+2 -2

ec-freestanding/Makefile

reviewed

··· 12 12 CC ?= cc 13 13 FREESTANDING_CFLAGS := $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) pkg-config --cflags ocaml-freestanding) 14 14 DISCOVER_CFLAGS := $(shell sed 's/^(\(.*\))$$/\1/' ../ec/cflags_optimized.sexp | tr -d '"') 15 15 - CFLAGS := -O3 -I../ec/native -I../src/native $(DISCOVER_CFLAGS) $(FREESTANDING_CFLAGS) 15 15 + CFLAGS := -DNDEBUG -O3 -I../ec/native -I../src/native $(DISCOVER_CFLAGS) $(FREESTANDING_CFLAGS) 16 16 17 17 - OBJS=p224_stubs.o np224_stubs.o p256_stubs.o np256_stubs.o p384_stubs.o np384_stubs.o p521_stubs.o np521_stubs.o 17 17 + OBJS=p224_stubs.o np224_stubs.o p256_stubs.o np256_stubs.o p384_stubs.o np384_stubs.o p521_stubs.o np521_stubs.o curve25519_stubs.o 18 18 19 19 libmirage_crypto_ec_freestanding_stubs.a: $(OBJS) 20 20 $(AR) r $@ $^

+2 -1

ec-freestanding/dune

reviewed

··· 3 3 (rule 4 4 (deps ../ec/cflags_optimized.sexp ../src/native/mirage_crypto.h 5 5 ../src/native/bitfn.h Makefile p224_stubs.c np224_stubs.c p256_stubs.c 6 6 - np256_stubs.c p384_stubs.c np384_stubs.c p521_stubs.c np521_stubs.c) 6 6 + np256_stubs.c p384_stubs.c np384_stubs.c p521_stubs.c np521_stubs.c 7 7 + curve25519_stubs.c) 7 8 (targets libmirage_crypto_ec_freestanding_stubs.a) 8 9 (action 9 10 (no-infer

+2 -2

ec/dune

reviewed

··· 5 5 (foreign_stubs 6 6 (language c) 7 7 (names p224_stubs np224_stubs p256_stubs np256_stubs p384_stubs np384_stubs 8 8 - p521_stubs np521_stubs) 8 8 + p521_stubs np521_stubs curve25519_stubs) 9 9 (flags 10 10 - (:standard -I../src/native) 10 10 + (:standard -I../src/native -DNDEBUG) 11 11 (:include cflags_optimized.sexp)))) 12 12 13 13 (env

+136 -4

ec/mirage_crypto_ec.ml

reviewed

··· 1 1 - type error = 2 2 - [ `Invalid_format 1 1 + type error = [ 2 2 + | `Invalid_format 3 3 | `Invalid_length 4 4 | `Invalid_range 5 5 | `Not_on_curve 6 6 - | `At_infinity ] 6 6 + | `At_infinity 7 7 + | `Low_order 8 8 + ] 7 9 8 10 let error_to_string = function 9 11 | `Invalid_format -> "invalid format" ··· 11 13 | `At_infinity -> "point is at infinity" 12 14 | `Invalid_length -> "invalid length" 13 15 | `Invalid_range -> "invalid range" 16 16 + | `Low_order -> "low order" 14 17 15 18 let pp_error fmt e = 16 19 Format.fprintf fmt "Cannot parse point: %s" (error_to_string e) ··· 321 324 module Make_scalar (Param : Parameters) (P : Point) : Scalar = struct 322 325 let not_zero = 323 326 let zero = Cstruct.create Param.byte_length in 324 324 - fun cs -> Eqaf_cstruct.compare_be_with_len ~len:Param.byte_length cs zero > 0 327 327 + fun cs -> not (Eqaf_cstruct.equal cs zero) 325 328 326 329 let is_in_range cs = 327 330 not_zero cs ··· 777 780 module Dsa = Make_dsa(Params)(Foreign_n)(P)(S)(Mirage_crypto.Hash.SHA512) 778 781 end 779 782 783 783 + module X25519 = struct 784 784 + (* RFC 7748 *) 785 785 + external x25519_scalar_mult_generic : Cstruct.buffer -> Cstruct.buffer -> Cstruct.buffer -> unit = "mc_x25519_scalar_mult_generic" [@@noalloc] 786 786 + 787 787 + let key_len = 32 788 788 + 789 789 + let scalar_mult in_ base = 790 790 + let out = Cstruct.create key_len in 791 791 + x25519_scalar_mult_generic out.Cstruct.buffer in_.Cstruct.buffer base.Cstruct.buffer; 792 792 + out 793 793 + 794 794 + type secret = Cstruct.t 795 795 + 796 796 + let basepoint = 797 797 + let data = Cstruct.create key_len in 798 798 + Cstruct.set_uint8 data 0 9; 799 799 + data 800 800 + 801 801 + let public priv = scalar_mult priv basepoint 802 802 + 803 803 + let gen_key ~rng = 804 804 + let secret = rng key_len in 805 805 + secret, public secret 806 806 + 807 807 + let is_zero = 808 808 + let zero = Cstruct.create key_len in 809 809 + fun cs -> Cstruct.equal zero cs 810 810 + 811 811 + let key_exchange secret public = 812 812 + if Cstruct.len public = key_len then 813 813 + let res = scalar_mult secret public in 814 814 + if is_zero res then Error `Low_order else Ok res 815 815 + else 816 816 + Error `Invalid_length 817 817 + end 818 818 + 819 819 + module Ed25519 = struct 820 820 + 821 821 + external scalar_mult_base_to_bytes : Cstruct.buffer -> Cstruct.buffer -> unit = "mc_25519_scalar_mult_base" [@@noalloc] 822 822 + external reduce_l : Cstruct.buffer -> unit = "mc_25519_reduce_l" [@@noalloc] 823 823 + external muladd : Cstruct.buffer -> Cstruct.buffer -> Cstruct.buffer -> Cstruct.buffer -> unit = "mc_25519_muladd" [@@noalloc] 824 824 + external double_scalar_mult : Cstruct.buffer -> Cstruct.buffer -> Cstruct.buffer -> Cstruct.buffer -> bool = "mc_25519_double_scalar_mult" [@@noalloc] 825 825 + external pub_ok : Cstruct.buffer -> bool = "mc_25519_pub_ok" [@@noalloc] 826 826 + 827 827 + type pub = Cstruct.t 828 828 + 829 829 + type priv = Cstruct.t 830 830 + 831 831 + (* RFC 8032 *) 832 832 + let key_len = 32 833 833 + 834 834 + let public secret = 835 835 + (* section 5.1.5 *) 836 836 + (* step 1 *) 837 837 + let h = Mirage_crypto.Hash.SHA512.digest secret in 838 838 + (* step 2 *) 839 839 + let s, rest = Cstruct.split h key_len in 840 840 + Cstruct.set_uint8 s 0 (Cstruct.get_uint8 s 0 land 248); 841 841 + Cstruct.set_uint8 s 31 ((Cstruct.get_uint8 s 31 land 127) lor 64); 842 842 + (* step 3 and 4 *) 843 843 + let public = Cstruct.create key_len in 844 844 + scalar_mult_base_to_bytes public.Cstruct.buffer s.Cstruct.buffer; 845 845 + public, (s, rest) 846 846 + 847 847 + let pub_of_priv secret = fst (public secret) 848 848 + 849 849 + let priv_of_cstruct cs = 850 850 + if Cstruct.len cs = key_len then Ok cs else Error `Invalid_length 851 851 + 852 852 + let priv_to_cstruct priv = priv 853 853 + 854 854 + let pub_of_cstruct cs = 855 855 + if Cstruct.len cs = key_len then 856 856 + let cs_copy = Cstruct.create key_len in 857 857 + Cstruct.blit cs 0 cs_copy 0 key_len; 858 858 + if pub_ok cs_copy.Cstruct.buffer then 859 859 + Ok cs_copy 860 860 + else 861 861 + Error `Not_on_curve 862 862 + else 863 863 + Error `Invalid_length 864 864 + 865 865 + let pub_to_cstruct pub = pub 866 866 + 867 867 + let generate ~rng = 868 868 + let secret = rng key_len in 869 869 + secret, pub_of_priv secret 870 870 + 871 871 + let sign ~key msg = 872 872 + (* section 5.1.6 *) 873 873 + let pub, (s, prefix) = public key in 874 874 + let r = Mirage_crypto.Hash.SHA512.digest (Cstruct.append prefix msg) in 875 875 + reduce_l r.Cstruct.buffer; 876 876 + let r_big = Cstruct.create key_len in 877 877 + scalar_mult_base_to_bytes r_big.Cstruct.buffer r.Cstruct.buffer; 878 878 + let k = Mirage_crypto.Hash.SHA512.digest (Cstruct.concat [ r_big ; pub ; msg ]) in 879 879 + reduce_l k.Cstruct.buffer; 880 880 + let s_out = Cstruct.create key_len in 881 881 + muladd s_out.Cstruct.buffer k.Cstruct.buffer s.Cstruct.buffer r.Cstruct.buffer; 882 882 + Cstruct.append r_big s_out 883 883 + 884 884 + let verify ~key signature ~msg = 885 885 + (* section 5.1.7 *) 886 886 + if Cstruct.len signature = 2 * key_len then 887 887 + let r, s = Cstruct.split signature key_len in 888 888 + let s_smaller_l = 889 889 + (* check s within 0 <= s < L *) 890 890 + let s' = Cstruct.create (key_len * 2) in 891 891 + Cstruct.blit s 0 s' 0 key_len; 892 892 + reduce_l s'.Cstruct.buffer; 893 893 + let s'' = Cstruct.(append s (create key_len)) in 894 894 + Cstruct.equal s'' s' 895 895 + in 896 896 + if s_smaller_l then begin 897 897 + let k = 898 898 + Mirage_crypto.Hash.SHA512.digest (Cstruct.concat [ r ; key ; msg ]) 899 899 + in 900 900 + reduce_l k.Cstruct.buffer; 901 901 + let r' = Cstruct.create key_len in 902 902 + let success = 903 903 + double_scalar_mult r'.Cstruct.buffer k.Cstruct.buffer 904 904 + key.Cstruct.buffer s.Cstruct.buffer 905 905 + in 906 906 + success && Cstruct.equal r r' 907 907 + end else 908 908 + false 909 909 + else 910 910 + false 911 911 + end

+60 -6

ec/mirage_crypto_ec.mli

reviewed

··· 9 9 consume a constant amount of time, independent of the input values. 10 10 *) 11 11 12 12 - type error = 13 13 - [ `Invalid_range 12 12 + type error = [ 13 13 + | `Invalid_range 14 14 | `Invalid_format 15 15 | `Invalid_length 16 16 | `Not_on_curve 17 17 - | `At_infinity ] 17 17 + | `At_infinity 18 18 + | `Low_order 19 19 + ] 18 20 (** The type for errors. *) 19 21 20 22 val pp_error : Format.formatter -> error -> unit ··· 105 107 106 108 val sign : key:priv -> ?k:Cstruct.t -> Cstruct.t -> Cstruct.t * Cstruct.t 107 109 (** [sign ~key ~k digest] signs the message [digest] using the private 108 108 - [key]. If [k] is not provided, it is computed using the deterministic 109 109 - construction from RFC 6979. The result is a pair of [r] and [s]. 110 110 + [key]. The [digest] is not processed further - it should be the hash of 111 111 + the message to sign. If [k] is not provided, it is computed using the 112 112 + deterministic construction from RFC 6979. The result is a pair of [r] 113 113 + and [s]. 110 114 111 115 @raise Invalid_argument if [k] is not suitable or not in range. 112 112 - @raise Message_too_long if [msg] is too long for the curve. *) 116 116 + @raise Message_too_long if the bit size of [msg] exceeds the curve. *) 113 117 114 118 val verify : key:pub -> Cstruct.t * Cstruct.t -> Cstruct.t -> bool 115 119 (** [verify ~key (r, s) digest] verifies the signature [r, s] on the message ··· 148 152 149 153 (** The NIST P-521 curve, also known as SECP521R1. *) 150 154 module P521 : Dh_dsa 155 155 + 156 156 + (** Curve 25519 Diffie-Hellman, also known as X25519. *) 157 157 + module X25519 : Dh 158 158 + 159 159 + (** Curve 25519 DSA, also known as Ed25519. *) 160 160 + module Ed25519 : sig 161 161 + type priv 162 162 + (** The type for private keys. *) 163 163 + 164 164 + type pub 165 165 + (** The type for public keys. *) 166 166 + 167 167 + (** {2 Serialisation} *) 168 168 + 169 169 + val priv_of_cstruct : Cstruct.t -> (priv, error) result 170 170 + (** [priv_of_cstruct cs] decodes a private key from the buffer [cs]. If the 171 171 + provided data is invalid, an error is returned. *) 172 172 + 173 173 + val priv_to_cstruct : priv -> Cstruct.t 174 174 + (** [priv_to_cstruct p] encode the private key [p] to a buffer. *) 175 175 + 176 176 + val pub_of_cstruct : Cstruct.t -> (pub, error) result 177 177 + (** [pub_of_cstruct cs] decodes a public key from the buffer [cs]. If the 178 178 + provided data is invalid, an error is returned. *) 179 179 + 180 180 + val pub_to_cstruct : pub -> Cstruct.t 181 181 + (** [pub_to_cstruct p] encodes the public key [p] into a buffer. *) 182 182 + 183 183 + (** {2 Deriving the public key} *) 184 184 + 185 185 + val pub_of_priv : priv -> pub 186 186 + (** [pub_of_priv p] extracts the public key from the private key [p]. *) 187 187 + 188 188 + (** {2 Key generation} *) 189 189 + 190 190 + val generate : rng:(int -> Cstruct.t) -> priv * pub 191 191 + (** [generate ~rng] generates a key pair using the provided random number 192 192 + generator. *) 193 193 + 194 194 + (** {2 Cryptographic operations} *) 195 195 + 196 196 + val sign : key:priv -> Cstruct.t -> Cstruct.t 197 197 + (** [sign ~key msg] signs the message [msg] using the private [key]. The 198 198 + result is the concatenation of [r] and [s], as specified in RFC 8032. *) 199 199 + 200 200 + val verify : key:pub -> Cstruct.t -> msg:Cstruct.t -> bool 201 201 + (** [verify ~key signature msg] verifies the [signature] on the message 202 202 + [msg] with the public [key]. The return value is [true] if verification 203 203 + was successful, [false] otherwise. *) 204 204 + end

+19 -1

ec/native/GNUmakefile

reviewed

··· 5 5 # 52561d2c59d2ef87af9676ad2039a8c5d8c22a21 (February 24th 2021) 6 6 7 7 WBW_MONT ?= ../../../fiat-crypto/src/ExtractionOCaml/word_by_word_montgomery --static --use-value-barrier 8 8 + UNSAT_SOLINAS ?= ../../../fiat-crypto/src/ExtractionOCaml/unsaturated_solinas --static --use-value-barrier 8 9 N_FUNCS=mul add opp from_montgomery to_montgomery one msat divstep_precomp divstep to_bytes from_bytes 9 10 10 11 # The NIST curve P-224 (AKA SECP224R1) ··· 108 109 .PHONY: p521 109 110 p521: p521_64.h p521_32.h np521_64.h np521_32.h 110 111 112 112 + # 25519 113 113 + 25519="2^255 - 19" 114 114 + 25519_FUNS=carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes carry_scmul121666 115 115 + 116 116 + .PHONY: curve25519_64.h 117 117 + curve25519_64.h: 118 118 + $(UNSAT_SOLINAS) 25519 64 '(auto)' $(25519) $(25519_FUNS) > $@ 119 119 + 120 120 + .PHONY: curve25519_32.h 121 121 + curve25519_32.h: 122 122 + $(UNSAT_SOLINAS) 25519 32 '(auto)' $(25519) $(25519_FUNS) > $@ 123 123 + 124 124 + .PHONY: curve25519 125 125 + curve25519: curve25519_64.h curve25519_32.h 126 126 + 127 127 + 111 128 .PHONY: clean 112 129 clean: 113 130 $(RM) p224_32.h p224_64.h np224_32.h np224_64.h 114 131 $(RM) p256_32.h p256_64.h np256_32.h np256_64.h 115 132 $(RM) p384_32.h p384_64.h np384_32.h np384_64.h 116 133 $(RM) p521_32.h p521_64.h np521_32.h np521_64.h 134 134 + $(RM) curve25519_32.h curve25519_64.h 117 135 118 136 .PHONY: all 119 119 - all: p224 p256 p384 p521 137 137 + all: p224 p256 p384 p521 curve25519

+1533

ec/native/curve25519_32.h

reviewed

··· 1 1 + /* Autogenerated: ../../../fiat-crypto/src/ExtractionOCaml/unsaturated_solinas --static --use-value-barrier 25519 32 '(auto)' '2^255 - 19' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes carry_scmul121666 */ 2 2 + /* curve description: 25519 */ 3 3 + /* machine_wordsize = 32 (from "32") */ 4 4 + /* requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, carry_scmul121666 */ 5 5 + /* n = 10 (from "(auto)") */ 6 6 + /* s-c = 2^255 - [(1, 19)] (from "2^255 - 19") */ 7 7 + /* tight_bounds_multiplier = 1 (from "") */ 8 8 + /* */ 9 9 + /* Computed values: */ 10 10 + /* carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1] */ 11 11 + /* eval z = z[0] + (z[1] << 26) + (z[2] << 51) + (z[3] << 77) + (z[4] << 102) + (z[5] << 128) + (z[6] << 153) + (z[7] << 179) + (z[8] << 204) + (z[9] << 230) */ 12 12 + /* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */ 13 13 + /* balance = [0x7ffffda, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe] */ 14 14 + 15 15 + #include <stdint.h> 16 16 + typedef unsigned char fiat_25519_uint1; 17 17 + typedef signed char fiat_25519_int1; 18 18 + 19 19 + #if (-1 & 3) != 3 20 20 + #error "This code only works on a two's complement system" 21 21 + #endif 22 22 + 23 23 + #if !defined(FIAT_25519_NO_ASM) && (defined(__GNUC__) || defined(__clang__)) 24 24 + static __inline__ uint32_t fiat_25519_value_barrier_u32(uint32_t a) { 25 25 + __asm__("" : "+r"(a) : /* no inputs */); 26 26 + return a; 27 27 + } 28 28 + #else 29 29 + # define fiat_25519_value_barrier_u32(x) (x) 30 30 + #endif 31 31 + 32 32 + 33 33 + /* 34 34 + * The function fiat_25519_addcarryx_u26 is an addition with carry. 35 35 + * Postconditions: 36 36 + * out1 = (arg1 + arg2 + arg3) mod 2^26 37 37 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^26⌋ 38 38 + * 39 39 + * Input Bounds: 40 40 + * arg1: [0x0 ~> 0x1] 41 41 + * arg2: [0x0 ~> 0x3ffffff] 42 42 + * arg3: [0x0 ~> 0x3ffffff] 43 43 + * Output Bounds: 44 44 + * out1: [0x0 ~> 0x3ffffff] 45 45 + * out2: [0x0 ~> 0x1] 46 46 + */ 47 47 + static void fiat_25519_addcarryx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { 48 48 + uint32_t x1; 49 49 + uint32_t x2; 50 50 + fiat_25519_uint1 x3; 51 51 + x1 = ((arg1 + arg2) + arg3); 52 52 + x2 = (x1 & UINT32_C(0x3ffffff)); 53 53 + x3 = (fiat_25519_uint1)(x1 >> 26); 54 54 + *out1 = x2; 55 55 + *out2 = x3; 56 56 + } 57 57 + 58 58 + /* 59 59 + * The function fiat_25519_subborrowx_u26 is a subtraction with borrow. 60 60 + * Postconditions: 61 61 + * out1 = (-arg1 + arg2 + -arg3) mod 2^26 62 62 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^26⌋ 63 63 + * 64 64 + * Input Bounds: 65 65 + * arg1: [0x0 ~> 0x1] 66 66 + * arg2: [0x0 ~> 0x3ffffff] 67 67 + * arg3: [0x0 ~> 0x3ffffff] 68 68 + * Output Bounds: 69 69 + * out1: [0x0 ~> 0x3ffffff] 70 70 + * out2: [0x0 ~> 0x1] 71 71 + */ 72 72 + static void fiat_25519_subborrowx_u26(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { 73 73 + int32_t x1; 74 74 + fiat_25519_int1 x2; 75 75 + uint32_t x3; 76 76 + x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); 77 77 + x2 = (fiat_25519_int1)(x1 >> 26); 78 78 + x3 = (x1 & UINT32_C(0x3ffffff)); 79 79 + *out1 = x3; 80 80 + *out2 = (fiat_25519_uint1)(0x0 - x2); 81 81 + } 82 82 + 83 83 + /* 84 84 + * The function fiat_25519_addcarryx_u25 is an addition with carry. 85 85 + * Postconditions: 86 86 + * out1 = (arg1 + arg2 + arg3) mod 2^25 87 87 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^25⌋ 88 88 + * 89 89 + * Input Bounds: 90 90 + * arg1: [0x0 ~> 0x1] 91 91 + * arg2: [0x0 ~> 0x1ffffff] 92 92 + * arg3: [0x0 ~> 0x1ffffff] 93 93 + * Output Bounds: 94 94 + * out1: [0x0 ~> 0x1ffffff] 95 95 + * out2: [0x0 ~> 0x1] 96 96 + */ 97 97 + static void fiat_25519_addcarryx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { 98 98 + uint32_t x1; 99 99 + uint32_t x2; 100 100 + fiat_25519_uint1 x3; 101 101 + x1 = ((arg1 + arg2) + arg3); 102 102 + x2 = (x1 & UINT32_C(0x1ffffff)); 103 103 + x3 = (fiat_25519_uint1)(x1 >> 25); 104 104 + *out1 = x2; 105 105 + *out2 = x3; 106 106 + } 107 107 + 108 108 + /* 109 109 + * The function fiat_25519_subborrowx_u25 is a subtraction with borrow. 110 110 + * Postconditions: 111 111 + * out1 = (-arg1 + arg2 + -arg3) mod 2^25 112 112 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^25⌋ 113 113 + * 114 114 + * Input Bounds: 115 115 + * arg1: [0x0 ~> 0x1] 116 116 + * arg2: [0x0 ~> 0x1ffffff] 117 117 + * arg3: [0x0 ~> 0x1ffffff] 118 118 + * Output Bounds: 119 119 + * out1: [0x0 ~> 0x1ffffff] 120 120 + * out2: [0x0 ~> 0x1] 121 121 + */ 122 122 + static void fiat_25519_subborrowx_u25(uint32_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { 123 123 + int32_t x1; 124 124 + fiat_25519_int1 x2; 125 125 + uint32_t x3; 126 126 + x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); 127 127 + x2 = (fiat_25519_int1)(x1 >> 25); 128 128 + x3 = (x1 & UINT32_C(0x1ffffff)); 129 129 + *out1 = x3; 130 130 + *out2 = (fiat_25519_uint1)(0x0 - x2); 131 131 + } 132 132 + 133 133 + /* 134 134 + * The function fiat_25519_cmovznz_u32 is a single-word conditional move. 135 135 + * Postconditions: 136 136 + * out1 = (if arg1 = 0 then arg2 else arg3) 137 137 + * 138 138 + * Input Bounds: 139 139 + * arg1: [0x0 ~> 0x1] 140 140 + * arg2: [0x0 ~> 0xffffffff] 141 141 + * arg3: [0x0 ~> 0xffffffff] 142 142 + * Output Bounds: 143 143 + * out1: [0x0 ~> 0xffffffff] 144 144 + */ 145 145 + static void fiat_25519_cmovznz_u32(uint32_t* out1, fiat_25519_uint1 arg1, uint32_t arg2, uint32_t arg3) { 146 146 + fiat_25519_uint1 x1; 147 147 + uint32_t x2; 148 148 + uint32_t x3; 149 149 + x1 = (!(!arg1)); 150 150 + x2 = ((fiat_25519_int1)(0x0 - x1) & UINT32_C(0xffffffff)); 151 151 + x3 = ((fiat_25519_value_barrier_u32(x2) & arg3) | (fiat_25519_value_barrier_u32((~x2)) & arg2)); 152 152 + *out1 = x3; 153 153 + } 154 154 + 155 155 + /* 156 156 + * The function fiat_25519_carry_mul multiplies two field elements and reduces the result. 157 157 + * Postconditions: 158 158 + * eval out1 mod m = (eval arg1 * eval arg2) mod m 159 159 + * 160 160 + * Input Bounds: 161 161 + * arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] 162 162 + * arg2: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] 163 163 + * Output Bounds: 164 164 + * out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 165 165 + */ 166 166 + static void fiat_25519_carry_mul(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) { 167 167 + uint64_t x1; 168 168 + uint64_t x2; 169 169 + uint64_t x3; 170 170 + uint64_t x4; 171 171 + uint64_t x5; 172 172 + uint64_t x6; 173 173 + uint64_t x7; 174 174 + uint64_t x8; 175 175 + uint64_t x9; 176 176 + uint64_t x10; 177 177 + uint64_t x11; 178 178 + uint64_t x12; 179 179 + uint64_t x13; 180 180 + uint64_t x14; 181 181 + uint64_t x15; 182 182 + uint64_t x16; 183 183 + uint64_t x17; 184 184 + uint64_t x18; 185 185 + uint64_t x19; 186 186 + uint64_t x20; 187 187 + uint64_t x21; 188 188 + uint64_t x22; 189 189 + uint64_t x23; 190 190 + uint64_t x24; 191 191 + uint64_t x25; 192 192 + uint64_t x26; 193 193 + uint64_t x27; 194 194 + uint64_t x28; 195 195 + uint64_t x29; 196 196 + uint64_t x30; 197 197 + uint64_t x31; 198 198 + uint64_t x32; 199 199 + uint64_t x33; 200 200 + uint64_t x34; 201 201 + uint64_t x35; 202 202 + uint64_t x36; 203 203 + uint64_t x37; 204 204 + uint64_t x38; 205 205 + uint64_t x39; 206 206 + uint64_t x40; 207 207 + uint64_t x41; 208 208 + uint64_t x42; 209 209 + uint64_t x43; 210 210 + uint64_t x44; 211 211 + uint64_t x45; 212 212 + uint64_t x46; 213 213 + uint64_t x47; 214 214 + uint64_t x48; 215 215 + uint64_t x49; 216 216 + uint64_t x50; 217 217 + uint64_t x51; 218 218 + uint64_t x52; 219 219 + uint64_t x53; 220 220 + uint64_t x54; 221 221 + uint64_t x55; 222 222 + uint64_t x56; 223 223 + uint64_t x57; 224 224 + uint64_t x58; 225 225 + uint64_t x59; 226 226 + uint64_t x60; 227 227 + uint64_t x61; 228 228 + uint64_t x62; 229 229 + uint64_t x63; 230 230 + uint64_t x64; 231 231 + uint64_t x65; 232 232 + uint64_t x66; 233 233 + uint64_t x67; 234 234 + uint64_t x68; 235 235 + uint64_t x69; 236 236 + uint64_t x70; 237 237 + uint64_t x71; 238 238 + uint64_t x72; 239 239 + uint64_t x73; 240 240 + uint64_t x74; 241 241 + uint64_t x75; 242 242 + uint64_t x76; 243 243 + uint64_t x77; 244 244 + uint64_t x78; 245 245 + uint64_t x79; 246 246 + uint64_t x80; 247 247 + uint64_t x81; 248 248 + uint64_t x82; 249 249 + uint64_t x83; 250 250 + uint64_t x84; 251 251 + uint64_t x85; 252 252 + uint64_t x86; 253 253 + uint64_t x87; 254 254 + uint64_t x88; 255 255 + uint64_t x89; 256 256 + uint64_t x90; 257 257 + uint64_t x91; 258 258 + uint64_t x92; 259 259 + uint64_t x93; 260 260 + uint64_t x94; 261 261 + uint64_t x95; 262 262 + uint64_t x96; 263 263 + uint64_t x97; 264 264 + uint64_t x98; 265 265 + uint64_t x99; 266 266 + uint64_t x100; 267 267 + uint64_t x101; 268 268 + uint64_t x102; 269 269 + uint32_t x103; 270 270 + uint64_t x104; 271 271 + uint64_t x105; 272 272 + uint64_t x106; 273 273 + uint64_t x107; 274 274 + uint64_t x108; 275 275 + uint64_t x109; 276 276 + uint64_t x110; 277 277 + uint64_t x111; 278 278 + uint64_t x112; 279 279 + uint64_t x113; 280 280 + uint64_t x114; 281 281 + uint32_t x115; 282 282 + uint64_t x116; 283 283 + uint64_t x117; 284 284 + uint32_t x118; 285 285 + uint64_t x119; 286 286 + uint64_t x120; 287 287 + uint32_t x121; 288 288 + uint64_t x122; 289 289 + uint64_t x123; 290 290 + uint32_t x124; 291 291 + uint64_t x125; 292 292 + uint64_t x126; 293 293 + uint32_t x127; 294 294 + uint64_t x128; 295 295 + uint64_t x129; 296 296 + uint32_t x130; 297 297 + uint64_t x131; 298 298 + uint64_t x132; 299 299 + uint32_t x133; 300 300 + uint64_t x134; 301 301 + uint64_t x135; 302 302 + uint32_t x136; 303 303 + uint64_t x137; 304 304 + uint64_t x138; 305 305 + uint32_t x139; 306 306 + uint64_t x140; 307 307 + uint64_t x141; 308 308 + uint32_t x142; 309 309 + uint32_t x143; 310 310 + uint32_t x144; 311 311 + fiat_25519_uint1 x145; 312 312 + uint32_t x146; 313 313 + uint32_t x147; 314 314 + x1 = ((uint64_t)(arg1[9]) * ((arg2[9]) * UINT8_C(0x26))); 315 315 + x2 = ((uint64_t)(arg1[9]) * ((arg2[8]) * UINT8_C(0x13))); 316 316 + x3 = ((uint64_t)(arg1[9]) * ((arg2[7]) * UINT8_C(0x26))); 317 317 + x4 = ((uint64_t)(arg1[9]) * ((arg2[6]) * UINT8_C(0x13))); 318 318 + x5 = ((uint64_t)(arg1[9]) * ((arg2[5]) * UINT8_C(0x26))); 319 319 + x6 = ((uint64_t)(arg1[9]) * ((arg2[4]) * UINT8_C(0x13))); 320 320 + x7 = ((uint64_t)(arg1[9]) * ((arg2[3]) * UINT8_C(0x26))); 321 321 + x8 = ((uint64_t)(arg1[9]) * ((arg2[2]) * UINT8_C(0x13))); 322 322 + x9 = ((uint64_t)(arg1[9]) * ((arg2[1]) * UINT8_C(0x26))); 323 323 + x10 = ((uint64_t)(arg1[8]) * ((arg2[9]) * UINT8_C(0x13))); 324 324 + x11 = ((uint64_t)(arg1[8]) * ((arg2[8]) * UINT8_C(0x13))); 325 325 + x12 = ((uint64_t)(arg1[8]) * ((arg2[7]) * UINT8_C(0x13))); 326 326 + x13 = ((uint64_t)(arg1[8]) * ((arg2[6]) * UINT8_C(0x13))); 327 327 + x14 = ((uint64_t)(arg1[8]) * ((arg2[5]) * UINT8_C(0x13))); 328 328 + x15 = ((uint64_t)(arg1[8]) * ((arg2[4]) * UINT8_C(0x13))); 329 329 + x16 = ((uint64_t)(arg1[8]) * ((arg2[3]) * UINT8_C(0x13))); 330 330 + x17 = ((uint64_t)(arg1[8]) * ((arg2[2]) * UINT8_C(0x13))); 331 331 + x18 = ((uint64_t)(arg1[7]) * ((arg2[9]) * UINT8_C(0x26))); 332 332 + x19 = ((uint64_t)(arg1[7]) * ((arg2[8]) * UINT8_C(0x13))); 333 333 + x20 = ((uint64_t)(arg1[7]) * ((arg2[7]) * UINT8_C(0x26))); 334 334 + x21 = ((uint64_t)(arg1[7]) * ((arg2[6]) * UINT8_C(0x13))); 335 335 + x22 = ((uint64_t)(arg1[7]) * ((arg2[5]) * UINT8_C(0x26))); 336 336 + x23 = ((uint64_t)(arg1[7]) * ((arg2[4]) * UINT8_C(0x13))); 337 337 + x24 = ((uint64_t)(arg1[7]) * ((arg2[3]) * UINT8_C(0x26))); 338 338 + x25 = ((uint64_t)(arg1[6]) * ((arg2[9]) * UINT8_C(0x13))); 339 339 + x26 = ((uint64_t)(arg1[6]) * ((arg2[8]) * UINT8_C(0x13))); 340 340 + x27 = ((uint64_t)(arg1[6]) * ((arg2[7]) * UINT8_C(0x13))); 341 341 + x28 = ((uint64_t)(arg1[6]) * ((arg2[6]) * UINT8_C(0x13))); 342 342 + x29 = ((uint64_t)(arg1[6]) * ((arg2[5]) * UINT8_C(0x13))); 343 343 + x30 = ((uint64_t)(arg1[6]) * ((arg2[4]) * UINT8_C(0x13))); 344 344 + x31 = ((uint64_t)(arg1[5]) * ((arg2[9]) * UINT8_C(0x26))); 345 345 + x32 = ((uint64_t)(arg1[5]) * ((arg2[8]) * UINT8_C(0x13))); 346 346 + x33 = ((uint64_t)(arg1[5]) * ((arg2[7]) * UINT8_C(0x26))); 347 347 + x34 = ((uint64_t)(arg1[5]) * ((arg2[6]) * UINT8_C(0x13))); 348 348 + x35 = ((uint64_t)(arg1[5]) * ((arg2[5]) * UINT8_C(0x26))); 349 349 + x36 = ((uint64_t)(arg1[4]) * ((arg2[9]) * UINT8_C(0x13))); 350 350 + x37 = ((uint64_t)(arg1[4]) * ((arg2[8]) * UINT8_C(0x13))); 351 351 + x38 = ((uint64_t)(arg1[4]) * ((arg2[7]) * UINT8_C(0x13))); 352 352 + x39 = ((uint64_t)(arg1[4]) * ((arg2[6]) * UINT8_C(0x13))); 353 353 + x40 = ((uint64_t)(arg1[3]) * ((arg2[9]) * UINT8_C(0x26))); 354 354 + x41 = ((uint64_t)(arg1[3]) * ((arg2[8]) * UINT8_C(0x13))); 355 355 + x42 = ((uint64_t)(arg1[3]) * ((arg2[7]) * UINT8_C(0x26))); 356 356 + x43 = ((uint64_t)(arg1[2]) * ((arg2[9]) * UINT8_C(0x13))); 357 357 + x44 = ((uint64_t)(arg1[2]) * ((arg2[8]) * UINT8_C(0x13))); 358 358 + x45 = ((uint64_t)(arg1[1]) * ((arg2[9]) * UINT8_C(0x26))); 359 359 + x46 = ((uint64_t)(arg1[9]) * (arg2[0])); 360 360 + x47 = ((uint64_t)(arg1[8]) * (arg2[1])); 361 361 + x48 = ((uint64_t)(arg1[8]) * (arg2[0])); 362 362 + x49 = ((uint64_t)(arg1[7]) * (arg2[2])); 363 363 + x50 = ((uint64_t)(arg1[7]) * ((arg2[1]) * 0x2)); 364 364 + x51 = ((uint64_t)(arg1[7]) * (arg2[0])); 365 365 + x52 = ((uint64_t)(arg1[6]) * (arg2[3])); 366 366 + x53 = ((uint64_t)(arg1[6]) * (arg2[2])); 367 367 + x54 = ((uint64_t)(arg1[6]) * (arg2[1])); 368 368 + x55 = ((uint64_t)(arg1[6]) * (arg2[0])); 369 369 + x56 = ((uint64_t)(arg1[5]) * (arg2[4])); 370 370 + x57 = ((uint64_t)(arg1[5]) * ((arg2[3]) * 0x2)); 371 371 + x58 = ((uint64_t)(arg1[5]) * (arg2[2])); 372 372 + x59 = ((uint64_t)(arg1[5]) * ((arg2[1]) * 0x2)); 373 373 + x60 = ((uint64_t)(arg1[5]) * (arg2[0])); 374 374 + x61 = ((uint64_t)(arg1[4]) * (arg2[5])); 375 375 + x62 = ((uint64_t)(arg1[4]) * (arg2[4])); 376 376 + x63 = ((uint64_t)(arg1[4]) * (arg2[3])); 377 377 + x64 = ((uint64_t)(arg1[4]) * (arg2[2])); 378 378 + x65 = ((uint64_t)(arg1[4]) * (arg2[1])); 379 379 + x66 = ((uint64_t)(arg1[4]) * (arg2[0])); 380 380 + x67 = ((uint64_t)(arg1[3]) * (arg2[6])); 381 381 + x68 = ((uint64_t)(arg1[3]) * ((arg2[5]) * 0x2)); 382 382 + x69 = ((uint64_t)(arg1[3]) * (arg2[4])); 383 383 + x70 = ((uint64_t)(arg1[3]) * ((arg2[3]) * 0x2)); 384 384 + x71 = ((uint64_t)(arg1[3]) * (arg2[2])); 385 385 + x72 = ((uint64_t)(arg1[3]) * ((arg2[1]) * 0x2)); 386 386 + x73 = ((uint64_t)(arg1[3]) * (arg2[0])); 387 387 + x74 = ((uint64_t)(arg1[2]) * (arg2[7])); 388 388 + x75 = ((uint64_t)(arg1[2]) * (arg2[6])); 389 389 + x76 = ((uint64_t)(arg1[2]) * (arg2[5])); 390 390 + x77 = ((uint64_t)(arg1[2]) * (arg2[4])); 391 391 + x78 = ((uint64_t)(arg1[2]) * (arg2[3])); 392 392 + x79 = ((uint64_t)(arg1[2]) * (arg2[2])); 393 393 + x80 = ((uint64_t)(arg1[2]) * (arg2[1])); 394 394 + x81 = ((uint64_t)(arg1[2]) * (arg2[0])); 395 395 + x82 = ((uint64_t)(arg1[1]) * (arg2[8])); 396 396 + x83 = ((uint64_t)(arg1[1]) * ((arg2[7]) * 0x2)); 397 397 + x84 = ((uint64_t)(arg1[1]) * (arg2[6])); 398 398 + x85 = ((uint64_t)(arg1[1]) * ((arg2[5]) * 0x2)); 399 399 + x86 = ((uint64_t)(arg1[1]) * (arg2[4])); 400 400 + x87 = ((uint64_t)(arg1[1]) * ((arg2[3]) * 0x2)); 401 401 + x88 = ((uint64_t)(arg1[1]) * (arg2[2])); 402 402 + x89 = ((uint64_t)(arg1[1]) * ((arg2[1]) * 0x2)); 403 403 + x90 = ((uint64_t)(arg1[1]) * (arg2[0])); 404 404 + x91 = ((uint64_t)(arg1[0]) * (arg2[9])); 405 405 + x92 = ((uint64_t)(arg1[0]) * (arg2[8])); 406 406 + x93 = ((uint64_t)(arg1[0]) * (arg2[7])); 407 407 + x94 = ((uint64_t)(arg1[0]) * (arg2[6])); 408 408 + x95 = ((uint64_t)(arg1[0]) * (arg2[5])); 409 409 + x96 = ((uint64_t)(arg1[0]) * (arg2[4])); 410 410 + x97 = ((uint64_t)(arg1[0]) * (arg2[3])); 411 411 + x98 = ((uint64_t)(arg1[0]) * (arg2[2])); 412 412 + x99 = ((uint64_t)(arg1[0]) * (arg2[1])); 413 413 + x100 = ((uint64_t)(arg1[0]) * (arg2[0])); 414 414 + x101 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9))))))))); 415 415 + x102 = (x101 >> 26); 416 416 + x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff)); 417 417 + x104 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46))))))))); 418 418 + x105 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1))))))))); 419 419 + x106 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2))))))))); 420 420 + x107 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3))))))))); 421 421 + x108 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4))))))))); 422 422 + x109 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5))))))))); 423 423 + x110 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6))))))))); 424 424 + x111 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7))))))))); 425 425 + x112 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8))))))))); 426 426 + x113 = (x102 + x112); 427 427 + x114 = (x113 >> 25); 428 428 + x115 = (uint32_t)(x113 & UINT32_C(0x1ffffff)); 429 429 + x116 = (x114 + x111); 430 430 + x117 = (x116 >> 26); 431 431 + x118 = (uint32_t)(x116 & UINT32_C(0x3ffffff)); 432 432 + x119 = (x117 + x110); 433 433 + x120 = (x119 >> 25); 434 434 + x121 = (uint32_t)(x119 & UINT32_C(0x1ffffff)); 435 435 + x122 = (x120 + x109); 436 436 + x123 = (x122 >> 26); 437 437 + x124 = (uint32_t)(x122 & UINT32_C(0x3ffffff)); 438 438 + x125 = (x123 + x108); 439 439 + x126 = (x125 >> 25); 440 440 + x127 = (uint32_t)(x125 & UINT32_C(0x1ffffff)); 441 441 + x128 = (x126 + x107); 442 442 + x129 = (x128 >> 26); 443 443 + x130 = (uint32_t)(x128 & UINT32_C(0x3ffffff)); 444 444 + x131 = (x129 + x106); 445 445 + x132 = (x131 >> 25); 446 446 + x133 = (uint32_t)(x131 & UINT32_C(0x1ffffff)); 447 447 + x134 = (x132 + x105); 448 448 + x135 = (x134 >> 26); 449 449 + x136 = (uint32_t)(x134 & UINT32_C(0x3ffffff)); 450 450 + x137 = (x135 + x104); 451 451 + x138 = (x137 >> 25); 452 452 + x139 = (uint32_t)(x137 & UINT32_C(0x1ffffff)); 453 453 + x140 = (x138 * UINT8_C(0x13)); 454 454 + x141 = (x103 + x140); 455 455 + x142 = (uint32_t)(x141 >> 26); 456 456 + x143 = (uint32_t)(x141 & UINT32_C(0x3ffffff)); 457 457 + x144 = (x142 + x115); 458 458 + x145 = (fiat_25519_uint1)(x144 >> 25); 459 459 + x146 = (x144 & UINT32_C(0x1ffffff)); 460 460 + x147 = (x145 + x118); 461 461 + out1[0] = x143; 462 462 + out1[1] = x146; 463 463 + out1[2] = x147; 464 464 + out1[3] = x121; 465 465 + out1[4] = x124; 466 466 + out1[5] = x127; 467 467 + out1[6] = x130; 468 468 + out1[7] = x133; 469 469 + out1[8] = x136; 470 470 + out1[9] = x139; 471 471 + } 472 472 + 473 473 + /* 474 474 + * The function fiat_25519_carry_square squares a field element and reduces the result. 475 475 + * Postconditions: 476 476 + * eval out1 mod m = (eval arg1 * eval arg1) mod m 477 477 + * 478 478 + * Input Bounds: 479 479 + * arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] 480 480 + * Output Bounds: 481 481 + * out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 482 482 + */ 483 483 + static void fiat_25519_carry_square(uint32_t out1[10], const uint32_t arg1[10]) { 484 484 + uint32_t x1; 485 485 + uint32_t x2; 486 486 + uint32_t x3; 487 487 + uint32_t x4; 488 488 + uint64_t x5; 489 489 + uint32_t x6; 490 490 + uint32_t x7; 491 491 + uint32_t x8; 492 492 + uint32_t x9; 493 493 + uint32_t x10; 494 494 + uint64_t x11; 495 495 + uint32_t x12; 496 496 + uint32_t x13; 497 497 + uint32_t x14; 498 498 + uint32_t x15; 499 499 + uint32_t x16; 500 500 + uint32_t x17; 501 501 + uint32_t x18; 502 502 + uint64_t x19; 503 503 + uint64_t x20; 504 504 + uint64_t x21; 505 505 + uint64_t x22; 506 506 + uint64_t x23; 507 507 + uint64_t x24; 508 508 + uint64_t x25; 509 509 + uint64_t x26; 510 510 + uint64_t x27; 511 511 + uint64_t x28; 512 512 + uint64_t x29; 513 513 + uint64_t x30; 514 514 + uint64_t x31; 515 515 + uint64_t x32; 516 516 + uint64_t x33; 517 517 + uint64_t x34; 518 518 + uint64_t x35; 519 519 + uint64_t x36; 520 520 + uint64_t x37; 521 521 + uint64_t x38; 522 522 + uint64_t x39; 523 523 + uint64_t x40; 524 524 + uint64_t x41; 525 525 + uint64_t x42; 526 526 + uint64_t x43; 527 527 + uint64_t x44; 528 528 + uint64_t x45; 529 529 + uint64_t x46; 530 530 + uint64_t x47; 531 531 + uint64_t x48; 532 532 + uint64_t x49; 533 533 + uint64_t x50; 534 534 + uint64_t x51; 535 535 + uint64_t x52; 536 536 + uint64_t x53; 537 537 + uint64_t x54; 538 538 + uint64_t x55; 539 539 + uint64_t x56; 540 540 + uint64_t x57; 541 541 + uint64_t x58; 542 542 + uint64_t x59; 543 543 + uint64_t x60; 544 544 + uint64_t x61; 545 545 + uint64_t x62; 546 546 + uint64_t x63; 547 547 + uint64_t x64; 548 548 + uint64_t x65; 549 549 + uint64_t x66; 550 550 + uint64_t x67; 551 551 + uint64_t x68; 552 552 + uint64_t x69; 553 553 + uint64_t x70; 554 554 + uint64_t x71; 555 555 + uint64_t x72; 556 556 + uint64_t x73; 557 557 + uint64_t x74; 558 558 + uint64_t x75; 559 559 + uint32_t x76; 560 560 + uint64_t x77; 561 561 + uint64_t x78; 562 562 + uint64_t x79; 563 563 + uint64_t x80; 564 564 + uint64_t x81; 565 565 + uint64_t x82; 566 566 + uint64_t x83; 567 567 + uint64_t x84; 568 568 + uint64_t x85; 569 569 + uint64_t x86; 570 570 + uint64_t x87; 571 571 + uint32_t x88; 572 572 + uint64_t x89; 573 573 + uint64_t x90; 574 574 + uint32_t x91; 575 575 + uint64_t x92; 576 576 + uint64_t x93; 577 577 + uint32_t x94; 578 578 + uint64_t x95; 579 579 + uint64_t x96; 580 580 + uint32_t x97; 581 581 + uint64_t x98; 582 582 + uint64_t x99; 583 583 + uint32_t x100; 584 584 + uint64_t x101; 585 585 + uint64_t x102; 586 586 + uint32_t x103; 587 587 + uint64_t x104; 588 588 + uint64_t x105; 589 589 + uint32_t x106; 590 590 + uint64_t x107; 591 591 + uint64_t x108; 592 592 + uint32_t x109; 593 593 + uint64_t x110; 594 594 + uint64_t x111; 595 595 + uint32_t x112; 596 596 + uint64_t x113; 597 597 + uint64_t x114; 598 598 + uint32_t x115; 599 599 + uint32_t x116; 600 600 + uint32_t x117; 601 601 + fiat_25519_uint1 x118; 602 602 + uint32_t x119; 603 603 + uint32_t x120; 604 604 + x1 = ((arg1[9]) * UINT8_C(0x13)); 605 605 + x2 = (x1 * 0x2); 606 606 + x3 = ((arg1[9]) * 0x2); 607 607 + x4 = ((arg1[8]) * UINT8_C(0x13)); 608 608 + x5 = ((uint64_t)x4 * 0x2); 609 609 + x6 = ((arg1[8]) * 0x2); 610 610 + x7 = ((arg1[7]) * UINT8_C(0x13)); 611 611 + x8 = (x7 * 0x2); 612 612 + x9 = ((arg1[7]) * 0x2); 613 613 + x10 = ((arg1[6]) * UINT8_C(0x13)); 614 614 + x11 = ((uint64_t)x10 * 0x2); 615 615 + x12 = ((arg1[6]) * 0x2); 616 616 + x13 = ((arg1[5]) * UINT8_C(0x13)); 617 617 + x14 = ((arg1[5]) * 0x2); 618 618 + x15 = ((arg1[4]) * 0x2); 619 619 + x16 = ((arg1[3]) * 0x2); 620 620 + x17 = ((arg1[2]) * 0x2); 621 621 + x18 = ((arg1[1]) * 0x2); 622 622 + x19 = ((uint64_t)(arg1[9]) * (x1 * 0x2)); 623 623 + x20 = ((uint64_t)(arg1[8]) * x2); 624 624 + x21 = ((uint64_t)(arg1[8]) * x4); 625 625 + x22 = ((arg1[7]) * ((uint64_t)x2 * 0x2)); 626 626 + x23 = ((arg1[7]) * x5); 627 627 + x24 = ((uint64_t)(arg1[7]) * (x7 * 0x2)); 628 628 + x25 = ((uint64_t)(arg1[6]) * x2); 629 629 + x26 = ((arg1[6]) * x5); 630 630 + x27 = ((uint64_t)(arg1[6]) * x8); 631 631 + x28 = ((uint64_t)(arg1[6]) * x10); 632 632 + x29 = ((arg1[5]) * ((uint64_t)x2 * 0x2)); 633 633 + x30 = ((arg1[5]) * x5); 634 634 + x31 = ((arg1[5]) * ((uint64_t)x8 * 0x2)); 635 635 + x32 = ((arg1[5]) * x11); 636 636 + x33 = ((uint64_t)(arg1[5]) * (x13 * 0x2)); 637 637 + x34 = ((uint64_t)(arg1[4]) * x2); 638 638 + x35 = ((arg1[4]) * x5); 639 639 + x36 = ((uint64_t)(arg1[4]) * x8); 640 640 + x37 = ((arg1[4]) * x11); 641 641 + x38 = ((uint64_t)(arg1[4]) * x14); 642 642 + x39 = ((uint64_t)(arg1[4]) * (arg1[4])); 643 643 + x40 = ((arg1[3]) * ((uint64_t)x2 * 0x2)); 644 644 + x41 = ((arg1[3]) * x5); 645 645 + x42 = ((arg1[3]) * ((uint64_t)x8 * 0x2)); 646 646 + x43 = ((uint64_t)(arg1[3]) * x12); 647 647 + x44 = ((uint64_t)(arg1[3]) * (x14 * 0x2)); 648 648 + x45 = ((uint64_t)(arg1[3]) * x15); 649 649 + x46 = ((uint64_t)(arg1[3]) * ((arg1[3]) * 0x2)); 650 650 + x47 = ((uint64_t)(arg1[2]) * x2); 651 651 + x48 = ((arg1[2]) * x5); 652 652 + x49 = ((uint64_t)(arg1[2]) * x9); 653 653 + x50 = ((uint64_t)(arg1[2]) * x12); 654 654 + x51 = ((uint64_t)(arg1[2]) * x14); 655 655 + x52 = ((uint64_t)(arg1[2]) * x15); 656 656 + x53 = ((uint64_t)(arg1[2]) * x16); 657 657 + x54 = ((uint64_t)(arg1[2]) * (arg1[2])); 658 658 + x55 = ((arg1[1]) * ((uint64_t)x2 * 0x2)); 659 659 + x56 = ((uint64_t)(arg1[1]) * x6); 660 660 + x57 = ((uint64_t)(arg1[1]) * (x9 * 0x2)); 661 661 + x58 = ((uint64_t)(arg1[1]) * x12); 662 662 + x59 = ((uint64_t)(arg1[1]) * (x14 * 0x2)); 663 663 + x60 = ((uint64_t)(arg1[1]) * x15); 664 664 + x61 = ((uint64_t)(arg1[1]) * (x16 * 0x2)); 665 665 + x62 = ((uint64_t)(arg1[1]) * x17); 666 666 + x63 = ((uint64_t)(arg1[1]) * ((arg1[1]) * 0x2)); 667 667 + x64 = ((uint64_t)(arg1[0]) * x3); 668 668 + x65 = ((uint64_t)(arg1[0]) * x6); 669 669 + x66 = ((uint64_t)(arg1[0]) * x9); 670 670 + x67 = ((uint64_t)(arg1[0]) * x12); 671 671 + x68 = ((uint64_t)(arg1[0]) * x14); 672 672 + x69 = ((uint64_t)(arg1[0]) * x15); 673 673 + x70 = ((uint64_t)(arg1[0]) * x16); 674 674 + x71 = ((uint64_t)(arg1[0]) * x17); 675 675 + x72 = ((uint64_t)(arg1[0]) * x18); 676 676 + x73 = ((uint64_t)(arg1[0]) * (arg1[0])); 677 677 + x74 = (x73 + (x55 + (x48 + (x42 + (x37 + x33))))); 678 678 + x75 = (x74 >> 26); 679 679 + x76 = (uint32_t)(x74 & UINT32_C(0x3ffffff)); 680 680 + x77 = (x64 + (x56 + (x49 + (x43 + x38)))); 681 681 + x78 = (x65 + (x57 + (x50 + (x44 + (x39 + x19))))); 682 682 + x79 = (x66 + (x58 + (x51 + (x45 + x20)))); 683 683 + x80 = (x67 + (x59 + (x52 + (x46 + (x22 + x21))))); 684 684 + x81 = (x68 + (x60 + (x53 + (x25 + x23)))); 685 685 + x82 = (x69 + (x61 + (x54 + (x29 + (x26 + x24))))); 686 686 + x83 = (x70 + (x62 + (x34 + (x30 + x27)))); 687 687 + x84 = (x71 + (x63 + (x40 + (x35 + (x31 + x28))))); 688 688 + x85 = (x72 + (x47 + (x41 + (x36 + x32)))); 689 689 + x86 = (x75 + x85); 690 690 + x87 = (x86 >> 25); 691 691 + x88 = (uint32_t)(x86 & UINT32_C(0x1ffffff)); 692 692 + x89 = (x87 + x84); 693 693 + x90 = (x89 >> 26); 694 694 + x91 = (uint32_t)(x89 & UINT32_C(0x3ffffff)); 695 695 + x92 = (x90 + x83); 696 696 + x93 = (x92 >> 25); 697 697 + x94 = (uint32_t)(x92 & UINT32_C(0x1ffffff)); 698 698 + x95 = (x93 + x82); 699 699 + x96 = (x95 >> 26); 700 700 + x97 = (uint32_t)(x95 & UINT32_C(0x3ffffff)); 701 701 + x98 = (x96 + x81); 702 702 + x99 = (x98 >> 25); 703 703 + x100 = (uint32_t)(x98 & UINT32_C(0x1ffffff)); 704 704 + x101 = (x99 + x80); 705 705 + x102 = (x101 >> 26); 706 706 + x103 = (uint32_t)(x101 & UINT32_C(0x3ffffff)); 707 707 + x104 = (x102 + x79); 708 708 + x105 = (x104 >> 25); 709 709 + x106 = (uint32_t)(x104 & UINT32_C(0x1ffffff)); 710 710 + x107 = (x105 + x78); 711 711 + x108 = (x107 >> 26); 712 712 + x109 = (uint32_t)(x107 & UINT32_C(0x3ffffff)); 713 713 + x110 = (x108 + x77); 714 714 + x111 = (x110 >> 25); 715 715 + x112 = (uint32_t)(x110 & UINT32_C(0x1ffffff)); 716 716 + x113 = (x111 * UINT8_C(0x13)); 717 717 + x114 = (x76 + x113); 718 718 + x115 = (uint32_t)(x114 >> 26); 719 719 + x116 = (uint32_t)(x114 & UINT32_C(0x3ffffff)); 720 720 + x117 = (x115 + x88); 721 721 + x118 = (fiat_25519_uint1)(x117 >> 25); 722 722 + x119 = (x117 & UINT32_C(0x1ffffff)); 723 723 + x120 = (x118 + x91); 724 724 + out1[0] = x116; 725 725 + out1[1] = x119; 726 726 + out1[2] = x120; 727 727 + out1[3] = x94; 728 728 + out1[4] = x97; 729 729 + out1[5] = x100; 730 730 + out1[6] = x103; 731 731 + out1[7] = x106; 732 732 + out1[8] = x109; 733 733 + out1[9] = x112; 734 734 + } 735 735 + 736 736 + /* 737 737 + * The function fiat_25519_carry reduces a field element. 738 738 + * Postconditions: 739 739 + * eval out1 mod m = eval arg1 mod m 740 740 + * 741 741 + * Input Bounds: 742 742 + * arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] 743 743 + * Output Bounds: 744 744 + * out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 745 745 + */ 746 746 + static void fiat_25519_carry(uint32_t out1[10], const uint32_t arg1[10]) { 747 747 + uint32_t x1; 748 748 + uint32_t x2; 749 749 + uint32_t x3; 750 750 + uint32_t x4; 751 751 + uint32_t x5; 752 752 + uint32_t x6; 753 753 + uint32_t x7; 754 754 + uint32_t x8; 755 755 + uint32_t x9; 756 756 + uint32_t x10; 757 757 + uint32_t x11; 758 758 + uint32_t x12; 759 759 + uint32_t x13; 760 760 + uint32_t x14; 761 761 + uint32_t x15; 762 762 + uint32_t x16; 763 763 + uint32_t x17; 764 764 + uint32_t x18; 765 765 + uint32_t x19; 766 766 + uint32_t x20; 767 767 + uint32_t x21; 768 768 + uint32_t x22; 769 769 + x1 = (arg1[0]); 770 770 + x2 = ((x1 >> 26) + (arg1[1])); 771 771 + x3 = ((x2 >> 25) + (arg1[2])); 772 772 + x4 = ((x3 >> 26) + (arg1[3])); 773 773 + x5 = ((x4 >> 25) + (arg1[4])); 774 774 + x6 = ((x5 >> 26) + (arg1[5])); 775 775 + x7 = ((x6 >> 25) + (arg1[6])); 776 776 + x8 = ((x7 >> 26) + (arg1[7])); 777 777 + x9 = ((x8 >> 25) + (arg1[8])); 778 778 + x10 = ((x9 >> 26) + (arg1[9])); 779 779 + x11 = ((x1 & UINT32_C(0x3ffffff)) + ((x10 >> 25) * UINT8_C(0x13))); 780 780 + x12 = ((fiat_25519_uint1)(x11 >> 26) + (x2 & UINT32_C(0x1ffffff))); 781 781 + x13 = (x11 & UINT32_C(0x3ffffff)); 782 782 + x14 = (x12 & UINT32_C(0x1ffffff)); 783 783 + x15 = ((fiat_25519_uint1)(x12 >> 25) + (x3 & UINT32_C(0x3ffffff))); 784 784 + x16 = (x4 & UINT32_C(0x1ffffff)); 785 785 + x17 = (x5 & UINT32_C(0x3ffffff)); 786 786 + x18 = (x6 & UINT32_C(0x1ffffff)); 787 787 + x19 = (x7 & UINT32_C(0x3ffffff)); 788 788 + x20 = (x8 & UINT32_C(0x1ffffff)); 789 789 + x21 = (x9 & UINT32_C(0x3ffffff)); 790 790 + x22 = (x10 & UINT32_C(0x1ffffff)); 791 791 + out1[0] = x13; 792 792 + out1[1] = x14; 793 793 + out1[2] = x15; 794 794 + out1[3] = x16; 795 795 + out1[4] = x17; 796 796 + out1[5] = x18; 797 797 + out1[6] = x19; 798 798 + out1[7] = x20; 799 799 + out1[8] = x21; 800 800 + out1[9] = x22; 801 801 + } 802 802 + 803 803 + /* 804 804 + * The function fiat_25519_add adds two field elements. 805 805 + * Postconditions: 806 806 + * eval out1 mod m = (eval arg1 + eval arg2) mod m 807 807 + * 808 808 + * Input Bounds: 809 809 + * arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 810 810 + * arg2: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 811 811 + * Output Bounds: 812 812 + * out1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] 813 813 + */ 814 814 + static void fiat_25519_add(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) { 815 815 + uint32_t x1; 816 816 + uint32_t x2; 817 817 + uint32_t x3; 818 818 + uint32_t x4; 819 819 + uint32_t x5; 820 820 + uint32_t x6; 821 821 + uint32_t x7; 822 822 + uint32_t x8; 823 823 + uint32_t x9; 824 824 + uint32_t x10; 825 825 + x1 = ((arg1[0]) + (arg2[0])); 826 826 + x2 = ((arg1[1]) + (arg2[1])); 827 827 + x3 = ((arg1[2]) + (arg2[2])); 828 828 + x4 = ((arg1[3]) + (arg2[3])); 829 829 + x5 = ((arg1[4]) + (arg2[4])); 830 830 + x6 = ((arg1[5]) + (arg2[5])); 831 831 + x7 = ((arg1[6]) + (arg2[6])); 832 832 + x8 = ((arg1[7]) + (arg2[7])); 833 833 + x9 = ((arg1[8]) + (arg2[8])); 834 834 + x10 = ((arg1[9]) + (arg2[9])); 835 835 + out1[0] = x1; 836 836 + out1[1] = x2; 837 837 + out1[2] = x3; 838 838 + out1[3] = x4; 839 839 + out1[4] = x5; 840 840 + out1[5] = x6; 841 841 + out1[6] = x7; 842 842 + out1[7] = x8; 843 843 + out1[8] = x9; 844 844 + out1[9] = x10; 845 845 + } 846 846 + 847 847 + /* 848 848 + * The function fiat_25519_sub subtracts two field elements. 849 849 + * Postconditions: 850 850 + * eval out1 mod m = (eval arg1 - eval arg2) mod m 851 851 + * 852 852 + * Input Bounds: 853 853 + * arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 854 854 + * arg2: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 855 855 + * Output Bounds: 856 856 + * out1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] 857 857 + */ 858 858 + static void fiat_25519_sub(uint32_t out1[10], const uint32_t arg1[10], const uint32_t arg2[10]) { 859 859 + uint32_t x1; 860 860 + uint32_t x2; 861 861 + uint32_t x3; 862 862 + uint32_t x4; 863 863 + uint32_t x5; 864 864 + uint32_t x6; 865 865 + uint32_t x7; 866 866 + uint32_t x8; 867 867 + uint32_t x9; 868 868 + uint32_t x10; 869 869 + x1 = ((UINT32_C(0x7ffffda) + (arg1[0])) - (arg2[0])); 870 870 + x2 = ((UINT32_C(0x3fffffe) + (arg1[1])) - (arg2[1])); 871 871 + x3 = ((UINT32_C(0x7fffffe) + (arg1[2])) - (arg2[2])); 872 872 + x4 = ((UINT32_C(0x3fffffe) + (arg1[3])) - (arg2[3])); 873 873 + x5 = ((UINT32_C(0x7fffffe) + (arg1[4])) - (arg2[4])); 874 874 + x6 = ((UINT32_C(0x3fffffe) + (arg1[5])) - (arg2[5])); 875 875 + x7 = ((UINT32_C(0x7fffffe) + (arg1[6])) - (arg2[6])); 876 876 + x8 = ((UINT32_C(0x3fffffe) + (arg1[7])) - (arg2[7])); 877 877 + x9 = ((UINT32_C(0x7fffffe) + (arg1[8])) - (arg2[8])); 878 878 + x10 = ((UINT32_C(0x3fffffe) + (arg1[9])) - (arg2[9])); 879 879 + out1[0] = x1; 880 880 + out1[1] = x2; 881 881 + out1[2] = x3; 882 882 + out1[3] = x4; 883 883 + out1[4] = x5; 884 884 + out1[5] = x6; 885 885 + out1[6] = x7; 886 886 + out1[7] = x8; 887 887 + out1[8] = x9; 888 888 + out1[9] = x10; 889 889 + } 890 890 + 891 891 + /* 892 892 + * The function fiat_25519_opp negates a field element. 893 893 + * Postconditions: 894 894 + * eval out1 mod m = -eval arg1 mod m 895 895 + * 896 896 + * Input Bounds: 897 897 + * arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 898 898 + * Output Bounds: 899 899 + * out1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] 900 900 + */ 901 901 + static void fiat_25519_opp(uint32_t out1[10], const uint32_t arg1[10]) { 902 902 + uint32_t x1; 903 903 + uint32_t x2; 904 904 + uint32_t x3; 905 905 + uint32_t x4; 906 906 + uint32_t x5; 907 907 + uint32_t x6; 908 908 + uint32_t x7; 909 909 + uint32_t x8; 910 910 + uint32_t x9; 911 911 + uint32_t x10; 912 912 + x1 = (UINT32_C(0x7ffffda) - (arg1[0])); 913 913 + x2 = (UINT32_C(0x3fffffe) - (arg1[1])); 914 914 + x3 = (UINT32_C(0x7fffffe) - (arg1[2])); 915 915 + x4 = (UINT32_C(0x3fffffe) - (arg1[3])); 916 916 + x5 = (UINT32_C(0x7fffffe) - (arg1[4])); 917 917 + x6 = (UINT32_C(0x3fffffe) - (arg1[5])); 918 918 + x7 = (UINT32_C(0x7fffffe) - (arg1[6])); 919 919 + x8 = (UINT32_C(0x3fffffe) - (arg1[7])); 920 920 + x9 = (UINT32_C(0x7fffffe) - (arg1[8])); 921 921 + x10 = (UINT32_C(0x3fffffe) - (arg1[9])); 922 922 + out1[0] = x1; 923 923 + out1[1] = x2; 924 924 + out1[2] = x3; 925 925 + out1[3] = x4; 926 926 + out1[4] = x5; 927 927 + out1[5] = x6; 928 928 + out1[6] = x7; 929 929 + out1[7] = x8; 930 930 + out1[8] = x9; 931 931 + out1[9] = x10; 932 932 + } 933 933 + 934 934 + /* 935 935 + * The function fiat_25519_selectznz is a multi-limb conditional select. 936 936 + * Postconditions: 937 937 + * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) 938 938 + * 939 939 + * Input Bounds: 940 940 + * arg1: [0x0 ~> 0x1] 941 941 + * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] 942 942 + * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] 943 943 + * Output Bounds: 944 944 + * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] 945 945 + */ 946 946 + static void fiat_25519_selectznz(uint32_t out1[10], fiat_25519_uint1 arg1, const uint32_t arg2[10], const uint32_t arg3[10]) { 947 947 + uint32_t x1; 948 948 + uint32_t x2; 949 949 + uint32_t x3; 950 950 + uint32_t x4; 951 951 + uint32_t x5; 952 952 + uint32_t x6; 953 953 + uint32_t x7; 954 954 + uint32_t x8; 955 955 + uint32_t x9; 956 956 + uint32_t x10; 957 957 + fiat_25519_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); 958 958 + fiat_25519_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); 959 959 + fiat_25519_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); 960 960 + fiat_25519_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); 961 961 + fiat_25519_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); 962 962 + fiat_25519_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); 963 963 + fiat_25519_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); 964 964 + fiat_25519_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); 965 965 + fiat_25519_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8])); 966 966 + fiat_25519_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9])); 967 967 + out1[0] = x1; 968 968 + out1[1] = x2; 969 969 + out1[2] = x3; 970 970 + out1[3] = x4; 971 971 + out1[4] = x5; 972 972 + out1[5] = x6; 973 973 + out1[6] = x7; 974 974 + out1[7] = x8; 975 975 + out1[8] = x9; 976 976 + out1[9] = x10; 977 977 + } 978 978 + 979 979 + /* 980 980 + * The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order. 981 981 + * Postconditions: 982 982 + * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] 983 983 + * 984 984 + * Input Bounds: 985 985 + * arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 986 986 + * Output Bounds: 987 987 + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] 988 988 + */ 989 989 + static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) { 990 990 + uint32_t x1; 991 991 + fiat_25519_uint1 x2; 992 992 + uint32_t x3; 993 993 + fiat_25519_uint1 x4; 994 994 + uint32_t x5; 995 995 + fiat_25519_uint1 x6; 996 996 + uint32_t x7; 997 997 + fiat_25519_uint1 x8; 998 998 + uint32_t x9; 999 999 + fiat_25519_uint1 x10; 1000 1000 + uint32_t x11; 1001 1001 + fiat_25519_uint1 x12; 1002 1002 + uint32_t x13; 1003 1003 + fiat_25519_uint1 x14; 1004 1004 + uint32_t x15; 1005 1005 + fiat_25519_uint1 x16; 1006 1006 + uint32_t x17; 1007 1007 + fiat_25519_uint1 x18; 1008 1008 + uint32_t x19; 1009 1009 + fiat_25519_uint1 x20; 1010 1010 + uint32_t x21; 1011 1011 + uint32_t x22; 1012 1012 + fiat_25519_uint1 x23; 1013 1013 + uint32_t x24; 1014 1014 + fiat_25519_uint1 x25; 1015 1015 + uint32_t x26; 1016 1016 + fiat_25519_uint1 x27; 1017 1017 + uint32_t x28; 1018 1018 + fiat_25519_uint1 x29; 1019 1019 + uint32_t x30; 1020 1020 + fiat_25519_uint1 x31; 1021 1021 + uint32_t x32; 1022 1022 + fiat_25519_uint1 x33; 1023 1023 + uint32_t x34; 1024 1024 + fiat_25519_uint1 x35; 1025 1025 + uint32_t x36; 1026 1026 + fiat_25519_uint1 x37; 1027 1027 + uint32_t x38; 1028 1028 + fiat_25519_uint1 x39; 1029 1029 + uint32_t x40; 1030 1030 + fiat_25519_uint1 x41; 1031 1031 + uint32_t x42; 1032 1032 + uint32_t x43; 1033 1033 + uint32_t x44; 1034 1034 + uint32_t x45; 1035 1035 + uint32_t x46; 1036 1036 + uint32_t x47; 1037 1037 + uint32_t x48; 1038 1038 + uint32_t x49; 1039 1039 + uint8_t x50; 1040 1040 + uint32_t x51; 1041 1041 + uint8_t x52; 1042 1042 + uint32_t x53; 1043 1043 + uint8_t x54; 1044 1044 + uint8_t x55; 1045 1045 + uint32_t x56; 1046 1046 + uint8_t x57; 1047 1047 + uint32_t x58; 1048 1048 + uint8_t x59; 1049 1049 + uint32_t x60; 1050 1050 + uint8_t x61; 1051 1051 + uint8_t x62; 1052 1052 + uint32_t x63; 1053 1053 + uint8_t x64; 1054 1054 + uint32_t x65; 1055 1055 + uint8_t x66; 1056 1056 + uint32_t x67; 1057 1057 + uint8_t x68; 1058 1058 + uint8_t x69; 1059 1059 + uint32_t x70; 1060 1060 + uint8_t x71; 1061 1061 + uint32_t x72; 1062 1062 + uint8_t x73; 1063 1063 + uint32_t x74; 1064 1064 + uint8_t x75; 1065 1065 + uint8_t x76; 1066 1066 + uint32_t x77; 1067 1067 + uint8_t x78; 1068 1068 + uint32_t x79; 1069 1069 + uint8_t x80; 1070 1070 + uint32_t x81; 1071 1071 + uint8_t x82; 1072 1072 + uint8_t x83; 1073 1073 + uint8_t x84; 1074 1074 + uint32_t x85; 1075 1075 + uint8_t x86; 1076 1076 + uint32_t x87; 1077 1077 + uint8_t x88; 1078 1078 + fiat_25519_uint1 x89; 1079 1079 + uint32_t x90; 1080 1080 + uint8_t x91; 1081 1081 + uint32_t x92; 1082 1082 + uint8_t x93; 1083 1083 + uint32_t x94; 1084 1084 + uint8_t x95; 1085 1085 + uint8_t x96; 1086 1086 + uint32_t x97; 1087 1087 + uint8_t x98; 1088 1088 + uint32_t x99; 1089 1089 + uint8_t x100; 1090 1090 + uint32_t x101; 1091 1091 + uint8_t x102; 1092 1092 + uint8_t x103; 1093 1093 + uint32_t x104; 1094 1094 + uint8_t x105; 1095 1095 + uint32_t x106; 1096 1096 + uint8_t x107; 1097 1097 + uint32_t x108; 1098 1098 + uint8_t x109; 1099 1099 + uint8_t x110; 1100 1100 + uint32_t x111; 1101 1101 + uint8_t x112; 1102 1102 + uint32_t x113; 1103 1103 + uint8_t x114; 1104 1104 + uint32_t x115; 1105 1105 + uint8_t x116; 1106 1106 + uint8_t x117; 1107 1107 + fiat_25519_subborrowx_u26(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x3ffffed)); 1108 1108 + fiat_25519_subborrowx_u25(&x3, &x4, x2, (arg1[1]), UINT32_C(0x1ffffff)); 1109 1109 + fiat_25519_subborrowx_u26(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3ffffff)); 1110 1110 + fiat_25519_subborrowx_u25(&x7, &x8, x6, (arg1[3]), UINT32_C(0x1ffffff)); 1111 1111 + fiat_25519_subborrowx_u26(&x9, &x10, x8, (arg1[4]), UINT32_C(0x3ffffff)); 1112 1112 + fiat_25519_subborrowx_u25(&x11, &x12, x10, (arg1[5]), UINT32_C(0x1ffffff)); 1113 1113 + fiat_25519_subborrowx_u26(&x13, &x14, x12, (arg1[6]), UINT32_C(0x3ffffff)); 1114 1114 + fiat_25519_subborrowx_u25(&x15, &x16, x14, (arg1[7]), UINT32_C(0x1ffffff)); 1115 1115 + fiat_25519_subborrowx_u26(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3ffffff)); 1116 1116 + fiat_25519_subborrowx_u25(&x19, &x20, x18, (arg1[9]), UINT32_C(0x1ffffff)); 1117 1117 + fiat_25519_cmovznz_u32(&x21, x20, 0x0, UINT32_C(0xffffffff)); 1118 1118 + fiat_25519_addcarryx_u26(&x22, &x23, 0x0, x1, (x21 & UINT32_C(0x3ffffed))); 1119 1119 + fiat_25519_addcarryx_u25(&x24, &x25, x23, x3, (x21 & UINT32_C(0x1ffffff))); 1120 1120 + fiat_25519_addcarryx_u26(&x26, &x27, x25, x5, (x21 & UINT32_C(0x3ffffff))); 1121 1121 + fiat_25519_addcarryx_u25(&x28, &x29, x27, x7, (x21 & UINT32_C(0x1ffffff))); 1122 1122 + fiat_25519_addcarryx_u26(&x30, &x31, x29, x9, (x21 & UINT32_C(0x3ffffff))); 1123 1123 + fiat_25519_addcarryx_u25(&x32, &x33, x31, x11, (x21 & UINT32_C(0x1ffffff))); 1124 1124 + fiat_25519_addcarryx_u26(&x34, &x35, x33, x13, (x21 & UINT32_C(0x3ffffff))); 1125 1125 + fiat_25519_addcarryx_u25(&x36, &x37, x35, x15, (x21 & UINT32_C(0x1ffffff))); 1126 1126 + fiat_25519_addcarryx_u26(&x38, &x39, x37, x17, (x21 & UINT32_C(0x3ffffff))); 1127 1127 + fiat_25519_addcarryx_u25(&x40, &x41, x39, x19, (x21 & UINT32_C(0x1ffffff))); 1128 1128 + x42 = (x40 << 6); 1129 1129 + x43 = (x38 << 4); 1130 1130 + x44 = (x36 << 3); 1131 1131 + x45 = (x34 * (uint32_t)0x2); 1132 1132 + x46 = (x30 << 6); 1133 1133 + x47 = (x28 << 5); 1134 1134 + x48 = (x26 << 3); 1135 1135 + x49 = (x24 << 2); 1136 1136 + x50 = (uint8_t)(x22 & UINT8_C(0xff)); 1137 1137 + x51 = (x22 >> 8); 1138 1138 + x52 = (uint8_t)(x51 & UINT8_C(0xff)); 1139 1139 + x53 = (x51 >> 8); 1140 1140 + x54 = (uint8_t)(x53 & UINT8_C(0xff)); 1141 1141 + x55 = (uint8_t)(x53 >> 8); 1142 1142 + x56 = (x49 + (uint32_t)x55); 1143 1143 + x57 = (uint8_t)(x56 & UINT8_C(0xff)); 1144 1144 + x58 = (x56 >> 8); 1145 1145 + x59 = (uint8_t)(x58 & UINT8_C(0xff)); 1146 1146 + x60 = (x58 >> 8); 1147 1147 + x61 = (uint8_t)(x60 & UINT8_C(0xff)); 1148 1148 + x62 = (uint8_t)(x60 >> 8); 1149 1149 + x63 = (x48 + (uint32_t)x62); 1150 1150 + x64 = (uint8_t)(x63 & UINT8_C(0xff)); 1151 1151 + x65 = (x63 >> 8); 1152 1152 + x66 = (uint8_t)(x65 & UINT8_C(0xff)); 1153 1153 + x67 = (x65 >> 8); 1154 1154 + x68 = (uint8_t)(x67 & UINT8_C(0xff)); 1155 1155 + x69 = (uint8_t)(x67 >> 8); 1156 1156 + x70 = (x47 + (uint32_t)x69); 1157 1157 + x71 = (uint8_t)(x70 & UINT8_C(0xff)); 1158 1158 + x72 = (x70 >> 8); 1159 1159 + x73 = (uint8_t)(x72 & UINT8_C(0xff)); 1160 1160 + x74 = (x72 >> 8); 1161 1161 + x75 = (uint8_t)(x74 & UINT8_C(0xff)); 1162 1162 + x76 = (uint8_t)(x74 >> 8); 1163 1163 + x77 = (x46 + (uint32_t)x76); 1164 1164 + x78 = (uint8_t)(x77 & UINT8_C(0xff)); 1165 1165 + x79 = (x77 >> 8); 1166 1166 + x80 = (uint8_t)(x79 & UINT8_C(0xff)); 1167 1167 + x81 = (x79 >> 8); 1168 1168 + x82 = (uint8_t)(x81 & UINT8_C(0xff)); 1169 1169 + x83 = (uint8_t)(x81 >> 8); 1170 1170 + x84 = (uint8_t)(x32 & UINT8_C(0xff)); 1171 1171 + x85 = (x32 >> 8); 1172 1172 + x86 = (uint8_t)(x85 & UINT8_C(0xff)); 1173 1173 + x87 = (x85 >> 8); 1174 1174 + x88 = (uint8_t)(x87 & UINT8_C(0xff)); 1175 1175 + x89 = (fiat_25519_uint1)(x87 >> 8); 1176 1176 + x90 = (x45 + (uint32_t)x89); 1177 1177 + x91 = (uint8_t)(x90 & UINT8_C(0xff)); 1178 1178 + x92 = (x90 >> 8); 1179 1179 + x93 = (uint8_t)(x92 & UINT8_C(0xff)); 1180 1180 + x94 = (x92 >> 8); 1181 1181 + x95 = (uint8_t)(x94 & UINT8_C(0xff)); 1182 1182 + x96 = (uint8_t)(x94 >> 8); 1183 1183 + x97 = (x44 + (uint32_t)x96); 1184 1184 + x98 = (uint8_t)(x97 & UINT8_C(0xff)); 1185 1185 + x99 = (x97 >> 8); 1186 1186 + x100 = (uint8_t)(x99 & UINT8_C(0xff)); 1187 1187 + x101 = (x99 >> 8); 1188 1188 + x102 = (uint8_t)(x101 & UINT8_C(0xff)); 1189 1189 + x103 = (uint8_t)(x101 >> 8); 1190 1190 + x104 = (x43 + (uint32_t)x103); 1191 1191 + x105 = (uint8_t)(x104 & UINT8_C(0xff)); 1192 1192 + x106 = (x104 >> 8); 1193 1193 + x107 = (uint8_t)(x106 & UINT8_C(0xff)); 1194 1194 + x108 = (x106 >> 8); 1195 1195 + x109 = (uint8_t)(x108 & UINT8_C(0xff)); 1196 1196 + x110 = (uint8_t)(x108 >> 8); 1197 1197 + x111 = (x42 + (uint32_t)x110); 1198 1198 + x112 = (uint8_t)(x111 & UINT8_C(0xff)); 1199 1199 + x113 = (x111 >> 8); 1200 1200 + x114 = (uint8_t)(x113 & UINT8_C(0xff)); 1201 1201 + x115 = (x113 >> 8); 1202 1202 + x116 = (uint8_t)(x115 & UINT8_C(0xff)); 1203 1203 + x117 = (uint8_t)(x115 >> 8); 1204 1204 + out1[0] = x50; 1205 1205 + out1[1] = x52; 1206 1206 + out1[2] = x54; 1207 1207 + out1[3] = x57; 1208 1208 + out1[4] = x59; 1209 1209 + out1[5] = x61; 1210 1210 + out1[6] = x64; 1211 1211 + out1[7] = x66; 1212 1212 + out1[8] = x68; 1213 1213 + out1[9] = x71; 1214 1214 + out1[10] = x73; 1215 1215 + out1[11] = x75; 1216 1216 + out1[12] = x78; 1217 1217 + out1[13] = x80; 1218 1218 + out1[14] = x82; 1219 1219 + out1[15] = x83; 1220 1220 + out1[16] = x84; 1221 1221 + out1[17] = x86; 1222 1222 + out1[18] = x88; 1223 1223 + out1[19] = x91; 1224 1224 + out1[20] = x93; 1225 1225 + out1[21] = x95; 1226 1226 + out1[22] = x98; 1227 1227 + out1[23] = x100; 1228 1228 + out1[24] = x102; 1229 1229 + out1[25] = x105; 1230 1230 + out1[26] = x107; 1231 1231 + out1[27] = x109; 1232 1232 + out1[28] = x112; 1233 1233 + out1[29] = x114; 1234 1234 + out1[30] = x116; 1235 1235 + out1[31] = x117; 1236 1236 + } 1237 1237 + 1238 1238 + /* 1239 1239 + * The function fiat_25519_from_bytes deserializes a field element from bytes in little-endian order. 1240 1240 + * Postconditions: 1241 1241 + * eval out1 mod m = bytes_eval arg1 mod m 1242 1242 + * 1243 1243 + * Input Bounds: 1244 1244 + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] 1245 1245 + * Output Bounds: 1246 1246 + * out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 1247 1247 + */ 1248 1248 + static void fiat_25519_from_bytes(uint32_t out1[10], const uint8_t arg1[32]) { 1249 1249 + uint32_t x1; 1250 1250 + uint32_t x2; 1251 1251 + uint32_t x3; 1252 1252 + uint32_t x4; 1253 1253 + uint32_t x5; 1254 1254 + uint32_t x6; 1255 1255 + uint32_t x7; 1256 1256 + uint32_t x8; 1257 1257 + uint32_t x9; 1258 1258 + uint32_t x10; 1259 1259 + uint32_t x11; 1260 1260 + uint32_t x12; 1261 1261 + uint32_t x13; 1262 1262 + uint32_t x14; 1263 1263 + uint32_t x15; 1264 1264 + uint8_t x16; 1265 1265 + uint32_t x17; 1266 1266 + uint32_t x18; 1267 1267 + uint32_t x19; 1268 1268 + uint32_t x20; 1269 1269 + uint32_t x21; 1270 1270 + uint32_t x22; 1271 1271 + uint32_t x23; 1272 1272 + uint32_t x24; 1273 1273 + uint32_t x25; 1274 1274 + uint32_t x26; 1275 1275 + uint32_t x27; 1276 1276 + uint32_t x28; 1277 1277 + uint32_t x29; 1278 1278 + uint32_t x30; 1279 1279 + uint32_t x31; 1280 1280 + uint8_t x32; 1281 1281 + uint32_t x33; 1282 1282 + uint32_t x34; 1283 1283 + uint32_t x35; 1284 1284 + uint32_t x36; 1285 1285 + uint8_t x37; 1286 1286 + uint32_t x38; 1287 1287 + uint32_t x39; 1288 1288 + uint32_t x40; 1289 1289 + uint32_t x41; 1290 1290 + uint8_t x42; 1291 1291 + uint32_t x43; 1292 1292 + uint32_t x44; 1293 1293 + uint32_t x45; 1294 1294 + uint32_t x46; 1295 1295 + uint8_t x47; 1296 1296 + uint32_t x48; 1297 1297 + uint32_t x49; 1298 1298 + uint32_t x50; 1299 1299 + uint32_t x51; 1300 1300 + uint8_t x52; 1301 1301 + uint32_t x53; 1302 1302 + uint32_t x54; 1303 1303 + uint32_t x55; 1304 1304 + uint32_t x56; 1305 1305 + uint32_t x57; 1306 1306 + uint32_t x58; 1307 1307 + uint32_t x59; 1308 1308 + uint8_t x60; 1309 1309 + uint32_t x61; 1310 1310 + uint32_t x62; 1311 1311 + uint32_t x63; 1312 1312 + uint32_t x64; 1313 1313 + uint8_t x65; 1314 1314 + uint32_t x66; 1315 1315 + uint32_t x67; 1316 1316 + uint32_t x68; 1317 1317 + uint32_t x69; 1318 1318 + uint8_t x70; 1319 1319 + uint32_t x71; 1320 1320 + uint32_t x72; 1321 1321 + uint32_t x73; 1322 1322 + uint32_t x74; 1323 1323 + uint8_t x75; 1324 1324 + uint32_t x76; 1325 1325 + uint32_t x77; 1326 1326 + uint32_t x78; 1327 1327 + x1 = ((uint32_t)(arg1[31]) << 18); 1328 1328 + x2 = ((uint32_t)(arg1[30]) << 10); 1329 1329 + x3 = ((uint32_t)(arg1[29]) << 2); 1330 1330 + x4 = ((uint32_t)(arg1[28]) << 20); 1331 1331 + x5 = ((uint32_t)(arg1[27]) << 12); 1332 1332 + x6 = ((uint32_t)(arg1[26]) << 4); 1333 1333 + x7 = ((uint32_t)(arg1[25]) << 21); 1334 1334 + x8 = ((uint32_t)(arg1[24]) << 13); 1335 1335 + x9 = ((uint32_t)(arg1[23]) << 5); 1336 1336 + x10 = ((uint32_t)(arg1[22]) << 23); 1337 1337 + x11 = ((uint32_t)(arg1[21]) << 15); 1338 1338 + x12 = ((uint32_t)(arg1[20]) << 7); 1339 1339 + x13 = ((uint32_t)(arg1[19]) << 24); 1340 1340 + x14 = ((uint32_t)(arg1[18]) << 16); 1341 1341 + x15 = ((uint32_t)(arg1[17]) << 8); 1342 1342 + x16 = (arg1[16]); 1343 1343 + x17 = ((uint32_t)(arg1[15]) << 18); 1344 1344 + x18 = ((uint32_t)(arg1[14]) << 10); 1345 1345 + x19 = ((uint32_t)(arg1[13]) << 2); 1346 1346 + x20 = ((uint32_t)(arg1[12]) << 19); 1347 1347 + x21 = ((uint32_t)(arg1[11]) << 11); 1348 1348 + x22 = ((uint32_t)(arg1[10]) << 3); 1349 1349 + x23 = ((uint32_t)(arg1[9]) << 21); 1350 1350 + x24 = ((uint32_t)(arg1[8]) << 13); 1351 1351 + x25 = ((uint32_t)(arg1[7]) << 5); 1352 1352 + x26 = ((uint32_t)(arg1[6]) << 22); 1353 1353 + x27 = ((uint32_t)(arg1[5]) << 14); 1354 1354 + x28 = ((uint32_t)(arg1[4]) << 6); 1355 1355 + x29 = ((uint32_t)(arg1[3]) << 24); 1356 1356 + x30 = ((uint32_t)(arg1[2]) << 16); 1357 1357 + x31 = ((uint32_t)(arg1[1]) << 8); 1358 1358 + x32 = (arg1[0]); 1359 1359 + x33 = (x31 + (uint32_t)x32); 1360 1360 + x34 = (x30 + x33); 1361 1361 + x35 = (x29 + x34); 1362 1362 + x36 = (x35 & UINT32_C(0x3ffffff)); 1363 1363 + x37 = (uint8_t)(x35 >> 26); 1364 1364 + x38 = (x28 + (uint32_t)x37); 1365 1365 + x39 = (x27 + x38); 1366 1366 + x40 = (x26 + x39); 1367 1367 + x41 = (x40 & UINT32_C(0x1ffffff)); 1368 1368 + x42 = (uint8_t)(x40 >> 25); 1369 1369 + x43 = (x25 + (uint32_t)x42); 1370 1370 + x44 = (x24 + x43); 1371 1371 + x45 = (x23 + x44); 1372 1372 + x46 = (x45 & UINT32_C(0x3ffffff)); 1373 1373 + x47 = (uint8_t)(x45 >> 26); 1374 1374 + x48 = (x22 + (uint32_t)x47); 1375 1375 + x49 = (x21 + x48); 1376 1376 + x50 = (x20 + x49); 1377 1377 + x51 = (x50 & UINT32_C(0x1ffffff)); 1378 1378 + x52 = (uint8_t)(x50 >> 25); 1379 1379 + x53 = (x19 + (uint32_t)x52); 1380 1380 + x54 = (x18 + x53); 1381 1381 + x55 = (x17 + x54); 1382 1382 + x56 = (x15 + (uint32_t)x16); 1383 1383 + x57 = (x14 + x56); 1384 1384 + x58 = (x13 + x57); 1385 1385 + x59 = (x58 & UINT32_C(0x1ffffff)); 1386 1386 + x60 = (uint8_t)(x58 >> 25); 1387 1387 + x61 = (x12 + (uint32_t)x60); 1388 1388 + x62 = (x11 + x61); 1389 1389 + x63 = (x10 + x62); 1390 1390 + x64 = (x63 & UINT32_C(0x3ffffff)); 1391 1391 + x65 = (uint8_t)(x63 >> 26); 1392 1392 + x66 = (x9 + (uint32_t)x65); 1393 1393 + x67 = (x8 + x66); 1394 1394 + x68 = (x7 + x67); 1395 1395 + x69 = (x68 & UINT32_C(0x1ffffff)); 1396 1396 + x70 = (uint8_t)(x68 >> 25); 1397 1397 + x71 = (x6 + (uint32_t)x70); 1398 1398 + x72 = (x5 + x71); 1399 1399 + x73 = (x4 + x72); 1400 1400 + x74 = (x73 & UINT32_C(0x3ffffff)); 1401 1401 + x75 = (uint8_t)(x73 >> 26); 1402 1402 + x76 = (x3 + (uint32_t)x75); 1403 1403 + x77 = (x2 + x76); 1404 1404 + x78 = (x1 + x77); 1405 1405 + out1[0] = x36; 1406 1406 + out1[1] = x41; 1407 1407 + out1[2] = x46; 1408 1408 + out1[3] = x51; 1409 1409 + out1[4] = x55; 1410 1410 + out1[5] = x59; 1411 1411 + out1[6] = x64; 1412 1412 + out1[7] = x69; 1413 1413 + out1[8] = x74; 1414 1414 + out1[9] = x78; 1415 1415 + } 1416 1416 + 1417 1417 + /* 1418 1418 + * The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result. 1419 1419 + * Postconditions: 1420 1420 + * eval out1 mod m = (121666 * eval arg1) mod m 1421 1421 + * 1422 1422 + * Input Bounds: 1423 1423 + * arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] 1424 1424 + * Output Bounds: 1425 1425 + * out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] 1426 1426 + */ 1427 1427 + static void fiat_25519_carry_scmul_121666(uint32_t out1[10], const uint32_t arg1[10]) { 1428 1428 + uint64_t x1; 1429 1429 + uint64_t x2; 1430 1430 + uint64_t x3; 1431 1431 + uint64_t x4; 1432 1432 + uint64_t x5; 1433 1433 + uint64_t x6; 1434 1434 + uint64_t x7; 1435 1435 + uint64_t x8; 1436 1436 + uint64_t x9; 1437 1437 + uint64_t x10; 1438 1438 + uint32_t x11; 1439 1439 + uint32_t x12; 1440 1440 + uint64_t x13; 1441 1441 + uint32_t x14; 1442 1442 + uint32_t x15; 1443 1443 + uint64_t x16; 1444 1444 + uint32_t x17; 1445 1445 + uint32_t x18; 1446 1446 + uint64_t x19; 1447 1447 + uint32_t x20; 1448 1448 + uint32_t x21; 1449 1449 + uint64_t x22; 1450 1450 + uint32_t x23; 1451 1451 + uint32_t x24; 1452 1452 + uint64_t x25; 1453 1453 + uint32_t x26; 1454 1454 + uint32_t x27; 1455 1455 + uint64_t x28; 1456 1456 + uint32_t x29; 1457 1457 + uint32_t x30; 1458 1458 + uint64_t x31; 1459 1459 + uint32_t x32; 1460 1460 + uint32_t x33; 1461 1461 + uint64_t x34; 1462 1462 + uint32_t x35; 1463 1463 + uint32_t x36; 1464 1464 + uint64_t x37; 1465 1465 + uint32_t x38; 1466 1466 + uint32_t x39; 1467 1467 + uint32_t x40; 1468 1468 + uint32_t x41; 1469 1469 + fiat_25519_uint1 x42; 1470 1470 + uint32_t x43; 1471 1471 + uint32_t x44; 1472 1472 + fiat_25519_uint1 x45; 1473 1473 + uint32_t x46; 1474 1474 + uint32_t x47; 1475 1475 + x1 = ((uint64_t)UINT32_C(0x1db42) * (arg1[9])); 1476 1476 + x2 = ((uint64_t)UINT32_C(0x1db42) * (arg1[8])); 1477 1477 + x3 = ((uint64_t)UINT32_C(0x1db42) * (arg1[7])); 1478 1478 + x4 = ((uint64_t)UINT32_C(0x1db42) * (arg1[6])); 1479 1479 + x5 = ((uint64_t)UINT32_C(0x1db42) * (arg1[5])); 1480 1480 + x6 = ((uint64_t)UINT32_C(0x1db42) * (arg1[4])); 1481 1481 + x7 = ((uint64_t)UINT32_C(0x1db42) * (arg1[3])); 1482 1482 + x8 = ((uint64_t)UINT32_C(0x1db42) * (arg1[2])); 1483 1483 + x9 = ((uint64_t)UINT32_C(0x1db42) * (arg1[1])); 1484 1484 + x10 = ((uint64_t)UINT32_C(0x1db42) * (arg1[0])); 1485 1485 + x11 = (uint32_t)(x10 >> 26); 1486 1486 + x12 = (uint32_t)(x10 & UINT32_C(0x3ffffff)); 1487 1487 + x13 = (x11 + x9); 1488 1488 + x14 = (uint32_t)(x13 >> 25); 1489 1489 + x15 = (uint32_t)(x13 & UINT32_C(0x1ffffff)); 1490 1490 + x16 = (x14 + x8); 1491 1491 + x17 = (uint32_t)(x16 >> 26); 1492 1492 + x18 = (uint32_t)(x16 & UINT32_C(0x3ffffff)); 1493 1493 + x19 = (x17 + x7); 1494 1494 + x20 = (uint32_t)(x19 >> 25); 1495 1495 + x21 = (uint32_t)(x19 & UINT32_C(0x1ffffff)); 1496 1496 + x22 = (x20 + x6); 1497 1497 + x23 = (uint32_t)(x22 >> 26); 1498 1498 + x24 = (uint32_t)(x22 & UINT32_C(0x3ffffff)); 1499 1499 + x25 = (x23 + x5); 1500 1500 + x26 = (uint32_t)(x25 >> 25); 1501 1501 + x27 = (uint32_t)(x25 & UINT32_C(0x1ffffff)); 1502 1502 + x28 = (x26 + x4); 1503 1503 + x29 = (uint32_t)(x28 >> 26); 1504 1504 + x30 = (uint32_t)(x28 & UINT32_C(0x3ffffff)); 1505 1505 + x31 = (x29 + x3); 1506 1506 + x32 = (uint32_t)(x31 >> 25); 1507 1507 + x33 = (uint32_t)(x31 & UINT32_C(0x1ffffff)); 1508 1508 + x34 = (x32 + x2); 1509 1509 + x35 = (uint32_t)(x34 >> 26); 1510 1510 + x36 = (uint32_t)(x34 & UINT32_C(0x3ffffff)); 1511 1511 + x37 = (x35 + x1); 1512 1512 + x38 = (uint32_t)(x37 >> 25); 1513 1513 + x39 = (uint32_t)(x37 & UINT32_C(0x1ffffff)); 1514 1514 + x40 = (x38 * UINT8_C(0x13)); 1515 1515 + x41 = (x12 + x40); 1516 1516 + x42 = (fiat_25519_uint1)(x41 >> 26); 1517 1517 + x43 = (x41 & UINT32_C(0x3ffffff)); 1518 1518 + x44 = (x42 + x15); 1519 1519 + x45 = (fiat_25519_uint1)(x44 >> 25); 1520 1520 + x46 = (x44 & UINT32_C(0x1ffffff)); 1521 1521 + x47 = (x45 + x18); 1522 1522 + out1[0] = x43; 1523 1523 + out1[1] = x46; 1524 1524 + out1[2] = x47; 1525 1525 + out1[3] = x21; 1526 1526 + out1[4] = x24; 1527 1527 + out1[5] = x27; 1528 1528 + out1[6] = x30; 1529 1529 + out1[7] = x33; 1530 1530 + out1[8] = x36; 1531 1531 + out1[9] = x39; 1532 1532 + } 1533 1533 +

