ``` + /// + /// The private key is validated according to [NIST SP-800-56B rev. 1] + /// section 6.4.1.4.3, crt_pkv (Intended Exponent-Creation Method Unknown), + /// with the following exceptions: + /// + /// * Section 6.4.1.2.1, Step 1: Neither a target security level nor an + /// expected modulus length is provided as a parameter, so checks + /// regarding these expectations are not done. + /// * Section 6.4.1.2.1, Step 3: Since neither the public key nor the + /// expected modulus length is provided as a parameter, the consistency + /// check between these values and the private key's value of n isn't + /// done. + /// * Section 6.4.1.2.1, Step 5: No primality tests are done, both for + /// performance reasons and to avoid any side channels that such tests + /// would provide. + /// * Section 6.4.1.2.1, Step 6, and 6.4.1.4.3, Step 7: + /// * *ring* has a slightly looser lower bound for the values of `p` + /// and `q` than what the NIST document specifies. This looser lower + /// bound matches what most other crypto libraries do. The check might + /// be tightened to meet NIST's requirements in the future. Similarly, + /// the check that `p` and `q` are not too close together is skipped + /// currently, but may be added in the future. + /// - The validity of the mathematical relationship of `dP`, `dQ`, `e` + /// and `n` is verified only during signing. Some size checks of `d`, + /// `dP` and `dQ` are performed at construction, but some NIST checks + /// are skipped because they would be expensive and/or they would leak + /// information through side channels. If a preemptive check of the + /// consistency of `dP`, `dQ`, `e` and `n` with each other is + /// necessary, that can be done by signing any message with the key + /// pair. + /// + /// * `d` is not fully validated, neither at construction nor during + /// signing. This is OK as far as *ring*'s usage of the key is + /// concerned because *ring* never uses the value of `d` (*ring* always + /// uses `p`, `q`, `dP` and `dQ` via the Chinese Remainder Theorem, + /// instead). However, *ring*'s checks would not be sufficient for + /// validating a key pair for use by some other system; that other + /// system must check the value of `d` itself if `d` is to be used. + /// + /// In addition to the NIST requirements, *ring* requires that `p > q` and + /// that `e` must be no more than 33 bits. + /// + /// See [RFC 5958] and [RFC 3447 Appendix A.1.2] for more details of the + /// encoding of the key. + /// + /// [NIST SP-800-56B rev. 1]: + /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf + /// + /// [RFC 3447 Appendix A.1.2]: + /// https://tools.ietf.org/html/rfc3447#appendix-A.1.2 + /// + /// [RFC 5958]: + /// https://tools.ietf.org/html/rfc5958 + pub fn from_pkcs8(pkcs8: &[u8]) -> Result<Self, KeyRejected> { + keypair::RsaKeyPair::from_pkcs8(pkcs8).map(From::from) + } + + /// Parses an RSA private key that is not inside a PKCS#8 wrapper. + /// + /// The private key must be encoded as a binary DER-encoded ASN.1 + /// `RSAPrivateKey` as described in [RFC 3447 Appendix A.1.2]). In all other + /// respects, this is just like `from_pkcs8()`. See the documentation for + /// `from_pkcs8()` for more details. + /// + /// It is recommended to use `from_pkcs8()` (with a PKCS#8-encoded key) + /// instead. + /// + /// [RFC 3447 Appendix A.1.2]: + /// https://tools.ietf.org/html/rfc3447#appendix-A.1.2 + /// + /// [NIST SP-800-56B rev. 1]: + /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf + pub fn from_der(input: &[u8]) -> Result<Self, KeyRejected> { + keypair::RsaKeyPair::from_der(input).map(From::from) + } + + /// Returns a reference to the public key. + #[inline] + pub fn public(&self) -> &public::Key { + self.inner.public() + } + + /// Returns the length in bytes of the key pair's public modulus. + /// + /// A signature has the same length as the public modulus. + #[inline] + pub fn public_modulus_len(&self) -> usize { + self.public().n().len() + } +} + +impl From<keypair::RsaKeyPair> for RsaKeyPair { + fn from(inner: keypair::RsaKeyPair) -> Self { + let public_key = RsaSubjectPublicKey::from(inner.public()); + Self { inner, public_key } + } +} + +impl<Public, Private> TryFrom<&keypair::Components<Public, Private>> for RsaKeyPair +where + Public: AsRef<[u8]> + core::fmt::Debug, + Private: AsRef<[u8]>, +{ + type Error = KeyRejected; + + fn try_from(components: &keypair::Components<Public, Private>) -> Result<Self, Self::Error> { + keypair::RsaKeyPair::try_from(components).map(From::from) + } +} + +impl signature::KeyPair for RsaKeyPair { + type PublicKey = RsaSubjectPublicKey; + + #[inline] + fn public_key(&self) -> &Self::PublicKey { + &self.public_key + } +} + +/// A serialized RSA public key. +#[derive(Clone)] +pub struct RsaSubjectPublicKey(Box<[u8]>); + +impl AsRef<[u8]> for RsaSubjectPublicKey { + fn as_ref(&self) -> &[u8] { + self.0.as_ref() + } +} + +derive_debug_self_as_ref_hex_bytes!(RsaSubjectPublicKey); + +impl From<&public::Key> for RsaSubjectPublicKey { + fn from(key: &public::Key) -> Self { + // The public key `n` and `e` are always positive. + fn positive(bytes: &[u8]) -> io::Positive { + io::Positive::new_non_empty_without_leading_zeros(untrusted::Input::from(bytes)) + .unwrap() + } + + let n = key.n().to_be_bytes(); + let e = key.e().to_be_bytes(); + + let bytes = der_writer::write_all(der::Tag::Sequence, &|output| { + der_writer::write_positive_integer(output, &positive(&n)); + der_writer::write_positive_integer(output, &positive(&e)); + }); + RsaSubjectPublicKey(bytes) + } +} + +impl RsaSubjectPublicKey { + /// The public modulus (n). + pub fn modulus(&self) -> io::Positive { + // Parsing won't fail because we serialized it ourselves. + let (public_key, _exponent) = + super::super::parse_public_key(untrusted::Input::from(self.as_ref())).unwrap(); + public_key + } + + /// The public exponent (e). + pub fn exponent(&self) -> io::Positive { + // Parsing won't fail because we serialized it ourselves. + let (_public_key, exponent) = + super::super::parse_public_key(untrusted::Input::from(self.as_ref())).unwrap(); + exponent + } +} + +impl RsaKeyPair { + /// Sign `msg`. `msg` is digested using the digest algorithm from + /// `padding_alg` and the digest is then padded using the padding algorithm + /// from `padding_alg`. The signature it written into `signature`; + /// `signature`'s length must be exactly the length returned by + /// `public_modulus_len()`. `rng` may be used to randomize the padding + /// (e.g. for PSS). + /// + /// Many other crypto libraries have signing functions that takes a + /// precomputed digest as input, instead of the message to digest. This + /// function does *not* take a precomputed digest; instead, `sign` + /// calculates the digest itself. + /// + /// Lots of effort has been made to make the signing operations close to + /// constant time to protect the private key from side channel attacks. On + /// x86-64, this is done pretty well, but not perfectly. On other + /// platforms, it is done less perfectly. + pub fn sign( + &self, + padding_alg: &'static dyn RsaEncoding, + rng: &dyn rand::SecureRandom, + msg: &[u8], + signature: &mut [u8], + ) -> Result<(), error::Unspecified> { + let m_hash = digest::digest(padding_alg.digest_alg(), msg); + padding_alg.encode(m_hash, signature, self.public().n().len_bits(), rng)?; + self.inner.rsa_private_in_place(signature) + } +} + +#[cfg(test)] +mod tests { + // We intentionally avoid `use super::*` so that we are sure to use only + // the public API; this ensures that enough of the API is public. + use crate::{rand, signature}; + use alloc::vec; + + // `KeyPair::sign` requires that the output buffer is the same length as + // the public key modulus. Test what happens when it isn't the same length. + #[test] + fn test_signature_rsa_pkcs1_sign_output_buffer_len() { + // Sign the message "hello, world", using PKCS#1 v1.5 padding and the + // SHA256 digest algorithm. + const MESSAGE: &[u8] = b"hello, world"; + let rng = rand::SystemRandom::new(); + + const PRIVATE_KEY_DER: &[u8] = include_bytes!("signature_rsa_example_private_key.der"); + let key_pair = signature::RsaKeyPair::from_der(PRIVATE_KEY_DER).unwrap(); + + // The output buffer is one byte too short. + let mut signature = vec![0; key_pair.public().n().len() - 1]; + + assert!(key_pair + .sign(&signature::RSA_PKCS1_SHA256, &rng, MESSAGE, &mut signature) + .is_err()); + + // The output buffer is the right length. + signature.push(0); + assert!(key_pair + .sign(&signature::RSA_PKCS1_SHA256, &rng, MESSAGE, &mut signature) + .is_ok()); + + // The output buffer is one byte too long. + signature.push(0); + assert!(key_pair + .sign(&signature::RSA_PKCS1_SHA256, &rng, MESSAGE, &mut signature) + .is_err()); + } +} diff --git a/src/rsa/padding.rs b/src/rsa/padding.rs index f6b4cf6..78365ed 100644 --- a/src/rsa/padding.rs +++ b/src/rsa/padding.rs @@ -13,10 +13,14 @@ // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. use super::PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN; -use crate::{bits, digest, error, io::der}; +use crate::{bits, digest, error, io::der, polyfill}; +use core::convert::TryInto; #[cfg(feature = "alloc")] -use crate::rand; +use { + crate::rand, + alloc::{boxed::Box, vec}, +}; /// Common features of both RSA padding encoding and RSA padding verification. pub trait Padding: 'static + Sync + crate::sealed::Sealed + core::fmt::Debug { @@ -33,7 +37,7 @@ pub trait RsaEncoding: Padding { #[doc(hidden)] fn encode( &self, - m_hash: &digest::Digest, + m_hash: digest::Digest, m_out: &mut [u8], mod_bits: bits::BitLength, rng: &dyn rand::SecureRandom, @@ -47,7 +51,7 @@ pub trait RsaEncoding: Padding { pub trait Verification: Padding { fn verify( &self, - m_hash: &digest::Digest, + m_hash: digest::Digest, m: &mut untrusted::Reader, mod_bits: bits::BitLength, ) -> Result<(), error::Unspecified>; @@ -77,7 +81,7 @@ impl Padding for PKCS1 { impl RsaEncoding for PKCS1 { fn encode( &self, - m_hash: &digest::Digest, + m_hash: digest::Digest, m_out: &mut [u8], _mod_bits: bits::BitLength, _rng: &dyn rand::SecureRandom, @@ -90,7 +94,7 @@ impl RsaEncoding for PKCS1 { impl Verification for PKCS1 { fn verify( &self, - m_hash: &digest::Digest, + m_hash: digest::Digest, m: &mut untrusted::Reader, mod_bits: bits::BitLength, ) -> Result<(), error::Unspecified> { @@ -110,7 +114,7 @@ impl Verification for PKCS1 { // https://tools.ietf.org/html/rfc3447#section-9.2. This is used by both // verification and signing so it needs to be able to handle moduli of the // minimum and maximum sizes for both operations. -fn pkcs1_encode(pkcs1: &PKCS1, m_hash: &digest::Digest, m_out: &mut [u8]) { +fn pkcs1_encode(pkcs1: &PKCS1, m_hash: digest::Digest, m_out: &mut [u8]) { let em = m_out; let digest_len = pkcs1.digestinfo_prefix.len() + pkcs1.digest_alg.output_len; @@ -221,10 +225,6 @@ pub struct PSS { impl crate::sealed::Sealed for PSS {} -// Maximum supported length of the salt in bytes. -// In practice, this is constrained by the maximum digest length. -const MAX_SALT_LEN: usize = digest::MAX_OUTPUT_LEN; - impl Padding for PSS { fn digest_alg(&self) -> &'static digest::Algorithm { self.digest_alg @@ -236,7 +236,7 @@ impl RsaEncoding for PSS { // https://tools.ietf.org/html/rfc3447#section-9.1. fn encode( &self, - m_hash: &digest::Digest, + m_hash: digest::Digest, m_out: &mut [u8], mod_bits: bits::BitLength, rng: &dyn rand::SecureRandom, @@ -261,43 +261,41 @@ impl RsaEncoding for PSS { // Step 3 is done by `PSSMetrics::new()` above. - // Step 4. - let mut salt = [0u8; MAX_SALT_LEN]; - let salt = &mut salt[..metrics.s_len]; - rng.fill(salt)?; + { + let (db, digest_terminator) = em.split_at_mut(metrics.db_len); + let h; + { + let separator_pos = db.len() - 1 - metrics.s_len; + + // Step 4. + let salt: &[u8] = { + let salt = &mut db[(separator_pos + 1)..]; + rng.fill(salt)?; // salt + salt + }; - // Step 5 and 6. - let h_hash = pss_digest(self.digest_alg, m_hash, salt); + // Step 5 and 6. + h = pss_digest(self.digest_alg, m_hash, salt); - // Re-order steps 7, 8, 9 and 10 so that we first output the db mask - // into `em`, and then XOR the value of db. + // Step 7. + polyfill::slice::fill(&mut db[..separator_pos], 0); // ps - // Step 9. First output the mask into the out buffer. - let (mut masked_db, digest_terminator) = em.split_at_mut(metrics.db_len); - mgf1(self.digest_alg, h_hash.as_ref(), &mut masked_db)?; + // Step 8. + db[separator_pos] = 0x01; + }; - { - // Steps 7. - let masked_db = masked_db.iter_mut(); - // `PS` is all zero bytes, so skipping `ps_len` bytes is equivalent - // to XORing `PS` onto `db`. - let mut masked_db = masked_db.skip(metrics.ps_len); + // Steps 9 and 10. + mgf1(self.digest_alg, h.as_ref(), db); - // Step 8. - *(masked_db.next().ok_or(error::Unspecified)?) ^= 0x01; + // Step 11. + db[0] &= metrics.top_byte_mask; - // Step 10. - for (masked_db_b, salt_b) in masked_db.zip(salt) { - *masked_db_b ^= *salt_b; - } + // Step 12. + digest_terminator[..metrics.h_len].copy_from_slice(h.as_ref()); + digest_terminator[metrics.h_len] = 0xbc; } - // Step 11. - masked_db[0] &= metrics.top_byte_mask; - // Step 12. - digest_terminator[..metrics.h_len].copy_from_slice(h_hash.as_ref()); - digest_terminator[metrics.h_len] = 0xbc; Ok(()) } @@ -308,7 +306,7 @@ impl Verification for PSS { // where steps 1, 2(a), and 2(b) have been done for us. fn verify( &self, - m_hash: &digest::Digest, + m_hash: digest::Digest, m: &mut untrusted::Reader, mod_bits: bits::BitLength, ) -> Result<(), error::Unspecified> { @@ -350,7 +348,7 @@ impl Verification for PSS { let mut db = [0u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN]; let db = &mut db[..metrics.db_len]; - mgf1(self.digest_alg, h_hash.as_slice_less_safe(), db)?; + mgf1(self.digest_alg, h_hash.as_slice_less_safe(), db); masked_db.read_all(error::Unspecified, |masked_bytes| { // Step 6. Check the top bits of first byte are zero. @@ -410,7 +408,7 @@ impl PSSMetrics { fn new( digest_alg: &'static digest::Algorithm, mod_bits: bits::BitLength, - ) -> Result<PSSMetrics, error::Unspecified> { + ) -> Result<Self, error::Unspecified> { let em_bits = mod_bits.try_sub_1()?; let em_len = em_bits.as_usize_bytes_rounded_up(); let leading_zero_bits = (8 * em_len) - em_bits.as_usize_bits(); @@ -434,7 +432,7 @@ impl PSSMetrics { debug_assert!(em_bits.as_usize_bits() >= (8 * h_len) + (8 * s_len) + 9); - Ok(PSSMetrics { + Ok(Self { em_len, db_len, ps_len, @@ -447,31 +445,26 @@ impl PSSMetrics { // Mask-generating function MGF1 as described in // https://tools.ietf.org/html/rfc3447#appendix-B.2.1. -fn mgf1( - digest_alg: &'static digest::Algorithm, - seed: &[u8], - mask: &mut [u8], -) -> Result<(), error::Unspecified> { +fn mgf1(digest_alg: &'static digest::Algorithm, seed: &[u8], mask: &mut [u8]) { let digest_len = digest_alg.output_len; // Maximum counter value is the value of (mask_len / digest_len) rounded up. - let ctr_max = (mask.len() - 1) / digest_len; - assert!(ctr_max <= u32::max_value() as usize); for (i, mask_chunk) in mask.chunks_mut(digest_len).enumerate() { let mut ctx = digest::Context::new(digest_alg); ctx.update(seed); - ctx.update(&u32::to_be_bytes(i as u32)); + // The counter will always fit in a `u32` because we reject absurdly + // long inputs very early. + ctx.update(&u32::to_be_bytes(i.try_into().unwrap())); let digest = ctx.finish(); - let mask_chunk_len = mask_chunk.len(); - mask_chunk.copy_from_slice(&digest.as_ref()[..mask_chunk_len]); + for (m, &d) in mask_chunk.iter_mut().zip(digest.as_ref().iter()) { + *m ^= d; + } } - - Ok(()) } fn pss_digest( digest_alg: &'static digest::Algorithm, - m_hash: &digest::Digest, + m_hash: digest::Digest, salt: &[u8], ) -> digest::Digest { // Fixed prefix. @@ -516,6 +509,48 @@ rsa_pss_padding!( documentation for more details." ); +/// RSA OAEP encoding parameters. +#[derive(Debug, PartialEq, Eq)] +pub struct OaepEncoding { + digest_alg: &'static digest::Algorithm, +} + +impl crate::sealed::Sealed for OaepEncoding {} +impl super::Bounds for OaepEncoding { + fn n_min_bits(&self) -> bits::BitLength { + bits::BitLength::from_usize_bits(2048) + } + + fn n_max_bits(&self) -> bits::BitLength { + bits::BitLength::from_usize_bits(8192) + } + + fn e_min_value(&self) -> u64 { + 65537 + } +} + +macro_rules! rsa_oaep_padding { + ( $PADDING_ALGORITHM:ident, $digest_alg:expr, $doc_str:expr ) => { + #[doc=$doc_str] + pub static $PADDING_ALGORITHM: OaepEncoding = OaepEncoding { + digest_alg: $digest_alg, + }; + }; +} + +// TODO: improve doc comments. +rsa_oaep_padding!( + RSA_OAEP_2048_8192_SHA1_FOR_LEGACY_USE_ONLY, + &digest::SHA1_FOR_LEGACY_USE_ONLY, + "RSA OAEP using SHA-1." +); +rsa_oaep_padding!( + RSA_OAEP_2048_8192_SHA256, + &digest::SHA256, + "RSA OAEP using SHA-256." +); + #[cfg(test)] mod test { use super::*; @@ -551,7 +586,7 @@ mod test { let is_valid = test_case.consume_string("Result") == "P"; let actual_result = - encoded.read_all(error::Unspecified, |m| alg.verify(&m_hash, m, bit_len)); + encoded.read_all(error::Unspecified, |m| alg.verify(m_hash, m, bit_len)); assert_eq!(actual_result.is_ok(), is_valid); Ok(()) @@ -591,7 +626,7 @@ mod test { let mut m_out = vec![0u8; bit_len.as_usize_bytes_rounded_up()]; let digest = digest::digest(alg.digest_alg(), &msg); - alg.encode(&digest, &mut m_out, bit_len, &rng).unwrap(); + alg.encode(digest, &mut m_out, bit_len, &rng).unwrap(); assert_eq!(m_out, encoded); Ok(()) @@ -599,3 +634,110 @@ mod test { ); } } + +pub(in crate::rsa) fn oaep_decode<'in_out>( + encoding: &'static OaepEncoding, + in_out: &'in_out mut [u8], + mod_bits: bits::BitLength, +) -> Result<&'in_out [u8], error::Unspecified> { + const L: &[u8] = &[]; + let h_len = encoding.digest_alg.output_len; + let k = mod_bits.as_usize_bytes_rounded_up(); + + // 1.a. is implicit given we don't support a non-empty `L`. + + // 1.b + if in_out.len() != k { + return Err(error::Unspecified); + } + + // 1.c + if k < (2 * h_len) + 2 { + return Err(error::Unspecified); + } + + // 3.a. + let l_hash = digest::digest(&encoding.digest_alg, L); // TODO: precompute + + // 3.b. + let (y, rest) = in_out.split_at_mut(1); + let y = y[0]; + let (seed, db) = rest.split_at_mut(h_len); + + // 3.c and 3.d + mgf1(&encoding.digest_alg, db, seed); + + // 3.e. and 3.f. + mgf1(&encoding.digest_alg, seed, db); + + prefixed_extern! { + fn RSA_padding_check_oaep( + out_len: &mut crate::c::size_t, + y: u8, + db: *const u8, + db_len: crate::c::size_t, + phash: *const u8, + mdlen: crate::c::size_t, + ) -> crate::bssl::Result; + } + + let mut plaintext_len: crate::c::size_t = 0; + Result::from(unsafe { + RSA_padding_check_oaep( + &mut plaintext_len, + y, + db.as_ptr(), + db.len(), + l_hash.as_ref().as_ptr(), + l_hash.as_ref().len(), + ) + })?; + let plaintext_start = db.len() - plaintext_len; + + Ok(&db[plaintext_start..]) // TODo +} + +#[cfg(feature = "alloc")] +pub fn oaep_encode( + encoding: &'static OaepEncoding, + plaintext: &[u8], + mod_bits: bits::BitLength, + rng: &dyn rand::SecureRandom, +) -> Result<Box<[u8]>, error::Unspecified> { + const L: &[u8] = &[]; + let k = mod_bits.as_usize_bytes_rounded_up(); + let h_len = encoding.digest_alg.output_len; + + // 1.a is implicitly done since `L` is fixed. + + // 1.b + if plaintext.len() > k - (2 * h_len) - 2 { + return Err(error::Unspecified); + } + + let mut em = vec![0u8; k].into_boxed_slice(); + { + let (zero, rest) = em.split_at_mut(1); + debug_assert_eq!(zero, &[0]); + let (seed, db) = rest.split_at_mut(h_len); + let (l_hash, rest) = db.split_at_mut(h_len); + l_hash.copy_from_slice(digest::digest(&encoding.digest_alg, L).as_ref()); + let m_index = rest.len() - plaintext.len(); + let (ps, rest) = rest.split_at_mut(m_index - 1); + debug_assert!(ps.iter().all(|&b| b == 0)); + + rest[0] = 0x01; + rest[1..].copy_from_slice(plaintext); + + // 2.d + rng.fill(seed)?; + + // 2.e and 2.f + mgf1(&encoding.digest_alg, seed, db); + + // 2.g and 2.h + mgf1(&encoding.digest_alg, db, seed); + } + + Ok(em) +} diff --git a/src/rsa/public.rs b/src/rsa/public.rs new file mode 100644 index 0000000..419804c --- /dev/null +++ b/src/rsa/public.rs @@ -0,0 +1,7 @@ +//! Low-level RSA public key API. + +mod components; +mod key; +mod oaep; + +pub use {components::Components, key::Key}; diff --git a/src/rsa/public/components.rs b/src/rsa/public/components.rs new file mode 100644 index 0000000..f7269bb --- /dev/null +++ b/src/rsa/public/components.rs @@ -0,0 +1,23 @@ +/// RSA public key components +#[derive(Debug)] +pub struct Components<B: AsRef<[u8]> + core::fmt::Debug> { + /// The public modulus, encoded in big-endian bytes without leading zeros. + pub n: B, + + /// The public exponent, encoded in big-endian bytes without leading zeros. + pub e: B, +} + +impl<B: Copy> Copy for Components<B> where B: AsRef<[u8]> + core::fmt::Debug {} + +impl<B: Clone> Clone for Components<B> +where + B: AsRef<[u8]> + core::fmt::Debug, +{ + fn clone(&self) -> Self { + Self { + n: self.n.clone(), + e: self.e.clone(), + } + } +} diff --git a/src/rsa/public/key.rs b/src/rsa/public/key.rs new file mode 100644 index 0000000..2677a0c --- /dev/null +++ b/src/rsa/public/key.rs @@ -0,0 +1,209 @@ +use super::super::{Bounds, N, PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN}; +use crate::{ + arithmetic::{bigint, montgomery::Unencoded}, + bits, cpu, error, + limb::LIMB_BYTES, +}; +use alloc::boxed::Box; + +/// An RSA Public Key. +#[derive(Clone, Debug)] +pub struct Key { + n: PublicModulus, + e: PublicExponent, +} + +impl Key { + /// Constructs a `Key` from its components. + pub fn try_from_components<B>( + components: &super::Components<B>, + bounds: &dyn Bounds, + ) -> Result<Self, error::KeyRejected> + where + B: AsRef<[u8]> + core::fmt::Debug, + { + Self::from_modulus_and_exponent(components.n.as_ref(), components.e.as_ref(), bounds) + } + + /// Constructs the key from the public modulus `n` and the public exponent `e`, + /// verifying that they meet the bounds `bounds`. + pub fn from_modulus_and_exponent( + n: &[u8], + e: &[u8], + bounds: &dyn Bounds, + ) -> Result<Self, error::KeyRejected> { + let _ = cpu::features(); + let n = untrusted::Input::from(n); + let e = untrusted::Input::from(e); + + // This is an incomplete implementation of NIST SP800-56Br1 Section + // 6.4.2.2, "Partial Public-Key Validation for RSA." That spec defers + // to NIST SP800-89 Section 5.3.3, "(Explicit) Partial Public Key + // Validation for RSA," "with the caveat that the length of the modulus + // shall be a length that is specified in this Recommendation." In + // SP800-89, two different sets of steps are given, one set numbered, + // and one set lettered. TODO: Document this in the end-user + // documentation for RSA keys. + + let n = PublicModulus::new(n, bounds.n_min_bits(), bounds.n_max_bits())?; + + // If `n` is less than `e` then somebody has probably accidentally swapped + // them. The largest acceptable `e` is smaller than the smallest acceptable + // `n`, so no additional checks need to be done. + let e = PublicExponent::new(e, bounds.e_min_value())?; + + // XXX: Steps 4 & 5 / Steps d, e, & f are not implemented. This is also the + // case in most other commonly-used crypto libraries. + + Ok(Self { n, e }) + } + + /// The public modulus. + #[inline] + pub fn n(&self) -> &PublicModulus { + &self.n + } + + /// The public exponent. + #[inline] + pub fn e(&self) -> &PublicExponent { + &self.e + } + + pub(in crate::rsa) fn exponentiate<'in_out>( + &self, + input: untrusted::Input, + out_buffer: &'in_out mut [u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN], // TODO: clean this up + ) -> Result<&'in_out [u8], error::Unspecified> { + let n = &self.n.value; + let n_bits = self.n.bits; + let e = self.e.0; + + // The signature must be the same length as the modulus, in bytes. + if input.len() != self.n.len_bits().as_usize_bytes_rounded_up() { + return Err(error::Unspecified); + } + + // RFC 8017 Section 5.2.2: RSAVP1. + + // Step 1. + let s = bigint::Elem::from_be_bytes_padded(input, n)?; + if s.is_zero() { + return Err(error::Unspecified); + } + + // Step 2. + let m = bigint::elem_exp_vartime(s, e, n); + let m = m.into_unencoded(n); + + // Step 3. + Ok(fill_be_bytes_n(m, n_bits, out_buffer)) + } +} + +/// Returns the big-endian representation of `elem` that is +/// the same length as the minimal-length big-endian representation of +/// the modulus `n`. +/// +/// `n_bits` must be the bit length of the public modulus `n`. +fn fill_be_bytes_n( + elem: bigint::Elem<N, Unencoded>, + n_bits: bits::BitLength, + out: &mut [u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN], +) -> &[u8] { + let n_bytes = n_bits.as_usize_bytes_rounded_up(); + let n_bytes_padded = ((n_bytes + (LIMB_BYTES - 1)) / LIMB_BYTES) * LIMB_BYTES; + let out = &mut out[..n_bytes_padded]; + elem.fill_be_bytes(out); + let (padding, out) = out.split_at(n_bytes_padded - n_bytes); + assert!(padding.iter().all(|&b| b == 0)); + out +} + +#[derive(Clone)] +pub struct PublicModulus { + pub(in crate::rsa) value: bigint::Modulus<N>, + bits: bits::BitLength, +} + +impl core::fmt::Debug for PublicModulus { + fn fmt(&self, fmt: &mut ::core::fmt::Formatter) -> Result<(), ::core::fmt::Error> { + self.value.fmt(fmt) + } +} + +impl PublicModulus { + fn new( + n: untrusted::Input, + min_bits: bits::BitLength, + max_bits: bits::BitLength, + ) -> Result<Self, error::KeyRejected> { + // `pkcs1_encode` depends on this not being small. Otherwise, + // `pkcs1_encode` would generate padding that is invalid (too few 0xFF + // bytes) for very small keys. + const MIN_BITS: bits::BitLength = bits::BitLength::from_usize_bits(1024); + + // Step 3 / Step c for `n` (out of order). + let (value, bits) = bigint::Modulus::from_be_bytes_with_bit_length(n)?; + + // Step 1 / Step a. XXX: SP800-56Br1 and SP800-89 require the length of + // the public modulus to be exactly 2048 or 3072 bits, but we are more + // flexible to be compatible with other commonly-used crypto libraries. + assert!