+960

ec/native/curve25519_64.h

reviewed

··· 1 1 + /* Autogenerated: ../../../fiat-crypto/src/ExtractionOCaml/unsaturated_solinas --static --use-value-barrier 25519 64 '(auto)' '2^255 - 19' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes carry_scmul121666 */ 2 2 + /* curve description: 25519 */ 3 3 + /* machine_wordsize = 64 (from "64") */ 4 4 + /* requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, carry_scmul121666 */ 5 5 + /* n = 5 (from "(auto)") */ 6 6 + /* s-c = 2^255 - [(1, 19)] (from "2^255 - 19") */ 7 7 + /* tight_bounds_multiplier = 1 (from "") */ 8 8 + /* */ 9 9 + /* Computed values: */ 10 10 + /* carry_chain = [0, 1, 2, 3, 4, 0, 1] */ 11 11 + /* eval z = z[0] + (z[1] << 51) + (z[2] << 102) + (z[3] << 153) + (z[4] << 204) */ 12 12 + /* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */ 13 13 + /* balance = [0xfffffffffffda, 0xffffffffffffe, 0xffffffffffffe, 0xffffffffffffe, 0xffffffffffffe] */ 14 14 + 15 15 + #include <stdint.h> 16 16 + typedef unsigned char fiat_25519_uint1; 17 17 + typedef signed char fiat_25519_int1; 18 18 + #ifdef __GNUC__ 19 19 + # define FIAT_25519_FIAT_EXTENSION __extension__ 20 20 + #else 21 21 + # define FIAT_25519_FIAT_EXTENSION 22 22 + #endif 23 23 + 24 24 + FIAT_25519_FIAT_EXTENSION typedef signed __int128 fiat_25519_int128; 25 25 + FIAT_25519_FIAT_EXTENSION typedef unsigned __int128 fiat_25519_uint128; 26 26 + 27 27 + #if (-1 & 3) != 3 28 28 + #error "This code only works on a two's complement system" 29 29 + #endif 30 30 + 31 31 + #if !defined(FIAT_25519_NO_ASM) && (defined(__GNUC__) || defined(__clang__)) 32 32 + static __inline__ uint64_t fiat_25519_value_barrier_u64(uint64_t a) { 33 33 + __asm__("" : "+r"(a) : /* no inputs */); 34 34 + return a; 35 35 + } 36 36 + #else 37 37 + # define fiat_25519_value_barrier_u64(x) (x) 38 38 + #endif 39 39 + 40 40 + 41 41 + /* 42 42 + * The function fiat_25519_addcarryx_u51 is an addition with carry. 43 43 + * Postconditions: 44 44 + * out1 = (arg1 + arg2 + arg3) mod 2^51 45 45 + * out2 = ⌊(arg1 + arg2 + arg3) / 2^51⌋ 46 46 + * 47 47 + * Input Bounds: 48 48 + * arg1: [0x0 ~> 0x1] 49 49 + * arg2: [0x0 ~> 0x7ffffffffffff] 50 50 + * arg3: [0x0 ~> 0x7ffffffffffff] 51 51 + * Output Bounds: 52 52 + * out1: [0x0 ~> 0x7ffffffffffff] 53 53 + * out2: [0x0 ~> 0x1] 54 54 + */ 55 55 + static void fiat_25519_addcarryx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) { 56 56 + uint64_t x1; 57 57 + uint64_t x2; 58 58 + fiat_25519_uint1 x3; 59 59 + x1 = ((arg1 + arg2) + arg3); 60 60 + x2 = (x1 & UINT64_C(0x7ffffffffffff)); 61 61 + x3 = (fiat_25519_uint1)(x1 >> 51); 62 62 + *out1 = x2; 63 63 + *out2 = x3; 64 64 + } 65 65 + 66 66 + /* 67 67 + * The function fiat_25519_subborrowx_u51 is a subtraction with borrow. 68 68 + * Postconditions: 69 69 + * out1 = (-arg1 + arg2 + -arg3) mod 2^51 70 70 + * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^51⌋ 71 71 + * 72 72 + * Input Bounds: 73 73 + * arg1: [0x0 ~> 0x1] 74 74 + * arg2: [0x0 ~> 0x7ffffffffffff] 75 75 + * arg3: [0x0 ~> 0x7ffffffffffff] 76 76 + * Output Bounds: 77 77 + * out1: [0x0 ~> 0x7ffffffffffff] 78 78 + * out2: [0x0 ~> 0x1] 79 79 + */ 80 80 + static void fiat_25519_subborrowx_u51(uint64_t* out1, fiat_25519_uint1* out2, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) { 81 81 + int64_t x1; 82 82 + fiat_25519_int1 x2; 83 83 + uint64_t x3; 84 84 + x1 = ((int64_t)(arg2 - (int64_t)arg1) - (int64_t)arg3); 85 85 + x2 = (fiat_25519_int1)(x1 >> 51); 86 86 + x3 = (x1 & UINT64_C(0x7ffffffffffff)); 87 87 + *out1 = x3; 88 88 + *out2 = (fiat_25519_uint1)(0x0 - x2); 89 89 + } 90 90 + 91 91 + /* 92 92 + * The function fiat_25519_cmovznz_u64 is a single-word conditional move. 93 93 + * Postconditions: 94 94 + * out1 = (if arg1 = 0 then arg2 else arg3) 95 95 + * 96 96 + * Input Bounds: 97 97 + * arg1: [0x0 ~> 0x1] 98 98 + * arg2: [0x0 ~> 0xffffffffffffffff] 99 99 + * arg3: [0x0 ~> 0xffffffffffffffff] 100 100 + * Output Bounds: 101 101 + * out1: [0x0 ~> 0xffffffffffffffff] 102 102 + */ 103 103 + static void fiat_25519_cmovznz_u64(uint64_t* out1, fiat_25519_uint1 arg1, uint64_t arg2, uint64_t arg3) { 104 104 + fiat_25519_uint1 x1; 105 105 + uint64_t x2; 106 106 + uint64_t x3; 107 107 + x1 = (!(!arg1)); 108 108 + x2 = ((fiat_25519_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff)); 109 109 + x3 = ((fiat_25519_value_barrier_u64(x2) & arg3) | (fiat_25519_value_barrier_u64((~x2)) & arg2)); 110 110 + *out1 = x3; 111 111 + } 112 112 + 113 113 + /* 114 114 + * The function fiat_25519_carry_mul multiplies two field elements and reduces the result. 115 115 + * Postconditions: 116 116 + * eval out1 mod m = (eval arg1 * eval arg2) mod m 117 117 + * 118 118 + * Input Bounds: 119 119 + * arg1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] 120 120 + * arg2: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] 121 121 + * Output Bounds: 122 122 + * out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 123 123 + */ 124 124 + static void fiat_25519_carry_mul(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) { 125 125 + fiat_25519_uint128 x1; 126 126 + fiat_25519_uint128 x2; 127 127 + fiat_25519_uint128 x3; 128 128 + fiat_25519_uint128 x4; 129 129 + fiat_25519_uint128 x5; 130 130 + fiat_25519_uint128 x6; 131 131 + fiat_25519_uint128 x7; 132 132 + fiat_25519_uint128 x8; 133 133 + fiat_25519_uint128 x9; 134 134 + fiat_25519_uint128 x10; 135 135 + fiat_25519_uint128 x11; 136 136 + fiat_25519_uint128 x12; 137 137 + fiat_25519_uint128 x13; 138 138 + fiat_25519_uint128 x14; 139 139 + fiat_25519_uint128 x15; 140 140 + fiat_25519_uint128 x16; 141 141 + fiat_25519_uint128 x17; 142 142 + fiat_25519_uint128 x18; 143 143 + fiat_25519_uint128 x19; 144 144 + fiat_25519_uint128 x20; 145 145 + fiat_25519_uint128 x21; 146 146 + fiat_25519_uint128 x22; 147 147 + fiat_25519_uint128 x23; 148 148 + fiat_25519_uint128 x24; 149 149 + fiat_25519_uint128 x25; 150 150 + fiat_25519_uint128 x26; 151 151 + uint64_t x27; 152 152 + uint64_t x28; 153 153 + fiat_25519_uint128 x29; 154 154 + fiat_25519_uint128 x30; 155 155 + fiat_25519_uint128 x31; 156 156 + fiat_25519_uint128 x32; 157 157 + fiat_25519_uint128 x33; 158 158 + uint64_t x34; 159 159 + uint64_t x35; 160 160 + fiat_25519_uint128 x36; 161 161 + uint64_t x37; 162 162 + uint64_t x38; 163 163 + fiat_25519_uint128 x39; 164 164 + uint64_t x40; 165 165 + uint64_t x41; 166 166 + fiat_25519_uint128 x42; 167 167 + uint64_t x43; 168 168 + uint64_t x44; 169 169 + uint64_t x45; 170 170 + uint64_t x46; 171 171 + uint64_t x47; 172 172 + uint64_t x48; 173 173 + uint64_t x49; 174 174 + fiat_25519_uint1 x50; 175 175 + uint64_t x51; 176 176 + uint64_t x52; 177 177 + x1 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[4]) * UINT8_C(0x13))); 178 178 + x2 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[3]) * UINT8_C(0x13))); 179 179 + x3 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[2]) * UINT8_C(0x13))); 180 180 + x4 = ((fiat_25519_uint128)(arg1[4]) * ((arg2[1]) * UINT8_C(0x13))); 181 181 + x5 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[4]) * UINT8_C(0x13))); 182 182 + x6 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[3]) * UINT8_C(0x13))); 183 183 + x7 = ((fiat_25519_uint128)(arg1[3]) * ((arg2[2]) * UINT8_C(0x13))); 184 184 + x8 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[4]) * UINT8_C(0x13))); 185 185 + x9 = ((fiat_25519_uint128)(arg1[2]) * ((arg2[3]) * UINT8_C(0x13))); 186 186 + x10 = ((fiat_25519_uint128)(arg1[1]) * ((arg2[4]) * UINT8_C(0x13))); 187 187 + x11 = ((fiat_25519_uint128)(arg1[4]) * (arg2[0])); 188 188 + x12 = ((fiat_25519_uint128)(arg1[3]) * (arg2[1])); 189 189 + x13 = ((fiat_25519_uint128)(arg1[3]) * (arg2[0])); 190 190 + x14 = ((fiat_25519_uint128)(arg1[2]) * (arg2[2])); 191 191 + x15 = ((fiat_25519_uint128)(arg1[2]) * (arg2[1])); 192 192 + x16 = ((fiat_25519_uint128)(arg1[2]) * (arg2[0])); 193 193 + x17 = ((fiat_25519_uint128)(arg1[1]) * (arg2[3])); 194 194 + x18 = ((fiat_25519_uint128)(arg1[1]) * (arg2[2])); 195 195 + x19 = ((fiat_25519_uint128)(arg1[1]) * (arg2[1])); 196 196 + x20 = ((fiat_25519_uint128)(arg1[1]) * (arg2[0])); 197 197 + x21 = ((fiat_25519_uint128)(arg1[0]) * (arg2[4])); 198 198 + x22 = ((fiat_25519_uint128)(arg1[0]) * (arg2[3])); 199 199 + x23 = ((fiat_25519_uint128)(arg1[0]) * (arg2[2])); 200 200 + x24 = ((fiat_25519_uint128)(arg1[0]) * (arg2[1])); 201 201 + x25 = ((fiat_25519_uint128)(arg1[0]) * (arg2[0])); 202 202 + x26 = (x25 + (x10 + (x9 + (x7 + x4)))); 203 203 + x27 = (uint64_t)(x26 >> 51); 204 204 + x28 = (uint64_t)(x26 & UINT64_C(0x7ffffffffffff)); 205 205 + x29 = (x21 + (x17 + (x14 + (x12 + x11)))); 206 206 + x30 = (x22 + (x18 + (x15 + (x13 + x1)))); 207 207 + x31 = (x23 + (x19 + (x16 + (x5 + x2)))); 208 208 + x32 = (x24 + (x20 + (x8 + (x6 + x3)))); 209 209 + x33 = (x27 + x32); 210 210 + x34 = (uint64_t)(x33 >> 51); 211 211 + x35 = (uint64_t)(x33 & UINT64_C(0x7ffffffffffff)); 212 212 + x36 = (x34 + x31); 213 213 + x37 = (uint64_t)(x36 >> 51); 214 214 + x38 = (uint64_t)(x36 & UINT64_C(0x7ffffffffffff)); 215 215 + x39 = (x37 + x30); 216 216 + x40 = (uint64_t)(x39 >> 51); 217 217 + x41 = (uint64_t)(x39 & UINT64_C(0x7ffffffffffff)); 218 218 + x42 = (x40 + x29); 219 219 + x43 = (uint64_t)(x42 >> 51); 220 220 + x44 = (uint64_t)(x42 & UINT64_C(0x7ffffffffffff)); 221 221 + x45 = (x43 * UINT8_C(0x13)); 222 222 + x46 = (x28 + x45); 223 223 + x47 = (x46 >> 51); 224 224 + x48 = (x46 & UINT64_C(0x7ffffffffffff)); 225 225 + x49 = (x47 + x35); 226 226 + x50 = (fiat_25519_uint1)(x49 >> 51); 227 227 + x51 = (x49 & UINT64_C(0x7ffffffffffff)); 228 228 + x52 = (x50 + x38); 229 229 + out1[0] = x48; 230 230 + out1[1] = x51; 231 231 + out1[2] = x52; 232 232 + out1[3] = x41; 233 233 + out1[4] = x44; 234 234 + } 235 235 + 236 236 + /* 237 237 + * The function fiat_25519_carry_square squares a field element and reduces the result. 238 238 + * Postconditions: 239 239 + * eval out1 mod m = (eval arg1 * eval arg1) mod m 240 240 + * 241 241 + * Input Bounds: 242 242 + * arg1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] 243 243 + * Output Bounds: 244 244 + * out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 245 245 + */ 246 246 + static void fiat_25519_carry_square(uint64_t out1[5], const uint64_t arg1[5]) { 247 247 + uint64_t x1; 248 248 + uint64_t x2; 249 249 + uint64_t x3; 250 250 + uint64_t x4; 251 251 + uint64_t x5; 252 252 + uint64_t x6; 253 253 + uint64_t x7; 254 254 + uint64_t x8; 255 255 + fiat_25519_uint128 x9; 256 256 + fiat_25519_uint128 x10; 257 257 + fiat_25519_uint128 x11; 258 258 + fiat_25519_uint128 x12; 259 259 + fiat_25519_uint128 x13; 260 260 + fiat_25519_uint128 x14; 261 261 + fiat_25519_uint128 x15; 262 262 + fiat_25519_uint128 x16; 263 263 + fiat_25519_uint128 x17; 264 264 + fiat_25519_uint128 x18; 265 265 + fiat_25519_uint128 x19; 266 266 + fiat_25519_uint128 x20; 267 267 + fiat_25519_uint128 x21; 268 268 + fiat_25519_uint128 x22; 269 269 + fiat_25519_uint128 x23; 270 270 + fiat_25519_uint128 x24; 271 271 + uint64_t x25; 272 272 + uint64_t x26; 273 273 + fiat_25519_uint128 x27; 274 274 + fiat_25519_uint128 x28; 275 275 + fiat_25519_uint128 x29; 276 276 + fiat_25519_uint128 x30; 277 277 + fiat_25519_uint128 x31; 278 278 + uint64_t x32; 279 279 + uint64_t x33; 280 280 + fiat_25519_uint128 x34; 281 281 + uint64_t x35; 282 282 + uint64_t x36; 283 283 + fiat_25519_uint128 x37; 284 284 + uint64_t x38; 285 285 + uint64_t x39; 286 286 + fiat_25519_uint128 x40; 287 287 + uint64_t x41; 288 288 + uint64_t x42; 289 289 + uint64_t x43; 290 290 + uint64_t x44; 291 291 + uint64_t x45; 292 292 + uint64_t x46; 293 293 + uint64_t x47; 294 294 + fiat_25519_uint1 x48; 295 295 + uint64_t x49; 296 296 + uint64_t x50; 297 297 + x1 = ((arg1[4]) * UINT8_C(0x13)); 298 298 + x2 = (x1 * 0x2); 299 299 + x3 = ((arg1[4]) * 0x2); 300 300 + x4 = ((arg1[3]) * UINT8_C(0x13)); 301 301 + x5 = (x4 * 0x2); 302 302 + x6 = ((arg1[3]) * 0x2); 303 303 + x7 = ((arg1[2]) * 0x2); 304 304 + x8 = ((arg1[1]) * 0x2); 305 305 + x9 = ((fiat_25519_uint128)(arg1[4]) * x1); 306 306 + x10 = ((fiat_25519_uint128)(arg1[3]) * x2); 307 307 + x11 = ((fiat_25519_uint128)(arg1[3]) * x4); 308 308 + x12 = ((fiat_25519_uint128)(arg1[2]) * x2); 309 309 + x13 = ((fiat_25519_uint128)(arg1[2]) * x5); 310 310 + x14 = ((fiat_25519_uint128)(arg1[2]) * (arg1[2])); 311 311 + x15 = ((fiat_25519_uint128)(arg1[1]) * x2); 312 312 + x16 = ((fiat_25519_uint128)(arg1[1]) * x6); 313 313 + x17 = ((fiat_25519_uint128)(arg1[1]) * x7); 314 314 + x18 = ((fiat_25519_uint128)(arg1[1]) * (arg1[1])); 315 315 + x19 = ((fiat_25519_uint128)(arg1[0]) * x3); 316 316 + x20 = ((fiat_25519_uint128)(arg1[0]) * x6); 317 317 + x21 = ((fiat_25519_uint128)(arg1[0]) * x7); 318 318 + x22 = ((fiat_25519_uint128)(arg1[0]) * x8); 319 319 + x23 = ((fiat_25519_uint128)(arg1[0]) * (arg1[0])); 320 320 + x24 = (x23 + (x15 + x13)); 321 321 + x25 = (uint64_t)(x24 >> 51); 322 322 + x26 = (uint64_t)(x24 & UINT64_C(0x7ffffffffffff)); 323 323 + x27 = (x19 + (x16 + x14)); 324 324 + x28 = (x20 + (x17 + x9)); 325 325 + x29 = (x21 + (x18 + x10)); 326 326 + x30 = (x22 + (x12 + x11)); 327 327 + x31 = (x25 + x30); 328 328 + x32 = (uint64_t)(x31 >> 51); 329 329 + x33 = (uint64_t)(x31 & UINT64_C(0x7ffffffffffff)); 330 330 + x34 = (x32 + x29); 331 331 + x35 = (uint64_t)(x34 >> 51); 332 332 + x36 = (uint64_t)(x34 & UINT64_C(0x7ffffffffffff)); 333 333 + x37 = (x35 + x28); 334 334 + x38 = (uint64_t)(x37 >> 51); 335 335 + x39 = (uint64_t)(x37 & UINT64_C(0x7ffffffffffff)); 336 336 + x40 = (x38 + x27); 337 337 + x41 = (uint64_t)(x40 >> 51); 338 338 + x42 = (uint64_t)(x40 & UINT64_C(0x7ffffffffffff)); 339 339 + x43 = (x41 * UINT8_C(0x13)); 340 340 + x44 = (x26 + x43); 341 341 + x45 = (x44 >> 51); 342 342 + x46 = (x44 & UINT64_C(0x7ffffffffffff)); 343 343 + x47 = (x45 + x33); 344 344 + x48 = (fiat_25519_uint1)(x47 >> 51); 345 345 + x49 = (x47 & UINT64_C(0x7ffffffffffff)); 346 346 + x50 = (x48 + x36); 347 347 + out1[0] = x46; 348 348 + out1[1] = x49; 349 349 + out1[2] = x50; 350 350 + out1[3] = x39; 351 351 + out1[4] = x42; 352 352 + } 353 353 + 354 354 + /* 355 355 + * The function fiat_25519_carry reduces a field element. 356 356 + * Postconditions: 357 357 + * eval out1 mod m = eval arg1 mod m 358 358 + * 359 359 + * Input Bounds: 360 360 + * arg1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] 361 361 + * Output Bounds: 362 362 + * out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 363 363 + */ 364 364 + static void fiat_25519_carry(uint64_t out1[5], const uint64_t arg1[5]) { 365 365 + uint64_t x1; 366 366 + uint64_t x2; 367 367 + uint64_t x3; 368 368 + uint64_t x4; 369 369 + uint64_t x5; 370 370 + uint64_t x6; 371 371 + uint64_t x7; 372 372 + uint64_t x8; 373 373 + uint64_t x9; 374 374 + uint64_t x10; 375 375 + uint64_t x11; 376 376 + uint64_t x12; 377 377 + x1 = (arg1[0]); 378 378 + x2 = ((x1 >> 51) + (arg1[1])); 379 379 + x3 = ((x2 >> 51) + (arg1[2])); 380 380 + x4 = ((x3 >> 51) + (arg1[3])); 381 381 + x5 = ((x4 >> 51) + (arg1[4])); 382 382 + x6 = ((x1 & UINT64_C(0x7ffffffffffff)) + ((x5 >> 51) * UINT8_C(0x13))); 383 383 + x7 = ((fiat_25519_uint1)(x6 >> 51) + (x2 & UINT64_C(0x7ffffffffffff))); 384 384 + x8 = (x6 & UINT64_C(0x7ffffffffffff)); 385 385 + x9 = (x7 & UINT64_C(0x7ffffffffffff)); 386 386 + x10 = ((fiat_25519_uint1)(x7 >> 51) + (x3 & UINT64_C(0x7ffffffffffff))); 387 387 + x11 = (x4 & UINT64_C(0x7ffffffffffff)); 388 388 + x12 = (x5 & UINT64_C(0x7ffffffffffff)); 389 389 + out1[0] = x8; 390 390 + out1[1] = x9; 391 391 + out1[2] = x10; 392 392 + out1[3] = x11; 393 393 + out1[4] = x12; 394 394 + } 395 395 + 396 396 + /* 397 397 + * The function fiat_25519_add adds two field elements. 398 398 + * Postconditions: 399 399 + * eval out1 mod m = (eval arg1 + eval arg2) mod m 400 400 + * 401 401 + * Input Bounds: 402 402 + * arg1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 403 403 + * arg2: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 404 404 + * Output Bounds: 405 405 + * out1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] 406 406 + */ 407 407 + static void fiat_25519_add(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) { 408 408 + uint64_t x1; 409 409 + uint64_t x2; 410 410 + uint64_t x3; 411 411 + uint64_t x4; 412 412 + uint64_t x5; 413 413 + x1 = ((arg1[0]) + (arg2[0])); 414 414 + x2 = ((arg1[1]) + (arg2[1])); 415 415 + x3 = ((arg1[2]) + (arg2[2])); 416 416 + x4 = ((arg1[3]) + (arg2[3])); 417 417 + x5 = ((arg1[4]) + (arg2[4])); 418 418 + out1[0] = x1; 419 419 + out1[1] = x2; 420 420 + out1[2] = x3; 421 421 + out1[3] = x4; 422 422 + out1[4] = x5; 423 423 + } 424 424 + 425 425 + /* 426 426 + * The function fiat_25519_sub subtracts two field elements. 427 427 + * Postconditions: 428 428 + * eval out1 mod m = (eval arg1 - eval arg2) mod m 429 429 + * 430 430 + * Input Bounds: 431 431 + * arg1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 432 432 + * arg2: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 433 433 + * Output Bounds: 434 434 + * out1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] 435 435 + */ 436 436 + static void fiat_25519_sub(uint64_t out1[5], const uint64_t arg1[5], const uint64_t arg2[5]) { 437 437 + uint64_t x1; 438 438 + uint64_t x2; 439 439 + uint64_t x3; 440 440 + uint64_t x4; 441 441 + uint64_t x5; 442 442 + x1 = ((UINT64_C(0xfffffffffffda) + (arg1[0])) - (arg2[0])); 443 443 + x2 = ((UINT64_C(0xffffffffffffe) + (arg1[1])) - (arg2[1])); 444 444 + x3 = ((UINT64_C(0xffffffffffffe) + (arg1[2])) - (arg2[2])); 445 445 + x4 = ((UINT64_C(0xffffffffffffe) + (arg1[3])) - (arg2[3])); 446 446 + x5 = ((UINT64_C(0xffffffffffffe) + (arg1[4])) - (arg2[4])); 447 447 + out1[0] = x1; 448 448 + out1[1] = x2; 449 449 + out1[2] = x3; 450 450 + out1[3] = x4; 451 451 + out1[4] = x5; 452 452 + } 453 453 + 454 454 + /* 455 455 + * The function fiat_25519_opp negates a field element. 456 456 + * Postconditions: 457 457 + * eval out1 mod m = -eval arg1 mod m 458 458 + * 459 459 + * Input Bounds: 460 460 + * arg1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 461 461 + * Output Bounds: 462 462 + * out1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] 463 463 + */ 464 464 + static void fiat_25519_opp(uint64_t out1[5], const uint64_t arg1[5]) { 465 465 + uint64_t x1; 466 466 + uint64_t x2; 467 467 + uint64_t x3; 468 468 + uint64_t x4; 469 469 + uint64_t x5; 470 470 + x1 = (UINT64_C(0xfffffffffffda) - (arg1[0])); 471 471 + x2 = (UINT64_C(0xffffffffffffe) - (arg1[1])); 472 472 + x3 = (UINT64_C(0xffffffffffffe) - (arg1[2])); 473 473 + x4 = (UINT64_C(0xffffffffffffe) - (arg1[3])); 474 474 + x5 = (UINT64_C(0xffffffffffffe) - (arg1[4])); 475 475 + out1[0] = x1; 476 476 + out1[1] = x2; 477 477 + out1[2] = x3; 478 478 + out1[3] = x4; 479 479 + out1[4] = x5; 480 480 + } 481 481 + 482 482 + /* 483 483 + * The function fiat_25519_selectznz is a multi-limb conditional select. 484 484 + * Postconditions: 485 485 + * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) 486 486 + * 487 487 + * Input Bounds: 488 488 + * arg1: [0x0 ~> 0x1] 489 489 + * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 490 490 + * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 491 491 + * Output Bounds: 492 492 + * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 493 493 + */ 494 494 + static void fiat_25519_selectznz(uint64_t out1[5], fiat_25519_uint1 arg1, const uint64_t arg2[5], const uint64_t arg3[5]) { 495 495 + uint64_t x1; 496 496 + uint64_t x2; 497 497 + uint64_t x3; 498 498 + uint64_t x4; 499 499 + uint64_t x5; 500 500 + fiat_25519_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0])); 501 501 + fiat_25519_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1])); 502 502 + fiat_25519_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2])); 503 503 + fiat_25519_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3])); 504 504 + fiat_25519_cmovznz_u64(&x5, arg1, (arg2[4]), (arg3[4])); 505 505 + out1[0] = x1; 506 506 + out1[1] = x2; 507 507 + out1[2] = x3; 508 508 + out1[3] = x4; 509 509 + out1[4] = x5; 510 510 + } 511 511 + 512 512 + /* 513 513 + * The function fiat_25519_to_bytes serializes a field element to bytes in little-endian order. 514 514 + * Postconditions: 515 515 + * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] 516 516 + * 517 517 + * Input Bounds: 518 518 + * arg1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 519 519 + * Output Bounds: 520 520 + * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] 521 521 + */ 522 522 + static void fiat_25519_to_bytes(uint8_t out1[32], const uint64_t arg1[5]) { 523 523 + uint64_t x1; 524 524 + fiat_25519_uint1 x2; 525 525 + uint64_t x3; 526 526 + fiat_25519_uint1 x4; 527 527 + uint64_t x5; 528 528 + fiat_25519_uint1 x6; 529 529 + uint64_t x7; 530 530 + fiat_25519_uint1 x8; 531 531 + uint64_t x9; 532 532 + fiat_25519_uint1 x10; 533 533 + uint64_t x11; 534 534 + uint64_t x12; 535 535 + fiat_25519_uint1 x13; 536 536 + uint64_t x14; 537 537 + fiat_25519_uint1 x15; 538 538 + uint64_t x16; 539 539 + fiat_25519_uint1 x17; 540 540 + uint64_t x18; 541 541 + fiat_25519_uint1 x19; 542 542 + uint64_t x20; 543 543 + fiat_25519_uint1 x21; 544 544 + uint64_t x22; 545 545 + uint64_t x23; 546 546 + uint64_t x24; 547 547 + uint64_t x25; 548 548 + uint8_t x26; 549 549 + uint64_t x27; 550 550 + uint8_t x28; 551 551 + uint64_t x29; 552 552 + uint8_t x30; 553 553 + uint64_t x31; 554 554 + uint8_t x32; 555 555 + uint64_t x33; 556 556 + uint8_t x34; 557 557 + uint64_t x35; 558 558 + uint8_t x36; 559 559 + uint8_t x37; 560 560 + uint64_t x38; 561 561 + uint8_t x39; 562 562 + uint64_t x40; 563 563 + uint8_t x41; 564 564 + uint64_t x42; 565 565 + uint8_t x43; 566 566 + uint64_t x44; 567 567 + uint8_t x45; 568 568 + uint64_t x46; 569 569 + uint8_t x47; 570 570 + uint64_t x48; 571 571 + uint8_t x49; 572 572 + uint8_t x50; 573 573 + uint64_t x51; 574 574 + uint8_t x52; 575 575 + uint64_t x53; 576 576 + uint8_t x54; 577 577 + uint64_t x55; 578 578 + uint8_t x56; 579 579 + uint64_t x57; 580 580 + uint8_t x58; 581 581 + uint64_t x59; 582 582 + uint8_t x60; 583 583 + uint64_t x61; 584 584 + uint8_t x62; 585 585 + uint64_t x63; 586 586 + uint8_t x64; 587 587 + fiat_25519_uint1 x65; 588 588 + uint64_t x66; 589 589 + uint8_t x67; 590 590 + uint64_t x68; 591 591 + uint8_t x69; 592 592 + uint64_t x70; 593 593 + uint8_t x71; 594 594 + uint64_t x72; 595 595 + uint8_t x73; 596 596 + uint64_t x74; 597 597 + uint8_t x75; 598 598 + uint64_t x76; 599 599 + uint8_t x77; 600 600 + uint8_t x78; 601 601 + uint64_t x79; 602 602 + uint8_t x80; 603 603 + uint64_t x81; 604 604 + uint8_t x82; 605 605 + uint64_t x83; 606 606 + uint8_t x84; 607 607 + uint64_t x85; 608 608 + uint8_t x86; 609 609 + uint64_t x87; 610 610 + uint8_t x88; 611 611 + uint64_t x89; 612 612 + uint8_t x90; 613 613 + uint8_t x91; 614 614 + fiat_25519_subborrowx_u51(&x1, &x2, 0x0, (arg1[0]), UINT64_C(0x7ffffffffffed)); 615 615 + fiat_25519_subborrowx_u51(&x3, &x4, x2, (arg1[1]), UINT64_C(0x7ffffffffffff)); 616 616 + fiat_25519_subborrowx_u51(&x5, &x6, x4, (arg1[2]), UINT64_C(0x7ffffffffffff)); 617 617 + fiat_25519_subborrowx_u51(&x7, &x8, x6, (arg1[3]), UINT64_C(0x7ffffffffffff)); 618 618 + fiat_25519_subborrowx_u51(&x9, &x10, x8, (arg1[4]), UINT64_C(0x7ffffffffffff)); 619 619 + fiat_25519_cmovznz_u64(&x11, x10, 0x0, UINT64_C(0xffffffffffffffff)); 620 620 + fiat_25519_addcarryx_u51(&x12, &x13, 0x0, x1, (x11 & UINT64_C(0x7ffffffffffed))); 621 621 + fiat_25519_addcarryx_u51(&x14, &x15, x13, x3, (x11 & UINT64_C(0x7ffffffffffff))); 622 622 + fiat_25519_addcarryx_u51(&x16, &x17, x15, x5, (x11 & UINT64_C(0x7ffffffffffff))); 623 623 + fiat_25519_addcarryx_u51(&x18, &x19, x17, x7, (x11 & UINT64_C(0x7ffffffffffff))); 624 624 + fiat_25519_addcarryx_u51(&x20, &x21, x19, x9, (x11 & UINT64_C(0x7ffffffffffff))); 625 625 + x22 = (x20 << 4); 626 626 + x23 = (x18 * (uint64_t)0x2); 627 627 + x24 = (x16 << 6); 628 628 + x25 = (x14 << 3); 629 629 + x26 = (uint8_t)(x12 & UINT8_C(0xff)); 630 630 + x27 = (x12 >> 8); 631 631 + x28 = (uint8_t)(x27 & UINT8_C(0xff)); 632 632 + x29 = (x27 >> 8); 633 633 + x30 = (uint8_t)(x29 & UINT8_C(0xff)); 634 634 + x31 = (x29 >> 8); 635 635 + x32 = (uint8_t)(x31 & UINT8_C(0xff)); 636 636 + x33 = (x31 >> 8); 637 637 + x34 = (uint8_t)(x33 & UINT8_C(0xff)); 638 638 + x35 = (x33 >> 8); 639 639 + x36 = (uint8_t)(x35 & UINT8_C(0xff)); 640 640 + x37 = (uint8_t)(x35 >> 8); 641 641 + x38 = (x25 + (uint64_t)x37); 642 642 + x39 = (uint8_t)(x38 & UINT8_C(0xff)); 643 643 + x40 = (x38 >> 8); 644 644 + x41 = (uint8_t)(x40 & UINT8_C(0xff)); 645 645 + x42 = (x40 >> 8); 646 646 + x43 = (uint8_t)(x42 & UINT8_C(0xff)); 647 647 + x44 = (x42 >> 8); 648 648 + x45 = (uint8_t)(x44 & UINT8_C(0xff)); 649 649 + x46 = (x44 >> 8); 650 650 + x47 = (uint8_t)(x46 & UINT8_C(0xff)); 651 651 + x48 = (x46 >> 8); 652 652 + x49 = (uint8_t)(x48 & UINT8_C(0xff)); 653 653 + x50 = (uint8_t)(x48 >> 8); 654 654 + x51 = (x24 + (uint64_t)x50); 655 655 + x52 = (uint8_t)(x51 & UINT8_C(0xff)); 656 656 + x53 = (x51 >> 8); 657 657 + x54 = (uint8_t)(x53 & UINT8_C(0xff)); 658 658 + x55 = (x53 >> 8); 659 659 + x56 = (uint8_t)(x55 & UINT8_C(0xff)); 660 660 + x57 = (x55 >> 8); 661 661 + x58 = (uint8_t)(x57 & UINT8_C(0xff)); 662 662 + x59 = (x57 >> 8); 663 663 + x60 = (uint8_t)(x59 & UINT8_C(0xff)); 664 664 + x61 = (x59 >> 8); 665 665 + x62 = (uint8_t)(x61 & UINT8_C(0xff)); 666 666 + x63 = (x61 >> 8); 667 667 + x64 = (uint8_t)(x63 & UINT8_C(0xff)); 668 668 + x65 = (fiat_25519_uint1)(x63 >> 8); 669 669 + x66 = (x23 + (uint64_t)x65); 670 670 + x67 = (uint8_t)(x66 & UINT8_C(0xff)); 671 671 + x68 = (x66 >> 8); 672 672 + x69 = (uint8_t)(x68 & UINT8_C(0xff)); 673 673 + x70 = (x68 >> 8); 674 674 + x71 = (uint8_t)(x70 & UINT8_C(0xff)); 675 675 + x72 = (x70 >> 8); 676 676 + x73 = (uint8_t)(x72 & UINT8_C(0xff)); 677 677 + x74 = (x72 >> 8); 678 678 + x75 = (uint8_t)(x74 & UINT8_C(0xff)); 679 679 + x76 = (x74 >> 8); 680 680 + x77 = (uint8_t)(x76 & UINT8_C(0xff)); 681 681 + x78 = (uint8_t)(x76 >> 8); 682 682 + x79 = (x22 + (uint64_t)x78); 683 683 + x80 = (uint8_t)(x79 & UINT8_C(0xff)); 684 684 + x81 = (x79 >> 8); 685 685 + x82 = (uint8_t)(x81 & UINT8_C(0xff)); 686 686 + x83 = (x81 >> 8); 687 687 + x84 = (uint8_t)(x83 & UINT8_C(0xff)); 688 688 + x85 = (x83 >> 8); 689 689 + x86 = (uint8_t)(x85 & UINT8_C(0xff)); 690 690 + x87 = (x85 >> 8); 691 691 + x88 = (uint8_t)(x87 & UINT8_C(0xff)); 692 692 + x89 = (x87 >> 8); 693 693 + x90 = (uint8_t)(x89 & UINT8_C(0xff)); 694 694 + x91 = (uint8_t)(x89 >> 8); 695 695 + out1[0] = x26; 696 696 + out1[1] = x28; 697 697 + out1[2] = x30; 698 698 + out1[3] = x32; 699 699 + out1[4] = x34; 700 700 + out1[5] = x36; 701 701 + out1[6] = x39; 702 702 + out1[7] = x41; 703 703 + out1[8] = x43; 704 704 + out1[9] = x45; 705 705 + out1[10] = x47; 706 706 + out1[11] = x49; 707 707 + out1[12] = x52; 708 708 + out1[13] = x54; 709 709 + out1[14] = x56; 710 710 + out1[15] = x58; 711 711 + out1[16] = x60; 712 712 + out1[17] = x62; 713 713 + out1[18] = x64; 714 714 + out1[19] = x67; 715 715 + out1[20] = x69; 716 716 + out1[21] = x71; 717 717 + out1[22] = x73; 718 718 + out1[23] = x75; 719 719 + out1[24] = x77; 720 720 + out1[25] = x80; 721 721 + out1[26] = x82; 722 722 + out1[27] = x84; 723 723 + out1[28] = x86; 724 724 + out1[29] = x88; 725 725 + out1[30] = x90; 726 726 + out1[31] = x91; 727 727 + } 728 728 + 729 729 + /* 730 730 + * The function fiat_25519_from_bytes deserializes a field element from bytes in little-endian order. 731 731 + * Postconditions: 732 732 + * eval out1 mod m = bytes_eval arg1 mod m 733 733 + * 734 734 + * Input Bounds: 735 735 + * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] 736 736 + * Output Bounds: 737 737 + * out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 738 738 + */ 739 739 + static void fiat_25519_from_bytes(uint64_t out1[5], const uint8_t arg1[32]) { 740 740 + uint64_t x1; 741 741 + uint64_t x2; 742 742 + uint64_t x3; 743 743 + uint64_t x4; 744 744 + uint64_t x5; 745 745 + uint64_t x6; 746 746 + uint64_t x7; 747 747 + uint64_t x8; 748 748 + uint64_t x9; 749 749 + uint64_t x10; 750 750 + uint64_t x11; 751 751 + uint64_t x12; 752 752 + uint64_t x13; 753 753 + uint64_t x14; 754 754 + uint64_t x15; 755 755 + uint64_t x16; 756 756 + uint64_t x17; 757 757 + uint64_t x18; 758 758 + uint64_t x19; 759 759 + uint64_t x20; 760 760 + uint64_t x21; 761 761 + uint64_t x22; 762 762 + uint64_t x23; 763 763 + uint64_t x24; 764 764 + uint64_t x25; 765 765 + uint64_t x26; 766 766 + uint64_t x27; 767 767 + uint64_t x28; 768 768 + uint64_t x29; 769 769 + uint64_t x30; 770 770 + uint64_t x31; 771 771 + uint8_t x32; 772 772 + uint64_t x33; 773 773 + uint64_t x34; 774 774 + uint64_t x35; 775 775 + uint64_t x36; 776 776 + uint64_t x37; 777 777 + uint64_t x38; 778 778 + uint64_t x39; 779 779 + uint8_t x40; 780 780 + uint64_t x41; 781 781 + uint64_t x42; 782 782 + uint64_t x43; 783 783 + uint64_t x44; 784 784 + uint64_t x45; 785 785 + uint64_t x46; 786 786 + uint64_t x47; 787 787 + uint8_t x48; 788 788 + uint64_t x49; 789 789 + uint64_t x50; 790 790 + uint64_t x51; 791 791 + uint64_t x52; 792 792 + uint64_t x53; 793 793 + uint64_t x54; 794 794 + uint64_t x55; 795 795 + uint64_t x56; 796 796 + uint8_t x57; 797 797 + uint64_t x58; 798 798 + uint64_t x59; 799 799 + uint64_t x60; 800 800 + uint64_t x61; 801 801 + uint64_t x62; 802 802 + uint64_t x63; 803 803 + uint64_t x64; 804 804 + uint8_t x65; 805 805 + uint64_t x66; 806 806 + uint64_t x67; 807 807 + uint64_t x68; 808 808 + uint64_t x69; 809 809 + uint64_t x70; 810 810 + uint64_t x71; 811 811 + x1 = ((uint64_t)(arg1[31]) << 44); 812 812 + x2 = ((uint64_t)(arg1[30]) << 36); 813 813 + x3 = ((uint64_t)(arg1[29]) << 28); 814 814 + x4 = ((uint64_t)(arg1[28]) << 20); 815 815 + x5 = ((uint64_t)(arg1[27]) << 12); 816 816 + x6 = ((uint64_t)(arg1[26]) << 4); 817 817 + x7 = ((uint64_t)(arg1[25]) << 47); 818 818 + x8 = ((uint64_t)(arg1[24]) << 39); 819 819 + x9 = ((uint64_t)(arg1[23]) << 31); 820 820 + x10 = ((uint64_t)(arg1[22]) << 23); 821 821 + x11 = ((uint64_t)(arg1[21]) << 15); 822 822 + x12 = ((uint64_t)(arg1[20]) << 7); 823 823 + x13 = ((uint64_t)(arg1[19]) << 50); 824 824 + x14 = ((uint64_t)(arg1[18]) << 42); 825 825 + x15 = ((uint64_t)(arg1[17]) << 34); 826 826 + x16 = ((uint64_t)(arg1[16]) << 26); 827 827 + x17 = ((uint64_t)(arg1[15]) << 18); 828 828 + x18 = ((uint64_t)(arg1[14]) << 10); 829 829 + x19 = ((uint64_t)(arg1[13]) << 2); 830 830 + x20 = ((uint64_t)(arg1[12]) << 45); 831 831 + x21 = ((uint64_t)(arg1[11]) << 37); 832 832 + x22 = ((uint64_t)(arg1[10]) << 29); 833 833 + x23 = ((uint64_t)(arg1[9]) << 21); 834 834 + x24 = ((uint64_t)(arg1[8]) << 13); 835 835 + x25 = ((uint64_t)(arg1[7]) << 5); 836 836 + x26 = ((uint64_t)(arg1[6]) << 48); 837 837 + x27 = ((uint64_t)(arg1[5]) << 40); 838 838 + x28 = ((uint64_t)(arg1[4]) << 32); 839 839 + x29 = ((uint64_t)(arg1[3]) << 24); 840 840 + x30 = ((uint64_t)(arg1[2]) << 16); 841 841 + x31 = ((uint64_t)(arg1[1]) << 8); 842 842 + x32 = (arg1[0]); 843 843 + x33 = (x31 + (uint64_t)x32); 844 844 + x34 = (x30 + x33); 845 845 + x35 = (x29 + x34); 846 846 + x36 = (x28 + x35); 847 847 + x37 = (x27 + x36); 848 848 + x38 = (x26 + x37); 849 849 + x39 = (x38 & UINT64_C(0x7ffffffffffff)); 850 850 + x40 = (uint8_t)(x38 >> 51); 851 851 + x41 = (x25 + (uint64_t)x40); 852 852 + x42 = (x24 + x41); 853 853 + x43 = (x23 + x42); 854 854 + x44 = (x22 + x43); 855 855 + x45 = (x21 + x44); 856 856 + x46 = (x20 + x45); 857 857 + x47 = (x46 & UINT64_C(0x7ffffffffffff)); 858 858 + x48 = (uint8_t)(x46 >> 51); 859 859 + x49 = (x19 + (uint64_t)x48); 860 860 + x50 = (x18 + x49); 861 861 + x51 = (x17 + x50); 862 862 + x52 = (x16 + x51); 863 863 + x53 = (x15 + x52); 864 864 + x54 = (x14 + x53); 865 865 + x55 = (x13 + x54); 866 866 + x56 = (x55 & UINT64_C(0x7ffffffffffff)); 867 867 + x57 = (uint8_t)(x55 >> 51); 868 868 + x58 = (x12 + (uint64_t)x57); 869 869 + x59 = (x11 + x58); 870 870 + x60 = (x10 + x59); 871 871 + x61 = (x9 + x60); 872 872 + x62 = (x8 + x61); 873 873 + x63 = (x7 + x62); 874 874 + x64 = (x63 & UINT64_C(0x7ffffffffffff)); 875 875 + x65 = (uint8_t)(x63 >> 51); 876 876 + x66 = (x6 + (uint64_t)x65); 877 877 + x67 = (x5 + x66); 878 878 + x68 = (x4 + x67); 879 879 + x69 = (x3 + x68); 880 880 + x70 = (x2 + x69); 881 881 + x71 = (x1 + x70); 882 882 + out1[0] = x39; 883 883 + out1[1] = x47; 884 884 + out1[2] = x56; 885 885 + out1[3] = x64; 886 886 + out1[4] = x71; 887 887 + } 888 888 + 889 889 + /* 890 890 + * The function fiat_25519_carry_scmul_121666 multiplies a field element by 121666 and reduces the result. 891 891 + * Postconditions: 892 892 + * eval out1 mod m = (121666 * eval arg1) mod m 893 893 + * 894 894 + * Input Bounds: 895 895 + * arg1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] 896 896 + * Output Bounds: 897 897 + * out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] 898 898 + */ 899 899 + static void fiat_25519_carry_scmul_121666(uint64_t out1[5], const uint64_t arg1[5]) { 900 900 + fiat_25519_uint128 x1; 901 901 + fiat_25519_uint128 x2; 902 902 + fiat_25519_uint128 x3; 903 903 + fiat_25519_uint128 x4; 904 904 + fiat_25519_uint128 x5; 905 905 + uint64_t x6; 906 906 + uint64_t x7; 907 907 + fiat_25519_uint128 x8; 908 908 + uint64_t x9; 909 909 + uint64_t x10; 910 910 + fiat_25519_uint128 x11; 911 911 + uint64_t x12; 912 912 + uint64_t x13; 913 913 + fiat_25519_uint128 x14; 914 914 + uint64_t x15; 915 915 + uint64_t x16; 916 916 + fiat_25519_uint128 x17; 917 917 + uint64_t x18; 918 918 + uint64_t x19; 919 919 + uint64_t x20; 920 920 + uint64_t x21; 921 921 + fiat_25519_uint1 x22; 922 922 + uint64_t x23; 923 923 + uint64_t x24; 924 924 + fiat_25519_uint1 x25; 925 925 + uint64_t x26; 926 926 + uint64_t x27; 927 927 + x1 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[4])); 928 928 + x2 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[3])); 929 929 + x3 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[2])); 930 930 + x4 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[1])); 931 931 + x5 = ((fiat_25519_uint128)UINT32_C(0x1db42) * (arg1[0])); 932 932 + x6 = (uint64_t)(x5 >> 51); 933 933 + x7 = (uint64_t)(x5 & UINT64_C(0x7ffffffffffff)); 934 934 + x8 = (x6 + x4); 935 935 + x9 = (uint64_t)(x8 >> 51); 936 936 + x10 = (uint64_t)(x8 & UINT64_C(0x7ffffffffffff)); 937 937 + x11 = (x9 + x3); 938 938 + x12 = (uint64_t)(x11 >> 51); 939 939 + x13 = (uint64_t)(x11 & UINT64_C(0x7ffffffffffff)); 940 940 + x14 = (x12 + x2); 941 941 + x15 = (uint64_t)(x14 >> 51); 942 942 + x16 = (uint64_t)(x14 & UINT64_C(0x7ffffffffffff)); 943 943 + x17 = (x15 + x1); 944 944 + x18 = (uint64_t)(x17 >> 51); 945 945 + x19 = (uint64_t)(x17 & UINT64_C(0x7ffffffffffff)); 946 946 + x20 = (x18 * UINT8_C(0x13)); 947 947 + x21 = (x7 + x20); 948 948 + x22 = (fiat_25519_uint1)(x21 >> 51); 949 949 + x23 = (x21 & UINT64_C(0x7ffffffffffff)); 950 950 + x24 = (x22 + x10); 951 951 + x25 = (fiat_25519_uint1)(x24 >> 51); 952 952 + x26 = (x24 & UINT64_C(0x7ffffffffffff)); 953 953 + x27 = (x25 + x13); 954 954 + out1[0] = x23; 955 955 + out1[1] = x26; 956 956 + out1[2] = x27; 957 957 + out1[3] = x16; 958 958 + out1[4] = x19; 959 959 + } 960 960 +

+1863

ec/native/curve25519_stubs.c

reviewed

··· 1 1 + #include "mirage_crypto.h" 2 2 + 3 3 + #ifdef ARCH_64BIT 4 4 + #include "curve25519_64.h" 5 5 + #define WORD uint64_t 6 6 + #define LIMBS 5 7 7 + #else 8 8 + #include "curve25519_32.h" 9 9 + #define WORD uint32_t 10 10 + #define LIMBS 10 11 11 + #endif 12 12 + 13 13 + #include <assert.h> 14 14 + typedef WORD fe_limb_t; 15 15 + 16 16 + /* following code is from c47bfce06 of boringssl (crypto/curve25519) 17 17 + internal.h curve25519.c */ 18 18 + 19 19 + /* Copyright (c) 2020, Google Inc. 20 20 + * 21 21 + * Permission to use, copy, modify, and/or distribute this software for any 22 22 + * purpose with or without fee is hereby granted, provided that the above 23 23 + * copyright notice and this permission notice appear in all copies. 24 24 + * 25 25 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 26 26 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 27 27 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 28 28 + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 29 29 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 30 30 + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 31 31 + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 32 32 + 33 33 + // Some of this code is taken from the ref10 version of Ed25519 in SUPERCOP 34 34 + // 20141124 (http://bench.cr.yp.to/supercop.html). That code is released as 35 35 + // public domain. Other parts have been replaced to call into code generated by 36 36 + // Fiat (https://github.com/mit-plv/fiat-crypto) in //third_party/fiat. 37 37 + // 38 38 + // The field functions are shared by Ed25519 and X25519 where possible. 39 39 + 40 40 + typedef struct fe { WORD v[LIMBS]; } fe; 41 41 + typedef struct fe_loose { WORD v[LIMBS]; } fe_loose; 42 42 + 43 43 + typedef struct { 44 44 + fe X; 45 45 + fe Y; 46 46 + fe Z; 47 47 + } ge_p2; 48 48 + 49 49 + typedef struct { 50 50 + fe X; 51 51 + fe Y; 52 52 + fe Z; 53 53 + fe T; 54 54 + } ge_p3; 55 55 + 56 56 + typedef struct { 57 57 + fe_loose X; 58 58 + fe_loose Y; 59 59 + fe_loose Z; 60 60 + fe_loose T; 61 61 + } ge_p1p1; 62 62 + 63 63 + typedef struct { 64 64 + fe_loose yplusx; 65 65 + fe_loose yminusx; 66 66 + fe_loose xy2d; 67 67 + } ge_precomp; 68 68 + 69 69 + typedef struct { 70 70 + fe_loose YplusX; 71 71 + fe_loose YminusX; 72 72 + fe_loose Z; 73 73 + fe_loose T2d; 74 74 + } ge_cached; 75 75 + 76 76 + #include "curve25519_tables.h" 77 77 + 78 78 + // Field operations. 79 79 + 80 80 + #if defined(ARCH_64BIT) 81 81 + 82 82 + // assert_fe asserts that |f| satisfies bounds: 83 83 + // 84 84 + // [[0x0 ~> 0x8cccccccccccc], 85 85 + // [0x0 ~> 0x8cccccccccccc], 86 86 + // [0x0 ~> 0x8cccccccccccc], 87 87 + // [0x0 ~> 0x8cccccccccccc], 88 88 + // [0x0 ~> 0x8cccccccccccc]] 89 89 + // 90 90 + // See comments in curve25519_64.h for which functions use these bounds for 91 91 + // inputs or outputs. 92 92 + #define assert_fe(f) \ 93 93 + do { \ 94 94 + for (unsigned _assert_fe_i = 0; _assert_fe_i < 5; _assert_fe_i++) { \ 95 95 + assert(f[_assert_fe_i] <= UINT64_C(0x8cccccccccccc)); \ 96 96 + } \ 97 97 + } while (0) 98 98 + 99 99 + // assert_fe_loose asserts that |f| satisfies bounds: 100 100 + // 101 101 + // [[0x0 ~> 0x1a666666666664], 102 102 + // [0x0 ~> 0x1a666666666664], 103 103 + // [0x0 ~> 0x1a666666666664], 104 104 + // [0x0 ~> 0x1a666666666664], 105 105 + // [0x0 ~> 0x1a666666666664]] 106 106 + // 107 107 + // See comments in curve25519_64.h for which functions use these bounds for 108 108 + // inputs or outputs. 109 109 + #define assert_fe_loose(f) \ 110 110 + do { \ 111 111 + for (unsigned _assert_fe_i = 0; _assert_fe_i < 5; _assert_fe_i++) { \ 112 112 + assert(f[_assert_fe_i] <= UINT64_C(0x1a666666666664)); \ 113 113 + } \ 114 114 + } while (0) 115 115 + 116 116 + #else 117 117 + 118 118 + // assert_fe asserts that |f| satisfies bounds: 119 119 + // 120 120 + // [[0x0 ~> 0x4666666], [0x0 ~> 0x2333333], 121 121 + // [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], 122 122 + // [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], 123 123 + // [0x0 ~> 0x4666666], [0x0 ~> 0x2333333], 124 124 + // [0x0 ~> 0x4666666], [0x0 ~> 0x2333333]] 125 125 + // 126 126 + // See comments in curve25519_32.h for which functions use these bounds for 127 127 + // inputs or outputs. 128 128 + #define assert_fe(f) \ 129 129 + do { \ 130 130 + for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \ 131 131 + assert(f[_assert_fe_i] <= \ 132 132 + ((_assert_fe_i & 1) ? 0x2333333u : 0x4666666u)); \ 133 133 + } \ 134 134 + } while (0) 135 135 + 136 136 + // assert_fe_loose asserts that |f| satisfies bounds: 137 137 + // 138 138 + // [[0x0 ~> 0xd333332], [0x0 ~> 0x6999999], 139 139 + // [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], 140 140 + // [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], 141 141 + // [0x0 ~> 0xd333332], [0x0 ~> 0x6999999], 142 142 + // [0x0 ~> 0xd333332], [0x0 ~> 0x6999999]] 143 143 + // 144 144 + // See comments in curve25519_32.h for which functions use these bounds for 145 145 + // inputs or outputs. 146 146 + #define assert_fe_loose(f) \ 147 147 + do { \ 148 148 + for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \ 149 149 + assert(f[_assert_fe_i] <= \ 150 150 + ((_assert_fe_i & 1) ? 0x6999999u : 0xd333332u)); \ 151 151 + } \ 152 152 + } while (0) 153 153 + 154 154 + #endif // ARCH_64BIT 155 155 + 156 156 + static void fe_frombytes_strict(fe *h, const uint8_t s[32]) { 157 157 + // |fiat_25519_from_bytes| requires the top-most bit be clear. 158 158 + assert((s[31] & 0x80) == 0); 159 159 + fiat_25519_from_bytes(h->v, s); 160 160 + assert_fe(h->v); 161 161 + } 162 162 + 163 163 + static void fe_frombytes(fe *h, const uint8_t s[32]) { 164 164 + uint8_t s_copy[32]; 165 165 + memcpy(s_copy, s, 32); 166 166 + s_copy[31] &= 0x7f; 167 167 + fe_frombytes_strict(h, s_copy); 168 168 + } 169 169 + 170 170 + static void fe_tobytes(uint8_t s[32], const fe *f) { 171 171 + assert_fe(f->v); 172 172 + fiat_25519_to_bytes(s, f->v); 173 173 + } 174 174 + 175 175 + // h = 0 176 176 + static void fe_0(fe *h) { 177 177 + memset(h, 0, sizeof(fe)); 178 178 + } 179 179 + 180 180 + static void fe_loose_0(fe_loose *h) { 181 181 + memset(h, 0, sizeof(fe_loose)); 182 182 + } 183 183 + 184 184 + // h = 1 185 185 + static void fe_1(fe *h) { 186 186 + memset(h, 0, sizeof(fe)); 187 187 + h->v[0] = 1; 188 188 + } 189 189 + 190 190 + static void fe_loose_1(fe_loose *h) { 191 191 + memset(h, 0, sizeof(fe_loose)); 192 192 + h->v[0] = 1; 193 193 + } 194 194 + 195 195 + // h = f + g 196 196 + // Can overlap h with f or g. 197 197 + static void fe_add(fe_loose *h, const fe *f, const fe *g) { 198 198 + assert_fe(f->v); 199 199 + assert_fe(g->v); 200 200 + fiat_25519_add(h->v, f->v, g->v); 201 201 + assert_fe_loose(h->v); 202 202 + } 203 203 + 204 204 + // h = f - g 205 205 + // Can overlap h with f or g. 206 206 + static void fe_sub(fe_loose *h, const fe *f, const fe *g) { 207 207 + assert_fe(f->v); 208 208 + assert_fe(g->v); 209 209 + fiat_25519_sub(h->v, f->v, g->v); 210 210 + assert_fe_loose(h->v); 211 211 + } 212 212 + 213 213 + static void fe_carry(fe *h, const fe_loose* f) { 214 214 + assert_fe_loose(f->v); 215 215 + fiat_25519_carry(h->v, f->v); 216 216 + assert_fe(h->v); 217 217 + } 218 218 + 219 219 + static void fe_mul_impl(fe_limb_t out[LIMBS], 220 220 + const fe_limb_t in1[LIMBS], 221 221 + const fe_limb_t in2[LIMBS]) { 222 222 + assert_fe_loose(in1); 223 223 + assert_fe_loose(in2); 224 224 + fiat_25519_carry_mul(out, in1, in2); 225 225 + assert_fe(out); 226 226 + } 227 227 + 228 228 + static void fe_mul_ltt(fe_loose *h, const fe *f, const fe *g) { 229 229 + fe_mul_impl(h->v, f->v, g->v); 230 230 + } 231 231 + 232 232 + static void fe_mul_llt(fe_loose *h, const fe_loose *f, const fe *g) { 233 233 + fe_mul_impl(h->v, f->v, g->v); 234 234 + } 235 235 + 236 236 + static void fe_mul_ttt(fe *h, const fe *f, const fe *g) { 237 237 + fe_mul_impl(h->v, f->v, g->v); 238 238 + } 239 239 + 240 240 + static void fe_mul_tlt(fe *h, const fe_loose *f, const fe *g) { 241 241 + fe_mul_impl(h->v, f->v, g->v); 242 242 + } 243 243 + 244 244 + static void fe_mul_ttl(fe *h, const fe *f, const fe_loose *g) { 245 245 + fe_mul_impl(h->v, f->v, g->v); 246 246 + } 247 247 + 248 248 + static void fe_mul_tll(fe *h, const fe_loose *f, const fe_loose *g) { 249 249 + fe_mul_impl(h->v, f->v, g->v); 250 250 + } 251 251 + 252 252 + static void fe_sq_tl(fe *h, const fe_loose *f) { 253 253 + assert_fe_loose(f->v); 254 254 + fiat_25519_carry_square(h->v, f->v); 255 255 + assert_fe(h->v); 256 256 + } 257 257 + 258 258 + static void fe_sq_tt(fe *h, const fe *f) { 259 259 + assert_fe_loose(f->v); 260 260 + fiat_25519_carry_square(h->v, f->v); 261 261 + assert_fe(h->v); 262 262 + } 263 263 + 264 264 + // Replace (f,g) with (g,f) if b == 1; 265 265 + // replace (f,g) with (f,g) if b == 0. 266 266 + // 267 267 + // Preconditions: b in {0,1}. 268 268 + static void fe_cswap(fe *f, fe *g, fe_limb_t b) { 269 269 + b = 0-b; 270 270 + for (unsigned i = 0; i < LIMBS; i++) { 271 271 + fe_limb_t x = f->v[i] ^ g->v[i]; 272 272 + x &= b; 273 273 + f->v[i] ^= x; 274 274 + g->v[i] ^= x; 275 275 + } 276 276 + } 277 277 + 278 278 + static void fe_mul121666(fe *h, const fe_loose *f) { 279 279 + assert_fe_loose(f->v); 280 280 + fiat_25519_carry_scmul_121666(h->v, f->v); 281 281 + assert_fe(h->v); 282 282 + } 283 283 + 284 284 + // h = -f 285 285 + static void fe_neg(fe_loose *h, const fe *f) { 286 286 + assert_fe(f->v); 287 287 + fiat_25519_opp(h->v, f->v); 288 288 + assert_fe_loose(h->v); 289 289 + } 290 290 + 291 291 + // Replace (f,g) with (g,g) if b == 1; 292 292 + // replace (f,g) with (f,g) if b == 0. 293 293 + // 294 294 + // Preconditions: b in {0,1}. 295 295 + static void fe_cmov(fe_loose *f, const fe_loose *g, fe_limb_t b) { 296 296 + // Silence an unused function warning. |fiat_25519_selectznz| isn't quite the 297 297 + // calling convention the rest of this code wants, so implement it by hand. 298 298 + // 299 299 + // TODO(davidben): Switch to fiat's calling convention, or ask fiat to emit a 300 300 + // different one. 301 301 + (void)fiat_25519_selectznz; 302 302 + 303 303 + b = 0-b; 304 304 + for (unsigned i = 0; i < LIMBS; i++) { 305 305 + fe_limb_t x = f->v[i] ^ g->v[i]; 306 306 + x &= b; 307 307 + f->v[i] ^= x; 308 308 + } 309 309 + } 310 310 + 311 311 + // h = f 312 312 + static void fe_copy(fe *h, const fe *f) { 313 313 + memmove(h, f, sizeof(fe)); 314 314 + } 315 315 + 316 316 + static void fe_copy_lt(fe_loose *h, const fe *f) { 317 317 + memmove(h, f, sizeof(fe)); 318 318 + } 319 319 + 320 320 + static void fe_loose_invert(fe *out, const fe_loose *z) { 321 321 + fe t0; 322 322 + fe t1; 323 323 + fe t2; 324 324 + fe t3; 325 325 + int i; 326 326 + 327 327 + fe_sq_tl(&t0, z); 328 328 + fe_sq_tt(&t1, &t0); 329 329 + for (i = 1; i < 2; ++i) { 330 330 + fe_sq_tt(&t1, &t1); 331 331 + } 332 332 + fe_mul_tlt(&t1, z, &t1); 333 333 + fe_mul_ttt(&t0, &t0, &t1); 334 334 + fe_sq_tt(&t2, &t0); 335 335 + fe_mul_ttt(&t1, &t1, &t2); 336 336 + fe_sq_tt(&t2, &t1); 337 337 + for (i = 1; i < 5; ++i) { 338 338 + fe_sq_tt(&t2, &t2); 339 339 + } 340 340 + fe_mul_ttt(&t1, &t2, &t1); 341 341 + fe_sq_tt(&t2, &t1); 342 342 + for (i = 1; i < 10; ++i) { 343 343 + fe_sq_tt(&t2, &t2); 344 344 + } 345 345 + fe_mul_ttt(&t2, &t2, &t1); 346 346 + fe_sq_tt(&t3, &t2); 347 347 + for (i = 1; i < 20; ++i) { 348 348 + fe_sq_tt(&t3, &t3); 349 349 + } 350 350 + fe_mul_ttt(&t2, &t3, &t2); 351 351 + fe_sq_tt(&t2, &t2); 352 352 + for (i = 1; i < 10; ++i) { 353 353 + fe_sq_tt(&t2, &t2); 354 354 + } 355 355 + fe_mul_ttt(&t1, &t2, &t1); 356 356 + fe_sq_tt(&t2, &t1); 357 357 + for (i = 1; i < 50; ++i) { 358 358 + fe_sq_tt(&t2, &t2); 359 359 + } 360 360 + fe_mul_ttt(&t2, &t2, &t1); 361 361 + fe_sq_tt(&t3, &t2); 362 362 + for (i = 1; i < 100; ++i) { 363 363 + fe_sq_tt(&t3, &t3); 364 364 + } 365 365 + fe_mul_ttt(&t2, &t3, &t2); 366 366 + fe_sq_tt(&t2, &t2); 367 367 + for (i = 1; i < 50; ++i) { 368 368 + fe_sq_tt(&t2, &t2); 369 369 + } 370 370 + fe_mul_ttt(&t1, &t2, &t1); 371 371 + fe_sq_tt(&t1, &t1); 372 372 + for (i = 1; i < 5; ++i) { 373 373 + fe_sq_tt(&t1, &t1); 374 374 + } 375 375 + fe_mul_ttt(out, &t1, &t0); 376 376 + } 377 377 + 378 378 + static void fe_invert(fe *out, const fe *z) { 379 379 + fe_loose l; 380 380 + fe_copy_lt(&l, z); 381 381 + fe_loose_invert(out, &l); 382 382 + } 383 383 + 384 384 + // return 0 if f == 0 385 385 + // return 1 if f != 0 386 386 + static int fe_isnonzero(const fe_loose *f) { 387 387 + fe tight; 388 388 + fe_carry(&tight, f); 389 389 + uint8_t s[32]; 390 390 + fe_tobytes(s, &tight); 391 391 + 392 392 + static const uint8_t zero[32] = {0}; 393 393 + return memcmp(s, zero, sizeof(zero)) != 0; 394 394 + } 395 395 + 396 396 + // return 1 if f is in {1,3,5,...,q-2} 397 397 + // return 0 if f is in {0,2,4,...,q-1} 398 398 + static int fe_isnegative(const fe *f) { 399 399 + uint8_t s[32]; 400 400 + fe_tobytes(s, f); 401 401 + return s[0] & 1; 402 402 + } 403 403 + 404 404 + static void fe_sq2_tt(fe *h, const fe *f) { 405 405 + // h = f^2 406 406 + fe_sq_tt(h, f); 407 407 + 408 408 + // h = h + h 409 409 + fe_loose tmp; 410 410 + fe_add(&tmp, h, h); 411 411 + fe_carry(h, &tmp); 412 412 + } 413 413 + 414 414 + static void fe_pow22523(fe *out, const fe *z) { 415 415 + fe t0; 416 416 + fe t1; 417 417 + fe t2; 418 418 + int i; 419 419 + 420 420 + fe_sq_tt(&t0, z); 421 421 + fe_sq_tt(&t1, &t0); 422 422 + for (i = 1; i < 2; ++i) { 423 423 + fe_sq_tt(&t1, &t1); 424 424 + } 425 425 + fe_mul_ttt(&t1, z, &t1); 426 426 + fe_mul_ttt(&t0, &t0, &t1); 427 427 + fe_sq_tt(&t0, &t0); 428 428 + fe_mul_ttt(&t0, &t1, &t0); 429 429 + fe_sq_tt(&t1, &t0); 430 430 + for (i = 1; i < 5; ++i) { 431 431 + fe_sq_tt(&t1, &t1); 432 432 + } 433 433 + fe_mul_ttt(&t0, &t1, &t0); 434 434 + fe_sq_tt(&t1, &t0); 435 435 + for (i = 1; i < 10; ++i) { 436 436 + fe_sq_tt(&t1, &t1); 437 437 + } 438 438 + fe_mul_ttt(&t1, &t1, &t0); 439 439 + fe_sq_tt(&t2, &t1); 440 440 + for (i = 1; i < 20; ++i) { 441 441 + fe_sq_tt(&t2, &t2); 442 442 + } 443 443 + fe_mul_ttt(&t1, &t2, &t1); 444 444 + fe_sq_tt(&t1, &t1); 445 445 + for (i = 1; i < 10; ++i) { 446 446 + fe_sq_tt(&t1, &t1); 447 447 + } 448 448 + fe_mul_ttt(&t0, &t1, &t0); 449 449 + fe_sq_tt(&t1, &t0); 450 450 + for (i = 1; i < 50; ++i) { 451 451 + fe_sq_tt(&t1, &t1); 452 452 + } 453 453 + fe_mul_ttt(&t1, &t1, &t0); 454 454 + fe_sq_tt(&t2, &t1); 455 455 + for (i = 1; i < 100; ++i) { 456 456 + fe_sq_tt(&t2, &t2); 457 457 + } 458 458 + fe_mul_ttt(&t1, &t2, &t1); 459 459 + fe_sq_tt(&t1, &t1); 460 460 + for (i = 1; i < 50; ++i) { 461 461 + fe_sq_tt(&t1, &t1); 462 462 + } 463 463 + fe_mul_ttt(&t0, &t1, &t0); 464 464 + fe_sq_tt(&t0, &t0); 465 465 + for (i = 1; i < 2; ++i) { 466 466 + fe_sq_tt(&t0, &t0); 467 467 + } 468 468 + fe_mul_ttt(out, &t0, z); 469 469 + } 470 470 + 471 471 + 472 472 + // Group operations. 473 473 + void x25519_ge_tobytes(uint8_t s[32], const ge_p2 *h) { 474 474 + fe recip; 475 475 + fe x; 476 476 + fe y; 477 477 + 478 478 + fe_invert(&recip, &h->Z); 479 479 + fe_mul_ttt(&x, &h->X, &recip); 480 480 + fe_mul_ttt(&y, &h->Y, &recip); 481 481 + fe_tobytes(s, &y); 482 482 + s[31] ^= fe_isnegative(&x) << 7; 483 483 + } 484 484 + 485 485 + static void ge_p3_tobytes(uint8_t s[32], const ge_p3 *h) { 486 486 + fe recip; 487 487 + fe x; 488 488 + fe y; 489 489 + 490 490 + fe_invert(&recip, &h->Z); 491 491 + fe_mul_ttt(&x, &h->X, &recip); 492 492 + fe_mul_ttt(&y, &h->Y, &recip); 493 493 + fe_tobytes(s, &y); 494 494 + s[31] ^= fe_isnegative(&x) << 7; 495 495 + } 496 496 + 497 497 + static int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t s[32]) { 498 498 + fe u; 499 499 + fe_loose v; 500 500 + fe v3; 501 501 + fe vxx; 502 502 + fe_loose check; 503 503 + 504 504 + fe_frombytes(&h->Y, s); 505 505 + fe_1(&h->Z); 506 506 + fe_sq_tt(&v3, &h->Y); 507 507 + fe_mul_ttt(&vxx, &v3, &d); 508 508 + fe_sub(&v, &v3, &h->Z); // u = y^2-1 509 509 + fe_carry(&u, &v); 510 510 + fe_add(&v, &vxx, &h->Z); // v = dy^2+1 511 511 + 512 512 + fe_sq_tl(&v3, &v); 513 513 + fe_mul_ttl(&v3, &v3, &v); // v3 = v^3 514 514 + fe_sq_tt(&h->X, &v3); 515 515 + fe_mul_ttl(&h->X, &h->X, &v); 516 516 + fe_mul_ttt(&h->X, &h->X, &u); // x = uv^7 517 517 + 518 518 + fe_pow22523(&h->X, &h->X); // x = (uv^7)^((q-5)/8) 519 519 + fe_mul_ttt(&h->X, &h->X, &v3); 520 520 + fe_mul_ttt(&h->X, &h->X, &u); // x = uv^3(uv^7)^((q-5)/8) 521 521 + 522 522 + fe_sq_tt(&vxx, &h->X); 523 523 + fe_mul_ttl(&vxx, &vxx, &v); 524 524 + fe_sub(&check, &vxx, &u); 525 525 + if (fe_isnonzero(&check)) { 526 526 + fe_add(&check, &vxx, &u); 527 527 + if (fe_isnonzero(&check)) { 528 528 + return 0; 529 529 + } 530 530 + fe_mul_ttt(&h->X, &h->X, &sqrtm1); 531 531 + } 532 532 + 533 533 + if (fe_isnegative(&h->X) != (s[31] >> 7)) { 534 534 + fe_loose t; 535 535 + fe_neg(&t, &h->X); 536 536 + fe_carry(&h->X, &t); 537 537 + } 538 538 + 539 539 + fe_mul_ttt(&h->T, &h->X, &h->Y); 540 540 + return 1; 541 541 + } 542 542 + 543 543 + static void ge_p2_0(ge_p2 *h) { 544 544 + fe_0(&h->X); 545 545 + fe_1(&h->Y); 546 546 + fe_1(&h->Z); 547 547 + } 548 548 + 549 549 + static void ge_p3_0(ge_p3 *h) { 550 550 + fe_0(&h->X); 551 551 + fe_1(&h->Y); 552 552 + fe_1(&h->Z); 553 553 + fe_0(&h->T); 554 554 + } 555 555 + 556 556 + static void ge_precomp_0(ge_precomp *h) { 557 557 + fe_loose_1(&h->yplusx); 558 558 + fe_loose_1(&h->yminusx); 559 559 + fe_loose_0(&h->xy2d); 560 560 + } 561 561 + 562 562 + // r = p 563 563 + static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) { 564 564 + fe_copy(&r->X, &p->X); 565 565 + fe_copy(&r->Y, &p->Y); 566 566 + fe_copy(&r->Z, &p->Z); 567 567 + } 568 568 + 569 569 + // r = p 570 570 + static void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p) { 571 571 + fe_add(&r->YplusX, &p->Y, &p->X); 572 572 + fe_sub(&r->YminusX, &p->Y, &p->X); 573 573 + fe_copy_lt(&r->Z, &p->Z); 574 574 + fe_mul_ltt(&r->T2d, &p->T, &d2); 575 575 + } 576 576 + 577 577 + // r = p 578 578 + static void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) { 579 579 + fe_mul_tll(&r->X, &p->X, &p->T); 580 580 + fe_mul_tll(&r->Y, &p->Y, &p->Z); 581 581 + fe_mul_tll(&r->Z, &p->Z, &p->T); 582 582 + } 583 583 + 584 584 + // r = p 585 585 + static void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) { 586 586 + fe_mul_tll(&r->X, &p->X, &p->T); 587 587 + fe_mul_tll(&r->Y, &p->Y, &p->Z); 588 588 + fe_mul_tll(&r->Z, &p->Z, &p->T); 589 589 + fe_mul_tll(&r->T, &p->X, &p->Y); 590 590 + } 591 591 + 592 592 + // r = 2 * p 593 593 + static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) { 594 594 + fe trX, trZ, trT; 595 595 + fe t0; 596 596 + 597 597 + fe_sq_tt(&trX, &p->X); 598 598 + fe_sq_tt(&trZ, &p->Y); 599 599 + fe_sq2_tt(&trT, &p->Z); 600 600 + fe_add(&r->Y, &p->X, &p->Y); 601 601 + fe_sq_tl(&t0, &r->Y); 602 602 + 603 603 + fe_add(&r->Y, &trZ, &trX); 604 604 + fe_sub(&r->Z, &trZ, &trX); 605 605 + fe_carry(&trZ, &r->Y); 606 606 + fe_sub(&r->X, &t0, &trZ); 607 607 + fe_carry(&trZ, &r->Z); 608 608 + fe_sub(&r->T, &trT, &trZ); 609 609 + } 610 610 + 611 611 + // r = 2 * p 612 612 + static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) { 613 613 + ge_p2 q; 614 614 + ge_p3_to_p2(&q, p); 615 615 + ge_p2_dbl(r, &q); 616 616 + } 617 617 + 618 618 + // r = p + q 619 619 + static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { 620 620 + fe trY, trZ, trT; 621 621 + 622 622 + fe_add(&r->X, &p->Y, &p->X); 623 623 + fe_sub(&r->Y, &p->Y, &p->X); 624 624 + fe_mul_tll(&trZ, &r->X, &q->yplusx); 625 625 + fe_mul_tll(&trY, &r->Y, &q->yminusx); 626 626 + fe_mul_tlt(&trT, &q->xy2d, &p->T); 627 627 + fe_add(&r->T, &p->Z, &p->Z); 628 628 + fe_sub(&r->X, &trZ, &trY); 629 629 + fe_add(&r->Y, &trZ, &trY); 630 630 + fe_carry(&trZ, &r->T); 631 631 + fe_add(&r->Z, &trZ, &trT); 632 632 + fe_sub(&r->T, &trZ, &trT); 633 633 + } 634 634 + 635 635 + // r = p - q 636 636 + static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { 637 637 + fe trY, trZ, trT; 638 638 + 639 639 + fe_add(&r->X, &p->Y, &p->X); 640 640 + fe_sub(&r->Y, &p->Y, &p->X); 641 641 + fe_mul_tll(&trZ, &r->X, &q->yminusx); 642 642 + fe_mul_tll(&trY, &r->Y, &q->yplusx); 643 643 + fe_mul_tlt(&trT, &q->xy2d, &p->T); 644 644 + fe_add(&r->T, &p->Z, &p->Z); 645 645 + fe_sub(&r->X, &trZ, &trY); 646 646 + fe_add(&r->Y, &trZ, &trY); 647 647 + fe_carry(&trZ, &r->T); 648 648 + fe_sub(&r->Z, &trZ, &trT); 649 649 + fe_add(&r->T, &trZ, &trT); 650 650 + } 651 651 + 652 652 + // r = p + q 653 653 + static void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { 654 654 + fe trX, trY, trZ, trT; 655 655 + 656 656 + fe_add(&r->X, &p->Y, &p->X); 657 657 + fe_sub(&r->Y, &p->Y, &p->X); 658 658 + fe_mul_tll(&trZ, &r->X, &q->YplusX); 659 659 + fe_mul_tll(&trY, &r->Y, &q->YminusX); 660 660 + fe_mul_tlt(&trT, &q->T2d, &p->T); 661 661 + fe_mul_ttl(&trX, &p->Z, &q->Z); 662 662 + fe_add(&r->T, &trX, &trX); 663 663 + fe_sub(&r->X, &trZ, &trY); 664 664 + fe_add(&r->Y, &trZ, &trY); 665 665 + fe_carry(&trZ, &r->T); 666 666 + fe_add(&r->Z, &trZ, &trT); 667 667 + fe_sub(&r->T, &trZ, &trT); 668 668 + } 669 669 + 670 670 + // r = p - q 671 671 + static void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { 672 672 + fe trX, trY, trZ, trT; 673 673 + 674 674 + fe_add(&r->X, &p->Y, &p->X); 675 675 + fe_sub(&r->Y, &p->Y, &p->X); 676 676 + fe_mul_tll(&trZ, &r->X, &q->YminusX); 677 677 + fe_mul_tll(&trY, &r->Y, &q->YplusX); 678 678 + fe_mul_tlt(&trT, &q->T2d, &p->T); 679 679 + fe_mul_ttl(&trX, &p->Z, &q->Z); 680 680 + fe_add(&r->T, &trX, &trX); 681 681 + fe_sub(&r->X, &trZ, &trY); 682 682 + fe_add(&r->Y, &trZ, &trY); 683 683 + fe_carry(&trZ, &r->T); 684 684 + fe_sub(&r->Z, &trZ, &trT); 685 685 + fe_add(&r->T, &trZ, &trT); 686 686 + } 687 687 + 688 688 + static uint8_t equal(signed char b, signed char c) { 689 689 + uint8_t ub = b; 690 690 + uint8_t uc = c; 691 691 + uint8_t x = ub ^ uc; // 0: yes; 1..255: no 692 692 + uint32_t y = x; // 0: yes; 1..255: no 693 693 + y -= 1; // 4294967295: yes; 0..254: no 694 694 + y >>= 31; // 1: yes; 0: no 695 695 + return y; 696 696 + } 697 697 + 698 698 + static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) { 699 699 + fe_cmov(&t->yplusx, &u->yplusx, b); 700 700 + fe_cmov(&t->yminusx, &u->yminusx, b); 701 701 + fe_cmov(&t->xy2d, &u->xy2d, b); 702 702 + } 703 703 + 704 704 + static void x25519_ge_scalarmult_small_precomp( 705 705 + ge_p3 *h, const uint8_t a[32], const uint8_t precomp_table[15 * 2 * 32]) { 706 706 + // precomp_table is first expanded into matching |ge_precomp| 707 707 + // elements. 708 708 + ge_precomp multiples[15]; 709 709 + 710 710 + unsigned i; 711 711 + for (i = 0; i < 15; i++) { 712 712 + // The precomputed table is assumed to already clear the top bit, so 713 713 + // |fe_frombytes_strict| may be used directly. 714 714 + const uint8_t *bytes = &precomp_table[i*(2 * 32)]; 715 715 + fe x, y; 716 716 + fe_frombytes_strict(&x, bytes); 717 717 + fe_frombytes_strict(&y, bytes + 32); 718 718 + 719 719 + ge_precomp *out = &multiples[i]; 720 720 + fe_add(&out->yplusx, &y, &x); 721 721 + fe_sub(&out->yminusx, &y, &x); 722 722 + fe_mul_ltt(&out->xy2d, &x, &y); 723 723 + fe_mul_llt(&out->xy2d, &out->xy2d, &d2); 724 724 + } 725 725 + 726 726 + // See the comment above |k25519SmallPrecomp| about the structure of the 727 727 + // precomputed elements. This loop does 64 additions and 64 doublings to 728 728 + // calculate the result. 729 729 + ge_p3_0(h); 730 730 + 731 731 + for (i = 63; i < 64; i--) { 732 732 + unsigned j; 733 733 + signed char index = 0; 734 734 + 735 735 + for (j = 0; j < 4; j++) { 736 736 + const uint8_t bit = 1 & (a[(8 * j) + (i / 8)] >> (i & 7)); 737 737 + index |= (bit << j); 738 738 + } 739 739 + 740 740 + ge_precomp e; 741 741 + ge_precomp_0(&e); 742 742 + 743 743 + for (j = 1; j < 16; j++) { 744 744 + cmov(&e, &multiples[j-1], equal(index, j)); 745 745 + } 746 746 + 747 747 + ge_cached cached; 748 748 + ge_p1p1 r; 749 749 + x25519_ge_p3_to_cached(&cached, h); 750 750 + x25519_ge_add(&r, h, &cached); 751 751 + x25519_ge_p1p1_to_p3(h, &r); 752 752 + 753 753 + ge_madd(&r, h, &e); 754 754 + x25519_ge_p1p1_to_p3(h, &r); 755 755 + } 756 756 + } 757 757 + 758 758 + static void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) { 759 759 + x25519_ge_scalarmult_small_precomp(h, a, k25519SmallPrecomp); 760 760 + } 761 761 + 762 762 + static void slide(signed char *r, const uint8_t *a) { 763 763 + int i; 764 764 + int b; 765 765 + int k; 766 766 + 767 767 + for (i = 0; i < 256; ++i) { 768 768 + r[i] = 1 & (a[i >> 3] >> (i & 7)); 769 769 + } 770 770 + 771 771 + for (i = 0; i < 256; ++i) { 772 772 + if (r[i]) { 773 773 + for (b = 1; b <= 6 && i + b < 256; ++b) { 774 774 + if (r[i + b]) { 775 775 + if (r[i] + (r[i + b] << b) <= 15) { 776 776 + r[i] += r[i + b] << b; 777 777 + r[i + b] = 0; 778 778 + } else if (r[i] - (r[i + b] << b) >= -15) { 779 779 + r[i] -= r[i + b] << b; 780 780 + for (k = i + b; k < 256; ++k) { 781 781 + if (!r[k]) { 782 782 + r[k] = 1; 783 783 + break; 784 784 + } 785 785 + r[k] = 0; 786 786 + } 787 787 + } else { 788 788 + break; 789 789 + } 790 790 + } 791 791 + } 792 792 + } 793 793 + } 794 794 + } 795 795 + 796 796 + // r = a * A + b * B 797 797 + // where a = a[0]+256*a[1]+...+256^31 a[31]. 798 798 + // and b = b[0]+256*b[1]+...+256^31 b[31]. 799 799 + // B is the Ed25519 base point (x,4/5) with x positive. 800 800 + static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, 801 801 + const ge_p3 *A, const uint8_t *b) { 802 802 + signed char aslide[256]; 803 803 + signed char bslide[256]; 804 804 + ge_cached Ai[8]; // A,3A,5A,7A,9A,11A,13A,15A 805 805 + ge_p1p1 t; 806 806 + ge_p3 u; 807 807 + ge_p3 A2; 808 808 + int i; 809 809 + 810 810 + slide(aslide, a); 811 811 + slide(bslide, b); 812 812 + 813 813 + x25519_ge_p3_to_cached(&Ai[0], A); 814 814 + ge_p3_dbl(&t, A); 815 815 + x25519_ge_p1p1_to_p3(&A2, &t); 816 816 + x25519_ge_add(&t, &A2, &Ai[0]); 817 817 + x25519_ge_p1p1_to_p3(&u, &t); 818 818 + x25519_ge_p3_to_cached(&Ai[1], &u); 819 819 + x25519_ge_add(&t, &A2, &Ai[1]); 820 820 + x25519_ge_p1p1_to_p3(&u, &t); 821 821 + x25519_ge_p3_to_cached(&Ai[2], &u); 822 822 + x25519_ge_add(&t, &A2, &Ai[2]); 823 823 + x25519_ge_p1p1_to_p3(&u, &t); 824 824 + x25519_ge_p3_to_cached(&Ai[3], &u); 825 825 + x25519_ge_add(&t, &A2, &Ai[3]); 826 826 + x25519_ge_p1p1_to_p3(&u, &t); 827 827 + x25519_ge_p3_to_cached(&Ai[4], &u); 828 828 + x25519_ge_add(&t, &A2, &Ai[4]); 829 829 + x25519_ge_p1p1_to_p3(&u, &t); 830 830 + x25519_ge_p3_to_cached(&Ai[5], &u); 831 831 + x25519_ge_add(&t, &A2, &Ai[5]); 832 832 + x25519_ge_p1p1_to_p3(&u, &t); 833 833 + x25519_ge_p3_to_cached(&Ai[6], &u); 834 834 + x25519_ge_add(&t, &A2, &Ai[6]); 835 835 + x25519_ge_p1p1_to_p3(&u, &t); 836 836 + x25519_ge_p3_to_cached(&Ai[7], &u); 837 837 + 838 838 + ge_p2_0(r); 839 839 + 840 840 + for (i = 255; i >= 0; --i) { 841 841 + if (aslide[i] || bslide[i]) { 842 842 + break; 843 843 + } 844 844 + } 845 845 + 846 846 + for (; i >= 0; --i) { 847 847 + ge_p2_dbl(&t, r); 848 848 + 849 849 + if (aslide[i] > 0) { 850 850 + x25519_ge_p1p1_to_p3(&u, &t); 851 851 + x25519_ge_add(&t, &u, &Ai[aslide[i] / 2]); 852 852 + } else if (aslide[i] < 0) { 853 853 + x25519_ge_p1p1_to_p3(&u, &t); 854 854 + x25519_ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]); 855 855 + } 856 856 + 857 857 + if (bslide[i] > 0) { 858 858 + x25519_ge_p1p1_to_p3(&u, &t); 859 859 + ge_madd(&t, &u, &Bi[bslide[i] / 2]); 860 860 + } else if (bslide[i] < 0) { 861 861 + x25519_ge_p1p1_to_p3(&u, &t); 862 862 + ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]); 863 863 + } 864 864 + 865 865 + x25519_ge_p1p1_to_p2(r, &t); 866 866 + } 867 867 + } 868 868 + 869 869 + static void x25519_scalar_mult_generic(uint8_t out[32], 870 870 + const uint8_t scalar[32], 871 871 + const uint8_t point[32]) { 872 872 + fe x1, x2, z2, x3, z3, tmp0, tmp1; 873 873 + fe_loose x2l, z2l, x3l, tmp0l, tmp1l; 874 874 + 875 875 + uint8_t e[32]; 876 876 + memcpy(e, scalar, 32); 877 877 + e[0] &= 248; 878 878 + e[31] &= 127; 879 879 + e[31] |= 64; 880 880 + 881 881 + // The following implementation was transcribed to Coq and proven to 882 882 + // correspond to unary scalar multiplication in affine coordinates given that 883 883 + // x1 != 0 is the x coordinate of some point on the curve. It was also checked 884 884 + // in Coq that doing a ladderstep with x1 = x3 = 0 gives z2' = z3' = 0, and z2 885 885 + // = z3 = 0 gives z2' = z3' = 0. The statement was quantified over the 886 886 + // underlying field, so it applies to Curve25519 itself and the quadratic 887 887 + // twist of Curve25519. It was not proven in Coq that prime-field arithmetic 888 888 + // correctly simulates extension-field arithmetic on prime-field values. 889 889 + // The decoding of the byte array representation of e was not considered. 890 890 + // Specification of Montgomery curves in affine coordinates: 891 891 + // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Spec/MontgomeryCurve.v#L27> 892 892 + // Proof that these form a group that is isomorphic to a Weierstrass curve: 893 893 + // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/AffineProofs.v#L35> 894 894 + // Coq transcription and correctness proof of the loop (where scalarbits=255): 895 895 + // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZ.v#L118> 896 896 + // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L278> 897 897 + // preconditions: 0 <= e < 2^255 (not necessarily e < order), fe_invert(0) = 0 898 898 + fe_frombytes(&x1, point); 899 899 + fe_1(&x2); 900 900 + fe_0(&z2); 901 901 + fe_copy(&x3, &x1); 902 902 + fe_1(&z3); 903 903 + 904 904 + unsigned swap = 0; 905 905 + int pos; 906 906 + for (pos = 254; pos >= 0; --pos) { 907 907 + // loop invariant as of right before the test, for the case where x1 != 0: 908 908 + // pos >= -1; if z2 = 0 then x2 is nonzero; if z3 = 0 then x3 is nonzero 909 909 + // let r := e >> (pos+1) in the following equalities of projective points: 910 910 + // to_xz (r*P) === if swap then (x3, z3) else (x2, z2) 911 911 + // to_xz ((r+1)*P) === if swap then (x2, z2) else (x3, z3) 912 912 + // x1 is the nonzero x coordinate of the nonzero point (r*P-(r+1)*P) 913 913 + unsigned b = 1 & (e[pos / 8] >> (pos & 7)); 914 914 + swap ^= b; 915 915 + fe_cswap(&x2, &x3, swap); 916 916 + fe_cswap(&z2, &z3, swap); 917 917 + swap = b; 918 918 + // Coq transcription of ladderstep formula (called from transcribed loop): 919 919 + // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZ.v#L89> 920 920 + // <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L131> 921 921 + // x1 != 0 <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L217> 922 922 + // x1 = 0 <https://github.com/mit-plv/fiat-crypto/blob/2456d821825521f7e03e65882cc3521795b0320f/src/Curves/Montgomery/XZProofs.v#L147> 923 923 + fe_sub(&tmp0l, &x3, &z3); 924 924 + fe_sub(&tmp1l, &x2, &z2); 925 925 + fe_add(&x2l, &x2, &z2); 926 926 + fe_add(&z2l, &x3, &z3); 927 927 + fe_mul_tll(&z3, &tmp0l, &x2l); 928 928 + fe_mul_tll(&z2, &z2l, &tmp1l); 929 929 + fe_sq_tl(&tmp0, &tmp1l); 930 930 + fe_sq_tl(&tmp1, &x2l); 931 931 + fe_add(&x3l, &z3, &z2); 932 932 + fe_sub(&z2l, &z3, &z2); 933 933 + fe_mul_ttt(&x2, &tmp1, &tmp0); 934 934 + fe_sub(&tmp1l, &tmp1, &tmp0); 935 935 + fe_sq_tl(&z2, &z2l); 936 936 + fe_mul121666(&z3, &tmp1l); 937 937 + fe_sq_tl(&x3, &x3l); 938 938 + fe_add(&tmp0l, &tmp0, &z3); 939 939 + fe_mul_ttt(&z3, &x1, &z2); 940 940 + fe_mul_tll(&z2, &tmp1l, &tmp0l); 941 941 + } 942 942 + // here pos=-1, so r=e, so to_xz (e*P) === if swap then (x3, z3) else (x2, z2) 943 943 + fe_cswap(&x2, &x3, swap); 944 944 + fe_cswap(&z2, &z3, swap); 945 945 + 946 946 + fe_invert(&z2, &z2); 947 947 + fe_mul_ttt(&x2, &x2, &z2); 948 948 + fe_tobytes(out, &x2); 949 949 + } 950 950 + 951 951 + // Low-level intrinsic operations 952 952 + 953 953 + static uint64_t load_3(const uint8_t *in) { 954 954 + uint64_t result; 955 955 + result = (uint64_t)in[0]; 956 956 + result |= ((uint64_t)in[1]) << 8; 957 957 + result |= ((uint64_t)in[2]) << 16; 958 958 + return result; 959 959 + } 960 960 + 961 961 + static uint64_t load_4(const uint8_t *in) { 962 962 + uint64_t result; 963 963 + result = (uint64_t)in[0]; 964 964 + result |= ((uint64_t)in[1]) << 8; 965 965 + result |= ((uint64_t)in[2]) << 16; 966 966 + result |= ((uint64_t)in[3]) << 24; 967 967 + return result; 968 968 + } 969 969 + 970 970 + // int64_lshift21 returns |a << 21| but is defined when shifting bits into the 971 971 + // sign bit. This works around a language flaw in C. 972 972 + static inline int64_t int64_lshift21(int64_t a) { 973 973 + return (int64_t)((uint64_t)a << 21); 974 974 + } 975 975 + 976 976 + // Input: 977 977 + // s[0]+256*s[1]+...+256^63*s[63] = s 978 978 + // 979 979 + // Output: 980 980 + // s[0]+256*s[1]+...+256^31*s[31] = s mod l 981 981 + // where l = 2^252 + 27742317777372353535851937790883648493. 982 982 + // Overwrites s in place. 983 983 + static void x25519_sc_reduce(uint8_t s[64]) { 984 984 + int64_t s0 = 2097151 & load_3(s); 985 985 + int64_t s1 = 2097151 & (load_4(s + 2) >> 5); 986 986 + int64_t s2 = 2097151 & (load_3(s + 5) >> 2); 987 987 + int64_t s3 = 2097151 & (load_4(s + 7) >> 7); 988 988 + int64_t s4 = 2097151 & (load_4(s + 10) >> 4); 989 989 + int64_t s5 = 2097151 & (load_3(s + 13) >> 1); 990 990 + int64_t s6 = 2097151 & (load_4(s + 15) >> 6); 991 991 + int64_t s7 = 2097151 & (load_3(s + 18) >> 3); 992 992 + int64_t s8 = 2097151 & load_3(s + 21); 993 993 + int64_t s9 = 2097151 & (load_4(s + 23) >> 5); 994 994 + int64_t s10 = 2097151 & (load_3(s + 26) >> 2); 995 995 + int64_t s11 = 2097151 & (load_4(s + 28) >> 7); 996 996 + int64_t s12 = 2097151 & (load_4(s + 31) >> 4); 997 997 + int64_t s13 = 2097151 & (load_3(s + 34) >> 1); 998 998 + int64_t s14 = 2097151 & (load_4(s + 36) >> 6); 999 999 + int64_t s15 = 2097151 & (load_3(s + 39) >> 3); 1000 1000 + int64_t s16 = 2097151 & load_3(s + 42); 1001 1001 + int64_t s17 = 2097151 & (load_4(s + 44) >> 5); 1002 1002 + int64_t s18 = 2097151 & (load_3(s + 47) >> 2); 1003 1003 + int64_t s19 = 2097151 & (load_4(s + 49) >> 7); 1004 1004 + int64_t s20 = 2097151 & (load_4(s + 52) >> 4); 1005 1005 + int64_t s21 = 2097151 & (load_3(s + 55) >> 1); 1006 1006 + int64_t s22 = 2097151 & (load_4(s + 57) >> 6); 1007 1007 + int64_t s23 = (load_4(s + 60) >> 3); 1008 1008 + int64_t carry0; 1009 1009 + int64_t carry1; 1010 1010 + int64_t carry2; 1011 1011 + int64_t carry3; 1012 1012 + int64_t carry4; 1013 1013 + int64_t carry5; 1014 1014 + int64_t carry6; 1015 1015 + int64_t carry7; 1016 1016 + int64_t carry8; 1017 1017 + int64_t carry9; 1018 1018 + int64_t carry10; 1019 1019 + int64_t carry11; 1020 1020 + int64_t carry12; 1021 1021 + int64_t carry13; 1022 1022 + int64_t carry14; 1023 1023 + int64_t carry15; 1024 1024 + int64_t carry16; 1025 1025 + 1026 1026 + s11 += s23 * 666643; 1027 1027 + s12 += s23 * 470296; 1028 1028 + s13 += s23 * 654183; 1029 1029 + s14 -= s23 * 997805; 1030 1030 + s15 += s23 * 136657; 1031 1031 + s16 -= s23 * 683901; 1032 1032 + s23 = 0; 1033 1033 + 1034 1034 + s10 += s22 * 666643; 1035 1035 + s11 += s22 * 470296; 1036 1036 + s12 += s22 * 654183; 1037 1037 + s13 -= s22 * 997805; 1038 1038 + s14 += s22 * 136657; 1039 1039 + s15 -= s22 * 683901; 1040 1040 + s22 = 0; 1041 1041 + 1042 1042 + s9 += s21 * 666643; 1043 1043 + s10 += s21 * 470296; 1044 1044 + s11 += s21 * 654183; 1045 1045 + s12 -= s21 * 997805; 1046 1046 + s13 += s21 * 136657; 1047 1047 + s14 -= s21 * 683901; 1048 1048 + s21 = 0; 1049 1049 + 1050 1050 + s8 += s20 * 666643; 1051 1051 + s9 += s20 * 470296; 1052 1052 + s10 += s20 * 654183; 1053 1053 + s11 -= s20 * 997805; 1054 1054 + s12 += s20 * 136657; 1055 1055 + s13 -= s20 * 683901; 1056 1056 + s20 = 0; 1057 1057 + 1058 1058 + s7 += s19 * 666643; 1059 1059 + s8 += s19 * 470296; 1060 1060 + s9 += s19 * 654183; 1061 1061 + s10 -= s19 * 997805; 1062 1062 + s11 += s19 * 136657; 1063 1063 + s12 -= s19 * 683901; 1064 1064 + s19 = 0; 1065 1065 + 1066 1066 + s6 += s18 * 666643; 1067 1067 + s7 += s18 * 470296; 1068 1068 + s8 += s18 * 654183; 1069 1069 + s9 -= s18 * 997805; 1070 1070 + s10 += s18 * 136657; 1071 1071 + s11 -= s18 * 683901; 1072 1072 + s18 = 0; 1073 1073 + 1074 1074 + carry6 = (s6 + (1 << 20)) >> 21; 1075 1075 + s7 += carry6; 1076 1076 + s6 -= int64_lshift21(carry6); 1077 1077 + carry8 = (s8 + (1 << 20)) >> 21; 1078 1078 + s9 += carry8; 1079 1079 + s8 -= int64_lshift21(carry8); 1080 1080 + carry10 = (s10 + (1 << 20)) >> 21; 1081 1081 + s11 += carry10; 1082 1082 + s10 -= int64_lshift21(carry10); 1083 1083 + carry12 = (s12 + (1 << 20)) >> 21; 1084 1084 + s13 += carry12; 1085 1085 + s12 -= int64_lshift21(carry12); 1086 1086 + carry14 = (s14 + (1 << 20)) >> 21; 1087 1087 + s15 += carry14; 1088 1088 + s14 -= int64_lshift21(carry14); 1089 1089 + carry16 = (s16 + (1 << 20)) >> 21; 1090 1090 + s17 += carry16; 1091 1091 + s16 -= int64_lshift21(carry16); 1092 1092 + 1093 1093 + carry7 = (s7 + (1 << 20)) >> 21; 1094 1094 + s8 += carry7; 1095 1095 + s7 -= int64_lshift21(carry7); 1096 1096 + carry9 = (s9 + (1 << 20)) >> 21; 1097 1097 + s10 += carry9; 1098 1098 + s9 -= int64_lshift21(carry9); 1099 1099 + carry11 = (s11 + (1 << 20)) >> 21; 1100 1100 + s12 += carry11; 1101 1101 + s11 -= int64_lshift21(carry11); 1102 1102 + carry13 = (s13 + (1 << 20)) >> 21; 1103 1103 + s14 += carry13; 1104 1104 + s13 -= int64_lshift21(carry13); 1105 1105 + carry15 = (s15 + (1 << 20)) >> 21; 1106 1106 + s16 += carry15; 1107 1107 + s15 -= int64_lshift21(carry15); 1108 1108 + 1109 1109 + s5 += s17 * 666643; 1110 1110 + s6 += s17 * 470296; 1111 1111 + s7 += s17 * 654183; 1112 1112 + s8 -= s17 * 997805; 1113 1113 + s9 += s17 * 136657; 1114 1114 + s10 -= s17 * 683901; 1115 1115 + s17 = 0; 1116 1116 + 1117 1117 + s4 += s16 * 666643; 1118 1118 + s5 += s16 * 470296; 1119 1119 + s6 += s16 * 654183; 1120 1120 + s7 -= s16 * 997805; 1121 1121 + s8 += s16 * 136657; 1122 1122 + s9 -= s16 * 683901; 1123 1123 + s16 = 0; 1124 1124 + 1125 1125 + s3 += s15 * 666643; 1126 1126 + s4 += s15 * 470296; 1127 1127 + s5 += s15 * 654183; 1128 1128 + s6 -= s15 * 997805; 1129 1129 + s7 += s15 * 136657; 1130 1130 + s8 -= s15 * 683901; 1131 1131 + s15 = 0; 1132 1132 + 1133 1133 + s2 += s14 * 666643; 1134 1134 + s3 += s14 * 470296; 1135 1135 + s4 += s14 * 654183; 1136 1136 + s5 -= s14 * 997805; 1137 1137 + s6 += s14 * 136657; 1138 1138 + s7 -= s14 * 683901; 1139 1139 + s14 = 0; 1140 1140 + 1141 1141 + s1 += s13 * 666643; 1142 1142 + s2 += s13 * 470296; 1143 1143 + s3 += s13 * 654183; 1144 1144 + s4 -= s13 * 997805; 1145 1145 + s5 += s13 * 136657; 1146 1146 + s6 -= s13 * 683901; 1147 1147 + s13 = 0; 1148 1148 + 1149 1149 + s0 += s12 * 666643; 1150 1150 + s1 += s12 * 470296; 1151 1151 + s2 += s12 * 654183; 1152 1152 + s3 -= s12 * 997805; 1153 1153 + s4 += s12 * 136657; 1154 1154 + s5 -= s12 * 683901; 1155 1155 + s12 = 0; 1156 1156 + 1157 1157 + carry0 = (s0 + (1 << 20)) >> 21; 1158 1158 + s1 += carry0; 1159 1159 + s0 -= int64_lshift21(carry0); 1160 1160 + carry2 = (s2 + (1 << 20)) >> 21; 1161 1161 + s3 += carry2; 1162 1162 + s2 -= int64_lshift21(carry2); 1163 1163 + carry4 = (s4 + (1 << 20)) >> 21; 1164 1164 + s5 += carry4; 1165 1165 + s4 -= int64_lshift21(carry4); 1166 1166 + carry6 = (s6 + (1 << 20)) >> 21; 1167 1167 + s7 += carry6; 1168 1168 + s6 -= int64_lshift21(carry6); 1169 1169 + carry8 = (s8 + (1 << 20)) >> 21; 1170 1170 + s9 += carry8; 1171 1171 + s8 -= int64_lshift21(carry8); 1172 1172 + carry10 = (s10 + (1 << 20)) >> 21; 1173 1173 + s11 += carry10; 1174 1174 + s10 -= int64_lshift21(carry10); 1175 1175 + 1176 1176 + carry1 = (s1 + (1 << 20)) >> 21; 1177 1177 + s2 += carry1; 1178 1178 + s1 -= int64_lshift21(carry1); 1179 1179 + carry3 = (s3 + (1 << 20)) >> 21; 1180 1180 + s4 += carry3; 1181 1181 + s3 -= int64_lshift21(carry3); 1182 1182 + carry5 = (s5 + (1 << 20)) >> 21; 1183 1183 + s6 += carry5; 1184 1184 + s5 -= int64_lshift21(carry5); 1185 1185 + carry7 = (s7 + (1 << 20)) >> 21; 1186 1186 + s8 += carry7; 1187 1187 + s7 -= int64_lshift21(carry7); 1188 1188 + carry9 = (s9 + (1 << 20)) >> 21; 1189 1189 + s10 += carry9; 1190 1190 + s9 -= int64_lshift21(carry9); 1191 1191 + carry11 = (s11 + (1 << 20)) >> 21; 1192 1192 + s12 += carry11; 1193 1193 + s11 -= int64_lshift21(carry11); 1194 1194 + 1195 1195 + s0 += s12 * 666643; 1196 1196 + s1 += s12 * 470296; 1197 1197 + s2 += s12 * 654183; 1198 1198 + s3 -= s12 * 997805; 1199 1199 + s4 += s12 * 136657; 1200 1200 + s5 -= s12 * 683901; 1201 1201 + s12 = 0; 1202 1202 + 1203 1203 + carry0 = s0 >> 21; 1204 1204 + s1 += carry0; 1205 1205 + s0 -= int64_lshift21(carry0); 1206 1206 + carry1 = s1 >> 21; 1207 1207 + s2 += carry1; 1208 1208 + s1 -= int64_lshift21(carry1); 1209 1209 + carry2 = s2 >> 21; 1210 1210 + s3 += carry2; 1211 1211 + s2 -= int64_lshift21(carry2); 1212 1212 + carry3 = s3 >> 21; 1213 1213 + s4 += carry3; 1214 1214 + s3 -= int64_lshift21(carry3); 1215 1215 + carry4 = s4 >> 21; 1216 1216 + s5 += carry4; 1217 1217 + s4 -= int64_lshift21(carry4); 1218 1218 + carry5 = s5 >> 21; 1219 1219 + s6 += carry5; 1220 1220 + s5 -= int64_lshift21(carry5); 1221 1221 + carry6 = s6 >> 21; 1222 1222 + s7 += carry6; 1223 1223 + s6 -= int64_lshift21(carry6); 1224 1224 + carry7 = s7 >> 21; 1225 1225 + s8 += carry7; 1226 1226 + s7 -= int64_lshift21(carry7); 1227 1227 + carry8 = s8 >> 21; 1228 1228 + s9 += carry8; 1229 1229 + s8 -= int64_lshift21(carry8); 1230 1230 + carry9 = s9 >> 21; 1231 1231 + s10 += carry9; 1232 1232 + s9 -= int64_lshift21(carry9); 1233 1233 + carry10 = s10 >> 21; 1234 1234 + s11 += carry10; 1235 1235 + s10 -= int64_lshift21(carry10); 1236 1236 + carry11 = s11 >> 21; 1237 1237 + s12 += carry11; 1238 1238 + s11 -= int64_lshift21(carry11); 1239 1239 + 1240 1240 + s0 += s12 * 666643; 1241 1241 + s1 += s12 * 470296; 1242 1242 + s2 += s12 * 654183; 1243 1243 + s3 -= s12 * 997805; 1244 1244 + s4 += s12 * 136657; 1245 1245 + s5 -= s12 * 683901; 1246 1246 + s12 = 0; 1247 1247 + 1248 1248 + carry0 = s0 >> 21; 1249 1249 + s1 += carry0; 1250 1250 + s0 -= int64_lshift21(carry0); 1251 1251 + carry1 = s1 >> 21; 1252 1252 + s2 += carry1; 1253 1253 + s1 -= int64_lshift21(carry1); 1254 1254 + carry2 = s2 >> 21; 1255 1255 + s3 += carry2; 1256 1256 + s2 -= int64_lshift21(carry2); 1257 1257 + carry3 = s3 >> 21; 1258 1258 + s4 += carry3; 1259 1259 + s3 -= int64_lshift21(carry3); 1260 1260 + carry4 = s4 >> 21; 1261 1261 + s5 += carry4; 1262 1262 + s4 -= int64_lshift21(carry4); 1263 1263 + carry5 = s5 >> 21; 1264 1264 + s6 += carry5; 1265 1265 + s5 -= int64_lshift21(carry5); 1266 1266 + carry6 = s6 >> 21; 1267 1267 + s7 += carry6; 1268 1268 + s6 -= int64_lshift21(carry6); 1269 1269 + carry7 = s7 >> 21; 1270 1270 + s8 += carry7; 1271 1271 + s7 -= int64_lshift21(carry7); 1272 1272 + carry8 = s8 >> 21; 1273 1273 + s9 += carry8; 1274 1274 + s8 -= int64_lshift21(carry8); 1275 1275 + carry9 = s9 >> 21; 1276 1276 + s10 += carry9; 1277 1277 + s9 -= int64_lshift21(carry9); 1278 1278 + carry10 = s10 >> 21; 1279 1279 + s11 += carry10; 1280 1280 + s10 -= int64_lshift21(carry10); 1281 1281 + 1282 1282 + s[0] = s0 >> 0; 1283 1283 + s[1] = s0 >> 8; 1284 1284 + s[2] = (s0 >> 16) | (s1 << 5); 1285 1285 + s[3] = s1 >> 3; 1286 1286 + s[4] = s1 >> 11; 1287 1287 + s[5] = (s1 >> 19) | (s2 << 2); 1288 1288 + s[6] = s2 >> 6; 1289 1289 + s[7] = (s2 >> 14) | (s3 << 7); 1290 1290 + s[8] = s3 >> 1; 1291 1291 + s[9] = s3 >> 9; 1292 1292 + s[10] = (s3 >> 17) | (s4 << 4); 1293 1293 + s[11] = s4 >> 4; 1294 1294 + s[12] = s4 >> 12; 1295 1295 + s[13] = (s4 >> 20) | (s5 << 1); 1296 1296 + s[14] = s5 >> 7; 1297 1297 + s[15] = (s5 >> 15) | (s6 << 6); 1298 1298 + s[16] = s6 >> 2; 1299 1299 + s[17] = s6 >> 10; 1300 1300 + s[18] = (s6 >> 18) | (s7 << 3); 1301 1301 + s[19] = s7 >> 5; 1302 1302 + s[20] = s7 >> 13; 1303 1303 + s[21] = s8 >> 0; 1304 1304 + s[22] = s8 >> 8; 1305 1305 + s[23] = (s8 >> 16) | (s9 << 5); 1306 1306 + s[24] = s9 >> 3; 1307 1307 + s[25] = s9 >> 11; 1308 1308 + s[26] = (s9 >> 19) | (s10 << 2); 1309 1309 + s[27] = s10 >> 6; 1310 1310 + s[28] = (s10 >> 14) | (s11 << 7); 1311 1311 + s[29] = s11 >> 1; 1312 1312 + s[30] = s11 >> 9; 1313 1313 + s[31] = s11 >> 17; 1314 1314 + } 1315 1315 + 1316 1316 + // Input: 1317 1317 + // a[0]+256*a[1]+...+256^31*a[31] = a 1318 1318 + // b[0]+256*b[1]+...+256^31*b[31] = b 1319 1319 + // c[0]+256*c[1]+...+256^31*c[31] = c 1320 1320 + // 1321 1321 + // Output: 1322 1322 + // s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l 1323 1323 + // where l = 2^252 + 27742317777372353535851937790883648493. 1324 1324 + static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, 1325 1325 + const uint8_t *c) { 1326 1326 + int64_t a0 = 2097151 & load_3(a); 1327 1327 + int64_t a1 = 2097151 & (load_4(a + 2) >> 5); 1328 1328 + int64_t a2 = 2097151 & (load_3(a + 5) >> 2); 1329 1329 + int64_t a3 = 2097151 & (load_4(a + 7) >> 7); 1330 1330 + int64_t a4 = 2097151 & (load_4(a + 10) >> 4); 1331 1331 + int64_t a5 = 2097151 & (load_3(a + 13) >> 1); 1332 1332 + int64_t a6 = 2097151 & (load_4(a + 15) >> 6); 1333 1333 + int64_t a7 = 2097151 & (load_3(a + 18) >> 3); 1334 1334 + int64_t a8 = 2097151 & load_3(a + 21); 1335 1335 + int64_t a9 = 2097151 & (load_4(a + 23) >> 5); 1336 1336 + int64_t a10 = 2097151 & (load_3(a + 26) >> 2); 1337 1337 + int64_t a11 = (load_4(a + 28) >> 7); 1338 1338 + int64_t b0 = 2097151 & load_3(b); 1339 1339 + int64_t b1 = 2097151 & (load_4(b + 2) >> 5); 1340 1340 + int64_t b2 = 2097151 & (load_3(b + 5) >> 2); 1341 1341 + int64_t b3 = 2097151 & (load_4(b + 7) >> 7); 1342 1342 + int64_t b4 = 2097151 & (load_4(b + 10) >> 4); 1343 1343 + int64_t b5 = 2097151 & (load_3(b + 13) >> 1); 1344 1344 + int64_t b6 = 2097151 & (load_4(b + 15) >> 6); 1345 1345 + int64_t b7 = 2097151 & (load_3(b + 18) >> 3); 1346 1346 + int64_t b8 = 2097151 & load_3(b + 21); 1347 1347 + int64_t b9 = 2097151 & (load_4(b + 23) >> 5); 1348 1348 + int64_t b10 = 2097151 & (load_3(b + 26) >> 2); 1349 1349 + int64_t b11 = (load_4(b + 28) >> 7); 1350 1350 + int64_t c0 = 2097151 & load_3(c); 1351 1351 + int64_t c1 = 2097151 & (load_4(c + 2) >> 5); 1352 1352 + int64_t c2 = 2097151 & (load_3(c + 5) >> 2); 1353 1353 + int64_t c3 = 2097151 & (load_4(c + 7) >> 7); 1354 1354 + int64_t c4 = 2097151 & (load_4(c + 10) >> 4); 1355 1355 + int64_t c5 = 2097151 & (load_3(c + 13) >> 1); 1356 1356 + int64_t c6 = 2097151 & (load_4(c + 15) >> 6); 1357 1357 + int64_t c7 = 2097151 & (load_3(c + 18) >> 3); 1358 1358 + int64_t c8 = 2097151 & load_3(c + 21); 1359 1359 + int64_t c9 = 2097151 & (load_4(c + 23) >> 5); 1360 1360 + int64_t c10 = 2097151 & (load_3(c + 26) >> 2); 1361 1361 + int64_t c11 = (load_4(c + 28) >> 7); 1362 1362 + int64_t s0; 1363 1363 + int64_t s1; 1364 1364 + int64_t s2; 1365 1365 + int64_t s3; 1366 1366 + int64_t s4; 1367 1367 + int64_t s5; 1368 1368 + int64_t s6; 1369 1369 + int64_t s7; 1370 1370 + int64_t s8; 1371 1371 + int64_t s9; 1372 1372 + int64_t s10; 1373 1373 + int64_t s11; 1374 1374 + int64_t s12; 1375 1375 + int64_t s13; 1376 1376 + int64_t s14; 1377 1377 + int64_t s15; 1378 1378 + int64_t s16; 1379 1379 + int64_t s17; 1380 1380 + int64_t s18; 1381 1381 + int64_t s19; 1382 1382 + int64_t s20; 1383 1383 + int64_t s21; 1384 1384 + int64_t s22; 1385 1385 + int64_t s23; 1386 1386 + int64_t carry0; 1387 1387 + int64_t carry1; 1388 1388 + int64_t carry2; 1389 1389 + int64_t carry3; 1390 1390 + int64_t carry4; 1391 1391 + int64_t carry5; 1392 1392 + int64_t carry6; 1393 1393 + int64_t carry7; 1394 1394 + int64_t carry8; 1395 1395 + int64_t carry9; 1396 1396 + int64_t carry10; 1397 1397 + int64_t carry11; 1398 1398 + int64_t carry12; 1399 1399 + int64_t carry13; 1400 1400 + int64_t carry14; 1401 1401 + int64_t carry15; 1402 1402 + int64_t carry16; 1403 1403 + int64_t carry17; 1404 1404 + int64_t carry18; 1405 1405 + int64_t carry19; 1406 1406 + int64_t carry20; 1407 1407 + int64_t carry21; 1408 1408 + int64_t carry22; 1409 1409 + 1410 1410 + s0 = c0 + a0 * b0; 1411 1411 + s1 = c1 + a0 * b1 + a1 * b0; 1412 1412 + s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; 1413 1413 + s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; 1414 1414 + s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; 1415 1415 + s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; 1416 1416 + s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; 1417 1417 + s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + 1418 1418 + a6 * b1 + a7 * b0; 1419 1419 + s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + 1420 1420 + a6 * b2 + a7 * b1 + a8 * b0; 1421 1421 + s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + 1422 1422 + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; 1423 1423 + s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + 1424 1424 + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; 1425 1425 + s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + 1426 1426 + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; 1427 1427 + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + 1428 1428 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; 1429 1429 + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + 1430 1430 + a9 * b4 + a10 * b3 + a11 * b2; 1431 1431 + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + 1432 1432 + a10 * b4 + a11 * b3; 1433 1433 + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + 1434 1434 + a11 * b4; 1435 1435 + s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; 1436 1436 + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; 1437 1437 + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; 1438 1438 + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; 1439 1439 + s20 = a9 * b11 + a10 * b10 + a11 * b9; 1440 1440 + s21 = a10 * b11 + a11 * b10; 1441 1441 + s22 = a11 * b11; 1442 1442 + s23 = 0; 1443 1443 + 1444 1444 + carry0 = (s0 + (1 << 20)) >> 21; 1445 1445 + s1 += carry0; 1446 1446 + s0 -= int64_lshift21(carry0); 1447 1447 + carry2 = (s2 + (1 << 20)) >> 21; 1448 1448 + s3 += carry2; 1449 1449 + s2 -= int64_lshift21(carry2); 1450 1450 + carry4 = (s4 + (1 << 20)) >> 21; 1451 1451 + s5 += carry4; 1452 1452 + s4 -= int64_lshift21(carry4); 1453 1453 + carry6 = (s6 + (1 << 20)) >> 21; 1454 1454 + s7 += carry6; 1455 1455 + s6 -= int64_lshift21(carry6); 1456 1456 + carry8 = (s8 + (1 << 20)) >> 21; 1457 1457 + s9 += carry8; 1458 1458 + s8 -= int64_lshift21(carry8); 1459 1459 + carry10 = (s10 + (1 << 20)) >> 21; 1460 1460 + s11 += carry10; 1461 1461 + s10 -= int64_lshift21(carry10); 1462 1462 + carry12 = (s12 + (1 << 20)) >> 21; 1463 1463 + s13 += carry12; 1464 1464 + s12 -= int64_lshift21(carry12); 1465 1465 + carry14 = (s14 + (1 << 20)) >> 21; 1466 1466 + s15 += carry14; 1467 1467 + s14 -= int64_lshift21(carry14); 1468 1468 + carry16 = (s16 + (1 << 20)) >> 21; 1469 1469 + s17 += carry16; 1470 1470 + s16 -= int64_lshift21(carry16); 1471 1471 + carry18 = (s18 + (1 << 20)) >> 21; 1472 1472 + s19 += carry18; 1473 1473 + s18 -= int64_lshift21(carry18); 1474 1474 + carry20 = (s20 + (1 << 20)) >> 21; 1475 1475 + s21 += carry20; 1476 1476 + s20 -= int64_lshift21(carry20); 1477 1477 + carry22 = (s22 + (1 << 20)) >> 21; 1478 1478 + s23 += carry22; 1479 1479 + s22 -= int64_lshift21(carry22); 1480 1480 + 1481 1481 + carry1 = (s1 + (1 << 20)) >> 21; 1482 1482 + s2 += carry1; 1483 1483 + s1 -= int64_lshift21(carry1); 1484 1484 + carry3 = (s3 + (1 << 20)) >> 21; 1485 1485 + s4 += carry3; 1486 1486 + s3 -= int64_lshift21(carry3); 1487 1487 + carry5 = (s5 + (1 << 20)) >> 21; 1488 1488 + s6 += carry5; 1489 1489 + s5 -= int64_lshift21(carry5); 1490 1490 + carry7 = (s7 + (1 << 20)) >> 21; 1491 1491 + s8 += carry7; 1492 1492 + s7 -= int64_lshift21(carry7); 1493 1493 + carry9 = (s9 + (1 << 20)) >> 21; 1494 1494 + s10 += carry9; 1495 1495 + s9 -= int64_lshift21(carry9); 1496 1496 + carry11 = (s11 + (1 << 20)) >> 21; 1497 1497 + s12 += carry11; 1498 1498 + s11 -= int64_lshift21(carry11); 1499 1499 + carry13 = (s13 + (1 << 20)) >> 21; 1500 1500 + s14 += carry13; 1501 1501 + s13 -= int64_lshift21(carry13); 1502 1502 + carry15 = (s15 + (1 << 20)) >> 21; 1503 1503 + s16 += carry15; 1504 1504 + s15 -= int64_lshift21(carry15); 1505 1505 + carry17 = (s17 + (1 << 20)) >> 21; 1506 1506 + s18 += carry17; 1507 1507 + s17 -= int64_lshift21(carry17); 1508 1508 + carry19 = (s19 + (1 << 20)) >> 21; 1509 1509 + s20 += carry19; 1510 1510 + s19 -= int64_lshift21(carry19); 1511 1511 + carry21 = (s21 + (1 << 20)) >> 21; 1512 1512 + s22 += carry21; 1513 1513 + s21 -= int64_lshift21(carry21); 1514 1514 + 1515 1515 + s11 += s23 * 666643; 1516 1516 + s12 += s23 * 470296; 1517 1517 + s13 += s23 * 654183; 1518 1518 + s14 -= s23 * 997805; 1519 1519 + s15 += s23 * 136657; 1520 1520 + s16 -= s23 * 683901; 1521 1521 + s23 = 0; 1522 1522 + 1523 1523 + s10 += s22 * 666643; 1524 1524 + s11 += s22 * 470296; 1525 1525 + s12 += s22 * 654183; 1526 1526 + s13 -= s22 * 997805; 1527 1527 + s14 += s22 * 136657; 1528 1528 + s15 -= s22 * 683901; 1529 1529 + s22 = 0; 1530 1530 + 1531 1531 + s9 += s21 * 666643; 1532 1532 + s10 += s21 * 470296; 1533 1533 + s11 += s21 * 654183; 1534 1534 + s12 -= s21 * 997805; 1535 1535 + s13 += s21 * 136657; 1536 1536 + s14 -= s21 * 683901; 1537 1537 + s21 = 0; 1538 1538 + 1539 1539 + s8 += s20 * 666643; 1540 1540 + s9 += s20 * 470296; 1541 1541 + s10 += s20 * 654183; 1542 1542 + s11 -= s20 * 997805; 1543 1543 + s12 += s20 * 136657; 1544 1544 + s13 -= s20 * 683901; 1545 1545 + s20 = 0; 1546 1546 + 1547 1547 + s7 += s19 * 666643; 1548 1548 + s8 += s19 * 470296; 1549 1549 + s9 += s19 * 654183; 1550 1550 + s10 -= s19 * 997805; 1551 1551 + s11 += s19 * 136657; 1552 1552 + s12 -= s19 * 683901; 1553 1553 + s19 = 0; 1554 1554 + 1555 1555 + s6 += s18 * 666643; 1556 1556 + s7 += s18 * 470296; 1557 1557 + s8 += s18 * 654183; 1558 1558 + s9 -= s18 * 997805; 1559 1559 + s10 += s18 * 136657; 1560 1560 + s11 -= s18 * 683901; 1561 1561 + s18 = 0; 1562 1562 + 1563 1563 + carry6 = (s6 + (1 << 20)) >> 21; 1564 1564 + s7 += carry6; 1565 1565 + s6 -= int64_lshift21(carry6); 1566 1566 + carry8 = (s8 + (1 << 20)) >> 21; 1567 1567 + s9 += carry8; 1568 1568 + s8 -= int64_lshift21(carry8); 1569 1569 + carry10 = (s10 + (1 << 20)) >> 21; 1570 1570 + s11 += carry10; 1571 1571 + s10 -= int64_lshift21(carry10); 1572 1572 + carry12 = (s12 + (1 << 20)) >> 21; 1573 1573 + s13 += carry12; 1574 1574 + s12 -= int64_lshift21(carry12); 1575 1575 + carry14 = (s14 + (1 << 20)) >> 21; 1576 1576 + s15 += carry14; 1577 1577 + s14 -= int64_lshift21(carry14); 1578 1578 + carry16 = (s16 + (1 << 20)) >> 21; 1579 1579 + s17 += carry16; 1580 1580 + s16 -= int64_lshift21(carry16); 1581 1581 + 1582 1582 + carry7 = (s7 + (1 << 20)) >> 21; 1583 1583 + s8 += carry7; 1584 1584 + s7 -= int64_lshift21(carry7); 1585 1585 + carry9 = (s9 + (1 << 20)) >> 21; 1586 1586 + s10 += carry9; 1587 1587 + s9 -= int64_lshift21(carry9); 1588 1588 + carry11 = (s11 + (1 << 20)) >> 21; 1589 1589 + s12 += carry11; 1590 1590 + s11 -= int64_lshift21(carry11); 1591 1591 + carry13 = (s13 + (1 << 20)) >> 21; 1592 1592 + s14 += carry13; 1593 1593 + s13 -= int64_lshift21(carry13); 1594 1594 + carry15 = (s15 + (1 << 20)) >> 21; 1595 1595 + s16 += carry15; 1596 1596 + s15 -= int64_lshift21(carry15); 1597 1597 + 1598 1598 + s5 += s17 * 666643; 1599 1599 + s6 += s17 * 470296; 1600 1600 + s7 += s17 * 654183; 1601 1601 + s8 -= s17 * 997805; 1602 1602 + s9 += s17 * 136657; 1603 1603 + s10 -= s17 * 683901; 1604 1604 + s17 = 0; 1605 1605 + 1606 1606 + s4 += s16 * 666643; 1607 1607 + s5 += s16 * 470296; 1608 1608 + s6 += s16 * 654183; 1609 1609 + s7 -= s16 * 997805; 1610 1610 + s8 += s16 * 136657; 1611 1611 + s9 -= s16 * 683901; 1612 1612 + s16 = 0; 1613 1613 + 1614 1614 + s3 += s15 * 666643; 1615 1615 + s4 += s15 * 470296; 1616 1616 + s5 += s15 * 654183; 1617 1617 + s6 -= s15 * 997805; 1618 1618 + s7 += s15 * 136657; 1619 1619 + s8 -= s15 * 683901; 1620 1620 + s15 = 0; 1621 1621 + 1622 1622 + s2 += s14 * 666643; 1623 1623 + s3 += s14 * 470296; 1624 1624 + s4 += s14 * 654183; 1625 1625 + s5 -= s14 * 997805; 1626 1626 + s6 += s14 * 136657; 1627 1627 + s7 -= s14 * 683901; 1628 1628 + s14 = 0; 1629 1629 + 1630 1630 + s1 += s13 * 666643; 1631 1631 + s2 += s13 * 470296; 1632 1632 + s3 += s13 * 654183; 1633 1633 + s4 -= s13 * 997805; 1634 1634 + s5 += s13 * 136657; 1635 1635 + s6 -= s13 * 683901; 1636 1636 + s13 = 0; 1637 1637 + 1638 1638 + s0 += s12 * 666643; 1639 1639 + s1 += s12 * 470296; 1640 1640 + s2 += s12 * 654183; 1641 1641 + s3 -= s12 * 997805; 1642 1642 + s4 += s12 * 136657; 1643 1643 + s5 -= s12 * 683901; 1644 1644 + s12 = 0; 1645 1645 + 1646 1646 + carry0 = (s0 + (1 << 20)) >> 21; 1647 1647 + s1 += carry0; 1648 1648 + s0 -= int64_lshift21(carry0); 1649 1649 + carry2 = (s2 + (1 << 20)) >> 21; 1650 1650 + s3 += carry2; 1651 1651 + s2 -= int64_lshift21(carry2); 1652 1652 + carry4 = (s4 + (1 << 20)) >> 21; 1653 1653 + s5 += carry4; 1654 1654 + s4 -= int64_lshift21(carry4); 1655 1655 + carry6 = (s6 + (1 << 20)) >> 21; 1656 1656 + s7 += carry6; 1657 1657 + s6 -= int64_lshift21(carry6); 1658 1658 + carry8 = (s8 + (1 << 20)) >> 21; 1659 1659 + s9 += carry8; 1660 1660 + s8 -= int64_lshift21(carry8); 1661 1661 + carry10 = (s10 + (1 << 20)) >> 21; 1662 1662 + s11 += carry10; 1663 1663 + s10 -= int64_lshift21(carry10); 1664 1664 + 1665 1665 + carry1 = (s1 + (1 << 20)) >> 21; 1666 1666 + s2 += carry1; 1667 1667 + s1 -= int64_lshift21(carry1); 1668 1668 + carry3 = (s3 + (1 << 20)) >> 21; 1669 1669 + s4 += carry3; 1670 1670 + s3 -= int64_lshift21(carry3); 1671 1671 + carry5 = (s5 + (1 << 20)) >> 21; 1672 1672 + s6 += carry5; 1673 1673 + s5 -= int64_lshift21(carry5); 1674 1674 + carry7 = (s7 + (1 << 20)) >> 21; 1675 1675 + s8 += carry7; 1676 1676 + s7 -= int64_lshift21(carry7); 1677 1677 + carry9 = (s9 + (1 << 20)) >> 21; 1678 1678 + s10 += carry9; 1679 1679 + s9 -= int64_lshift21(carry9); 1680 1680 + carry11 = (s11 + (1 << 20)) >> 21; 1681 1681 + s12 += carry11; 1682 1682 + s11 -= int64_lshift21(carry11); 1683 1683 + 1684 1684 + s0 += s12 * 666643; 1685 1685 + s1 += s12 * 470296; 1686 1686 + s2 += s12 * 654183; 1687 1687 + s3 -= s12 * 997805; 1688 1688 + s4 += s12 * 136657; 1689 1689 + s5 -= s12 * 683901; 1690 1690 + s12 = 0; 1691 1691 + 1692 1692 + carry0 = s0 >> 21; 1693 1693 + s1 += carry0; 1694 1694 + s0 -= int64_lshift21(carry0); 1695 1695 + carry1 = s1 >> 21; 1696 1696 + s2 += carry1; 1697 1697 + s1 -= int64_lshift21(carry1); 1698 1698 + carry2 = s2 >> 21; 1699 1699 + s3 += carry2; 1700 1700 + s2 -= int64_lshift21(carry2); 1701 1701 + carry3 = s3 >> 21; 1702 1702 + s4 += carry3; 1703 1703 + s3 -= int64_lshift21(carry3); 1704 1704 + carry4 = s4 >> 21; 1705 1705 + s5 += carry4; 1706 1706 + s4 -= int64_lshift21(carry4); 1707 1707 + carry5 = s5 >> 21; 1708 1708 + s6 += carry5; 1709 1709 + s5 -= int64_lshift21(carry5); 1710 1710 + carry6 = s6 >> 21; 1711 1711 + s7 += carry6; 1712 1712 + s6 -= int64_lshift21(carry6); 1713 1713 + carry7 = s7 >> 21; 1714 1714 + s8 += carry7; 1715 1715 + s7 -= int64_lshift21(carry7); 1716 1716 + carry8 = s8 >> 21; 1717 1717 + s9 += carry8; 1718 1718 + s8 -= int64_lshift21(carry8); 1719 1719 + carry9 = s9 >> 21; 1720 1720 + s10 += carry9; 1721 1721 + s9 -= int64_lshift21(carry9); 1722 1722 + carry10 = s10 >> 21; 1723 1723 + s11 += carry10; 1724 1724 + s10 -= int64_lshift21(carry10); 1725 1725 + carry11 = s11 >> 21; 1726 1726 + s12 += carry11; 1727 1727 + s11 -= int64_lshift21(carry11); 1728 1728 + 1729 1729 + s0 += s12 * 666643; 1730 1730 + s1 += s12 * 470296; 1731 1731 + s2 += s12 * 654183; 1732 1732 + s3 -= s12 * 997805; 1733 1733 + s4 += s12 * 136657; 1734 1734 + s5 -= s12 * 683901; 1735 1735 + s12 = 0; 1736 1736 + 1737 1737 + carry0 = s0 >> 21; 1738 1738 + s1 += carry0; 1739 1739 + s0 -= int64_lshift21(carry0); 1740 1740 + carry1 = s1 >> 21; 1741 1741 + s2 += carry1; 1742 1742 + s1 -= int64_lshift21(carry1); 1743 1743 + carry2 = s2 >> 21; 1744 1744 + s3 += carry2; 1745 1745 + s2 -= int64_lshift21(carry2); 1746 1746 + carry3 = s3 >> 21; 1747 1747 + s4 += carry3; 1748 1748 + s3 -= int64_lshift21(carry3); 1749 1749 + carry4 = s4 >> 21; 1750 1750 + s5 += carry4; 1751 1751 + s4 -= int64_lshift21(carry4); 1752 1752 + carry5 = s5 >> 21; 1753 1753 + s6 += carry5; 1754 1754 + s5 -= int64_lshift21(carry5); 1755 1755 + carry6 = s6 >> 21; 1756 1756 + s7 += carry6; 1757 1757 + s6 -= int64_lshift21(carry6); 1758 1758 + carry7 = s7 >> 21; 1759 1759 + s8 += carry7; 1760 1760 + s7 -= int64_lshift21(carry7); 1761 1761 + carry8 = s8 >> 21; 1762 1762 + s9 += carry8; 1763 1763 + s8 -= int64_lshift21(carry8); 1764 1764 + carry9 = s9 >> 21; 1765 1765 + s10 += carry9; 1766 1766 + s9 -= int64_lshift21(carry9); 1767 1767 + carry10 = s10 >> 21; 1768 1768 + s11 += carry10; 1769 1769 + s10 -= int64_lshift21(carry10); 1770 1770 + 1771 1771 + s[0] = s0 >> 0; 1772 1772 + s[1] = s0 >> 8; 1773 1773 + s[2] = (s0 >> 16) | (s1 << 5); 1774 1774 + s[3] = s1 >> 3; 1775 1775 + s[4] = s1 >> 11; 1776 1776 + s[5] = (s1 >> 19) | (s2 << 2); 1777 1777 + s[6] = s2 >> 6; 1778 1778 + s[7] = (s2 >> 14) | (s3 << 7); 1779 1779 + s[8] = s3 >> 1; 1780 1780 + s[9] = s3 >> 9; 1781 1781 + s[10] = (s3 >> 17) | (s4 << 4); 1782 1782 + s[11] = s4 >> 4; 1783 1783 + s[12] = s4 >> 12; 1784 1784 + s[13] = (s4 >> 20) | (s5 << 1); 1785 1785 + s[14] = s5 >> 7; 1786 1786 + s[15] = (s5 >> 15) | (s6 << 6); 1787 1787 + s[16] = s6 >> 2; 1788 1788 + s[17] = s6 >> 10; 1789 1789 + s[18] = (s6 >> 18) | (s7 << 3); 1790 1790 + s[19] = s7 >> 5; 1791 1791 + s[20] = s7 >> 13; 1792 1792 + s[21] = s8 >> 0; 1793 1793 + s[22] = s8 >> 8; 1794 1794 + s[23] = (s8 >> 16) | (s9 << 5); 1795 1795 + s[24] = s9 >> 3; 1796 1796 + s[25] = s9 >> 11; 1797 1797 + s[26] = (s9 >> 19) | (s10 << 2); 1798 1798 + s[27] = s10 >> 6; 1799 1799 + s[28] = (s10 >> 14) | (s11 << 7); 1800 1800 + s[29] = s11 >> 1; 1801 1801 + s[30] = s11 >> 9; 1802 1802 + s[31] = s11 >> 17; 1803 1803 + } 1804 1804 + 1805 1805 + #include <caml/memory.h> 1806 1806 + 1807 1807 + CAMLprim value mc_x25519_scalar_mult_generic(value out, value scalar, value point) 1808 1808 + { 1809 1809 + CAMLparam3(out, scalar, point); 1810 1810 + x25519_scalar_mult_generic(Caml_ba_data_val(out), Caml_ba_data_val(scalar), Caml_ba_data_val(point)); 1811 1811 + CAMLreturn(Val_unit); 1812 1812 + } 1813 1813 + 1814 1814 + CAMLprim value mc_25519_scalar_mult_base(value out, value hash) 1815 1815 + { 1816 1816 + CAMLparam2(out, hash); 1817 1817 + ge_p3 A; 1818 1818 + ge_p3_0(&A); 1819 1819 + x25519_ge_scalarmult_base(&A, Caml_ba_data_val(hash)); 1820 1820 + ge_p3_tobytes(Caml_ba_data_val(out), &A); 1821 1821 + CAMLreturn(Val_unit); 1822 1822 + } 1823 1823 + 1824 1824 + CAMLprim value mc_25519_reduce_l(value buf) 1825 1825 + { 1826 1826 + CAMLparam1(buf); 1827 1827 + x25519_sc_reduce(Caml_ba_data_val(buf)); 1828 1828 + CAMLreturn(Val_unit); 1829 1829 + } 1830 1830 + 1831 1831 + CAMLprim value mc_25519_muladd(value out, value a, value b, value c) 1832 1832 + { 1833 1833 + CAMLparam4(out, a, b, c); 1834 1834 + sc_muladd(Caml_ba_data_val(out), Caml_ba_data_val(a), Caml_ba_data_val(b), Caml_ba_data_val(c)); 1835 1835 + CAMLreturn(Val_unit); 1836 1836 + } 1837 1837 + 1838 1838 + CAMLprim value mc_25519_double_scalar_mult(value out, value k, value key, value c) 1839 1839 + { 1840 1840 + CAMLparam4(out, k, key, c); 1841 1841 + ge_p2 R; 1842 1842 + ge_p3 B; 1843 1843 + fe_loose t; 1844 1844 + int success = 0; 1845 1845 + success = x25519_ge_frombytes_vartime(&B, Caml_ba_data_val(key)); 1846 1846 + fe_neg(&t, &B.X); 1847 1847 + fe_carry(&B.X, &t); 1848 1848 + fe_neg(&t, &B.T); 1849 1849 + fe_carry(&B.T, &t); 1850 1850 + ge_double_scalarmult_vartime(&R, Caml_ba_data_val(k), &B, 1851 1851 + ((uint8_t*)Caml_ba_data_val(c) + 32)); 1852 1852 + x25519_ge_tobytes(Caml_ba_data_val(out), &R); 1853 1853 + CAMLreturn(Val_bool(success)); 1854 1854 + } 1855 1855 + 1856 1856 + CAMLprim value mc_25519_pub_ok(value key) 1857 1857 + { 1858 1858 + CAMLparam1(key); 1859 1859 + int success = 0; 1860 1860 + ge_p3 B; 1861 1861 + success = x25519_ge_frombytes_vartime(&B, Caml_ba_data_val(key)); 1862 1862 + CAMLreturn(Val_bool(success)); 1863 1863 + }