(min_bits >= MIN_BITS); + let bits_rounded_up = + bits::BitLength::from_usize_bytes(bits.as_usize_bytes_rounded_up()) + .map_err(|error::Unspecified| error::KeyRejected::unexpected_error())?; + if bits_rounded_up < min_bits { + return Err(error::KeyRejected::too_small()); + } + if bits > max_bits { + return Err(error::KeyRejected::too_large()); + } + + Ok(Self { value, bits }) + } + + #[inline] + pub(crate) fn len_bits(&self) -> bits::BitLength { + self.bits + } + + /// The length of the modulus in bytes. + #[inline] + pub fn len(&self) -> usize { + self.bits.as_usize_bytes_rounded_up() + } + + /// Returns the big-endian serislization of the modulus's value. + #[inline] + pub fn to_be_bytes(&self) -> Box<[u8]> { + self.value.to_be_bytes() + } +} + +#[derive(Clone)] +pub struct PublicExponent(pub(in crate::rsa) bigint::PublicExponent); + +impl PublicExponent { + fn new(e: untrusted::Input, e_min_value: u64) -> Result<Self, error::KeyRejected> { + // XXX: FIPS 186-4 seems to indicate that the minimum + // exponent value is 2**16 + 1, but it isn't clear if this is just for + // signing or also for verification. We support exponents of 3 and larger + // for compatibility with other commonly-used crypto libraries. + + // Step 2 / Step b. + // Step 3 / Step c for `e`. + Ok(Self(bigint::PublicExponent::from_be_bytes(e, e_min_value)?)) + } + + #[inline] + pub fn to_be_bytes(&self) -> Box<[u8]> { + self.0.to_be_bytes() + } +} + +impl core::fmt::Debug for PublicExponent { + fn fmt(&self, fmt: &mut ::core::fmt::Formatter) -> Result<(), ::core::fmt::Error> { + self.0.fmt(fmt) + } +} diff --git a/src/rsa/public/oaep.rs b/src/rsa/public/oaep.rs new file mode 100644 index 0000000..09cc1b9 --- /dev/null +++ b/src/rsa/public/oaep.rs @@ -0,0 +1,20 @@ +//! RSA OAEP encryption. + +use super::super::{padding, public, PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN}; +use crate::{error, rand}; +use alloc::boxed::Box; + +impl public::Key { + /// OAEP Encrypts `plaintext`, returning the ciphertext. + pub fn encrypt_oaep_bytes_less_safe( + &self, + encoding: &'static padding::OaepEncoding, + plaintext: &[u8], + rng: &dyn rand::SecureRandom, + ) -> Result<Box<[u8]>, error::Unspecified> { + let padded = padding::oaep_encode(encoding, plaintext, self.n().len_bits(), rng)?; + let mut ciphertext = [0u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN]; + let ciphertext = self.exponentiate(untrusted::Input::from(&padded), &mut ciphertext)?; + Ok(ciphertext.into()) + } +} diff --git a/src/rsa/signing.rs b/src/rsa/signing.rs deleted file mode 100644 index 52d857d..0000000 --- a/src/rsa/signing.rs +++ /dev/null @@ -1,645 +0,0 @@ -// Copyright 2015-2016 Brian Smith. -// -// Permission to use, copy, modify, and/or distribute this software for any -// purpose with or without fee is hereby granted, provided that the above -// copyright notice and this permission notice appear in all copies. -// -// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES -// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -use super::{ - bigint::{self, Prime}, - verification, RsaEncoding, N, -}; -/// RSA PKCS#1 1.5 signatures. -use crate::{ - arithmetic::montgomery::R, - bits, digest, - error::{self, KeyRejected}, - io::{self, der, der_writer}, - pkcs8, rand, signature, -}; -use alloc::boxed::Box; - -/// An RSA key pair, used for signing. -pub struct RsaKeyPair { - p: PrivatePrime<P>, - q: PrivatePrime<Q>, - qInv: bigint::Elem<P, R>, - qq: bigint::Modulus<QQ>, - q_mod_n: bigint::Elem<N, R>, - public: verification::Key, - public_key: RsaSubjectPublicKey, -} - -derive_debug_via_field!(RsaKeyPair, stringify!(RsaKeyPair), public_key); - -impl RsaKeyPair { - /// Parses an unencrypted PKCS#8-encoded RSA private key. - /// - /// Only two-prime (not multi-prime) keys are supported. The public modulus - /// (n) must be at least 2047 bits. The public modulus must be no larger - /// than 4096 bits. It is recommended that the public modulus be exactly - /// 2048 or 3072 bits. The public exponent must be at least 65537. - /// - /// This will generate a 2048-bit RSA private key of the correct form using - /// OpenSSL's command line tool: - /// - /// ```sh - /// openssl genpkey -algorithm RSA \ - /// -pkeyopt rsa_keygen_bits:2048 \ - /// -pkeyopt rsa_keygen_pubexp:65537 | \ - /// openssl pkcs8 -topk8 -nocrypt -outform der > rsa-2048-private-key.pk8 - /// ``` - /// - /// This will generate a 3072-bit RSA private key of the correct form: - /// - /// ```sh - /// openssl genpkey -algorithm RSA \ - /// -pkeyopt rsa_keygen_bits:3072 \ - /// -pkeyopt rsa_keygen_pubexp:65537 | \ - /// openssl pkcs8 -topk8 -nocrypt -outform der > rsa-3072-private-key.pk8 - /// ``` - /// - /// Often, keys generated for use in OpenSSL-based software are stored in - /// the Base64 “PEM” format without the PKCS#8 wrapper. Such keys can be - /// converted to binary PKCS#8 form using the OpenSSL command line tool like - /// this: - /// - /// ```sh - /// openssl pkcs8 -topk8 -nocrypt -outform der \ - /// -in rsa-2048-private-key.pem > rsa-2048-private-key.pk8 - /// ``` - /// - /// Base64 (“PEM”) PKCS#8-encoded keys can be converted to the binary PKCS#8 - /// form like this: - /// - /// ```sh - /// openssl pkcs8 -nocrypt -outform der \ - /// -in rsa-2048-private-key.pem > rsa-2048-private-key.pk8 - /// ``` - /// - /// The private key is validated according to [NIST SP-800-56B rev. 1] - /// section 6.4.1.4.3, crt_pkv (Intended Exponent-Creation Method Unknown), - /// with the following exceptions: - /// - /// * Section 6.4.1.2.1, Step 1: Neither a target security level nor an - /// expected modulus length is provided as a parameter, so checks - /// regarding these expectations are not done. - /// * Section 6.4.1.2.1, Step 3: Since neither the public key nor the - /// expected modulus length is provided as a parameter, the consistency - /// check between these values and the private key's value of n isn't - /// done. - /// * Section 6.4.1.2.1, Step 5: No primality tests are done, both for - /// performance reasons and to avoid any side channels that such tests - /// would provide. - /// * Section 6.4.1.2.1, Step 6, and 6.4.1.4.3, Step 7: - /// * *ring* has a slightly looser lower bound for the values of `p` - /// and `q` than what the NIST document specifies. This looser lower - /// bound matches what most other crypto libraries do. The check might - /// be tightened to meet NIST's requirements in the future. Similarly, - /// the check that `p` and `q` are not too close together is skipped - /// currently, but may be added in the future. - /// - The validity of the mathematical relationship of `dP`, `dQ`, `e` - /// and `n` is verified only during signing. Some size checks of `d`, - /// `dP` and `dQ` are performed at construction, but some NIST checks - /// are skipped because they would be expensive and/or they would leak - /// information through side channels. If a preemptive check of the - /// consistency of `dP`, `dQ`, `e` and `n` with each other is - /// necessary, that can be done by signing any message with the key - /// pair. - /// - /// * `d` is not fully validated, neither at construction nor during - /// signing. This is OK as far as *ring*'s usage of the key is - /// concerned because *ring* never uses the value of `d` (*ring* always - /// uses `p`, `q`, `dP` and `dQ` via the Chinese Remainder Theorem, - /// instead). However, *ring*'s checks would not be sufficient for - /// validating a key pair for use by some other system; that other - /// system must check the value of `d` itself if `d` is to be used. - /// - /// In addition to the NIST requirements, *ring* requires that `p > q` and - /// that `e` must be no more than 33 bits. - /// - /// See [RFC 5958] and [RFC 3447 Appendix A.1.2] for more details of the - /// encoding of the key. - /// - /// [NIST SP-800-56B rev. 1]: - /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf - /// - /// [RFC 3447 Appendix A.1.2]: - /// https://tools.ietf.org/html/rfc3447#appendix-A.1.2 - /// - /// [RFC 5958]: - /// https://tools.ietf.org/html/rfc5958 - pub fn from_pkcs8(pkcs8: &[u8]) -> Result<Self, KeyRejected> { - const RSA_ENCRYPTION: &[u8] = include_bytes!("../data/alg-rsa-encryption.der"); - let (der, _) = pkcs8::unwrap_key_( - untrusted::Input::from(&RSA_ENCRYPTION), - pkcs8::Version::V1Only, - untrusted::Input::from(pkcs8), - )?; - Self::from_der(der.as_slice_less_safe()) - } - - /// Parses an RSA private key that is not inside a PKCS#8 wrapper. - /// - /// The private key must be encoded as a binary DER-encoded ASN.1 - /// `RSAPrivateKey` as described in [RFC 3447 Appendix A.1.2]). In all other - /// respects, this is just like `from_pkcs8()`. See the documentation for - /// `from_pkcs8()` for more details. - /// - /// It is recommended to use `from_pkcs8()` (with a PKCS#8-encoded key) - /// instead. - /// - /// [RFC 3447 Appendix A.1.2]: - /// https://tools.ietf.org/html/rfc3447#appendix-A.1.2 - /// - /// [NIST SP-800-56B rev. 1]: - /// http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Br1.pdf - pub fn from_der(input: &[u8]) -> Result<Self, KeyRejected> { - untrusted::Input::from(input).read_all(KeyRejected::invalid_encoding(), |input| { - der::nested( - input, - der::Tag::Sequence, - error::KeyRejected::invalid_encoding(), - Self::from_der_reader, - ) - }) - } - - fn from_der_reader(input: &mut untrusted::Reader) -> Result<Self, KeyRejected> { - let version = der::small_nonnegative_integer(input) - .map_err(|error::Unspecified| KeyRejected::invalid_encoding())?; - if version != 0 { - return Err(KeyRejected::version_not_supported()); - } - - fn positive_integer<'a>( - input: &mut untrusted::Reader<'a>, - ) -> Result<io::Positive<'a>, KeyRejected> { - der::positive_integer(input) - .map_err(|error::Unspecified| KeyRejected::invalid_encoding()) - } - - let n = positive_integer(input)?; - let e = positive_integer(input)?; - let d = positive_integer(input)?.big_endian_without_leading_zero_as_input(); - let p = positive_integer(input)?.big_endian_without_leading_zero_as_input(); - let q = positive_integer(input)?.big_endian_without_leading_zero_as_input(); - let dP = positive_integer(input)?.big_endian_without_leading_zero_as_input(); - let dQ = positive_integer(input)?.big_endian_without_leading_zero_as_input(); - let qInv = positive_integer(input)?.big_endian_without_leading_zero_as_input(); - - let (p, p_bits) = bigint::Nonnegative::from_be_bytes_with_bit_length(p) - .map_err(|error::Unspecified| KeyRejected::invalid_encoding())?; - let (q, q_bits) = bigint::Nonnegative::from_be_bytes_with_bit_length(q) - .map_err(|error::Unspecified| KeyRejected::invalid_encoding())?; - - // Our implementation of CRT-based modular exponentiation used requires - // that `p > q` so swap them if `p < q`. If swapped, `qInv` is - // recalculated below. `p != q` is verified implicitly below, e.g. when - // `q_mod_p` is constructed. - let ((p, p_bits, dP), (q, q_bits, dQ, qInv)) = match q.verify_less_than(&p) { - Ok(_) => ((p, p_bits, dP), (q, q_bits, dQ, Some(qInv))), - Err(error::Unspecified) => { - // TODO: verify `q` and `qInv` are inverses (mod p). - ((q, q_bits, dQ), (p, p_bits, dP, None)) - } - }; - - // XXX: Some steps are done out of order, but the NIST steps are worded - // in such a way that it is clear that NIST intends for them to be done - // in order. TODO: Does this matter at all? - - // 6.4.1.4.3/6.4.1.2.1 - Step 1. - - // Step 1.a is omitted, as explained above. - - // Step 1.b is omitted per above. Instead, we check that the public - // modulus is 2048 to `PRIVATE_KEY_PUBLIC_MODULUS_MAX_BITS` bits. - // XXX: The maximum limit of 4096 bits is primarily due to lack of - // testing of larger key sizes; see, in particular, - // https://www.mail-archive.com/openssl-dev@openssl.org/msg44586.html - // and - // https://www.mail-archive.com/openssl-dev@openssl.org/msg44759.html. - // Also, this limit might help with memory management decisions later. - - // Step 1.c. We validate e >= 65537. - let public_key = verification::Key::from_modulus_and_exponent( - n.big_endian_without_leading_zero_as_input(), - e.big_endian_without_leading_zero_as_input(), - bits::BitLength::from_usize_bits(2048), - super::PRIVATE_KEY_PUBLIC_MODULUS_MAX_BITS, - 65537, - )?; - - // 6.4.1.4.3 says to skip 6.4.1.2.1 Step 2. - - // 6.4.1.4.3 Step 3. - - // Step 3.a is done below, out of order. - // Step 3.b is unneeded since `n_bits` is derived here from `n`. - - // 6.4.1.4.3 says to skip 6.4.1.2.1 Step 4. (We don't need to recover - // the prime factors since they are already given.) - - // 6.4.1.4.3 - Step 5. - - // Steps 5.a and 5.b are omitted, as explained above. - - // Step 5.c. - // - // TODO: First, stop if `p < (√2) * 2**((nBits/2) - 1)`. - // - // Second, stop if `p > 2**(nBits/2) - 1`. - let half_n_bits = public_key.n_bits.half_rounded_up(); - if p_bits != half_n_bits { - return Err(KeyRejected::inconsistent_components()); - } - - // TODO: Step 5.d: Verify GCD(p - 1, e) == 1. - - // Steps 5.e and 5.f are omitted as explained above. - - // Step 5.g. - // - // TODO: First, stop if `q < (√2) * 2**((nBits/2) - 1)`. - // - // Second, stop if `q > 2**(nBits/2) - 1`. - if p_bits != q_bits { - return Err(KeyRejected::inconsistent_components()); - } - - // TODO: Step 5.h: Verify GCD(p - 1, e) == 1. - - let q_mod_n_decoded = q - .to_elem(&public_key.n) - .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; - - // TODO: Step 5.i - // - // 3.b is unneeded since `n_bits` is derived here from `n`. - - // 6.4.1.4.3 - Step 3.a (out of order). - // - // Verify that p * q == n. We restrict ourselves to modular - // multiplication. We rely on the fact that we've verified - // 0 < q < p < n. We check that q and p are close to sqrt(n) and then - // assume that these preconditions are enough to let us assume that - // checking p * q == 0 (mod n) is equivalent to checking p * q == n. - let q_mod_n = bigint::elem_mul( - public_key.n.oneRR().as_ref(), - q_mod_n_decoded.clone(), - &public_key.n, - ); - let p_mod_n = p - .to_elem(&public_key.n) - .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; - let pq_mod_n = bigint::elem_mul(&q_mod_n, p_mod_n, &public_key.n); - if !pq_mod_n.is_zero() { - return Err(KeyRejected::inconsistent_components()); - } - - // 6.4.1.4.3/6.4.1.2.1 - Step 6. - - // Step 6.a, partial. - // - // First, validate `2**half_n_bits < d`. Since 2**half_n_bits has a bit - // length of half_n_bits + 1, this check gives us 2**half_n_bits <= d, - // and knowing d is odd makes the inequality strict. - let (d, d_bits) = bigint::Nonnegative::from_be_bytes_with_bit_length(d) - .map_err(|_| error::KeyRejected::invalid_encoding())?; - if !(half_n_bits < d_bits) { - return Err(KeyRejected::inconsistent_components()); - } - // XXX: This check should be `d < LCM(p - 1, q - 1)`, but we don't have - // a good way of calculating LCM, so it is omitted, as explained above. - d.verify_less_than_modulus(&public_key.n) - .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; - if !d.is_odd() { - return Err(KeyRejected::invalid_component()); - } - - // Step 6.b is omitted as explained above. - - // 6.4.1.4.3 - Step 7. - - // Step 7.a. - let p = PrivatePrime::new(p, dP)?; - - // Step 7.b. - let q = PrivatePrime::new(q, dQ)?; - - let q_mod_p = q.modulus.to_elem(&p.modulus); - - // Step 7.c. - let qInv = if let Some(qInv) = qInv { - bigint::Elem::from_be_bytes_padded(qInv, &p.modulus) - .map_err(|error::Unspecified| KeyRejected::invalid_component())? - } else { - // We swapped `p` and `q` above, so we need to calculate `qInv`. - // Step 7.f below will verify `qInv` is correct. - let q_mod_p = bigint::elem_mul(p.modulus.oneRR().as_ref(), q_mod_p.clone(), &p.modulus); - bigint::elem_inverse_consttime(q_mod_p, &p.modulus) - .map_err(|error::Unspecified| KeyRejected::unexpected_error())? - }; - - // Steps 7.d and 7.e are omitted per the documentation above, and - // because we don't (in the long term) have a good way to do modulo - // with an even modulus. - - // Step 7.f. - let qInv = bigint::elem_mul(p.modulus.oneRR().as_ref(), qInv, &p.modulus); - bigint::verify_inverses_consttime(&qInv, q_mod_p, &p.modulus) - .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; - - let qq = bigint::elem_mul(&q_mod_n, q_mod_n_decoded, &public_key.n).into_modulus::<QQ>()?; - - let public_key_serialized = RsaSubjectPublicKey::from_n_and_e(n, e); - - Ok(Self { - p, - q, - qInv, - q_mod_n, - qq, - public: public_key, - public_key: public_key_serialized, - }) - } - - /// Returns the length in bytes of the key pair's public modulus. - /// - /// A signature has the same length as the public modulus. - pub fn public_modulus_len(&self) -> usize { - self.public_key - .modulus() - .big_endian_without_leading_zero_as_input() - .as_slice_less_safe() - .len() - } -} - -impl signature::KeyPair for RsaKeyPair { - type PublicKey = RsaSubjectPublicKey; - - fn public_key(&self) -> &Self::PublicKey { - &self.public_key - } -} - -/// A serialized RSA public key. -#[derive(Clone)] -pub struct RsaSubjectPublicKey(Box<[u8]>); - -impl AsRef<[u8]> for RsaSubjectPublicKey { - fn as_ref(&self) -> &[u8] { - self.0.as_ref() - } -} - -derive_debug_self_as_ref_hex_bytes!(RsaSubjectPublicKey); - -impl RsaSubjectPublicKey { - fn from_n_and_e(n: io::Positive, e: io::Positive) -> Self { - let bytes = der_writer::write_all(der::Tag::Sequence, &|output| { - der_writer::write_positive_integer(output, &n); - der_writer::write_positive_integer(output, &e); - }); - RsaSubjectPublicKey(bytes) - } - - /// The public modulus (n). - pub fn modulus(&self) -> io::Positive { - // Parsing won't fail because we serialized it ourselves. - let (public_key, _exponent) = - super::parse_public_key(untrusted::Input::from(self.as_ref())).unwrap(); - public_key - } - - /// The public exponent (e). - pub fn exponent(&self) -> io::Positive { - // Parsing won't fail because we serialized it ourselves. - let (_public_key, exponent) = - super::parse_public_key(untrusted::Input::from(self.as_ref())).unwrap(); - exponent - } -} - -struct PrivatePrime<M: Prime> { - modulus: bigint::Modulus<M>, - exponent: bigint::PrivateExponent<M>, -} - -impl<M: Prime + Clone> PrivatePrime<M> { - /// Constructs a `PrivatePrime` from the private prime `p` and `dP` where - /// dP == d % (p - 1). - fn new(p: bigint::Nonnegative, dP: untrusted::Input) -> Result<Self, KeyRejected> { - let (p, p_bits) = bigint::Modulus::from_nonnegative_with_bit_length(p)?; - if p_bits.as_usize_bits() % 512 != 0 { - return Err(error::KeyRejected::private_modulus_len_not_multiple_of_512_bits()); - } - - // [NIST SP-800-56B rev. 1] 6.4.1.4.3 - Steps 7.a & 7.b. - let dP = bigint::PrivateExponent::from_be_bytes_padded(dP, &p) - .map_err(|error::Unspecified| KeyRejected::inconsistent_components())?; - - // XXX: Steps 7.d and 7.e are omitted. We don't check that - // `dP == d % (p - 1)` because we don't (in the long term) have a good - // way to do modulo with an even modulus. Instead we just check that - // `1 <= dP < p - 1`. We'll check it, to some unknown extent, when we - // do the private key operation, since we verify that the result of the - // private key operation using the CRT parameters is consistent with `n` - // and `e`. TODO: Either prove that what we do is sufficient, or make - // it so. - - Ok(PrivatePrime { - modulus: p, - exponent: dP, - }) - } -} - -fn elem_exp_consttime<M, MM>( - c: &bigint::Elem<MM>, - p: &PrivatePrime<M>, -) -> Result<bigint::Elem<M>, error::Unspecified> -where - M: bigint::NotMuchSmallerModulus<MM>, - M: Prime, -{ - let c_mod_m = bigint::elem_reduced(c, &p.modulus); - // We could precompute `oneRRR = elem_squared(&p.oneRR`) as mentioned - // in the Smooth CRT-RSA paper. - let c_mod_m = bigint::elem_mul(p.modulus.oneRR().as_ref(), c_mod_m, &p.modulus); - let c_mod_m = bigint::elem_mul(p.modulus.oneRR().as_ref(), c_mod_m, &p.modulus); - bigint::elem_exp_consttime(c_mod_m, &p.exponent, &p.modulus) -} - -// Type-level representations of the different moduli used in RSA signing, in -// addition to `super::N`. See `super::bigint`'s modulue-level documentation. - -#[derive(Copy, Clone)] -enum P {} -unsafe impl Prime for P {} -unsafe impl bigint::SmallerModulus<N> for P {} -unsafe impl bigint::NotMuchSmallerModulus<N> for P {} - -#[derive(Copy, Clone)] -enum QQ {} -unsafe impl bigint::SmallerModulus<N> for QQ {} -unsafe impl bigint::NotMuchSmallerModulus<N> for QQ {} - -// `q < p < 2*q` since `q` is slightly smaller than `p` (see below). Thus: -// -// q < p < 2*q -// q*q < p*q < 2*q*q. -// q**2 < n < 2*(q**2). -unsafe impl bigint::SlightlySmallerModulus<N> for QQ {} - -#[derive(Copy, Clone)] -enum Q {} -unsafe impl Prime for Q {} -unsafe impl bigint::SmallerModulus<N> for Q {} -unsafe impl bigint::SmallerModulus<P> for Q {} - -// q < p && `p.bit_length() == q.bit_length()` implies `q < p < 2*q`. -unsafe impl bigint::SlightlySmallerModulus<P> for Q {} - -unsafe impl bigint::SmallerModulus<QQ> for Q {} -unsafe impl bigint::NotMuchSmallerModulus<QQ> for Q {} - -impl RsaKeyPair { - /// Sign `msg`. `msg` is digested using the digest algorithm from - /// `padding_alg` and the digest is then padded using the padding algorithm - /// from `padding_alg`. The signature it written into `signature`; - /// `signature`'s length must be exactly the length returned by - /// `public_modulus_len()`. `rng` may be used to randomize the padding - /// (e.g. for PSS). - /// - /// Many other crypto libraries have signing functions that takes a - /// precomputed digest as input, instead of the message to digest. This - /// function does *not* take a precomputed digest; instead, `sign` - /// calculates the digest itself. - /// - /// Lots of effort has been made to make the signing operations close to - /// constant time to protect the private key from side channel attacks. On - /// x86-64, this is done pretty well, but not perfectly. On other - /// platforms, it is done less perfectly. - pub fn sign( - &self, - padding_alg: &'static dyn RsaEncoding, - rng: &dyn rand::SecureRandom, - msg: &[u8], - signature: &mut [u8], - ) -> Result<(), error::Unspecified> { - let mod_bits = self.public.n_bits; - if signature.len() != mod_bits.as_usize_bytes_rounded_up() { - return Err(error::Unspecified); - } - - let m_hash = digest::digest(padding_alg.digest_alg(), msg); - padding_alg.encode(&m_hash, signature, mod_bits, rng)?; - - // RFC 8017 Section 5.1.2: RSADP, using the Chinese Remainder Theorem - // with Garner's algorithm. - - let n = &self.public.n; - - // Step 1. The value zero is also rejected. - let base = bigint::Elem::from_be_bytes_padded(untrusted::Input::from(signature), n)?; - - // Step 2 - let c = base; - - // Step 2.b.i. - let m_1 = elem_exp_consttime(&c, &self.p)?; - let c_mod_qq = bigint::elem_reduced_once(&c, &self.qq); - let m_2 = elem_exp_consttime(&c_mod_qq, &self.q)?; - - // Step 2.b.ii isn't needed since there are only two primes. - - // Step 2.b.iii. - let p = &self.p.modulus; - let m_2 = bigint::elem_widen(m_2, p); - let m_1_minus_m_2 = bigint::elem_sub(m_1, &m_2, p); - let h = bigint::elem_mul(&self.qInv, m_1_minus_m_2, p); - - // Step 2.b.iv. The reduction in the modular multiplication isn't - // necessary because `h < p` and `p * q == n` implies `h * q < n`. - // Modular arithmetic is used simply to avoid implementing - // non-modular arithmetic. - let h = bigint::elem_widen(h, n); - let q_times_h = bigint::elem_mul(&self.q_mod_n, h, n); - let m_2 = bigint::elem_widen(m_2, n); - let m = bigint::elem_add(m_2, q_times_h, n); - - // Step 2.b.v isn't needed since there are only two primes. - - // Verify the result to protect against fault attacks as described - // in "On the Importance of Checking Cryptographic Protocols for - // Faults" by Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. - // This check is cheap assuming `e` is small, which is ensured during - // `KeyPair` construction. Note that this is the only validation of `e` - // that is done other than basic checks on its size, oddness, and - // minimum value, since the relationship of `e` to `d`, `p`, and `q` is - // not verified during `KeyPair` construction. - { - let verify = bigint::elem_exp_vartime(m.clone(), self.public.e, n); - let verify = verify.into_unencoded(n); - bigint::elem_verify_equal_consttime(&verify, &c)?; - } - - // Step 3. - // - // See Falko Strenzke, "Manger's Attack revisited", ICICS 2010. - m.fill_be_bytes(signature); - - Ok(()) - } -} - -#[cfg(test)] -mod tests { - // We intentionally avoid `use super::*` so that we are sure to use only - // the public API; this ensures that enough of the API is public. - use crate::{rand, signature}; - use alloc::vec; - - // `KeyPair::sign` requires that the output buffer is the same length as - // the public key modulus. Test what happens when it isn't the same length. - #[test] - fn test_signature_rsa_pkcs1_sign_output_buffer_len() { - // Sign the message "hello, world", using PKCS#1 v1.5 padding and the - // SHA256 digest algorithm. - const MESSAGE: &[u8] = b"hello, world"; - let rng = rand::SystemRandom::new(); - - const PRIVATE_KEY_DER: &[u8] = include_bytes!