+375

ec/native/curve25519_tables.h

reviewed

··· 1 1 + /* following code is from c47bfce06 of boringssl: crypto/curve25519 */ 2 2 + 3 3 + /* Copyright (c) 2020, Google Inc. 4 4 + * 5 5 + * Permission to use, copy, modify, and/or distribute this software for any 6 6 + * purpose with or without fee is hereby granted, provided that the above 7 7 + * copyright notice and this permission notice appear in all copies. 8 8 + * 9 9 + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 10 + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 11 + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 12 12 + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 13 + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 14 14 + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 15 15 + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 16 16 + 17 17 + // This file is generated from 18 18 + // ./make_curve25519_tables.py > curve25519_tables.h 19 19 + 20 20 + static const fe d = {{ 21 21 + #if defined(ARCH_64BIT) 22 22 + 929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 23 23 + 1442794654840575 24 24 + #else 25 25 + 56195235, 13857412, 51736253, 6949390, 114729, 24766616, 60832955, 30306712, 26 26 + 48412415, 21499315 27 27 + #endif 28 28 + }}; 29 29 + 30 30 + static const fe sqrtm1 = {{ 31 31 + #if defined(ARCH_64BIT) 32 32 + 1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 33 33 + 765476049583133 34 34 + #else 35 35 + 34513072, 25610706, 9377949, 3500415, 12389472, 33281959, 41962654, 36 36 + 31548777, 326685, 11406482 37 37 + #endif 38 38 + }}; 39 39 + 40 40 + static const fe d2 = {{ 41 41 + #if defined(ARCH_64BIT) 42 42 + 1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 43 43 + 633789495995903 44 44 + #else 45 45 + 45281625, 27714825, 36363642, 13898781, 229458, 15978800, 54557047, 46 46 + 27058993, 29715967, 9444199 47 47 + #endif 48 48 + }}; 49 49 + 50 50 + // This block of code replaces the standard base-point table with a much smaller 51 51 + // one. The standard table is 30,720 bytes while this one is just 960. 52 52 + // 53 53 + // This table contains 15 pairs of group elements, (x, y), where each field 54 54 + // element is serialised with |fe_tobytes|. If |i| is the index of the group 55 55 + // element then consider i+1 as a four-bit number: (i₀, i₁, i₂, i₃) (where i₀ 56 56 + // is the most significant bit). The value of the group element is then: 57 57 + // (i₀×2^192 + i₁×2^128 + i₂×2^64 + i₃)G, where G is the generator. 58 58 + static const uint8_t k25519SmallPrecomp[15 * 2 * 32] = { 59 59 + 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 60 60 + 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 61 61 + 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21, 0x58, 0x66, 0x66, 0x66, 62 62 + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 63 63 + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 64 64 + 0x66, 0x66, 0x66, 0x66, 0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 65 65 + 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 66 66 + 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62, 67 67 + 0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 68 68 + 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 69 69 + 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03, 0xa2, 0xfb, 0xcc, 0x61, 70 70 + 0x67, 0x06, 0x70, 0x1a, 0xc4, 0x78, 0x3a, 0xff, 0x32, 0x62, 0xdd, 0x2c, 71 71 + 0xab, 0x50, 0x19, 0x3b, 0xf2, 0x9b, 0x7d, 0xb8, 0xfd, 0x4f, 0x29, 0x9c, 72 72 + 0xa7, 0x91, 0xba, 0x0e, 0x46, 0x5e, 0x51, 0xfe, 0x1d, 0xbf, 0xe5, 0xe5, 73 73 + 0x9b, 0x95, 0x0d, 0x67, 0xf8, 0xd1, 0xb5, 0x5a, 0xa1, 0x93, 0x2c, 0xc3, 74 74 + 0xde, 0x0e, 0x97, 0x85, 0x2d, 0x7f, 0xea, 0xab, 0x3e, 0x47, 0x30, 0x18, 75 75 + 0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 76 76 + 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 77 77 + 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c, 0x6b, 0xa6, 0xf5, 0x4b, 78 78 + 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 79 79 + 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 80 80 + 0xe6, 0x99, 0x2c, 0x5f, 0x9a, 0x96, 0x0c, 0x68, 0x29, 0xfd, 0xe2, 0xfb, 81 81 + 0xe6, 0xbc, 0xec, 0x31, 0x08, 0xec, 0xe6, 0xb0, 0x53, 0x60, 0xc3, 0x8c, 82 82 + 0xbe, 0xc1, 0xb3, 0x8a, 0x8f, 0xe4, 0x88, 0x2b, 0x55, 0xe5, 0x64, 0x6e, 83 83 + 0x9b, 0xd0, 0xaf, 0x7b, 0x64, 0x2a, 0x35, 0x25, 0x10, 0x52, 0xc5, 0x9e, 84 84 + 0x58, 0x11, 0x39, 0x36, 0x45, 0x51, 0xb8, 0x39, 0x93, 0xfc, 0x9d, 0x6a, 85 85 + 0xbe, 0x58, 0xcb, 0xa4, 0x0f, 0x51, 0x3c, 0x38, 0x05, 0xca, 0xab, 0x43, 86 86 + 0x63, 0x0e, 0xf3, 0x8b, 0x41, 0xa6, 0xf8, 0x9b, 0x53, 0x70, 0x80, 0x53, 87 87 + 0x86, 0x5e, 0x8f, 0xe3, 0xc3, 0x0d, 0x18, 0xc8, 0x4b, 0x34, 0x1f, 0xd8, 88 88 + 0x1d, 0xbc, 0xf2, 0x6d, 0x34, 0x3a, 0xbe, 0xdf, 0xd9, 0xf6, 0xf3, 0x89, 89 89 + 0xa1, 0xe1, 0x94, 0x9f, 0x5d, 0x4c, 0x5d, 0xe9, 0xa1, 0x49, 0x92, 0xef, 90 90 + 0x0e, 0x53, 0x81, 0x89, 0x58, 0x87, 0xa6, 0x37, 0xf1, 0xdd, 0x62, 0x60, 91 91 + 0x63, 0x5a, 0x9d, 0x1b, 0x8c, 0xc6, 0x7d, 0x52, 0xea, 0x70, 0x09, 0x6a, 92 92 + 0xe1, 0x32, 0xf3, 0x73, 0x21, 0x1f, 0x07, 0x7b, 0x7c, 0x9b, 0x49, 0xd8, 93 93 + 0xc0, 0xf3, 0x25, 0x72, 0x6f, 0x9d, 0xed, 0x31, 0x67, 0x36, 0x36, 0x54, 94 94 + 0x40, 0x92, 0x71, 0xe6, 0x11, 0x28, 0x11, 0xad, 0x93, 0x32, 0x85, 0x7b, 95 95 + 0x3e, 0xb7, 0x3b, 0x49, 0x13, 0x1c, 0x07, 0xb0, 0x2e, 0x93, 0xaa, 0xfd, 96 96 + 0xfd, 0x28, 0x47, 0x3d, 0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 97 97 + 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 98 98 + 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b, 99 99 + 0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 100 100 + 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 101 101 + 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61, 0x38, 0x68, 0xb0, 0x07, 102 102 + 0xa3, 0xfc, 0xcc, 0x85, 0x10, 0x7f, 0x4c, 0x65, 0x65, 0xb3, 0xfa, 0xfa, 103 103 + 0xa5, 0x53, 0x6f, 0xdb, 0x74, 0x4c, 0x56, 0x46, 0x03, 0xe2, 0xd5, 0x7a, 104 104 + 0x29, 0x1c, 0xc6, 0x02, 0xbc, 0x59, 0xf2, 0x04, 0x75, 0x63, 0xc0, 0x84, 105 105 + 0x2f, 0x60, 0x1c, 0x67, 0x76, 0xfd, 0x63, 0x86, 0xf3, 0xfa, 0xbf, 0xdc, 106 106 + 0xd2, 0x2d, 0x90, 0x91, 0xbd, 0x33, 0xa9, 0xe5, 0x66, 0x0c, 0xda, 0x42, 107 107 + 0x27, 0xca, 0xf4, 0x66, 0xc2, 0xec, 0x92, 0x14, 0x57, 0x06, 0x63, 0xd0, 108 108 + 0x4d, 0x15, 0x06, 0xeb, 0x69, 0x58, 0x4f, 0x77, 0xc5, 0x8b, 0xc7, 0xf0, 109 109 + 0x8e, 0xed, 0x64, 0xa0, 0xb3, 0x3c, 0x66, 0x71, 0xc6, 0x2d, 0xda, 0x0a, 110 110 + 0x0d, 0xfe, 0x70, 0x27, 0x64, 0xf8, 0x27, 0xfa, 0xf6, 0x5f, 0x30, 0xa5, 111 111 + 0x0d, 0x6c, 0xda, 0xf2, 0x62, 0x5e, 0x78, 0x47, 0xd3, 0x66, 0x00, 0x1c, 112 112 + 0xfd, 0x56, 0x1f, 0x5d, 0x3f, 0x6f, 0xf4, 0x4c, 0xd8, 0xfd, 0x0e, 0x27, 113 113 + 0xc9, 0x5c, 0x2b, 0xbc, 0xc0, 0xa4, 0xe7, 0x23, 0x29, 0x02, 0x9f, 0x31, 114 114 + 0xd6, 0xe9, 0xd7, 0x96, 0xf4, 0xe0, 0x5e, 0x0b, 0x0e, 0x13, 0xee, 0x3c, 115 115 + 0x09, 0xed, 0xf2, 0x3d, 0x76, 0x91, 0xc3, 0xa4, 0x97, 0xae, 0xd4, 0x87, 116 116 + 0xd0, 0x5d, 0xf6, 0x18, 0x47, 0x1f, 0x1d, 0x67, 0xf2, 0xcf, 0x63, 0xa0, 117 117 + 0x91, 0x27, 0xf8, 0x93, 0x45, 0x75, 0x23, 0x3f, 0xd1, 0xf1, 0xad, 0x23, 118 118 + 0xdd, 0x64, 0x93, 0x96, 0x41, 0x70, 0x7f, 0xf7, 0xf5, 0xa9, 0x89, 0xa2, 119 119 + 0x34, 0xb0, 0x8d, 0x1b, 0xae, 0x19, 0x15, 0x49, 0x58, 0x23, 0x6d, 0x87, 120 120 + 0x15, 0x4f, 0x81, 0x76, 0xfb, 0x23, 0xb5, 0xea, 0xcf, 0xac, 0x54, 0x8d, 121 121 + 0x4e, 0x42, 0x2f, 0xeb, 0x0f, 0x63, 0xdb, 0x68, 0x37, 0xa8, 0xcf, 0x8b, 122 122 + 0xab, 0xf5, 0xa4, 0x6e, 0x96, 0x2a, 0xb2, 0xd6, 0xbe, 0x9e, 0xbd, 0x0d, 123 123 + 0xb4, 0x42, 0xa9, 0xcf, 0x01, 0x83, 0x8a, 0x17, 0x47, 0x76, 0xc4, 0xc6, 124 124 + 0x83, 0x04, 0x95, 0x0b, 0xfc, 0x11, 0xc9, 0x62, 0xb8, 0x0c, 0x76, 0x84, 125 125 + 0xd9, 0xb9, 0x37, 0xfa, 0xfc, 0x7c, 0xc2, 0x6d, 0x58, 0x3e, 0xb3, 0x04, 126 126 + 0xbb, 0x8c, 0x8f, 0x48, 0xbc, 0x91, 0x27, 0xcc, 0xf9, 0xb7, 0x22, 0x19, 127 127 + 0x83, 0x2e, 0x09, 0xb5, 0x72, 0xd9, 0x54, 0x1c, 0x4d, 0xa1, 0xea, 0x0b, 128 128 + 0xf1, 0xc6, 0x08, 0x72, 0x46, 0x87, 0x7a, 0x6e, 0x80, 0x56, 0x0a, 0x8a, 129 129 + 0xc0, 0xdd, 0x11, 0x6b, 0xd6, 0xdd, 0x47, 0xdf, 0x10, 0xd9, 0xd8, 0xea, 130 130 + 0x7c, 0xb0, 0x8f, 0x03, 0x00, 0x2e, 0xc1, 0x8f, 0x44, 0xa8, 0xd3, 0x30, 131 131 + 0x06, 0x89, 0xa2, 0xf9, 0x34, 0xad, 0xdc, 0x03, 0x85, 0xed, 0x51, 0xa7, 132 132 + 0x82, 0x9c, 0xe7, 0x5d, 0x52, 0x93, 0x0c, 0x32, 0x9a, 0x5b, 0xe1, 0xaa, 133 133 + 0xca, 0xb8, 0x02, 0x6d, 0x3a, 0xd4, 0xb1, 0x3a, 0xf0, 0x5f, 0xbe, 0xb5, 134 134 + 0x0d, 0x10, 0x6b, 0x38, 0x32, 0xac, 0x76, 0x80, 0xbd, 0xca, 0x94, 0x71, 135 135 + 0x7a, 0xf2, 0xc9, 0x35, 0x2a, 0xde, 0x9f, 0x42, 0x49, 0x18, 0x01, 0xab, 136 136 + 0xbc, 0xef, 0x7c, 0x64, 0x3f, 0x58, 0x3d, 0x92, 0x59, 0xdb, 0x13, 0xdb, 137 137 + 0x58, 0x6e, 0x0a, 0xe0, 0xb7, 0x91, 0x4a, 0x08, 0x20, 0xd6, 0x2e, 0x3c, 138 138 + 0x45, 0xc9, 0x8b, 0x17, 0x79, 0xe7, 0xc7, 0x90, 0x99, 0x3a, 0x18, 0x25, 139 139 + }; 140 140 + 141 141 + // Bi[i] = (2*i+1)*B 142 142 + static const ge_precomp Bi[8] = { 143 143 + { 144 144 + {{ 145 145 + #if defined(ARCH_64BIT) 146 146 + 1288382639258501, 245678601348599, 269427782077623, 147 147 + 1462984067271730, 137412439391563 148 148 + #else 149 149 + 25967493, 19198397, 29566455, 3660896, 54414519, 4014786, 27544626, 150 150 + 21800161, 61029707, 2047604 151 151 + #endif 152 152 + }}, 153 153 + {{ 154 154 + #if defined(ARCH_64BIT) 155 155 + 62697248952638, 204681361388450, 631292143396476, 338455783676468, 156 156 + 1213667448819585 157 157 + #else 158 158 + 54563134, 934261, 64385954, 3049989, 66381436, 9406985, 12720692, 159 159 + 5043384, 19500929, 18085054 160 160 + #endif 161 161 + }}, 162 162 + {{ 163 163 + #if defined(ARCH_64BIT) 164 164 + 301289933810280, 1259582250014073, 1422107436869536, 165 165 + 796239922652654, 1953934009299142 166 166 + #else 167 167 + 58370664, 4489569, 9688441, 18769238, 10184608, 21191052, 29287918, 168 168 + 11864899, 42594502, 29115885 169 169 + #endif 170 170 + }}, 171 171 + }, 172 172 + { 173 173 + {{ 174 174 + #if defined(ARCH_64BIT) 175 175 + 1601611775252272, 1720807796594148, 1132070835939856, 176 176 + 1260455018889551, 2147779492816911 177 177 + #else 178 178 + 15636272, 23865875, 24204772, 25642034, 616976, 16869170, 27787599, 179 179 + 18782243, 28944399, 32004408 180 180 + #endif 181 181 + }}, 182 182 + {{ 183 183 + #if defined(ARCH_64BIT) 184 184 + 316559037616741, 2177824224946892, 1459442586438991, 185 185 + 1461528397712656, 751590696113597 186 186 + #else 187 187 + 16568933, 4717097, 55552716, 32452109, 15682895, 21747389, 16354576, 188 188 + 21778470, 7689661, 11199574 189 189 + #endif 190 190 + }}, 191 191 + {{ 192 192 + #if defined(ARCH_64BIT) 193 193 + 1850748884277385, 1200145853858453, 1068094770532492, 194 194 + 672251375690438, 1586055907191707 195 195 + #else 196 196 + 30464137, 27578307, 55329429, 17883566, 23220364, 15915852, 7512774, 197 197 + 10017326, 49359771, 23634074 198 198 + #endif 199 199 + }}, 200 200 + }, 201 201 + { 202 202 + {{ 203 203 + #if defined(ARCH_64BIT) 204 204 + 769950342298419, 132954430919746, 844085933195555, 974092374476333, 205 205 + 726076285546016 206 206 + #else 207 207 + 10861363, 11473154, 27284546, 1981175, 37044515, 12577860, 32867885, 208 208 + 14515107, 51670560, 10819379 209 209 + #endif 210 210 + }}, 211 211 + {{ 212 212 + #if defined(ARCH_64BIT) 213 213 + 425251763115706, 608463272472562, 442562545713235, 837766094556764, 214 214 + 374555092627893 215 215 + #else 216 216 + 4708026, 6336745, 20377586, 9066809, 55836755, 6594695, 41455196, 217 217 + 12483687, 54440373, 5581305 218 218 + #endif 219 219 + }}, 220 220 + {{ 221 221 + #if defined(ARCH_64BIT) 222 222 + 1086255230780037, 274979815921559, 1960002765731872, 223 223 + 929474102396301, 1190409889297339 224 224 + #else 225 225 + 19563141, 16186464, 37722007, 4097518, 10237984, 29206317, 28542349, 226 226 + 13850243, 43430843, 17738489 227 227 + #endif 228 228 + }}, 229 229 + }, 230 230 + { 231 231 + {{ 232 232 + #if defined(ARCH_64BIT) 233 233 + 665000864555967, 2065379846933859, 370231110385876, 350988370788628, 234 234 + 1233371373142985 235 235 + #else 236 236 + 5153727, 9909285, 1723747, 30776558, 30523604, 5516873, 19480852, 237 237 + 5230134, 43156425, 18378665 238 238 + #endif 239 239 + }}, 240 240 + {{ 241 241 + #if defined(ARCH_64BIT) 242 242 + 2019367628972465, 676711900706637, 110710997811333, 243 243 + 1108646842542025, 517791959672113 244 244 + #else 245 245 + 36839857, 30090922, 7665485, 10083793, 28475525, 1649722, 20654025, 246 246 + 16520125, 30598449, 7715701 247 247 + #endif 248 248 + }}, 249 249 + {{ 250 250 + #if defined(ARCH_64BIT) 251 251 + 965130719900578, 247011430587952, 526356006571389, 91986625355052, 252 252 + 2157223321444601 253 253 + #else 254 254 + 28881826, 14381568, 9657904, 3680757, 46927229, 7843315, 35708204, 255 255 + 1370707, 29794553, 32145132 256 256 + #endif 257 257 + }}, 258 258 + }, 259 259 + { 260 260 + {{ 261 261 + #if defined(ARCH_64BIT) 262 262 + 1802695059465007, 1664899123557221, 593559490740857, 263 263 + 2160434469266659, 927570450755031 264 264 + #else 265 265 + 44589871, 26862249, 14201701, 24808930, 43598457, 8844725, 18474211, 266 266 + 32192982, 54046167, 13821876 267 267 + #endif 268 268 + }}, 269 269 + {{ 270 270 + #if defined(ARCH_64BIT) 271 271 + 1725674970513508, 1933645953859181, 1542344539275782, 272 272 + 1767788773573747, 1297447965928905 273 273 + #else 274 274 + 60653668, 25714560, 3374701, 28813570, 40010246, 22982724, 31655027, 275 275 + 26342105, 18853321, 19333481 276 276 + #endif 277 277 + }}, 278 278 + {{ 279 279 + #if defined(ARCH_64BIT) 280 280 + 1381809363726107, 1430341051343062, 2061843536018959, 281 281 + 1551778050872521, 2036394857967624 282 282 + #else 283 283 + 4566811, 20590564, 38133974, 21313742, 59506191, 30723862, 58594505, 284 284 + 23123294, 2207752, 30344648 285 285 + #endif 286 286 + }}, 287 287 + }, 288 288 + { 289 289 + {{ 290 290 + #if defined(ARCH_64BIT) 291 291 + 1970894096313054, 528066325833207, 1619374932191227, 292 292 + 2207306624415883, 1169170329061080 293 293 + #else 294 294 + 41954014, 29368610, 29681143, 7868801, 60254203, 24130566, 54671499, 295 295 + 32891431, 35997400, 17421995 296 296 + #endif 297 297 + }}, 298 298 + {{ 299 299 + #if defined(ARCH_64BIT) 300 300 + 2070390218572616, 1458919061857835, 624171843017421, 301 301 + 1055332792707765, 433987520732508 302 302 + #else 303 303 + 25576264, 30851218, 7349803, 21739588, 16472781, 9300885, 3844789, 304 304 + 15725684, 171356, 6466918 305 305 + #endif 306 306 + }}, 307 307 + {{ 308 308 + #if defined(ARCH_64BIT) 309 309 + 893653801273833, 1168026499324677, 1242553501121234, 310 310 + 1306366254304474, 1086752658510815 311 311 + #else 312 312 + 23103977, 13316479, 9739013, 17404951, 817874, 18515490, 8965338, 313 313 + 19466374, 36393951, 16193876 314 314 + #endif 315 315 + }}, 316 316 + }, 317 317 + { 318 318 + {{ 319 319 + #if defined(ARCH_64BIT) 320 320 + 213454002618221, 939771523987438, 1159882208056014, 317388369627517, 321 321 + 621213314200687 322 322 + #else 323 323 + 33587053, 3180712, 64714734, 14003686, 50205390, 17283591, 17238397, 324 324 + 4729455, 49034351, 9256799 325 325 + #endif 326 326 + }}, 327 327 + {{ 328 328 + #if defined(ARCH_64BIT) 329 329 + 1971678598905747, 338026507889165, 762398079972271, 655096486107477, 330 330 + 42299032696322 331 331 + #else 332 332 + 41926547, 29380300, 32336397, 5036987, 45872047, 11360616, 22616405, 333 333 + 9761698, 47281666, 630304 334 334 + #endif 335 335 + }}, 336 336 + {{ 337 337 + #if defined(ARCH_64BIT) 338 338 + 177130678690680, 1754759263300204, 1864311296286618, 339 339 + 1180675631479880, 1292726903152791 340 340 + #else 341 341 + 53388152, 2639452, 42871404, 26147950, 9494426, 27780403, 60554312, 342 342 + 17593437, 64659607, 19263131 343 343 + #endif 344 344 + }}, 345 345 + }, 346 346 + { 347 347 + {{ 348 348 + #if defined(ARCH_64BIT) 349 349 + 1913163449625248, 460779200291993, 2193883288642314, 350 350 + 1008900146920800, 1721983679009502 351 351 + #else 352 352 + 63957664, 28508356, 9282713, 6866145, 35201802, 32691408, 48168288, 353 353 + 15033783, 25105118, 25659556 354 354 + #endif 355 355 + }}, 356 356 + {{ 357 357 + #if defined(ARCH_64BIT) 358 358 + 1070401523076875, 1272492007800961, 1910153608563310, 359 359 + 2075579521696771, 1191169788841221 360 360 + #else 361 361 + 42782475, 15950225, 35307649, 18961608, 55446126, 28463506, 1573891, 362 362 + 30928545, 2198789, 17749813 363 363 + #endif 364 364 + }}, 365 365 + {{ 366 366 + #if defined(ARCH_64BIT) 367 367 + 692896803108118, 500174642072499, 2068223309439677, 368 368 + 1162190621851337, 1426986007309901 369 369 + #else 370 370 + 64009494, 10324966, 64867251, 7453182, 61661885, 30818928, 53296841, 371 371 + 17317989, 34647629, 21263748 372 372 + #endif 373 373 + }}, 374 374 + }, 375 375 + };