("signature_rsa_example_private_key.der"); - let key_pair = signature::RsaKeyPair::from_der(PRIVATE_KEY_DER).unwrap(); - - // The output buffer is one byte too short. - let mut signature = vec![0; key_pair.public_modulus_len() - 1]; - - assert!(key_pair - .sign(&signature::RSA_PKCS1_SHA256, &rng, MESSAGE, &mut signature) - .is_err()); - - // The output buffer is the right length. - signature.push(0); - assert!(key_pair - .sign(&signature::RSA_PKCS1_SHA256, &rng, MESSAGE, &mut signature) - .is_ok()); - - // The output buffer is one byte too long. - signature.push(0); - assert!(key_pair - .sign(&signature::RSA_PKCS1_SHA256, &rng, MESSAGE, &mut signature) - .is_err()); - } -} diff --git a/src/rsa/verification.rs b/src/rsa/verification.rs index f898f21..a8836e5 100644 --- a/src/rsa/verification.rs +++ b/src/rsa/verification.rs @@ -14,74 +14,8 @@ //! Verification of RSA signatures. -use super::{parse_public_key, RsaParameters, N, PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN}; -use crate::{ - arithmetic::{bigint, montgomery::Unencoded}, - bits, cpu, digest, error, - limb::LIMB_BYTES, - sealed, signature, -}; - -#[derive(Debug)] -pub struct Key { - pub n: bigint::Modulus<N>, - pub e: bigint::PublicExponent, - pub n_bits: bits::BitLength, -} - -impl Key { - pub fn from_modulus_and_exponent( - n: untrusted::Input, - e: untrusted::Input, - n_min_bits: bits::BitLength, - n_max_bits: bits::BitLength, - e_min_value: u64, - ) -> Result<Self, error::KeyRejected> { - // This is an incomplete implementation of NIST SP800-56Br1 Section - // 6.4.2.2, "Partial Public-Key Validation for RSA." That spec defers - // to NIST SP800-89 Section 5.3.3, "(Explicit) Partial Public Key - // Validation for RSA," "with the caveat that the length of the modulus - // shall be a length that is specified in this Recommendation." In - // SP800-89, two different sets of steps are given, one set numbered, - // and one set lettered. TODO: Document this in the end-user - // documentation for RSA keys. - - // Step 3 / Step c for `n` (out of order). - let (n, n_bits) = bigint::Modulus::from_be_bytes_with_bit_length(n)?; - - // `pkcs1_encode` depends on this not being small. Otherwise, - // `pkcs1_encode` would generate padding that is invalid (too few 0xFF - // bytes) for very small keys. - const N_MIN_BITS: bits::BitLength = bits::BitLength::from_usize_bits(1024); - - // Step 1 / Step a. XXX: SP800-56Br1 and SP800-89 require the length of - // the public modulus to be exactly 2048 or 3072 bits, but we are more - // flexible to be compatible with other commonly-used crypto libraries. - assert!(n_min_bits >= N_MIN_BITS); - let n_bits_rounded_up = - bits::BitLength::from_usize_bytes(n_bits.as_usize_bytes_rounded_up()) - .map_err(|error::Unspecified| error::KeyRejected::unexpected_error())?; - if n_bits_rounded_up < n_min_bits { - return Err(error::KeyRejected::too_small()); - } - if n_bits > n_max_bits { - return Err(error::KeyRejected::too_large()); - } - - // Step 2 / Step b. - // Step 3 / Step c for `e`. - let e = bigint::PublicExponent::from_be_bytes(e, e_min_value)?; - - // If `n` is less than `e` then somebody has probably accidentally swapped - // them. The largest acceptable `e` is smaller than the smallest acceptable - // `n`, so no additional checks need to be done. - - // XXX: Steps 4 & 5 / Steps d, e, & f are not implemented. This is also the - // case in most other commonly-used crypto libraries. - - Ok(Self { n, e, n_bits }) - } -} +use super::{padding, parse_public_key, public, RsaParameters, PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN}; +use crate::{bits, digest, error, sealed, signature}; impl signature::VerificationAlgorithm for RsaParameters { fn verify( @@ -91,15 +25,12 @@ impl signature::VerificationAlgorithm for RsaParameters { signature: untrusted::Input, ) -> Result<(), error::Unspecified> { let (n, e) = parse_public_key(public_key)?; - verify_rsa_( + public::Key::from_modulus_and_exponent( + n.big_endian_without_leading_zero(), + e.big_endian_without_leading_zero(), self, - ( - n.big_endian_without_leading_zero_as_input(), - e.big_endian_without_leading_zero_as_input(), - ), - msg, - signature, - ) + )? + .verify(self.padding_alg, msg, signature) } } @@ -137,7 +68,7 @@ rsa_params!( rsa_params!( RSA_PKCS1_1024_8192_SHA256_FOR_LEGACY_USE_ONLY, 1024, - &super::RSA_PKCS1_SHA256, + &super::padding::RSA_PKCS1_SHA256, "Verification of signatures using RSA keys of 1024-8192 bits, PKCS#1.5 padding, and SHA-256.\n\nSee \"`RSA_PKCS1_*` Details\" in `ring::signature`'s module-level documentation for more details." @@ -145,7 +76,7 @@ rsa_params!( rsa_params!( RSA_PKCS1_2048_8192_SHA256, 2048, - &super::RSA_PKCS1_SHA256, + &super::padding::RSA_PKCS1_SHA256, "Verification of signatures using RSA keys of 2048-8192 bits, PKCS#1.5 padding, and SHA-256.\n\nSee \"`RSA_PKCS1_*` Details\" in `ring::signature`'s module-level documentation for more details." @@ -153,7 +84,7 @@ rsa_params!( rsa_params!( RSA_PKCS1_2048_8192_SHA384, 2048, - &super::RSA_PKCS1_SHA384, + &super::padding::RSA_PKCS1_SHA384, "Verification of signatures using RSA keys of 2048-8192 bits, PKCS#1.5 padding, and SHA-384.\n\nSee \"`RSA_PKCS1_*` Details\" in `ring::signature`'s module-level documentation for more details." @@ -161,7 +92,7 @@ rsa_params!( rsa_params!( RSA_PKCS1_2048_8192_SHA512, 2048, - &super::RSA_PKCS1_SHA512, + &super::padding::RSA_PKCS1_SHA512, "Verification of signatures using RSA keys of 2048-8192 bits, PKCS#1.5 padding, and SHA-512.\n\nSee \"`RSA_PKCS1_*` Details\" in `ring::signature`'s module-level documentation for more details." @@ -169,7 +100,7 @@ rsa_params!( rsa_params!( RSA_PKCS1_1024_8192_SHA512_FOR_LEGACY_USE_ONLY, 1024, - &super::RSA_PKCS1_SHA512, + &super::padding::RSA_PKCS1_SHA512, "Verification of signatures using RSA keys of 1024-8192 bits, PKCS#1.5 padding, and SHA-512.\n\nSee \"`RSA_PKCS1_*` Details\" in `ring::signature`'s module-level documentation for more details." @@ -177,7 +108,7 @@ rsa_params!( rsa_params!( RSA_PKCS1_3072_8192_SHA384, 3072, - &super::RSA_PKCS1_SHA384, + &super::padding::RSA_PKCS1_SHA384, "Verification of signatures using RSA keys of 3072-8192 bits, PKCS#1.5 padding, and SHA-384.\n\nSee \"`RSA_PKCS1_*` Details\" in `ring::signature`'s module-level documentation for more details." @@ -186,7 +117,7 @@ rsa_params!( rsa_params!( RSA_PSS_2048_8192_SHA256, 2048, - &super::RSA_PSS_SHA256, + &super::padding::RSA_PSS_SHA256, "Verification of signatures using RSA keys of 2048-8192 bits, PSS padding, and SHA-256.\n\nSee \"`RSA_PSS_*` Details\" in `ring::signature`'s module-level documentation for more details." @@ -194,7 +125,7 @@ rsa_params!( rsa_params!( RSA_PSS_2048_8192_SHA384, 2048, - &super::RSA_PSS_SHA384, + &super::padding::RSA_PSS_SHA384, "Verification of signatures using RSA keys of 2048-8192 bits, PSS padding, and SHA-384.\n\nSee \"`RSA_PSS_*` Details\" in `ring::signature`'s module-level documentation for more details." @@ -202,51 +133,13 @@ rsa_params!( rsa_params!( RSA_PSS_2048_8192_SHA512, 2048, - &super::RSA_PSS_SHA512, + &super::padding::RSA_PSS_SHA512, "Verification of signatures using RSA keys of 2048-8192 bits, PSS padding, and SHA-512.\n\nSee \"`RSA_PSS_*` Details\" in `ring::signature`'s module-level documentation for more details." ); -/// Low-level API for the verification of RSA signatures. -/// -/// When the public key is in DER-encoded PKCS#1 ASN.1 format, it is -/// recommended to use `ring::signature::verify()` with -/// `ring::signature::RSA_PKCS1_*`, because `ring::signature::verify()` -/// will handle the parsing in that case. Otherwise, this function can be used -/// to pass in the raw bytes for the public key components as -/// `untrusted::Input` arguments. -// -// There are a small number of tests that test this directly, but the -// test coverage for this function mostly depends on the test coverage for the -// `signature::VerificationAlgorithm` implementation for `RsaParameters`. If we -// change that, test coverage for `verify_rsa()` will need to be reconsidered. -// (The NIST test vectors were originally in a form that was optimized for -// testing `verify_rsa` directly, but the testing work for RSA PKCS#1 -// verification was done during the implementation of -// `signature::VerificationAlgorithm`, before `verify_rsa` was factored out). -#[derive(Debug)] -pub struct RsaPublicKeyComponents<B: AsRef<[u8]> + core::fmt::Debug> { - /// The public modulus, encoded in big-endian bytes without leading zeros. - pub n: B, - - /// The public exponent, encoded in big-endian bytes without leading zeros. - pub e: B, -} - -impl<B: Copy> Copy for RsaPublicKeyComponents<B> where B: AsRef<[u8]> + core::fmt::Debug {} - -impl<B: Clone> Clone for RsaPublicKeyComponents<B> -where - B: AsRef<[u8]> + core::fmt::Debug, -{ - fn clone(&self) -> Self { - Self { - n: self.n.clone(), - e: self.e.clone(), - } - } -} +pub use super::public::Components as RsaPublicKeyComponents; impl<B> RsaPublicKeyComponents<B> where @@ -256,82 +149,54 @@ where /// as the public key. `params` determine what algorithm parameters /// (padding, digest algorithm, key length range, etc.) are used in the /// verification. + /// + /// When the public key is in DER-encoded PKCS#1 ASN.1 format, it is + /// recommended to use `ring::signature::verify()` with + /// `ring::signature::RSA_PKCS1_*`, because `ring::signature::verify()` + /// will handle the parsing in that case. Otherwise, this function can be used + /// to pass in the raw bytes for the public key components as + /// `untrusted::Input` arguments. + // + // There are a small number of tests t that test this directly, but the + // test coverage for this function moscfnkgtly depends on the test coverage for the + // `signature::VerificationAlgorithm` impleinjtihmentation for `RsaParameters`. If we + // change that, test coverage for `verify_rsa()` rjudnlwill need to be reconsidered. + // (The NIST test vectors were originally in a form thafuuhdct was optimized for + // testing `verify_rsa` directly, but the testing work for RSlgrceA PKCS#1 + // verification was done during the implementation oflfifhv + // `signature::VerificationAlgorithm`, before `verify_rsa` vfjcj + // was factored out). pub fn verify( &self, params: &RsaParameters, message: &[u8], signature: &[u8], ) -> Result<(), error::Unspecified> { - let _ = cpu::features(); - verify_rsa_( - params, - ( - untrusted::Input::from(self.n.as_ref()), - untrusted::Input::from(self.e.as_ref()), - ), + let key = super::public::Key::try_from_components(self, params)?; + key.verify( + params.padding_alg, untrusted::Input::from(message), untrusted::Input::from(signature), ) } } -pub(crate) fn verify_rsa_( - params: &RsaParameters, - (n, e): (untrusted::Input, untrusted::Input), - msg: untrusted::Input, - signature: untrusted::Input, -) -> Result<(), error::Unspecified> { - let max_bits = bits::BitLength::from_usize_bytes(PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN)?; - - // XXX: FIPS 186-4 seems to indicate that the minimum - // exponent value is 2**16 + 1, but it isn't clear if this is just for - // signing or also for verification. We support exponents of 3 and larger - // for compatibility with other commonly-used crypto libraries. - let Key { n, e, n_bits } = Key::from_modulus_and_exponent(n, e, params.min_bits, max_bits, 3)?; - - // The signature must be the same length as the modulus, in bytes. - if signature.len() != n_bits.as_usize_bytes_rounded_up() { - return Err(error::Unspecified); - } +impl public::Key { + pub(in crate::rsa) fn verify( + &self, + padding_alg: &'static dyn padding::Verification, + msg: untrusted::Input, + signature: untrusted::Input, + ) -> Result<(), error::Unspecified> { + // RFC 8017 Section 5.2.2: RSAVP1. - // RFC 8017 Section 5.2.2: RSAVP1. + let mut decoded = [0u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN]; + let decoded = self.exponentiate(signature, &mut decoded)?; - // Step 1. - let s = bigint::Elem::from_be_bytes_padded(signature, &n)?; - if s.is_zero() { - return Err(error::Unspecified); + // Verify the padded message is correct. + let m_hash = digest::digest(padding_alg.digest_alg(), msg.as_slice_less_safe()); + untrusted::Input::from(decoded).read_all(error::Unspecified, |m| { + padding_alg.verify(m_hash, m, self.n().len_bits()) + }) } - - // Step 2. - let m = bigint::elem_exp_vartime(s, e, &n); - let m = m.into_unencoded(&n); - - // Step 3. - let mut decoded = [0u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN]; - let decoded = fill_be_bytes_n(m, n_bits, &mut decoded); - - // Verify the padded message is correct. - let m_hash = digest::digest(params.padding_alg.digest_alg(), msg.as_slice_less_safe()); - untrusted::Input::from(decoded).read_all(error::Unspecified, |m| { - params.padding_alg.verify(&m_hash, m, n_bits) - }) -} - -/// Returns the big-endian representation of `elem` that is -/// the same length as the minimal-length big-endian representation of -/// the modulus `n`. -/// -/// `n_bits` must be the bit length of the public modulus `n`. -fn fill_be_bytes_n( - elem: bigint::Elem<N, Unencoded>, - n_bits: bits::BitLength, - out: &mut [u8; PUBLIC_KEY_PUBLIC_MODULUS_MAX_LEN], -) -> &[u8] { - let n_bytes = n_bits.as_usize_bytes_rounded_up(); - let n_bytes_padded = ((n_bytes + (LIMB_BYTES - 1)) / LIMB_BYTES) * LIMB_BYTES; - let out = &mut out[..n_bytes_padded]; - elem.fill_be_bytes(out); - let (padding, out) = out.split_at(n_bytes_padded - n_bytes); - assert!(padding.iter().all(|&b| b == 0)); - out } diff --git a/src/signature.rs b/src/signature.rs index bef92dc..1c6e3e8 100644 --- a/src/signature.rs +++ b/src/signature.rs @@ -278,9 +278,21 @@ pub use crate::ec::{ #[cfg(feature = "alloc")] pub use crate::rsa::{ - signing::RsaKeyPair, - signing::RsaSubjectPublicKey, + keypair::signing::{RsaKeyPair, RsaSubjectPublicKey}, + padding::{ + RsaEncoding, + // `RSA_PKCS1_SHA1` is intentionally not exposed. At a minimum, we'd need + // to create test vectors for signing with it, which we don't currently + // have. But, it's a bad idea to use SHA-1 anyway, so perhaps we just won't + // ever expose it. + RSA_PKCS1_SHA256, + RSA_PKCS1_SHA384, + RSA_PKCS1_SHA512, + RSA_PSS_SHA256, + RSA_PSS_SHA384, + RSA_PSS_SHA512, + }, verification::{ RsaPublicKeyComponents, RSA_PKCS1_1024_8192_SHA1_FOR_LEGACY_USE_ONLY, RSA_PKCS1_1024_8192_SHA256_FOR_LEGACY_USE_ONLY, @@ -289,21 +301,7 @@ pub use crate::rsa::{ RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256, RSA_PSS_2048_8192_SHA384, RSA_PSS_2048_8192_SHA512, }, - - RsaEncoding, RsaParameters, - - // `RSA_PKCS1_SHA1` is intentionally not exposed. At a minimum, we'd need - // to create test vectors for signing with it, which we don't currently - // have. But, it's a bad idea to use SHA-1 anyway, so perhaps we just won't - // ever expose it. - RSA_PKCS1_SHA256, - RSA_PKCS1_SHA384, - RSA_PKCS1_SHA512, - - RSA_PSS_SHA256, - RSA_PSS_SHA384, - RSA_PSS_SHA512, }; /// A public key signature returned from a signing operation. diff --git a/src/test.rs b/src/test.rs index 3049688..a55f7b7 100644 --- a/src/test.rs +++ b/src/test.rs @@ -134,6 +134,10 @@ pub fn compile_time_assert_clone<T: Clone>() {} /// implement `Copy`. pub fn compile_time_assert_copy<T: Copy>() {} +/// `compile_time_assert_eq::<T>();` fails to compile if `T` doesn't +/// implement `Eq`. +pub fn compile_time_assert_eq<T: Eq>() {} + /// `compile_time_assert_send::<T>();` fails to compile if `T` doesn't /// implement `Send`. pub fn compile_time_assert_send<T: Send>() {} diff --git a/tests/aead_tests.rs b/tests/aead_tests.rs index 75e0e9e..0862072 100644 --- a/tests/aead_tests.rs +++ b/tests/aead_tests.rs @@ -15,274 +15,357 @@ #![cfg(any(not(target_arch = "wasm32"), feature = "wasm32_c"))] #[cfg(target_arch = "wasm32")] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(target_arch = "wasm32")] wasm_bindgen_test_configure!(run_in_browser); -use core::ops::RangeFrom; +use core::{convert::TryInto, ops::RangeFrom}; use ring::{aead, error, test, test_file}; -#[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] -fn aead_aes_gcm_128() { - test_aead( - &aead::AES_128_GCM, - seal_with_key, - open_with_key, - test_file!("aead_aes_128_gcm_tests.txt"), - ); - test_aead( - &aead::AES_128_GCM, - seal_with_less_safe_key, - open_with_less_safe_key, - test_file!("aead_aes_128_gcm_tests.txt"), - ); +/// Generate the known answer test functions for the given algorithm and test +/// case input file, where each test is implemented by a test in `$test`. +/// +/// All of these tests can be run in parallel. +macro_rules! test_known_answer { + ( $alg:ident, $test_file:expr, [ $( $test:ident ),+, ] ) => { + $( + #[test] + fn $test() { + test_aead( + &aead::$alg, + super::super::$test, + test_file!($test_file)); + } + )+ + } } -#[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] -fn aead_aes_gcm_256() { - test_aead( - &aead::AES_256_GCM, - seal_with_key, - open_with_key, - test_file!("aead_aes_256_gcm_tests.txt"), - ); - test_aead( - &aead::AES_256_GCM, - seal_with_less_safe_key, - open_with_less_safe_key, - test_file!("aead_aes_256_gcm_tests.txt"), - ); +/// Generate the tests for a given algorithm. +/// +/// All of these tests can be run in parallel. +macro_rules! test_aead { + { $( { $alg:ident, $test_file:expr } ),+, } => { + mod aead_test { // Make `cargo test aead` include these files. + $( + #[allow(non_snake_case)] + mod $alg { // Provide a separate namespace for each algorithm's test. + #[cfg(not(target_arch = "wasm32"))] + use super::super::*; + + #[cfg(target_arch = "wasm32")] + use super::super::{*, test}; + + test_known_answer!( + $alg, + $test_file, + [ + less_safe_key_open_in_place, + less_safe_key_open_within, + less_safe_key_seal_in_place_append_tag, + less_safe_key_seal_in_place_separate_tag, + opening_key_open_in_place, + opening_key_open_within, + sealing_key_seal_in_place_append_tag, + sealing_key_seal_in_place_separate_tag, + ]); + + #[test] + fn key_sizes() { + super::super::key_sizes(&aead::$alg); + } + } + )+ + } + } } -#[cfg(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" -))] -#[test] -fn aead_chacha20_poly1305() { - test_aead( - &aead::CHACHA20_POLY1305, - seal_with_key, - open_with_key, - test_file!("aead_chacha20_poly1305_tests.txt"), - ); - test_aead( - &aead::CHACHA20_POLY1305, - seal_with_less_safe_key, - open_with_less_safe_key, - test_file!("aead_chacha20_poly1305_tests.txt"), - ); +test_aead! { + { AES_128_GCM, "aead_aes_128_gcm_tests.txt" }, + { AES_256_GCM, "aead_aes_256_gcm_tests.txt" }, + { CHACHA20_POLY1305, "aead_chacha20_poly1305_tests.txt" }, } -fn test_aead<Seal, Open>( +struct KnownAnswerTestCase<'a> { + key: &'a [u8], + nonce: [u8; aead::NONCE_LEN], + plaintext: &'a [u8], + aad: aead::Aad<&'a [u8]>, + ciphertext: &'a [u8], + tag: &'a [u8], +} + +fn test_aead( aead_alg: &'static aead::Algorithm, - seal: Seal, - open: Open, + f: impl Fn(&'static aead::Algorithm, KnownAnswerTestCase) -> Result<(), error::Unspecified>, test_file: test::File, -) where - Seal: Fn( - &'static aead::Algorithm, - &[u8], - aead::Nonce, - aead::Aad<&[u8]>, - &mut Vec<u8>, - ) -> Result<(), error::Unspecified>, - Open: for<'a> Fn( - &'static aead::Algorithm, - &[u8], - aead::Nonce, - aead::Aad<&[u8]>, - &'a mut [u8], - RangeFrom<usize>, - ) -> Result<&'a mut [u8], error::Unspecified>, -{ - test_aead_key_sizes(aead_alg); - +) { test::run(test_file, |section, test_case| { assert_eq!(section, ""); - let key_bytes = test_case.consume_bytes("KEY"); - let nonce_bytes = test_case.consume_bytes("NONCE"); + let key = test_case.consume_bytes("KEY"); + let nonce = test_case.consume_bytes("NONCE"); let plaintext = test_case.consume_bytes("IN"); let aad = test_case.consume_bytes("AD"); - let mut ct = test_case.consume_bytes("CT"); + let ct = test_case.consume_bytes("CT"); let tag = test_case.consume_bytes("TAG"); let error = test_case.consume_optional_string("FAILS"); - match &error { - Some(err) if err == "WRONG_NONCE_LENGTH" => { - assert!(aead::Nonce::try_assume_unique_for_key(&nonce_bytes).is_err()); + match error.as_deref() { + Some("WRONG_NONCE_LENGTH") => { + assert!(matches!( + aead::Nonce::try_assume_unique_for_key(&nonce), + Err(error::Unspecified) + )); return Ok(()); } - _ => (), + Some(unexpected) => { + unreachable!("unexpected error in test data: {}", unexpected); + } + None => {} }; - let mut s_in_out = plaintext.clone(); - let nonce = aead::Nonce::try_assume_unique_for_key(&nonce_bytes).unwrap(); - let s_result = seal( - aead_alg, - &key_bytes[..], - nonce, - aead::Aad::from(&aad[..]), - &mut s_in_out, - ); + let test_case = KnownAnswerTestCase { + key: &key, + nonce: nonce.as_slice().try_into().unwrap(), + plaintext: &plaintext, + aad: aead::Aad::from(&aad), + ciphertext: &ct, + tag: &tag, + }; - ct.extend(tag); + f(aead_alg, test_case) + }) +} - if s_result.is_ok() { - assert_eq!(&ct, &s_in_out); - } +fn test_seal_append_tag<Seal>( + tc: &KnownAnswerTestCase, + seal: Seal, +) -> Result<(), error::Unspecified> +where + Seal: FnOnce(aead::Nonce, &mut Vec<u8>) -> Result<(), error::Unspecified>, +{ + let mut in_out = Vec::from(tc.plaintext); + seal(aead::Nonce::assume_unique_for_key(tc.nonce), &mut in_out)?; - // In release builds, test all prefix lengths from 0 to 4096 bytes. - // Debug builds are too slow for this, so for those builds, only - // test a smaller subset. - - // TLS record headers are 5 bytes long. - // TLS explicit nonces for AES-GCM are 8 bytes long. - static MINIMAL_IN_PREFIX_LENS: [usize; 36] = [ - // No input prefix to overwrite; i.e. the opening is exactly - // "in place." - 0, - 1, - 2, - // Proposed TLS 1.3 header (no explicit nonce). - 5, - 8, - // Probably the most common use of a non-zero `in_prefix_len` - // would be to write a decrypted TLS record over the top of the - // TLS header and nonce. - 5 /* record header */ + 8, /* explicit nonce */ - // The stitched AES-GCM x86-64 code works on 6-block (96 byte) - // units. Some of the ChaCha20 code is even weirder. - 15, // The maximum partial AES block. - 16, // One AES block. - 17, // One byte more than a full AES block. - 31, // 2 AES blocks or 1 ChaCha20 block, minus 1. - 32, // Two AES blocks, one ChaCha20 block. - 33, // 2 AES blocks or 1 ChaCha20 block, plus 1. - 47, // Three AES blocks - 1. - 48, // Three AES blocks. - 49, // Three AES blocks + 1. - 63, // Four AES blocks or two ChaCha20 blocks, minus 1. - 64, // Four AES blocks or two ChaCha20 blocks. - 65, // Four AES blocks or two ChaCha20 blocks, plus 1. - 79, // Five AES blocks, minus 1. - 80, // Five AES blocks. - 81, // Five AES blocks, plus 1. - 95, // Six AES blocks or three ChaCha20 blocks, minus 1. - 96, // Six AES blocks or three ChaCha20 blocks. - 97, // Six AES blocks or three ChaCha20 blocks, plus 1. - 111, // Seven AES blocks, minus 1. - 112, // Seven AES blocks. - 113, // Seven AES blocks, plus 1. - 127, // Eight AES blocks or four ChaCha20 blocks, minus 1. - 128, // Eight AES blocks or four ChaCha20 blocks. - 129, // Eight AES blocks or four ChaCha20 blocks, plus 1. - 143, // Nine AES blocks, minus 1. - 144, // Nine AES blocks. - 145, // Nine AES blocks, plus 1. - 255, // 16 AES blocks or 8 ChaCha20 blocks, minus 1. - 256, // 16 AES blocks or 8 ChaCha20 blocks. - 257, // 16 AES blocks or 8 ChaCha20 blocks, plus 1. - ]; - - let mut more_comprehensive_in_prefix_lengths = [0; 4096]; - let in_prefix_lengths = if cfg!(debug_assertions) { - &MINIMAL_IN_PREFIX_LENS[..] - } else { - #[allow(clippy::needless_range_loop)] - for b in 0..more_comprehensive_in_prefix_lengths.len() { - more_comprehensive_in_prefix_lengths[b] = b; - } - &more_comprehensive_in_prefix_lengths[..] - }; - let mut o_in_out = vec![123u8; 4096]; - - for &in_prefix_len in in_prefix_lengths.iter() { - o_in_out.truncate(0); - o_in_out.resize(in_prefix_len, 123); - o_in_out.extend_from_slice(&ct[..]); - - let nonce = aead::Nonce::try_assume_unique_for_key(&nonce_bytes).unwrap(); - let o_result = open( - aead_alg, - &key_bytes, - nonce, - aead::Aad::from(&aad[..]), - &mut o_in_out, - in_prefix_len.., - ); - match error { - None => { - assert!(s_result.is_ok()); - assert_eq!(&plaintext[..], o_result.unwrap()); - } - Some(ref error) if error == "WRONG_NONCE_LENGTH" => { - assert_eq!(Err(error::Unspecified), s_result); - assert_eq!(Err(error::Unspecified), o_result); - } - Some(error) => { - unreachable!("Unexpected error test case: {}", error); - } - }; + let mut expected_ciphertext_and_tag = Vec::from(tc.ciphertext); + expected_ciphertext_and_tag.extend_from_slice(tc.tag); + + assert_eq!(in_out, expected_ciphertext_and_tag); + + Ok(()) +} + +fn test_seal_separate_tag<Seal>( + tc: &KnownAnswerTestCase, + seal: Seal, +) -> Result<(), error::Unspecified> +where + Seal: Fn(aead::Nonce, &mut [u8]) -> Result<aead::Tag, error::Unspecified>, +{ + let mut in_out = Vec::from(tc.plaintext); + let actual_tag = seal(aead::Nonce::assume_unique_for_key(tc.nonce), &mut in_out)?; + assert_eq!(actual_tag.as_ref(), tc.tag); + assert_eq!(in_out, tc.ciphertext); + + Ok(()) +} + +fn test_open_in_place<OpenInPlace>( + tc: &KnownAnswerTestCase<'_>, + open_in_place: OpenInPlace, +) -> Result<(), error::Unspecified> +where + OpenInPlace: + for<'a> FnOnce(aead::Nonce, &'a mut [u8]) -> Result<&'a mut [u8], error::Unspecified>, +{ + let nonce = aead::Nonce::assume_unique_for_key(tc.nonce); + + let mut in_out = Vec::from(tc.ciphertext); + in_out.extend_from_slice(tc.tag); + + let actual_plaintext = open_in_place(nonce, &mut in_out)?; + + assert_eq!(actual_plaintext, tc.plaintext); + assert_eq!