+2 -1

tests/dune

reviewed

··· 64 64 ecdh_secp256r1_test.json ecdsa_secp256r1_sha256_test.json 65 65 ecdsa_secp256r1_sha512_test.json ecdh_secp384r1_test.json 66 66 ecdsa_secp384r1_sha384_test.json ecdsa_secp384r1_sha512_test.json 67 67 - ecdh_secp521r1_test.json ecdsa_secp521r1_sha512_test.json) 67 67 + ecdh_secp521r1_test.json ecdsa_secp521r1_sha512_test.json 68 68 + x25519_test.json eddsa_test.json) 68 69 (libraries alcotest mirage-crypto-ec wycheproof asn1-combinators 69 70 mirage-crypto-pk mirage-crypto) 70 71 (package mirage-crypto-ec))

+2262

tests/eddsa_test.json

reviewed

··· 1 1 + { 2 2 + "algorithm" : "EDDSA", 3 3 + "generatorVersion" : "0.8rc16", 4 4 + "numberOfTests" : 145, 5 5 + "header" : [ 6 6 + "Test vectors of type EddsaVerify are intended for testing", 7 7 + "the verification of Eddsa signatures." 8 8 + ], 9 9 + "notes" : { 10 10 + "SignatureMalleability" : "EdDSA signatures are non-malleable, if implemented accordingly. Failing to check the range of S allows to modify signatures. See RFC 8032, Section 5.2.7 and Section 8.4." 11 11 + }, 12 12 + "schema" : "eddsa_verify_schema.json", 13 13 + "testGroups" : [ 14 14 + { 15 15 + "jwk" : { 16 16 + "crv" : "Ed25519", 17 17 + "d" : "rdS7gQN4W6-axTQljoqvZfXxrbXvXz3xm7gKuYnE1ks", 18 18 + "kid" : "none", 19 19 + "kty" : "OKP", 20 20 + "x" : "fU0Of2FTpptiQrUiq77mhf2kQg-INLEIw72uNp71Sfo" 21 21 + }, 22 22 + "key" : { 23 23 + "curve" : "edwards25519", 24 24 + "keySize" : 255, 25 25 + "pk" : "7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa", 26 26 + "sk" : "add4bb8103785baf9ac534258e8aaf65f5f1adb5ef5f3df19bb80ab989c4d64b", 27 27 + "type" : "EDDSAKeyPair" 28 28 + }, 29 29 + "keyDer" : "302a300506032b65700321007d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa", 30 30 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAfU0Of2FTpptiQrUiq77mhf2kQg+INLEIw72uNp71Sfo=\n-----END PUBLIC KEY-----\n", 31 31 + "type" : "EddsaVerify", 32 32 + "tests" : [ 33 33 + { 34 34 + "tcId" : 1, 35 35 + "comment" : "", 36 36 + "msg" : "", 37 37 + "sig" : "d4fbdb52bfa726b44d1786a8c0d171c3e62ca83c9e5bbe63de0bb2483f8fd6cc1429ab72cafc41ab56af02ff8fcc43b99bfe4c7ae940f60f38ebaa9d311c4007", 38 38 + "result" : "valid", 39 39 + "flags" : [] 40 40 + }, 41 41 + { 42 42 + "tcId" : 2, 43 43 + "comment" : "", 44 44 + "msg" : "78", 45 45 + "sig" : "d80737358ede548acb173ef7e0399f83392fe8125b2ce877de7975d8b726ef5b1e76632280ee38afad12125ea44b961bf92f1178c9fa819d020869975bcbe109", 46 46 + "result" : "valid", 47 47 + "flags" : [] 48 48 + }, 49 49 + { 50 50 + "tcId" : 3, 51 51 + "comment" : "", 52 52 + "msg" : "54657374", 53 53 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d", 54 54 + "result" : "valid", 55 55 + "flags" : [] 56 56 + }, 57 57 + { 58 58 + "tcId" : 4, 59 59 + "comment" : "", 60 60 + "msg" : "48656c6c6f", 61 61 + "sig" : "1c1ad976cbaae3b31dee07971cf92c928ce2091a85f5899f5e11ecec90fc9f8e93df18c5037ec9b29c07195ad284e63d548cd0a6fe358cc775bd6c1608d2c905", 62 62 + "result" : "valid", 63 63 + "flags" : [] 64 64 + }, 65 65 + { 66 66 + "tcId" : 5, 67 67 + "comment" : "", 68 68 + "msg" : "313233343030", 69 69 + "sig" : "657c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2bf0cf5b3a289976458a1be6277a5055545253b45b07dcc1abd96c8b989c00f301", 70 70 + "result" : "valid", 71 71 + "flags" : [] 72 72 + }, 73 73 + { 74 74 + "tcId" : 6, 75 75 + "comment" : "", 76 76 + "msg" : "000000000000000000000000", 77 77 + "sig" : "d46543bfb892f84ec124dcdfc847034c19363bf3fc2fa89b1267833a14856e52e60736918783f950b6f1dd8d40dc343247cd43ce054c2d68ef974f7ed0f3c60f", 78 78 + "result" : "valid", 79 79 + "flags" : [] 80 80 + }, 81 81 + { 82 82 + "tcId" : 7, 83 83 + "comment" : "", 84 84 + "msg" : "6161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161", 85 85 + "sig" : "879350045543bc14ed2c08939b68c30d22251d83e018cacbaf0c9d7a48db577e80bdf76ce99e5926762bc13b7b3483260a5ef63d07e34b58eb9c14621ac92f00", 86 86 + "result" : "valid", 87 87 + "flags" : [] 88 88 + }, 89 89 + { 90 90 + "tcId" : 8, 91 91 + "comment" : "", 92 92 + "msg" : "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f60", 93 93 + "sig" : "7bdc3f9919a05f1d5db4a3ada896094f6871c1f37afc75db82ec3147d84d6f237b7e5ecc26b59cfea0c7eaf1052dc427b0f724615be9c3d3e01356c65b9b5109", 94 94 + "result" : "valid", 95 95 + "flags" : [] 96 96 + }, 97 97 + { 98 98 + "tcId" : 9, 99 99 + "comment" : "", 100 100 + "msg" : "ffffffffffffffffffffffffffffffff", 101 101 + "sig" : "5dbd7360e55aa38e855d6ad48c34bd35b7871628508906861a7c4776765ed7d1e13d910faabd689ec8618b78295c8ab8f0e19c8b4b43eb8685778499e943ae04", 102 102 + "result" : "valid", 103 103 + "flags" : [] 104 104 + }, 105 105 + { 106 106 + "tcId" : 10, 107 107 + "comment" : "special values for r and s", 108 108 + "msg" : "3f", 109 109 + "sig" : "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", 110 110 + "result" : "invalid", 111 111 + "flags" : [] 112 112 + }, 113 113 + { 114 114 + "tcId" : 11, 115 115 + "comment" : "special values for r and s", 116 116 + "msg" : "3f", 117 117 + "sig" : "00000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000", 118 118 + "result" : "invalid", 119 119 + "flags" : [] 120 120 + }, 121 121 + { 122 122 + "tcId" : 12, 123 123 + "comment" : "special values for r and s", 124 124 + "msg" : "3f", 125 125 + "sig" : "0000000000000000000000000000000000000000000000000000000000000000ecd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010", 126 126 + "result" : "invalid", 127 127 + "flags" : [] 128 128 + }, 129 129 + { 130 130 + "tcId" : 13, 131 131 + "comment" : "special values for r and s", 132 132 + "msg" : "3f", 133 133 + "sig" : "0000000000000000000000000000000000000000000000000000000000000000edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010", 134 134 + "result" : "invalid", 135 135 + "flags" : [] 136 136 + }, 137 137 + { 138 138 + "tcId" : 14, 139 139 + "comment" : "special values for r and s", 140 140 + "msg" : "3f", 141 141 + "sig" : "0000000000000000000000000000000000000000000000000000000000000000edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 142 142 + "result" : "invalid", 143 143 + "flags" : [] 144 144 + }, 145 145 + { 146 146 + "tcId" : 15, 147 147 + "comment" : "special values for r and s", 148 148 + "msg" : "3f", 149 149 + "sig" : "01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", 150 150 + "result" : "invalid", 151 151 + "flags" : [] 152 152 + }, 153 153 + { 154 154 + "tcId" : 16, 155 155 + "comment" : "special values for r and s", 156 156 + "msg" : "3f", 157 157 + "sig" : "01000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000", 158 158 + "result" : "invalid", 159 159 + "flags" : [] 160 160 + }, 161 161 + { 162 162 + "tcId" : 17, 163 163 + "comment" : "special values for r and s", 164 164 + "msg" : "3f", 165 165 + "sig" : "0100000000000000000000000000000000000000000000000000000000000000ecd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010", 166 166 + "result" : "invalid", 167 167 + "flags" : [] 168 168 + }, 169 169 + { 170 170 + "tcId" : 18, 171 171 + "comment" : "special values for r and s", 172 172 + "msg" : "3f", 173 173 + "sig" : "0100000000000000000000000000000000000000000000000000000000000000edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010", 174 174 + "result" : "invalid", 175 175 + "flags" : [] 176 176 + }, 177 177 + { 178 178 + "tcId" : 19, 179 179 + "comment" : "special values for r and s", 180 180 + "msg" : "3f", 181 181 + "sig" : "0100000000000000000000000000000000000000000000000000000000000000edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 182 182 + "result" : "invalid", 183 183 + "flags" : [] 184 184 + }, 185 185 + { 186 186 + "tcId" : 20, 187 187 + "comment" : "special values for r and s", 188 188 + "msg" : "3f", 189 189 + "sig" : "edd3f55c1a631258d69cf7a2def9de14000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000", 190 190 + "result" : "invalid", 191 191 + "flags" : [] 192 192 + }, 193 193 + { 194 194 + "tcId" : 21, 195 195 + "comment" : "special values for r and s", 196 196 + "msg" : "3f", 197 197 + "sig" : "edd3f55c1a631258d69cf7a2def9de14000000000000000000000000000000100100000000000000000000000000000000000000000000000000000000000000", 198 198 + "result" : "invalid", 199 199 + "flags" : [] 200 200 + }, 201 201 + { 202 202 + "tcId" : 22, 203 203 + "comment" : "special values for r and s", 204 204 + "msg" : "3f", 205 205 + "sig" : "edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010ecd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010", 206 206 + "result" : "invalid", 207 207 + "flags" : [] 208 208 + }, 209 209 + { 210 210 + "tcId" : 23, 211 211 + "comment" : "special values for r and s", 212 212 + "msg" : "3f", 213 213 + "sig" : "edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010", 214 214 + "result" : "invalid", 215 215 + "flags" : [] 216 216 + }, 217 217 + { 218 218 + "tcId" : 24, 219 219 + "comment" : "special values for r and s", 220 220 + "msg" : "3f", 221 221 + "sig" : "edd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 222 222 + "result" : "invalid", 223 223 + "flags" : [] 224 224 + }, 225 225 + { 226 226 + "tcId" : 25, 227 227 + "comment" : "special values for r and s", 228 228 + "msg" : "3f", 229 229 + "sig" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f0000000000000000000000000000000000000000000000000000000000000000", 230 230 + "result" : "invalid", 231 231 + "flags" : [] 232 232 + }, 233 233 + { 234 234 + "tcId" : 26, 235 235 + "comment" : "special values for r and s", 236 236 + "msg" : "3f", 237 237 + "sig" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f0100000000000000000000000000000000000000000000000000000000000000", 238 238 + "result" : "invalid", 239 239 + "flags" : [] 240 240 + }, 241 241 + { 242 242 + "tcId" : 27, 243 243 + "comment" : "special values for r and s", 244 244 + "msg" : "3f", 245 245 + "sig" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7fecd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010", 246 246 + "result" : "invalid", 247 247 + "flags" : [] 248 248 + }, 249 249 + { 250 250 + "tcId" : 28, 251 251 + "comment" : "special values for r and s", 252 252 + "msg" : "3f", 253 253 + "sig" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7fedd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010", 254 254 + "result" : "invalid", 255 255 + "flags" : [] 256 256 + }, 257 257 + { 258 258 + "tcId" : 29, 259 259 + "comment" : "special values for r and s", 260 260 + "msg" : "3f", 261 261 + "sig" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7fedffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 262 262 + "result" : "invalid", 263 263 + "flags" : [] 264 264 + }, 265 265 + { 266 266 + "tcId" : 30, 267 267 + "comment" : "empty signature", 268 268 + "msg" : "54657374", 269 269 + "sig" : "", 270 270 + "result" : "invalid", 271 271 + "flags" : [] 272 272 + }, 273 273 + { 274 274 + "tcId" : 31, 275 275 + "comment" : "s missing", 276 276 + "msg" : "54657374", 277 277 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab0", 278 278 + "result" : "invalid", 279 279 + "flags" : [] 280 280 + }, 281 281 + { 282 282 + "tcId" : 32, 283 283 + "comment" : "signature too short", 284 284 + "msg" : "54657374", 285 285 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946", 286 286 + "result" : "invalid", 287 287 + "flags" : [] 288 288 + }, 289 289 + { 290 290 + "tcId" : 33, 291 291 + "comment" : "signature too long", 292 292 + "msg" : "54657374", 293 293 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d2020", 294 294 + "result" : "invalid", 295 295 + "flags" : [] 296 296 + }, 297 297 + { 298 298 + "tcId" : 34, 299 299 + "comment" : "include pk in signature", 300 300 + "msg" : "54657374", 301 301 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d7d4d0e7f6153a69b6242b522abbee685fda4420f8834b108c3bdae369ef549fa", 302 302 + "result" : "invalid", 303 303 + "flags" : [] 304 304 + }, 305 305 + { 306 306 + "tcId" : 35, 307 307 + "comment" : "prepending 0 byte to signature", 308 308 + "msg" : "54657374", 309 309 + "sig" : "007c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d", 310 310 + "result" : "invalid", 311 311 + "flags" : [] 312 312 + }, 313 313 + { 314 314 + "tcId" : 36, 315 315 + "comment" : "prepending 0 byte to s", 316 316 + "msg" : "54657374", 317 317 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab0007a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d", 318 318 + "result" : "invalid", 319 319 + "flags" : [] 320 320 + }, 321 321 + { 322 322 + "tcId" : 37, 323 323 + "comment" : "appending 0 byte to signature", 324 324 + "msg" : "54657374", 325 325 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b30d00", 326 326 + "result" : "invalid", 327 327 + "flags" : [] 328 328 + }, 329 329 + { 330 330 + "tcId" : 38, 331 331 + "comment" : "removing 0 byte from signature", 332 332 + "msg" : "546573743137", 333 333 + "sig" : "93de3ca252426c95f735cb9edd92e83321ac62372d5aa5b379786bae111ab6b17251330e8f9a7c30d6993137c596007d7b001409287535ac4804e662bc58a3", 334 334 + "result" : "invalid", 335 335 + "flags" : [] 336 336 + }, 337 337 + { 338 338 + "tcId" : 39, 339 339 + "comment" : "removing 0 byte from signature", 340 340 + "msg" : "54657374313236", 341 341 + "sig" : "dffed33a7f420b62bb1731cfd03be805affd18a281ec02b1067ba6e9d20826569e742347df59c88ae96db1f1969fb189b0ec34381d85633e1889da48d95e0e", 342 342 + "result" : "invalid", 343 343 + "flags" : [] 344 344 + }, 345 345 + { 346 346 + "tcId" : 40, 347 347 + "comment" : "removing leading 0 byte from signature", 348 348 + "msg" : "546573743530", 349 349 + "sig" : "6e170c719577c25e0e1e8b8aa7a6346f8b109f37385cc2e85dc3b4c0f46a9c6bcafd67f52324c5dbaf40a1b673fb29c4a56052d2d6999d0838a8337bccb502", 350 350 + "result" : "invalid", 351 351 + "flags" : [] 352 352 + }, 353 353 + { 354 354 + "tcId" : 41, 355 355 + "comment" : "dropping byte from signature", 356 356 + "msg" : "54657374333437", 357 357 + "sig" : "b0928b46e99fbbad3f5cb502d2cd309d94a7e86cfd4d84b1fcf4cea18075a9c36993c0582dba1e9e519fae5a8654f454201ae0c3cb397c37b8f4f8eef18400", 358 358 + "result" : "invalid", 359 359 + "flags" : [] 360 360 + }, 361 361 + { 362 362 + "tcId" : 42, 363 363 + "comment" : "modified bit 0 in R", 364 364 + "msg" : "313233343030", 365 365 + "sig" : "647c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2b1d125e5538f38afbcc1c84e489521083041d24bc6240767029da063271a1ff0c", 366 366 + "result" : "invalid", 367 367 + "flags" : [] 368 368 + }, 369 369 + { 370 370 + "tcId" : 43, 371 371 + "comment" : "modified bit 1 in R", 372 372 + "msg" : "313233343030", 373 373 + "sig" : "677c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2bc108ca4b87a49c9ed2cf383aecad8f54a962b2899da891e12004d7993a627e01", 374 374 + "result" : "invalid", 375 375 + "flags" : [] 376 376 + }, 377 377 + { 378 378 + "tcId" : 44, 379 379 + "comment" : "modified bit 2 in R", 380 380 + "msg" : "313233343030", 381 381 + "sig" : "617c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2b9ce23fc6213ed5b87912e9bbf92f5e2c780eae26d15c50a112d1e97d2ea33c06", 382 382 + "result" : "invalid", 383 383 + "flags" : [] 384 384 + }, 385 385 + { 386 386 + "tcId" : 45, 387 387 + "comment" : "modified bit 7 in R", 388 388 + "msg" : "313233343030", 389 389 + "sig" : "e57c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2bbb3eb51cd98dddb235a5f46f2bded6af184a58d09cce928bda43f41d69118a03", 390 390 + "result" : "invalid", 391 391 + "flags" : [] 392 392 + }, 393 393 + { 394 394 + "tcId" : 46, 395 395 + "comment" : "modified bit 8 in R", 396 396 + "msg" : "313233343030", 397 397 + "sig" : "657d1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2bcd237dda9a116501f67a5705a854b9adc304f34720803a91b324f2c13e0f5a09", 398 398 + "result" : "invalid", 399 399 + "flags" : [] 400 400 + }, 401 401 + { 402 402 + "tcId" : 47, 403 403 + "comment" : "modified bit 16 in R", 404 404 + "msg" : "313233343030", 405 405 + "sig" : "657c1592402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2b6b167bbdc0d881cc04d28905552c1876f3709851abc5007376940cc8a435c300", 406 406 + "result" : "invalid", 407 407 + "flags" : [] 408 408 + }, 409 409 + { 410 410 + "tcId" : 48, 411 411 + "comment" : "modified bit 31 in R", 412 412 + "msg" : "313233343030", 413 413 + "sig" : "657c1412402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2b7fd2ac7da14afffcceeb13f2a0d6b887941cb1a5eb57a52f3cb131a16cce7b0e", 414 414 + "result" : "invalid", 415 415 + "flags" : [] 416 416 + }, 417 417 + { 418 418 + "tcId" : 49, 419 419 + "comment" : "modified bit 32 in R", 420 420 + "msg" : "313233343030", 421 421 + "sig" : "657c1492412ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2b7373ba13ebbef99cd2a8ead55ce735c987d85a35320925a8e871702dc7c5c40d", 422 422 + "result" : "invalid", 423 423 + "flags" : [] 424 424 + }, 425 425 + { 426 426 + "tcId" : 50, 427 427 + "comment" : "modified bit 63 in R", 428 428 + "msg" : "313233343030", 429 429 + "sig" : "657c1492402ab54e03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2bd35bd331c03f0855504ca1cab87b83c36a028425a3cf007ede4f4254c261cb00", 430 430 + "result" : "invalid", 431 431 + "flags" : [] 432 432 + }, 433 433 + { 434 434 + "tcId" : 51, 435 435 + "comment" : "modified bit 64 in R", 436 436 + "msg" : "313233343030", 437 437 + "sig" : "657c1492402ab5ce02e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2bcb35101f73cf467deac8c1a03b6c3dc35af544132734b7e57ab20c89b2e4750d", 438 438 + "result" : "invalid", 439 439 + "flags" : [] 440 440 + }, 441 441 + { 442 442 + "tcId" : 52, 443 443 + "comment" : "modified bit 97 in R", 444 444 + "msg" : "313233343030", 445 445 + "sig" : "657c1492402ab5ce03e2c3a7f2384d051b9cf3570f1207fc78c1bcc98c281c2bb58d2e8878290bff8d3355fdd4ea381924ee578752354eb6dee678ab4011c301", 446 446 + "result" : "invalid", 447 447 + "flags" : [] 448 448 + }, 449 449 + { 450 450 + "tcId" : 53, 451 451 + "comment" : "modified bit 127 in R", 452 452 + "msg" : "313233343030", 453 453 + "sig" : "657c1492402ab5ce03e2c3a7f0384d851b9cf3570f1207fc78c1bcc98c281c2bb978c866187ffb1cc7b29a0b4045aefc08768df65717194ff0c6e63f4dea0d02", 454 454 + "result" : "invalid", 455 455 + "flags" : [] 456 456 + }, 457 457 + { 458 458 + "tcId" : 54, 459 459 + "comment" : "modified bit 240 in R", 460 460 + "msg" : "313233343030", 461 461 + "sig" : "657c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281d2b0576ecf8eaf675f00f3dfbe19f75b83b7607a6c96414f6821af920a2498d0305", 462 462 + "result" : "invalid", 463 463 + "flags" : [] 464 464 + }, 465 465 + { 466 466 + "tcId" : 55, 467 467 + "comment" : "modified bit 247 in R", 468 468 + "msg" : "313233343030", 469 469 + "sig" : "657c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c289c2be5241a345c7b5428054c74b7c382fa10d4a5f1e8f8b79a71d3fdea2254f1ff0e", 470 470 + "result" : "invalid", 471 471 + "flags" : [] 472 472 + }, 473 473 + { 474 474 + "tcId" : 56, 475 475 + "comment" : "modified bit 248 in R", 476 476 + "msg" : "313233343030", 477 477 + "sig" : "657c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c2a63950c85cd6dc96364e768de50ff7732b538f8a0b1615d799190ab600849230e", 478 478 + "result" : "invalid", 479 479 + "flags" : [] 480 480 + }, 481 481 + { 482 482 + "tcId" : 57, 483 483 + "comment" : "modified bit 253 in R", 484 484 + "msg" : "313233343030", 485 485 + "sig" : "657c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c0b543bd3da0a56a8c9c152f59c9fec12f31fa66434d48b817b30d90cb4efa8b501", 486 486 + "result" : "invalid", 487 487 + "flags" : [] 488 488 + }, 489 489 + { 490 490 + "tcId" : 58, 491 491 + "comment" : "modified bit 254 in R", 492 492 + "msg" : "313233343030", 493 493 + "sig" : "657c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281c6b8da07efd07a6dafb015ed6a32fe136319a972ffbc341f3a0beae97ccf8136505", 494 494 + "result" : "invalid", 495 495 + "flags" : [] 496 496 + }, 497 497 + { 498 498 + "tcId" : 59, 499 499 + "comment" : "modified bit 255 in R", 500 500 + "msg" : "313233343030", 501 501 + "sig" : "657c1492402ab5ce03e2c3a7f0384d051b9cf3570f1207fc78c1bcc98c281cab227aedf259f910f0f3a759a335062665217925d019173b88917eae294f75d40f", 502 502 + "result" : "invalid", 503 503 + "flags" : [] 504 504 + }, 505 505 + { 506 506 + "tcId" : 60, 507 507 + "comment" : "R==0", 508 508 + "msg" : "313233343030", 509 509 + "sig" : "0000000000000000000000000000000000000000000000000000000000000000e0b8e7770d51c7a36375d006c5bffd6af43ff54aaf47e4330dc118c71d61ec02", 510 510 + "result" : "invalid", 511 511 + "flags" : [] 512 512 + }, 513 513 + { 514 514 + "tcId" : 61, 515 515 + "comment" : "invalid R", 516 516 + "msg" : "313233343030", 517 517 + "sig" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff463a1908382e7eb7693acef9884f7cf931a215e0791876be22c631a59881fd0e", 518 518 + "result" : "invalid", 519 519 + "flags" : [] 520 520 + }, 521 521 + { 522 522 + "tcId" : 62, 523 523 + "comment" : "all bits flipped in R", 524 524 + "msg" : "313233343030", 525 525 + "sig" : "9a83eb6dbfd54a31fc1d3c580fc7b2fae4630ca8f0edf803873e433673d7e3d40e94254586cb6188c5386c3febed477cb9a6cb29e3979adc4cb27cf5278fb70a", 526 526 + "result" : "invalid", 527 527 + "flags" : [] 528 528 + }, 529 529 + { 530 530 + "tcId" : 63, 531 531 + "comment" : "checking malleability ", 532 532 + "msg" : "54657374", 533 533 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab067654bce3832c2d76f8f6f5dafc08d9339d4eef676573336a5c51eb6f946b31d", 534 534 + "result" : "invalid", 535 535 + "flags" : [ 536 536 + "SignatureMalleability" 537 537 + ] 538 538 + }, 539 539 + { 540 540 + "tcId" : 64, 541 541 + "comment" : "checking malleability ", 542 542 + "msg" : "54657374", 543 543 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab05439412b5395d42f462c67008eba6ca839d4eef676573336a5c51eb6f946b32d", 544 544 + "result" : "invalid", 545 545 + "flags" : [ 546 546 + "SignatureMalleability" 547 547 + ] 548 548 + }, 549 549 + { 550 550 + "tcId" : 65, 551 551 + "comment" : "checking malleability ", 552 552 + "msg" : "54657374", 553 553 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab02ee12ce5875bf9dff26556464bae2ad239d4eef676573336a5c51eb6f946b34d", 554 554 + "result" : "invalid", 555 555 + "flags" : [ 556 556 + "SignatureMalleability" 557 557 + ] 558 558 + }, 559 559 + { 560 560 + "tcId" : 66, 561 561 + "comment" : "checking malleability ", 562 562 + "msg" : "54657374", 563 563 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab0e2300459f1e742404cd934d2c595a6253ad4eef676573336a5c51eb6f946b38d", 564 564 + "result" : "invalid", 565 565 + "flags" : [ 566 566 + "SignatureMalleability" 567 567 + ] 568 568 + }, 569 569 + { 570 570 + "tcId" : 67, 571 571 + "comment" : "checking malleability ", 572 572 + "msg" : "54657374", 573 573 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b32d", 574 574 + "result" : "invalid", 575 575 + "flags" : [ 576 576 + "SignatureMalleability" 577 577 + ] 578 578 + }, 579 579 + { 580 580 + "tcId" : 68, 581 581 + "comment" : "checking malleability ", 582 582 + "msg" : "54657374", 583 583 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b34d", 584 584 + "result" : "invalid", 585 585 + "flags" : [ 586 586 + "SignatureMalleability" 587 587 + ] 588 588 + }, 589 589 + { 590 590 + "tcId" : 69, 591 591 + "comment" : "checking malleability ", 592 592 + "msg" : "54657374", 593 593 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab07a9155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b38d", 594 594 + "result" : "invalid", 595 595 + "flags" : [ 596 596 + "SignatureMalleability" 597 597 + ] 598 598 + }, 599 599 + { 600 600 + "tcId" : 70, 601 601 + "comment" : "checking malleability ", 602 602 + "msg" : "54657374", 603 603 + "sig" : "7c38e026f29e14aabd059a0f2db8b0cd783040609a8be684db12f82a27774ab0679155711ecfaf7f99f277bad0c6ae7e39d4eef676573336a5c51eb6f946b38d", 604 604 + "result" : "invalid", 605 605 + "flags" : [ 606 606 + "SignatureMalleability" 607 607 + ] 608 608 + } 609 609 + ] 610 610 + }, 611 611 + { 612 612 + "jwk" : { 613 613 + "crv" : "Ed25519", 614 614 + "d" : "CiOiAHKJEjeqCGS1dlE5UUkIeHh4zXcTWgBZiB0xPwA", 615 615 + "kid" : "none", 616 616 + "kty" : "OKP", 617 617 + "x" : "oSwr63cmXyqslTtQCTSdlBVaA62kFqrUUTGUgOmDykw" 618 618 + }, 619 619 + "key" : { 620 620 + "curve" : "edwards25519", 621 621 + "keySize" : 255, 622 622 + "pk" : "a12c2beb77265f2aac953b5009349d94155a03ada416aad451319480e983ca4c", 623 623 + "sk" : "0a23a20072891237aa0864b5765139514908787878cd77135a0059881d313f00", 624 624 + "type" : "EDDSAKeyPair" 625 625 + }, 626 626 + "keyDer" : "302a300506032b6570032100a12c2beb77265f2aac953b5009349d94155a03ada416aad451319480e983ca4c", 627 627 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAoSwr63cmXyqslTtQCTSdlBVaA62kFqrUUTGUgOmDykw=\n-----END PUBLIC KEY-----\n", 628 628 + "type" : "EddsaVerify", 629 629 + "tests" : [ 630 630 + { 631 631 + "tcId" : 71, 632 632 + "comment" : "", 633 633 + "msg" : "", 634 634 + "sig" : "5056325d2ab440bf30bbf0f7173199aa8b4e6fbc091cf3eb6bc6cf87cd73d992ffc216c85e4ab5b8a0bbc7e9a6e9f8d33b7f6e5ac0ffdc22d9fcaf784af84302", 635 635 + "result" : "valid", 636 636 + "flags" : [] 637 637 + }, 638 638 + { 639 639 + "tcId" : 72, 640 640 + "comment" : "", 641 641 + "msg" : "78", 642 642 + "sig" : "481fafbf4364d7b682475282f517a3ac0538c9a6b6a562e99a3d8e5afb4f90a559b056b9f07af023905753b02d95eb329a35c77f154b79abbcd291615ce42f02", 643 643 + "result" : "valid", 644 644 + "flags" : [] 645 645 + }, 646 646 + { 647 647 + "tcId" : 73, 648 648 + "comment" : "", 649 649 + "msg" : "54657374", 650 650 + "sig" : "8a9bb4c465a3863abc9fd0dd35d80bb28f7d33d37d74679802d63f82b20da114b8d765a1206b3e9ad7cf2b2d8d778bb8651f1fa992db293c0039eacb6161480f", 651 651 + "result" : "valid", 652 652 + "flags" : [] 653 653 + }, 654 654 + { 655 655 + "tcId" : 74, 656 656 + "comment" : "", 657 657 + "msg" : "48656c6c6f", 658 658 + "sig" : "d839c20abfda1fd429531831c64f813f84b913e9928540310cf060b44c3dbf9457d44a7721fdc0d67724ff81cb450dd39b10cfb65db15dda4b8bf09d26bd3801", 659 659 + "result" : "valid", 660 660 + "flags" : [] 661 661 + }, 662 662 + { 663 663 + "tcId" : 75, 664 664 + "comment" : "", 665 665 + "msg" : "313233343030", 666 666 + "sig" : "9bbb1052dcfa8ad2715c2eb716ae4f1902dea353d42ee09fd4c0b4fcb8b52b5219e2200016e1199d0061891c263e31b0bc3b55673c19610c4e0fa5408004160b", 667 667 + "result" : "valid", 668 668 + "flags" : [] 669 669 + }, 670 670 + { 671 671 + "tcId" : 76, 672 672 + "comment" : "", 673 673 + "msg" : "000000000000000000000000", 674 674 + "sig" : "f63b5c0667c7897fc283296416f7f60e84bbde9cbd832e56be463ed9f568069702b17a2f7c341ebf590706a6388ac76ac613c1675ec0f2c7118f2573422a500b", 675 675 + "result" : "valid", 676 676 + "flags" : [] 677 677 + }, 678 678 + { 679 679 + "tcId" : 77, 680 680 + "comment" : "", 681 681 + "msg" : "6161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161", 682 682 + "sig" : "1bc44d7001e6b5b9090fef34b2ca480f9786bbefa7d279353e5881e8dfb91b803ccd46500e270ef0109bfd741037558832120bc2a4f20fbe7b5fb3c3aaf23e08", 683 683 + "result" : "valid", 684 684 + "flags" : [] 685 685 + }, 686 686 + { 687 687 + "tcId" : 78, 688 688 + "comment" : "", 689 689 + "msg" : "202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f60", 690 690 + "sig" : "ea8e22143b02372e76e99aece3ed36aec529768a27e2bb49bdc135d44378061e1f62d1ac518f33ebf37b2ee8cc6dde68a4bd7d4a2f4d6cb77f015f71ca9fc30d", 691 691 + "result" : "valid", 692 692 + "flags" : [] 693 693 + }, 694 694 + { 695 695 + "tcId" : 79, 696 696 + "comment" : "", 697 697 + "msg" : "ffffffffffffffffffffffffffffffff", 698 698 + "sig" : "8acd679e1a914fc45d5fa83d3021f0509c805c8d271df54e52f43cfbd00cb6222bf81d58fe1de2de378df67ee9f453786626961fe50a9b05f12b6f0899ebdd0a", 699 699 + "result" : "valid", 700 700 + "flags" : [] 701 701 + } 702 702 + ] 703 703 + }, 704 704 + { 705 705 + "jwk" : { 706 706 + "crv" : "Ed25519", 707 707 + "d" : "nWGxne_9WmC6hEr0kuwsxERJxWl7MmkZcDusAxyuf2A", 708 708 + "kid" : "none", 709 709 + "kty" : "OKP", 710 710 + "x" : "11qYAYKxCrfVS_7TyWQHOg7hcvPapiMlrwIaaPcHURo" 711 711 + }, 712 712 + "key" : { 713 713 + "curve" : "edwards25519", 714 714 + "keySize" : 255, 715 715 + "pk" : "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a", 716 716 + "sk" : "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", 717 717 + "type" : "EDDSAKeyPair" 718 718 + }, 719 719 + "keyDer" : "302a300506032b6570032100d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a", 720 720 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo=\n-----END PUBLIC KEY-----\n", 721 721 + "type" : "EddsaVerify", 722 722 + "tests" : [ 723 723 + { 724 724 + "tcId" : 80, 725 725 + "comment" : "draft-josefsson-eddsa-ed25519-02: Test 1", 726 726 + "msg" : "", 727 727 + "sig" : "e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b", 728 728 + "result" : "valid", 729 729 + "flags" : [] 730 730 + } 731 731 + ] 732 732 + }, 733 733 + { 734 734 + "jwk" : { 735 735 + "crv" : "Ed25519", 736 736 + "d" : "TM0Imyj_ltqdtsNG7BFOD1uKMZ81q6Yk2oz27U-4pvs", 737 737 + "kid" : "none", 738 738 + "kty" : "OKP", 739 739 + "x" : "PUAXw-hDiVqStwqnTRt-vJyYLM8uxJaMwM1V8Sr0Zgw" 740 740 + }, 741 741 + "key" : { 742 742 + "curve" : "edwards25519", 743 743 + "keySize" : 255, 744 744 + "pk" : "3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c", 745 745 + "sk" : "4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb", 746 746 + "type" : "EDDSAKeyPair" 747 747 + }, 748 748 + "keyDer" : "302a300506032b65700321003d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c", 749 749 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAPUAXw+hDiVqStwqnTRt+vJyYLM8uxJaMwM1V8Sr0Zgw=\n-----END PUBLIC KEY-----\n", 750 750 + "type" : "EddsaVerify", 751 751 + "tests" : [ 752 752 + { 753 753 + "tcId" : 81, 754 754 + "comment" : "draft-josefsson-eddsa-ed25519-02: Test 2", 755 755 + "msg" : "72", 756 756 + "sig" : "92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00", 757 757 + "result" : "valid", 758 758 + "flags" : [] 759 759 + } 760 760 + ] 761 761 + }, 762 762 + { 763 763 + "jwk" : { 764 764 + "crv" : "Ed25519", 765 765 + "d" : "xaqN9D-fg3vtt0QvMdy3sWbThTUHbwlLhc46LgtEWPc", 766 766 + "kid" : "none", 767 767 + "kty" : "OKP", 768 768 + "x" : "_FHNjmIYoaONpH7QAjDwWAgW7RO6MwOsXeuRFUiQgCU" 769 769 + }, 770 770 + "key" : { 771 771 + "curve" : "edwards25519", 772 772 + "keySize" : 255, 773 773 + "pk" : "fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025", 774 774 + "sk" : "c5aa8df43f9f837bedb7442f31dcb7b166d38535076f094b85ce3a2e0b4458f7", 775 775 + "type" : "EDDSAKeyPair" 776 776 + }, 777 777 + "keyDer" : "302a300506032b6570032100fc51cd8e6218a1a38da47ed00230f0580816ed13ba3303ac5deb911548908025", 778 778 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA/FHNjmIYoaONpH7QAjDwWAgW7RO6MwOsXeuRFUiQgCU=\n-----END PUBLIC KEY-----\n", 779 779 + "type" : "EddsaVerify", 780 780 + "tests" : [ 781 781 + { 782 782 + "tcId" : 82, 783 783 + "comment" : "draft-josefsson-eddsa-ed25519-02: Test 3", 784 784 + "msg" : "af82", 785 785 + "sig" : "6291d657deec24024827e69c3abe01a30ce548a284743a445e3680d7db5ac3ac18ff9b538d16f290ae67f760984dc6594a7c15e9716ed28dc027beceea1ec40a", 786 786 + "result" : "valid", 787 787 + "flags" : [] 788 788 + } 789 789 + ] 790 790 + }, 791 791 + { 792 792 + "jwk" : { 793 793 + "crv" : "Ed25519", 794 794 + "d" : "9eV2fPFTMZUXYw8iaHa4bIFgzFg7wBN0TGvyVfXMDuU", 795 795 + "kid" : "none", 796 796 + "kty" : "OKP", 797 797 + "x" : "J4EX_BRMcjQPZ9DyMW6Dhs7_vyskKMnFH-98WX8dQm4" 798 798 + }, 799 799 + "key" : { 800 800 + "curve" : "edwards25519", 801 801 + "keySize" : 255, 802 802 + "pk" : "278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e", 803 803 + "sk" : "f5e5767cf153319517630f226876b86c8160cc583bc013744c6bf255f5cc0ee5", 804 804 + "type" : "EDDSAKeyPair" 805 805 + }, 806 806 + "keyDer" : "302a300506032b6570032100278117fc144c72340f67d0f2316e8386ceffbf2b2428c9c51fef7c597f1d426e", 807 807 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAJ4EX/BRMcjQPZ9DyMW6Dhs7/vyskKMnFH+98WX8dQm4=\n-----END PUBLIC KEY-----\n", 808 808 + "type" : "EddsaVerify", 809 809 + "tests" : [ 810 810 + { 811 811 + "tcId" : 83, 812 812 + "comment" : "draft-josefsson-eddsa-ed25519-02: Test 1024", 813 813 + "msg" : "08b8b2b733424243760fe426a4b54908632110a66c2f6591eabd3345e3e4eb98fa6e264bf09efe12ee50f8f54e9f77b1e355f6c50544e23fb1433ddf73be84d879de7c0046dc4996d9e773f4bc9efe5738829adb26c81b37c93a1b270b20329d658675fc6ea534e0810a4432826bf58c941efb65d57a338bbd2e26640f89ffbc1a858efcb8550ee3a5e1998bd177e93a7363c344fe6b199ee5d02e82d522c4feba15452f80288a821a579116ec6dad2b3b310da903401aa62100ab5d1a36553e06203b33890cc9b832f79ef80560ccb9a39ce767967ed628c6ad573cb116dbefefd75499da96bd68a8a97b928a8bbc103b6621fcde2beca1231d206be6cd9ec7aff6f6c94fcd7204ed3455c68c83f4a41da4af2b74ef5c53f1d8ac70bdcb7ed185ce81bd84359d44254d95629e9855a94a7c1958d1f8ada5d0532ed8a5aa3fb2d17ba70eb6248e594e1a2297acbbb39d502f1a8c6eb6f1ce22b3de1a1f40cc24554119a831a9aad6079cad88425de6bde1a9187ebb6092cf67bf2b13fd65f27088d78b7e883c8759d2c4f5c65adb7553878ad575f9fad878e80a0c9ba63bcbcc2732e69485bbc9c90bfbd62481d9089beccf80cfe2df16a2cf65bd92dd597b0707e0917af48bbb75fed413d238f5555a7a569d80c3414a8d0859dc65a46128bab27af87a71314f318c782b23ebfe808b82b0ce26401d2e22f04d83d1255dc51addd3b75a2b1ae0784504df543af8969be3ea7082ff7fc9888c144da2af58429ec96031dbcad3dad9af0dcbaaaf268cb8fcffead94f3c7ca495e056a9b47acdb751fb73e666c6c655ade8297297d07ad1ba5e43f1bca32301651339e22904cc8c42f58c30c04aafdb038dda0847dd988dcda6f3bfd15c4b4c4525004aa06eeff8ca61783aacec57fb3d1f92b0fe2fd1a85f6724517b65e614ad6808d6f6ee34dff7310fdc82aebfd904b01e1dc54b2927094b2db68d6f903b68401adebf5a7e08d78ff4ef5d63653a65040cf9bfd4aca7984a74d37145986780fc0b16ac451649de6188a7dbdf191f64b5fc5e2ab47b57f7f7276cd419c17a3ca8e1b939ae49e488acba6b965610b5480109c8b17b80e1b7b750dfc7598d5d5011fd2dcc5600a32ef5b52a1ecc820e308aa342721aac0943bf6686b64b2579376504ccc493d97e6aed3fb0f9cd71a43dd497f01f17c0e2cb3797aa2a2f256656168e6c496afc5fb93246f6b1116398a346f1a641f3b041e989f7914f90cc2c7fff357876e506b50d334ba77c225bc307ba537152f3f1610e4eafe595f6d9d90d11faa933a15ef1369546868a7f3a45a96768d40fd9d03412c091c6315cf4fde7cb68606937380db2eaaa707b4c4185c32eddcdd306705e4dc1ffc872eeee475a64dfac86aba41c0618983f8741c5ef68d3a101e8a3b8cac60c905c15fc910840b94c00a0b9d0", 814 814 + "sig" : "0aab4c900501b3e24d7cdf4663326a3a87df5e4843b2cbdb67cbf6e460fec350aa5371b1508f9f4528ecea23c436d94b5e8fcd4f681e30a6ac00a9704a188a03", 815 815 + "result" : "valid", 816 816 + "flags" : [] 817 817 + } 818 818 + ] 819 819 + }, 820 820 + { 821 821 + "jwk" : { 822 822 + "crv" : "Ed25519", 823 823 + "d" : "160_H2u-BHfDw1eoBqGetBrj-UAlA1vIfygfjun8DjQ", 824 824 + "kid" : "none", 825 825 + "kty" : "OKP", 826 826 + "x" : "j9ZZt3tVjtk4gsEVdDhFCshuxi1CHVaOmO4jbzgQKVo" 827 827 + }, 828 828 + "key" : { 829 829 + "curve" : "edwards25519", 830 830 + "keySize" : 255, 831 831 + "pk" : "8fd659b77b558ed93882c1157438450ac86ec62d421d568e98ee236f3810295a", 832 832 + "sk" : "d7ad3f1f6bbe0477c3c357a806a19eb41ae3f94025035bc87f281f8ee9fc0e34", 833 833 + "type" : "EDDSAKeyPair" 834 834 + }, 835 835 + "keyDer" : "302a300506032b65700321008fd659b77b558ed93882c1157438450ac86ec62d421d568e98ee236f3810295a", 836 836 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAj9ZZt3tVjtk4gsEVdDhFCshuxi1CHVaOmO4jbzgQKVo=\n-----END PUBLIC KEY-----\n", 837 837 + "type" : "EddsaVerify", 838 838 + "tests" : [ 839 839 + { 840 840 + "tcId" : 84, 841 841 + "comment" : "Random test failure 1", 842 842 + "msg" : "b0729a713593a92e46b56eaa66b9e435f7a09a8e7de03b078f6f282285276635f301e7aaafe42187c45d6f5b13f9f16b11195cc125c05b90d24dfe4c", 843 843 + "sig" : "7db17557ac470c0eda4eedaabce99197ab62565653cf911f632ee8be0e5ffcfc88fb94276b42e0798fd3aa2f0318be7fc6a29fae75f70c3dcdc414a0ad866601", 844 844 + "result" : "valid", 845 845 + "flags" : [] 846 846 + } 847 847 + ] 848 848 + }, 849 849 + { 850 850 + "jwk" : { 851 851 + "crv" : "Ed25519", 852 852 + "d" : "rZsieTM2_NrBDhNsTe6lmb4Yejju-Rwc98ek7IhN2gg", 853 853 + "kid" : "none", 854 854 + "kty" : "OKP", 855 855 + "x" : "KmBr9nrHcMYHA4sAQQGzJe21ae_TQT0tHyw-a05uMII" 856 856 + }, 857 857 + "key" : { 858 858 + "curve" : "edwards25519", 859 859 + "keySize" : 255, 860 860 + "pk" : "2a606bf67ac770c607038b004101b325edb569efd3413d2d1f2c3e6b4e6e3082", 861 861 + "sk" : "ad9b22793336fcdac10e136c4deea599be187a38eef91c1cf7c7a4ec884dda08", 862 862 + "type" : "EDDSAKeyPair" 863 863 + }, 864 864 + "keyDer" : "302a300506032b65700321002a606bf67ac770c607038b004101b325edb569efd3413d2d1f2c3e6b4e6e3082", 865 865 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAKmBr9nrHcMYHA4sAQQGzJe21ae/TQT0tHyw+a05uMII=\n-----END PUBLIC KEY-----\n", 866 866 + "type" : "EddsaVerify", 867 867 + "tests" : [ 868 868 + { 869 869 + "tcId" : 85, 870 870 + "comment" : "Random test failure 2", 871 871 + "msg" : "a8546e50ba31cae3234310d32672447be213fad91a227a19669c53d309b959782b0e6b71f8791fdb470043b58122003157d2d96a43a6cbd7d3a8d86bf4c97391883e268d50af80e1e6e12939c2bd50ca746cdadfad4edf1bda875299740724148efb1ebe73fb60088cda890317658627a5f7ab5a0c075d9d8f3f97b6492b35519e50ff6b38377432a7081f9176bb1c29a862deac1336ca20b097a47829cec10a6a7cec178eda2d12f6dc6c87f910454af0123555ba184e68804d9cced60fd5c8c90943e56599c8f0ba59a38491ba5e5a53460682474c07e40ca142983314fd762856bb1093f359da6eb0a756bd93a3160c10dd8feea6b97e7c6a17cb54bd5d7649c05c66d7bdee056671dfdaf689fa3945bb8e29a429f4bd5d355dce9687b06f01d5e33e3999f0e8", 872 872 + "sig" : "67d84d4c3945aaf06e06d524be63acbfb5dbb1988c4aea96a5ee9f7a9b9eecc29df4f66b8aa1d9e8607a58fb1ef0c2ad69aac005b4f58e34103344a9c8871a09", 873 873 + "result" : "valid", 874 874 + "flags" : [] 875 875 + }, 876 876 + { 877 877 + "tcId" : 86, 878 878 + "comment" : "Random test failure 24", 879 879 + "msg" : "b477b0480bb84642608b908d29a51cf2fce63f24ee95", 880 880 + "sig" : "28fafbb62b4d688fa79e1ac92851f46e319b161f801d4dc09acc21fdd6780a2c4292b8c1003c61c2bcebe7f3f88ccc4bb26d407387c5f27cb8c94cf6ce810405", 881 881 + "result" : "valid", 882 882 + "flags" : [] 883 883 + } 884 884 + ] 885 885 + }, 886 886 + { 887 887 + "jwk" : { 888 888 + "crv" : "Ed25519", 889 889 + "d" : "BKZVPWipuu94ohda83VFjqoBzbdzUMYeKC718McRZZk", 890 890 + "kid" : "none", 891 891 + "kty" : "OKP", 892 892 + "x" : "yclGy8VUSsdO70kfB8WIHBb69-wxzkqpG7YK57RTkFE" 893 893 + }, 894 894 + "key" : { 895 895 + "curve" : "edwards25519", 896 896 + "keySize" : 255, 897 897 + "pk" : "c9c946cbc5544ac74eef491f07c5881c16faf7ec31ce4aa91bb60ae7b4539051", 898 898 + "sk" : "04a6553d68a9baef78a2175af375458eaa01cdb77350c61e282ef5f0c7116599", 899 899 + "type" : "EDDSAKeyPair" 900 900 + }, 901 901 + "keyDer" : "302a300506032b6570032100c9c946cbc5544ac74eef491f07c5881c16faf7ec31ce4aa91bb60ae7b4539051", 902 902 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAyclGy8VUSsdO70kfB8WIHBb69+wxzkqpG7YK57RTkFE=\n-----END PUBLIC KEY-----\n", 903 903 + "type" : "EddsaVerify", 904 904 + "tests" : [ 905 905 + { 906 906 + "tcId" : 87, 907 907 + "comment" : "Random test failure 3", 908 908 + "msg" : "cd2212eddb0706f62c995cef958634f0cb7793444cbf4d30e81c27c41ebea6cb02607510131f9c015692dfd521b148841e9a2d3564d20ac401f6cb8e40f520fe0cafbeaa88840b83013369d879f013463fe52a13267aa0c8c59c45cde9399cd1e6be8cc64cf48315ac2eb31a1c567a4fb7d601746d1f63b5ac020712adbbe07519bded6f", 909 909 + "sig" : "24087d47f3e20af51b9668ae0a88ce76586802d0ec75d8c0f28fc30962b5e1d1a1d509571a1624ed125a8df92a6e963728d6b5de99200b8e285f70feb6f05207", 910 910 + "result" : "valid", 911 911 + "flags" : [] 912 912 + }, 913 913 + { 914 914 + "tcId" : 88, 915 915 + "comment" : "Random test failure 20", 916 916 + "msg" : "27d465bc632743522aefa23c", 917 917 + "sig" : "c2656951e2a0285585a51ff0eda7e9a23c2dfd2ffa273aee7808f4604e8f9a8c8ea49e9fce4eb2d8d75d36b7238fe6fc13b6c5d9427dd58f8c6615d033c0bd0f", 918 918 + "result" : "valid", 919 919 + "flags" : [] 920 920 + } 921 921 + ] 922 922 + }, 923 923 + { 924 924 + "jwk" : { 925 925 + "crv" : "Ed25519", 926 926 + "d" : "w2fI0uvu7NcMHomFtww4CLdWV_JDshuk8yJ5JUDpIlc", 927 927 + "kid" : "none", 928 928 + "kty" : "OKP", 929 929 + "x" : "Mq0Cb2k9DSr-f0OI2RxMlkQm_LnjZlw-vYZQAJuBXI4" 930 930 + }, 931 931 + "key" : { 932 932 + "curve" : "edwards25519", 933 933 + "keySize" : 255, 934 934 + "pk" : "32ad026f693d0d2afe7f4388d91c4c964426fcb9e3665c3ebd8650009b815c8e", 935 935 + "sk" : "c367c8d2ebeeecd70c1e8985b70c3808b75657f243b21ba4f322792540e92257", 936 936 + "type" : "EDDSAKeyPair" 937 937 + }, 938 938 + "keyDer" : "302a300506032b657003210032ad026f693d0d2afe7f4388d91c4c964426fcb9e3665c3ebd8650009b815c8e", 939 939 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAMq0Cb2k9DSr+f0OI2RxMlkQm/LnjZlw+vYZQAJuBXI4=\n-----END PUBLIC KEY-----\n", 940 940 + "type" : "EddsaVerify", 941 941 + "tests" : [ 942 942 + { 943 943 + "tcId" : 89, 944 944 + "comment" : "Random test failure 4", 945 945 + "msg" : "ec5c7cb078", 946 946 + "sig" : "d920d421a5956b69bfe1ba834c025e2babb6c7a6d78c97de1d9bb1116dfdd1185147b2887e34e15578172e150774275ea2aad9e02106f7e8ca1caa669a066f0c", 947 947 + "result" : "valid", 948 948 + "flags" : [] 949 949 + }, 950 950 + { 951 951 + "tcId" : 90, 952 952 + "comment" : "Random test failure 5", 953 953 + "msg" : "4668c6a76f0e482190a7175b9f3806a5fe4314a004fa69f988373f7a", 954 954 + "sig" : "4f62daf7f7c162038552ad7d306e195baa37ecf6ca7604142679d7d1128e1f8af52e4cb3545748c44ef1ff1c64e877e4f4d248259b7f6eb56e3ef72097dc8e0c", 955 955 + "result" : "valid", 956 956 + "flags" : [] 957 957 + }, 958 958 + { 959 959 + "tcId" : 91, 960 960 + "comment" : "Random test failure 8", 961 961 + "msg" : "5dc9bb87eb11621a93f92abe53515697d2611b2eef73", 962 962 + "sig" : "deecafb6f2ede73fec91a6f10e45b9c1c61c4b9bfbe6b6147e2de0b1df6938971f7896c3ab83851fb5d9e537037bff0fca0ccb4a3cc38f056f91f7d7a0557e08", 963 963 + "result" : "valid", 964 964 + "flags" : [] 965 965 + }, 966 966 + { 967 967 + "tcId" : 92, 968 968 + "comment" : "Random test failure 10", 969 969 + "msg" : "7dcfe60f881e1285676f35b68a1b2dbcdd7be6f719a288ababc28d36e3a42ac3010a1ca54b32760e74", 970 970 + "sig" : "7f8663cf98cbd39d5ff553f00bcf3d0d520605794f8866ce75714d77cc51e66c91818b657d7b0dae430a68353506edc4a714c345f5ddb5c8b958ba3d035f7a01", 971 971 + "result" : "valid", 972 972 + "flags" : [] 973 973 + }, 974 974 + { 975 975 + "tcId" : 93, 976 976 + "comment" : "Random test failure 12", 977 977 + "msg" : "58e456064dff471109def4ca27fa8310a1df32739655b624f27e6418d34b7f007173f3faa5", 978 978 + "sig" : "6aab49e5c0bc309b783378ee03ffda282f0185cdf94c847701ff307a6ee8d0865411c44e0a8206f6a5f606107451940c2593af790ce1860f4c14ab25b2deae08", 979 979 + "result" : "valid", 980 980 + "flags" : [] 981 981 + }, 982 982 + { 983 983 + "tcId" : 94, 984 984 + "comment" : "Random test failure 15", 985 985 + "msg" : "a1", 986 986 + "sig" : "1a74ed2cbdc7d8f3827014e8e6ecf8fd2698ac8f86833acccdd400df710fe0d6b0543c9cfa00d52bf024ab7ce0d91981944097233ec134d5c7abbd44bfd32d0d", 987 987 + "result" : "valid", 988 988 + "flags" : [] 989 989 + }, 990 990 + { 991 991 + "tcId" : 95, 992 992 + "comment" : "Random test failure 19", 993 993 + "msg" : "11cb1eafa4c42a8402c4193c4696f7b2e6d4585e4b42dcf1a8b67a80b2da80bc9d4b649fb2f35eaf1f56c426fd0b", 994 994 + "sig" : "14ceb2eaf4688d995d482f44852d71ad878cd7c77b41e60b0065fd01a59b054ee74759224187dbde9e59a763a70277c960892ef89fba997aba2576b2c54ba608", 995 995 + "result" : "valid", 996 996 + "flags" : [] 997 997 + }, 998 998 + { 999 999 + "tcId" : 96, 1000 1000 + "comment" : "Random test failure 25", 1001 1001 + "msg" : "aa365b442d12b7f3c925", 1002 1002 + "sig" : "83c40ce13d483cc58ff65844875862d93df4bd367af77efa469ec06a8ed9e6d7905a04879535708ddf225567a815c9b941d405c98e918fd0c151165cea7fb101", 1003 1003 + "result" : "valid", 1004 1004 + "flags" : [] 1005 1005 + }, 1006 1006 + { 1007 1007 + "tcId" : 97, 1008 1008 + "comment" : "Random test failure 28", 1009 1009 + "msg" : "475f", 1010 1010 + "sig" : "71a4a06a34075f2fd47bc3abf4714d46db7e97b08cb6180d3f1539ac50b18ce51f8af8ae95ed21d4fa0daab7235925631ecea1fd9d0d8a2ba7a7583fd04b900c", 1011 1011 + "result" : "valid", 1012 1012 + "flags" : [] 1013 1013 + } 1014 1014 + ] 1015 1015 + }, 1016 1016 + { 1017 1017 + "jwk" : { 1018 1018 + "crv" : "Ed25519", 1019 1019 + "d" : "VsHiLWFsu23qhpKItLHAK7mGllg8L25lABOgPhcEnGI", 1020 1020 + "kid" : "none", 1021 1021 + "kty" : "OKP", 1022 1022 + "x" : "wp7BiU4G0ntOQEhrT6UGPWanRsf5wyOxIgPAO3K4t4o" 1023 1023 + }, 1024 1024 + "key" : { 1025 1025 + "curve" : "edwards25519", 1026 1026 + "keySize" : 255, 1027 1027 + "pk" : "c29ec1894e06d27b4e40486b4fa5063d66a746c7f9c323b12203c03b72b8b78a", 1028 1028 + "sk" : "56c1e22d616cbb6dea869288b4b1c02bb98696583c2f6e650013a03e17049c62", 1029 1029 + "type" : "EDDSAKeyPair" 1030 1030 + }, 1031 1031 + "keyDer" : "302a300506032b6570032100c29ec1894e06d27b4e40486b4fa5063d66a746c7f9c323b12203c03b72b8b78a", 1032 1032 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAwp7BiU4G0ntOQEhrT6UGPWanRsf5wyOxIgPAO3K4t4o=\n-----END PUBLIC KEY-----\n", 1033 1033 + "type" : "EddsaVerify", 1034 1034 + "tests" : [ 1035 1035 + { 1036 1036 + "tcId" : 98, 1037 1037 + "comment" : "Random test failure 6", 1038 1038 + "msg" : "0f325ffd87e58131ffa23c05ea4579513b287fdba87b44", 1039 1039 + "sig" : "6669acf94667c5b541afe5307bde9476b13ae7e0e6058a772101ac8eb0a94331428eb4db0a2c68a9b6c1763b8624dab259b0876cdcfaeacc17b21a18e3fc010a", 1040 1040 + "result" : "valid", 1041 1041 + "flags" : [] 1042 1042 + }, 1043 1043 + { 1044 1044 + "tcId" : 99, 1045 1045 + "comment" : "Random test failure 21", 1046 1046 + "msg" : "5ffa", 1047 1047 + "sig" : "931e5152fcef078c22cc5d6a3a65f06e396289f6f5f2d1efa6340254a53526ef5dc6874eeddf35c3f50991c53cd02bf06313e37d93ee1f7022128ffa3b8f300b", 1048 1048 + "result" : "valid", 1049 1049 + "flags" : [] 1050 1050 + } 1051 1051 + ] 1052 1052 + }, 1053 1053 + { 1054 1054 + "jwk" : { 1055 1055 + "crv" : "Ed25519", 1056 1056 + "d" : "t9L2QnbfQX_tJ9jhW06Q9v2T2s5wcpTDOL0yvEu9j9s", 1057 1057 + "kid" : "none", 1058 1058 + "kty" : "OKP", 1059 1059 + "x" : "z9pbiZ41dkxSKeWSlf4SIrfdzhdmQ2l8KeRuy7oQzxA" 1060 1060 + }, 1061 1061 + "key" : { 1062 1062 + "curve" : "edwards25519", 1063 1063 + "keySize" : 255, 1064 1064 + "pk" : "cfda5b899e35764c5229e59295fe1222b7ddce176643697c29e46ecbba10cf10", 1065 1065 + "sk" : "b7d2f64276df417fed27d8e15b4e90f6fd93dace707294c338bd32bc4bbd8fdb", 1066 1066 + "type" : "EDDSAKeyPair" 1067 1067 + }, 1068 1068 + "keyDer" : "302a300506032b6570032100cfda5b899e35764c5229e59295fe1222b7ddce176643697c29e46ecbba10cf10", 1069 1069 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAz9pbiZ41dkxSKeWSlf4SIrfdzhdmQ2l8KeRuy7oQzxA=\n-----END PUBLIC KEY-----\n", 1070 1070 + "type" : "EddsaVerify", 1071 1071 + "tests" : [ 1072 1072 + { 1073 1073 + "tcId" : 100, 1074 1074 + "comment" : "Random test failure 7", 1075 1075 + "msg" : "ec5c7cb078", 1076 1076 + "sig" : "30490c28f806298225df62103521dcee047153912c33ab8ab8bbdd1ffabd70fd4fdb360f05be535b067d1cf4e78c2cb432206bf280aab3bd21aaa1cb894c5b06", 1077 1077 + "result" : "valid", 1078 1078 + "flags" : [] 1079 1079 + }, 1080 1080 + { 1081 1081 + "tcId" : 101, 1082 1082 + "comment" : "Random test failure 9", 1083 1083 + "msg" : "67484059b2490b1a0a4f8dee77979e26", 1084 1084 + "sig" : "4cd4f77ed473a6647387f3163541c67a1708a3c3bd1673247cb87f0cb68b3c56f04bfa72970c8a483efe659c87009ab4020b590b6641316b3deddb5450544e02", 1085 1085 + "result" : "valid", 1086 1086 + "flags" : [] 1087 1087 + }, 1088 1088 + { 1089 1089 + "tcId" : 102, 1090 1090 + "comment" : "Random test failure 11", 1091 1091 + "msg" : "a020a4381dc9141f47ee508871ab7a8b5a3648727c4281ae9932376f23a8e1bcda0626b7129197d864178631ec89c4332dbb18", 1092 1092 + "sig" : "1e41a24fe732bd7cab14c2a2f5134ee8c87fcbd2e987e60957ed9239e5c32404d56977e1b4282871896cb10625a1937468e4dc266e16a9c1b8e9891177eca802", 1093 1093 + "result" : "valid", 1094 1094 + "flags" : [] 1095 1095 + }, 1096 1096 + { 1097 1097 + "tcId" : 103, 1098 1098 + "comment" : "Random test failure 14", 1099 1099 + "msg" : "a25176b3afea318b2ec11ddacb10caf7179c0b3f8eabbfa2895581138d3c1e0e", 1100 1100 + "sig" : "2a833aadecd9f28235cb5896bf3781521dc71f28af2e91dbe1735a61dce3e31ac15ca24b3fc47817a59d386bbbb2ce60a6adc0a2703bb2bdea8f70f91051f706", 1101 1101 + "result" : "valid", 1102 1102 + "flags" : [] 1103 1103 + }, 1104 1104 + { 1105 1105 + "tcId" : 104, 1106 1106 + "comment" : "Random test failure 18", 1107 1107 + "msg" : "a9e6d94870a67a9fe1cf13b1e6f9150cdd407bf6480ec841ea586ae3935e9787163cf419c1", 1108 1108 + "sig" : "c97e3190f83bae7729ba473ad46b420b8aad735f0808ea42c0f898ccfe6addd4fd9d9fa3355d5e67ee21ab7e1f805cd07f1fce980e307f4d7ad36cc924eef00c", 1109 1109 + "result" : "valid", 1110 1110 + "flags" : [] 1111 1111 + } 1112 1112 + ] 1113 1113 + }, 1114 1114 + { 1115 1115 + "jwk" : { 1116 1116 + "crv" : "Ed25519", 1117 1117 + "d" : "fVl8O3KDkp0H7Y8B8x0lloI-XkarImx75CNNGp3K7zc", 1118 1118 + "kid" : "none", 1119 1119 + "kty" : "OKP", 1120 1120 + "x" : "UpkZyceAmFqEHEK6bBgP8tZ6J2zPvigQgOR6txp1j1Y" 1121 1121 + }, 1122 1122 + "key" : { 1123 1123 + "curve" : "edwards25519", 1124 1124 + "keySize" : 255, 1125 1125 + "pk" : "529919c9c780985a841c42ba6c180ff2d67a276ccfbe281080e47ab71a758f56", 1126 1126 + "sk" : "7d597c3b7283929d07ed8f01f31d2596823e5e46ab226c7be4234d1a9dcaef37", 1127 1127 + "type" : "EDDSAKeyPair" 1128 1128 + }, 1129 1129 + "keyDer" : "302a300506032b6570032100529919c9c780985a841c42ba6c180ff2d67a276ccfbe281080e47ab71a758f56", 1130 1130 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAUpkZyceAmFqEHEK6bBgP8tZ6J2zPvigQgOR6txp1j1Y=\n-----END PUBLIC KEY-----\n", 1131 1131 + "type" : "EddsaVerify", 1132 1132 + "tests" : [ 1133 1133 + { 1134 1134 + "tcId" : 105, 1135 1135 + "comment" : "Random test failure 13", 1136 1136 + "msg" : "e1cbf2d86827825613fb7a85811d", 1137 1137 + "sig" : "01abfa4d6bbc726b196928ec84fd03f0c953a4fa2b228249562ff1442a4f63a7150b064f3712b51c2af768d2c2711a71aabf8d186833e941a0301b82f0502905", 1138 1138 + "result" : "valid", 1139 1139 + "flags" : [] 1140 1140 + }, 1141 1141 + { 1142 1142 + "tcId" : 106, 1143 1143 + "comment" : "Random test failure 22", 1144 1144 + "msg" : "25", 1145 1145 + "sig" : "e4ae21f7a8f4b3b325c161a8c6e53e2edd7005b9c2f8a2e3b0ac4ba94aa80be6f2ee22ac8d4a96b9a3eb73a825e7bb5aff4a3393bf5b4a38119e9c9b1b041106", 1146 1146 + "result" : "valid", 1147 1147 + "flags" : [] 1148 1148 + } 1149 1149 + ] 1150 1150 + }, 1151 1151 + { 1152 1152 + "jwk" : { 1153 1153 + "crv" : "Ed25519", 1154 1154 + "d" : "9AHO5L-xcy8Om42Lp5RpVlwxFSlhQdvffpwxGgrBgjs", 1155 1155 + "kid" : "none", 1156 1156 + "kty" : "OKP", 1157 1157 + "x" : "IlKz1Xx0y_i8Rg3C4IKEeSa8Ai8Jq2rpV1Y2K_0RZ8E" 