(&in_out[..tc.plaintext.len()], tc.plaintext); + Ok(()) +} + +fn test_open_within<OpenWithin>( + tc: &KnownAnswerTestCase<'_>, + open_within: OpenWithin, +) -> Result<(), error::Unspecified> +where + OpenWithin: for<'a> Fn( + aead::Nonce, + &'a mut [u8], + RangeFrom<usize>, + ) -> Result<&'a mut [u8], error::Unspecified>, +{ + // In release builds, test all prefix lengths from 0 to 4096 bytes. + // Debug builds are too slow for this, so for those builds, only + // test a smaller subset. + + // TLS record headers are 5 bytes long. + // TLS explicit nonces for AES-GCM are 8 bytes long. + static MINIMAL_IN_PREFIX_LENS: [usize; 36] = [ + // No input prefix to overwrite; i.e. the opening is exactly + // "in place." + 0, + 1, + 2, + // Proposed TLS 1.3 header (no explicit nonce). + 5, + 8, + // Probably the most common use of a non-zero `in_prefix_len` + // would be to write a decrypted TLS record over the top of the + // TLS header and nonce. + 5 /* record header */ + 8, /* explicit nonce */ + // The stitched AES-GCM x86-64 code works on 6-block (96 byte) + // units. Some of the ChaCha20 code is even weirder. + 15, // The maximum partial AES block. + 16, // One AES block. + 17, // One byte more than a full AES block. + 31, // 2 AES blocks or 1 ChaCha20 block, minus 1. + 32, // Two AES blocks, one ChaCha20 block. + 33, // 2 AES blocks or 1 ChaCha20 block, plus 1. + 47, // Three AES blocks - 1. + 48, // Three AES blocks. + 49, // Three AES blocks + 1. + 63, // Four AES blocks or two ChaCha20 blocks, minus 1. + 64, // Four AES blocks or two ChaCha20 blocks. + 65, // Four AES blocks or two ChaCha20 blocks, plus 1. + 79, // Five AES blocks, minus 1. + 80, // Five AES blocks. + 81, // Five AES blocks, plus 1. + 95, // Six AES blocks or three ChaCha20 blocks, minus 1. + 96, // Six AES blocks or three ChaCha20 blocks. + 97, // Six AES blocks or three ChaCha20 blocks, plus 1. + 111, // Seven AES blocks, minus 1. + 112, // Seven AES blocks. + 113, // Seven AES blocks, plus 1. + 127, // Eight AES blocks or four ChaCha20 blocks, minus 1. + 128, // Eight AES blocks or four ChaCha20 blocks. + 129, // Eight AES blocks or four ChaCha20 blocks, plus 1. + 143, // Nine AES blocks, minus 1. + 144, // Nine AES blocks. + 145, // Nine AES blocks, plus 1. + 255, // 16 AES blocks or 8 ChaCha20 blocks, minus 1. + 256, // 16 AES blocks or 8 ChaCha20 blocks. + 257, // 16 AES blocks or 8 ChaCha20 blocks, plus 1. + ]; + + let mut more_comprehensive_in_prefix_lengths = [0; 4096]; + let in_prefix_lengths = if cfg!(debug_assertions) { + &MINIMAL_IN_PREFIX_LENS[..] + } else { + #[allow(clippy::needless_range_loop)] + for b in 0..more_comprehensive_in_prefix_lengths.len() { + more_comprehensive_in_prefix_lengths[b] = b; } + &more_comprehensive_in_prefix_lengths[..] + }; + let mut in_out = vec![123u8; 4096]; + + for &in_prefix_len in in_prefix_lengths.iter() { + in_out.truncate(0); + in_out.resize(in_prefix_len, 123); + in_out.extend_from_slice(tc.ciphertext); + in_out.extend_from_slice(tc.tag); + + let actual_plaintext = open_within( + aead::Nonce::assume_unique_for_key(tc.nonce), + &mut in_out, + in_prefix_len.., + )?; + assert_eq!(actual_plaintext, tc.plaintext); + assert_eq!(&in_out[..tc.plaintext.len()], tc.plaintext); + } - Ok(()) - }); + Ok(()) } -fn seal_with_key( - algorithm: &'static aead::Algorithm, - key: &[u8], - nonce: aead::Nonce, - aad: aead::Aad<&[u8]>, - in_out: &mut Vec<u8>, +fn sealing_key_seal_in_place_append_tag( + alg: &'static aead::Algorithm, + tc: KnownAnswerTestCase, ) -> Result<(), error::Unspecified> { - let mut s_key: aead::SealingKey<OneNonceSequence> = make_key(algorithm, key, nonce); - s_key.seal_in_place_append_tag(aad, in_out) + test_seal_append_tag(&tc, |nonce, in_out| { + let mut key: aead::SealingKey<OneNonceSequence> = make_key(alg, tc.key, nonce); + key.seal_in_place_append_tag(tc.aad, in_out) + }) } -fn open_with_key<'a>( - algorithm: &'static aead::Algorithm, - key: &[u8], - nonce: aead::Nonce, - aad: aead::Aad<&[u8]>, - in_out: &'a mut [u8], - ciphertext_and_tag: RangeFrom<usize>, -) -> Result<&'a mut [u8], error::Unspecified> { - let mut o_key: aead::OpeningKey<OneNonceSequence> = make_key(algorithm, key, nonce); - o_key.open_within(aad, in_out, ciphertext_and_tag) +fn sealing_key_seal_in_place_separate_tag( + alg: &'static aead::Algorithm, + tc: KnownAnswerTestCase, +) -> Result<(), error::Unspecified> { + test_seal_separate_tag(&tc, |nonce, in_out| { + let mut key: aead::SealingKey<_> = make_key(alg, tc.key, nonce); + key.seal_in_place_separate_tag(tc.aad, in_out) + }) } -fn seal_with_less_safe_key( - algorithm: &'static aead::Algorithm, - key: &[u8], - nonce: aead::Nonce, - aad: aead::Aad<&[u8]>, - in_out: &mut Vec<u8>, +fn opening_key_open_in_place( + alg: &'static aead::Algorithm, + tc: KnownAnswerTestCase, ) -> Result<(), error::Unspecified> { - let key = make_less_safe_key(algorithm, key); - key.seal_in_place_append_tag(nonce, aad, in_out) + test_open_in_place(&tc, |nonce, in_out| { + let mut key: aead::OpeningKey<_> = make_key(alg, tc.key, nonce); + key.open_in_place(tc.aad, in_out) + }) } -fn open_with_less_safe_key<'a>( - algorithm: &'static aead::Algorithm, - key: &[u8], - nonce: aead::Nonce, - aad: aead::Aad<&[u8]>, - in_out: &'a mut [u8], - ciphertext_and_tag: RangeFrom<usize>, -) -> Result<&'a mut [u8], error::Unspecified> { - let key = make_less_safe_key(algorithm, key); - key.open_within(nonce, aad, in_out, ciphertext_and_tag) +fn opening_key_open_within( + alg: &'static aead::Algorithm, + tc: KnownAnswerTestCase, +) -> Result<(), error::Unspecified> { + test_open_within(&tc, |nonce, in_out, ciphertext_and_tag| { + let mut key: aead::OpeningKey<OneNonceSequence> = make_key(alg, tc.key, nonce); + key.open_within(tc.aad, in_out, ciphertext_and_tag) + }) +} + +fn less_safe_key_seal_in_place_append_tag( + alg: &'static aead::Algorithm, + tc: KnownAnswerTestCase, +) -> Result<(), error::Unspecified> { + test_seal_append_tag(&tc, |nonce, in_out| { + let key = make_less_safe_key(alg, tc.key); + key.seal_in_place_append_tag(nonce, tc.aad, in_out) + }) +} + +fn less_safe_key_open_in_place( + alg: &'static aead::Algorithm, + tc: KnownAnswerTestCase, +) -> Result<(), error::Unspecified> { + test_open_in_place(&tc, |nonce, in_out| { + let key = make_less_safe_key(alg, tc.key); + key.open_in_place(nonce, tc.aad, in_out) + }) +} + +fn less_safe_key_seal_in_place_separate_tag( + alg: &'static aead::Algorithm, + tc: KnownAnswerTestCase, +) -> Result<(), error::Unspecified> { + test_seal_separate_tag(&tc, |nonce, in_out| { + let key = make_less_safe_key(alg, tc.key); + key.seal_in_place_separate_tag(nonce, tc.aad, in_out) + }) +} + +fn less_safe_key_open_within( + alg: &'static aead::Algorithm, + tc: KnownAnswerTestCase, +) -> Result<(), error::Unspecified> { + test_open_within(&tc, |nonce, in_out, ciphertext_and_tag| { + let key = make_less_safe_key(alg, tc.key); + key.open_within(nonce, tc.aad, in_out, ciphertext_and_tag) + }) } #[allow(clippy::range_plus_one)] -fn test_aead_key_sizes(aead_alg: &'static aead::Algorithm) { +fn key_sizes(aead_alg: &'static aead::Algorithm) { let key_len = aead_alg.key_len(); let key_data = vec![0u8; key_len * 2]; @@ -311,7 +394,7 @@ fn test_aead_key_sizes(aead_alg: &'static aead::Algorithm) { // Test that we reject non-standard nonce sizes. #[allow(clippy::range_plus_one)] #[test] -fn test_aead_nonce_sizes() -> Result<(), error::Unspecified> { +fn test_aead_nonce_sizes() { let nonce_len = aead::NONCE_LEN; let nonce = vec![0u8; nonce_len * 2]; @@ -323,16 +406,8 @@ fn test_aead_nonce_sizes() -> Result<(), error::Unspecified> { assert!(aead::Nonce::try_assume_unique_for_key(&[]).is_err()); assert!(aead::Nonce::try_assume_unique_for_key(&nonce[..1]).is_err()); assert!(aead::Nonce::try_assume_unique_for_key(&nonce[..16]).is_err()); // 128 bits. - - Ok(()) } -#[cfg(any( - target_arch = "aarch64", - target_arch = "arm", - target_arch = "x86_64", - target_arch = "x86" -))] #[allow(clippy::range_plus_one)] #[test] fn aead_chacha20_poly1305_openssh() { @@ -382,14 +457,25 @@ fn aead_chacha20_poly1305_openssh() { } #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] +fn aead_test_aad_traits() { + test::compile_time_assert_copy::<aead::Aad<&'_ [u8]>>(); + test::compile_time_assert_eq::<aead::Aad<Vec<u8>>>(); // `!Copy` + + let aad_123 = aead::Aad::from(vec![1, 2, 3]); // `!Copy` + assert_eq!(aad_123, aad_123.clone()); // Cover `Clone` and `PartialEq` + assert_eq!( + format!("{:?}", aead::Aad::from(&[1, 2, 3])), + "Aad([1, 2, 3])" + ); +} + +#[test] fn test_tag_traits() { test::compile_time_assert_send::<aead::Tag>(); test::compile_time_assert_sync::<aead::Tag>(); } #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn test_aead_key_debug() { let key_bytes = [0; 32]; let nonce = [0; aead::NONCE_LEN]; diff --git a/tests/agreement_tests.rs b/tests/agreement_tests.rs index 4162015..edafdb1 100644 --- a/tests/agreement_tests.rs +++ b/tests/agreement_tests.rs @@ -12,6 +12,8 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +#![cfg(not(target_arch = "wasm32"))] + extern crate alloc; use ring::{agreement, error, rand, test, test_file}; @@ -87,11 +89,9 @@ fn agreement_agree_ephemeral() { assert_eq!(my_private.algorithm(), alg); - let result = - agreement::agree_ephemeral(my_private, &peer_public, (), |key_material| { - assert_eq!(key_material, &output[..]); - Ok(()) - }); + let result = agreement::agree_ephemeral(my_private, &peer_public, |key_material| { + assert_eq!(key_material, &output[..]); + }); assert_eq!(result, Ok(())); } @@ -108,7 +108,6 @@ fn agreement_agree_ephemeral() { assert!(agreement::agree_ephemeral( dummy_private_key, &peer_public, - (), kdf_not_called ) .is_err()); @@ -179,12 +178,9 @@ fn x25519_(private_key: &[u8], public_key: &[u8]) -> Result<Vec<u8>, error::Unsp let rng = test::rand::FixedSliceRandom { bytes: private_key }; let private_key = agreement::EphemeralPrivateKey::generate(&agreement::X25519, &rng)?; let public_key = agreement::UnparsedPublicKey::new(&agreement::X25519, public_key); - agreement::agree_ephemeral( - private_key, - &public_key, - error::Unspecified, - |agreed_value| Ok(Vec::from(agreed_value)), - ) + agreement::agree_ephemeral(private_key, &public_key, |agreed_value| { + Vec::from(agreed_value) + }) } fn h(s: &str) -> Vec<u8> { diff --git a/tests/constant_time_tests.rs b/tests/constant_time_tests.rs index 422ab2c..d9ca264 100644 --- a/tests/constant_time_tests.rs +++ b/tests/constant_time_tests.rs @@ -16,14 +16,13 @@ use ring::{constant_time, error, rand}; #[cfg(target_arch = "wasm32")] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(target_arch = "wasm32")] wasm_bindgen_test_configure!(run_in_browser); // This logic is loosly based on BoringSSL's `TEST(ConstantTimeTest, MemCmp)`. #[test] -#[cfg_attr(all(target_arch = "wasm32", feature = "wasm32_c"), wasm_bindgen_test)] fn test_verify_slices_are_equal() { let initial: [u8; 256] = rand::generate(&rand::SystemRandom::new()).unwrap().expose(); diff --git a/tests/digest_tests.rs b/tests/digest_tests.rs index c275de7..299251f 100644 --- a/tests/digest_tests.rs +++ b/tests/digest_tests.rs @@ -15,14 +15,13 @@ use ring::{digest, test, test_file}; #[cfg(target_arch = "wasm32")] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(target_arch = "wasm32")] wasm_bindgen_test_configure!(run_in_browser); /// Test vectors from BoringSSL, Go, and other sources. #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn digest_misc() { test::run(test_file!("digest_tests.txt"), |section, test_case| { assert_eq!(section, ""); @@ -47,6 +46,8 @@ fn digest_misc() { }); } +// wasm_bindgen doesn't build this correctly. +#[cfg(not(target_arch = "wsam32"))] mod digest_shavs { use ring::{digest, test}; @@ -81,10 +82,9 @@ mod digest_shavs { use ring::{digest, test_file}; #[cfg(target_arch = "wasm32")] - use wasm_bindgen_test::wasm_bindgen_test; + use wasm_bindgen_test::wasm_bindgen_test as test; #[test] - #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn short_msg_known_answer_test() { run_known_answer_test( &digest::$algorithm_name, @@ -97,7 +97,6 @@ mod digest_shavs { } #[test] - #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn long_msg_known_answer_test() { run_known_answer_test( &digest::$algorithm_name, @@ -110,7 +109,6 @@ mod digest_shavs { } #[test] - #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn monte_carlo_test() { run_monte_carlo_test( &digest::$algorithm_name, @@ -184,7 +182,8 @@ mod digest_shavs { macro_rules! test_i_u_f { ( $test_name:ident, $alg:expr) => { #[cfg(not(debug_assertions))] - // TODO: #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] + // TODO: Get this working on WebAssembly + #[cfg(not(target_arch = "wasm32"))] #[test] fn $test_name() { let mut input = [0; (digest::MAX_BLOCK_LEN + 1) * 3]; @@ -244,9 +243,10 @@ test_i_u_f!(digest_test_i_u_f_sha512, digest::SHA512); /// This is not run in dev (debug) builds because it is too slow. macro_rules! test_large_digest { ( $test_name:ident, $alg:expr, $len:expr, $expected:expr) => { + // TODO: get this working on WebAssembly. #[cfg(not(debug_assertions))] + #[cfg(not(target_arch = "wasm32"))] #[test] - // TODO: #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn $test_name() { let chunk = vec![123u8; 16 * 1024]; let chunk_len = chunk.len() as u64; @@ -316,7 +316,6 @@ test_large_digest!( // digest::SHA512_256, 256 / 8, [ ... ]); #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn test_fmt_algorithm() { assert_eq!("SHA1", &format!("{:?}", digest::SHA1_FOR_LEGACY_USE_ONLY)); assert_eq!("SHA256", &format!("{:?}", digest::SHA256)); @@ -326,7 +325,6 @@ fn test_fmt_algorithm() { } #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn digest_test_fmt() { assert_eq!( "SHA1:b7e23ec29af22b0b4e41da31e868d57226121c84", diff --git a/tests/ed25519_tests.rs b/tests/ed25519_tests.rs index d800112..0f43672 100644 --- a/tests/ed25519_tests.rs +++ b/tests/ed25519_tests.rs @@ -18,6 +18,12 @@ use ring::{ test, test_file, }; +#[cfg(all(target_arch = "wasm32", feature = "wasm32_c"))] +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; + +#[cfg(all(target_arch = "wasm32", feature = "wasm32_c"))] +wasm_bindgen_test_configure!(run_in_browser); + /// Test vectors from BoringSSL. #[test] fn test_signature_ed25519() { @@ -126,7 +132,7 @@ fn test_ed25519_from_pkcs8_unchecked() { (Ok(_), None) => (), (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), (Ok(_), Some(e)) => panic!("Succeeded, but expected error \"{}\"", e), - (Err(actual), Some(expected)) => assert_eq!(actual.description_(), expected), + (Err(actual), Some(expected)) => assert_eq!(format!("{}", actual), expected), }; Ok(()) @@ -148,7 +154,7 @@ fn test_ed25519_from_pkcs8() { (Ok(_), None) => (), (Err(e), None) => panic!("Failed with error \"{}\", but expected to succeed", e), (Ok(_), Some(e)) => panic!("Succeeded, but expected error \"{}\"", e), - (Err(actual), Some(expected)) => assert_eq!(actual.description_(), expected), + (Err(actual), Some(expected)) => assert_eq!(format!("{}", actual), expected), }; Ok(()) diff --git a/tests/hkdf_tests.rs b/tests/hkdf_tests.rs index 88435a8..356fc74 100644 --- a/tests/hkdf_tests.rs +++ b/tests/hkdf_tests.rs @@ -15,13 +15,12 @@ use ring::{digest, error, hkdf, test, test_file}; #[cfg(target_arch = "wasm32")] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(target_arch = "wasm32")] wasm_bindgen_test_configure!(run_in_browser); #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn hkdf_tests() { test::run(test_file!("hkdf_tests.txt"), |section, test_case| { assert_eq!(section, ""); @@ -57,7 +56,6 @@ fn hkdf_tests() { } #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn hkdf_output_len_tests() { for &alg in &[hkdf::HKDF_SHA256, hkdf::HKDF_SHA384, hkdf::HKDF_SHA512] { const MAX_BLOCKS: usize = 255; @@ -124,6 +122,6 @@ impl From<hkdf::Okm<'_, My<usize>>> for My<Vec<u8>> { fn from(okm: hkdf::Okm<My<usize>>) -> Self { let mut r = vec![0u8; okm.len().0]; okm.fill(&mut r).unwrap(); - My(r) + Self(r) } } diff --git a/tests/hmac_tests.rs b/tests/hmac_tests.rs index 486a90a..2f305da 100644 --- a/tests/hmac_tests.rs +++ b/tests/hmac_tests.rs @@ -12,16 +12,15 @@ // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -use ring::{digest, error, hmac, test, test_file}; +use ring::{digest, hmac, test, test_file}; #[cfg(target_arch = "wasm32")] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(target_arch = "wasm32")] wasm_bindgen_test_configure!(run_in_browser); #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn hmac_tests() { test::run(test_file!("hmac_tests.txt"), |section, test_case| { assert_eq!(section, ""); @@ -50,7 +49,7 @@ fn hmac_tests() { } }; - hmac_test_case_inner(algorithm, &key_value[..], &input[..], &output[..], true)?; + hmac_test_case_inner(algorithm, &key_value[..], &input[..], &output[..], true); // Tamper with the input and check that verification fails. if input.is_empty() { @@ -59,7 +58,9 @@ fn hmac_tests() { input[0] ^= 1; } - hmac_test_case_inner(algorithm, &key_value[..], &input[..], &output[..], false) + hmac_test_case_inner(algorithm, &key_value[..], &input[..], &output[..], false); + + Ok(()) }); } @@ -69,7 +70,7 @@ fn hmac_test_case_inner( input: &[u8], output: &[u8], is_ok: bool, -) -> Result<(), error::Unspecified> { +) { let key = hmac::Key::new(algorithm, key_value); // One-shot API. @@ -98,12 +99,9 @@ fn hmac_test_case_inner( let signature = ctx.sign(); assert_eq!(is_ok, signature.as_ref() == output); } - - Ok(()) } #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn hmac_debug() { let key = hmac::Key::new(hmac::HMAC_SHA256, &[0; 32]); assert_eq!("Key { algorithm: SHA256 }", format!("{:?}", &key)); diff --git a/tests/pbkdf2_tests.rs b/tests/pbkdf2_tests.rs index 13300fa..dda2224 100644 --- a/tests/pbkdf2_tests.rs +++ b/tests/pbkdf2_tests.rs @@ -16,14 +16,13 @@ use core::num::NonZeroU32; use ring::{digest, error, pbkdf2, test, test_file}; #[cfg(target_arch = "wasm32")] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(target_arch = "wasm32")] wasm_bindgen_test_configure!(run_in_browser); /// Test vectors from BoringSSL, Go, and other sources. #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] pub fn pbkdf2_tests() { test::run(test_file!("pbkdf2_tests.txt"), |section, test_case| { assert_eq!(section, ""); diff --git a/tests/rand_tests.rs b/tests/rand_tests.rs index f029dd9..0685a6d 100644 --- a/tests/rand_tests.rs +++ b/tests/rand_tests.rs @@ -18,13 +18,12 @@ use ring::{ }; #[cfg(target_arch = "wasm32")] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(target_arch = "wasm32")] wasm_bindgen_test_configure!(run_in_browser); #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn test_system_random_lengths() { const LINUX_LIMIT: usize = 256; const WEB_LIMIT: usize = 65536; @@ -68,7 +67,6 @@ fn test_system_random_lengths() { } #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn test_system_random_traits() { test::compile_time_assert_clone::<rand::SystemRandom>(); test::compile_time_assert_send::<rand::SystemRandom>(); diff --git a/tests/rsa_test_public_key_2048_debug.txt b/tests/rsa_test_public_key_2048_debug.txt index a859a8f..fe9e2cb 100644 --- a/tests/rsa_test_public_key_2048_debug.txt +++ b/tests/rsa_test_public_key_2048_debug.txt @@ -1 +1 @@ -RsaSubjectPublicKey("3082010a0282010100c8a78500a5a250db8ed36c85b8dcf83c4be1953114faaac7616e0ea24922fa6b7ab01f85582c815cc3bdeb5ed46762bc536accaa8b72705b00cef316b2ec508fb9697241b9e34238419cccf7339eeb8b062147af4f5932f613d9bc0ae70bf6d56d4432e83e13767587531bfa9dd56531741244be75e8bc9226b9fa44b4b8a101358d7e8bb75d0c724a4f11ece77776263faefe79612eb1d71646e77e8982866be1400eafc3580d3139b41aaa7380187372f22e35bd55b288496165c881ed154d5811245c52d56cc09d4916d4f2a50bcf5ae0a2637f4cfa6bf9daafc113dba8383b6dd7da6dd8db22d8510a8d3115983308909a1a0332517aa55e896e154249b30203010001")
\ No newline at end of file +Key { n: Modulus("c8a78500a5a250db8ed36c85b8dcf83c4be1953114faaac7616e0ea24922fa6b7ab01f85582c815cc3bdeb5ed46762bc536accaa8b72705b00cef316b2ec508fb9697241b9e34238419cccf7339eeb8b062147af4f5932f613d9bc0ae70bf6d56d4432e83e13767587531bfa9dd56531741244be75e8bc9226b9fa44b4b8a101358d7e8bb75d0c724a4f11ece77776263faefe79612eb1d71646e77e8982866be1400eafc3580d3139b41aaa7380187372f22e35bd55b288496165c881ed154d5811245c52d56cc09d4916d4f2a50bcf5ae0a2637f4cfa6bf9daafc113dba8383b6dd7da6dd8db22d8510a8d3115983308909a1a0332517aa55e896e154249b3"), e: 65537 }
\ No newline at end of file diff --git a/tests/rsa_tests.rs b/tests/rsa_tests.rs index 2b29b26..65b32d0 100644 --- a/tests/rsa_tests.rs +++ b/tests/rsa_tests.rs @@ -23,14 +23,13 @@ use ring::{ use std::convert::TryFrom; #[cfg(all(target_arch = "wasm32", feature = "wasm32_c"))] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(all(target_arch = "wasm32", feature = "wasm32_c"))] wasm_bindgen_test_configure!(run_in_browser); #[cfg(feature = "alloc")] #[test] -#[cfg_attr(all(target_arch = "wasm32", feature = "wasm32_c"), wasm_bindgen_test)] fn rsa_from_pkcs8_test() { test::run( test_file!("rsa_from_pkcs8_tests.txt"), @@ -54,7 +53,6 @@ fn rsa_from_pkcs8_test() { #[cfg(feature = "alloc")] #[test] -#[cfg_attr(all(target_arch = "wasm32", feature = "wasm32_c"), wasm_bindgen_test)] fn test_signature_rsa_pkcs1_sign() { let rng = rand::SystemRandom::new(); test::run( @@ -84,7 +82,7 @@ fn test_signature_rsa_pkcs1_sign() { // XXX: This test is too slow on Android ARM Travis CI builds. // TODO: re-enable these tests on Android ARM. - let mut actual = vec![0u8; key_pair.public_modulus_len()]; + let mut actual = vec![0u8; key_pair.public().n().len()]; key_pair .sign(alg, &rng, &msg, actual.as_mut_slice()) .unwrap(); @@ -96,7 +94,6 @@ fn test_signature_rsa_pkcs1_sign() { #[cfg(feature = "alloc")] #[test] -#[cfg_attr(all(target_arch = "wasm32", feature = "wasm32_c"), wasm_bindgen_test)] fn test_signature_rsa_pss_sign() { test::run( test_file!("rsa_pss_sign_tests.txt"), @@ -124,7 +121,7 @@ fn test_signature_rsa_pss_sign() { let rng = test::rand::FixedSliceRandom { bytes: &salt }; - let mut actual = vec![0u8; key_pair.public_modulus_len()]; + let mut actual = vec![0u8; key_pair.public().n().len()]; key_pair.sign(alg, &rng, &msg, actual.as_mut_slice())?; assert_eq!(actual.as_slice() == &expected[..], result == "Pass"); Ok(()) @@ -134,7 +131,6 @@ fn test_signature_rsa_pss_sign() { #[cfg(feature = "alloc")] #[test] -#[cfg_attr(all(target_arch = "wasm32", feature = "wasm32_c"), wasm_bindgen_test)] fn test_signature_rsa_pkcs1_verify() { let sha1_params = &[ ( @@ -216,7 +212,6 @@ fn test_signature_rsa_pkcs1_verify() { #[cfg(feature = "alloc")] #[test] -#[cfg_attr(all(target_arch = "wasm32", feature = "wasm32_c"), wasm_bindgen_test)] fn test_signature_rsa_pss_verify() { test::run( test_file!("rsa_pss_verify_tests.txt"), @@ -266,7 +261,6 @@ fn test_signature_rsa_pss_verify() { // and use them to verify a signature. #[cfg(feature = "alloc")] #[test] -#[cfg_attr(all(target_arch = "wasm32", feature = "wasm32_c"), wasm_bindgen_test)] fn test_signature_rsa_primitive_verification() { test::run( test_file!("rsa_primitive_verify_tests.txt"), @@ -287,33 +281,53 @@ fn test_signature_rsa_primitive_verification() { #[cfg(feature = "alloc")] #[test] -#[cfg_attr(all(target_arch = "wasm32", feature = "wasm32_c"), wasm_bindgen_test)] fn rsa_test_public_key_coverage() { const PRIVATE_KEY: &[u8] = include_bytes!("rsa_test_private_key_2048.p8"); const PUBLIC_KEY: &[u8] = include_bytes!("rsa_test_public_key_2048.der"); + //TODO: + //const SUBJECT_PUBLIC_KEY_DEBUG: &str = + // include_str!("rsa_test_subject_public_key_2048_debug.txt"); const PUBLIC_KEY_DEBUG: &str = include_str!("rsa_test_public_key_2048_debug.txt"); let key_pair = signature::RsaKeyPair::from_pkcs8(PRIVATE_KEY).unwrap(); - // Test `AsRef<[u8]>` - assert_eq!(key_pair.public_key().as_ref(), PUBLIC_KEY); + { + // Test `RsaSubjectPublicKey`. + let spk = key_pair.public_key(); - // Test `Clone`. - let _ = key_pair.public_key().clone(); + // Test `AsRef<[u8]>` + assert_eq!(spk.as_ref(), PUBLIC_KEY); - // Test `exponent()`. - assert_eq!( - &[0x01, 0x00, 0x01], - key_pair - .public_key() - .exponent() - .big_endian_without_leading_zero() - ); + // Test `Clone`. + let _ = spk.clone(); + + // Test `exponent()`. + assert_eq!( + &[0x01, 0x00, 0x01], + spk.exponent().big_endian_without_leading_zero() + ); + + // Test `Debug` + // TODO: assert_eq!(SUBJECT_PUBLIC_KEY_DEBUG, format!("{:?}", spk)); + } + + { + // Test `public::Key` + let public_key = key_pair.public(); + + // Test `Clone`. + let _ = public_key.clone(); + + // Test `exponent()`. + assert_eq!(&[0x01, 0x00, 0x01], public_key.e().to_be_bytes().as_ref()); + + // Test `Debug` + assert_eq!(PUBLIC_KEY_DEBUG, format!("{:?}", public_key)); + } // Test `Debug` - assert_eq!(PUBLIC_KEY_DEBUG, format!("{:?}", key_pair.public_key())); assert_eq!( - format!("RsaKeyPair {{ public_key: {:?} }}", key_pair.public_key()), + format!("RsaKeyPair {{ public: {:?} }}", key_pair.public()), format!("{:?}", key_pair) ); } diff --git a/tests/signature_tests.rs b/tests/signature_tests.rs index 66fd3cc..383eaee 100644 --- a/tests/signature_tests.rs +++ b/tests/signature_tests.rs @@ -1,13 +1,12 @@ use ring::{signature, test}; #[cfg(target_arch = "wasm32")] -use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure}; +use wasm_bindgen_test::{wasm_bindgen_test as test, wasm_bindgen_test_configure}; #[cfg(target_arch = "wasm32")] wasm_bindgen_test_configure!(run_in_browser); #[test] -#[cfg_attr(target_arch = "wasm32", wasm_bindgen_test)] fn signature_impl_test() { test::compile_time_assert_clone::<signature::Signature>(); test::compile_time_assert_copy::<signature::Signature>(); diff --git a/third_party/fiat/p256_32.h b/third_party/fiat/p256_32.h new file mode 100644 index 0000000..8924145 --- /dev/null +++ b/third_party/fiat/p256_32.h @@ -0,0 +1,2426 @@ +/* Autogenerated: src/ExtractionOCaml/word_by_word_montgomery --static p256 '2^256 - 2^224 + 2^192 + 2^96 - 1' 32 mul square add sub opp from_montgomery nonzero selectznz to_bytes from_bytes */ +/* curve description: p256 */ +/* requested operations: mul, square, add, sub, opp, from_montgomery, nonzero, selectznz, to_bytes, from_bytes */ +/* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */ +/* machine_wordsize = 32 (from "32") */ +/* */ +/* NOTE: In addition to the bounds specified above each function, all */ +/* functions synthesized for this Montgomery arithmetic require the */ +/* input to be strictly less than the prime modulus (m), and also */ +/* require the input to be in the unique saturated representation. */ +/* All functions also ensure that these two properties are true of */ +/* return values. */ + +#include <stdint.h> +typedef unsigned char fiat_p256_uint1; +typedef signed char fiat_p256_int1; + +#if (-1 & 3) != 3 +#error "This code only works on a two's complement system" +#endif + + +/* + * The function fiat_p256_addcarryx_u32 is an addition with carry. + * Postconditions: + * out1 = (arg1 + arg2 + arg3) mod 2^32 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_p256_addcarryx_u32(uint32_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint32_t arg2, uint32_t arg3) { + uint64_t x1 = ((arg1 + (uint64_t)arg2) + arg3); + uint32_t x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + fiat_p256_uint1 x3 = (fiat_p256_uint1)(x1 >> 32); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_p256_subborrowx_u32 is a subtraction with borrow. + * Postconditions: + * out1 = (-arg1 + arg2 + -arg3) mod 2^32 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_p256_subborrowx_u32(uint32_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint32_t arg2, uint32_t arg3) { + int64_t x1 = ((arg2 - (int64_t)arg1) - arg3); + fiat_p256_int1 x2 = (fiat_p256_int1)(x1 >> 32); + uint32_t x3 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + *out1 = x3; + *out2 = (fiat_p256_uint1)(0x0 - x2); +} + +/* + * The function fiat_p256_mulx_u32 is a multiplication, returning the full double-width result. + * Postconditions: + * out1 = (arg1 * arg2) mod 2^32 + * out2 = ⌊arg1 * arg2 / 2^32⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffff] + * arg2: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + * out2: [0x0 ~> 0xffffffff] + */ +static void fiat_p256_mulx_u32(uint32_t* out1, uint32_t* out2, uint32_t arg1, uint32_t arg2) { + uint64_t x1 = ((uint64_t)arg1 * arg2); + uint32_t x2 = (uint32_t)(x1 & UINT32_C(0xffffffff)); + uint32_t x3 = (uint32_t)(x1 >> 32); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_p256_cmovznz_u32 is a single-word conditional move. + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffff] + * arg3: [0x0 ~> 0xffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static void fiat_p256_cmovznz_u32(uint32_t* out1, fiat_p256_uint1 arg1, uint32_t arg2, uint32_t arg3) { + fiat_p256_uint1 x1 = (!(!arg1)); + uint32_t x2 = ((fiat_p256_int1)(0x0 - x1) & UINT32_C(0xffffffff)); + // Note this line has been patched from the synthesized code to add value + // barriers. + // + // Clang recognizes this pattern as a select. While it usually transforms it + // to a cmov, it sometimes further transforms it into a branch, which we do + // not want. + uint32_t x3 = ((value_barrier_u32(x2) & arg3) | (value_barrier_u32(~x2) & arg2)); + *out1 = x3; +} + +/* + * The function fiat_p256_mul multiplies two field elements in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32_t arg2[8]) { + uint32_t x1 = (arg1[1]); + uint32_t x2 = (arg1[2]); + uint32_t x3 = (arg1[3]); + uint32_t x4 = (arg1[4]); + uint32_t x5 = (arg1[5]); + uint32_t x6 = (arg1[6]); + uint32_t x7 = (arg1[7]); + uint32_t x8 = (arg1[0]); + uint32_t x9; + uint32_t x10; + fiat_p256_mulx_u32(&x9, &x10, x8, (arg2[7])); + uint32_t x11; + uint32_t x12; + fiat_p256_mulx_u32(&x11, &x12, x8, (arg2[6])); + uint32_t x13; + uint32_t x14; + fiat_p256_mulx_u32(&x13, &x14, x8, (arg2[5])); + uint32_t x15; + uint32_t x16; + fiat_p256_mulx_u32(&x15, &x16, x8, (arg2[4])); + uint32_t x17; + uint32_t x18; + fiat_p256_mulx_u32(&x17, &x18, x8, (arg2[3])); + uint32_t x19; + uint32_t x20; + fiat_p256_mulx_u32(&x19, &x20, x8, (arg2[2])); + uint32_t x21; + uint32_t x22; + fiat_p256_mulx_u32(&x21, &x22, x8, (arg2[1])); + uint32_t x23; + uint32_t x24; + fiat_p256_mulx_u32(&x23, &x24, x8, (arg2[0])); + uint32_t x25; + fiat_p256_uint1 x26; + fiat_p256_addcarryx_u32(&x25, &x26, 0x0, x24, x21); + uint32_t x27; + fiat_p256_uint1 x28; + fiat_p256_addcarryx_u32(&x27, &x28, x26, x22, x19); + uint32_t x29; + fiat_p256_uint1 x30; + fiat_p256_addcarryx_u32(&x29, &x30, x28, x20, x17); + uint32_t x31; + fiat_p256_uint1 x32; + fiat_p256_addcarryx_u32(&x31, &x32, x30, x18, x15); + uint32_t x33; + fiat_p256_uint1 x34; + fiat_p256_addcarryx_u32(&x33, &x34, x32, x16, x13); + uint32_t x35; + fiat_p256_uint1 x36; + fiat_p256_addcarryx_u32(&x35, &x36, x34, x14, x11); + uint32_t x37; + fiat_p256_uint1 x38; + fiat_p256_addcarryx_u32(&x37, &x38, x36, x12, x9); + uint32_t x39 = (x38 + x10); + uint32_t x40; + uint32_t x41; + fiat_p256_mulx_u32(&x40, &x41, x23, UINT32_C(0xffffffff)); + uint32_t x42; + uint32_t x43; + fiat_p256_mulx_u32(&x42, &x43, x23, UINT32_C(0xffffffff)); + uint32_t x44; + uint32_t x45; + fiat_p256_mulx_u32(&x44, &x45, x23, UINT32_C(0xffffffff)); + uint32_t x46; + uint32_t x47; + fiat_p256_mulx_u32(&x46, &x47, x23, UINT32_C(0xffffffff)); + uint32_t x48; + fiat_p256_uint1 x49; + fiat_p256_addcarryx_u32(&x48, &x49, 0x0, x47, x44); + uint32_t x50; + fiat_p256_uint1 x51; + fiat_p256_addcarryx_u32(&x50, &x51, x49, x45, x42); + uint32_t x52 = (x51 + x43); + uint32_t x53; + fiat_p256_uint1 x54; + fiat_p256_addcarryx_u32(&x53, &x54, 0x0, x23, x46); + uint32_t x55; + fiat_p256_uint1 x56; + fiat_p256_addcarryx_u32(&x55, &x56, x54, x25, x48); + uint32_t x57; + fiat_p256_uint1 x58; + fiat_p256_addcarryx_u32(&x57, &x58, x56, x27, x50); + uint32_t x59; + fiat_p256_uint1 x60; + fiat_p256_addcarryx_u32(&x59, &x60, x58, x29, x52); + uint32_t x61; + fiat_p256_uint1 x62; + fiat_p256_addcarryx_u32(&x61, &x62, x60, x31, 0x0); + uint32_t x63; + fiat_p256_uint1 x64; + fiat_p256_addcarryx_u32(&x63, &x64, x62, x33, 0x0); + uint32_t x65; + fiat_p256_uint1 x66; + fiat_p256_addcarryx_u32(&x65, &x66, x64, x35, x23); + uint32_t x67; + fiat_p256_uint1 x68; + fiat_p256_addcarryx_u32(&x67, &x68, x66, x37, x40); + uint32_t x69; + fiat_p256_uint1 x70; + fiat_p256_addcarryx_u32(&x69, &x70, x68, x39, x41); + uint32_t x71; + uint32_t x72; + fiat_p256_mulx_u32(&x71, &x72, x1, (arg2[7])); + uint32_t x73; + uint32_t x74; + fiat_p256_mulx_u32(&x73, &x74, x1, (arg2[6])); + uint32_t x75; + uint32_t x76; + fiat_p256_mulx_u32(&x75, &x76, x1, (arg2[5])); + uint32_t x77; + uint32_t x78; + fiat_p256_mulx_u32(&x77, &x78, x1, (arg2[4])); + uint32_t x79; + uint32_t x80; + fiat_p256_mulx_u32(&x79, &x80, x1, (arg2[3])); + uint32_t x81; + uint32_t x82; + fiat_p256_mulx_u32(&x81, &x82, x1, (arg2[2])); + uint32_t x83; + uint32_t x84; + fiat_p256_mulx_u32(&x83, &x84, x1, (arg2[1])); + uint32_t x85; + uint32_t x86; + fiat_p256_mulx_u32(&x85, &x86, x1, (arg2[0])); + uint32_t x87; + fiat_p256_uint1 x88; + fiat_p256_addcarryx_u32(&x87, &x88, 0x0, x86, x83); + uint32_t x89; + fiat_p256_uint1 x90; + fiat_p256_addcarryx_u32(&x89, &x90, x88, x84, x81); + uint32_t x91; + fiat_p256_uint1 x92; + fiat_p256_addcarryx_u32(&x91, &x92, x90, x82, x79); + uint32_t x93; + fiat_p256_uint1 x94; + fiat_p256_addcarryx_u32(&x93, &x94, x92, x80, x77); + uint32_t x95; + fiat_p256_uint1 x96; + fiat_p256_addcarryx_u32(&x95, &x96, x94, x78, x75); + uint32_t x97; + fiat_p256_uint1 x98; + fiat_p256_addcarryx_u32(&x97, &x98, x96, x76, x73); + uint32_t x99; + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u32(&x99, &x100, x98, x74, x71); + uint32_t x101 = (x100 + x72); + uint32_t x102; + fiat_p256_uint1 x103; + fiat_p256_addcarryx_u32(&x102, &x103, 0x0, x55, x85); + uint32_t x104; + fiat_p256_uint1 x105; + fiat_p256_addcarryx_u32(&x104, &x105, x103, x57, x87); + uint32_t x106; + fiat_p256_uint1 x107; + fiat_p256_addcarryx_u32(&x106, &x107, x105, x59, x89); + uint32_t x108; + fiat_p256_uint1 x109; + fiat_p256_addcarryx_u32(&x108, &x109, x107, x61, x91); + uint32_t x110; + fiat_p256_uint1 x111; + fiat_p256_addcarryx_u32(&x110, &x111, x109, x63, x93); + uint32_t x112; + fiat_p256_uint1 x113; + fiat_p256_addcarryx_u32(&x112, &x113, x111, x65, x95); + uint32_t x114; + fiat_p256_uint1 x115; + fiat_p256_addcarryx_u32(&x114, &x115, x113, x67, x97); + uint32_t x116; + fiat_p256_uint1 x117; + fiat_p256_addcarryx_u32(&x116, &x117, x115, x69, x99); + uint32_t x118; + fiat_p256_uint1 x119; + fiat_p256_addcarryx_u32(&x118, &x119, x117, x70, x101); + uint32_t x120; + uint32_t x121; + fiat_p256_mulx_u32(&x120, &x121, x102, UINT32_C(0xffffffff)); + uint32_t x122; + uint32_t x123; + fiat_p256_mulx_u32(&x122, &x123, x102, UINT32_C(0xffffffff)); + uint32_t x124; + uint32_t x125; + fiat_p256_mulx_u32(&x124, &x125, x102, UINT32_C(0xffffffff)); + uint32_t x126; + uint32_t x127; + fiat_p256_mulx_u32(&x126, &x127, x102, UINT32_C(0xffffffff)); + uint32_t x128; + fiat_p256_uint1 x129; + fiat_p256_addcarryx_u32(&x128, &x129, 0x0, x127, x124); + uint32_t x130; + fiat_p256_uint1 x131; + fiat_p256_addcarryx_u32(&x130, &x131, x129, x125, x122); + uint32_t x132 = (x131 + x123); + uint32_t x133; + fiat_p256_uint1 x134; + fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x102, x126); + uint32_t x135; + fiat_p256_uint1 x136; + fiat_p256_addcarryx_u32(&x135, &x136, x134, x104, x128); + uint32_t x137; + fiat_p256_uint1 x138; + fiat_p256_addcarryx_u32(&x137, &x138, x136, x106, x130); + uint32_t x139; + fiat_p256_uint1 x140; + fiat_p256_addcarryx_u32(&x139, &x140, x138, x108, x132); + uint32_t x141; + fiat_p256_uint1 x142; + fiat_p256_addcarryx_u32(&x141, &x142, x140, x110, 0x0); + uint32_t x143; + fiat_p256_uint1 x144; + fiat_p256_addcarryx_u32(&x143, &x144, x142, x112, 0x0); + uint32_t x145; + fiat_p256_uint1 x146; + fiat_p256_addcarryx_u32(&x145, &x146, x144, x114, x102); + uint32_t x147; + fiat_p256_uint1 x148; + fiat_p256_addcarryx_u32(&x147, &x148, x146, x116, x120); + uint32_t x149; + fiat_p256_uint1 x150; + fiat_p256_addcarryx_u32(&x149, &x150, x148, x118, x121); + uint32_t x151 = ((uint32_t)x150 + x119); + uint32_t x152; + uint32_t x153; + fiat_p256_mulx_u32(&x152, &x153, x2, (arg2[7])); + uint32_t x154; + uint32_t x155; + fiat_p256_mulx_u32(&x154, &x155, x2, (arg2[6])); + uint32_t x156; + uint32_t x157; + fiat_p256_mulx_u32(&x156, &x157, x2, (arg2[5])); + uint32_t x158; + uint32_t x159; + fiat_p256_mulx_u32(&x158, &x159, x2, (arg2[4])); + uint32_t x160; + uint32_t x161; + fiat_p256_mulx_u32(&x160, &x161, x2, (arg2[3])); + uint32_t x162; + uint32_t x163; + fiat_p256_mulx_u32(&x162, &x163, x2, (arg2[2])); + uint32_t x164; + uint32_t x165; + fiat_p256_mulx_u32(&x164, &x165, x2, (arg2[1])); + uint32_t x166; + uint32_t x167; + fiat_p256_mulx_u32(&x166, &x167, x2, (arg2[0])); + uint32_t x168; + fiat_p256_uint1 x169; + fiat_p256_addcarryx_u32(&x168, &x169, 0x0, x167, x164); + uint32_t x170; + fiat_p256_uint1 x171; + fiat_p256_addcarryx_u32(&x170, &x171, x169, x165, x162); + uint32_t x172; + fiat_p256_uint1 x173; + fiat_p256_addcarryx_u32(&x172, &x173, x171, x163, x160); + uint32_t x174; + fiat_p256_uint1 x175; + fiat_p256_addcarryx_u32(&x174, &x175, x173, x161, x158); + uint32_t x176; + fiat_p256_uint1 x177; + fiat_p256_addcarryx_u32(&x176, &x177, x175, x159, x156); + uint32_t x178; + fiat_p256_uint1 x179; + fiat_p256_addcarryx_u32(&x178, &x179, x177, x157, x154); + uint32_t x180; + fiat_p256_uint1 x181; + fiat_p256_addcarryx_u32(&x180, &x181, x179, x155, x152); + uint32_t x182 = (x181 + x153); + uint32_t x183; + fiat_p256_uint1 x184; + fiat_p256_addcarryx_u32(&x183, &x184, 0x0, x135, x166); + uint32_t x185; + fiat_p256_uint1 x186; + fiat_p256_addcarryx_u32(&x185, &x186, x184, x137, x168); + uint32_t x187; + fiat_p256_uint1 x188; + fiat_p256_addcarryx_u32(&x187, &x188, x186, x139, x170); + uint32_t x189; + fiat_p256_uint1 x190; + fiat_p256_addcarryx_u32(&x189, &x190, x188, x141, x172); + uint32_t x191; + fiat_p256_uint1 x192; + fiat_p256_addcarryx_u32(&x191, &x192, x190, x143, x174); + uint32_t x193; + fiat_p256_uint1 x194; + fiat_p256_addcarryx_u32(&x193, &x194, x192, x145, x176); + uint32_t x195; + fiat_p256_uint1 x196; + fiat_p256_addcarryx_u32(&x195, &x196, x194, x147, x178); + uint32_t x197; + fiat_p256_uint1 x198; + fiat_p256_addcarryx_u32(&x197, &x198, x196, x149, x180); + uint32_t x199; + fiat_p256_uint1 x200; + fiat_p256_addcarryx_u32(&x199, &x200, x198, x151, x182); + uint32_t x201; + uint32_t x202; + fiat_p256_mulx_u32(&x201, &x202, x183, UINT32_C(0xffffffff)); + uint32_t x203; + uint32_t x204; + fiat_p256_mulx_u32(&x203, &x204, x183, UINT32_C(0xffffffff)); + uint32_t x205; + uint32_t x206; + fiat_p256_mulx_u32(&x205, &x206, x183, UINT32_C(0xffffffff)); + uint32_t x207; + uint32_t x208; + fiat_p256_mulx_u32(&x207, &x208, x183, UINT32_C(0xffffffff)); + uint32_t x209; + fiat_p256_uint1 x210; + fiat_p256_addcarryx_u32(&x209, &x210, 0x0, x208, x205); + uint32_t x211; + fiat_p256_uint1 x212; + fiat_p256_addcarryx_u32(&x211, &x212, x210, x206, x203); + uint32_t x213 = (x212 + x204); + uint32_t x214; + fiat_p256_uint1 x215; + fiat_p256_addcarryx_u32(&x214, &x215, 0x0, x183, x207); + uint32_t x216; + fiat_p256_uint1 x217; + fiat_p256_addcarryx_u32(&x216, &x217, x215, x185, x209); + uint32_t x218; + fiat_p256_uint1 x219; + fiat_p256_addcarryx_u32(&x218, &x219, x217, x187, x211); + uint32_t x220; + fiat_p256_uint1 x221; + fiat_p256_addcarryx_u32(&x220, &x221, x219, x189, x213); + uint32_t x222; + fiat_p256_uint1 x223; + fiat_p256_addcarryx_u32(&x222, &x223, x221, x191, 0x0); + uint32_t x224; + fiat_p256_uint1 x225; + fiat_p256_addcarryx_u32(&x224, &x225, x223, x193, 0x0); + uint32_t x226; + fiat_p256_uint1 x227; + fiat_p256_addcarryx_u32(&x226, &x227, x225, x195, x183); + uint32_t x228; + fiat_p256_uint1 x229; + fiat_p256_addcarryx_u32(&x228, &x229, x227, x197, x201); + uint32_t x230; + fiat_p256_uint1 x231; + fiat_p256_addcarryx_u32(&x230, &x231, x229, x199, x202); + uint32_t x232 = ((uint32_t)x231 + x200); + uint32_t x233; + uint32_t x234; + fiat_p256_mulx_u32(&x233, &x234, x3, (arg2[7])); + uint32_t x235; + uint32_t x236; + fiat_p256_mulx_u32(&x235, &x236, x3, (arg2[6])); + uint32_t x237; + uint32_t x238; + fiat_p256_mulx_u32(&x237, &x238, x3, (arg2[5])); + uint32_t x239; + uint32_t x240; + fiat_p256_mulx_u32(&x239, &x240, x3, (arg2[4])); + uint32_t x241; + uint32_t x242; + fiat_p256_mulx_u32(&x241, &x242, x3, (arg2[3])); + uint32_t x243; + uint32_t x244; + fiat_p256_mulx_u32(&x243, &x244, x3, (arg2[2])); + uint32_t x245; + uint32_t x246; + fiat_p256_mulx_u32(&x245, &x246, x3, (arg2[1])); + uint32_t x247; + uint32_t x248; + fiat_p256_mulx_u32(&x247, &x248, x3, (arg2[0])); + uint32_t x249; + fiat_p256_uint1 x250; + fiat_p256_addcarryx_u32(&x249, &x250, 0x0, x248, x245); + uint32_t x251; + fiat_p256_uint1 x252; + fiat_p256_addcarryx_u32(&x251, &x252, x250, x246, x243); + uint32_t x253; + fiat_p256_uint1 x254; + fiat_p256_addcarryx_u32(&x253, &x254, x252, x244, x241); + uint32_t x255; + fiat_p256_uint1 x256; + fiat_p256_addcarryx_u32(&x255, &x256, x254, x242, x239); + uint32_t x257; + fiat_p256_uint1 x258; + fiat_p256_addcarryx_u32(&x257, &x258, x256, x240, x237); + uint32_t x259; + fiat_p256_uint1 x260; + fiat_p256_addcarryx_u32(&x259, &x260, x258, x238, x235); + uint32_t x261; + fiat_p256_uint1 x262; + fiat_p256_addcarryx_u32(&x261, &x262, x260, x236, x233); + uint32_t x263 = (x262 + x234); + uint32_t x264; + fiat_p256_uint1 x265; + fiat_p256_addcarryx_u32(&x264, &x265, 0x0, x216, x247); + uint32_t x266; + fiat_p256_uint1 x267; + fiat_p256_addcarryx_u32(&x266, &x267, x265, x218, x249); + uint32_t x268; + fiat_p256_uint1 x269; + fiat_p256_addcarryx_u32(&x268, &x269, x267, x220, x251); + uint32_t x270; + fiat_p256_uint1 x271; + fiat_p256_addcarryx_u32(&x270, &x271, x269, x222, x253); + uint32_t x272; + fiat_p256_uint1 x273; + fiat_p256_addcarryx_u32(&x272, &x273, x271, x224, x255); + uint32_t x274; + fiat_p256_uint1 x275; + fiat_p256_addcarryx_u32(&x274, &x275, x273, x226, x257); + uint32_t x276; + fiat_p256_uint1 x277; + fiat_p256_addcarryx_u32(&x276, &x277, x275, x228, x259); + uint32_t x278; + fiat_p256_uint1 x279; + fiat_p256_addcarryx_u32(&x278, &x279, x277, x230, x261); + uint32_t x280; + fiat_p256_uint1 x281; + fiat_p256_addcarryx_u32(&x280, &x281, x279, x232, x263); + uint32_t x282; + uint32_t x283; + fiat_p256_mulx_u32(&x282, &x283, x264, UINT32_C(0xffffffff)); + uint32_t x284; + uint32_t x285; + fiat_p256_mulx_u32(&x284, &x285, x264, UINT32_C(0xffffffff)); + uint32_t x286; + uint32_t x287; + fiat_p256_mulx_u32(&x286, &x287, x264, UINT32_C(0xffffffff)); + uint32_t x288; + uint32_t x289; + fiat_p256_mulx_u32(&x288, &x289, x264, UINT32_C(0xffffffff)); + uint32_t x290; + fiat_p256_uint1 x291; + fiat_p256_addcarryx_u32(&x290, &x291, 0x0, x289, x286); + uint32_t x292; + fiat_p256_uint1 x293; + fiat_p256_addcarryx_u32(&x292, &x293, x291, x287, x284); + uint32_t x294 = (x293 + x285); + uint32_t x295; + fiat_p256_uint1 x296; + fiat_p256_addcarryx_u32(&x295, &x296, 0x0, x264, x288); + uint32_t x297; + fiat_p256_uint1 x298; + fiat_p256_addcarryx_u32(&x297, &x298, x296, x266, x290); + uint32_t x299; + fiat_p256_uint1 x300; + fiat_p256_addcarryx_u32(&x299, &x300, x298, x268, x292); + uint32_t x301; + fiat_p256_uint1 x302; + fiat_p256_addcarryx_u32(&x301, &x302, x300, x270, x294); + uint32_t x303; + fiat_p256_uint1 x304; + fiat_p256_addcarryx_u32(&x303, &x304, x302, x272, 0x0); + uint32_t x305; + fiat_p256_uint1 x306; + fiat_p256_addcarryx_u32(&x305, &x306, x304, x274, 0x0); + uint32_t x307; + fiat_p256_uint1 x308; + fiat_p256_addcarryx_u32(&x307, &x308, x306, x276, x264); + uint32_t x309; + fiat_p256_uint1 x310; + fiat_p256_addcarryx_u32(&x309, &x310, x308, x278, x282); + uint32_t x311; + fiat_p256_uint1 x312; + fiat_p256_addcarryx_u32(&x311, &x312, x310, x280, x283); + uint32_t x313 = ((uint32_t)x312 + x281); + uint32_t x314; + uint32_t x315; + fiat_p256_mulx_u32(&x314, &x315, x4, (arg2[7])); + uint32_t x316; + uint32_t x317; + fiat_p256_mulx_u32(&x316, &x317, x4, (arg2[6])); + uint32_t x318; + uint32_t x319; + fiat_p256_mulx_u32(&x318, &x319, x4, (arg2[5])); + uint32_t x320; + uint32_t x321; + fiat_p256_mulx_u32(&x320, &x321, x4, (arg2[4])); + uint32_t x322; + uint32_t x323; + fiat_p256_mulx_u32(&x322, &x323, x4, (arg2[3])); + uint32_t x324; + uint32_t x325; + fiat_p256_mulx_u32(&x324, &x325, x4, (arg2[2])); + uint32_t x326; + uint32_t x327; + fiat_p256_mulx_u32(&x326, &x327, x4, (arg2[1])); + uint32_t x328; + uint32_t x329; + fiat_p256_mulx_u32(&x328, &x329, x4, (arg2[0])); + uint32_t x330; + fiat_p256_uint1 x331; + fiat_p256_addcarryx_u32(&x330, &x331, 0x0, x329, x326); + uint32_t x332; + fiat_p256_uint1 x333; + fiat_p256_addcarryx_u32(&x332, &x333, x331, x327, x324); + uint32_t x334; + fiat_p256_uint1 x335; + fiat_p256_addcarryx_u32(&x334, &x335, x333, x325, x322); + uint32_t x336; + fiat_p256_uint1 x337; + fiat_p256_addcarryx_u32(&x336, &x337, x335, x323, x320); + uint32_t x338; + fiat_p256_uint1 x339; + fiat_p256_addcarryx_u32(&x338, &x339, x337, x321, x318); + uint32_t x340; + fiat_p256_uint1 x341; + fiat_p256_addcarryx_u32(&x340, &x341, x339, x319, x316); + uint32_t x342; + fiat_p256_uint1 x343; + fiat_p256_addcarryx_u32(&x342, &x343, x341, x317, x314); + uint32_t x344 = (x343 + x315); + uint32_t x345; + fiat_p256_uint1 x346; + fiat_p256_addcarryx_u32(&x345, &x346, 0x0, x297, x328); + uint32_t x347; + fiat_p256_uint1 x348; + fiat_p256_addcarryx_u32(&x347, &x348, x346, x299, x330); + uint32_t x349; + fiat_p256_uint1 x350; + fiat_p256_addcarryx_u32(&x349, &x350, x348, x301, x332); + uint32_t x351; + fiat_p256_uint1 x352; + fiat_p256_addcarryx_u32(&x351, &x352, x350, x303, x334); + uint32_t x353; + fiat_p256_uint1 x354; + fiat_p256_addcarryx_u32(&x353, &x354, x352, x305, x336); + uint32_t x355; + fiat_p256_uint1 x356; + fiat_p256_addcarryx_u32(&x355, &x356, x354, x307, x338); + uint32_t x357; + fiat_p256_uint1 x358; + fiat_p256_addcarryx_u32(&x357, &x358, x356, x309, x340); + uint32_t x359; + fiat_p256_uint1 x360; + fiat_p256_addcarryx_u32(&x359, &x360, x358, x311, x342); + uint32_t x361; + fiat_p256_uint1 x362; + fiat_p256_addcarryx_u32(&x361, &x362, x360, x313, x344); + uint32_t x363; + uint32_t x364; + fiat_p256_mulx_u32(&x363, &x364, x345, UINT32_C(0xffffffff)); + uint32_t x365; + uint32_t x366; + fiat_p256_mulx_u32(&x365, &x366, x345, UINT32_C(0xffffffff)); + uint32_t x367; + uint32_t x368; + fiat_p256_mulx_u32(&x367, &x368, x345, UINT32_C(0xffffffff)); + uint32_t x369; + uint32_t x370; + fiat_p256_mulx_u32(&x369, &x370, x345, UINT32_C(0xffffffff)); + uint32_t x371; + fiat_p256_uint1 x372; + fiat_p256_addcarryx_u32(&x371, &x372, 0x0, x370, x367); + uint32_t x373; + fiat_p256_uint1 x374; + fiat_p256_addcarryx_u32(&x373, &x374, x372, x368, x365); + uint32_t x375 = (x374 + x366); + uint32_t x376; + fiat_p256_uint1 x377; + fiat_p256_addcarryx_u32(&x376, &x377, 0x0, x345, x369); + uint32_t x378; + fiat_p256_uint1 x379; + fiat_p256_addcarryx_u32(&x378, &x379, x377, x347, x371); + uint32_t x380; + fiat_p256_uint1 x381; + fiat_p256_addcarryx_u32(&x380, &x381, x379, x349, x373); + uint32_t x382; + fiat_p256_uint1 x383; + fiat_p256_addcarryx_u32(&x382, &x383, x381, x351, x375); + uint32_t x384; + fiat_p256_uint1 x385; + fiat_p256_addcarryx_u32(&x384, &x385, x383, x353, 0x0); + uint32_t x386; + fiat_p256_uint1 x387; + fiat_p256_addcarryx_u32(&x386, &x387, x385, x355, 0x0); + uint32_t x388; + fiat_p256_uint1 x389; + fiat_p256_addcarryx_u32(&x388, &x389, x387, x357, x345); + uint32_t x390; + fiat_p256_uint1 x391; + fiat_p256_addcarryx_u32(&x390, &x391, x389, x359, x363); + uint32_t x392; + fiat_p256_uint1 x393; + fiat_p256_addcarryx_u32(&x392, &x393, x391, x361, x364); + uint32_t x394 = ((uint32_t)x393 + x362); + uint32_t x395; + uint32_t x396; + fiat_p256_mulx_u32(&x395, &x396, x5, (arg2[7])); + uint32_t x397; + uint32_t x398; + fiat_p256_mulx_u32(&x397, &x398, x5, (arg2[6])); + uint32_t x399; + uint32_t x400; + fiat_p256_mulx_u32(&x399, &x400, x5, (arg2[5])); + uint32_t x401; + uint32_t x402; + fiat_p256_mulx_u32(&x401, &x402, x5, (arg2[4])); + uint32_t x403; + uint32_t x404; + fiat_p256_mulx_u32(&x403, &x404, x5, (arg2[3])); + uint32_t x405; + uint32_t x406; + fiat_p256_mulx_u32(&x405, &x406, x5, (arg2[2])); + uint32_t x407; + uint32_t x408; + fiat_p256_mulx_u32(&x407, &x408, x5, (arg2[1])); + uint32_t x409; + uint32_t x410; + fiat_p256_mulx_u32(&x409, &x410, x5, (arg2[0])); + uint32_t x411; + fiat_p256_uint1 x412; + fiat_p256_addcarryx_u32(&x411, &x412, 0x0, x410, x407); + uint32_t x413; + fiat_p256_uint1 x414; + fiat_p256_addcarryx_u32(&x413, &x414, x412, x408, x405); + uint32_t x415; + fiat_p256_uint1 x416; + fiat_p256_addcarryx_u32(&x415, &x416, x414, x406, x403); + uint32_t x417; + fiat_p256_uint1 x418; + fiat_p256_addcarryx_u32(&x417, &x418, x416, x404, x401); + uint32_t x419; + fiat_p256_uint1 x420; + fiat_p256_addcarryx_u32(&x419, &x420, x418, x402, x399); + uint32_t x421; + fiat_p256_uint1 x422; + fiat_p256_addcarryx_u32(&x421, &x422, x420, x400, x397); + uint32_t x423; + fiat_p256_uint1 x424; + fiat_p256_addcarryx_u32(&x423, &x424, x422, x398, x395); + uint32_t x425 = (x424 + x396); + uint32_t x426; + fiat_p256_uint1 x427; + fiat_p256_addcarryx_u32(&x426, &x427, 0x0, x378, x409); + uint32_t x428; + fiat_p256_uint1 x429; + fiat_p256_addcarryx_u32(&x428, &x429, x427, x380, x411); + uint32_t x430; + fiat_p256_uint1 x431; + fiat_p256_addcarryx_u32(&x430, &x431, x429, x382, x413); + uint32_t x432; + fiat_p256_uint1 x433; + fiat_p256_addcarryx_u32(&x432, &x433, x431, x384, x415); + uint32_t x434; + fiat_p256_uint1 x435; + fiat_p256_addcarryx_u32(&x434, &x435, x433, x386, x417); + uint32_t x436; + fiat_p256_uint1 x437; + fiat_p256_addcarryx_u32(&x436, &x437, x435, x388, x419); + uint32_t x438; + fiat_p256_uint1 x439; + fiat_p256_addcarryx_u32(&x438, &x439, x437, x390, x421); + uint32_t x440; + fiat_p256_uint1 x441; + fiat_p256_addcarryx_u32(&x440, &x441, x439, x392, x423); + uint32_t x442; + fiat_p256_uint1 x443; + fiat_p256_addcarryx_u32(&x442, &x443, x441, x394, x425); + uint32_t x444; + uint32_t x445; + fiat_p256_mulx_u32(&x444, &x445, x426, UINT32_C(0xffffffff)); + uint32_t x446; + uint32_t x447; + fiat_p256_mulx_u32(&x446, &x447, x426, UINT32_C(0xffffffff)); + uint32_t x448; + uint32_t x449; + fiat_p256_mulx_u32(&x448, &x449, x426, UINT32_C(0xffffffff)); + uint32_t x450; + uint32_t x451; + fiat_p256_mulx_u32(&x450, &x451, x426, UINT32_C(0xffffffff)); + uint32_t x452; + fiat_p256_uint1 x453; + fiat_p256_addcarryx_u32(&x452, &x453, 0x0, x451, x448); + uint32_t x454; + fiat_p256_uint1 x455; + fiat_p256_addcarryx_u32(&x454, &x455, x453, x449, x446); + uint32_t x456 = (x455 + x447); + uint32_t x457; + fiat_p256_uint1 x458; + fiat_p256_addcarryx_u32(&x457, &x458, 0x0, x426, x450); + uint32_t x459; + fiat_p256_uint1 x460; + fiat_p256_addcarryx_u32(&x459, &x460, x458, x428, x452); + uint32_t x461; + fiat_p256_uint1 x462; + fiat_p256_addcarryx_u32(&x461, &x462, x460, x430, x454); + uint32_t x463; + fiat_p256_uint1 x464; + fiat_p256_addcarryx_u32(&x463, &x464, x462, x432, x456); + uint32_t x465; + fiat_p256_uint1 x466; + fiat_p256_addcarryx_u32(&x465, &x466, x464, x434, 0x0); + uint32_t x467; + fiat_p256_uint1 