1158 1158 + }, 1159 1159 + "key" : { 1160 1160 + "curve" : "edwards25519", 1161 1161 + "keySize" : 255, 1162 1162 + "pk" : "2252b3d57c74cbf8bc460dc2e082847926bc022f09ab6ae95756362bfd1167c1", 1163 1163 + "sk" : "f401cee4bfb1732f0e9b8d8ba79469565c3115296141dbdf7e9c311a0ac1823b", 1164 1164 + "type" : "EDDSAKeyPair" 1165 1165 + }, 1166 1166 + "keyDer" : "302a300506032b65700321002252b3d57c74cbf8bc460dc2e082847926bc022f09ab6ae95756362bfd1167c1", 1167 1167 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAIlKz1Xx0y/i8Rg3C4IKEeSa8Ai8Jq2rpV1Y2K/0RZ8E=\n-----END PUBLIC KEY-----\n", 1168 1168 + "type" : "EddsaVerify", 1169 1169 + "tests" : [ 1170 1170 + { 1171 1171 + "tcId" : 107, 1172 1172 + "comment" : "Random test failure 16", 1173 1173 + "msg" : "975ef941710071a9e1e6325a0c860becd7c695b5117c3107b686e330e5", 1174 1174 + "sig" : "af0fd9dda7e03e12313410d8d8844ebb6fe6b7f65141f22d7bcba5695a25414a9e54326fb44d59fb14707899a8aae70857b23d4080d7ab2c396ef3a36d45ce02", 1175 1175 + "result" : "valid", 1176 1176 + "flags" : [] 1177 1177 + }, 1178 1178 + { 1179 1179 + "tcId" : 108, 1180 1180 + "comment" : "Random test failure 23", 1181 1181 + "msg" : "80fdd6218f29c8c8f6bd820945f9b0854e3a8824", 1182 1182 + "sig" : "e097e0bd0370bff5bde359175a11b728ee9639095d5df8eda496395565616edfe079977f7d4dc8c75d6113a83d6a55e6e1676408c0967a2906339b43337dcb01", 1183 1183 + "result" : "valid", 1184 1184 + "flags" : [] 1185 1185 + } 1186 1186 + ] 1187 1187 + }, 1188 1188 + { 1189 1189 + "jwk" : { 1190 1190 + "crv" : "Ed25519", 1191 1191 + "d" : "PWWJVkEDd9BkRnbSWZVCQSpPOw5Orft_P4NmFfQrGLw", 1192 1192 + "kid" : "none", 1193 1193 + "kty" : "OKP", 1194 1194 + "x" : "wKdzEQ-XXeNzI1W7fsfwxBwJHAJSlmBwIFUWaTuZKko" 1195 1195 + }, 1196 1196 + "key" : { 1197 1197 + "curve" : "edwards25519", 1198 1198 + "keySize" : 255, 1199 1199 + "pk" : "c0a773110f975de3732355bb7ec7f0c41c091c0252966070205516693b992a4a", 1200 1200 + "sk" : "3d658956410377d0644676d2599542412a4f3b0e4eadfb7f3f836615f42b18bc", 1201 1201 + "type" : "EDDSAKeyPair" 1202 1202 + }, 1203 1203 + "keyDer" : "302a300506032b6570032100c0a773110f975de3732355bb7ec7f0c41c091c0252966070205516693b992a4a", 1204 1204 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAwKdzEQ+XXeNzI1W7fsfwxBwJHAJSlmBwIFUWaTuZKko=\n-----END PUBLIC KEY-----\n", 1205 1205 + "type" : "EddsaVerify", 1206 1206 + "tests" : [ 1207 1207 + { 1208 1208 + "tcId" : 109, 1209 1209 + "comment" : "Random test failure 17", 1210 1210 + "msg" : "", 1211 1211 + "sig" : "0280427e713378f49d478df6373c6cac847b622b567daa2376c839e7ac10e22c380ab0fa8617c9dcfe76c4d9db5459b21dc1413726e46cc8f387d359e344f407", 1212 1212 + "result" : "valid", 1213 1213 + "flags" : [] 1214 1214 + } 1215 1215 + ] 1216 1216 + }, 1217 1217 + { 1218 1218 + "jwk" : { 1219 1219 + "crv" : "Ed25519", 1220 1220 + "d" : "vMthMjhAwqlvw29-VOpsjlX50iH38FeR7WACXgYGRDk", 1221 1221 + "kid" : "none", 1222 1222 + "kty" : "OKP", 1223 1223 + "x" : "VM2mIyRXWa1tQ-YgpgaQi-_GM9YHkrx3mER6DvOOcxE" 1224 1224 + }, 1225 1225 + "key" : { 1226 1226 + "curve" : "edwards25519", 1227 1227 + "keySize" : 255, 1228 1228 + "pk" : "54cda623245759ad6d43e620a606908befc633d60792bc7798447a0ef38e7311", 1229 1229 + "sk" : "bccb61323840c2a96fc36f7e54ea6c8e55f9d221f7f05791ed60025e06064439", 1230 1230 + "type" : "EDDSAKeyPair" 1231 1231 + }, 1232 1232 + "keyDer" : "302a300506032b657003210054cda623245759ad6d43e620a606908befc633d60792bc7798447a0ef38e7311", 1233 1233 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAVM2mIyRXWa1tQ+YgpgaQi+/GM9YHkrx3mER6DvOOcxE=\n-----END PUBLIC KEY-----\n", 1234 1234 + "type" : "EddsaVerify", 1235 1235 + "tests" : [ 1236 1236 + { 1237 1237 + "tcId" : 110, 1238 1238 + "comment" : "Random test failure 26", 1239 1239 + "msg" : "27e792b28b2f1702", 1240 1240 + "sig" : "14d9b497c19b91d43481c55bb6f5056de252d9ecb637575c807e58e9b4c5eac8b284089d97e2192dc242014363208e2c9a3435edf8928fb1d893553e9be4c703", 1241 1241 + "result" : "valid", 1242 1242 + "flags" : [] 1243 1243 + } 1244 1244 + ] 1245 1245 + }, 1246 1246 + { 1247 1247 + "jwk" : { 1248 1248 + "crv" : "Ed25519", 1249 1249 + "d" : "8tMCO5wZ4kF0i8QDmnpDxZVwHyNnVQUBUhOooqAnTBs", 1250 1250 + "kid" : "none", 1251 1251 + "kty" : "OKP", 1252 1252 + "x" : "I2K6xRTV-tM4AmQul5oegt5utvG8v2pbME8rsCueV_4" 1253 1253 + }, 1254 1254 + "key" : { 1255 1255 + "curve" : "edwards25519", 1256 1256 + "keySize" : 255, 1257 1257 + "pk" : "2362bac514d5fad33802642e979a1e82de6eb6f1bcbf6a5b304f2bb02b9e57fe", 1258 1258 + "sk" : "f2d3023b9c19e241748bc4039a7a43c595701f23675505015213a8a2a0274c1b", 1259 1259 + "type" : "EDDSAKeyPair" 1260 1260 + }, 1261 1261 + "keyDer" : "302a300506032b65700321002362bac514d5fad33802642e979a1e82de6eb6f1bcbf6a5b304f2bb02b9e57fe", 1262 1262 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAI2K6xRTV+tM4AmQul5oegt5utvG8v2pbME8rsCueV/4=\n-----END PUBLIC KEY-----\n", 1263 1263 + "type" : "EddsaVerify", 1264 1264 + "tests" : [ 1265 1265 + { 1266 1266 + "tcId" : 111, 1267 1267 + "comment" : "Random test failure 27", 1268 1268 + "msg" : "eef3bb0f617c17d0420c115c21c28e3762edc7b7fb048529b84a9c2bc6", 1269 1269 + "sig" : "242ddb3a5d938d07af690b1b0ef0fa75842c5f9549bf39c8750f75614c712e7cbaf2e37cc0799db38b858d41aec5b9dd2fca6a3c8e082c10408e2cf3932b9d08", 1270 1270 + "result" : "valid", 1271 1271 + "flags" : [] 1272 1272 + } 1273 1273 + ] 1274 1274 + }, 1275 1275 + { 1276 1276 + "jwk" : { 1277 1277 + "crv" : "Ed25519", 1278 1278 + "d" : "EvwxxA1aevceBUJGI7qXC2cM9uy0TNphICEOY3AkXds", 1279 1279 + "kid" : "none", 1280 1280 + "kty" : "OKP", 1281 1281 + "x" : "A3tVtCfcjaoPgPzrrwhGkCMJ-KbPGLRlwM6bZTlimsg" 1282 1282 + }, 1283 1283 + "key" : { 1284 1284 + "curve" : "edwards25519", 1285 1285 + "keySize" : 255, 1286 1286 + "pk" : "037b55b427dc8daa0f80fcebaf0846902309f8a6cf18b465c0ce9b6539629ac8", 1287 1287 + "sk" : "12fc31c40d5a7af71e05424623ba970b670cf6ecb44cda6120210e6370245ddb", 1288 1288 + "type" : "EDDSAKeyPair" 1289 1289 + }, 1290 1290 + "keyDer" : "302a300506032b6570032100037b55b427dc8daa0f80fcebaf0846902309f8a6cf18b465c0ce9b6539629ac8", 1291 1291 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAA3tVtCfcjaoPgPzrrwhGkCMJ+KbPGLRlwM6bZTlimsg=\n-----END PUBLIC KEY-----\n", 1292 1292 + "type" : "EddsaVerify", 1293 1293 + "tests" : [ 1294 1294 + { 1295 1295 + "tcId" : 112, 1296 1296 + "comment" : "Test case for overflow in signature generation", 1297 1297 + "msg" : "01234567", 1298 1298 + "sig" : "c964e100033ce8888b23466677da4f4aea29923f642ae508f9d0888d788150636ab9b2c3765e91bbb05153801114d9e52dc700df377212222bb766be4b8c020d", 1299 1299 + "result" : "valid", 1300 1300 + "flags" : [] 1301 1301 + } 1302 1302 + ] 1303 1303 + }, 1304 1304 + { 1305 1305 + "jwk" : { 1306 1306 + "crv" : "Ed25519", 1307 1307 + "d" : "5UvMTOldtIByx7SVdWF90flAOwchBSWcoG2NAVMNB_s", 1308 1308 + "kid" : "none", 1309 1309 + "kty" : "OKP", 1310 1310 + "x" : "nAAHaY8XeZinZmx895c-K4jpxJRuM4BKe76JaNI5Sy4" 1311 1311 + }, 1312 1312 + "key" : { 1313 1313 + "curve" : "edwards25519", 1314 1314 + "keySize" : 255, 1315 1315 + "pk" : "9c0007698f177998a7666c7cf7973e2b88e9c4946e33804a7bbe8968d2394b2e", 1316 1316 + "sk" : "e54bcc4ce95db48072c7b49575617dd1f9403b072105259ca06d8d01530d07fb", 1317 1317 + "type" : "EDDSAKeyPair" 1318 1318 + }, 1319 1319 + "keyDer" : "302a300506032b65700321009c0007698f177998a7666c7cf7973e2b88e9c4946e33804a7bbe8968d2394b2e", 1320 1320 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAnAAHaY8XeZinZmx895c+K4jpxJRuM4BKe76JaNI5Sy4=\n-----END PUBLIC KEY-----\n", 1321 1321 + "type" : "EddsaVerify", 1322 1322 + "tests" : [ 1323 1323 + { 1324 1324 + "tcId" : 113, 1325 1325 + "comment" : "Test case for overflow in signature generation", 1326 1326 + "msg" : "9399a6db9433d2a28d2b0c11c8794ab7d108c95b", 1327 1327 + "sig" : "176065c6d64a136a2227687d77f61f3fca3b16122c966276fd9a8b14a1a2cea4c33b3533d11101717016684e3810efbea63bb23773f7cc480174199abd734f08", 1328 1328 + "result" : "valid", 1329 1329 + "flags" : [] 1330 1330 + } 1331 1331 + ] 1332 1332 + }, 1333 1333 + { 1334 1334 + "jwk" : { 1335 1335 + "crv" : "Ed25519", 1336 1336 + "d" : "3n8rsSuHWnnMsFc0Syhnou2yXbwez8jLB8aeLdPfPgI", 1337 1337 + "kid" : "none", 1338 1338 + "kty" : "OKP", 1339 1339 + "x" : "7TpvlyHclynB92Y1vPCA1wNuHC8CKGVMy74ec4wXuWM" 1340 1340 + }, 1341 1341 + "key" : { 1342 1342 + "curve" : "edwards25519", 1343 1343 + "keySize" : 255, 1344 1344 + "pk" : "ed3a6f9721dc9729c1f76635bcf080d7036e1c2f0228654ccbbe1e738c17b963", 1345 1345 + "sk" : "de7f2bb12b875a79ccb057344b2867a2edb25dbc1ecfc8cb07c69e2dd3df3e02", 1346 1346 + "type" : "EDDSAKeyPair" 1347 1347 + }, 1348 1348 + "keyDer" : "302a300506032b6570032100ed3a6f9721dc9729c1f76635bcf080d7036e1c2f0228654ccbbe1e738c17b963", 1349 1349 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA7TpvlyHclynB92Y1vPCA1wNuHC8CKGVMy74ec4wXuWM=\n-----END PUBLIC KEY-----\n", 1350 1350 + "type" : "EddsaVerify", 1351 1351 + "tests" : [ 1352 1352 + { 1353 1353 + "tcId" : 114, 1354 1354 + "comment" : "Test case for overflow in signature generation", 1355 1355 + "msg" : "7af783afbbd44c1833ab7237ecaf63b94ffdd003", 1356 1356 + "sig" : "7ca69331eec8610d38f00e2cdbd46966cb359dcde98a257ac6f362cc00c8f4fe85c02285fe4d66e31a44cadb2bf474e1a7957609eb4fe95a71473fe6699aa70d", 1357 1357 + "result" : "valid", 1358 1358 + "flags" : [] 1359 1359 + } 1360 1360 + ] 1361 1361 + }, 1362 1362 + { 1363 1363 + "jwk" : { 1364 1364 + "crv" : "Ed25519", 1365 1365 + "d" : "6nkrep1CC_dPaoKnjliizJTzqz65MScGEbH42nXD1gs", 1366 1366 + "kid" : "none", 1367 1367 + "kty" : "OKP", 1368 1368 + "x" : "Sr-1NTE3BaZXABhEDN7Bo64z5R81IRL6asvQxrw-qFk" 1369 1369 + }, 1370 1370 + "key" : { 1371 1371 + "curve" : "edwards25519", 1372 1372 + "keySize" : 255, 1373 1373 + "pk" : "4abfb535313705a6570018440cdec1a3ae33e51f352112fa6acbd0c6bc3ea859", 1374 1374 + "sk" : "ea792b7a9d420bf74f6a82a78e58a2cc94f3ab3eb931270611b1f8da75c3d60b", 1375 1375 + "type" : "EDDSAKeyPair" 1376 1376 + }, 1377 1377 + "keyDer" : "302a300506032b65700321004abfb535313705a6570018440cdec1a3ae33e51f352112fa6acbd0c6bc3ea859", 1378 1378 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEASr+1NTE3BaZXABhEDN7Bo64z5R81IRL6asvQxrw+qFk=\n-----END PUBLIC KEY-----\n", 1379 1379 + "type" : "EddsaVerify", 1380 1380 + "tests" : [ 1381 1381 + { 1382 1382 + "tcId" : 115, 1383 1383 + "comment" : "Test case for overflow in signature generation", 1384 1384 + "msg" : "321b5f663c19e30ee7bbb85e48ecf44db9d3f512", 1385 1385 + "sig" : "f296715e855d8aecccba782b670163dedc4458fe4eb509a856bcac450920fd2e95a3a3eb212d2d9ccaf948c39ae46a2548af125f8e2ad9b77bd18f92d59f9200", 1386 1386 + "result" : "valid", 1387 1387 + "flags" : [] 1388 1388 + } 1389 1389 + ] 1390 1390 + }, 1391 1391 + { 1392 1392 + "jwk" : { 1393 1393 + "crv" : "Ed25519", 1394 1394 + "d" : "7KKGRfY2Rlde4uS9s29Rg4FCziR0ZkwrZu8FSzevYSQ", 1395 1395 + "kid" : "none", 1396 1396 + "kty" : "OKP", 1397 1397 + "x" : "TyFi5r8DpxLbDvpBi35wBuI4cdnX7FVaMTiFxK_ZY4U" 1398 1398 + }, 1399 1399 + "key" : { 1400 1400 + "curve" : "edwards25519", 1401 1401 + "keySize" : 255, 1402 1402 + "pk" : "4f2162e6bf03a712db0efa418b7e7006e23871d9d7ec555a313885c4afd96385", 1403 1403 + "sk" : "eca28645f63646575ee2e4bdb36f51838142ce2474664c2b66ef054b37af6124", 1404 1404 + "type" : "EDDSAKeyPair" 1405 1405 + }, 1406 1406 + "keyDer" : "302a300506032b65700321004f2162e6bf03a712db0efa418b7e7006e23871d9d7ec555a313885c4afd96385", 1407 1407 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEATyFi5r8DpxLbDvpBi35wBuI4cdnX7FVaMTiFxK/ZY4U=\n-----END PUBLIC KEY-----\n", 1408 1408 + "type" : "EddsaVerify", 1409 1409 + "tests" : [ 1410 1410 + { 1411 1411 + "tcId" : 116, 1412 1412 + "comment" : "Test case for overflow in signature generation", 1413 1413 + "msg" : "c48890e92aeeb3af04858a8dc1d34f16a4347b91", 1414 1414 + "sig" : "367d07253a9d5a77d054b9c1a82d3c0a448a51905343320b3559325ef41839608aa45564978da1b2968c556cfb23b0c98a9be83e594d5e769d69d1156e1b1506", 1415 1415 + "result" : "valid", 1416 1416 + "flags" : [] 1417 1417 + } 1418 1418 + ] 1419 1419 + }, 1420 1420 + { 1421 1421 + "jwk" : { 1422 1422 + "crv" : "Ed25519", 1423 1423 + "d" : "coI4YCt-Z1Oz9J6w_EzeOMe7FKtY3crvJTcnWxPpndM", 1424 1424 + "kid" : "none", 1425 1425 + "kty" : "OKP", 1426 1426 + "x" : "BxfXXOJ-oYHtWjDmRWxkm1z0U6a0wSzT-f0Wsx4MJc0" 1427 1427 + }, 1428 1428 + "key" : { 1429 1429 + "curve" : "edwards25519", 1430 1430 + "keySize" : 255, 1431 1431 + "pk" : "0717d75ce27ea181ed5a30e6456c649b5cf453a6b4c12cd3f9fd16b31e0c25cd", 1432 1432 + "sk" : "728238602b7e6753b3f49eb0fc4cde38c7bb14ab58ddcaef2537275b13e99dd3", 1433 1433 + "type" : "EDDSAKeyPair" 1434 1434 + }, 1435 1435 + "keyDer" : "302a300506032b65700321000717d75ce27ea181ed5a30e6456c649b5cf453a6b4c12cd3f9fd16b31e0c25cd", 1436 1436 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEABxfXXOJ+oYHtWjDmRWxkm1z0U6a0wSzT+f0Wsx4MJc0=\n-----END PUBLIC KEY-----\n", 1437 1437 + "type" : "EddsaVerify", 1438 1438 + "tests" : [ 1439 1439 + { 1440 1440 + "tcId" : 117, 1441 1441 + "comment" : "regression test for arithmetic error", 1442 1442 + "msg" : "26d5f0631f49106db58c4cfc903691134811b33c", 1443 1443 + "sig" : "9588e02bc815649d359ce710cdc69814556dd8c8bab1c468f40a49ebefb7f0de7ed49725edfd1b708fa1bad277c35d6c1b9c5ec25990997645780f9203d7dd08", 1444 1444 + "result" : "valid", 1445 1445 + "flags" : [] 1446 1446 + } 1447 1447 + ] 1448 1448 + }, 1449 1449 + { 1450 1450 + "jwk" : { 1451 1451 + "crv" : "Ed25519", 1452 1452 + "d" : "3ECS14CcawcPKAjENCZ7ZpdCj0qx5GJqtWowWWQ75Dw", 1453 1453 + "kid" : "none", 1454 1454 + "kty" : "OKP", 1455 1455 + "x" : "21ueq36E5aE1BYZfpxHJyJbImGCfwR_JvB5VAo-Ult8" 1456 1456 + }, 1457 1457 + "key" : { 1458 1458 + "curve" : "edwards25519", 1459 1459 + "keySize" : 255, 1460 1460 + "pk" : "db5b9eab7e84e5a13505865fa711c9c896c898609fc11fc9bc1e55028f9496df", 1461 1461 + "sk" : "dc4092d7809c6b070f2808c434267b6697428f4ab1e4626ab56a3059643be43c", 1462 1462 + "type" : "EDDSAKeyPair" 1463 1463 + }, 1464 1464 + "keyDer" : "302a300506032b6570032100db5b9eab7e84e5a13505865fa711c9c896c898609fc11fc9bc1e55028f9496df", 1465 1465 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA21ueq36E5aE1BYZfpxHJyJbImGCfwR/JvB5VAo+Ult8=\n-----END PUBLIC KEY-----\n", 1466 1466 + "type" : "EddsaVerify", 1467 1467 + "tests" : [ 1468 1468 + { 1469 1469 + "tcId" : 118, 1470 1470 + "comment" : "regression test for arithmetic error", 1471 1471 + "msg" : "2a71f064af982a3a1103a75cef898732d7881981", 1472 1472 + "sig" : "2217a0be57dd0d6c0090641496bcb65e37213f02a0df50aff0368ee2808e1376504f37b37494132dfc4d4887f58b9e86eff924040db3925ee4f8e1428c4c500e", 1473 1473 + "result" : "valid", 1474 1474 + "flags" : [] 1475 1475 + } 1476 1476 + ] 1477 1477 + }, 1478 1478 + { 1479 1479 + "jwk" : { 1480 1480 + "crv" : "Ed25519", 1481 1481 + "d" : "OHZbiexWg26kGQ_JV4ArakcWf5te-ULpJlKAO33mq_0", 1482 1482 + "kid" : "none", 1483 1483 + "kty" : "OKP", 1484 1484 + "x" : "e6wY9tJiXTkV8jNDTNo4pXckenMypRcLNxQqNGRBReA" 1485 1485 + }, 1486 1486 + "key" : { 1487 1487 + "curve" : "edwards25519", 1488 1488 + "keySize" : 255, 1489 1489 + "pk" : "7bac18f6d2625d3915f233434cda38a577247a7332a5170b37142a34644145e0", 1490 1490 + "sk" : "38765b89ec56836ea4190fc957802b6a47167f9b5ef942e92652803b7de6abfd", 1491 1491 + "type" : "EDDSAKeyPair" 1492 1492 + }, 1493 1493 + "keyDer" : "302a300506032b65700321007bac18f6d2625d3915f233434cda38a577247a7332a5170b37142a34644145e0", 1494 1494 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAe6wY9tJiXTkV8jNDTNo4pXckenMypRcLNxQqNGRBReA=\n-----END PUBLIC KEY-----\n", 1495 1495 + "type" : "EddsaVerify", 1496 1496 + "tests" : [ 1497 1497 + { 1498 1498 + "tcId" : 119, 1499 1499 + "comment" : "regression test for arithmetic error", 1500 1500 + "msg" : "bf26796cef4ddafcf5033c8d105057db0210b6ad", 1501 1501 + "sig" : "1fda6dd4519fdbefb515bfa39e8e5911f4a0a8aa65f40ef0c542b8b34b87f9c249dc57f320718ff457ed5915c4d0fc352affc1287724d3f3a9de1ff777a02e01", 1502 1502 + "result" : "valid", 1503 1503 + "flags" : [] 1504 1504 + } 1505 1505 + ] 1506 1506 + }, 1507 1507 + { 1508 1508 + "jwk" : { 1509 1509 + "crv" : "Ed25519", 1510 1510 + "d" : "l1dTCKSQrwwUVBHdFtUZoHPvA8LkoKHNa13i6IHl6r4", 1511 1511 + "kid" : "none", 1512 1512 + "kty" : "OKP", 1513 1513 + "x" : "OOrTBGJKvr8-KzHiDlYpUx4_xlkAiIfJEG9eVa27xio" 1514 1514 + }, 1515 1515 + "key" : { 1516 1516 + "curve" : "edwards25519", 1517 1517 + "keySize" : 255, 1518 1518 + "pk" : "38ead304624abebf3e2b31e20e5629531e3fc659008887c9106f5e55adbbc62a", 1519 1519 + "sk" : "97575308a490af0c145411dd16d519a073ef03c2e4a0a1cd6b5de2e881e5eabe", 1520 1520 + "type" : "EDDSAKeyPair" 1521 1521 + }, 1522 1522 + "keyDer" : "302a300506032b657003210038ead304624abebf3e2b31e20e5629531e3fc659008887c9106f5e55adbbc62a", 1523 1523 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAOOrTBGJKvr8+KzHiDlYpUx4/xlkAiIfJEG9eVa27xio=\n-----END PUBLIC KEY-----\n", 1524 1524 + "type" : "EddsaVerify", 1525 1525 + "tests" : [ 1526 1526 + { 1527 1527 + "tcId" : 120, 1528 1528 + "comment" : "regression test for arithmetic error", 1529 1529 + "msg" : "ae03da6997e40cea67935020152d3a9a365cc055", 1530 1530 + "sig" : "068eafdc2f36b97f9bae7fbda88b530d16b0e35054d3a351e3a4c914b22854c711505e49682e1a447e10a69e3b04d0759c859897b64f71137acf355b63faf100", 1531 1531 + "result" : "valid", 1532 1532 + "flags" : [] 1533 1533 + } 1534 1534 + ] 1535 1535 + }, 1536 1536 + { 1537 1537 + "jwk" : { 1538 1538 + "crv" : "Ed25519", 1539 1539 + "d" : "rRKeieDuyQjfUa3CJ8jEkIqAlddWIVNsiijcpLPDDbs", 1540 1540 + "kid" : "none", 1541 1541 + "kty" : "OKP", 1542 1542 + "x" : "6byVBJr35IF7F8QCJpul52e3NIdXrIAC_sngg5DAqc8" 1543 1543 + }, 1544 1544 + "key" : { 1545 1545 + "curve" : "edwards25519", 1546 1546 + "keySize" : 255, 1547 1547 + "pk" : "e9bc95049af7e4817b17c402269ba5e767b7348757ac8002fec9e08390c0a9cf", 1548 1548 + "sk" : "ad129e89e0eec908df51adc227c8c4908a8095d75621536c8a28dca4b3c30dbb", 1549 1549 + "type" : "EDDSAKeyPair" 1550 1550 + }, 1551 1551 + "keyDer" : "302a300506032b6570032100e9bc95049af7e4817b17c402269ba5e767b7348757ac8002fec9e08390c0a9cf", 1552 1552 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA6byVBJr35IF7F8QCJpul52e3NIdXrIAC/sngg5DAqc8=\n-----END PUBLIC KEY-----\n", 1553 1553 + "type" : "EddsaVerify", 1554 1554 + "tests" : [ 1555 1555 + { 1556 1556 + "tcId" : 121, 1557 1557 + "comment" : "regression test for arithmetic error", 1558 1558 + "msg" : "489d473f7fb83c7f6823baf65482517bccd8f4ea", 1559 1559 + "sig" : "43670abc9f09a8a415e76f4a21c6a46156f066b5a37b3c1e867cf67248c7b927e8d13a763e37abf936f5f27f7a8aa290539d21f740efd26b65fd5ad27085f400", 1560 1560 + "result" : "valid", 1561 1561 + "flags" : [] 1562 1562 + } 1563 1563 + ] 1564 1564 + }, 1565 1565 + { 1566 1566 + "jwk" : { 1567 1567 + "crv" : "Ed25519", 1568 1568 + "d" : "A85kPW00G3BlvJ5w2oGTRRz4PKf_WoZA_QevCUZANlo", 1569 1569 + "kid" : "none", 1570 1570 + "kty" : "OKP", 1571 1571 + "x" : "7oFVyk6P57xbylmSBE6rf4w8ahPbEXb0L0bCnaWwZPQ" 1572 1572 + }, 1573 1573 + "key" : { 1574 1574 + "curve" : "edwards25519", 1575 1575 + "keySize" : 255, 1576 1576 + "pk" : "ee8155ca4e8fe7bc5bca5992044eab7f8c3c6a13db1176f42f46c29da5b064f4", 1577 1577 + "sk" : "03ce643d6d341b7065bc9e70da8193451cf83ca7ff5a8640fd07af094640365a", 1578 1578 + "type" : "EDDSAKeyPair" 1579 1579 + }, 1580 1580 + "keyDer" : "302a300506032b6570032100ee8155ca4e8fe7bc5bca5992044eab7f8c3c6a13db1176f42f46c29da5b064f4", 1581 1581 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA7oFVyk6P57xbylmSBE6rf4w8ahPbEXb0L0bCnaWwZPQ=\n-----END PUBLIC KEY-----\n", 1582 1582 + "type" : "EddsaVerify", 1583 1583 + "tests" : [ 1584 1584 + { 1585 1585 + "tcId" : 122, 1586 1586 + "comment" : "regression test for arithmetic error", 1587 1587 + "msg" : "1b704d6692d60a07ad1e1d047b65e105a80d3459", 1588 1588 + "sig" : "56388f2228893b14ce4f2a5e0cc626591061de3a57c50a5ecab7b9d5bb2caeea191560a1cf2344c75fdb4a085444aa68d727b39f498169eaa82cf64a31f59803", 1589 1589 + "result" : "valid", 1590 1590 + "flags" : [] 1591 1591 + } 1592 1592 + ] 1593 1593 + }, 1594 1594 + { 1595 1595 + "jwk" : { 1596 1596 + "crv" : "Ed25519", 1597 1597 + "d" : "WB9ZOlzZRZTcD13RQgJqQ2qTDlczkbeu6mqCU-7vbOs", 1598 1598 + "kid" : "none", 1599 1599 + "kty" : "OKP", 1600 1600 + "x" : "21B7_MlXY5P3FXuzYFMrBcX88udktpDMZpikow00kJU" 1601 1601 + }, 1602 1602 + "key" : { 1603 1603 + "curve" : "edwards25519", 1604 1604 + "keySize" : 255, 1605 1605 + "pk" : "db507bfcc9576393f7157bb360532b05c5fcf2e764b690cc6698a4a30d349095", 1606 1606 + "sk" : "581f593a5cd94594dc0f5dd142026a436a930e573391b7aeea6a8253eeef6ceb", 1607 1607 + "type" : "EDDSAKeyPair" 1608 1608 + }, 1609 1609 + "keyDer" : "302a300506032b6570032100db507bfcc9576393f7157bb360532b05c5fcf2e764b690cc6698a4a30d349095", 1610 1610 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA21B7/MlXY5P3FXuzYFMrBcX88udktpDMZpikow00kJU=\n-----END PUBLIC KEY-----\n", 1611 1611 + "type" : "EddsaVerify", 1612 1612 + "tests" : [ 1613 1613 + { 1614 1614 + "tcId" : 123, 1615 1615 + "comment" : "regression test for arithmetic error", 1616 1616 + "msg" : "dc87030862c4c32f56261e93a367caf458c6be27", 1617 1617 + "sig" : "553e5845fc480a577da6544e602caadaa00ae3e5aa3dce9ef332b1541b6d5f21bdf1d01e98baf80b8435f9932f89b3eb70f02da24787aac8e77279e797d0bd0b", 1618 1618 + "result" : "valid", 1619 1619 + "flags" : [] 1620 1620 + } 1621 1621 + ] 1622 1622 + }, 1623 1623 + { 1624 1624 + "jwk" : { 1625 1625 + "crv" : "Ed25519", 1626 1626 + "d" : "byB9yUuETU3HH5gtqNnzrgs3tGI-RB7KdbpiYhxSTZg", 1627 1627 + "kid" : "none", 1628 1628 + "kty" : "OKP", 1629 1629 + "x" : "mU6vAzCdatnZWmVrwXROKIbwKQI6N1CzTzUIazxyJ_g" 1630 1630 + }, 1631 1631 + "key" : { 1632 1632 + "curve" : "edwards25519", 1633 1633 + "keySize" : 255, 1634 1634 + "pk" : "994eaf03309d6ad9d95a656bc1744e2886f029023a3750b34f35086b3c7227f8", 1635 1635 + "sk" : "6f207dc94b844d4dc71f982da8d9f3ae0b37b4623e441eca75ba62621c524d98", 1636 1636 + "type" : "EDDSAKeyPair" 1637 1637 + }, 1638 1638 + "keyDer" : "302a300506032b6570032100994eaf03309d6ad9d95a656bc1744e2886f029023a3750b34f35086b3c7227f8", 1639 1639 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAmU6vAzCdatnZWmVrwXROKIbwKQI6N1CzTzUIazxyJ/g=\n-----END PUBLIC KEY-----\n", 1640 1640 + "type" : "EddsaVerify", 1641 1641 + "tests" : [ 1642 1642 + { 1643 1643 + "tcId" : 124, 1644 1644 + "comment" : "regression test for arithmetic error", 1645 1645 + "msg" : "7f41ef68508343ef18813cb2fb332445ec6480cd", 1646 1646 + "sig" : "bc10f88081b7be1f2505b6e76c5c82e358cf21ec11b7df1f334fb587bada465b53d9f7b4d4fec964432ee91ead1bc32ed3c82f2167da1c834a37515df7fe130e", 1647 1647 + "result" : "valid", 1648 1648 + "flags" : [] 1649 1649 + } 1650 1650 + ] 1651 1651 + }, 1652 1652 + { 1653 1653 + "jwk" : { 1654 1654 + "crv" : "Ed25519", 1655 1655 + "d" : "3qm7ufsgUS-mfuppav14bzkoJl9SCK6rpjjzF30Ntw4", 1656 1656 + "kid" : "none", 1657 1657 + "kty" : "OKP", 1658 1658 + "x" : "En035Abg2D5LVaCeIej1D7iK9H5KQ_AYzev_wZSHV_A" 1659 1659 + }, 1660 1660 + "key" : { 1661 1661 + "curve" : "edwards25519", 1662 1662 + "keySize" : 255, 1663 1663 + "pk" : "127d37e406e0d83e4b55a09e21e8f50fb88af47e4a43f018cdebffc1948757f0", 1664 1664 + "sk" : "dea9bbb9fb20512fa67eea696afd786f3928265f5208aeaba638f3177d0db70e", 1665 1665 + "type" : "EDDSAKeyPair" 1666 1666 + }, 1667 1667 + "keyDer" : "302a300506032b6570032100127d37e406e0d83e4b55a09e21e8f50fb88af47e4a43f018cdebffc1948757f0", 1668 1668 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAEn035Abg2D5LVaCeIej1D7iK9H5KQ/AYzev/wZSHV/A=\n-----END PUBLIC KEY-----\n", 1669 1669 + "type" : "EddsaVerify", 1670 1670 + "tests" : [ 1671 1671 + { 1672 1672 + "tcId" : 125, 1673 1673 + "comment" : "regression test for arithmetic error", 1674 1674 + "msg" : "e1ce107971534bc46a42ac609a1a37b4ca65791d", 1675 1675 + "sig" : "00c11e76b5866b7c37528b0670188c1a0473fb93c33b72ae604a8865a7d6e094ff722e8ede3cb18389685ff3c4086c29006047466f81e71a329711e0b9294709", 1676 1676 + "result" : "valid", 1677 1677 + "flags" : [] 1678 1678 + } 1679 1679 + ] 1680 1680 + }, 1681 1681 + { 1682 1682 + "jwk" : { 1683 1683 + "crv" : "Ed25519", 1684 1684 + "d" : "yZxSrh5h98eaFk7kkQ_cqgKUYlnqVEP2iyPXIdBHL2M", 1685 1685 + "kid" : "none", 1686 1686 + "kty" : "OKP", 1687 1687 + "x" : "2DuoTt-0vsSfKb4x2Apkt8C1pQJDjNsdDdHg4-VXht4" 1688 1688 + }, 1689 1689 + "key" : { 1690 1690 + "curve" : "edwards25519", 1691 1691 + "keySize" : 255, 1692 1692 + "pk" : "d83ba84edfb4bec49f29be31d80a64b7c0b5a502438cdb1d0dd1e0e3e55786de", 1693 1693 + "sk" : "c99c52ae1e61f7c79a164ee4910fdcaa02946259ea5443f68b23d721d0472f63", 1694 1694 + "type" : "EDDSAKeyPair" 1695 1695 + }, 1696 1696 + "keyDer" : "302a300506032b6570032100d83ba84edfb4bec49f29be31d80a64b7c0b5a502438cdb1d0dd1e0e3e55786de", 1697 1697 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA2DuoTt+0vsSfKb4x2Apkt8C1pQJDjNsdDdHg4+VXht4=\n-----END PUBLIC KEY-----\n", 1698 1698 + "type" : "EddsaVerify", 1699 1699 + "tests" : [ 1700 1700 + { 1701 1701 + "tcId" : 126, 1702 1702 + "comment" : "regression test for arithmetic error", 1703 1703 + "msg" : "869a827397c585cf35acf88a8728833ab1c8c81e", 1704 1704 + "sig" : "0a6f0ac47ea136cb3ff00f7a96638e4984048999ee2da0af6e5c86bffb0e70bb97406b6ad5a4b764f7c99ebb6ec0fd434b8efe253b0423ef876c037998e8ab07", 1705 1705 + "result" : "valid", 1706 1706 + "flags" : [] 1707 1707 + } 1708 1708 + ] 1709 1709 + }, 1710 1710 + { 1711 1711 + "jwk" : { 1712 1712 + "crv" : "Ed25519", 1713 1713 + "d" : "2KqtB0nbFZVppotGBIs9PoJm4RAVAlHEKAbwdSqE6Vs", 1714 1714 + "kid" : "none", 1715 1715 + "kty" : "OKP", 1716 1716 + "x" : "08mqLz1u8hehZuiuQD7UNsN_rLvjvs63jfbrQ5-PoEo" 1717 1717 + }, 1718 1718 + "key" : { 1719 1719 + "curve" : "edwards25519", 1720 1720 + "keySize" : 255, 1721 1721 + "pk" : "d3c9aa2f3d6ef217a166e8ae403ed436c37facbbe3beceb78df6eb439f8fa04a", 1722 1722 + "sk" : "d8aaad0749db159569a68b46048b3d3e8266e110150251c42806f0752a84e95b", 1723 1723 + "type" : "EDDSAKeyPair" 1724 1724 + }, 1725 1725 + "keyDer" : "302a300506032b6570032100d3c9aa2f3d6ef217a166e8ae403ed436c37facbbe3beceb78df6eb439f8fa04a", 1726 1726 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA08mqLz1u8hehZuiuQD7UNsN/rLvjvs63jfbrQ5+PoEo=\n-----END PUBLIC KEY-----\n", 1727 1727 + "type" : "EddsaVerify", 1728 1728 + "tests" : [ 1729 1729 + { 1730 1730 + "tcId" : 127, 1731 1731 + "comment" : "regression test for arithmetic error", 1732 1732 + "msg" : "619d8c4f2c93104be01cd574a385ceca08c33a9e", 1733 1733 + "sig" : "b7cbb942a6661e2312f79548224f3e44f5841c6e880c68340756a00ce94a914e8404858265985e6bb97ef01d2d7e5e41340309606bfc43c8c6a8f925126b3d09", 1734 1734 + "result" : "valid", 1735 1735 + "flags" : [] 1736 1736 + } 1737 1737 + ] 1738 1738 + }, 1739 1739 + { 1740 1740 + "jwk" : { 1741 1741 + "crv" : "Ed25519", 1742 1742 + "d" : "540mq1tybJ1N-x9jQIKr3tkEMqL9GAicfIUlOl0vx9A", 1743 1743 + "kid" : "none", 1744 1744 + "kty" : "OKP", 1745 1745 + "x" : "1TKANnwcC5WsQRIhi5LGpxxR-2MSzmaN4ZbH1SoTYVU" 1746 1746 + }, 1747 1747 + "key" : { 1748 1748 + "curve" : "edwards25519", 1749 1749 + "keySize" : 255, 1750 1750 + "pk" : "d53280367c1c0b95ac4112218b92c6a71c51fb6312ce668de196c7d52a136155", 1751 1751 + "sk" : "e78d26ab5b726c9d4dfb1f634082abded90432a2fd18089c7c85253a5d2fc7d0", 1752 1752 + "type" : "EDDSAKeyPair" 1753 1753 + }, 1754 1754 + "keyDer" : "302a300506032b6570032100d53280367c1c0b95ac4112218b92c6a71c51fb6312ce668de196c7d52a136155", 1755 1755 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA1TKANnwcC5WsQRIhi5LGpxxR+2MSzmaN4ZbH1SoTYVU=\n-----END PUBLIC KEY-----\n", 1756 1756 + "type" : "EddsaVerify", 1757 1757 + "tests" : [ 1758 1758 + { 1759 1759 + "tcId" : 128, 1760 1760 + "comment" : "regression test for arithmetic error", 1761 1761 + "msg" : "5257a0bae8326d259a6ce97420c65e6c2794afe2", 1762 1762 + "sig" : "27a4f24009e579173ff3064a6eff2a4d20224f8f85fdec982a9cf2e6a3b51537348a1d7851a3a932128a923a393ea84e6b35eb3473c32dceb9d7e9cab03a0f0d", 1763 1763 + "result" : "valid", 1764 1764 + "flags" : [] 1765 1765 + } 1766 1766 + ] 1767 1767 + }, 1768 1768 + { 1769 1769 + "jwk" : { 1770 1770 + "crv" : "Ed25519", 1771 1771 + "d" : "jnylbgfxQ4rDYV_Z7HeuY2edDsBZtFlf6_QL5Z2XagU", 1772 1772 + "kid" : "none", 1773 1773 + "kty" : "OKP", 1774 1774 + "x" : "lKwjNrqXpHb7TJ8rVWPkFnyiksbpnkIjUKkRrjFywxU" 1775 1775 + }, 1776 1776 + "key" : { 1777 1777 + "curve" : "edwards25519", 1778 1778 + "keySize" : 255, 1779 1779 + "pk" : "94ac2336ba97a476fb4c9f2b5563e4167ca292c6e99e422350a911ae3172c315", 1780 1780 + "sk" : "8e7ca56e07f1438ac3615fd9ec77ae63679d0ec059b4595febf40be59d976a05", 1781 1781 + "type" : "EDDSAKeyPair" 1782 1782 + }, 1783 1783 + "keyDer" : "302a300506032b657003210094ac2336ba97a476fb4c9f2b5563e4167ca292c6e99e422350a911ae3172c315", 1784 1784 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAlKwjNrqXpHb7TJ8rVWPkFnyiksbpnkIjUKkRrjFywxU=\n-----END PUBLIC KEY-----\n", 1785 1785 + "type" : "EddsaVerify", 1786 1786 + "tests" : [ 1787 1787 + { 1788 1788 + "tcId" : 129, 1789 1789 + "comment" : "regression test for arithmetic error", 1790 1790 + "msg" : "5acb6afc9b368f7acac0e71f6a4831c72d628405", 1791 1791 + "sig" : "985b605fe3f449f68081197a68c714da0bfbf6ac2ab9abb0508b6384ea4999cb8d79af98e86f589409e8d2609a8f8bd7e80aaa8d92a84e7737fbe8dcef41920a", 1792 1792 + "result" : "valid", 1793 1793 + "flags" : [] 1794 1794 + } 1795 1795 + ] 1796 1796 + }, 1797 1797 + { 1798 1798 + "jwk" : { 1799 1799 + "crv" : "Ed25519", 1800 1800 + "d" : "53Ulr1hWq531q7ZOUxJXa0mMwn9h8mbiHzguBSbU5vs", 1801 1801 + "kid" : "none", 1802 1802 + "kty" : "OKP", 1803 1803 + "x" : "4ecxbSMffydb30AzYDBNoVCf3xrx_SXKIU6qwKKJOY8" 1804 1804 + }, 1805 1805 + "key" : { 1806 1806 + "curve" : "edwards25519", 1807 1807 + "keySize" : 255, 1808 1808 + "pk" : "e1e7316d231f7f275bdf403360304da1509fdf1af1fd25ca214eaac0a289398f", 1809 1809 + "sk" : "e77525af5856ab9df5abb64e5312576b498cc27f61f266e21f382e0526d4e6fb", 1810 1810 + "type" : "EDDSAKeyPair" 1811 1811 + }, 1812 1812 + "keyDer" : "302a300506032b6570032100e1e7316d231f7f275bdf403360304da1509fdf1af1fd25ca214eaac0a289398f", 1813 1813 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA4ecxbSMffydb30AzYDBNoVCf3xrx/SXKIU6qwKKJOY8=\n-----END PUBLIC KEY-----\n", 1814 1814 + "type" : "EddsaVerify", 1815 1815 + "tests" : [ 1816 1816 + { 1817 1817 + "tcId" : 130, 1818 1818 + "comment" : "regression test for arithmetic error", 1819 1819 + "msg" : "3c87b3453277b353941591fc7eaa7dd37604b42a", 1820 1820 + "sig" : "1c8fbda3d39e2b441f06da6071c13115cb4115c7c3341704cf6513324d4cf1ef4a1dd7678a048b0dde84e48994d080befcd70854079d44b6a0b0f9fa002d130c", 1821 1821 + "result" : "valid", 1822 1822 + "flags" : [] 1823 1823 + } 1824 1824 + ] 1825 1825 + }, 1826 1826 + { 1827 1827 + "jwk" : { 1828 1828 + "crv" : "Ed25519", 1829 1829 + "d" : "H0MjWtcW8b63VKsPVG36k0SI_fdHK0k9fMPGA1MAXSQ", 1830 1830 + "kid" : "none", 1831 1831 + "kty" : "OKP", 1832 1832 + "x" : "__vupxIV76-YiP7CzGjts3A_8Rpm_WKbU8vaXqvBh1A" 1833 1833 + }, 1834 1834 + "key" : { 1835 1835 + "curve" : "edwards25519", 1836 1836 + "keySize" : 255, 1837 1837 + "pk" : "fffbeea71215efaf9888fec2cc68edb3703ff11a66fd629b53cbda5eabc18750", 1838 1838 + "sk" : "1f43235ad716f1beb754ab0f546dfa934488fdf7472b493d7cc3c60353005d24", 1839 1839 + "type" : "EDDSAKeyPair" 1840 1840 + }, 1841 1841 + "keyDer" : "302a300506032b6570032100fffbeea71215efaf9888fec2cc68edb3703ff11a66fd629b53cbda5eabc18750", 1842 1842 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA//vupxIV76+YiP7CzGjts3A/8Rpm/WKbU8vaXqvBh1A=\n-----END PUBLIC KEY-----\n", 1843 1843 + "type" : "EddsaVerify", 1844 1844 + "tests" : [ 1845 1845 + { 1846 1846 + "tcId" : 131, 1847 1847 + "comment" : "regression test for arithmetic error", 1848 1848 + "msg" : "0a68e27ef6847bfd9e398b328a0ded3679d4649d", 1849 1849 + "sig" : "59097233eb141ed948b4f3c28a9496b9a7eca77454ecfe7e46737d1449a0b76b15aacf77cf48af27a668aa4434cfa26c504d75a2bcc4feac46465446234c0508", 1850 1850 + "result" : "valid", 1851 1851 + "flags" : [] 1852 1852 + } 1853 1853 + ] 1854 1854 + }, 1855 1855 + { 1856 1856 + "jwk" : { 1857 1857 + "crv" : "Ed25519", 1858 1858 + "d" : "OXd4W5-MUyDlGjoW-MwixPfmSFdhf5VQFH-jXWhco08", 1859 1859 + "kid" : "none", 1860 1860 + "kty" : "OKP", 1861 1861 + "x" : "GczAUnWZywMuC0xNdOYPE5AXaKmd8EHDvBv2wO8nEWk" 1862 1862 + }, 1863 1863 + "key" : { 1864 1864 + "curve" : "edwards25519", 1865 1865 + "keySize" : 255, 1866 1866 + "pk" : "19ccc0527599cb032e0b4c4d74e60f13901768a99df041c3bc1bf6c0ef271169", 1867 1867 + "sk" : "3977785b9f8c5320e51a3a16f8cc22c4f7e64857617f9550147fa35d685ca34f", 1868 1868 + "type" : "EDDSAKeyPair" 1869 1869 + }, 1870 1870 + "keyDer" : "302a300506032b657003210019ccc0527599cb032e0b4c4d74e60f13901768a99df041c3bc1bf6c0ef271169", 1871 1871 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAGczAUnWZywMuC0xNdOYPE5AXaKmd8EHDvBv2wO8nEWk=\n-----END PUBLIC KEY-----\n", 1872 1872 + "type" : "EddsaVerify", 1873 1873 + "tests" : [ 1874 1874 + { 1875 1875 + "tcId" : 132, 1876 1876 + "comment" : "regression test for arithmetic error", 1877 1877 + "msg" : "4e9bef60737c7d4dd10bd52567e1473a36d3573d", 1878 1878 + "sig" : "519105608508fe2f1b6da4cc8b23e39798b1d18d25972beed0404cec722e01ba1b6a0f85e99e092cca8076b101b60d4ac5035684357f4d0daacdc642da742a06", 1879 1879 + "result" : "valid", 1880 1880 + "flags" : [] 1881 1881 + } 1882 1882 + ] 1883 1883 + }, 1884 1884 + { 1885 1885 + "jwk" : { 1886 1886 + "crv" : "Ed25519", 1887 1887 + "d" : "GqRBXF2wExvsb6GI0MI9SaZb95VlcVP66Ud34_Gbz1Q", 1888 1888 + "kid" : "none", 1889 1889 + "kty" : "OKP", 1890 1890 + "x" : "DnJuJwR1Y6oKGpwuCF2NJq8qy6Ep0IacZQMePmysMpo" 1891 1891 + }, 1892 1892 + "key" : { 1893 1893 + "curve" : "edwards25519", 1894 1894 + "keySize" : 255, 1895 1895 + "pk" : "0e726e27047563aa0a1a9c2e085d8d26af2acba129d0869c65031e3e6cac329a", 1896 1896 + "sk" : "1aa4415c5db0131bec6fa188d0c23d49a65bf795657153fae94777e3f19bcf54", 1897 1897 + "type" : "EDDSAKeyPair" 1898 1898 + }, 1899 1899 + "keyDer" : "302a300506032b65700321000e726e27047563aa0a1a9c2e085d8d26af2acba129d0869c65031e3e6cac329a", 1900 1900 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEADnJuJwR1Y6oKGpwuCF2NJq8qy6Ep0IacZQMePmysMpo=\n-----END PUBLIC KEY-----\n", 1901 1901 + "type" : "EddsaVerify", 1902 1902 + "tests" : [ 1903 1903 + { 1904 1904 + "tcId" : 133, 1905 1905 + "comment" : "regression test for arithmetic error", 1906 1906 + "msg" : "cc82b3163efda3ba7e9240e765112caa69113694", 1907 1907 + "sig" : "d8b03ee579e73f16477527fc9dc37a72eaac0748a733772c483ba013944f01ef64fb4ec5e3a95021dc22f4ae282baff6e9b9cc8433c6b6710d82e7397d72ef04", 1908 1908 + "result" : "valid", 1909 1909 + "flags" : [] 1910 1910 + } 1911 1911 + ] 1912 1912 + }, 1913 1913 + { 1914 1914 + "jwk" : { 1915 1915 + "crv" : "Ed25519", 1916 1916 + "d" : "D7doClDT8pQAd-pN_LfrBAoSXE9LXc76FtOvlo_I5d4", 1917 1917 + "kid" : "none", 1918 1918 + "kty" : "OKP", 1919 1919 + "x" : "53cXtUorXlvOW8y48MX9tf1993rCVAIPyRINwNTfQXg" 1920 1920 + }, 1921 1921 + "key" : { 1922 1922 + "curve" : "edwards25519", 1923 1923 + "keySize" : 255, 1924 1924 + "pk" : "e77717b54a2b5e5bce5bccb8f0c5fdb5fd7df77ac254020fc9120dc0d4df4178", 1925 1925 + "sk" : "0fb7680a50d3f2940077ea4dfcb7eb040a125c4f4b5dcefa16d3af968fc8e5de", 1926 1926 + "type" : "EDDSAKeyPair" 1927 1927 + }, 1928 1928 + "keyDer" : "302a300506032b6570032100e77717b54a2b5e5bce5bccb8f0c5fdb5fd7df77ac254020fc9120dc0d4df4178", 1929 1929 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA53cXtUorXlvOW8y48MX9tf1993rCVAIPyRINwNTfQXg=\n-----END PUBLIC KEY-----\n", 1930 1930 + "type" : "EddsaVerify", 1931 1931 + "tests" : [ 1932 1932 + { 1933 1933 + "tcId" : 134, 1934 1934 + "comment" : "regression test for arithmetic error", 1935 1935 + "msg" : "923a5c9e7b5635bb6c32c5a408a4a15b652450eb", 1936 1936 + "sig" : "26da61fdfd38e6d01792813f27840c8b4766b0faaed39d0ee898cb450d94a5d5f57e58b6a003d7f9b56b20561954c6edcf66492d116b8b5e91f205a3a6449d0b", 1937 1937 + "result" : "valid", 1938 1938 + "flags" : [] 1939 1939 + } 1940 1940 + ] 1941 1941 + }, 1942 1942 + { 1943 1943 + "jwk" : { 1944 1944 + "crv" : "Ed25519", 1945 1945 + "d" : "4iLERNa8ikeWoNWi1x0ZuYhFzFbjnKr4Iz6kxrBwTwk", 1946 1946 + "kid" : "none", 1947 1947 + "kty" : "OKP", 1948 1948 + "x" : "YiCXLT99FQs2eQ19UiOEh21k1kDNmRMYaBXhYpWC7TY" 1949 1949 + }, 1950 1950 + "key" : { 1951 1951 + "curve" : "edwards25519", 1952 1952 + "keySize" : 255, 1953 1953 + "pk" : "6220972d3f7d150b36790d7d522384876d64d640cd9913186815e1629582ed36", 1954 1954 + "sk" : "e222c444d6bc8a4796a0d5a2d71d19b98845cc56e39caaf8233ea4c6b0704f09", 1955 1955 + "type" : "EDDSAKeyPair" 1956 1956 + }, 1957 1957 + "keyDer" : "302a300506032b65700321006220972d3f7d150b36790d7d522384876d64d640cd9913186815e1629582ed36", 1958 1958 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAYiCXLT99FQs2eQ19UiOEh21k1kDNmRMYaBXhYpWC7TY=\n-----END PUBLIC KEY-----\n", 1959 1959 + "type" : "EddsaVerify", 1960 1960 + "tests" : [ 1961 1961 + { 1962 1962 + "tcId" : 135, 1963 1963 + "comment" : "regression test for arithmetic error", 1964 1964 + "msg" : "6f2f0245de4587062979d0422d349f93ccdc3af2", 1965 1965 + "sig" : "4adeaff7a58c5010a5a067feea0ae504d37b0c6a76c6c153e222f13409dff2df0fab69bc5059b97d925dc1b89e9851d7c627cb82d65585f9fd976124553f8902", 1966 1966 + "result" : "valid", 1967 1967 + "flags" : [] 1968 1968 + } 1969 1969 + ] 1970 1970 + }, 1971 1971 + { 1972 1972 + "jwk" : { 1973 1973 + "crv" : "Ed25519", 1974 1974 + "d" : "qJ6hhHa5rZDLFLix_yR3fk69AVvIEKYHhakVTazzvlI", 1975 1975 + "kid" : "none", 1976 1976 + "kty" : "OKP", 1977 1977 + "x" : "e2SijFDsdnipDj4aIVIuMKydt7UhWuor-zO-oDfquYc" 1978 1978 + }, 1979 1979 + "key" : { 1980 1980 + "curve" : "edwards25519", 1981 1981 + "keySize" : 255, 1982 1982 + "pk" : "7b64a28c50ec7678a90e3e1a21522e30ac9db7b5215aea2bfb33bea037eab987", 1983 1983 + "sk" : "a89ea18476b9ad90cb14b8b1ff24777e4ebd015bc810a60785a9154dacf3be52", 1984 1984 + "type" : "EDDSAKeyPair" 1985 1985 + }, 1986 1986 + "keyDer" : "302a300506032b65700321007b64a28c50ec7678a90e3e1a21522e30ac9db7b5215aea2bfb33bea037eab987", 1987 1987 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAe2SijFDsdnipDj4aIVIuMKydt7UhWuor+zO+oDfquYc=\n-----END PUBLIC KEY-----\n", 1988 1988 + "type" : "EddsaVerify", 1989 1989 + "tests" : [ 1990 1990 + { 1991 1991 + "tcId" : 136, 1992 1992 + "comment" : "regression test for arithmetic error", 1993 1993 + "msg" : "6e911edb27a170b983d4dee1110554f804330f41", 1994 1994 + "sig" : "4204d620cde0c3008c0b2901f5d6b44f88f0e3cb4f4d62252bf6f3cb37c1fb150a9ccb296afe5e7c75f65b5c8edd13dc4910ffe1e1265b3707c59042cf9a5902", 1995 1995 + "result" : "valid", 1996 1996 + "flags" : [] 1997 1997 + } 1998 1998 + ] 1999 1999 + }, 2000 2000 + { 2001 2001 + "jwk" : { 2002 2002 + "crv" : "Ed25519", 2003 2003 + "d" : "abHaVs3o0WdsKowOf5XH0L9gc579EwTdLMsCcp0Xoiw", 2004 2004 + "kid" : "none", 2005 2005 + "kty" : "OKP", 2006 2006 + "x" : "ckRSIQqeTJlIGSKb8Sv4TpV2ijqXwI2Nj1-TmkytNMU" 2007 2007 + }, 2008 2008 + "key" : { 2009 2009 + "curve" : "edwards25519", 2010 2010 + "keySize" : 255, 2011 2011 + "pk" : "724452210a9e4c994819229bf12bf84e95768a3a97c08d8d8f5f939a4cad34c5", 2012 2012 + "sk" : "69b1da56cde8d1676c2a8c0e7f95c7d0bf60739efd1304dd2ccb02729d17a22c", 2013 2013 + "type" : "EDDSAKeyPair" 2014 2014 + }, 2015 2015 + "keyDer" : "302a300506032b6570032100724452210a9e4c994819229bf12bf84e95768a3a97c08d8d8f5f939a4cad34c5", 2016 2016 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAckRSIQqeTJlIGSKb8Sv4TpV2ijqXwI2Nj1+TmkytNMU=\n-----END PUBLIC KEY-----\n", 2017 2017 + "type" : "EddsaVerify", 2018 2018 + "tests" : [ 2019 2019 + { 2020 2020 + "tcId" : 137, 2021 2021 + "comment" : "regression test for arithmetic error", 2022 2022 + "msg" : "b8cf807eea809aaf739aa091f3b7a3f2fd39fb51", 2023 2023 + "sig" : "f8a69d3fd8c2ff0a9dec41e4c6b43675ce08366a35e220b1185ffc246c339e22c20ac661e866f52054015efd04f42eca2adcee6834c4df923b4a62576e4dff0e", 2024 2024 + "result" : "valid", 2025 2025 + "flags" : [] 2026 2026 + } 2027 2027 + ] 2028 2028 + }, 2029 2029 + { 2030 2030 + "jwk" : { 2031 2031 + "crv" : "Ed25519", 2032 2032 + "d" : "szImXPlVlfDJAiFZO1orPFdNYNxjTd_2GG8O7XmAo4M", 2033 2033 + "kid" : "none", 2034 2034 + "kty" : "OKP", 2035 2035 + "x" : "utJlspTtL0IstqFBaUCGI4-_6YdXGqdl2LTzokEFqgE" 2036 2036 + }, 2037 2037 + "key" : { 2038 2038 + "curve" : "edwards25519", 2039 2039 + "keySize" : 255, 2040 2040 + "pk" : "bad265b294ed2f422cb6a141694086238fbfe987571aa765d8b4f3a24105aa01", 2041 2041 + "sk" : "b332265cf95595f0c90221593b5a2b3c574d60dc634ddff6186f0eed7980a383", 2042 2042 + "type" : "EDDSAKeyPair" 2043 2043 + }, 2044 2044 + "keyDer" : "302a300506032b6570032100bad265b294ed2f422cb6a141694086238fbfe987571aa765d8b4f3a24105aa01", 2045 2045 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAutJlspTtL0IstqFBaUCGI4+/6YdXGqdl2LTzokEFqgE=\n-----END PUBLIC KEY-----\n", 2046 2046 + "type" : "EddsaVerify", 2047 2047 + "tests" : [ 2048 2048 + { 2049 2049 + "tcId" : 138, 2050 2050 + "comment" : "regression test for arithmetic error", 2051 2051 + "msg" : "01a2b5f7fee813b4e9bd7fc25137648004795010", 2052 2052 + "sig" : "61792c9442bc6338ac41fd42a40bee9b02ec1836503d60ff725128c63d72808880c36e6190b7da525cbee5d12900aa043547dd14a2709ef9e49d628f37f6b70c", 2053 2053 + "result" : "valid", 2054 2054 + "flags" : [] 2055 2055 + } 2056 2056 + ] 2057 2057 + }, 2058 2058 + { 2059 2059 + "jwk" : { 2060 2060 + "crv" : "Ed25519", 2061 2061 + "d" : "-uyXZLNp3w7xCJDdAixQLlUaMiK0PoQpRVSWx2_upF0", 2062 2062 + "kid" : "none", 2063 2063 + "kty" : "OKP", 2064 2064 + "x" : "Cq7ktyPbm1G6fSLrI-uKdqWsAvT8ndBvd76kLh037Fo" 2065 2065 + }, 2066 2066 + "key" : { 2067 2067 + "curve" : "edwards25519", 2068 2068 + "keySize" : 255, 2069 2069 + "pk" : "0aaee4b723db9b51ba7d22eb23eb8a76a5ac02f4fc9dd06f77bea42e1d37ec5a", 2070 2070 + "sk" : "faec9764b369df0ef10890dd022c502e551a3222b43e8429455496c76feea45d", 2071 2071 + "type" : "EDDSAKeyPair" 2072 2072 + }, 2073 2073 + "keyDer" : "302a300506032b65700321000aaee4b723db9b51ba7d22eb23eb8a76a5ac02f4fc9dd06f77bea42e1d37ec5a", 2074 2074 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEACq7ktyPbm1G6fSLrI+uKdqWsAvT8ndBvd76kLh037Fo=\n-----END PUBLIC KEY-----\n", 2075 2075 + "type" : "EddsaVerify", 2076 2076 + "tests" : [ 2077 2077 + { 2078 2078 + "tcId" : 139, 2079 2079 + "comment" : "regression test for arithmetic error", 2080 2080 + "msg" : "0fbf5d47cb5d498feace8f98f1896208da38a885", 2081 2081 + "sig" : "fa3cd41e3a8c00b19eecd404a63c3cb787cd30de0dfc936966cff2117f5aff18db6bef80fcfd8856f3fb2e9c3dc47593e9471103032af918feee638a33d40505", 2082 2082 + "result" : "valid", 2083 2083 + "flags" : [] 2084 2084 + } 2085 2085 + ] 2086 2086 + }, 2087 2087 + { 2088 2088 + "jwk" : { 2089 2089 + "crv" : "Ed25519", 2090 2090 + "d" : "TrGeJ496MKBqfVXkLER3X0qBt6RcBRKq4CYmLnF3Daw", 2091 2091 + "kid" : "none", 2092 2092 + "kty" : "OKP", 2093 2093 + "x" : "gSNErxWpG6g8LJHpbxcnrA88TEE4W5-oTvo5mtpRaL4" 2094 2094 + }, 2095 2095 + "key" : { 2096 2096 + "curve" : "edwards25519", 2097 2097 + "keySize" : 255, 2098 2098 + "pk" : "812344af15a91ba83c2c91e96f1727ac0f3c4c41385b9fa84efa399ada5168be", 2099 2099 + "sk" : "4eb19e278f7a30a06a7d55e42c44775f4a81b7a45c0512aae026262e71770dac", 2100 2100 + "type" : "EDDSAKeyPair" 2101 2101 + }, 2102 2102 + "keyDer" : "302a300506032b6570032100812344af15a91ba83c2c91e96f1727ac0f3c4c41385b9fa84efa399ada5168be", 2103 2103 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAgSNErxWpG6g8LJHpbxcnrA88TEE4W5+oTvo5mtpRaL4=\n-----END PUBLIC KEY-----\n", 2104 2104 + "type" : "EddsaVerify", 2105 2105 + "tests" : [ 2106 2106 + { 2107 2107 + "tcId" : 140, 2108 2108 + "comment" : "regression test for arithmetic error", 2109 2109 + "msg" : "36e67c1939750bffb3e4ba6cb85562612275e862", 2110 2110 + "sig" : "97fbbcd7a1d0eb42d2f8c42448ef35a2c2472740556b645547865330d6c57068af377fced08aaf810c08cd3c43d296f1975710312e9334c98b485f831efa4103", 2111 2111 + "result" : "valid", 2112 2112 + "flags" : [] 2113 2113 + } 2114 2114 + ] 2115 2115 + }, 2116 2116 + { 2117 2117 + "jwk" : { 2118 2118 + "crv" : "Ed25519", 2119 2119 + "d" : "GZjVlJyrNloA-Cjn0XsGxwjTP-8AMdNTpOFb9yIqc7A", 2120 2120 + "kid" : "none", 2121 2121 + "kty" : "OKP", 2122 2122 + "x" : "DuXLVZf7343MxIsBSF45szqhM7UtMNI3QCdyZ8_sPj4" 2123 2123 + }, 2124 2124 + "key" : { 2125 2125 + "curve" : "edwards25519", 2126 2126 + "keySize" : 255, 2127 2127 + "pk" : "0ee5cb5597fbdf8dccc48b01485e39b33aa133b52d30d23740277267cfec3e3e", 2128 2128 + "sk" : "1998d5949cab365a00f828e7d17b06c708d33fef0031d353a4e15bf7222a73b0", 2129 2129 + "type" : "EDDSAKeyPair" 2130 2130 + }, 2131 2131 + "keyDer" : "302a300506032b65700321000ee5cb5597fbdf8dccc48b01485e39b33aa133b52d30d23740277267cfec3e3e", 2132 2132 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEADuXLVZf7343MxIsBSF45szqhM7UtMNI3QCdyZ8/sPj4=\n-----END PUBLIC KEY-----\n", 2133 2133 + "type" : "EddsaVerify", 2134 2134 + "tests" : [ 2135 2135 + { 2136 2136 + "tcId" : 141, 2137 2137 + "comment" : "regression test for arithmetic error", 2138 2138 + "msg" : "13945c894c1d3fe8562e8b20e5f0efaa26ade8e3", 2139 2139 + "sig" : "d7dbaa337ffd2a5fd8d5fd8ad5aeccc0c0f83795c2c59fe62a40b87903b1ae62ed748a8df5af4d32f9f822a65d0e498b6f40eaf369a9342a1164ee7d08b58103", 2140 2140 + "result" : "valid", 2141 2141 + "flags" : [] 2142 2142 + } 2143 2143 + ] 2144 2144 + }, 2145 2145 + { 2146 2146 + "jwk" : { 2147 2147 + "crv" : "Ed25519", 2148 2148 + "d" : "YWRnYRTGa9mIfaw0HGYgncWHzPDMXNm6_9-skpWgDEo", 2149 2149 + "kid" : "none", 2150 2150 + "kty" : "OKP", 2151 2151 + "x" : "n7od6StgtbRwMIl2PQ1vkSXk3X765B8IoiiCrvloksQ" 2152 2152 + }, 2153 2153 + "key" : { 2154 2154 + "curve" : "edwards25519", 2155 2155 + "keySize" : 255, 2156 2156 + "pk" : "9fba1de92b60b5b4703089763d0d6f9125e4dd7efae41f08a22882aef96892c4", 2157 2157 + "sk" : "6164676114c66bd9887dac341c66209dc587ccf0cc5cd9baffdfac9295a00c4a", 2158 2158 + "type" : "EDDSAKeyPair" 2159 2159 + }, 2160 2160 + "keyDer" : "302a300506032b65700321009fba1de92b60b5b4703089763d0d6f9125e4dd7efae41f08a22882aef96892c4", 2161 2161 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAn7od6StgtbRwMIl2PQ1vkSXk3X765B8IoiiCrvloksQ=\n-----END PUBLIC KEY-----\n", 2162 2162 + "type" : "EddsaVerify", 2163 2163 + "tests" : [ 2164 2164 + { 2165 2165 + "tcId" : 142, 2166 2166 + "comment" : "regression test for arithmetic error", 2167 2167 + "msg" : "4de142af4b8402f80a47fa812df84f42e283cee7", 2168 2168 + "sig" : "09a2ed303a2fa7027a1dd7c3b0d25121eeed2b644a2fbc17aa0c8aea4524071ede7e7dd7a536d5497f8165d29e4e1b63200f74bbae39fbbbccb29889c62c1f09", 2169 2169 + "result" : "valid", 2170 2170 + "flags" : [] 2171 2171 + } 2172 2172 + ] 2173 2173 + }, 2174 2174 + { 2175 2175 + "jwk" : { 2176 2176 + "crv" : "Ed25519", 2177 2177 + "d" : "SwvQOgOyAGnMvMIUp0SEc_TnpJH6fOtI3b4kyDxKpLs", 2178 2178 + "kid" : "none", 2179 2179 + "kty" : "OKP", 2180 2180 + "x" : "dYKrG1LhMW5cE2cfQ7Oco2soEzzQgygxvN3QsPIzmMs" 2181 2181 + }, 2182 2182 + "key" : { 2183 2183 + "curve" : "edwards25519", 2184 2184 + "keySize" : 255, 2185 2185 + "pk" : "7582ab1b52e1316e5c13671f43b39ca36b28133cd0832831bcddd0b0f23398cb", 2186 2186 + "sk" : "4b0bd03a03b20069ccbcc214a7448473f4e7a491fa7ceb48ddbe24c83c4aa4bb", 2187 2187 + "type" : "EDDSAKeyPair" 2188 2188 + }, 2189 2189 + "keyDer" : "302a300506032b65700321007582ab1b52e1316e5c13671f43b39ca36b28133cd0832831bcddd0b0f23398cb", 2190 2190 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAdYKrG1LhMW5cE2cfQ7Oco2soEzzQgygxvN3QsPIzmMs=\n-----END PUBLIC KEY-----\n", 2191 2191 + "type" : "EddsaVerify", 2192 2192 + "tests" : [ 2193 2193 + { 2194 2194 + "tcId" : 143, 2195 2195 + "comment" : "regression test for arithmetic error", 2196 2196 + "msg" : "563357f41b8b23b1d83f19f5667177a67da20b18", 2197 2197 + "sig" : "e6884a6e6b2e60a0b5862251c001e7c79d581d777d6fc11d218d0aecd79f26a30e2ca22cc7c4674f8b72655bc4ee5cb5494ca07c05177656142ac55cc9d33e02", 2198 2198 + "result" : "valid", 2199 2199 + "flags" : [] 2200 2200 + } 2201 2201 + ] 2202 2202 + }, 2203 2203 + { 2204 2204 + "jwk" : { 2205 2205 + "crv" : "Ed25519", 2206 2206 + "d" : "L854cL4fOS0h-x0jUOx4d9uKqZs1n-W91TOP81p5HRw", 2207 2207 + "kid" : "none", 2208 2208 + "kty" : "OKP", 2209 2209 + "x" : "3S1ni64iLz-26CePCMyeGmYznJJsKawKFvlxf17hjNg" 2210 2210 + }, 2211 2211 + "key" : { 2212 2212 + "curve" : "edwards25519", 2213 2213 + "keySize" : 255, 2214 2214 + "pk" : "dd2d678bae222f3fb6e8278f08cc9e1a66339c926c29ac0a16f9717f5ee18cd8", 2215 2215 + "sk" : "2fce7870be1f392d21fb1d2350ec7877db8aa99b359fe5bdd5338ff35a791d1c", 2216 2216 + "type" : "EDDSAKeyPair" 2217 2217 + }, 2218 2218 + "keyDer" : "302a300506032b6570032100dd2d678bae222f3fb6e8278f08cc9e1a66339c926c29ac0a16f9717f5ee18cd8", 2219 2219 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA3S1ni64iLz+26CePCMyeGmYznJJsKawKFvlxf17hjNg=\n-----END PUBLIC KEY-----\n", 2220 2220 + "type" : "EddsaVerify", 2221 2221 + "tests" : [ 2222 2222 + { 2223 2223 + "tcId" : 144, 2224 2224 + "comment" : "regression test for arithmetic error", 2225 2225 + "msg" : "931bbf9c877a6571cf7d4609fc3eb867edd43f51", 2226 2226 + "sig" : "6124c206d864507ea5d984b363b4cf583314db6856a45ded5e61eebff4d5e337e0b4c82b445ae2e52d549d2d961eace2ea01f81158e09a9686baa040db65ad08", 2227 2227 + "result" : "valid", 2228 2228 + "flags" : [] 2229 2229 + } 2230 2230 + ] 2231 2231 + }, 2232 2232 + { 2233 2233 + "jwk" : { 2234 2234 + "crv" : "Ed25519", 2235 2235 + "d" : "qazkIZXduzoW82ayTdnTeooEPtLmAB9UZSKWdQN5Nn0", 2236 2236 + "kid" : "none", 2237 2237 + "kty" : "OKP", 2238 2238 + "x" : "zL58suS8IVzuL4heHSL34NWCsru9eCwQTlSLFS0m_Gk" 2239 2239 + }, 2240 2240 + "key" : { 2241 2241 + "curve" : "edwards25519", 2242 2242 + "keySize" : 255, 2243 2243 + "pk" : "ccbe7cb2e4bc215cee2f885e1d22f7e0d582b2bbbd782c104e548b152d26fc69", 2244 2244 + "sk" : "a9ace42195ddbb3a16f366b24dd9d37a8a043ed2e6001f54652296750379367d", 2245 2245 + "type" : "EDDSAKeyPair" 2246 2246 + }, 2247 2247 + "keyDer" : "302a300506032b6570032100ccbe7cb2e4bc215cee2f885e1d22f7e0d582b2bbbd782c104e548b152d26fc69", 2248 2248 + "keyPem" : "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAzL58suS8IVzuL4heHSL34NWCsru9eCwQTlSLFS0m/Gk=\n-----END PUBLIC KEY-----\n", 2249 2249 + "type" : "EddsaVerify", 2250 2250 + "tests" : [ 2251 2251 + { 2252 2252 + "tcId" : 145, 2253 2253 + "comment" : "regression test for arithmetic error", 2254 2254 + "msg" : "44530b0b34f598767a7b875b0caee3c7b9c502d1", 2255 2255 + "sig" : "cfbd450a2c83cb8436c348822fe3ee347d4ee937b7f2ea11ed755cc52852407c9eec2c1fa30d2f9aef90e89b2cc3bcef2b1b9ca59f712110d19894a9cf6a2802", 2256 2256 + "result" : "valid", 2257 2257 + "flags" : [] 2258 2258 + } 2259 2259 + ] 2260 2260 + } 2261 2261 + ] 2262 2262 + }