x468; + fiat_p256_addcarryx_u32(&x467, &x468, x466, x436, 0x0); + uint32_t x469; + fiat_p256_uint1 x470; + fiat_p256_addcarryx_u32(&x469, &x470, x468, x438, x426); + uint32_t x471; + fiat_p256_uint1 x472; + fiat_p256_addcarryx_u32(&x471, &x472, x470, x440, x444); + uint32_t x473; + fiat_p256_uint1 x474; + fiat_p256_addcarryx_u32(&x473, &x474, x472, x442, x445); + uint32_t x475 = ((uint32_t)x474 + x443); + uint32_t x476; + uint32_t x477; + fiat_p256_mulx_u32(&x476, &x477, x6, (arg2[7])); + uint32_t x478; + uint32_t x479; + fiat_p256_mulx_u32(&x478, &x479, x6, (arg2[6])); + uint32_t x480; + uint32_t x481; + fiat_p256_mulx_u32(&x480, &x481, x6, (arg2[5])); + uint32_t x482; + uint32_t x483; + fiat_p256_mulx_u32(&x482, &x483, x6, (arg2[4])); + uint32_t x484; + uint32_t x485; + fiat_p256_mulx_u32(&x484, &x485, x6, (arg2[3])); + uint32_t x486; + uint32_t x487; + fiat_p256_mulx_u32(&x486, &x487, x6, (arg2[2])); + uint32_t x488; + uint32_t x489; + fiat_p256_mulx_u32(&x488, &x489, x6, (arg2[1])); + uint32_t x490; + uint32_t x491; + fiat_p256_mulx_u32(&x490, &x491, x6, (arg2[0])); + uint32_t x492; + fiat_p256_uint1 x493; + fiat_p256_addcarryx_u32(&x492, &x493, 0x0, x491, x488); + uint32_t x494; + fiat_p256_uint1 x495; + fiat_p256_addcarryx_u32(&x494, &x495, x493, x489, x486); + uint32_t x496; + fiat_p256_uint1 x497; + fiat_p256_addcarryx_u32(&x496, &x497, x495, x487, x484); + uint32_t x498; + fiat_p256_uint1 x499; + fiat_p256_addcarryx_u32(&x498, &x499, x497, x485, x482); + uint32_t x500; + fiat_p256_uint1 x501; + fiat_p256_addcarryx_u32(&x500, &x501, x499, x483, x480); + uint32_t x502; + fiat_p256_uint1 x503; + fiat_p256_addcarryx_u32(&x502, &x503, x501, x481, x478); + uint32_t x504; + fiat_p256_uint1 x505; + fiat_p256_addcarryx_u32(&x504, &x505, x503, x479, x476); + uint32_t x506 = (x505 + x477); + uint32_t x507; + fiat_p256_uint1 x508; + fiat_p256_addcarryx_u32(&x507, &x508, 0x0, x459, x490); + uint32_t x509; + fiat_p256_uint1 x510; + fiat_p256_addcarryx_u32(&x509, &x510, x508, x461, x492); + uint32_t x511; + fiat_p256_uint1 x512; + fiat_p256_addcarryx_u32(&x511, &x512, x510, x463, x494); + uint32_t x513; + fiat_p256_uint1 x514; + fiat_p256_addcarryx_u32(&x513, &x514, x512, x465, x496); + uint32_t x515; + fiat_p256_uint1 x516; + fiat_p256_addcarryx_u32(&x515, &x516, x514, x467, x498); + uint32_t x517; + fiat_p256_uint1 x518; + fiat_p256_addcarryx_u32(&x517, &x518, x516, x469, x500); + uint32_t x519; + fiat_p256_uint1 x520; + fiat_p256_addcarryx_u32(&x519, &x520, x518, x471, x502); + uint32_t x521; + fiat_p256_uint1 x522; + fiat_p256_addcarryx_u32(&x521, &x522, x520, x473, x504); + uint32_t x523; + fiat_p256_uint1 x524; + fiat_p256_addcarryx_u32(&x523, &x524, x522, x475, x506); + uint32_t x525; + uint32_t x526; + fiat_p256_mulx_u32(&x525, &x526, x507, UINT32_C(0xffffffff)); + uint32_t x527; + uint32_t x528; + fiat_p256_mulx_u32(&x527, &x528, x507, UINT32_C(0xffffffff)); + uint32_t x529; + uint32_t x530; + fiat_p256_mulx_u32(&x529, &x530, x507, UINT32_C(0xffffffff)); + uint32_t x531; + uint32_t x532; + fiat_p256_mulx_u32(&x531, &x532, x507, UINT32_C(0xffffffff)); + uint32_t x533; + fiat_p256_uint1 x534; + fiat_p256_addcarryx_u32(&x533, &x534, 0x0, x532, x529); + uint32_t x535; + fiat_p256_uint1 x536; + fiat_p256_addcarryx_u32(&x535, &x536, x534, x530, x527); + uint32_t x537 = (x536 + x528); + uint32_t x538; + fiat_p256_uint1 x539; + fiat_p256_addcarryx_u32(&x538, &x539, 0x0, x507, x531); + uint32_t x540; + fiat_p256_uint1 x541; + fiat_p256_addcarryx_u32(&x540, &x541, x539, x509, x533); + uint32_t x542; + fiat_p256_uint1 x543; + fiat_p256_addcarryx_u32(&x542, &x543, x541, x511, x535); + uint32_t x544; + fiat_p256_uint1 x545; + fiat_p256_addcarryx_u32(&x544, &x545, x543, x513, x537); + uint32_t x546; + fiat_p256_uint1 x547; + fiat_p256_addcarryx_u32(&x546, &x547, x545, x515, 0x0); + uint32_t x548; + fiat_p256_uint1 x549; + fiat_p256_addcarryx_u32(&x548, &x549, x547, x517, 0x0); + uint32_t x550; + fiat_p256_uint1 x551; + fiat_p256_addcarryx_u32(&x550, &x551, x549, x519, x507); + uint32_t x552; + fiat_p256_uint1 x553; + fiat_p256_addcarryx_u32(&x552, &x553, x551, x521, x525); + uint32_t x554; + fiat_p256_uint1 x555; + fiat_p256_addcarryx_u32(&x554, &x555, x553, x523, x526); + uint32_t x556 = ((uint32_t)x555 + x524); + uint32_t x557; + uint32_t x558; + fiat_p256_mulx_u32(&x557, &x558, x7, (arg2[7])); + uint32_t x559; + uint32_t x560; + fiat_p256_mulx_u32(&x559, &x560, x7, (arg2[6])); + uint32_t x561; + uint32_t x562; + fiat_p256_mulx_u32(&x561, &x562, x7, (arg2[5])); + uint32_t x563; + uint32_t x564; + fiat_p256_mulx_u32(&x563, &x564, x7, (arg2[4])); + uint32_t x565; + uint32_t x566; + fiat_p256_mulx_u32(&x565, &x566, x7, (arg2[3])); + uint32_t x567; + uint32_t x568; + fiat_p256_mulx_u32(&x567, &x568, x7, (arg2[2])); + uint32_t x569; + uint32_t x570; + fiat_p256_mulx_u32(&x569, &x570, x7, (arg2[1])); + uint32_t x571; + uint32_t x572; + fiat_p256_mulx_u32(&x571, &x572, x7, (arg2[0])); + uint32_t x573; + fiat_p256_uint1 x574; + fiat_p256_addcarryx_u32(&x573, &x574, 0x0, x572, x569); + uint32_t x575; + fiat_p256_uint1 x576; + fiat_p256_addcarryx_u32(&x575, &x576, x574, x570, x567); + uint32_t x577; + fiat_p256_uint1 x578; + fiat_p256_addcarryx_u32(&x577, &x578, x576, x568, x565); + uint32_t x579; + fiat_p256_uint1 x580; + fiat_p256_addcarryx_u32(&x579, &x580, x578, x566, x563); + uint32_t x581; + fiat_p256_uint1 x582; + fiat_p256_addcarryx_u32(&x581, &x582, x580, x564, x561); + uint32_t x583; + fiat_p256_uint1 x584; + fiat_p256_addcarryx_u32(&x583, &x584, x582, x562, x559); + uint32_t x585; + fiat_p256_uint1 x586; + fiat_p256_addcarryx_u32(&x585, &x586, x584, x560, x557); + uint32_t x587 = (x586 + x558); + uint32_t x588; + fiat_p256_uint1 x589; + fiat_p256_addcarryx_u32(&x588, &x589, 0x0, x540, x571); + uint32_t x590; + fiat_p256_uint1 x591; + fiat_p256_addcarryx_u32(&x590, &x591, x589, x542, x573); + uint32_t x592; + fiat_p256_uint1 x593; + fiat_p256_addcarryx_u32(&x592, &x593, x591, x544, x575); + uint32_t x594; + fiat_p256_uint1 x595; + fiat_p256_addcarryx_u32(&x594, &x595, x593, x546, x577); + uint32_t x596; + fiat_p256_uint1 x597; + fiat_p256_addcarryx_u32(&x596, &x597, x595, x548, x579); + uint32_t x598; + fiat_p256_uint1 x599; + fiat_p256_addcarryx_u32(&x598, &x599, x597, x550, x581); + uint32_t x600; + fiat_p256_uint1 x601; + fiat_p256_addcarryx_u32(&x600, &x601, x599, x552, x583); + uint32_t x602; + fiat_p256_uint1 x603; + fiat_p256_addcarryx_u32(&x602, &x603, x601, x554, x585); + uint32_t x604; + fiat_p256_uint1 x605; + fiat_p256_addcarryx_u32(&x604, &x605, x603, x556, x587); + uint32_t x606; + uint32_t x607; + fiat_p256_mulx_u32(&x606, &x607, x588, UINT32_C(0xffffffff)); + uint32_t x608; + uint32_t x609; + fiat_p256_mulx_u32(&x608, &x609, x588, UINT32_C(0xffffffff)); + uint32_t x610; + uint32_t x611; + fiat_p256_mulx_u32(&x610, &x611, x588, UINT32_C(0xffffffff)); + uint32_t x612; + uint32_t x613; + fiat_p256_mulx_u32(&x612, &x613, x588, UINT32_C(0xffffffff)); + uint32_t x614; + fiat_p256_uint1 x615; + fiat_p256_addcarryx_u32(&x614, &x615, 0x0, x613, x610); + uint32_t x616; + fiat_p256_uint1 x617; + fiat_p256_addcarryx_u32(&x616, &x617, x615, x611, x608); + uint32_t x618 = (x617 + x609); + uint32_t x619; + fiat_p256_uint1 x620; + fiat_p256_addcarryx_u32(&x619, &x620, 0x0, x588, x612); + uint32_t x621; + fiat_p256_uint1 x622; + fiat_p256_addcarryx_u32(&x621, &x622, x620, x590, x614); + uint32_t x623; + fiat_p256_uint1 x624; + fiat_p256_addcarryx_u32(&x623, &x624, x622, x592, x616); + uint32_t x625; + fiat_p256_uint1 x626; + fiat_p256_addcarryx_u32(&x625, &x626, x624, x594, x618); + uint32_t x627; + fiat_p256_uint1 x628; + fiat_p256_addcarryx_u32(&x627, &x628, x626, x596, 0x0); + uint32_t x629; + fiat_p256_uint1 x630; + fiat_p256_addcarryx_u32(&x629, &x630, x628, x598, 0x0); + uint32_t x631; + fiat_p256_uint1 x632; + fiat_p256_addcarryx_u32(&x631, &x632, x630, x600, x588); + uint32_t x633; + fiat_p256_uint1 x634; + fiat_p256_addcarryx_u32(&x633, &x634, x632, x602, x606); + uint32_t x635; + fiat_p256_uint1 x636; + fiat_p256_addcarryx_u32(&x635, &x636, x634, x604, x607); + uint32_t x637 = ((uint32_t)x636 + x605); + uint32_t x638; + fiat_p256_uint1 x639; + fiat_p256_subborrowx_u32(&x638, &x639, 0x0, x621, UINT32_C(0xffffffff)); + uint32_t x640; + fiat_p256_uint1 x641; + fiat_p256_subborrowx_u32(&x640, &x641, x639, x623, UINT32_C(0xffffffff)); + uint32_t x642; + fiat_p256_uint1 x643; + fiat_p256_subborrowx_u32(&x642, &x643, x641, x625, UINT32_C(0xffffffff)); + uint32_t x644; + fiat_p256_uint1 x645; + fiat_p256_subborrowx_u32(&x644, &x645, x643, x627, 0x0); + uint32_t x646; + fiat_p256_uint1 x647; + fiat_p256_subborrowx_u32(&x646, &x647, x645, x629, 0x0); + uint32_t x648; + fiat_p256_uint1 x649; + fiat_p256_subborrowx_u32(&x648, &x649, x647, x631, 0x0); + uint32_t x650; + fiat_p256_uint1 x651; + fiat_p256_subborrowx_u32(&x650, &x651, x649, x633, 0x1); + uint32_t x652; + fiat_p256_uint1 x653; + fiat_p256_subborrowx_u32(&x652, &x653, x651, x635, UINT32_C(0xffffffff)); + uint32_t x654; + fiat_p256_uint1 x655; + fiat_p256_subborrowx_u32(&x654, &x655, x653, x637, 0x0); + uint32_t x656; + fiat_p256_cmovznz_u32(&x656, x655, x638, x621); + uint32_t x657; + fiat_p256_cmovznz_u32(&x657, x655, x640, x623); + uint32_t x658; + fiat_p256_cmovznz_u32(&x658, x655, x642, x625); + uint32_t x659; + fiat_p256_cmovznz_u32(&x659, x655, x644, x627); + uint32_t x660; + fiat_p256_cmovznz_u32(&x660, x655, x646, x629); + uint32_t x661; + fiat_p256_cmovznz_u32(&x661, x655, x648, x631); + uint32_t x662; + fiat_p256_cmovznz_u32(&x662, x655, x650, x633); + uint32_t x663; + fiat_p256_cmovznz_u32(&x663, x655, x652, x635); + out1[0] = x656; + out1[1] = x657; + out1[2] = x658; + out1[3] = x659; + out1[4] = x660; + out1[5] = x661; + out1[6] = x662; + out1[7] = x663; +} + +/* + * The function fiat_p256_square squares a field element in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { + uint32_t x1 = (arg1[1]); + uint32_t x2 = (arg1[2]); + uint32_t x3 = (arg1[3]); + uint32_t x4 = (arg1[4]); + uint32_t x5 = (arg1[5]); + uint32_t x6 = (arg1[6]); + uint32_t x7 = (arg1[7]); + uint32_t x8 = (arg1[0]); + uint32_t x9; + uint32_t x10; + fiat_p256_mulx_u32(&x9, &x10, x8, (arg1[7])); + uint32_t x11; + uint32_t x12; + fiat_p256_mulx_u32(&x11, &x12, x8, (arg1[6])); + uint32_t x13; + uint32_t x14; + fiat_p256_mulx_u32(&x13, &x14, x8, (arg1[5])); + uint32_t x15; + uint32_t x16; + fiat_p256_mulx_u32(&x15, &x16, x8, (arg1[4])); + uint32_t x17; + uint32_t x18; + fiat_p256_mulx_u32(&x17, &x18, x8, (arg1[3])); + uint32_t x19; + uint32_t x20; + fiat_p256_mulx_u32(&x19, &x20, x8, (arg1[2])); + uint32_t x21; + uint32_t x22; + fiat_p256_mulx_u32(&x21, &x22, x8, (arg1[1])); + uint32_t x23; + uint32_t x24; + fiat_p256_mulx_u32(&x23, &x24, x8, (arg1[0])); + uint32_t x25; + fiat_p256_uint1 x26; + fiat_p256_addcarryx_u32(&x25, &x26, 0x0, x24, x21); + uint32_t x27; + fiat_p256_uint1 x28; + fiat_p256_addcarryx_u32(&x27, &x28, x26, x22, x19); + uint32_t x29; + fiat_p256_uint1 x30; + fiat_p256_addcarryx_u32(&x29, &x30, x28, x20, x17); + uint32_t x31; + fiat_p256_uint1 x32; + fiat_p256_addcarryx_u32(&x31, &x32, x30, x18, x15); + uint32_t x33; + fiat_p256_uint1 x34; + fiat_p256_addcarryx_u32(&x33, &x34, x32, x16, x13); + uint32_t x35; + fiat_p256_uint1 x36; + fiat_p256_addcarryx_u32(&x35, &x36, x34, x14, x11); + uint32_t x37; + fiat_p256_uint1 x38; + fiat_p256_addcarryx_u32(&x37, &x38, x36, x12, x9); + uint32_t x39 = (x38 + x10); + uint32_t x40; + uint32_t x41; + fiat_p256_mulx_u32(&x40, &x41, x23, UINT32_C(0xffffffff)); + uint32_t x42; + uint32_t x43; + fiat_p256_mulx_u32(&x42, &x43, x23, UINT32_C(0xffffffff)); + uint32_t x44; + uint32_t x45; + fiat_p256_mulx_u32(&x44, &x45, x23, UINT32_C(0xffffffff)); + uint32_t x46; + uint32_t x47; + fiat_p256_mulx_u32(&x46, &x47, x23, UINT32_C(0xffffffff)); + uint32_t x48; + fiat_p256_uint1 x49; + fiat_p256_addcarryx_u32(&x48, &x49, 0x0, x47, x44); + uint32_t x50; + fiat_p256_uint1 x51; + fiat_p256_addcarryx_u32(&x50, &x51, x49, x45, x42); + uint32_t x52 = (x51 + x43); + uint32_t x53; + fiat_p256_uint1 x54; + fiat_p256_addcarryx_u32(&x53, &x54, 0x0, x23, x46); + uint32_t x55; + fiat_p256_uint1 x56; + fiat_p256_addcarryx_u32(&x55, &x56, x54, x25, x48); + uint32_t x57; + fiat_p256_uint1 x58; + fiat_p256_addcarryx_u32(&x57, &x58, x56, x27, x50); + uint32_t x59; + fiat_p256_uint1 x60; + fiat_p256_addcarryx_u32(&x59, &x60, x58, x29, x52); + uint32_t x61; + fiat_p256_uint1 x62; + fiat_p256_addcarryx_u32(&x61, &x62, x60, x31, 0x0); + uint32_t x63; + fiat_p256_uint1 x64; + fiat_p256_addcarryx_u32(&x63, &x64, x62, x33, 0x0); + uint32_t x65; + fiat_p256_uint1 x66; + fiat_p256_addcarryx_u32(&x65, &x66, x64, x35, x23); + uint32_t x67; + fiat_p256_uint1 x68; + fiat_p256_addcarryx_u32(&x67, &x68, x66, x37, x40); + uint32_t x69; + fiat_p256_uint1 x70; + fiat_p256_addcarryx_u32(&x69, &x70, x68, x39, x41); + uint32_t x71; + uint32_t x72; + fiat_p256_mulx_u32(&x71, &x72, x1, (arg1[7])); + uint32_t x73; + uint32_t x74; + fiat_p256_mulx_u32(&x73, &x74, x1, (arg1[6])); + uint32_t x75; + uint32_t x76; + fiat_p256_mulx_u32(&x75, &x76, x1, (arg1[5])); + uint32_t x77; + uint32_t x78; + fiat_p256_mulx_u32(&x77, &x78, x1, (arg1[4])); + uint32_t x79; + uint32_t x80; + fiat_p256_mulx_u32(&x79, &x80, x1, (arg1[3])); + uint32_t x81; + uint32_t x82; + fiat_p256_mulx_u32(&x81, &x82, x1, (arg1[2])); + uint32_t x83; + uint32_t x84; + fiat_p256_mulx_u32(&x83, &x84, x1, (arg1[1])); + uint32_t x85; + uint32_t x86; + fiat_p256_mulx_u32(&x85, &x86, x1, (arg1[0])); + uint32_t x87; + fiat_p256_uint1 x88; + fiat_p256_addcarryx_u32(&x87, &x88, 0x0, x86, x83); + uint32_t x89; + fiat_p256_uint1 x90; + fiat_p256_addcarryx_u32(&x89, &x90, x88, x84, x81); + uint32_t x91; + fiat_p256_uint1 x92; + fiat_p256_addcarryx_u32(&x91, &x92, x90, x82, x79); + uint32_t x93; + fiat_p256_uint1 x94; + fiat_p256_addcarryx_u32(&x93, &x94, x92, x80, x77); + uint32_t x95; + fiat_p256_uint1 x96; + fiat_p256_addcarryx_u32(&x95, &x96, x94, x78, x75); + uint32_t x97; + fiat_p256_uint1 x98; + fiat_p256_addcarryx_u32(&x97, &x98, x96, x76, x73); + uint32_t x99; + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u32(&x99, &x100, x98, x74, x71); + uint32_t x101 = (x100 + x72); + uint32_t x102; + fiat_p256_uint1 x103; + fiat_p256_addcarryx_u32(&x102, &x103, 0x0, x55, x85); + uint32_t x104; + fiat_p256_uint1 x105; + fiat_p256_addcarryx_u32(&x104, &x105, x103, x57, x87); + uint32_t x106; + fiat_p256_uint1 x107; + fiat_p256_addcarryx_u32(&x106, &x107, x105, x59, x89); + uint32_t x108; + fiat_p256_uint1 x109; + fiat_p256_addcarryx_u32(&x108, &x109, x107, x61, x91); + uint32_t x110; + fiat_p256_uint1 x111; + fiat_p256_addcarryx_u32(&x110, &x111, x109, x63, x93); + uint32_t x112; + fiat_p256_uint1 x113; + fiat_p256_addcarryx_u32(&x112, &x113, x111, x65, x95); + uint32_t x114; + fiat_p256_uint1 x115; + fiat_p256_addcarryx_u32(&x114, &x115, x113, x67, x97); + uint32_t x116; + fiat_p256_uint1 x117; + fiat_p256_addcarryx_u32(&x116, &x117, x115, x69, x99); + uint32_t x118; + fiat_p256_uint1 x119; + fiat_p256_addcarryx_u32(&x118, &x119, x117, x70, x101); + uint32_t x120; + uint32_t x121; + fiat_p256_mulx_u32(&x120, &x121, x102, UINT32_C(0xffffffff)); + uint32_t x122; + uint32_t x123; + fiat_p256_mulx_u32(&x122, &x123, x102, UINT32_C(0xffffffff)); + uint32_t x124; + uint32_t x125; + fiat_p256_mulx_u32(&x124, &x125, x102, UINT32_C(0xffffffff)); + uint32_t x126; + uint32_t x127; + fiat_p256_mulx_u32(&x126, &x127, x102, UINT32_C(0xffffffff)); + uint32_t x128; + fiat_p256_uint1 x129; + fiat_p256_addcarryx_u32(&x128, &x129, 0x0, x127, x124); + uint32_t x130; + fiat_p256_uint1 x131; + fiat_p256_addcarryx_u32(&x130, &x131, x129, x125, x122); + uint32_t x132 = (x131 + x123); + uint32_t x133; + fiat_p256_uint1 x134; + fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x102, x126); + uint32_t x135; + fiat_p256_uint1 x136; + fiat_p256_addcarryx_u32(&x135, &x136, x134, x104, x128); + uint32_t x137; + fiat_p256_uint1 x138; + fiat_p256_addcarryx_u32(&x137, &x138, x136, x106, x130); + uint32_t x139; + fiat_p256_uint1 x140; + fiat_p256_addcarryx_u32(&x139, &x140, x138, x108, x132); + uint32_t x141; + fiat_p256_uint1 x142; + fiat_p256_addcarryx_u32(&x141, &x142, x140, x110, 0x0); + uint32_t x143; + fiat_p256_uint1 x144; + fiat_p256_addcarryx_u32(&x143, &x144, x142, x112, 0x0); + uint32_t x145; + fiat_p256_uint1 x146; + fiat_p256_addcarryx_u32(&x145, &x146, x144, x114, x102); + uint32_t x147; + fiat_p256_uint1 x148; + fiat_p256_addcarryx_u32(&x147, &x148, x146, x116, x120); + uint32_t x149; + fiat_p256_uint1 x150; + fiat_p256_addcarryx_u32(&x149, &x150, x148, x118, x121); + uint32_t x151 = ((uint32_t)x150 + x119); + uint32_t x152; + uint32_t x153; + fiat_p256_mulx_u32(&x152, &x153, x2, (arg1[7])); + uint32_t x154; + uint32_t x155; + fiat_p256_mulx_u32(&x154, &x155, x2, (arg1[6])); + uint32_t x156; + uint32_t x157; + fiat_p256_mulx_u32(&x156, &x157, x2, (arg1[5])); + uint32_t x158; + uint32_t x159; + fiat_p256_mulx_u32(&x158, &x159, x2, (arg1[4])); + uint32_t x160; + uint32_t x161; + fiat_p256_mulx_u32(&x160, &x161, x2, (arg1[3])); + uint32_t x162; + uint32_t x163; + fiat_p256_mulx_u32(&x162, &x163, x2, (arg1[2])); + uint32_t x164; + uint32_t x165; + fiat_p256_mulx_u32(&x164, &x165, x2, (arg1[1])); + uint32_t x166; + uint32_t x167; + fiat_p256_mulx_u32(&x166, &x167, x2, (arg1[0])); + uint32_t x168; + fiat_p256_uint1 x169; + fiat_p256_addcarryx_u32(&x168, &x169, 0x0, x167, x164); + uint32_t x170; + fiat_p256_uint1 x171; + fiat_p256_addcarryx_u32(&x170, &x171, x169, x165, x162); + uint32_t x172; + fiat_p256_uint1 x173; + fiat_p256_addcarryx_u32(&x172, &x173, x171, x163, x160); + uint32_t x174; + fiat_p256_uint1 x175; + fiat_p256_addcarryx_u32(&x174, &x175, x173, x161, x158); + uint32_t x176; + fiat_p256_uint1 x177; + fiat_p256_addcarryx_u32(&x176, &x177, x175, x159, x156); + uint32_t x178; + fiat_p256_uint1 x179; + fiat_p256_addcarryx_u32(&x178, &x179, x177, x157, x154); + uint32_t x180; + fiat_p256_uint1 x181; + fiat_p256_addcarryx_u32(&x180, &x181, x179, x155, x152); + uint32_t x182 = (x181 + x153); + uint32_t x183; + fiat_p256_uint1 x184; + fiat_p256_addcarryx_u32(&x183, &x184, 0x0, x135, x166); + uint32_t x185; + fiat_p256_uint1 x186; + fiat_p256_addcarryx_u32(&x185, &x186, x184, x137, x168); + uint32_t x187; + fiat_p256_uint1 x188; + fiat_p256_addcarryx_u32(&x187, &x188, x186, x139, x170); + uint32_t x189; + fiat_p256_uint1 x190; + fiat_p256_addcarryx_u32(&x189, &x190, x188, x141, x172); + uint32_t x191; + fiat_p256_uint1 x192; + fiat_p256_addcarryx_u32(&x191, &x192, x190, x143, x174); + uint32_t x193; + fiat_p256_uint1 x194; + fiat_p256_addcarryx_u32(&x193, &x194, x192, x145, x176); + uint32_t x195; + fiat_p256_uint1 x196; + fiat_p256_addcarryx_u32(&x195, &x196, x194, x147, x178); + uint32_t x197; + fiat_p256_uint1 x198; + fiat_p256_addcarryx_u32(&x197, &x198, x196, x149, x180); + uint32_t x199; + fiat_p256_uint1 x200; + fiat_p256_addcarryx_u32(&x199, &x200, x198, x151, x182); + uint32_t x201; + uint32_t x202; + fiat_p256_mulx_u32(&x201, &x202, x183, UINT32_C(0xffffffff)); + uint32_t x203; + uint32_t x204; + fiat_p256_mulx_u32(&x203, &x204, x183, UINT32_C(0xffffffff)); + uint32_t x205; + uint32_t x206; + fiat_p256_mulx_u32(&x205, &x206, x183, UINT32_C(0xffffffff)); + uint32_t x207; + uint32_t x208; + fiat_p256_mulx_u32(&x207, &x208, x183, UINT32_C(0xffffffff)); + uint32_t x209; + fiat_p256_uint1 x210; + fiat_p256_addcarryx_u32(&x209, &x210, 0x0, x208, x205); + uint32_t x211; + fiat_p256_uint1 x212; + fiat_p256_addcarryx_u32(&x211, &x212, x210, x206, x203); + uint32_t x213 = (x212 + x204); + uint32_t x214; + fiat_p256_uint1 x215; + fiat_p256_addcarryx_u32(&x214, &x215, 0x0, x183, x207); + uint32_t x216; + fiat_p256_uint1 x217; + fiat_p256_addcarryx_u32(&x216, &x217, x215, x185, x209); + uint32_t x218; + fiat_p256_uint1 x219; + fiat_p256_addcarryx_u32(&x218, &x219, x217, x187, x211); + uint32_t x220; + fiat_p256_uint1 x221; + fiat_p256_addcarryx_u32(&x220, &x221, x219, x189, x213); + uint32_t x222; + fiat_p256_uint1 x223; + fiat_p256_addcarryx_u32(&x222, &x223, x221, x191, 0x0); + uint32_t x224; + fiat_p256_uint1 x225; + fiat_p256_addcarryx_u32(&x224, &x225, x223, x193, 0x0); + uint32_t x226; + fiat_p256_uint1 x227; + fiat_p256_addcarryx_u32(&x226, &x227, x225, x195, x183); + uint32_t x228; + fiat_p256_uint1 x229; + fiat_p256_addcarryx_u32(&x228, &x229, x227, x197, x201); + uint32_t x230; + fiat_p256_uint1 x231; + fiat_p256_addcarryx_u32(&x230, &x231, x229, x199, x202); + uint32_t x232 = ((uint32_t)x231 + x200); + uint32_t x233; + uint32_t x234; + fiat_p256_mulx_u32(&x233, &x234, x3, (arg1[7])); + uint32_t x235; + uint32_t x236; + fiat_p256_mulx_u32(&x235, &x236, x3, (arg1[6])); + uint32_t x237; + uint32_t x238; + fiat_p256_mulx_u32(&x237, &x238, x3, (arg1[5])); + uint32_t x239; + uint32_t x240; + fiat_p256_mulx_u32(&x239, &x240, x3, (arg1[4])); + uint32_t x241; + uint32_t x242; + fiat_p256_mulx_u32(&x241, &x242, x3, (arg1[3])); + uint32_t x243; + uint32_t x244; + fiat_p256_mulx_u32(&x243, &x244, x3, (arg1[2])); + uint32_t x245; + uint32_t x246; + fiat_p256_mulx_u32(&x245, &x246, x3, (arg1[1])); + uint32_t x247; + uint32_t x248; + fiat_p256_mulx_u32(&x247, &x248, x3, (arg1[0])); + uint32_t x249; + fiat_p256_uint1 x250; + fiat_p256_addcarryx_u32(&x249, &x250, 0x0, x248, x245); + uint32_t x251; + fiat_p256_uint1 x252; + fiat_p256_addcarryx_u32(&x251, &x252, x250, x246, x243); + uint32_t x253; + fiat_p256_uint1 x254; + fiat_p256_addcarryx_u32(&x253, &x254, x252, x244, x241); + uint32_t x255; + fiat_p256_uint1 x256; + fiat_p256_addcarryx_u32(&x255, &x256, x254, x242, x239); + uint32_t x257; + fiat_p256_uint1 x258; + fiat_p256_addcarryx_u32(&x257, &x258, x256, x240, x237); + uint32_t x259; + fiat_p256_uint1 x260; + fiat_p256_addcarryx_u32(&x259, &x260, x258, x238, x235); + uint32_t x261; + fiat_p256_uint1 x262; + fiat_p256_addcarryx_u32(&x261, &x262, x260, x236, x233); + uint32_t x263 = (x262 + x234); + uint32_t x264; + fiat_p256_uint1 x265; + fiat_p256_addcarryx_u32(&x264, &x265, 0x0, x216, x247); + uint32_t x266; + fiat_p256_uint1 x267; + fiat_p256_addcarryx_u32(&x266, &x267, x265, x218, x249); + uint32_t x268; + fiat_p256_uint1 x269; + fiat_p256_addcarryx_u32(&x268, &x269, x267, x220, x251); + uint32_t x270; + fiat_p256_uint1 x271; + fiat_p256_addcarryx_u32(&x270, &x271, x269, x222, x253); + uint32_t x272; + fiat_p256_uint1 x273; + fiat_p256_addcarryx_u32(&x272, &x273, x271, x224, x255); + uint32_t x274; + fiat_p256_uint1 x275; + fiat_p256_addcarryx_u32(&x274, &x275, x273, x226, x257); + uint32_t x276; + fiat_p256_uint1 x277; + fiat_p256_addcarryx_u32(&x276, &x277, x275, x228, x259); + uint32_t x278; + fiat_p256_uint1 x279; + fiat_p256_addcarryx_u32(&x278, &x279, x277, x230, x261); + uint32_t x280; + fiat_p256_uint1 x281; + fiat_p256_addcarryx_u32(&x280, &x281, x279, x232, x263); + uint32_t x282; + uint32_t x283; + fiat_p256_mulx_u32(&x282, &x283, x264, UINT32_C(0xffffffff)); + uint32_t x284; + uint32_t x285; + fiat_p256_mulx_u32(&x284, &x285, x264, UINT32_C(0xffffffff)); + uint32_t x286; + uint32_t x287; + fiat_p256_mulx_u32(&x286, &x287, x264, UINT32_C(0xffffffff)); + uint32_t x288; + uint32_t x289; + fiat_p256_mulx_u32(&x288, &x289, x264, UINT32_C(0xffffffff)); + uint32_t x290; + fiat_p256_uint1 x291; + fiat_p256_addcarryx_u32(&x290, &x291, 0x0, x289, x286); + uint32_t x292; + fiat_p256_uint1 x293; + fiat_p256_addcarryx_u32(&x292, &x293, x291, x287, x284); + uint32_t x294 = (x293 + x285); + uint32_t x295; + fiat_p256_uint1 x296; + fiat_p256_addcarryx_u32(&x295, &x296, 0x0, x264, x288); + uint32_t x297; + fiat_p256_uint1 x298; + fiat_p256_addcarryx_u32(&x297, &x298, x296, x266, x290); + uint32_t x299; + fiat_p256_uint1 x300; + fiat_p256_addcarryx_u32(&x299, &x300, x298, x268, x292); + uint32_t x301; + fiat_p256_uint1 x302; + fiat_p256_addcarryx_u32(&x301, &x302, x300, x270, x294); + uint32_t x303; + fiat_p256_uint1 x304; + fiat_p256_addcarryx_u32(&x303, &x304, x302, x272, 0x0); + uint32_t x305; + fiat_p256_uint1 x306; + fiat_p256_addcarryx_u32(&x305, &x306, x304, x274, 0x0); + uint32_t x307; + fiat_p256_uint1 x308; + fiat_p256_addcarryx_u32(&x307, &x308, x306, x276, x264); + uint32_t x309; + fiat_p256_uint1 x310; + fiat_p256_addcarryx_u32(&x309, &x310, x308, x278, x282); + uint32_t x311; + fiat_p256_uint1 x312; + fiat_p256_addcarryx_u32(&x311, &x312, x310, x280, x283); + uint32_t x313 = ((uint32_t)x312 + x281); + uint32_t x314; + uint32_t x315; + fiat_p256_mulx_u32(&x314, &x315, x4, (arg1[7])); + uint32_t x316; + uint32_t x317; + fiat_p256_mulx_u32(&x316, &x317, x4, (arg1[6])); + uint32_t x318; + uint32_t x319; + fiat_p256_mulx_u32(&x318, &x319, x4, (arg1[5])); + uint32_t x320; + uint32_t x321; + fiat_p256_mulx_u32(&x320, &x321, x4, (arg1[4])); + uint32_t x322; + uint32_t x323; + fiat_p256_mulx_u32(&x322, &x323, x4, (arg1[3])); + uint32_t x324; + uint32_t x325; + fiat_p256_mulx_u32(&x324, &x325, x4, (arg1[2])); + uint32_t x326; + uint32_t x327; + fiat_p256_mulx_u32(&x326, &x327, x4, (arg1[1])); + uint32_t x328; + uint32_t x329; + fiat_p256_mulx_u32(&x328, &x329, x4, (arg1[0])); + uint32_t x330; + fiat_p256_uint1 x331; + fiat_p256_addcarryx_u32(&x330, &x331, 0x0, x329, x326); + uint32_t x332; + fiat_p256_uint1 x333; + fiat_p256_addcarryx_u32(&x332, &x333, x331, x327, x324); + uint32_t x334; + fiat_p256_uint1 x335; + fiat_p256_addcarryx_u32(&x334, &x335, x333, x325, x322); + uint32_t x336; + fiat_p256_uint1 x337; + fiat_p256_addcarryx_u32(&x336, &x337, x335, x323, x320); + uint32_t x338; + fiat_p256_uint1 