+239 -52

tests/test_ec.ml

reviewed

··· 1 1 + open Mirage_crypto_ec 2 2 + 1 3 module Testable = struct 2 2 - let fiat_error = Alcotest.testable Mirage_crypto_ec.pp_error ( = ) 3 3 - 4 4 - let ok_or_error = Alcotest.result Alcotest.unit fiat_error 4 4 + let ok_or_error = 5 5 + Alcotest.result Alcotest.unit (Alcotest.testable pp_error ( = )) 5 6 end 6 7 7 8 let key_pair_of_hex h = 8 8 - Mirage_crypto_ec.P256.Dh.gen_key ~rng:(fun _ -> Hex.to_cstruct h) 9 9 + P256.Dh.gen_key ~rng:(fun _ -> Hex.to_cstruct h) 9 10 10 11 let scalar_of_hex h = fst (key_pair_of_hex h) 11 12 ··· 18 19 19 20 let pp_result ppf = function 20 21 | Ok cs -> pp_hex_le ppf cs 21 21 - | Error e -> Format.fprintf ppf "%a" Mirage_crypto_ec.pp_error e 22 22 + | Error e -> Format.fprintf ppf "%a" pp_error e 22 23 23 24 let key_exchange = 24 25 let test ~name d p ~expected = 25 26 ( name, 26 27 `Quick, 27 28 fun () -> 28 28 - Mirage_crypto_ec.P256.Dh.key_exchange d p 29 29 + P256.Dh.key_exchange d p 29 30 |> Format.asprintf "%a" pp_result 30 31 |> Alcotest.check Alcotest.string __LOC__ expected ) 31 32 in ··· 59 60 ( Printf.sprintf "Scalar mult (#%d)" n, 60 61 `Quick, 61 62 fun () -> 62 62 - Mirage_crypto_ec.P256.Dh.key_exchange scalar point 63 63 + P256.Dh.key_exchange scalar point 63 64 |> Format.asprintf "%a" pp_result 64 65 |> Alcotest.check Alcotest.string __LOC__ expected ) 65 66 in ··· 133 134 ( name, 134 135 `Quick, 135 136 fun () -> 136 136 - Mirage_crypto_ec.P256.Dh.key_exchange scalar point 137 137 + P256.Dh.key_exchange scalar point 137 138 |> to_ok_or_error 138 139 |> Alcotest.check Testable.ok_or_error __LOC__ expected ) 139 140 in ··· 186 187 ( name, 187 188 `Quick, 188 189 fun () -> 189 189 - let _, _ = Mirage_crypto_ec.P256.Dh.gen_key ~rng in 190 190 + let _, _ = P256.Dh.gen_key ~rng in 190 191 let got = !ncalls in 191 192 Alcotest.check Alcotest.int __LOC__ expected got ) 192 193 in ··· 216 217 let ecdsa_gen () = 217 218 let d = Cstruct.of_hex "C477F9F6 5C22CCE2 0657FAA5 B2D1D812 2336F851 A508A1ED 04E479C3 4985BF96" in 218 219 let p = match 219 219 - Mirage_crypto_ec.P256.Dsa.pub_of_cstruct 220 220 + P256.Dsa.pub_of_cstruct 220 221 (Cstruct.of_hex {|04 221 222 B7E08AFD FE94BAD3 F1DC8C73 4798BA1C 62B3A0AD 1E9EA2A3 8201CD08 89BC7A19 222 223 3603F747 959DBF7A 4BB226E4 19287290 63ADC7AE 43529E61 B563BBC6 06CC5E09|}) ··· 224 225 | Ok a -> a 225 226 | Error _ -> assert false 226 227 in 227 227 - let _priv, pub = Mirage_crypto_ec.P256.Dsa.generate ~rng:(fun _ -> d) in 228 228 + let _priv, pub = P256.Dsa.generate ~rng:(fun _ -> d) in 228 229 let pub_eq a b = 229 229 - Cstruct.equal 230 230 - (Mirage_crypto_ec.P256.Dsa.pub_to_cstruct a) 231 231 - (Mirage_crypto_ec.P256.Dsa.pub_to_cstruct b) 230 230 + Cstruct.equal (P256.Dsa.pub_to_cstruct a) (P256.Dsa.pub_to_cstruct b) 232 231 in 233 232 Alcotest.(check bool __LOC__ true (pub_eq pub p)) 234 233 ··· 240 239 let r = Cstruct.of_hex "2B42F576 D07F4165 FF65D1F3 B1500F81 E44C316F 1F0B3EF5 7325B69A CA46104F" 241 240 and s = Cstruct.of_hex "DC42C212 2D6392CD 3E3A993A 89502A81 98C1886F E69D262C 4B329BDB 6B63FAF1" 242 241 in 243 243 - let key, _pub = Mirage_crypto_ec.P256.Dsa.generate ~rng:(fun _ -> d) in 244 244 - let (r', s') = Mirage_crypto_ec.P256.Dsa.sign ~key ~k e in 242 242 + let key, _pub = P256.Dsa.generate ~rng:(fun _ -> d) in 243 243 + let (r', s') = P256.Dsa.sign ~key ~k e in 245 244 Alcotest.(check bool __LOC__ true (Cstruct.equal r r' && Cstruct.equal s s')) 246 245 247 246 let ecdsa_verify () = 248 247 let key = 249 249 - match Mirage_crypto_ec.P256.Dsa.pub_of_cstruct 248 248 + match P256.Dsa.pub_of_cstruct 250 249 (Cstruct.of_hex {|04 251 250 B7E08AFD FE94BAD3 F1DC8C73 4798BA1C 62B3A0AD 1E9EA2A3 8201CD08 89BC7A19 252 251 3603F747 959DBF7A 4BB226E4 19287290 63ADC7AE 43529E61 B563BBC6 06CC5E09|}) ··· 257 256 and r = Cstruct.of_hex "2B42F576 D07F4165 FF65D1F3 B1500F81 E44C316F 1F0B3EF5 7325B69A CA46104F" 258 257 and s = Cstruct.of_hex "DC42C212 2D6392CD 3E3A993A 89502A81 98C1886F E69D262C 4B329BDB 6B63FAF1" 259 258 in 260 260 - Alcotest.(check bool __LOC__ true (Mirage_crypto_ec.P256.Dsa.verify ~key (r, s) e)) 259 259 + Alcotest.(check bool __LOC__ true (P256.Dsa.verify ~key (r, s) e)) 261 260 262 261 let ecdsa = [ 263 262 (* from https://csrc.nist.rip/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf *) ··· 270 269 (* A.2.4 - P 224 *) 271 270 let priv, pub = 272 271 let data = Cstruct.of_hex "F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1" in 273 273 - Mirage_crypto_ec.P224.Dsa.generate ~rng:(fun _ -> data) 272 272 + P224.Dsa.generate ~rng:(fun _ -> data) 274 273 in 275 274 let pub_rfc () = 276 275 let fst = Cstruct.create 1 in ··· 278 277 let ux = Cstruct.of_hex "00CF08DA5AD719E42707FA431292DEA11244D64FC51610D94B130D6C" 279 278 and uy = Cstruct.of_hex "EEAB6F3DEBE455E3DBF85416F7030CBD94F34F2D6F232C69F3C1385A" 280 279 in 281 281 - match Mirage_crypto_ec.P224.Dsa.pub_of_cstruct (Cstruct.concat [ fst ; ux ; uy ]) with 280 280 + match P224.Dsa.pub_of_cstruct (Cstruct.concat [ fst ; ux ; uy ]) with 282 281 | Ok p -> 283 282 let pub_eq = 284 284 - Cstruct.equal 285 285 - (Mirage_crypto_ec.P224.Dsa.pub_to_cstruct pub) 286 286 - (Mirage_crypto_ec.P224.Dsa.pub_to_cstruct p) 283 283 + Cstruct.equal (P224.Dsa.pub_to_cstruct pub) (P224.Dsa.pub_to_cstruct p) 287 284 in 288 285 Alcotest.(check bool __LOC__ true pub_eq) 289 286 | Error _ -> Alcotest.fail "bad public key" ··· 296 293 in 297 294 let k' = 298 295 let module H = (val (Mirage_crypto.Hash.module_of hash)) in 299 299 - let module K = Mirage_crypto_ec.P224.Dsa.K_gen (H) in 296 296 + let module K = P224.Dsa.K_gen (H) in 300 297 K.generate ~key:priv msg 301 298 in 302 299 Alcotest.(check bool __LOC__ true (Cstruct.equal k k')); 303 300 let sig_eq (r', s') = 304 301 Cstruct.equal (Cstruct.of_hex r) r' && Cstruct.equal (Cstruct.of_hex s) s' 305 302 in 306 306 - let sig' = Mirage_crypto_ec.P224.Dsa.sign ~key:priv ~k msg in 303 303 + let sig' = P224.Dsa.sign ~key:priv ~k msg in 307 304 Alcotest.(check bool __LOC__ true (sig_eq sig')) 308 305 in 309 306 let cases = [ ··· 366 363 (* A.2.5 - P 256 *) 367 364 let priv, pub = 368 365 let data = Cstruct.of_hex "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721" in 369 369 - Mirage_crypto_ec.P256.Dsa.generate ~rng:(fun _ -> data) 366 366 + P256.Dsa.generate ~rng:(fun _ -> data) 370 367 in 371 368 let pub_rfc () = 372 369 let fst = Cstruct.create 1 in ··· 374 371 let ux = Cstruct.of_hex "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6" 375 372 and uy = Cstruct.of_hex "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299" 376 373 in 377 377 - match Mirage_crypto_ec.P256.Dsa.pub_of_cstruct (Cstruct.concat [ fst ; ux ; uy ]) with 374 374 + match P256.Dsa.pub_of_cstruct (Cstruct.concat [ fst ; ux ; uy ]) with 378 375 | Ok p -> 379 376 let pub_eq = 380 380 - Cstruct.equal 381 381 - (Mirage_crypto_ec.P256.Dsa.pub_to_cstruct pub) 382 382 - (Mirage_crypto_ec.P256.Dsa.pub_to_cstruct p) 377 377 + Cstruct.equal (P256.Dsa.pub_to_cstruct pub) (P256.Dsa.pub_to_cstruct p) 383 378 in 384 379 Alcotest.(check bool __LOC__ true pub_eq) 385 380 | Error _ -> Alcotest.fail "bad public key" ··· 392 387 in 393 388 let k' = 394 389 let module H = (val (Mirage_crypto.Hash.module_of hash)) in 395 395 - let module K = Mirage_crypto_ec.P256.Dsa.K_gen (H) in 390 390 + let module K = P256.Dsa.K_gen (H) in 396 391 K.generate ~key:priv msg 397 392 in 398 393 Alcotest.(check bool __LOC__ true (Cstruct.equal k k')); 399 394 let sig_eq (r', s') = 400 395 Cstruct.equal (Cstruct.of_hex r) r' && Cstruct.equal (Cstruct.of_hex s) s' 401 396 in 402 402 - let sig' = Mirage_crypto_ec.P256.Dsa.sign ~key:priv ~k msg in 397 397 + let sig' = P256.Dsa.sign ~key:priv ~k msg in 403 398 Alcotest.(check bool __LOC__ true (sig_eq sig')) 404 399 in 405 400 let cases = [ ··· 451 446 (* A.2.6 - P 384 *) 452 447 let priv, pub = 453 448 let data = Cstruct.of_hex "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5" in 454 454 - Mirage_crypto_ec.P384.Dsa.generate ~rng:(fun _ -> data) 449 449 + P384.Dsa.generate ~rng:(fun _ -> data) 455 450 in 456 451 let pub_rfc () = 457 452 let fst = Cstruct.create 1 in ··· 459 454 let ux = Cstruct.of_hex "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64DEF8F0EA9055866064A254515480BC13" 460 455 and uy = Cstruct.of_hex "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1288B231C3AE0D4FE7344FD2533264720" 461 456 in 462 462 - match Mirage_crypto_ec.P384.Dsa.pub_of_cstruct (Cstruct.concat [ fst ; ux ; uy ]) with 457 457 + match P384.Dsa.pub_of_cstruct (Cstruct.concat [ fst ; ux ; uy ]) with 463 458 | Ok p -> 464 459 let pub_eq = 465 465 - Cstruct.equal 466 466 - (Mirage_crypto_ec.P384.Dsa.pub_to_cstruct pub) 467 467 - (Mirage_crypto_ec.P384.Dsa.pub_to_cstruct p) 460 460 + Cstruct.equal (P384.Dsa.pub_to_cstruct pub) (P384.Dsa.pub_to_cstruct p) 468 461 in 469 462 Alcotest.(check bool __LOC__ true pub_eq) 470 463 | Error _ -> Alcotest.fail "bad public key" ··· 477 470 in 478 471 let k' = 479 472 let module H = (val (Mirage_crypto.Hash.module_of hash)) in 480 480 - let module K = Mirage_crypto_ec.P384.Dsa.K_gen (H) in 473 473 + let module K = P384.Dsa.K_gen (H) in 481 474 K.generate ~key:priv msg 482 475 in 483 476 Alcotest.(check bool __LOC__ true (Cstruct.equal k k')); 484 477 let sig_eq (r', s') = 485 478 Cstruct.equal (Cstruct.of_hex r) r' && Cstruct.equal (Cstruct.of_hex s) s' 486 479 in 487 487 - let sig' = Mirage_crypto_ec.P384.Dsa.sign ~key:priv ~k msg in 480 480 + let sig' = P384.Dsa.sign ~key:priv ~k msg in 488 481 Alcotest.(check bool __LOC__ true (sig_eq sig')) 489 482 in 490 483 let cases = [ ··· 580 573 AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83 581 574 538" 582 575 in 583 583 - Mirage_crypto_ec.P521.Dsa.generate ~rng:(fun _ -> data) 576 576 + P521.Dsa.generate ~rng:(fun _ -> data) 584 577 in 585 578 let pub_rfc () = 586 579 let fst = Cstruct.create 1 in ··· 594 587 8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF 595 588 CF5" 596 589 in 597 597 - match Mirage_crypto_ec.P521.Dsa.pub_of_cstruct (Cstruct.concat [ fst ; ux ; uy ]) with 590 590 + match P521.Dsa.pub_of_cstruct (Cstruct.concat [ fst ; ux ; uy ]) with 598 591 | Ok p -> 599 592 let pub_eq = 600 600 - Cstruct.equal 601 601 - (Mirage_crypto_ec.P521.Dsa.pub_to_cstruct pub) 602 602 - (Mirage_crypto_ec.P521.Dsa.pub_to_cstruct p) 593 593 + Cstruct.equal (P521.Dsa.pub_to_cstruct pub) (P521.Dsa.pub_to_cstruct p) 603 594 in 604 595 Alcotest.(check bool __LOC__ true pub_eq) 605 596 | Error _ -> Alcotest.fail "bad public key" ··· 610 601 in 611 602 let k' = 612 603 let module H = (val (Mirage_crypto.Hash.module_of hash)) in 613 613 - let module K = Mirage_crypto_ec.P521.Dsa.K_gen (H) in 604 604 + let module K = P521.Dsa.K_gen (H) in 614 605 K.generate ~key:priv msg 615 606 in 616 607 Alcotest.(check bool __LOC__ true (Cstruct.equal k k')); 617 608 let sig_eq (r', s') = 618 609 Cstruct.equal (of_h r) r' && Cstruct.equal (of_h s) s' 619 610 in 620 620 - let sig' = Mirage_crypto_ec.P521.Dsa.sign ~key:priv ~k msg in 611 611 + let sig' = P521.Dsa.sign ~key:priv ~k msg in 621 612 Alcotest.(check bool __LOC__ true (sig_eq sig')) 622 613 in 623 614 let _cases = [ ··· 735 726 ] in 736 727 [ ("public key matches", `Quick, pub_rfc) ] 737 728 (* TODO: our deterministic generator for bit_size mod 8 <> 0 is different from RFC 6979 *) 738 738 - (* List.mapi (fun i c -> "RFC 6979 A.2.7 " ^ string_of_int i, `Quick, c) cases *) 729 729 + (* List.mapi (fun i c -> "RFC 6979 A.2.7 " ^ string_of_int i, `Quick, c) cases *) 730 730 + 731 731 + let x25519 () = 732 732 + (* RFC 7748, 6.1 *) 733 733 + let a = Cstruct.of_hex "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a" 734 734 + and apub = Cstruct.of_hex "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" 735 735 + and b = Cstruct.of_hex "5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb" 736 736 + and bpub = Cstruct.of_hex "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f" 737 737 + and shared = Cstruct.of_hex "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742" 738 738 + in 739 739 + let apriv, apub' = X25519.gen_key ~rng:(fun _ -> a) in 740 740 + Alcotest.(check bool __LOC__ true (Cstruct.equal apub apub')); 741 741 + let bpriv, bpub' = X25519.gen_key ~rng:(fun _ -> b) in 742 742 + Alcotest.(check bool __LOC__ true (Cstruct.equal bpub bpub')); 743 743 + (match X25519.key_exchange apriv bpub with 744 744 + | Ok shared' -> 745 745 + Alcotest.(check bool __LOC__ true (Cstruct.equal shared shared')) 746 746 + | Error e -> 747 747 + Alcotest.failf "X25519 key exchange failed %a" pp_error e); 748 748 + (match X25519.key_exchange bpriv apub with 749 749 + | Ok shared' -> 750 750 + Alcotest.(check bool __LOC__ true (Cstruct.equal shared shared')) 751 751 + | Error e -> 752 752 + Alcotest.failf "X25519 key exchange failed %a" pp_error e) 753 753 + 754 754 + let ed25519 = 755 755 + let cs = Alcotest.testable Cstruct.hexdump_pp Cstruct.equal in 756 756 + let test secret public msg signature = 757 757 + Alcotest.( 758 758 + check cs "public key is ok" (Ed25519.pub_to_cstruct public) 759 759 + Ed25519.(pub_to_cstruct (pub_of_priv secret))); 760 760 + Alcotest.(check cs "signature is ok" signature (Ed25519.sign ~key:secret msg)); 761 761 + Alcotest.(check bool "verify is ok" true 762 762 + (Ed25519.verify ~key:public signature ~msg)) 763 763 + in 764 764 + let case i ~secret ~public ~msg ~signature = 765 765 + "RFC 8032 " ^ string_of_int i, `Quick, fun () -> 766 766 + let s = 767 767 + match Ed25519.priv_of_cstruct (Cstruct.of_hex secret) with 768 768 + | Ok p -> 769 769 + Alcotest.(check cs "private key encoding is good" 770 770 + (Cstruct.of_hex secret) (Ed25519.priv_to_cstruct p)); 771 771 + p 772 772 + | Error _ -> Alcotest.fail "failed to decode private key" 773 773 + and p = 774 774 + match Ed25519.pub_of_cstruct (Cstruct.of_hex public) with 775 775 + | Ok p -> 776 776 + Alcotest.(check cs "public key encoding is good" 777 777 + (Cstruct.of_hex public) (Ed25519.pub_to_cstruct p)); 778 778 + p 779 779 + | Error _ -> Alcotest.fail "failed to decode public key" 780 780 + and m = Cstruct.of_hex msg 781 781 + and si = Cstruct.of_hex signature 782 782 + in 783 783 + test s p m si 784 784 + in 785 785 + [ 786 786 + case 1 787 787 + ~secret: 788 788 + "9d61b19deffd5a60ba844af492ec2cc4 4449c5697b326919703bac031cae7f60" 789 789 + ~public: 790 790 + "d75a980182b10ab7d54bfed3c964073a 0ee172f3daa62325af021a68f707511a" 791 791 + ~msg:"" 792 792 + ~signature: 793 793 + {| 794 794 + e5564300c360ac729086e2cc806e828a 795 795 + 84877f1eb8e5d974d873e06522490155 796 796 + 5fb8821590a33bacc61e39701cf9b46b 797 797 + d25bf5f0595bbe24655141438e7a100b 798 798 + |}; 799 799 + case 2 800 800 + ~secret: 801 801 + "4ccd089b28ff96da9db6c346ec114e0f 5b8a319f35aba624da8cf6ed4fb8a6fb" 802 802 + ~public: 803 803 + "3d4017c3e843895a92b70aa74d1b7ebc 9c982ccf2ec4968cc0cd55f12af4660c" 804 804 + ~msg:"72" 805 805 + ~signature: 806 806 + {| 807 807 + 92a009a9f0d4cab8720e820b5f642540 808 808 + a2b27b5416503f8fb3762223ebdb69da 809 809 + 085ac1e43e15996e458f3613d0f11d8c 810 810 + 387b2eaeb4302aeeb00d291612bb0c00 811 811 + |}; 812 812 + case 3 813 813 + ~secret: 814 814 + "c5aa8df43f9f837bedb7442f31dcb7b1 66d38535076f094b85ce3a2e0b4458f7" 815 815 + ~public: 816 816 + "fc51cd8e6218a1a38da47ed00230f058 0816ed13ba3303ac5deb911548908025" 817 817 + ~msg:"af82" 818 818 + ~signature: 819 819 + {| 820 820 + 6291d657deec24024827e69c3abe01a3 821 821 + 0ce548a284743a445e3680d7db5ac3ac 822 822 + 18ff9b538d16f290ae67f760984dc659 823 823 + 4a7c15e9716ed28dc027beceea1ec40a 824 824 + |}; 825 825 + case 4 826 826 + ~secret: 827 827 + "f5e5767cf153319517630f226876b86c 8160cc583bc013744c6bf255f5cc0ee5" 828 828 + ~public: 829 829 + "278117fc144c72340f67d0f2316e8386 ceffbf2b2428c9c51fef7c597f1d426e" 830 830 + ~msg: 831 831 + {| 832 832 + 08b8b2b733424243760fe426a4b54908 833 833 + 632110a66c2f6591eabd3345e3e4eb98 834 834 + fa6e264bf09efe12ee50f8f54e9f77b1 835 835 + e355f6c50544e23fb1433ddf73be84d8 836 836 + 79de7c0046dc4996d9e773f4bc9efe57 837 837 + 38829adb26c81b37c93a1b270b20329d 838 838 + 658675fc6ea534e0810a4432826bf58c 839 839 + 941efb65d57a338bbd2e26640f89ffbc 840 840 + 1a858efcb8550ee3a5e1998bd177e93a 841 841 + 7363c344fe6b199ee5d02e82d522c4fe 842 842 + ba15452f80288a821a579116ec6dad2b 843 843 + 3b310da903401aa62100ab5d1a36553e 844 844 + 06203b33890cc9b832f79ef80560ccb9 845 845 + a39ce767967ed628c6ad573cb116dbef 846 846 + efd75499da96bd68a8a97b928a8bbc10 847 847 + 3b6621fcde2beca1231d206be6cd9ec7 848 848 + aff6f6c94fcd7204ed3455c68c83f4a4 849 849 + 1da4af2b74ef5c53f1d8ac70bdcb7ed1 850 850 + 85ce81bd84359d44254d95629e9855a9 851 851 + 4a7c1958d1f8ada5d0532ed8a5aa3fb2 852 852 + d17ba70eb6248e594e1a2297acbbb39d 853 853 + 502f1a8c6eb6f1ce22b3de1a1f40cc24 854 854 + 554119a831a9aad6079cad88425de6bd 855 855 + e1a9187ebb6092cf67bf2b13fd65f270 856 856 + 88d78b7e883c8759d2c4f5c65adb7553 857 857 + 878ad575f9fad878e80a0c9ba63bcbcc 858 858 + 2732e69485bbc9c90bfbd62481d9089b 859 859 + eccf80cfe2df16a2cf65bd92dd597b07 860 860 + 07e0917af48bbb75fed413d238f5555a 861 861 + 7a569d80c3414a8d0859dc65a46128ba 862 862 + b27af87a71314f318c782b23ebfe808b 863 863 + 82b0ce26401d2e22f04d83d1255dc51a 864 864 + ddd3b75a2b1ae0784504df543af8969b 865 865 + e3ea7082ff7fc9888c144da2af58429e 866 866 + c96031dbcad3dad9af0dcbaaaf268cb8 867 867 + fcffead94f3c7ca495e056a9b47acdb7 868 868 + 51fb73e666c6c655ade8297297d07ad1 869 869 + ba5e43f1bca32301651339e22904cc8c 870 870 + 42f58c30c04aafdb038dda0847dd988d 871 871 + cda6f3bfd15c4b4c4525004aa06eeff8 872 872 + ca61783aacec57fb3d1f92b0fe2fd1a8 873 873 + 5f6724517b65e614ad6808d6f6ee34df 874 874 + f7310fdc82aebfd904b01e1dc54b2927 875 875 + 094b2db68d6f903b68401adebf5a7e08 876 876 + d78ff4ef5d63653a65040cf9bfd4aca7 877 877 + 984a74d37145986780fc0b16ac451649 878 878 + de6188a7dbdf191f64b5fc5e2ab47b57 879 879 + f7f7276cd419c17a3ca8e1b939ae49e4 880 880 + 88acba6b965610b5480109c8b17b80e1 881 881 + b7b750dfc7598d5d5011fd2dcc5600a3 882 882 + 2ef5b52a1ecc820e308aa342721aac09 883 883 + 43bf6686b64b2579376504ccc493d97e 884 884 + 6aed3fb0f9cd71a43dd497f01f17c0e2 885 885 + cb3797aa2a2f256656168e6c496afc5f 886 886 + b93246f6b1116398a346f1a641f3b041 887 887 + e989f7914f90cc2c7fff357876e506b5 888 888 + 0d334ba77c225bc307ba537152f3f161 889 889 + 0e4eafe595f6d9d90d11faa933a15ef1 890 890 + 369546868a7f3a45a96768d40fd9d034 891 891 + 12c091c6315cf4fde7cb68606937380d 892 892 + b2eaaa707b4c4185c32eddcdd306705e 893 893 + 4dc1ffc872eeee475a64dfac86aba41c 894 894 + 0618983f8741c5ef68d3a101e8a3b8ca 895 895 + c60c905c15fc910840b94c00a0b9d0 896 896 + |} 897 897 + ~signature: 898 898 + {| 899 899 + 0aab4c900501b3e24d7cdf4663326a3a 900 900 + 87df5e4843b2cbdb67cbf6e460fec350 901 901 + aa5371b1508f9f4528ecea23c436d94b 902 902 + 5e8fcd4f681e30a6ac00a9704a188a03 903 903 + |}; 904 904 + case 5 905 905 + ~secret: 906 906 + "833fe62409237b9d62ec77587520911e 9a759cec1d19755b7da901b96dca3d42" 907 907 + ~public: 908 908 + "ec172b93ad5e563bf4932c70e1245034 c35467ef2efd4d64ebf819683467e2bf" 909 909 + ~msg: 910 910 + {| 911 911 + ddaf35a193617abacc417349ae204131 912 912 + 12e6fa4e89a97ea20a9eeee64b55d39a 913 913 + 2192992a274fc1a836ba3c23a3feebbd 914 914 + 454d4423643ce80e2a9ac94fa54ca49f 915 915 + |} 916 916 + ~signature: 917 917 + {| 918 918 + dc2a4459e7369633a52b1bf277839a00 919 919 + 201009a3efbf3ecb69bea2186c26b589 920 920 + 09351fc9ac90b3ecfdfbc7c66431e030 921 921 + 3dca179c138ac17ad9bef1177331a704 922 922 + |}; 923 923 + ] 739 924 740 925 let () = 741 926 Mirage_crypto_rng_unix.initialize (); 742 742 - Alcotest.run "P256 EC" 927 927 + Alcotest.run "EC" 743 928 [ 744 744 - ("Key exchange", key_exchange); 745 745 - ("Low level scalar mult", scalar_mult); 746 746 - ("Point validation", point_validation); 747 747 - ("Scalar validation when generating", scalar_validation); 929 929 + ("P256 Key exchange", key_exchange); 930 930 + ("P256 Low level scalar mult", scalar_mult); 931 931 + ("P256 Point validation", point_validation); 932 932 + ("P256 Scalar validation when generating", scalar_validation); 748 933 ("ECDSA NIST", ecdsa); 749 934 ("ECDSA RFC 6979 P224", ecdsa_rfc6979_p224); 750 935 ("ECDSA RFC 6979 P256", ecdsa_rfc6979_p256); 751 936 ("ECDSA RFC 6979 P384", ecdsa_rfc6979_p384); 752 937 ("ECDSA RFC 6979 P521", ecdsa_rfc6979_p521); 938 938 + ("X25519", [ "RFC 7748", `Quick, x25519 ]); 939 939 + ("ED25519", ed25519); 753 940 ]

+106 -11

tests/test_ec_wycheproof.ml

reviewed

··· 1 1 open Wycheproof 2 2 3 3 + open Mirage_crypto_ec 4 4 + 3 5 let hex = Alcotest.testable Wycheproof.pp_hex Wycheproof.equal_hex 4 6 5 7 let parse_asn1 curve s = ··· 68 70 } 69 71 70 72 let perform_key_exchange curve ~public_key ~raw_private_key = 71 71 - let open Mirage_crypto_ec in 72 73 let rng _ = raw_private_key in 73 74 to_string_result ~pp_error 74 75 (match curve with ··· 156 157 Ok (Mirage_crypto_pk.Z_extra.to_cstruct_be ~size r, 157 158 Mirage_crypto_pk.Z_extra.to_cstruct_be ~size s) 158 159 159 159 - let make_ecdsa_test curve key hash (tst : ecdsa_test) = 160 160 + let make_ecdsa_test curve key hash (tst : dsa_test) = 160 161 let name = Printf.sprintf "%d - %s" tst.tcId tst.comment in 161 162 let size = len curve in 162 163 let msg = ··· 166 167 let verified (r,s) = 167 168 match curve with 168 169 | "secp224r1" -> 169 169 - begin match Mirage_crypto_ec.P224.Dsa.pub_of_cstruct key with 170 170 - | Ok key -> Mirage_crypto_ec.P224.Dsa.verify ~key (r, s) msg 170 170 + begin match P224.Dsa.pub_of_cstruct key with 171 171 + | Ok key -> P224.Dsa.verify ~key (r, s) msg 171 172 | Error _ -> assert false 172 173 end 173 174 | "secp256r1" -> 174 174 - begin match Mirage_crypto_ec.P256.Dsa.pub_of_cstruct key with 175 175 - | Ok key -> Mirage_crypto_ec.P256.Dsa.verify ~key (r, s) msg 175 175 + begin match P256.Dsa.pub_of_cstruct key with 176 176 + | Ok key -> P256.Dsa.verify ~key (r, s) msg 176 177 | Error _ -> assert false 177 178 end 178 179 | "secp384r1" -> 179 179 - begin match Mirage_crypto_ec.P384.Dsa.pub_of_cstruct key with 180 180 - | Ok key -> Mirage_crypto_ec.P384.Dsa.verify ~key (r, s) msg 180 180 + begin match P384.Dsa.pub_of_cstruct key with 181 181 + | Ok key -> P384.Dsa.verify ~key (r, s) msg 181 182 | Error _ -> assert false 182 183 end 183 184 | "secp521r1" -> 184 184 - begin match Mirage_crypto_ec.P521.Dsa.pub_of_cstruct key with 185 185 - | Ok key -> Mirage_crypto_ec.P521.Dsa.verify ~key (r, s) msg 185 185 + begin match P521.Dsa.pub_of_cstruct key with 186 186 + | Ok key -> P521.Dsa.verify ~key (r, s) msg 186 187 | Error _ -> assert false 187 188 end 188 189 | _ -> assert false ··· 221 222 in 222 223 concat_map to_ecdsa_tests groups 223 224 225 225 + let to_x25519_test (x : ecdh_test) = 226 226 + let name = Printf.sprintf "%d - %s" x.tcId x.comment in 227 227 + let pub = Hex.(to_cstruct (of_string x.public)) 228 228 + and priv = 229 229 + fst (X25519.gen_key ~rng:(fun _ -> Hex.(to_cstruct (of_string x.private_)))) 230 230 + and shared = Hex.(to_cstruct (of_string x.shared)) 231 231 + in 232 232 + match x.result with 233 233 + | Acceptable -> 234 234 + let f () = 235 235 + match 236 236 + X25519.key_exchange priv pub, 237 237 + has_ignored_flag x ~ignored_flags:[ "LowOrderPublic" ] 238 238 + with 239 239 + | Ok _, true -> Alcotest.fail "acceptable should have errored" 240 240 + | Ok r, false -> 241 241 + Alcotest.(check bool __LOC__ true (Cstruct.equal r shared)) 242 242 + | Error _, true -> () 243 243 + | Error e, false -> 244 244 + Alcotest.failf "acceptable errored %a" pp_error e 245 245 + in 246 246 + name, `Quick, f 247 247 + | Invalid -> 248 248 + let f () = 249 249 + match X25519.key_exchange priv pub with 250 250 + | Ok r -> 251 251 + Alcotest.(check bool __LOC__ false (Cstruct.equal r shared)) 252 252 + | Error e -> 253 253 + Alcotest.failf "invalid errored %a" pp_error e 254 254 + in 255 255 + name, `Quick, f 256 256 + | Valid -> 257 257 + let f () = 258 258 + match X25519.key_exchange priv pub with 259 259 + | Ok r -> 260 260 + Alcotest.(check bool __LOC__ true (Cstruct.equal r shared)) 261 261 + | Error e -> 262 262 + Alcotest.failf "valid errored %a" pp_error e 263 263 + in 264 264 + name, `Quick, f 265 265 + 266 266 + let x25519_tests = 267 267 + let data = load_file_exn "x25519_test.json" in 268 268 + let groups : ecdh_test_group list = 269 269 + List.map ecdh_test_group_exn data.testGroups 270 270 + in 271 271 + concat_map (fun (group : ecdh_test_group) -> 272 272 + List.map to_x25519_test group.tests) 273 273 + groups 274 274 + 275 275 + let to_ed25519_test (priv, pub) (x : dsa_test) = 276 276 + let name = Printf.sprintf "%d - %s" x.tcId x.comment in 277 277 + let msg = Hex.(to_cstruct (of_string x.msg)) 278 278 + and sig_cs = Hex.(to_cstruct (of_string x.sig_)) 279 279 + in 280 280 + match x.result with 281 281 + | Invalid -> 282 282 + let f () = 283 283 + Alcotest.(check bool __LOC__ false (Ed25519.verify ~key:pub sig_cs ~msg)); 284 284 + let s = Ed25519.sign ~key:priv msg in 285 285 + Alcotest.(check bool __LOC__ false (Cstruct.equal s sig_cs)) 286 286 + in 287 287 + name, `Quick, f 288 288 + | Valid -> 289 289 + let f () = 290 290 + Alcotest.(check bool __LOC__ true (Ed25519.verify ~key:pub sig_cs ~msg)); 291 291 + let s = Ed25519.sign ~key:priv msg in 292 292 + Alcotest.(check bool __LOC__ true (Cstruct.equal s sig_cs)) 293 293 + in 294 294 + name, `Quick, f 295 295 + | Acceptable -> assert false 296 296 + 297 297 + let to_ed25519_keys (key : eddsa_key) = 298 298 + let priv_cs = Hex.(to_cstruct (of_string key.sk)) 299 299 + and pub_cs = Hex.(to_cstruct (of_string key.pk)) 300 300 + in 301 301 + match Ed25519.priv_of_cstruct priv_cs, Ed25519.pub_of_cstruct pub_cs with 302 302 + | Ok priv, Ok pub -> 303 303 + assert (Cstruct.equal Ed25519.(pub_to_cstruct (pub_of_priv priv)) pub_cs); 304 304 + priv, pub 305 305 + | _ -> assert false 306 306 + 307 307 + let ed25519_tests = 308 308 + let data = load_file_exn "eddsa_test.json" in 309 309 + let groups : eddsa_test_group list = 310 310 + List.map eddsa_test_group_exn data.testGroups 311 311 + in 312 312 + concat_map (fun (group : eddsa_test_group) -> 313 313 + let keys = to_ed25519_keys group.key in 314 314 + List.map (to_ed25519_test keys) group.tests) 315 315 + groups 316 316 + 224 317 let () = 225 318 Alcotest.run "Wycheproof NIST curves" [ 226 319 ("ECDH P224 test vectors", ecdh_tests "ecdh_secp224r1_test.json") ; ··· 234 327 ("ECDSA P384 test vectors (SHA384)", ecdsa_tests "ecdsa_secp384r1_sha384_test.json") ; 235 328 ("ECDSA P384 test vectors (SHA512)", ecdsa_tests "ecdsa_secp384r1_sha512_test.json") ; 236 329 ("ECDH P521 test vectors", ecdh_tests "ecdh_secp521r1_test.json") ; 237 237 - ("ECDSA P521 test vectors (SHA512)", ecdsa_tests "ecdsa_secp521r1_sha512_test.json") 330 330 + ("ECDSA P521 test vectors (SHA512)", ecdsa_tests "ecdsa_secp521r1_sha512_test.json") ; 331 331 + ("X25519 test vectors", x25519_tests) ; 332 332 + ("ED25519 test vectors", ed25519_tests) ; 238 333 ]

+23 -2

tests/wycheproof/wycheproof.ml

reviewed

··· 57 57 } 58 58 [@@deriving of_yojson, show] 59 59 60 60 - type ecdsa_test = { 60 60 + type dsa_test = { 61 61 tcId : int; 62 62 comment : string; 63 63 msg : hex; ··· 72 72 keyDer : string; 73 73 keyPem : string; 74 74 sha : string; 75 75 - tests : ecdsa_test list; 75 75 + tests : dsa_test list; 76 76 type_ : json option; [@yojson.default None] [@yojson.key "type"] 77 77 } 78 78 [@@deriving of_yojson, show] 79 79 80 80 + type eddsa_key = { 81 81 + curve : string; 82 82 + keySize : int; 83 83 + pk : hex; 84 84 + sk : hex; 85 85 + type_ : json; [@yojson.key "type"] 86 86 + } 87 87 + [@@deriving of_yojson, show] 88 88 + 89 89 + type eddsa_test_group = { 90 90 + jwk : json; 91 91 + key : eddsa_key; 92 92 + keyDer : string; 93 93 + keyPem : string; 94 94 + type_ : json; [@yojson.key "type"] 95 95 + tests : dsa_test list; 96 96 + } 97 97 + [@@deriving of_yojson, show] 98 98 + 80 99 type test_file = { 81 100 algorithm : json; 82 101 generatorVersion : json; ··· 96 115 let ecdh_test_group_exn json = [%of_yojson: ecdh_test_group] json |> get_json 97 116 98 117 let ecdsa_test_group_exn json = [%of_yojson: ecdsa_test_group] json |> get_json 118 118 + 119 119 + let eddsa_test_group_exn json = [%of_yojson: eddsa_test_group] json |> get_json

+23 -2

tests/wycheproof/wycheproof.mli

reviewed

··· 38 38 } 39 39 [@@deriving show] 40 40 41 41 - type ecdsa_test = { 41 41 + type dsa_test = { 42 42 tcId : int; 43 43 comment : string; 44 44 msg : hex; ··· 53 53 keyDer : string; 54 54 keyPem : string; 55 55 sha : string; 56 56 - tests : ecdsa_test list; 56 56 + tests : dsa_test list; 57 57 type_ : json option; 58 58 } 59 59 [@@deriving show] 60 60 61 61 + type eddsa_key = { 62 62 + curve : string; 63 63 + keySize : int; 64 64 + pk : hex; 65 65 + sk : hex; 66 66 + type_ : json; [@yojson.key "type"] 67 67 + } 68 68 + [@@deriving of_yojson, show] 69 69 + 70 70 + type eddsa_test_group = { 71 71 + jwk : json; 72 72 + key : eddsa_key; 73 73 + keyDer : string; 74 74 + keyPem : string; 75 75 + type_ : json; [@yojson.key "type"] 76 76 + tests : dsa_test list; 77 77 + } 78 78 + [@@deriving of_yojson, show] 79 79 + 61 80 type test_file = { 62 81 algorithm : json; 63 82 generatorVersion : json; ··· 74 93 val ecdh_test_group_exn : json -> ecdh_test_group 75 94 76 95 val ecdsa_test_group_exn : json -> ecdsa_test_group 96 96 + 97 97 + val eddsa_test_group_exn : json -> eddsa_test_group