x339; + fiat_p256_addcarryx_u32(&x338, &x339, x337, x321, x318); + uint32_t x340; + fiat_p256_uint1 x341; + fiat_p256_addcarryx_u32(&x340, &x341, x339, x319, x316); + uint32_t x342; + fiat_p256_uint1 x343; + fiat_p256_addcarryx_u32(&x342, &x343, x341, x317, x314); + uint32_t x344 = (x343 + x315); + uint32_t x345; + fiat_p256_uint1 x346; + fiat_p256_addcarryx_u32(&x345, &x346, 0x0, x297, x328); + uint32_t x347; + fiat_p256_uint1 x348; + fiat_p256_addcarryx_u32(&x347, &x348, x346, x299, x330); + uint32_t x349; + fiat_p256_uint1 x350; + fiat_p256_addcarryx_u32(&x349, &x350, x348, x301, x332); + uint32_t x351; + fiat_p256_uint1 x352; + fiat_p256_addcarryx_u32(&x351, &x352, x350, x303, x334); + uint32_t x353; + fiat_p256_uint1 x354; + fiat_p256_addcarryx_u32(&x353, &x354, x352, x305, x336); + uint32_t x355; + fiat_p256_uint1 x356; + fiat_p256_addcarryx_u32(&x355, &x356, x354, x307, x338); + uint32_t x357; + fiat_p256_uint1 x358; + fiat_p256_addcarryx_u32(&x357, &x358, x356, x309, x340); + uint32_t x359; + fiat_p256_uint1 x360; + fiat_p256_addcarryx_u32(&x359, &x360, x358, x311, x342); + uint32_t x361; + fiat_p256_uint1 x362; + fiat_p256_addcarryx_u32(&x361, &x362, x360, x313, x344); + uint32_t x363; + uint32_t x364; + fiat_p256_mulx_u32(&x363, &x364, x345, UINT32_C(0xffffffff)); + uint32_t x365; + uint32_t x366; + fiat_p256_mulx_u32(&x365, &x366, x345, UINT32_C(0xffffffff)); + uint32_t x367; + uint32_t x368; + fiat_p256_mulx_u32(&x367, &x368, x345, UINT32_C(0xffffffff)); + uint32_t x369; + uint32_t x370; + fiat_p256_mulx_u32(&x369, &x370, x345, UINT32_C(0xffffffff)); + uint32_t x371; + fiat_p256_uint1 x372; + fiat_p256_addcarryx_u32(&x371, &x372, 0x0, x370, x367); + uint32_t x373; + fiat_p256_uint1 x374; + fiat_p256_addcarryx_u32(&x373, &x374, x372, x368, x365); + uint32_t x375 = (x374 + x366); + uint32_t x376; + fiat_p256_uint1 x377; + fiat_p256_addcarryx_u32(&x376, &x377, 0x0, x345, x369); + uint32_t x378; + fiat_p256_uint1 x379; + fiat_p256_addcarryx_u32(&x378, &x379, x377, x347, x371); + uint32_t x380; + fiat_p256_uint1 x381; + fiat_p256_addcarryx_u32(&x380, &x381, x379, x349, x373); + uint32_t x382; + fiat_p256_uint1 x383; + fiat_p256_addcarryx_u32(&x382, &x383, x381, x351, x375); + uint32_t x384; + fiat_p256_uint1 x385; + fiat_p256_addcarryx_u32(&x384, &x385, x383, x353, 0x0); + uint32_t x386; + fiat_p256_uint1 x387; + fiat_p256_addcarryx_u32(&x386, &x387, x385, x355, 0x0); + uint32_t x388; + fiat_p256_uint1 x389; + fiat_p256_addcarryx_u32(&x388, &x389, x387, x357, x345); + uint32_t x390; + fiat_p256_uint1 x391; + fiat_p256_addcarryx_u32(&x390, &x391, x389, x359, x363); + uint32_t x392; + fiat_p256_uint1 x393; + fiat_p256_addcarryx_u32(&x392, &x393, x391, x361, x364); + uint32_t x394 = ((uint32_t)x393 + x362); + uint32_t x395; + uint32_t x396; + fiat_p256_mulx_u32(&x395, &x396, x5, (arg1[7])); + uint32_t x397; + uint32_t x398; + fiat_p256_mulx_u32(&x397, &x398, x5, (arg1[6])); + uint32_t x399; + uint32_t x400; + fiat_p256_mulx_u32(&x399, &x400, x5, (arg1[5])); + uint32_t x401; + uint32_t x402; + fiat_p256_mulx_u32(&x401, &x402, x5, (arg1[4])); + uint32_t x403; + uint32_t x404; + fiat_p256_mulx_u32(&x403, &x404, x5, (arg1[3])); + uint32_t x405; + uint32_t x406; + fiat_p256_mulx_u32(&x405, &x406, x5, (arg1[2])); + uint32_t x407; + uint32_t x408; + fiat_p256_mulx_u32(&x407, &x408, x5, (arg1[1])); + uint32_t x409; + uint32_t x410; + fiat_p256_mulx_u32(&x409, &x410, x5, (arg1[0])); + uint32_t x411; + fiat_p256_uint1 x412; + fiat_p256_addcarryx_u32(&x411, &x412, 0x0, x410, x407); + uint32_t x413; + fiat_p256_uint1 x414; + fiat_p256_addcarryx_u32(&x413, &x414, x412, x408, x405); + uint32_t x415; + fiat_p256_uint1 x416; + fiat_p256_addcarryx_u32(&x415, &x416, x414, x406, x403); + uint32_t x417; + fiat_p256_uint1 x418; + fiat_p256_addcarryx_u32(&x417, &x418, x416, x404, x401); + uint32_t x419; + fiat_p256_uint1 x420; + fiat_p256_addcarryx_u32(&x419, &x420, x418, x402, x399); + uint32_t x421; + fiat_p256_uint1 x422; + fiat_p256_addcarryx_u32(&x421, &x422, x420, x400, x397); + uint32_t x423; + fiat_p256_uint1 x424; + fiat_p256_addcarryx_u32(&x423, &x424, x422, x398, x395); + uint32_t x425 = (x424 + x396); + uint32_t x426; + fiat_p256_uint1 x427; + fiat_p256_addcarryx_u32(&x426, &x427, 0x0, x378, x409); + uint32_t x428; + fiat_p256_uint1 x429; + fiat_p256_addcarryx_u32(&x428, &x429, x427, x380, x411); + uint32_t x430; + fiat_p256_uint1 x431; + fiat_p256_addcarryx_u32(&x430, &x431, x429, x382, x413); + uint32_t x432; + fiat_p256_uint1 x433; + fiat_p256_addcarryx_u32(&x432, &x433, x431, x384, x415); + uint32_t x434; + fiat_p256_uint1 x435; + fiat_p256_addcarryx_u32(&x434, &x435, x433, x386, x417); + uint32_t x436; + fiat_p256_uint1 x437; + fiat_p256_addcarryx_u32(&x436, &x437, x435, x388, x419); + uint32_t x438; + fiat_p256_uint1 x439; + fiat_p256_addcarryx_u32(&x438, &x439, x437, x390, x421); + uint32_t x440; + fiat_p256_uint1 x441; + fiat_p256_addcarryx_u32(&x440, &x441, x439, x392, x423); + uint32_t x442; + fiat_p256_uint1 x443; + fiat_p256_addcarryx_u32(&x442, &x443, x441, x394, x425); + uint32_t x444; + uint32_t x445; + fiat_p256_mulx_u32(&x444, &x445, x426, UINT32_C(0xffffffff)); + uint32_t x446; + uint32_t x447; + fiat_p256_mulx_u32(&x446, &x447, x426, UINT32_C(0xffffffff)); + uint32_t x448; + uint32_t x449; + fiat_p256_mulx_u32(&x448, &x449, x426, UINT32_C(0xffffffff)); + uint32_t x450; + uint32_t x451; + fiat_p256_mulx_u32(&x450, &x451, x426, UINT32_C(0xffffffff)); + uint32_t x452; + fiat_p256_uint1 x453; + fiat_p256_addcarryx_u32(&x452, &x453, 0x0, x451, x448); + uint32_t x454; + fiat_p256_uint1 x455; + fiat_p256_addcarryx_u32(&x454, &x455, x453, x449, x446); + uint32_t x456 = (x455 + x447); + uint32_t x457; + fiat_p256_uint1 x458; + fiat_p256_addcarryx_u32(&x457, &x458, 0x0, x426, x450); + uint32_t x459; + fiat_p256_uint1 x460; + fiat_p256_addcarryx_u32(&x459, &x460, x458, x428, x452); + uint32_t x461; + fiat_p256_uint1 x462; + fiat_p256_addcarryx_u32(&x461, &x462, x460, x430, x454); + uint32_t x463; + fiat_p256_uint1 x464; + fiat_p256_addcarryx_u32(&x463, &x464, x462, x432, x456); + uint32_t x465; + fiat_p256_uint1 x466; + fiat_p256_addcarryx_u32(&x465, &x466, x464, x434, 0x0); + uint32_t x467; + fiat_p256_uint1 x468; + fiat_p256_addcarryx_u32(&x467, &x468, x466, x436, 0x0); + uint32_t x469; + fiat_p256_uint1 x470; + fiat_p256_addcarryx_u32(&x469, &x470, x468, x438, x426); + uint32_t x471; + fiat_p256_uint1 x472; + fiat_p256_addcarryx_u32(&x471, &x472, x470, x440, x444); + uint32_t x473; + fiat_p256_uint1 x474; + fiat_p256_addcarryx_u32(&x473, &x474, x472, x442, x445); + uint32_t x475 = ((uint32_t)x474 + x443); + uint32_t x476; + uint32_t x477; + fiat_p256_mulx_u32(&x476, &x477, x6, (arg1[7])); + uint32_t x478; + uint32_t x479; + fiat_p256_mulx_u32(&x478, &x479, x6, (arg1[6])); + uint32_t x480; + uint32_t x481; + fiat_p256_mulx_u32(&x480, &x481, x6, (arg1[5])); + uint32_t x482; + uint32_t x483; + fiat_p256_mulx_u32(&x482, &x483, x6, (arg1[4])); + uint32_t x484; + uint32_t x485; + fiat_p256_mulx_u32(&x484, &x485, x6, (arg1[3])); + uint32_t x486; + uint32_t x487; + fiat_p256_mulx_u32(&x486, &x487, x6, (arg1[2])); + uint32_t x488; + uint32_t x489; + fiat_p256_mulx_u32(&x488, &x489, x6, (arg1[1])); + uint32_t x490; + uint32_t x491; + fiat_p256_mulx_u32(&x490, &x491, x6, (arg1[0])); + uint32_t x492; + fiat_p256_uint1 x493; + fiat_p256_addcarryx_u32(&x492, &x493, 0x0, x491, x488); + uint32_t x494; + fiat_p256_uint1 x495; + fiat_p256_addcarryx_u32(&x494, &x495, x493, x489, x486); + uint32_t x496; + fiat_p256_uint1 x497; + fiat_p256_addcarryx_u32(&x496, &x497, x495, x487, x484); + uint32_t x498; + fiat_p256_uint1 x499; + fiat_p256_addcarryx_u32(&x498, &x499, x497, x485, x482); + uint32_t x500; + fiat_p256_uint1 x501; + fiat_p256_addcarryx_u32(&x500, &x501, x499, x483, x480); + uint32_t x502; + fiat_p256_uint1 x503; + fiat_p256_addcarryx_u32(&x502, &x503, x501, x481, x478); + uint32_t x504; + fiat_p256_uint1 x505; + fiat_p256_addcarryx_u32(&x504, &x505, x503, x479, x476); + uint32_t x506 = (x505 + x477); + uint32_t x507; + fiat_p256_uint1 x508; + fiat_p256_addcarryx_u32(&x507, &x508, 0x0, x459, x490); + uint32_t x509; + fiat_p256_uint1 x510; + fiat_p256_addcarryx_u32(&x509, &x510, x508, x461, x492); + uint32_t x511; + fiat_p256_uint1 x512; + fiat_p256_addcarryx_u32(&x511, &x512, x510, x463, x494); + uint32_t x513; + fiat_p256_uint1 x514; + fiat_p256_addcarryx_u32(&x513, &x514, x512, x465, x496); + uint32_t x515; + fiat_p256_uint1 x516; + fiat_p256_addcarryx_u32(&x515, &x516, x514, x467, x498); + uint32_t x517; + fiat_p256_uint1 x518; + fiat_p256_addcarryx_u32(&x517, &x518, x516, x469, x500); + uint32_t x519; + fiat_p256_uint1 x520; + fiat_p256_addcarryx_u32(&x519, &x520, x518, x471, x502); + uint32_t x521; + fiat_p256_uint1 x522; + fiat_p256_addcarryx_u32(&x521, &x522, x520, x473, x504); + uint32_t x523; + fiat_p256_uint1 x524; + fiat_p256_addcarryx_u32(&x523, &x524, x522, x475, x506); + uint32_t x525; + uint32_t x526; + fiat_p256_mulx_u32(&x525, &x526, x507, UINT32_C(0xffffffff)); + uint32_t x527; + uint32_t x528; + fiat_p256_mulx_u32(&x527, &x528, x507, UINT32_C(0xffffffff)); + uint32_t x529; + uint32_t x530; + fiat_p256_mulx_u32(&x529, &x530, x507, UINT32_C(0xffffffff)); + uint32_t x531; + uint32_t x532; + fiat_p256_mulx_u32(&x531, &x532, x507, UINT32_C(0xffffffff)); + uint32_t x533; + fiat_p256_uint1 x534; + fiat_p256_addcarryx_u32(&x533, &x534, 0x0, x532, x529); + uint32_t x535; + fiat_p256_uint1 x536; + fiat_p256_addcarryx_u32(&x535, &x536, x534, x530, x527); + uint32_t x537 = (x536 + x528); + uint32_t x538; + fiat_p256_uint1 x539; + fiat_p256_addcarryx_u32(&x538, &x539, 0x0, x507, x531); + uint32_t x540; + fiat_p256_uint1 x541; + fiat_p256_addcarryx_u32(&x540, &x541, x539, x509, x533); + uint32_t x542; + fiat_p256_uint1 x543; + fiat_p256_addcarryx_u32(&x542, &x543, x541, x511, x535); + uint32_t x544; + fiat_p256_uint1 x545; + fiat_p256_addcarryx_u32(&x544, &x545, x543, x513, x537); + uint32_t x546; + fiat_p256_uint1 x547; + fiat_p256_addcarryx_u32(&x546, &x547, x545, x515, 0x0); + uint32_t x548; + fiat_p256_uint1 x549; + fiat_p256_addcarryx_u32(&x548, &x549, x547, x517, 0x0); + uint32_t x550; + fiat_p256_uint1 x551; + fiat_p256_addcarryx_u32(&x550, &x551, x549, x519, x507); + uint32_t x552; + fiat_p256_uint1 x553; + fiat_p256_addcarryx_u32(&x552, &x553, x551, x521, x525); + uint32_t x554; + fiat_p256_uint1 x555; + fiat_p256_addcarryx_u32(&x554, &x555, x553, x523, x526); + uint32_t x556 = ((uint32_t)x555 + x524); + uint32_t x557; + uint32_t x558; + fiat_p256_mulx_u32(&x557, &x558, x7, (arg1[7])); + uint32_t x559; + uint32_t x560; + fiat_p256_mulx_u32(&x559, &x560, x7, (arg1[6])); + uint32_t x561; + uint32_t x562; + fiat_p256_mulx_u32(&x561, &x562, x7, (arg1[5])); + uint32_t x563; + uint32_t x564; + fiat_p256_mulx_u32(&x563, &x564, x7, (arg1[4])); + uint32_t x565; + uint32_t x566; + fiat_p256_mulx_u32(&x565, &x566, x7, (arg1[3])); + uint32_t x567; + uint32_t x568; + fiat_p256_mulx_u32(&x567, &x568, x7, (arg1[2])); + uint32_t x569; + uint32_t x570; + fiat_p256_mulx_u32(&x569, &x570, x7, (arg1[1])); + uint32_t x571; + uint32_t x572; + fiat_p256_mulx_u32(&x571, &x572, x7, (arg1[0])); + uint32_t x573; + fiat_p256_uint1 x574; + fiat_p256_addcarryx_u32(&x573, &x574, 0x0, x572, x569); + uint32_t x575; + fiat_p256_uint1 x576; + fiat_p256_addcarryx_u32(&x575, &x576, x574, x570, x567); + uint32_t x577; + fiat_p256_uint1 x578; + fiat_p256_addcarryx_u32(&x577, &x578, x576, x568, x565); + uint32_t x579; + fiat_p256_uint1 x580; + fiat_p256_addcarryx_u32(&x579, &x580, x578, x566, x563); + uint32_t x581; + fiat_p256_uint1 x582; + fiat_p256_addcarryx_u32(&x581, &x582, x580, x564, x561); + uint32_t x583; + fiat_p256_uint1 x584; + fiat_p256_addcarryx_u32(&x583, &x584, x582, x562, x559); + uint32_t x585; + fiat_p256_uint1 x586; + fiat_p256_addcarryx_u32(&x585, &x586, x584, x560, x557); + uint32_t x587 = (x586 + x558); + uint32_t x588; + fiat_p256_uint1 x589; + fiat_p256_addcarryx_u32(&x588, &x589, 0x0, x540, x571); + uint32_t x590; + fiat_p256_uint1 x591; + fiat_p256_addcarryx_u32(&x590, &x591, x589, x542, x573); + uint32_t x592; + fiat_p256_uint1 x593; + fiat_p256_addcarryx_u32(&x592, &x593, x591, x544, x575); + uint32_t x594; + fiat_p256_uint1 x595; + fiat_p256_addcarryx_u32(&x594, &x595, x593, x546, x577); + uint32_t x596; + fiat_p256_uint1 x597; + fiat_p256_addcarryx_u32(&x596, &x597, x595, x548, x579); + uint32_t x598; + fiat_p256_uint1 x599; + fiat_p256_addcarryx_u32(&x598, &x599, x597, x550, x581); + uint32_t x600; + fiat_p256_uint1 x601; + fiat_p256_addcarryx_u32(&x600, &x601, x599, x552, x583); + uint32_t x602; + fiat_p256_uint1 x603; + fiat_p256_addcarryx_u32(&x602, &x603, x601, x554, x585); + uint32_t x604; + fiat_p256_uint1 x605; + fiat_p256_addcarryx_u32(&x604, &x605, x603, x556, x587); + uint32_t x606; + uint32_t x607; + fiat_p256_mulx_u32(&x606, &x607, x588, UINT32_C(0xffffffff)); + uint32_t x608; + uint32_t x609; + fiat_p256_mulx_u32(&x608, &x609, x588, UINT32_C(0xffffffff)); + uint32_t x610; + uint32_t x611; + fiat_p256_mulx_u32(&x610, &x611, x588, UINT32_C(0xffffffff)); + uint32_t x612; + uint32_t x613; + fiat_p256_mulx_u32(&x612, &x613, x588, UINT32_C(0xffffffff)); + uint32_t x614; + fiat_p256_uint1 x615; + fiat_p256_addcarryx_u32(&x614, &x615, 0x0, x613, x610); + uint32_t x616; + fiat_p256_uint1 x617; + fiat_p256_addcarryx_u32(&x616, &x617, x615, x611, x608); + uint32_t x618 = (x617 + x609); + uint32_t x619; + fiat_p256_uint1 x620; + fiat_p256_addcarryx_u32(&x619, &x620, 0x0, x588, x612); + uint32_t x621; + fiat_p256_uint1 x622; + fiat_p256_addcarryx_u32(&x621, &x622, x620, x590, x614); + uint32_t x623; + fiat_p256_uint1 x624; + fiat_p256_addcarryx_u32(&x623, &x624, x622, x592, x616); + uint32_t x625; + fiat_p256_uint1 x626; + fiat_p256_addcarryx_u32(&x625, &x626, x624, x594, x618); + uint32_t x627; + fiat_p256_uint1 x628; + fiat_p256_addcarryx_u32(&x627, &x628, x626, x596, 0x0); + uint32_t x629; + fiat_p256_uint1 x630; + fiat_p256_addcarryx_u32(&x629, &x630, x628, x598, 0x0); + uint32_t x631; + fiat_p256_uint1 x632; + fiat_p256_addcarryx_u32(&x631, &x632, x630, x600, x588); + uint32_t x633; + fiat_p256_uint1 x634; + fiat_p256_addcarryx_u32(&x633, &x634, x632, x602, x606); + uint32_t x635; + fiat_p256_uint1 x636; + fiat_p256_addcarryx_u32(&x635, &x636, x634, x604, x607); + uint32_t x637 = ((uint32_t)x636 + x605); + uint32_t x638; + fiat_p256_uint1 x639; + fiat_p256_subborrowx_u32(&x638, &x639, 0x0, x621, UINT32_C(0xffffffff)); + uint32_t x640; + fiat_p256_uint1 x641; + fiat_p256_subborrowx_u32(&x640, &x641, x639, x623, UINT32_C(0xffffffff)); + uint32_t x642; + fiat_p256_uint1 x643; + fiat_p256_subborrowx_u32(&x642, &x643, x641, x625, UINT32_C(0xffffffff)); + uint32_t x644; + fiat_p256_uint1 x645; + fiat_p256_subborrowx_u32(&x644, &x645, x643, x627, 0x0); + uint32_t x646; + fiat_p256_uint1 x647; + fiat_p256_subborrowx_u32(&x646, &x647, x645, x629, 0x0); + uint32_t x648; + fiat_p256_uint1 x649; + fiat_p256_subborrowx_u32(&x648, &x649, x647, x631, 0x0); + uint32_t x650; + fiat_p256_uint1 x651; + fiat_p256_subborrowx_u32(&x650, &x651, x649, x633, 0x1); + uint32_t x652; + fiat_p256_uint1 x653; + fiat_p256_subborrowx_u32(&x652, &x653, x651, x635, UINT32_C(0xffffffff)); + uint32_t x654; + fiat_p256_uint1 x655; + fiat_p256_subborrowx_u32(&x654, &x655, x653, x637, 0x0); + uint32_t x656; + fiat_p256_cmovznz_u32(&x656, x655, x638, x621); + uint32_t x657; + fiat_p256_cmovznz_u32(&x657, x655, x640, x623); + uint32_t x658; + fiat_p256_cmovznz_u32(&x658, x655, x642, x625); + uint32_t x659; + fiat_p256_cmovznz_u32(&x659, x655, x644, x627); + uint32_t x660; + fiat_p256_cmovznz_u32(&x660, x655, x646, x629); + uint32_t x661; + fiat_p256_cmovznz_u32(&x661, x655, x648, x631); + uint32_t x662; + fiat_p256_cmovznz_u32(&x662, x655, x650, x633); + uint32_t x663; + fiat_p256_cmovznz_u32(&x663, x655, x652, x635); + out1[0] = x656; + out1[1] = x657; + out1[2] = x658; + out1[3] = x659; + out1[4] = x660; + out1[5] = x661; + out1[6] = x662; + out1[7] = x663; +} + +/* + * The function fiat_p256_add adds two field elements in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_add(uint32_t out1[8], const uint32_t arg1[8], const uint32_t arg2[8]) { + uint32_t x1; + fiat_p256_uint1 x2; + fiat_p256_addcarryx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + uint32_t x3; + fiat_p256_uint1 x4; + fiat_p256_addcarryx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + uint32_t x5; + fiat_p256_uint1 x6; + fiat_p256_addcarryx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + uint32_t x7; + fiat_p256_uint1 x8; + fiat_p256_addcarryx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + uint32_t x9; + fiat_p256_uint1 x10; + fiat_p256_addcarryx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + uint32_t x11; + fiat_p256_uint1 x12; + fiat_p256_addcarryx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + uint32_t x13; + fiat_p256_uint1 x14; + fiat_p256_addcarryx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + uint32_t x15; + fiat_p256_uint1 x16; + fiat_p256_addcarryx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + uint32_t x17; + fiat_p256_uint1 x18; + fiat_p256_subborrowx_u32(&x17, &x18, 0x0, x1, UINT32_C(0xffffffff)); + uint32_t x19; + fiat_p256_uint1 x20; + fiat_p256_subborrowx_u32(&x19, &x20, x18, x3, UINT32_C(0xffffffff)); + uint32_t x21; + fiat_p256_uint1 x22; + fiat_p256_subborrowx_u32(&x21, &x22, x20, x5, UINT32_C(0xffffffff)); + uint32_t x23; + fiat_p256_uint1 x24; + fiat_p256_subborrowx_u32(&x23, &x24, x22, x7, 0x0); + uint32_t x25; + fiat_p256_uint1 x26; + fiat_p256_subborrowx_u32(&x25, &x26, x24, x9, 0x0); + uint32_t x27; + fiat_p256_uint1 x28; + fiat_p256_subborrowx_u32(&x27, &x28, x26, x11, 0x0); + uint32_t x29; + fiat_p256_uint1 x30; + fiat_p256_subborrowx_u32(&x29, &x30, x28, x13, 0x1); + uint32_t x31; + fiat_p256_uint1 x32; + fiat_p256_subborrowx_u32(&x31, &x32, x30, x15, UINT32_C(0xffffffff)); + uint32_t x33; + fiat_p256_uint1 x34; + fiat_p256_subborrowx_u32(&x33, &x34, x32, x16, 0x0); + uint32_t x35; + fiat_p256_cmovznz_u32(&x35, x34, x17, x1); + uint32_t x36; + fiat_p256_cmovznz_u32(&x36, x34, x19, x3); + uint32_t x37; + fiat_p256_cmovznz_u32(&x37, x34, x21, x5); + uint32_t x38; + fiat_p256_cmovznz_u32(&x38, x34, x23, x7); + uint32_t x39; + fiat_p256_cmovznz_u32(&x39, x34, x25, x9); + uint32_t x40; + fiat_p256_cmovznz_u32(&x40, x34, x27, x11); + uint32_t x41; + fiat_p256_cmovznz_u32(&x41, x34, x29, x13); + uint32_t x42; + fiat_p256_cmovznz_u32(&x42, x34, x31, x15); + out1[0] = x35; + out1[1] = x36; + out1[2] = x37; + out1[3] = x38; + out1[4] = x39; + out1[5] = x40; + out1[6] = x41; + out1[7] = x42; +} + +/* + * The function fiat_p256_sub subtracts two field elements in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_sub(uint32_t out1[8], const uint32_t arg1[8], const uint32_t arg2[8]) { + uint32_t x1; + fiat_p256_uint1 x2; + fiat_p256_subborrowx_u32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + uint32_t x3; + fiat_p256_uint1 x4; + fiat_p256_subborrowx_u32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + uint32_t x5; + fiat_p256_uint1 x6; + fiat_p256_subborrowx_u32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + uint32_t x7; + fiat_p256_uint1 x8; + fiat_p256_subborrowx_u32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + uint32_t x9; + fiat_p256_uint1 x10; + fiat_p256_subborrowx_u32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + uint32_t x11; + fiat_p256_uint1 x12; + fiat_p256_subborrowx_u32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + uint32_t x13; + fiat_p256_uint1 x14; + fiat_p256_subborrowx_u32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + uint32_t x15; + fiat_p256_uint1 x16; + fiat_p256_subborrowx_u32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + uint32_t x17; + fiat_p256_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); + uint32_t x18; + fiat_p256_uint1 x19; + fiat_p256_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xffffffff))); + uint32_t x20; + fiat_p256_uint1 x21; + fiat_p256_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xffffffff))); + uint32_t x22; + fiat_p256_uint1 x23; + fiat_p256_addcarryx_u32(&x22, &x23, x21, x5, (x17 & UINT32_C(0xffffffff))); + uint32_t x24; + fiat_p256_uint1 x25; + fiat_p256_addcarryx_u32(&x24, &x25, x23, x7, 0x0); + uint32_t x26; + fiat_p256_uint1 x27; + fiat_p256_addcarryx_u32(&x26, &x27, x25, x9, 0x0); + uint32_t x28; + fiat_p256_uint1 x29; + fiat_p256_addcarryx_u32(&x28, &x29, x27, x11, 0x0); + uint32_t x30; + fiat_p256_uint1 x31; + fiat_p256_addcarryx_u32(&x30, &x31, x29, x13, (fiat_p256_uint1)(x17 & 0x1)); + uint32_t x32; + fiat_p256_uint1 x33; + fiat_p256_addcarryx_u32(&x32, &x33, x31, x15, (x17 & UINT32_C(0xffffffff))); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/* + * The function fiat_p256_opp negates a field element in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_opp(uint32_t out1[8], const uint32_t arg1[8]) { + uint32_t x1; + fiat_p256_uint1 x2; + fiat_p256_subborrowx_u32(&x1, &x2, 0x0, 0x0, (arg1[0])); + uint32_t x3; + fiat_p256_uint1 x4; + fiat_p256_subborrowx_u32(&x3, &x4, x2, 0x0, (arg1[1])); + uint32_t x5; + fiat_p256_uint1 x6; + fiat_p256_subborrowx_u32(&x5, &x6, x4, 0x0, (arg1[2])); + uint32_t x7; + fiat_p256_uint1 x8; + fiat_p256_subborrowx_u32(&x7, &x8, x6, 0x0, (arg1[3])); + uint32_t x9; + fiat_p256_uint1 x10; + fiat_p256_subborrowx_u32(&x9, &x10, x8, 0x0, (arg1[4])); + uint32_t x11; + fiat_p256_uint1 x12; + fiat_p256_subborrowx_u32(&x11, &x12, x10, 0x0, (arg1[5])); + uint32_t x13; + fiat_p256_uint1 x14; + fiat_p256_subborrowx_u32(&x13, &x14, x12, 0x0, (arg1[6])); + uint32_t x15; + fiat_p256_uint1 x16; + fiat_p256_subborrowx_u32(&x15, &x16, x14, 0x0, (arg1[7])); + uint32_t x17; + fiat_p256_cmovznz_u32(&x17, x16, 0x0, UINT32_C(0xffffffff)); + uint32_t x18; + fiat_p256_uint1 x19; + fiat_p256_addcarryx_u32(&x18, &x19, 0x0, x1, (x17 & UINT32_C(0xffffffff))); + uint32_t x20; + fiat_p256_uint1 x21; + fiat_p256_addcarryx_u32(&x20, &x21, x19, x3, (x17 & UINT32_C(0xffffffff))); + uint32_t x22; + fiat_p256_uint1 x23; + fiat_p256_addcarryx_u32(&x22, &x23, x21, x5, (x17 & UINT32_C(0xffffffff))); + uint32_t x24; + fiat_p256_uint1 x25; + fiat_p256_addcarryx_u32(&x24, &x25, x23, x7, 0x0); + uint32_t x26; + fiat_p256_uint1 x27; + fiat_p256_addcarryx_u32(&x26, &x27, x25, x9, 0x0); + uint32_t x28; + fiat_p256_uint1 x29; + fiat_p256_addcarryx_u32(&x28, &x29, x27, x11, 0x0); + uint32_t x30; + fiat_p256_uint1 x31; + fiat_p256_addcarryx_u32(&x30, &x31, x29, x13, (fiat_p256_uint1)(x17 & 0x1)); + uint32_t x32; + fiat_p256_uint1 x33; + fiat_p256_addcarryx_u32(&x32, &x33, x31, x15, (x17 & UINT32_C(0xffffffff))); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/* + * The function fiat_p256_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffff] + */ +static void fiat_p256_nonzero(uint32_t* out1, const uint32_t arg1[8]) { + uint32_t x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | ((arg1[7]) | (uint32_t)0x0)))))))); + *out1 = x1; +} + +/* + * The function fiat_p256_selectznz is a multi-limb conditional select. + * Postconditions: + * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] + */ +static void fiat_p256_selectznz(uint32_t out1[8], fiat_p256_uint1 arg1, const uint32_t arg2[8], const uint32_t arg3[8]) { + uint32_t x1; + fiat_p256_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); + uint32_t x2; + fiat_p256_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); + uint32_t x3; + fiat_p256_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); + uint32_t x4; + fiat_p256_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); + uint32_t x5; + fiat_p256_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); + uint32_t x6; + fiat_p256_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); + uint32_t x7; + fiat_p256_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); + uint32_t x8; + fiat_p256_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} diff --git a/third_party/fiat/p256_64.h b/third_party/fiat/p256_64.h new file mode 100644 index 0000000..66d2398 --- /dev/null +++ b/third_party/fiat/p256_64.h @@ -0,0 +1,901 @@ +/* Autogenerated: src/ExtractionOCaml/word_by_word_montgomery --static p256 '2^256 - 2^224 + 2^192 + 2^96 - 1' 64 mul square add sub opp from_montgomery nonzero selectznz to_bytes from_bytes */ +/* curve description: p256 */ +/* requested operations: mul, square, add, sub, opp, from_montgomery, nonzero, selectznz, to_bytes, from_bytes */ +/* m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") */ +/* machine_wordsize = 64 (from "64") */ +/* */ +/* NOTE: In addition to the bounds specified above each function, all */ +/* functions synthesized for this Montgomery arithmetic require the */ +/* input to be strictly less than the prime modulus (m), and also */ +/* require the input to be in the unique saturated representation. */ +/* All functions also ensure that these two properties are true of */ +/* return values. */ + +#include <stdint.h> +typedef unsigned char fiat_p256_uint1; +typedef signed char fiat_p256_int1; +typedef signed __int128 fiat_p256_int128; +typedef unsigned __int128 fiat_p256_uint128; + +#if (-1 & 3) != 3 +#error "This code only works on a two's complement system" +#endif + + +/* + * The function fiat_p256_addcarryx_u64 is an addition with carry. + * Postconditions: + * out1 = (arg1 + arg2 + arg3) mod 2^64 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_p256_addcarryx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_p256_uint128 x1 = ((arg1 + (fiat_p256_uint128)arg2) + arg3); + uint64_t x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x3 = (fiat_p256_uint1)(x1 >> 64); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_p256_subborrowx_u64 is a subtraction with borrow. + * Postconditions: + * out1 = (-arg1 + arg2 + -arg3) mod 2^64 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0x1] + */ +static void fiat_p256_subborrowx_u64(uint64_t* out1, fiat_p256_uint1* out2, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_p256_int128 x1 = ((arg2 - (fiat_p256_int128)arg1) - arg3); + fiat_p256_int1 x2 = (fiat_p256_int1)(x1 >> 64); + uint64_t x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + *out1 = x3; + *out2 = (fiat_p256_uint1)(0x0 - x2); +} + +/* + * The function fiat_p256_mulx_u64 is a multiplication, returning the full double-width result. + * Postconditions: + * out1 = (arg1 * arg2) mod 2^64 + * out2 = ⌊arg1 * arg2 / 2^64⌋ + * + * Input Bounds: + * arg1: [0x0 ~> 0xffffffffffffffff] + * arg2: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + * out2: [0x0 ~> 0xffffffffffffffff] + */ +static void fiat_p256_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) { + fiat_p256_uint128 x1 = ((fiat_p256_uint128)arg1 * arg2); + uint64_t x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff)); + uint64_t x3 = (uint64_t)(x1 >> 64); + *out1 = x2; + *out2 = x3; +} + +/* + * The function fiat_p256_cmovznz_u64 is a single-word conditional move. + * Postconditions: + * out1 = (if arg1 = 0 then arg2 else arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [0x0 ~> 0xffffffffffffffff] + * arg3: [0x0 ~> 0xffffffffffffffff] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static void fiat_p256_cmovznz_u64(uint64_t* out1, fiat_p256_uint1 arg1, uint64_t arg2, uint64_t arg3) { + fiat_p256_uint1 x1 = (!(!arg1)); + uint64_t x2 = ((fiat_p256_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); + // Note this line has been patched from the synthesized code to add value + // barriers. + // + // Clang recognizes this pattern as a select. While it usually transforms it + // to a cmov, it sometimes further transforms it into a branch, which we do + // not want. + uint64_t x3 = ((value_barrier_u64(x2) & arg3) | (value_barrier_u64(~x2) & arg2)); + *out1 = x3; +} + +/* + * The function fiat_p256_mul multiplies two field elements in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { + uint64_t x1 = (arg1[1]); + uint64_t x2 = (arg1[2]); + uint64_t x3 = (arg1[3]); + uint64_t x4 = (arg1[0]); + uint64_t x5; + uint64_t x6; + fiat_p256_mulx_u64(&x5, &x6, x4, (arg2[3])); + uint64_t x7; + uint64_t x8; + fiat_p256_mulx_u64(&x7, &x8, x4, (arg2[2])); + uint64_t x9; + uint64_t x10; + fiat_p256_mulx_u64(&x9, &x10, x4, (arg2[1])); + uint64_t x11; + uint64_t x12; + fiat_p256_mulx_u64(&x11, &x12, x4, (arg2[0])); + uint64_t x13; + fiat_p256_uint1 x14; + fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9); + uint64_t x15; + fiat_p256_uint1 x16; + fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7); + uint64_t x17; + fiat_p256_uint1 x18; + fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5); + uint64_t x19 = (x18 + x6); + uint64_t x20; + uint64_t x21; + fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001)); + uint64_t x22; + uint64_t x23; + fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff)); + uint64_t x24; + uint64_t x25; + fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff)); + uint64_t x26; + fiat_p256_uint1 x27; + fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22); + uint64_t x28 = (x27 + x23); + uint64_t x29; + fiat_p256_uint1 x30; + fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24); + uint64_t x31; + fiat_p256_uint1 x32; + fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26); + uint64_t x33; + fiat_p256_uint1 x34; + fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28); + uint64_t x35; + fiat_p256_uint1 x36; + fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20); + uint64_t x37; + fiat_p256_uint1 x38; + fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21); + uint64_t x39; + uint64_t x40; + fiat_p256_mulx_u64(&x39, &x40, x1, (arg2[3])); + uint64_t x41; + uint64_t x42; + fiat_p256_mulx_u64(&x41, &x42, x1, (arg2[2])); + uint64_t x43; + uint64_t x44; + fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[1])); + uint64_t x45; + uint64_t x46; + fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[0])); + uint64_t x47; + fiat_p256_uint1 x48; + fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43); + uint64_t x49; + fiat_p256_uint1 x50; + fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41); + uint64_t x51; + fiat_p256_uint1 x52; + fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39); + uint64_t x53 = (x52 + x40); + uint64_t x54; + fiat_p256_uint1 x55; + fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45); + uint64_t x56; + fiat_p256_uint1 x57; + fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47); + uint64_t x58; + fiat_p256_uint1 x59; + fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49); + uint64_t x60; + fiat_p256_uint1 x61; + fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51); + uint64_t x62; + fiat_p256_uint1 x63; + fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53); + uint64_t x64; + uint64_t x65; + fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001)); + uint64_t x66; + uint64_t x67; + fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff)); + uint64_t x68; + uint64_t x69; + fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff)); + uint64_t x70; + fiat_p256_uint1 x71; + fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66); + uint64_t x72 = (x71 + x67); + uint64_t x73; + fiat_p256_uint1 x74; + fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68); + uint64_t x75; + fiat_p256_uint1 x76; + fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70); + uint64_t x77; + fiat_p256_uint1 x78; + fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72); + uint64_t x79; + fiat_p256_uint1 x80; + fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64); + uint64_t x81; + fiat_p256_uint1 x82; + fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65); + uint64_t x83 = ((uint64_t)x82 + x63); + uint64_t x84; + uint64_t x85; + fiat_p256_mulx_u64(&x84, &x85, x2, (arg2[3])); + uint64_t x86; + uint64_t x87; + fiat_p256_mulx_u64(&x86, &x87, x2, (arg2[2])); + uint64_t x88; + uint64_t x89; + fiat_p256_mulx_u64(&x88, &x89, x2, (arg2[1])); + uint64_t x90; + uint64_t x91; + fiat_p256_mulx_u64(&x90, &x91, x2, (arg2[0])); + uint64_t x92; + fiat_p256_uint1 x93; + fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88); + uint64_t x94; + fiat_p256_uint1 x95; + fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86); + uint64_t x96; + fiat_p256_uint1 x97; + fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84); + uint64_t x98 = (x97 + x85); + uint64_t x99; + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90); + uint64_t x101; + fiat_p256_uint1 x102; + fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92); + uint64_t x103; + fiat_p256_uint1 x104; + fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94); + uint64_t x105; + fiat_p256_uint1 x106; + fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96); + uint64_t x107; + fiat_p256_uint1 x108; + fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98); + uint64_t x109; + uint64_t x110; + fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001)); + uint64_t x111; + uint64_t x112; + fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff)); + uint64_t x113; + uint64_t x114; + fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff)); + uint64_t x115; + fiat_p256_uint1 x116; + fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111); + uint64_t x117 = (x116 + x112); + uint64_t x118; + fiat_p256_uint1 x119; + fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113); + uint64_t x120; + fiat_p256_uint1 x121; + fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115); + uint64_t x122; + fiat_p256_uint1 x123; + fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117); + uint64_t x124; + fiat_p256_uint1 x125; + fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109); + uint64_t x126; + fiat_p256_uint1 x127; + fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110); + uint64_t x128 = ((uint64_t)x127 + x108); + uint64_t x129; + uint64_t x130; + fiat_p256_mulx_u64(&x129, &x130, x3, (arg2[3])); + uint64_t x131; + uint64_t x132; + fiat_p256_mulx_u64(&x131, &x132, x3, (arg2[2])); + uint64_t x133; + uint64_t x134; + fiat_p256_mulx_u64(&x133, &x134, x3, (arg2[1])); + uint64_t x135; + uint64_t x136; + fiat_p256_mulx_u64(&x135, &x136, x3, (arg2[0])); + uint64_t x137; + fiat_p256_uint1 x138; + fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133); + uint64_t x139; + fiat_p256_uint1 x140; + fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131); + uint64_t x141; + fiat_p256_uint1 x142; + fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129); + uint64_t x143 = (x142 + x130); + uint64_t x144; + fiat_p256_uint1 x145; + fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135); + uint64_t x146; + fiat_p256_uint1 x147; + fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137); + uint64_t x148; + fiat_p256_uint1 x149; + fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139); + uint64_t x150; + fiat_p256_uint1 x151; + fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141); + uint64_t x152; + fiat_p256_uint1 x153; + fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143); + uint64_t x154; + uint64_t x155; + fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001)); + uint64_t x156; + uint64_t x157; + fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff)); + uint64_t x158; + uint64_t x159; + fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff)); + uint64_t x160; + fiat_p256_uint1 x161; + fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156); + uint64_t x162 = (x161 + x157); + uint64_t x163; + fiat_p256_uint1 x164; + fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158); + uint64_t x165; + fiat_p256_uint1 x166; + fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160); + uint64_t x167; + fiat_p256_uint1 x168; + fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162); + uint64_t x169; + fiat_p256_uint1 x170; + fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154); + uint64_t x171; + fiat_p256_uint1 x172; + fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155); + uint64_t x173 = ((uint64_t)x172 + x153); + uint64_t x174; + fiat_p256_uint1 x175; + fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff)); + uint64_t x176; + fiat_p256_uint1 x177; + fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff)); + uint64_t x178; + fiat_p256_uint1 x179; + fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0); + uint64_t x180; + fiat_p256_uint1 x181; + fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001)); + uint64_t x182; + fiat_p256_uint1 x183; + fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0); + uint64_t x184; + fiat_p256_cmovznz_u64(&x184, x183, x174, x165); + uint64_t x185; + fiat_p256_cmovznz_u64(&x185, x183, x176, x167); + uint64_t x186; + fiat_p256_cmovznz_u64(&x186, x183, x178, x169); + uint64_t x187; + fiat_p256_cmovznz_u64(&x187, x183, x180, x171); + out1[0] = x184; + out1[1] = x185; + out1[2] = x186; + out1[3] = x187; +} + +/* + * The function fiat_p256_square squares a field element in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) { + uint64_t x1 = (arg1[1]); + uint64_t x2 = (arg1[2]); + uint64_t x3 = (arg1[3]); + uint64_t x4 = (arg1[0]); + uint64_t x5; + uint64_t x6; + fiat_p256_mulx_u64(&x5, &x6, x4, (arg1[3])); + uint64_t x7; + uint64_t x8; + fiat_p256_mulx_u64(&x7, &x8, x4, (arg1[2])); + uint64_t x9; + uint64_t x10; + fiat_p256_mulx_u64(&x9, &x10, x4, (arg1[1])); + uint64_t x11; + uint64_t x12; + fiat_p256_mulx_u64(&x11, &x12, x4, (arg1[0])); + uint64_t x13; + fiat_p256_uint1 x14; + fiat_p256_addcarryx_u64(&x13, &x14, 0x0, x12, x9); + uint64_t x15; + fiat_p256_uint1 x16; + fiat_p256_addcarryx_u64(&x15, &x16, x14, x10, x7); + uint64_t x17; + fiat_p256_uint1 x18; + fiat_p256_addcarryx_u64(&x17, &x18, x16, x8, x5); + uint64_t x19 = (x18 + x6); + uint64_t x20; + uint64_t x21; + fiat_p256_mulx_u64(&x20, &x21, x11, UINT64_C(0xffffffff00000001)); + uint64_t x22; + uint64_t x23; + fiat_p256_mulx_u64(&x22, &x23, x11, UINT32_C(0xffffffff)); + uint64_t x24; + uint64_t x25; + fiat_p256_mulx_u64(&x24, &x25, x11, UINT64_C(0xffffffffffffffff)); + uint64_t x26; + fiat_p256_uint1 x27; + fiat_p256_addcarryx_u64(&x26, &x27, 0x0, x25, x22); + uint64_t x28 = (x27 + x23); + uint64_t x29; + fiat_p256_uint1 x30; + fiat_p256_addcarryx_u64(&x29, &x30, 0x0, x11, x24); + uint64_t x31; + fiat_p256_uint1 x32; + fiat_p256_addcarryx_u64(&x31, &x32, x30, x13, x26); + uint64_t x33; + fiat_p256_uint1 x34; + fiat_p256_addcarryx_u64(&x33, &x34, x32, x15, x28); + uint64_t x35; + fiat_p256_uint1 x36; + fiat_p256_addcarryx_u64(&x35, &x36, x34, x17, x20); + uint64_t x37; + fiat_p256_uint1 x38; + fiat_p256_addcarryx_u64(&x37, &x38, x36, x19, x21); + uint64_t x39; + uint64_t x40; + fiat_p256_mulx_u64(&x39, &x40, x1, (arg1[3])); + uint64_t x41; + uint64_t x42; + fiat_p256_mulx_u64(&x41, &x42, x1, (arg1[2])); + uint64_t x43; + uint64_t x44; + fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[1])); + uint64_t x45; + uint64_t x46; + fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[0])); + uint64_t x47; + fiat_p256_uint1 x48; + fiat_p256_addcarryx_u64(&x47, &x48, 0x0, x46, x43); + uint64_t x49; + fiat_p256_uint1 x50; + fiat_p256_addcarryx_u64(&x49, &x50, x48, x44, x41); + uint64_t x51; + fiat_p256_uint1 x52; + fiat_p256_addcarryx_u64(&x51, &x52, x50, x42, x39); + uint64_t x53 = (x52 + x40); + uint64_t x54; + fiat_p256_uint1 x55; + fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x31, x45); + uint64_t x56; + fiat_p256_uint1 x57; + fiat_p256_addcarryx_u64(&x56, &x57, x55, x33, x47); + uint64_t x58; + fiat_p256_uint1 x59; + fiat_p256_addcarryx_u64(&x58, &x59, x57, x35, x49); + uint64_t x60; + fiat_p256_uint1 x61; + fiat_p256_addcarryx_u64(&x60, &x61, x59, x37, x51); + uint64_t x62; + fiat_p256_uint1 x63; + fiat_p256_addcarryx_u64(&x62, &x63, x61, x38, x53); + uint64_t x64; + uint64_t x65; + fiat_p256_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000001)); + uint64_t x66; + uint64_t x67; + fiat_p256_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff)); + uint64_t x68; + uint64_t x69; + fiat_p256_mulx_u64(&x68, &x69, x54, UINT64_C(0xffffffffffffffff)); + uint64_t x70; + fiat_p256_uint1 x71; + fiat_p256_addcarryx_u64(&x70, &x71, 0x0, x69, x66); + uint64_t x72 = (x71 + x67); + uint64_t x73; + fiat_p256_uint1 x74; + fiat_p256_addcarryx_u64(&x73, &x74, 0x0, x54, x68); + uint64_t x75; + fiat_p256_uint1 x76; + fiat_p256_addcarryx_u64(&x75, &x76, x74, x56, x70); + uint64_t x77; + fiat_p256_uint1 x78; + fiat_p256_addcarryx_u64(&x77, &x78, x76, x58, x72); + uint64_t x79; + fiat_p256_uint1 x80; + fiat_p256_addcarryx_u64(&x79, &x80, x78, x60, x64); + uint64_t x81; + fiat_p256_uint1 x82; + fiat_p256_addcarryx_u64(&x81, &x82, x80, x62, x65); + uint64_t x83 = ((uint64_t)x82 + x63); + uint64_t x84; + uint64_t x85; + fiat_p256_mulx_u64(&x84, &x85, x2, (arg1[3])); + uint64_t x86; + uint64_t x87; + fiat_p256_mulx_u64(&x86, &x87, x2, (arg1[2])); + uint64_t x88; + uint64_t x89; + fiat_p256_mulx_u64(&x88, &x89, x2, (arg1[1])); + uint64_t x90; + uint64_t x91; + fiat_p256_mulx_u64(&x90, &x91, x2, (arg1[0])); + uint64_t x92; + fiat_p256_uint1 x93; + fiat_p256_addcarryx_u64(&x92, &x93, 0x0, x91, x88); + uint64_t x94; + fiat_p256_uint1 x95; + fiat_p256_addcarryx_u64(&x94, &x95, x93, x89, x86); + uint64_t x96; + fiat_p256_uint1 x97; + fiat_p256_addcarryx_u64(&x96, &x97, x95, x87, x84); + uint64_t x98 = (x97 + x85); + uint64_t x99; + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x75, x90); + uint64_t x101; + fiat_p256_uint1 x102; + fiat_p256_addcarryx_u64(&x101, &x102, x100, x77, x92); + uint64_t x103; + fiat_p256_uint1 x104; + fiat_p256_addcarryx_u64(&x103, &x104, x102, x79, x94); + uint64_t x105; + fiat_p256_uint1 x106; + fiat_p256_addcarryx_u64(&x105, &x106, x104, x81, x96); + uint64_t x107; + fiat_p256_uint1 x108; + fiat_p256_addcarryx_u64(&x107, &x108, x106, x83, x98); + uint64_t x109; + uint64_t x110; + fiat_p256_mulx_u64(&x109, &x110, x99, UINT64_C(0xffffffff00000001)); + uint64_t x111; + uint64_t x112; + fiat_p256_mulx_u64(&x111, &x112, x99, UINT32_C(0xffffffff)); + uint64_t x113; + uint64_t x114; + fiat_p256_mulx_u64(&x113, &x114, x99, UINT64_C(0xffffffffffffffff)); + uint64_t x115; + fiat_p256_uint1 x116; + fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x114, x111); + uint64_t x117 = (x116 + x112); + uint64_t x118; + fiat_p256_uint1 x119; + fiat_p256_addcarryx_u64(&x118, &x119, 0x0, x99, x113); + uint64_t x120; + fiat_p256_uint1 x121; + fiat_p256_addcarryx_u64(&x120, &x121, x119, x101, x115); + uint64_t x122; + fiat_p256_uint1 x123; + fiat_p256_addcarryx_u64(&x122, &x123, x121, x103, x117); + uint64_t x124; + fiat_p256_uint1 x125; + fiat_p256_addcarryx_u64(&x124, &x125, x123, x105, x109); + uint64_t x126; + fiat_p256_uint1 x127; + fiat_p256_addcarryx_u64(&x126, &x127, x125, x107, x110); + uint64_t x128 = ((uint64_t)x127 + x108); + uint64_t x129; + uint64_t x130; + fiat_p256_mulx_u64(&x129, &x130, x3, (arg1[3])); + uint64_t x131; + uint64_t x132; + fiat_p256_mulx_u64(&x131, &x132, x3, (arg1[2])); + uint64_t x133; + uint64_t x134; + fiat_p256_mulx_u64(&x133, &x134, x3, (arg1[1])); + uint64_t x135; + uint64_t x136; + fiat_p256_mulx_u64(&x135, &x136, x3, (arg1[0])); + uint64_t x137; + fiat_p256_uint1 x138; + fiat_p256_addcarryx_u64(&x137, &x138, 0x0, x136, x133); + uint64_t x139; + fiat_p256_uint1 x140; + fiat_p256_addcarryx_u64(&x139, &x140, x138, x134, x131); + uint64_t x141; + fiat_p256_uint1 x142; + fiat_p256_addcarryx_u64(&x141, &x142, x140, x132, x129); + uint64_t x143 = (x142 + x130); + uint64_t x144; + fiat_p256_uint1 x145; + fiat_p256_addcarryx_u64(&x144, &x145, 0x0, x120, x135); + uint64_t x146; + fiat_p256_uint1 x147; + fiat_p256_addcarryx_u64(&x146, &x147, x145, x122, x137); + uint64_t x148; + fiat_p256_uint1 x149; + fiat_p256_addcarryx_u64(&x148, &x149, x147, x124, x139); + uint64_t x150; + fiat_p256_uint1 x151; + fiat_p256_addcarryx_u64(&x150, &x151, x149, x126, x141); + uint64_t x152; + fiat_p256_uint1 x153; + fiat_p256_addcarryx_u64(&x152, &x153, x151, x128, x143); + uint64_t x154; + uint64_t x155; + fiat_p256_mulx_u64(&x154, &x155, x144, UINT64_C(0xffffffff00000001)); + uint64_t x156; + uint64_t x157; + fiat_p256_mulx_u64(&x156, &x157, x144, UINT32_C(0xffffffff)); + uint64_t x158; + uint64_t x159; + fiat_p256_mulx_u64(&x158, &x159, x144, UINT64_C(0xffffffffffffffff)); + uint64_t x160; + fiat_p256_uint1 x161; + fiat_p256_addcarryx_u64(&x160, &x161, 0x0, x159, x156); + uint64_t x162 = (x161 + x157); + uint64_t x163; + fiat_p256_uint1 x164; + fiat_p256_addcarryx_u64(&x163, &x164, 0x0, x144, x158); + uint64_t x165; + fiat_p256_uint1 x166; + fiat_p256_addcarryx_u64(&x165, &x166, x164, x146, x160); + uint64_t x167; + fiat_p256_uint1 x168; + fiat_p256_addcarryx_u64(&x167, &x168, x166, x148, x162); + uint64_t x169; + fiat_p256_uint1 x170; + fiat_p256_addcarryx_u64(&x169, &x170, x168, x150, x154); + uint64_t x171; + fiat_p256_uint1 x172; + fiat_p256_addcarryx_u64(&x171, &x172, x170, x152, x155); + uint64_t x173 = ((uint64_t)x172 + x153); + uint64_t x174; + fiat_p256_uint1 x175; + fiat_p256_subborrowx_u64(&x174, &x175, 0x0, x165, UINT64_C(0xffffffffffffffff)); + uint64_t x176; + fiat_p256_uint1 x177; + fiat_p256_subborrowx_u64(&x176, &x177, x175, x167, UINT32_C(0xffffffff)); + uint64_t x178; + fiat_p256_uint1 x179; + fiat_p256_subborrowx_u64(&x178, &x179, x177, x169, 0x0); + uint64_t x180; + fiat_p256_uint1 x181; + fiat_p256_subborrowx_u64(&x180, &x181, x179, x171, UINT64_C(0xffffffff00000001)); + uint64_t x182; + fiat_p256_uint1 x183; + fiat_p256_subborrowx_u64(&x182, &x183, x181, x173, 0x0); + uint64_t x184; + fiat_p256_cmovznz_u64(&x184, x183, x174, x165); + uint64_t x185; + fiat_p256_cmovznz_u64(&x185, x183, x176, x167); + uint64_t x186; + fiat_p256_cmovznz_u64(&x186, x183, x178, x169); + uint64_t x187; + fiat_p256_cmovznz_u64(&x187, x183, x180, x171); + out1[0] = x184; + out1[1] = x185; + out1[2] = x186; + out1[3] = x187; +} + +/* + * The function fiat_p256_add adds two field elements in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_add(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { + uint64_t x1; + fiat_p256_uint1 x2; + fiat_p256_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + uint64_t x3; + fiat_p256_uint1 x4; + fiat_p256_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + uint64_t x5; + fiat_p256_uint1 x6; + fiat_p256_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + uint64_t x7; + fiat_p256_uint1 x8; + fiat_p256_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + uint64_t x9; + fiat_p256_uint1 x10; + fiat_p256_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0xffffffffffffffff)); + uint64_t x11; + fiat_p256_uint1 x12; + fiat_p256_subborrowx_u64(&x11, &x12, x10, x3, UINT32_C(0xffffffff)); + uint64_t x13; + fiat_p256_uint1 x14; + fiat_p256_subborrowx_u64(&x13, &x14, x12, x5, 0x0); + uint64_t x15; + fiat_p256_uint1 x16; + fiat_p256_subborrowx_u64(&x15, &x16, x14, x7, UINT64_C(0xffffffff00000001)); + uint64_t x17; + fiat_p256_uint1 x18; + fiat_p256_subborrowx_u64(&x17, &x18, x16, x8, 0x0); + uint64_t x19; + fiat_p256_cmovznz_u64(&x19, x18, x9, x1); + uint64_t x20; + fiat_p256_cmovznz_u64(&x20, x18, x11, x3); + uint64_t x21; + fiat_p256_cmovznz_u64(&x21, x18, x13, x5); + uint64_t x22; + fiat_p256_cmovznz_u64(&x22, x18, x15, x7); + out1[0] = x19; + out1[1] = x20; + out1[2] = x21; + out1[3] = x22; +} + +/* + * The function fiat_p256_sub subtracts two field elements in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * 0 ≤ eval arg2 < m + * Postconditions: + * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_sub(uint64_t out1[4], const uint64_t arg1[4], const uint64_t arg2[4]) { + uint64_t x1; + fiat_p256_uint1 x2; + fiat_p256_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + uint64_t x3; + fiat_p256_uint1 x4; + fiat_p256_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + uint64_t x5; + fiat_p256_uint1 x6; + fiat_p256_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + uint64_t x7; + fiat_p256_uint1 x8; + fiat_p256_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + uint64_t x9; + fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); + uint64_t x10; + fiat_p256_uint1 x11; + fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xffffffffffffffff))); + uint64_t x12; + fiat_p256_uint1 x13; + fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff))); + uint64_t x14; + fiat_p256_uint1 x15; + fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0); + uint64_t x16; + fiat_p256_uint1 x17; + fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001))); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * The function fiat_p256_opp negates a field element in the Montgomery domain. + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m + * 0 ≤ eval out1 < m + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_opp(uint64_t out1[4], const uint64_t arg1[4]) { + uint64_t x1; + fiat_p256_uint1 x2; + fiat_p256_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0])); + uint64_t x3; + fiat_p256_uint1 x4; + fiat_p256_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1])); + uint64_t x5; + fiat_p256_uint1 x6; + fiat_p256_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2])); + uint64_t x7; + fiat_p256_uint1 x8; + fiat_p256_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3])); + uint64_t x9; + fiat_p256_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff)); + uint64_t x10; + fiat_p256_uint1 x11; + fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0xffffffffffffffff))); + uint64_t x12; + fiat_p256_uint1 x13; + fiat_p256_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT32_C(0xffffffff))); + uint64_t x14; + fiat_p256_uint1 x15; + fiat_p256_addcarryx_u64(&x14, &x15, x13, x5, 0x0); + uint64_t x16; + fiat_p256_uint1 x17; + fiat_p256_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0xffffffff00000001))); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/* + * The function fiat_p256_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. + * Preconditions: + * 0 ≤ eval arg1 < m + * Postconditions: + * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 + * + * Input Bounds: + * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [0x0 ~> 0xffffffffffffffff] + */ +static void fiat_p256_nonzero(uint64_t* out1, const uint64_t arg1[4]) { + uint64_t x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | (uint64_t)0x0)))); + *out1 = x1; +} + +/* + * The function fiat_p256_selectznz is a multi-limb conditional select. + * Postconditions: + * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) + * + * Input Bounds: + * arg1: [0x0 ~> 0x1] + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + * Output Bounds: + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] + */ +static void fiat_p256_selectznz(uint64_t out1[4], fiat_p256_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) { + uint64_t x1; + fiat_p256_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); + uint64_t x2; + fiat_p256_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); + uint64_t x3; + fiat_p256_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); + uint64_t x4; + fiat_p256_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; +} + |