+5248

tests/x25519_test.json

reviewed

··· 1 1 + { 2 2 + "algorithm" : "XDH", 3 3 + "generatorVersion" : "0.8r12", 4 4 + "numberOfTests" : 518, 5 5 + "header" : [ 6 6 + "Test vectors of type XdhComp are intended for tests that verify the", 7 7 + "computation of and Xdh key exchange." 8 8 + ], 9 9 + "notes" : { 10 10 + "LowOrderPublic" : "The curves and its twists contain some points of low order. This test vector contains a public key with such a point. While many libraries reject such public keys, doing so is not a strict requirement according to RFC 7748.", 11 11 + "NonCanonicalPublic" : "The public key is in non-canonical form. RFC 7749, section 5 defines the value that this public key represents. Section 7 of the same RFC recommends accepting such keys. If a non-canonical key is accepted then it must follow the RFC.", 12 12 + "SmallPublicKey" : "The public key is insecure and does not belong to a valid private key. Some libraries reject such keys.", 13 13 + "Twist" : "Public keys are either points on a given curve or points on its twist. The functions X25519 and X448 are defined for points on a twist with the goal that the output of computations do not leak private keys. Implementations may accept or reject points on a twist. If a point multiplication is performed then it is important that the result is correct, since otherwise attacks with invalid keys are possible.", 14 14 + "ZeroSharedSecret" : "Some libraries include a check that the shared secret is not all-zero. This check is described in Section 6.1 of RFC 7748. " 15 15 + }, 16 16 + "schema" : "xdh_comp_schema.json", 17 17 + "testGroups" : [ 18 18 + { 19 19 + "curve" : "curve25519", 20 20 + "type" : "XdhComp", 21 21 + "tests" : [ 22 22 + { 23 23 + "tcId" : 1, 24 24 + "comment" : "normal case", 25 25 + "public" : "504a36999f489cd2fdbc08baff3d88fa00569ba986cba22548ffde80f9806829", 26 26 + "private" : "c8a9d5a91091ad851c668b0736c1c9a02936c0d3ad62670858088047ba057475", 27 27 + "shared" : "436a2c040cf45fea9b29a0cb81b1f41458f863d0d61b453d0a982720d6d61320", 28 28 + "result" : "valid", 29 29 + "flags" : [] 30 30 + }, 31 31 + { 32 32 + "tcId" : 2, 33 33 + "comment" : "public key on twist", 34 34 + "public" : "63aa40c6e38346c5caf23a6df0a5e6c80889a08647e551b3563449befcfc9733", 35 35 + "private" : "d85d8c061a50804ac488ad774ac716c3f5ba714b2712e048491379a500211958", 36 36 + "shared" : "279df67a7c4611db4708a0e8282b195e5ac0ed6f4b2f292c6fbd0acac30d1332", 37 37 + "result" : "acceptable", 38 38 + "flags" : [ 39 39 + "Twist" 40 40 + ] 41 41 + }, 42 42 + { 43 43 + "tcId" : 3, 44 44 + "comment" : "public key on twist", 45 45 + "public" : "0f83c36fded9d32fadf4efa3ae93a90bb5cfa66893bc412c43fa7287dbb99779", 46 46 + "private" : "c8b45bfd32e55325d9fd648cb302848039000b390e44d521e58aab3b29a6964b", 47 47 + "shared" : "4bc7e01e7d83d6cf67632bf90033487a5fc29eba5328890ea7b1026d23b9a45f", 48 48 + "result" : "acceptable", 49 49 + "flags" : [ 50 50 + "Twist" 51 51 + ] 52 52 + }, 53 53 + { 54 54 + "tcId" : 4, 55 55 + "comment" : "public key on twist", 56 56 + "public" : "0b8211a2b6049097f6871c6c052d3c5fc1ba17da9e32ae458403b05bb283092a", 57 57 + "private" : "f876e34bcbe1f47fbc0fddfd7c1e1aa53d57bfe0f66d243067b424bb6210be51", 58 58 + "shared" : "119d37ed4b109cbd6418b1f28dea83c836c844715cdf98a3a8c362191debd514", 59 59 + "result" : "acceptable", 60 60 + "flags" : [ 61 61 + "Twist" 62 62 + ] 63 63 + }, 64 64 + { 65 65 + "tcId" : 5, 66 66 + "comment" : "public key on twist", 67 67 + "public" : "343ac20a3b9c6a27b1008176509ad30735856ec1c8d8fcae13912d08d152f46c", 68 68 + "private" : "006ac1f3a653a4cdb1d37bba94738f8b957a57beb24d646e994dc29a276aad45", 69 69 + "shared" : "cc4873aed3fcee4b3aaea7f0d20716b4276359081f634b7bea4b705bfc8a4d3e", 70 70 + "result" : "acceptable", 71 71 + "flags" : [ 72 72 + "Twist" 73 73 + ] 74 74 + }, 75 75 + { 76 76 + "tcId" : 6, 77 77 + "comment" : "public key on twist", 78 78 + "public" : "fa695fc7be8d1be5bf704898f388c452bafdd3b8eae805f8681a8d15c2d4e142", 79 79 + "private" : "08da77b26d06dff9d9f7fd4c5b3769f8cdd5b30516a5ab806be324ff3eb69e60", 80 80 + "shared" : "b6f8e2fcb1affc79e2ff798319b2701139b95ad6dd07f05cbac78bd83edfd92e", 81 81 + "result" : "acceptable", 82 82 + "flags" : [ 83 83 + "Twist" 84 84 + ] 85 85 + }, 86 86 + { 87 87 + "tcId" : 7, 88 88 + "comment" : "public key on twist", 89 89 + "public" : "0200000000000000000000000000000000000000000000000000000000000000", 90 90 + "private" : "d03edde9f3e7b799045f9ac3793d4a9277dadeadc41bec0290f81f744f73775f", 91 91 + "shared" : "b87a1722cc6c1e2feecb54e97abd5a22acc27616f78f6e315fd2b73d9f221e57", 92 92 + "result" : "acceptable", 93 93 + "flags" : [ 94 94 + "Twist" 95 95 + ] 96 96 + }, 97 97 + { 98 98 + "tcId" : 8, 99 99 + "comment" : "public key on twist", 100 100 + "public" : "0300000000000000000000000000000000000000000000000000000000000000", 101 101 + "private" : "e09d57a914e3c29036fd9a442ba526b5cdcdf28216153e636c10677acab6bd6a", 102 102 + "shared" : "a29d8dad28d590cd3017aa97a4761f851bf1d3672b042a4256a45881e2ad9035", 103 103 + "result" : "acceptable", 104 104 + "flags" : [ 105 105 + "Twist" 106 106 + ] 107 107 + }, 108 108 + { 109 109 + "tcId" : 9, 110 110 + "comment" : "public key on twist", 111 111 + "public" : "ff00000000000000000000000000000000000000000000000000000000000000", 112 112 + "private" : "e0ed78e6ee02f08bec1c15d66fbbe5b83ffc37ea14e1512cc1bd4b2ea6d8066f", 113 113 + "shared" : "e703bc8aa94b7d87ba34e2678353d12cdaaa1a97b5ca3e1b8c060c4636087f07", 114 114 + "result" : "acceptable", 115 115 + "flags" : [ 116 116 + "Twist" 117 117 + ] 118 118 + }, 119 119 + { 120 120 + "tcId" : 10, 121 121 + "comment" : "public key on twist", 122 122 + "public" : "ffff000000000000000000000000000000000000000000000000000000000000", 123 123 + "private" : "a8a1a2ec9fa9915ae7aace6a37c68591d39e15995c4ef5ebd3561c02f72dda41", 124 124 + "shared" : "ff5cf041e924dbe1a64ac9bdba96bdcdfaf7d59d91c7e33e76ed0e4c8c836446", 125 125 + "result" : "acceptable", 126 126 + "flags" : [ 127 127 + "Twist" 128 128 + ] 129 129 + }, 130 130 + { 131 131 + "tcId" : 11, 132 132 + "comment" : "public key on twist", 133 133 + "public" : "0000010000000000000000000000000000000000000000000000000000000000", 134 134 + "private" : "a8c9df5820eb399d471dfa3215d96055b3c7d0f4ea49f8ab028d6a6e3194517b", 135 135 + "shared" : "a92a96fa029960f9530e6fe37e2429cd113be4d8f3f4431f8546e6c76351475d", 136 136 + "result" : "acceptable", 137 137 + "flags" : [ 138 138 + "Twist" 139 139 + ] 140 140 + }, 141 141 + { 142 142 + "tcId" : 12, 143 143 + "comment" : "public key on twist", 144 144 + "public" : "ffffff0f00000000000000000000000000000000000000000000000000000000", 145 145 + "private" : "d0d31c491cbd39271859b4a63a316826507b1db8c701709fd0ffe3eb21c4467c", 146 146 + "shared" : "9f8954868158ec62b6b586b8cae1d67d1b9f4c03d5b3ca0393cee71accc9ab65", 147 147 + "result" : "acceptable", 148 148 + "flags" : [ 149 149 + "Twist" 150 150 + ] 151 151 + }, 152 152 + { 153 153 + "tcId" : 13, 154 154 + "comment" : "public key on twist", 155 155 + "public" : "ffffffff00000000000000000000000000000000000000000000000000000000", 156 156 + "private" : "d053e7bf1902619cd61c9c739e09d54c4147f46d190720966f7de1d9cffbbd4e", 157 157 + "shared" : "6cbf1dc9af97bc148513a18be4a257de1a3b065584df94e8b43c1ab89720b110", 158 158 + "result" : "acceptable", 159 159 + "flags" : [ 160 160 + "Twist" 161 161 + ] 162 162 + }, 163 163 + { 164 164 + "tcId" : 14, 165 165 + "comment" : "public key on twist", 166 166 + "public" : "0000000000001000000000000000000000000000000000000000000000000000", 167 167 + "private" : "a021d75009a4596e5a33f12921c10f3670933bc80dde3bba22881b6120582144", 168 168 + "shared" : "38284b7086095a9406028c1f800c071ea106039ad7a1d7f82fe00906fd90594b", 169 169 + "result" : "acceptable", 170 170 + "flags" : [ 171 171 + "Twist" 172 172 + ] 173 173 + }, 174 174 + { 175 175 + "tcId" : 15, 176 176 + "comment" : "public key on twist", 177 177 + "public" : "0000000000000001000000000000000000000000000000000000000000000000", 178 178 + "private" : "a89c6687f99bd569a01fd8bd438236160d15ce2c57c1d71ebaa3f2da88233863", 179 179 + "shared" : "c721041df0244071794a8db06b9f7eaeec690c257265343666f4416f4166840f", 180 180 + "result" : "acceptable", 181 181 + "flags" : [ 182 182 + "Twist" 183 183 + ] 184 184 + }, 185 185 + { 186 186 + "tcId" : 16, 187 187 + "comment" : "public key on twist", 188 188 + "public" : "ffffffffffffffff000000000000000000000000000000000000000000000000", 189 189 + "private" : "68964bca51465bf0f5ba524b1482ceff0e960a1ed9f48dcc30f1608d0e501a50", 190 190 + "shared" : "25ff9a6631b143dbdbdc207b38e38f832ae079a52a618c534322e77345fd9049", 191 191 + "result" : "acceptable", 192 192 + "flags" : [ 193 193 + "Twist" 194 194 + ] 195 195 + }, 196 196 + { 197 197 + "tcId" : 17, 198 198 + "comment" : "public key on twist", 199 199 + "public" : "0000000000000000000000000000000000000000000000000100000000000000", 200 200 + "private" : "a8e56bb13a9f2b33b8e6750b4a6e6621dc26ae8c5c624a0992c8f0d5b910f170", 201 201 + "shared" : "f294e7922c6cea587aefe72911630d50f2456a2ba7f21207d57f1ecce04f6213", 202 202 + "result" : "acceptable", 203 203 + "flags" : [ 204 204 + "Twist" 205 205 + ] 206 206 + }, 207 207 + { 208 208 + "tcId" : 18, 209 209 + "comment" : "public key on twist", 210 210 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000", 211 211 + "private" : "e045f55c159451e97814d747050fd7769bd478434a01876a56e553f66384a74c", 212 212 + "shared" : "ff4715bd8cf847b77c244ce2d9b008b19efaa8e845feb85ce4889b5b2c6a4b4d", 213 213 + "result" : "acceptable", 214 214 + "flags" : [ 215 215 + "Twist" 216 216 + ] 217 217 + }, 218 218 + { 219 219 + "tcId" : 19, 220 220 + "comment" : "public key on twist", 221 221 + "public" : "ffffff030000f8ffff1f0000c0ffffff000000feffff070000f0ffff3f000000", 222 222 + "private" : "105d621e1ef339c3d99245cfb77cd3a5bd0c4427a0e4d8752c3b51f045889b4f", 223 223 + "shared" : "61eace52da5f5ecefafa4f199b077ff64f2e3d2a6ece6f8ec0497826b212ef5f", 224 224 + "result" : "acceptable", 225 225 + "flags" : [ 226 226 + "Twist" 227 227 + ] 228 228 + }, 229 229 + { 230 230 + "tcId" : 20, 231 231 + "comment" : "public key on twist", 232 232 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f0000", 233 233 + "private" : "d88a441e706f606ae7f630f8b21f3c2554739e3e549f804118c03771f608017b", 234 234 + "shared" : "ff1b509a0a1a54726086f1e1c0acf040ab463a2a542e5d54e92c6df8126cf636", 235 235 + "result" : "acceptable", 236 236 + "flags" : [ 237 237 + "Twist" 238 238 + ] 239 239 + }, 240 240 + { 241 241 + "tcId" : 21, 242 242 + "comment" : "public key on twist", 243 243 + "public" : "0000000000000000000000000000000000000000000000000000000000800000", 244 244 + "private" : "80bbad168222276200aafd36f7f25fdc025632d8bf9f6354bb762e06fb63e250", 245 245 + "shared" : "f134e6267bf93903085117b99932cc0c7ba26f25fca12102a26d7533d9c4272a", 246 246 + "result" : "acceptable", 247 247 + "flags" : [ 248 248 + "Twist" 249 249 + ] 250 250 + }, 251 251 + { 252 252 + "tcId" : 22, 253 253 + "comment" : "public key on twist", 254 254 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1f", 255 255 + "private" : "68e134092e94e622c8a0cd18aff55be23dabd994ebdee982d90601f6f0f4b369", 256 256 + "shared" : "74bfc15e5597e9f5193f941e10a5c008fc89f051392723886a4a8fe5093a7354", 257 257 + "result" : "acceptable", 258 258 + "flags" : [ 259 259 + "Twist" 260 260 + ] 261 261 + }, 262 262 + { 263 263 + "tcId" : 23, 264 264 + "comment" : "public key on twist", 265 265 + "public" : "0000000000000000000000000000000000000000000000000000000000000020", 266 266 + "private" : "e8e43fc1ebac0bbc9b99c8035ee1ac59b90f19a16c42c0b90f96adfcc5fdee78", 267 267 + "shared" : "0d41a5b3af770bf2fcd34ff7972243a0e2cf4d34f2046a144581ae1ec68df03b", 268 268 + "result" : "acceptable", 269 269 + "flags" : [ 270 270 + "Twist" 271 271 + ] 272 272 + }, 273 273 + { 274 274 + "tcId" : 24, 275 275 + "comment" : "public key on twist", 276 276 + "public" : "000000fcffff070000e0ffff3f000000ffffff010000f8ffff0f0000c0ffff7f", 277 277 + "private" : "18bffb16f92680a9e267473e43c464476d5372ddd1f664f3d0678efe7c98bc79", 278 278 + "shared" : "5894e0963583ae14a0b80420894167f4b759c8d2eb9b69cb675543f66510f646", 279 279 + "result" : "acceptable", 280 280 + "flags" : [ 281 281 + "Twist" 282 282 + ] 283 283 + }, 284 284 + { 285 285 + "tcId" : 25, 286 286 + "comment" : "public key on twist", 287 287 + "public" : "ffffffffffffff00000000000000ffffffffffffff00000000000000ffffff7f", 288 288 + "private" : "300305eb002bf86c71fe9c0b311993727b9dc618d0ce7251d0dfd8552d17905d", 289 289 + "shared" : "f8624d6e35e6c548ac47832f2e5d151a8e53b9290363b28d2ab8d84ab7cb6a72", 290 290 + "result" : "acceptable", 291 291 + "flags" : [ 292 292 + "Twist" 293 293 + ] 294 294 + }, 295 295 + { 296 296 + "tcId" : 26, 297 297 + "comment" : "public key on twist", 298 298 + "public" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffff7f", 299 299 + "private" : "80da9f02842247d4ade5ddbac51dbce55ea7dca2844e7f97ab8987ce7fd8bc71", 300 300 + "shared" : "bfe183ba3d4157a7b53ef178613db619e27800f85359c0b39a9fd6e32152c208", 301 301 + "result" : "acceptable", 302 302 + "flags" : [ 303 303 + "Twist" 304 304 + ] 305 305 + }, 306 306 + { 307 307 + "tcId" : 27, 308 308 + "comment" : "public key on twist", 309 309 + "public" : "edfffffffffffffffffffffffffffeffffffffffffffffffffffffffffffff7f", 310 310 + "private" : "806e7f26ca3246de8182946cbed09f52b95da626c823c7b50450001a47b7b252", 311 311 + "shared" : "bca4a0724f5c1feb184078448c898c8620e7caf81f64cca746f557dff2498859", 312 312 + "result" : "acceptable", 313 313 + "flags" : [ 314 314 + "Twist" 315 315 + ] 316 316 + }, 317 317 + { 318 318 + "tcId" : 28, 319 319 + "comment" : "public key on twist", 320 320 + "public" : "edfffffffffffffeffffffffffffffffffffffffffffffffffffffffffffff7f", 321 321 + "private" : "58354fd64bc022cba3a71b2ae64281e4ea7bf6d65fdbaead1440eeb18604fe62", 322 322 + "shared" : "b3418a52464c15ab0cacbbd43887a1199206d59229ced49202300638d7a40f04", 323 323 + "result" : "acceptable", 324 324 + "flags" : [ 325 325 + "Twist" 326 326 + ] 327 327 + }, 328 328 + { 329 329 + "tcId" : 29, 330 330 + "comment" : "public key on twist", 331 331 + "public" : "edffffffffffefffffffffffffffffffffffffffffffffffffffffffffffff7f", 332 332 + "private" : "f0019cf05159794cc8052b00c2e75b7f46fb6693c4b38c02b12a4fe272e8556a", 333 333 + "shared" : "fcde6e0a3d5fd5b63f10c2d3aad4efa05196f26bc0cb26fd6d9d3bd015eaa74f", 334 334 + "result" : "acceptable", 335 335 + "flags" : [ 336 336 + "Twist" 337 337 + ] 338 338 + }, 339 339 + { 340 340 + "tcId" : 30, 341 341 + "comment" : "public key on twist", 342 342 + "public" : "edfeffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 343 343 + "private" : "d0fca64cc5f3a0c8e75c824e8b09d1615aa79aeba139bb7302e2bb2fcbe54b40", 344 344 + "shared" : "7d62f189444c6231a48afab10a0af2eee4a52e431ea05ff781d616af2114672f", 345 345 + "result" : "acceptable", 346 346 + "flags" : [ 347 347 + "Twist" 348 348 + ] 349 349 + }, 350 350 + { 351 351 + "tcId" : 31, 352 352 + "comment" : "public key on twist", 353 353 + "public" : "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 354 354 + "private" : "d02456e456911d3c6cd054933199807732dfdc958642ad1aebe900c793bef24a", 355 355 + "shared" : "07ba5fcbda21a9a17845c401492b10e6de0a168d5c94b606694c11bac39bea41", 356 356 + "result" : "acceptable", 357 357 + "flags" : [ 358 358 + "Twist" 359 359 + ] 360 360 + }, 361 361 + { 362 362 + "tcId" : 32, 363 363 + "comment" : "public key = 0", 364 364 + "public" : "0000000000000000000000000000000000000000000000000000000000000000", 365 365 + "private" : "88227494038f2bb811d47805bcdf04a2ac585ada7f2f23389bfd4658f9ddd45e", 366 366 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 367 367 + "result" : "acceptable", 368 368 + "flags" : [ 369 369 + "SmallPublicKey", 370 370 + "LowOrderPublic", 371 371 + "ZeroSharedSecret" 372 372 + ] 373 373 + }, 374 374 + { 375 375 + "tcId" : 33, 376 376 + "comment" : "public key = 1", 377 377 + "public" : "0100000000000000000000000000000000000000000000000000000000000000", 378 378 + "private" : "48232e8972b61c7e61930eb9450b5070eae1c670475685541f0476217e48184f", 379 379 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 380 380 + "result" : "acceptable", 381 381 + "flags" : [ 382 382 + "SmallPublicKey", 383 383 + "LowOrderPublic", 384 384 + "ZeroSharedSecret" 385 385 + ] 386 386 + }, 387 387 + { 388 388 + "tcId" : 34, 389 389 + "comment" : "edge case public key", 390 390 + "public" : "0400000000000000000000000000000000000000000000000000000000000000", 391 391 + "private" : "a8386f7f16c50731d64f82e6a170b142a4e34f31fd7768fcb8902925e7d1e25a", 392 392 + "shared" : "34b7e4fa53264420d9f943d15513902342b386b172a0b0b7c8b8f2dd3d669f59", 393 393 + "result" : "valid", 394 394 + "flags" : [] 395 395 + }, 396 396 + { 397 397 + "tcId" : 35, 398 398 + "comment" : "edge case public key", 399 399 + "public" : "0001000000000000000000000000000000000000000000000000000000000000", 400 400 + "private" : "d05abd08bf5e62538cb9a5ed105dbedd6de38d07940085072b4311c2678ed77d", 401 401 + "shared" : "3aa227a30781ed746bd4b3365e5f61461b844d09410c70570abd0d75574dfc77", 402 402 + "result" : "valid", 403 403 + "flags" : [] 404 404 + }, 405 405 + { 406 406 + "tcId" : 36, 407 407 + "comment" : "edge case public key", 408 408 + "public" : "0000001000000000000000000000000000000000000000000000000000000000", 409 409 + "private" : "f0b8b0998c8394364d7dcb25a3885e571374f91615275440db0645ee7c0a6f6b", 410 410 + "shared" : "97755e7e775789184e176847ffbc2f8ef98799d46a709c6a1c0ffd29081d7039", 411 411 + "result" : "valid", 412 412 + "flags" : [] 413 413 + }, 414 414 + { 415 415 + "tcId" : 37, 416 416 + "comment" : "edge case public key", 417 417 + "public" : "0000000001000000000000000000000000000000000000000000000000000000", 418 418 + "private" : "d00c35dc17460f360bfae7b94647bc4e9a7ad9ce82abeadb50a2f1a0736e2175", 419 419 + "shared" : "c212bfceb91f8588d46cd94684c2c9ee0734087796dc0a9f3404ff534012123d", 420 420 + "result" : "valid", 421 421 + "flags" : [] 422 422 + }, 423 423 + { 424 424 + "tcId" : 38, 425 425 + "comment" : "edge case public key", 426 426 + "public" : "ffffffffffff0f00000000000000000000000000000000000000000000000000", 427 427 + "private" : "385fc8058900a85021dd92425d2fb39a62d4e23aef1d5104c4c2d88712d39e4d", 428 428 + "shared" : "388faffb4a85d06702ba3e479c6b216a8f33efce0542979bf129d860f93b9f02", 429 429 + "result" : "valid", 430 430 + "flags" : [] 431 431 + }, 432 432 + { 433 433 + "tcId" : 39, 434 434 + "comment" : "edge case public key", 435 435 + "public" : "ffffffffffffff00000000000000000000000000000000000000000000000000", 436 436 + "private" : "e0614b0c408af24d9d24c0a72f9137fbd6b16f02ccc94797ea3971ab16073a7f", 437 437 + "shared" : "877fec0669d8c1a5c866641420eea9f6bd1dfd38d36a5d55a8c0ab2bf3105c68", 438 438 + "result" : "valid", 439 439 + "flags" : [] 440 440 + }, 441 441 + { 442 442 + "tcId" : 40, 443 443 + "comment" : "edge case public key", 444 444 + "public" : "0000000000000000010000000000000000000000000000000000000000000000", 445 445 + "private" : "f004b8fd05d9fffd853cdc6d2266389b737e8dfc296ad00b5a69b2a9dcf72956", 446 446 + "shared" : "180373ea0f23ea73447e5a90398a97d490b541c69320719d7dd733fb80d5480f", 447 447 + "result" : "valid", 448 448 + "flags" : [] 449 449 + }, 450 450 + { 451 451 + "tcId" : 41, 452 452 + "comment" : "edge case public key", 453 453 + "public" : "ffffffffffffffffffffffffffff000000000000000000000000000000000000", 454 454 + "private" : "e80bf0e609bf3b035b552f9db7e9ecbc44a04b7910b1493661a524f46c3c2277", 455 455 + "shared" : "208142350af938aba52a156dce19d3c27ab1628729683cf4ef2667c3dc60cf38", 456 456 + "result" : "valid", 457 457 + "flags" : [] 458 458 + }, 459 459 + { 460 460 + "tcId" : 42, 461 461 + "comment" : "edge case public key", 462 462 + "public" : "0000000000000000000000000000010000000000000000000000000000000000", 463 463 + "private" : "48890e95d1b03e603bcb51fdf6f296f1f1d10f5df10e00b8a25c9809f9aa1a54", 464 464 + "shared" : "1c3263890f7a081cefe50cb92abd496582d90dcc2b9cb858bd286854aa6b0a7e", 465 465 + "result" : "valid", 466 466 + "flags" : [] 467 467 + }, 468 468 + { 469 469 + "tcId" : 43, 470 470 + "comment" : "edge case public key", 471 471 + "public" : "ffffffffffffffffffffffffffffffff00000000000000000000000000000000", 472 472 + "private" : "a806f1e39b742615a7dde3b29415ed827c68f07d4a47a4d9595c40c7fccb9263", 473 473 + "shared" : "56128e78d7c66f48e863e7e6f2caa9c0988fd439deac11d4aac9664083087f7a", 474 474 + "result" : "valid", 475 475 + "flags" : [] 476 476 + }, 477 477 + { 478 478 + "tcId" : 44, 479 479 + "comment" : "edge case public key", 480 480 + "public" : "0000000000000000000000000000000001000000000000000000000000000000", 481 481 + "private" : "9899d5e265e1fc7c32345227d6699a6d6b5517cf33b43ab156ee20df4878794e", 482 482 + "shared" : "30eca56f1f1c2e8ff780134e0e9382c5927d305d86b53477e9aeca79fc9ced05", 483 483 + "result" : "valid", 484 484 + "flags" : [] 485 485 + }, 486 486 + { 487 487 + "tcId" : 45, 488 488 + "comment" : "edge case public key", 489 489 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000", 490 490 + "private" : "d842316e5476aeaee838204258a06f15de011ba40b9962705e7f6e889fe71f40", 491 491 + "shared" : "cb21b7aa3f992ecfc92954849154b3af6b96a01f17bf21c612da748db38eb364", 492 492 + "result" : "valid", 493 493 + "flags" : [] 494 494 + }, 495 495 + { 496 496 + "tcId" : 46, 497 497 + "comment" : "edge case public key", 498 498 + "public" : "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000", 499 499 + "private" : "a0933ee30512b25ee4e900aaa07f73e507a8ec53b53a44626e0f589af4e0356c", 500 500 + "shared" : "c5caf8cabc36f086deaf1ab226434098c222abdf8acd3ce75c75e9debb271524", 501 501 + "result" : "valid", 502 502 + "flags" : [] 503 503 + }, 504 504 + { 505 505 + "tcId" : 47, 506 506 + "comment" : "edge case public key", 507 507 + "public" : "0000000000000000000000000000000000000000000000000000000001000000", 508 508 + "private" : "38d6403e1377734cdce98285e820f256ad6b769d6b5612bcf42cf2b97945c073", 509 509 + "shared" : "4d46052c7eabba215df8d91327e0c4610421d2d9129b1486d914c766cf104c27", 510 510 + "result" : "valid", 511 511 + "flags" : [] 512 512 + }, 513 513 + { 514 514 + "tcId" : 48, 515 515 + "comment" : "edge case public key", 516 516 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03", 517 517 + "private" : "182191b7052e9cd630ef08007fc6b43bc7652913be6774e2fd271b71b962a641", 518 518 + "shared" : "a0e0315175788362d4ebe05e6ac76d52d40187bd687492af05abc7ba7c70197d", 519 519 + "result" : "valid", 520 520 + "flags" : [] 521 521 + }, 522 522 + { 523 523 + "tcId" : 49, 524 524 + "comment" : "edge case public key", 525 525 + "public" : "ffffff0f000000ffffff0f000000ffffff0f000000ffffff0f000000ffffff0f", 526 526 + "private" : "106221fe5694a710d6e147696c5d5b93d6887d584f24f228182ebe1b1d2db85d", 527 527 + "shared" : "5e64924b91873b499a5402fa64337c65d4b2ed54beeb3fa5d7347809e43aef1c", 528 528 + "result" : "valid", 529 529 + "flags" : [] 530 530 + }, 531 531 + { 532 532 + "tcId" : 50, 533 533 + "comment" : "edge case public key", 534 534 + "public" : "000000fcffff030000e0ffff1f000000ffffff000000f8ffff070000c0ffff3f", 535 535 + "private" : "d035de9456080d85a912083b2e3c7ddd7971f786f25a96c5e782cf6f4376e362", 536 536 + "shared" : "c052466f9712d9ec4ef40f276bb7e6441c5434a83efd8e41d20ce83f2dbf5952", 537 537 + "result" : "valid", 538 538 + "flags" : [] 539 539 + }, 540 540 + { 541 541 + "tcId" : 51, 542 542 + "comment" : "edge case public key", 543 543 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", 544 544 + "private" : "a8f37318a4c760f3cb2d894822918735683cb1edacf3e666e15694154978fd6d", 545 545 + "shared" : "d151b97cba9c25d48e6d576338b97d53dd8b25e84f65f7a2091a17016317c553", 546 546 + "result" : "valid", 547 547 + "flags" : [] 548 548 + }, 549 549 + { 550 550 + "tcId" : 52, 551 551 + "comment" : "edge case public key", 552 552 + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5f", 553 553 + "private" : "20d4d624cf732f826f09e8088017742f13f2da98f4dcf4b40519adb790cebf64", 554 554 + "shared" : "5716296baf2b1a6b9cd15b23ba86829743d60b0396569be1d5b40014c06b477d", 555 555 + "result" : "valid", 556 556 + "flags" : [] 557 557 + }, 558 558 + { 559 559 + "tcId" : 53, 560 560 + "comment" : "edge case public key", 561 561 + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffff7fff7f", 562 562 + "private" : "d806a735d138efb3b404683c9d84485ab4af540d0af253b574323d8913003c66", 563 563 + "shared" : "ddbd56d0454b794c1d1d4923f023a51f6f34ef3f4868e3d6659307c683c74126", 564 564 + "result" : "valid", 565 565 + "flags" : [] 566 566 + }, 567 567 + { 568 568 + "tcId" : 54, 569 569 + "comment" : "edge case public key", 570 570 + "public" : "fffffffffeffff7ffffffffffeffff7ffffffffffeffff7ffffffffffeffff7f", 571 571 + "private" : "184198c6228177f3ef41dc9a341258f8181ae365fe9ec98d93639b0bbee1467d", 572 572 + "shared" : "8039eebed1a4f3b811ea92102a6267d4da412370f3f0d6b70f1faaa2e8d5236d", 573 573 + "result" : "valid", 574 574 + "flags" : [] 575 575 + }, 576 576 + { 577 577 + "tcId" : 55, 578 578 + "comment" : "edge case public key", 579 579 + "public" : "edfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffff7f", 580 580 + "private" : "f0a46a7f4b989fe515edc441109346ba746ec1516896ec5b7e4f4d903064b463", 581 581 + "shared" : "b69524e3955da23df6ad1a7cd38540047f50860f1c8fded9b1fdfcc9e812a035", 582 582 + "result" : "valid", 583 583 + "flags" : [] 584 584 + }, 585 585 + { 586 586 + "tcId" : 56, 587 587 + "comment" : "edge case public key", 588 588 + "public" : "edfffffffffffffffffffffffffffffffffffffffffffffffeffffffffffff7f", 589 589 + "private" : "881874fda3a99c0f0216e1172fbd07ab1c7df78602cc6b11264e57aab5f23a49", 590 590 + "shared" : "e417bb8854f3b4f70ecea557454c5c4e5f3804ae537960a8097b9f338410d757", 591 591 + "result" : "valid", 592 592 + "flags" : [] 593 593 + }, 594 594 + { 595 595 + "tcId" : 57, 596 596 + "comment" : "edge case public key", 597 597 + "public" : "edfffffffffffffffffffffffffffffffeffffffffffffffffffffffffffff7f", 598 598 + "private" : "b8d0f1ae05a5072831443150e202ac6db00322cdf341f467e9f296588b04db72", 599 599 + "shared" : "afca72bb8ef727b60c530c937a2f7d06bb39c39b903a7f4435b3f5d8fc1ca810", 600 600 + "result" : "valid", 601 601 + "flags" : [] 602 602 + }, 603 603 + { 604 604 + "tcId" : 58, 605 605 + "comment" : "edge case public key", 606 606 + "public" : "edfffffffffffffffeffffffffffffffffffffffffffffffffffffffffffff7f", 607 607 + "private" : "c8619ba988859db7d6f20fbf3ffb8b113418cc278065b4e8bb6d4e5b3e7cb569", 608 608 + "shared" : "7e41c2886fed4af04c1641a59af93802f25af0f9cba7a29ae72e2a92f35a1e5a", 609 609 + "result" : "valid", 610 610 + "flags" : [] 611 611 + }, 612 612 + { 613 613 + "tcId" : 59, 614 614 + "comment" : "edge case public key", 615 615 + "public" : "edfffffffeffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 616 616 + "private" : "f8d4ca1f37a30ec9acd6dbe5a6e150e5bc447d22b355d80ba002c5b05c26935d", 617 617 + "shared" : "dd3abd4746bf4f2a0d93c02a7d19f76d921c090d07e6ea5abae7f28848355947", 618 618 + "result" : "valid", 619 619 + "flags" : [] 620 620 + }, 621 621 + { 622 622 + "tcId" : 60, 623 623 + "comment" : "edge case public key", 624 624 + "public" : "edffffefffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 625 625 + "private" : "88037ac8e33c72c2c51037c7c8c5288bba9265c82fd8c31796dd7ea5df9aaa4a", 626 626 + "shared" : "8c27b3bff8d3c1f6daf2d3b7b3479cf9ad2056e2002be247992a3b29de13a625", 627 627 + "result" : "valid", 628 628 + "flags" : [] 629 629 + }, 630 630 + { 631 631 + "tcId" : 61, 632 632 + "comment" : "edge case public key", 633 633 + "public" : "edfffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 634 634 + "private" : "5034ee7bf83a13d9167df86b0640294f3620f4f4d9030e5e293f9190824ae562", 635 635 + "shared" : "8e1d2207b47432f881677448b9d426a30de1a1f3fd38cad6f4b23dbdfe8a2901", 636 636 + "result" : "valid", 637 637 + "flags" : [] 638 638 + }, 639 639 + { 640 640 + "tcId" : 62, 641 641 + "comment" : "edge case public key", 642 642 + "public" : "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 643 643 + "private" : "40bd4e1caf39d9def7663823502dad3e7d30eb6eb01e9b89516d4f2f45b7cd7f", 644 644 + "shared" : "2cf6974b0c070e3707bf92e721d3ea9de3db6f61ed810e0a23d72d433365f631", 645 645 + "result" : "valid", 646 646 + "flags" : [] 647 647 + }, 648 648 + { 649 649 + "tcId" : 63, 650 650 + "comment" : "public key with low order", 651 651 + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", 652 652 + "private" : "e0f978dfcd3a8f1a5093418de54136a584c20b7b349afdf6c0520886f95b1272", 653 653 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 654 654 + "result" : "acceptable", 655 655 + "flags" : [ 656 656 + "LowOrderPublic", 657 657 + "ZeroSharedSecret" 658 658 + ] 659 659 + }, 660 660 + { 661 661 + "tcId" : 64, 662 662 + "comment" : "public key with low order", 663 663 + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", 664 664 + "private" : "387355d995616090503aafad49da01fb3dc3eda962704eaee6b86f9e20c92579", 665 665 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 666 666 + "result" : "acceptable", 667 667 + "flags" : [ 668 668 + "LowOrderPublic", 669 669 + "ZeroSharedSecret" 670 670 + ] 671 671 + }, 672 672 + { 673 673 + "tcId" : 65, 674 674 + "comment" : "public key with low order", 675 675 + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 676 676 + "private" : "c8fe0df92ae68a03023fc0c9adb9557d31be7feed0d3ab36c558143daf4dbb40", 677 677 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 678 678 + "result" : "acceptable", 679 679 + "flags" : [ 680 680 + "LowOrderPublic", 681 681 + "Twist", 682 682 + "ZeroSharedSecret" 683 683 + ] 684 684 + }, 685 685 + { 686 686 + "tcId" : 66, 687 687 + "comment" : "public key with low order", 688 688 + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880", 689 689 + "private" : "c8d74acde5934e64b9895d5ff7afbffd7f704f7dfccff7ac28fa62a1e6410347", 690 690 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 691 691 + "result" : "acceptable", 692 692 + "flags" : [ 693 693 + "LowOrderPublic", 694 694 + "NonCanonicalPublic", 695 695 + "Twist", 696 696 + "ZeroSharedSecret" 697 697 + ] 698 698 + }, 699 699 + { 700 700 + "tcId" : 67, 701 701 + "comment" : "public key with low order", 702 702 + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7", 703 703 + "private" : "b85649d5120e01e8ccaf7b2fb8d81b62e8ad6f3d5c0553fdde1906cb9d79c050", 704 704 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 705 705 + "result" : "acceptable", 706 706 + "flags" : [ 707 707 + "LowOrderPublic", 708 708 + "NonCanonicalPublic", 709 709 + "Twist", 710 710 + "ZeroSharedSecret" 711 711 + ] 712 712 + }, 713 713 + { 714 714 + "tcId" : 68, 715 715 + "comment" : "public key with low order", 716 716 + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 717 717 + "private" : "2064b2f4c9dc97ec7cf58932fdfa3265ba6ea4d11f0259b8efc8afb35db88c48", 718 718 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 719 719 + "result" : "acceptable", 720 720 + "flags" : [ 721 721 + "LowOrderPublic", 722 722 + "NonCanonicalPublic", 723 723 + "ZeroSharedSecret" 724 724 + ] 725 725 + }, 726 726 + { 727 727 + "tcId" : 69, 728 728 + "comment" : "public key with low order", 729 729 + "public" : "0000000000000000000000000000000000000000000000000000000000000000", 730 730 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 731 731 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 732 732 + "result" : "acceptable", 733 733 + "flags" : [ 734 734 + "LowOrderPublic", 735 735 + "ZeroSharedSecret" 736 736 + ] 737 737 + }, 738 738 + { 739 739 + "tcId" : 70, 740 740 + "comment" : "public key with low order", 741 741 + "public" : "0100000000000000000000000000000000000000000000000000000000000000", 742 742 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 743 743 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 744 744 + "result" : "acceptable", 745 745 + "flags" : [ 746 746 + "LowOrderPublic", 747 747 + "ZeroSharedSecret" 748 748 + ] 749 749 + }, 750 750 + { 751 751 + "tcId" : 71, 752 752 + "comment" : "public key with low order", 753 753 + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 754 754 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 755 755 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 756 756 + "result" : "acceptable", 757 757 + "flags" : [ 758 758 + "LowOrderPublic", 759 759 + "ZeroSharedSecret" 760 760 + ] 761 761 + }, 762 762 + { 763 763 + "tcId" : 72, 764 764 + "comment" : "public key with low order", 765 765 + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", 766 766 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 767 767 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 768 768 + "result" : "acceptable", 769 769 + "flags" : [ 770 770 + "LowOrderPublic", 771 771 + "ZeroSharedSecret" 772 772 + ] 773 773 + }, 774 774 + { 775 775 + "tcId" : 73, 776 776 + "comment" : "public key with low order", 777 777 + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", 778 778 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 779 779 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 780 780 + "result" : "acceptable", 781 781 + "flags" : [ 782 782 + "LowOrderPublic", 783 783 + "ZeroSharedSecret" 784 784 + ] 785 785 + }, 786 786 + { 787 787 + "tcId" : 74, 788 788 + "comment" : "public key with low order", 789 789 + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 790 790 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 791 791 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 792 792 + "result" : "acceptable", 793 793 + "flags" : [ 794 794 + "LowOrderPublic", 795 795 + "ZeroSharedSecret" 796 796 + ] 797 797 + }, 798 798 + { 799 799 + "tcId" : 75, 800 800 + "comment" : "public key with low order", 801 801 + "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 802 802 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 803 803 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 804 804 + "result" : "acceptable", 805 805 + "flags" : [ 806 806 + "LowOrderPublic", 807 807 + "ZeroSharedSecret" 808 808 + ] 809 809 + }, 810 810 + { 811 811 + "tcId" : 76, 812 812 + "comment" : "public key with low order", 813 813 + "public" : "0000000000000000000000000000000000000000000000000000000000000080", 814 814 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 815 815 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 816 816 + "result" : "acceptable", 817 817 + "flags" : [ 818 818 + "LowOrderPublic", 819 819 + "ZeroSharedSecret" 820 820 + ] 821 821 + }, 822 822 + { 823 823 + "tcId" : 77, 824 824 + "comment" : "public key with low order", 825 825 + "public" : "0100000000000000000000000000000000000000000000000000000000000080", 826 826 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 827 827 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 828 828 + "result" : "acceptable", 829 829 + "flags" : [ 830 830 + "LowOrderPublic", 831 831 + "ZeroSharedSecret" 832 832 + ] 833 833 + }, 834 834 + { 835 835 + "tcId" : 78, 836 836 + "comment" : "public key with low order", 837 837 + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 838 838 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 839 839 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 840 840 + "result" : "acceptable", 841 841 + "flags" : [ 842 842 + "LowOrderPublic", 843 843 + "ZeroSharedSecret" 844 844 + ] 845 845 + }, 846 846 + { 847 847 + "tcId" : 79, 848 848 + "comment" : "public key with low order", 849 849 + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7", 850 850 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 851 851 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 852 852 + "result" : "acceptable", 853 853 + "flags" : [ 854 854 + "LowOrderPublic", 855 855 + "ZeroSharedSecret" 856 856 + ] 857 857 + }, 858 858 + { 859 859 + "tcId" : 80, 860 860 + "comment" : "public key with low order", 861 861 + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880", 862 862 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 863 863 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 864 864 + "result" : "acceptable", 865 865 + "flags" : [ 866 866 + "LowOrderPublic", 867 867 + "ZeroSharedSecret" 868 868 + ] 869 869 + }, 870 870 + { 871 871 + "tcId" : 81, 872 872 + "comment" : "public key with low order", 873 873 + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 874 874 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 875 875 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 876 876 + "result" : "acceptable", 877 877 + "flags" : [ 878 878 + "LowOrderPublic", 879 879 + "ZeroSharedSecret" 880 880 + ] 881 881 + }, 882 882 + { 883 883 + "tcId" : 82, 884 884 + "comment" : "public key with low order", 885 885 + "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 886 886 + "private" : "786a33a4f7af297a20e7642925932bf509e7070fa1bc36986af1eb13f4f50b55", 887 887 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 888 888 + "result" : "acceptable", 889 889 + "flags" : [ 890 890 + "LowOrderPublic", 891 891 + "ZeroSharedSecret" 892 892 + ] 893 893 + }, 894 894 + { 895 895 + "tcId" : 83, 896 896 + "comment" : "public key = 57896044618658097711785492504343953926634992332820282019728792003956564819949", 897 897 + "public" : "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 898 898 + "private" : "40ff586e73d61f0960dc2d763ac19e98225f1194f6fe43d5dd97ad55b3d35961", 899 899 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 900 900 + "result" : "acceptable", 901 901 + "flags" : [ 902 902 + "SmallPublicKey", 903 903 + "LowOrderPublic", 904 904 + "ZeroSharedSecret" 905 905 + ] 906 906 + }, 907 907 + { 908 908 + "tcId" : 84, 909 909 + "comment" : "public key = 57896044618658097711785492504343953926634992332820282019728792003956564819950", 910 910 + "public" : "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 911 911 + "private" : "584fceaebae944bfe93b2e0d0a575f706ce5ada1da2b1311c3b421f9186c7a6f", 912 912 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 913 913 + "result" : "acceptable", 914 914 + "flags" : [ 915 915 + "SmallPublicKey", 916 916 + "LowOrderPublic", 917 917 + "NonCanonicalPublic", 918 918 + "ZeroSharedSecret" 919 919 + ] 920 920 + }, 921 921 + { 922 922 + "tcId" : 85, 923 923 + "comment" : "non-canonical public key", 924 924 + "public" : "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 925 925 + "private" : "0016b62af5cabde8c40938ebf2108e05d27fa0533ed85d70015ad4ad39762d54", 926 926 + "shared" : "b4d10e832714972f96bd3382e4d082a21a8333a16315b3ffb536061d2482360d", 927 927 + "result" : "acceptable", 928 928 + "flags" : [ 929 929 + "NonCanonicalPublic", 930 930 + "Twist" 931 931 + ] 932 932 + }, 933 933 + { 934 934 + "tcId" : 86, 935 935 + "comment" : "non-canonical public key", 936 936 + "public" : "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 937 937 + "private" : "d83650ba7cec115881916255e3fa5fa0d6b8dcf968731bd2c9d2aec3f561f649", 938 938 + "shared" : "515eac8f1ed0b00c70762322c3ef86716cd2c51fe77cec3d31b6388bc6eea336", 939 939 + "result" : "acceptable", 940 940 + "flags" : [ 941 941 + "NonCanonicalPublic", 942 942 + "Twist" 943 943 + ] 944 944 + }, 945 945 + { 946 946 + "tcId" : 87, 947 947 + "comment" : "non-canonical public key", 948 948 + "public" : "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 949 949 + "private" : "88dd14e2711ebd0b0026c651264ca965e7e3da5082789fbab7e24425e7b4377e", 950 950 + "shared" : "6919992d6a591e77b3f2bacbd74caf3aea4be4802b18b2bc07eb09ade3ad6662", 951 951 + "result" : "acceptable", 952 952 + "flags" : [ 953 953 + "NonCanonicalPublic" 954 954 + ] 955 955 + }, 956 956 + { 957 957 + "tcId" : 88, 958 958 + "comment" : "non-canonical public key", 959 959 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 960 960 + "private" : "98c2b08cbac14e15953154e3b558d42bb1268a365b0ef2f22725129d8ac5cb7f", 961 961 + "shared" : "9c034fcd8d3bf69964958c0105161fcb5d1ea5b8f8abb371491e42a7684c2322", 962 962 + "result" : "acceptable", 963 963 + "flags" : [ 964 964 + "NonCanonicalPublic" 965 965 + ] 966 966 + }, 967 967 + { 968 968 + "tcId" : 89, 969 969 + "comment" : "non-canonical public key", 970 970 + "public" : "0200000000000000000000000000000000000000000000000000000000000080", 971 971 + "private" : "c0697b6f05e0f3433b44ea352f20508eb0623098a7770853af5ca09727340c4e", 972 972 + "shared" : "ed18b06da512cab63f22d2d51d77d99facd3c4502e4abf4e97b094c20a9ddf10", 973 973 + "result" : "acceptable", 974 974 + "flags" : [ 975 975 + "NonCanonicalPublic", 976 976 + "Twist" 977 977 + ] 978 978 + }, 979 979 + { 980 980 + "tcId" : 90, 981 981 + "comment" : "non-canonical public key", 982 982 + "public" : "0300000000000000000000000000000000000000000000000000000000000080", 983 983 + "private" : "18422b58a18e0f4519b7a887b8cfb649e0bfe4b34d75963350a9944e5b7f5b7e", 984 984 + "shared" : "448ce410fffc7e6149c5abec0ad5f3607dfde8a34e2ac3243c3009176168b432", 985 985 + "result" : "acceptable", 986 986 + "flags" : [ 987 987 + "NonCanonicalPublic", 988 988 + "Twist" 989 989 + ] 990 990 + }, 991 991 + { 992 992 + "tcId" : 91, 993 993 + "comment" : "non-canonical public key", 994 994 + "public" : "0400000000000000000000000000000000000000000000000000000000000080", 995 995 + "private" : "20620d82487707bedf9ee3549e95cb9390d2618f50cf6acba47ffaa103224a6f", 996 996 + "shared" : "03a633df01480d0d5048d92f51b20dc1d11f73e9515c699429b90a4f6903122a", 997 997 + "result" : "acceptable", 998 998 + "flags" : [ 999 999 + "NonCanonicalPublic" 1000 1000 + ] 1001 1001 + }, 1002 1002 + { 1003 1003 + "tcId" : 92, 1004 1004 + "comment" : "non-canonical public key", 1005 1005 + "public" : "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 1006 1006 + "private" : "285a6a7ceeb7122f2c78d99c53b2a902b490892f7dff326f89d12673c3101b53", 1007 1007 + "shared" : "9b01287717d72f4cfb583ec85f8f936849b17d978dbae7b837db56a62f100a68", 1008 1008 + "result" : "acceptable", 1009 1009 + "flags" : [ 1010 1010 + "NonCanonicalPublic" 1011 1011 + ] 1012 1012 + }, 1013 1013 + { 1014 1014 + "tcId" : 93, 1015 1015 + "comment" : "non-canonical public key", 1016 1016 + "public" : "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 1017 1017 + "private" : "c8e0330ae9dceeff887fba761225879a4bd2e0db08799244136e4721b2c88970", 1018 1018 + "shared" : "dfe60831c9f4f96c816e51048804dbdc27795d760eced75ef575cbe3b464054b", 1019 1019 + "result" : "acceptable", 1020 1020 + "flags" : [ 1021 1021 + "NonCanonicalPublic" 1022 1022 + ] 1023 1023 + }, 1024 1024 + { 1025 1025 + "tcId" : 94, 1026 1026 + "comment" : "non-canonical public key", 1027 1027 + "public" : "dcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 1028 1028 + "private" : "10db6210fc1fb13382472fa1787b004b5d11868ab3a79510e0cee30f4a6df26b", 1029 1029 + "shared" : "50bfa826ca77036dd2bbfd092c3f78e2e4a1f980d7c8e78f2f14dca3cce5cc3c", 1030 1030 + "result" : "acceptable", 1031 1031 + "flags" : [ 1032 1032 + "NonCanonicalPublic", 1033 1033 + "Twist" 1034 1034 + ] 1035 1035 + }, 1036 1036 + { 1037 1037 + "tcId" : 95, 1038 1038 + "comment" : "non-canonical public key", 1039 1039 + "public" : "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 1040 1040 + "private" : "9041c6e044a277df8466275ca8b5ee0da7bc028648054ade5c592add3057474e", 1041 1041 + "shared" : "13da5695a4c206115409b5277a934782fe985fa050bc902cba5616f9156fe277", 1042 1042 + "result" : "acceptable", 1043 1043 + "flags" : [ 1044 1044 + "NonCanonicalPublic" 1045 1045 + ] 1046 1046 + }, 1047 1047 + { 1048 1048 + "tcId" : 96, 1049 1049 + "comment" : "non-canonical public key", 1050 1050 + "public" : "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 1051 1051 + "private" : "b8d499041a6713c0f6f876db7406587fdb44582f9542356ae89cfa958a34d266", 1052 1052 + "shared" : "63483b5d69236c63cddbed33d8e22baecc2b0ccf886598e863c844d2bf256704", 1053 1053 + "result" : "acceptable", 1054 1054 + "flags" : [ 1055 1055 + "NonCanonicalPublic" 1056 1056 + ] 1057 1057 + }, 1058 1058 + { 1059 1059 + "tcId" : 97, 1060 1060 + "comment" : "non-canonical public key", 1061 1061 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 1062 1062 + "private" : "c85f08e60c845f82099141a66dc4583d2b1040462c544d33d0453b20b1a6377e", 1063 1063 + "shared" : "e9db74bc88d0d9bf046ddd13f943bccbe6dbb47d49323f8dfeedc4a694991a3c", 1064 1064 + "result" : "acceptable", 1065 1065 + "flags" : [ 1066 1066 + "NonCanonicalPublic" 1067 1067 + ] 1068 1068 + }, 1069 1069 + { 1070 1070 + "tcId" : 98, 1071 1071 + "comment" : "public key = 57896044618658097711785492504343953926634992332820282019728792003956564819968", 1072 1072 + "public" : "0000000000000000000000000000000000000000000000000000000000000080", 1073 1073 + "private" : "7887889bac4c629a101d3724f2ed8b98d936fde79e1a1f77d86779626bf8f263", 1074 1074 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 1075 1075 + "result" : "acceptable", 1076 1076 + "flags" : [ 1077 1077 + "SmallPublicKey", 1078 1078 + "LowOrderPublic", 1079 1079 + "NonCanonicalPublic", 1080 1080 + "ZeroSharedSecret" 1081 1081 + ] 1082 1082 + }, 1083 1083 + { 1084 1084 + "tcId" : 99, 1085 1085 + "comment" : "public key = 57896044618658097711785492504343953926634992332820282019728792003956564819969", 1086 1086 + "public" : "0100000000000000000000000000000000000000000000000000000000000080", 1087 1087 + "private" : "e07971ee820e48b0b266d8be3cdbbb5e900a43f59ee8535c6572418615de4962", 1088 1088 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 1089 1089 + "result" : "acceptable", 1090 1090 + "flags" : [ 1091 1091 + "SmallPublicKey", 1092 1092 + "LowOrderPublic", 1093 1093 + "NonCanonicalPublic", 1094 1094 + "Twist", 1095 1095 + "ZeroSharedSecret" 1096 1096 + ] 1097 1097 + }, 1098 1098 + { 1099 1099 + "tcId" : 100, 1100 1100 + "comment" : "RFC 7748", 1101 1101 + "public" : "e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c", 1102 1102 + "private" : "a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44", 1103 1103 + "shared" : "c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552", 1104 1104 + "result" : "valid", 1105 1105 + "flags" : [] 1106 1106 + }, 1107 1107 + { 1108 1108 + "tcId" : 101, 1109 1109 + "comment" : "RFC 7748", 1110 1110 + "public" : "e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a413", 1111 1111 + "private" : "4866e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba4d", 1112 1112 + "shared" : "95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957", 1113 1113 + "result" : "valid", 1114 1114 + "flags" : [] 1115 1115 + }, 1116 1116 + { 1117 1117 + "tcId" : 102, 1118 1118 + "comment" : "RFC 8037, Section A.6", 1119 1119 + "public" : "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f", 1120 1120 + "private" : "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a", 1121 1121 + "shared" : "4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742", 1122 1122 + "result" : "valid", 1123 1123 + "flags" : [] 1124 1124 + }, 1125 1125 + { 1126 1126 + "tcId" : 103, 1127 1127 + "comment" : "edge case for shared secret", 1128 1128 + "public" : "b7b6d39c765cb60c0c8542f4f3952ffb51d3002d4aeb9f8ff988b192043e6d0a", 1129 1129 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1130 1130 + "shared" : "0200000000000000000000000000000000000000000000000000000000000000", 1131 1131 + "result" : "acceptable", 1132 1132 + "flags" : [ 1133 1133 + "Twist" 1134 1134 + ] 1135 1135 + }, 1136 1136 + { 1137 1137 + "tcId" : 104, 1138 1138 + "comment" : "edge case for shared secret", 1139 1139 + "public" : "3b18df1e50b899ebd588c3161cbd3bf98ebcc2c1f7df53b811bd0e91b4d5153d", 1140 1140 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1141 1141 + "shared" : "0900000000000000000000000000000000000000000000000000000000000000", 1142 1142 + "result" : "valid", 1143 1143 + "flags" : [] 1144 1144 + }, 1145 1145 + { 1146 1146 + "tcId" : 105, 1147 1147 + "comment" : "edge case for shared secret", 1148 1148 + "public" : "cab6f9e7d8ce00dfcea9bbd8f069ef7fb2ac504abf83b87db601b5ae0a7f7615", 1149 1149 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1150 1150 + "shared" : "1000000000000000000000000000000000000000000000000000000000000000", 1151 1151 + "result" : "valid", 1152 1152 + "flags" : [] 1153 1153 + }, 1154 1154 + { 1155 1155 + "tcId" : 106, 1156 1156 + "comment" : "edge case for shared secret", 1157 1157 + "public" : "4977d0d897e1ba566590f60f2eb0db6f7b24c13d436918ccfd32708dfad7e247", 1158 1158 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1159 1159 + "shared" : "feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", 1160 1160 + "result" : "acceptable", 1161 1161 + "flags" : [ 1162 1162 + "Twist" 1163 1163 + ] 1164 1164 + }, 1165 1165 + { 1166 1166 + "tcId" : 107, 1167 1167 + "comment" : "edge case for shared secret", 1168 1168 + "public" : "98730bc03e29e8b057fb1d20ef8c0bffc822485d3db7f45f4e3cc2c3c6d1d14c", 1169 1169 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1170 1170 + "shared" : "fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", 1171 1171 + "result" : "valid", 1172 1172 + "flags" : [] 1173 1173 + }, 1174 1174 + { 1175 1175 + "tcId" : 108, 1176 1176 + "comment" : "edge case for shared secret", 1177 1177 + "public" : "97b4fff682df7f096cd1756569e252db482d45406a3198a1aff282a5da474c49", 1178 1178 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1179 1179 + "shared" : "f9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", 1180 1180 + "result" : "acceptable", 1181 1181 + "flags" : [ 1182 1182 + "Twist" 1183 1183 + ] 1184 1184 + }, 1185 1185 + { 1186 1186 + "tcId" : 109, 1187 1187 + "comment" : "edge case for shared secret", 1188 1188 + "public" : "317781b0163bae74accc06c0d44ef9a911a22b0d37faf7726621591f9343ea2f", 1189 1189 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1190 1190 + "shared" : "f3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", 1191 1191 + "result" : "valid", 1192 1192 + "flags" : [] 1193 1193 + }, 1194 1194 + { 1195 1195 + "tcId" : 110, 1196 1196 + "comment" : "edge case for shared secret", 1197 1197 + "public" : "7e26f8f24cb590027f9d1bc49b0e1a242c7d8f43624d3e8fab28ee08e02cb45e", 1198 1198 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1199 1199 + "shared" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03", 1200 1200 + "result" : "valid", 1201 1201 + "flags" : [] 1202 1202 + }, 1203 1203 + { 1204 1204 + "tcId" : 111, 1205 1205 + "comment" : "edge case for shared secret", 1206 1206 + "public" : "e96d2780e5469a74620ab5aa2f62151d140c473320dbe1b028f1a48f8e76f95f", 1207 1207 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1208 1208 + "shared" : "e5ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 1209 1209 + "result" : "acceptable", 1210 1210 + "flags" : [ 1211 1211 + "Twist" 1212 1212 + ] 1213 1213 + }, 1214 1214 + { 1215 1215 + "tcId" : 112, 1216 1216 + "comment" : "edge case for shared secret", 1217 1217 + "public" : "8d612c5831aa64b057300e7e310f3aa332af34066fefcab2b089c9592878f832", 1218 1218 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1219 1219 + "shared" : "e3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 1220 1220 + "result" : "acceptable", 1221 1221 + "flags" : [ 1222 1222 + "Twist" 1223 1223 + ] 1224 1224 + }, 1225 1225 + { 1226 1226 + "tcId" : 113, 1227 1227 + "comment" : "edge case for shared secret", 1228 1228 + "public" : "8d44108d05d940d3dfe5647ea7a87be24d0d036c9f0a95a2386b839e7b7bf145", 1229 1229 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1230 1230 + "shared" : "ddffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 1231 1231 + "result" : "valid", 1232 1232 + "flags" : [] 1233 1233 + }, 1234 1234 + { 1235 1235 + "tcId" : 114, 1236 1236 + "comment" : "edge case for shared secret", 1237 1237 + "public" : "21a35d5db1b6237c739b56345a930aeee373cdcfb4701266782a8ac594913b29", 1238 1238 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1239 1239 + "shared" : "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 1240 1240 + "result" : "acceptable", 1241 1241 + "flags" : [ 1242 1242 + "Twist" 1243 1243 + ] 1244 1244 + }, 1245 1245 + { 1246 1246 + "tcId" : 115, 1247 1247 + "comment" : "edge case for shared secret", 1248 1248 + "public" : "3e5efb63c352ce942762482bc9337a5d35ba55664743ac5e93d11f957336cb10", 1249 1249 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1250 1250 + "shared" : "0000000000000000000000000000000000000000000000000000000000000002", 1251 1251 + "result" : "acceptable", 1252 1252 + "flags" : [ 1253 1253 + "Twist" 1254 1254 + ] 1255 1255 + }, 1256 1256 + { 1257 1257 + "tcId" : 116, 1258 1258 + "comment" : "edge case for shared secret", 1259 1259 + "public" : "8e41f05ea3c76572be104ad8788e970863c6e2ca3daae64d1c2f46decfffa571", 1260 1260 + "private" : "60a3a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a9767f", 1261 1261 + "shared" : "0000000000000000000000000000000000000000000000000000000000008000", 1262 1262 + "result" : "acceptable", 1263 1263 + "flags" : [ 1264 1264 + "Twist" 1265 1265 + ] 1266 1266 + }, 1267 1267 + { 1268 1268 + "tcId" : 117, 1269 1269 + "comment" : "special case public key", 1270 1270 + "public" : "0000000000000000000000000000000000000000000000000000000000000000", 1271 1271 + "private" : "c8d07c46bbfb827753b92c70e49583ce8bfa44641a7382258ea903d6a832c96b", 1272 1272 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 1273 1273 + "result" : "acceptable", 1274 1274 + "flags" : [ 1275 1275 + "SmallPublicKey", 1276 1276 + "LowOrderPublic", 1277 1277 + "ZeroSharedSecret" 1278 1278 + ] 1279 1279 + }, 1280 1280 + { 1281 1281 + "tcId" : 118, 1282 1282 + "comment" : "special case public key", 1283 1283 + "public" : "0100000000000000000000000000000000000000000000000000000000000000", 1284 1284 + "private" : "90b7ef237a055f348dcb4c4364a59d7d31edc7ab78f2ca254e2c810975c3f543", 1285 1285 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 1286 1286 + "result" : "acceptable", 1287 1287 + "flags" : [ 1288 1288 + "SmallPublicKey", 1289 1289 + "LowOrderPublic", 1290 1290 + "ZeroSharedSecret" 1291 1291 + ] 1292 1292 + }, 1293 1293 + { 1294 1294 + "tcId" : 119, 1295 1295 + "comment" : "special case public key", 1296 1296 + "public" : "0200000000000000000000000000000000000000000000000000000000000000", 1297 1297 + "private" : "e0a8be63315c4f0f0a3fee607f44d30a55be63f09561d9af93e0a1c9cf0ed751", 1298 1298 + "shared" : "0c50ac2bfb6815b47d0734c5981379882a24a2de6166853c735329d978baee4d", 1299 1299 + "result" : "acceptable", 1300 1300 + "flags" : [ 1301 1301 + "Twist" 1302 1302 + ] 1303 1303 + }, 1304 1304 + { 1305 1305 + "tcId" : 120, 1306 1306 + "comment" : "special case public key", 1307 1307 + "public" : "1200000000000000000000000000000000000000000000000000000000000000", 1308 1308 + "private" : "0840a8af5bc4c48da8850e973d7e14220f45c192cea4020d377eecd25c7c3643", 1309 1309 + "shared" : "77557137a2a2a651c49627a9b239ac1f2bf78b8a3e72168ccecc10a51fc5ae66", 1310 1310 + "result" : "valid", 1311 1311 + "flags" : [] 1312 1312 + }, 1313 1313 + { 1314 1314 + "tcId" : 121, 1315 1315 + "comment" : "special case public key", 1316 1316 + "public" : "1400000000000000000000000000000000000000000000000000000000000000", 1317 1317 + "private" : "0092229c753a71284d0853909470ad847ab62f439ea51482fb41d30cc3b44743", 1318 1318 + "shared" : "c88e719ae5c2248b5f90da346a92ae214f44a5d129fd4e9c26cf6a0da1efe077", 1319 1319 + "result" : "acceptable", 1320 1320 + "flags" : [ 1321 1321 + "Twist" 1322 1322 + ] 1323 1323 + }, 1324 1324 + { 1325 1325 + "tcId" : 122, 1326 1326 + "comment" : "special case public key", 1327 1327 + "public" : "0000000000000000000000000080000000000000000000000000000000000000", 1328 1328 + "private" : "b8da2bd2d7cf25a3e54e5f87ee15911effb9ff86baec4076d56c8e953670bf5b", 1329 1329 + "shared" : "4bf6789c7ea036f973cde0af02d6fdb9b64a0b957022111439570fad7d7a453f", 1330 1330 + "result" : "valid", 1331 1331 + "flags" : [] 1332 1332 + }, 1333 1333 + { 1334 1334 + "tcId" : 123, 1335 1335 + "comment" : "special case public key", 1336 1336 + "public" : "ffffffffffffffffffffffffffff000000000000000000000000000000000000", 1337 1337 + "private" : "684cd420af41abb3d10c61e773238cf729c2155f941ac27e15f4c37f49b29576", 1338 1338 + "shared" : "bcac235ae15cc7148372e11f9315e3bc76ceb904b3d2a8246bd9d9be2082bb62", 1339 1339 + "result" : "valid", 1340 1340 + "flags" : [] 1341 1341 + }, 1342 1342 + { 1343 1343 + "tcId" : 124, 1344 1344 + "comment" : "special case public key", 1345 1345 + "public" : "0100000000000000000000000000010000000000000000000000000000000000", 1346 1346 + "private" : "38cfacaa4460796b4de434bdd6739f0d043671f97fa829517511e6b47aa93474", 1347 1347 + "shared" : "5dd7d16fff25cc5fdf9e03c3157cb0a235cea17d618f36e6f13461567edeb943", 1348 1348 + "result" : "acceptable", 1349 1349 + "flags" : [ 1350 1350 + "Twist" 1351 1351 + ] 1352 1352 + }, 1353 1353 + { 1354 1354 + "tcId" : 125, 1355 1355 + "comment" : "special case public key", 1356 1356 + "public" : "0000000000000000000000000000000000000000000000000000004000000000", 1357 1357 + "private" : "30832e8cb627ac195f77b1105258e4bb18b99a5ed944404bfacb3a039fbdb14b", 1358 1358 + "shared" : "2816fd031d51d6750f9225ede950625cca47441ca97e43092650396991afcb6d", 1359 1359 + "result" : "valid", 1360 1360 + "flags" : [] 1361 1361 + }, 1362 1362 + { 1363 1363 + "tcId" : 126, 1364 1364 + "comment" : "special case public key", 1365 1365 + "public" : "0000000000000000000000000000000000000000000000000000008000000000", 1366 1366 + "private" : "d818fd6971e546447f361d33d3dbb3eadcf02fb28f246f1d5107b9073a93cd4f", 1367 1367 + "shared" : "7ed8f2d5424e7ebb3edbdf4abe455447e5a48b658e64abd06c218f33bd151f64", 1368 1368 + "result" : "acceptable", 1369 1369 + "flags" : [ 1370 1370 + "Twist" 1371 1371 + ] 1372 1372 + }, 1373 1373 + { 1374 1374 + "tcId" : 127, 1375 1375 + "comment" : "special case public key", 1376 1376 + "public" : "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff00000000", 1377 1377 + "private" : "1021cd8682bdc3f5da9100adff5b2230b3acd836b3a455db8352a2c27e69d17e", 1378 1378 + "shared" : "e8620ed5ca89c72c5ea5503e6dcd01131cd5e875c30e13d5dc619ce28ec7d559", 1379 1379 + "result" : "acceptable", 1380 1380 + "flags" : [ 1381 1381 + "Twist" 1382 1382 + ] 1383 1383 + }, 1384 1384 + { 1385 1385 + "tcId" : 128, 1386 1386 + "comment" : "special case public key", 1387 1387 + "public" : "0100000000000000000000000000000000000000000000000000000001000000", 1388 1388 + "private" : "20e4c9247102292655d6765d7d84c6fce5309b8004045daea6d7d7dcad462871", 1389 1389 + "shared" : "ceadb264379dcadd6e3bb8ad24dd653d2a609dd703d41da6caf3ad00f001862c", 1390 1390 + "result" : "valid", 1391 1391 + "flags" : [] 1392 1392 + }, 1393 1393 + { 1394 1394 + "tcId" : 129, 1395 1395 + "comment" : "special case public key", 1396 1396 + "public" : "a8b9c7372118a53a9de9eaf0868e3b1a3d88e81cb2e407ff7125e9f5c5088715", 1397 1397 + "private" : "90b150d462de512056d5bd55173074969b496f262fb6916b733f6263a8078971", 1398 1398 + "shared" : "f86cc7bf1be49574fc97a074282e9bb5cd238e002bc8e9a7b8552b2d60eccb52", 1399 1399 + "result" : "acceptable", 1400 1400 + "flags" : [ 1401 1401 + "Twist" 1402 1402 + ] 1403 1403 + }, 1404 1404 + { 1405 1405 + "tcId" : 130, 1406 1406 + "comment" : "special case public key", 1407 1407 + "public" : "aab9c7372118a53a9de9eaf0868e3b1a3d88e81cb2e407ff7125e9f5c5088715", 1408 1408 + "private" : "9887286b3261c8d857a16f6db21277f75d88d4e861b3ebe7596699047e816668", 1409 1409 + "shared" : "ccbb8fd9dee165a398b2dbd7c8396f81736c1b3da36b35fbec8f326f38f92767", 1410 1410 + "result" : "acceptable", 1411 1411 + "flags" : [ 1412 1412 + "Twist" 1413 1413 + ] 1414 1414 + }, 1415 1415 + { 1416 1416 + "tcId" : 131, 1417 1417 + "comment" : "special case public key", 1418 1418 + "public" : "585007a5930d77623cf29756038ca197d3ebfd9e4c80a69585efe0274092c115", 1419 1419 + "private" : "20ca2c85cc8762e96b7047bf15c71c050ffe0ed1616040a953ae32a1297ad871", 1420 1420 + "shared" : "46add6f48ffff461777d4f89b6fdf1155aa051a96387d45f3e5e371a236b6e52", 1421 1421 + "result" : "valid", 1422 1422 + "flags" : [] 1423 1423 + }, 1424 1424 + { 1425 1425 + "tcId" : 132, 1426 1426 + "comment" : "special case public key", 1427 1427 + "public" : "fbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1f", 1428 1428 + "private" : "d027656605b10bf18dea28bc52546f9f1f08cef06cafd200fc84f87dbb4ebe46", 1429 1429 + "shared" : "1adbe32207e21f71e1af53884d2a2276481e298e557f4dacb3720f2458e3082d", 1430 1430 + "result" : "valid", 1431 1431 + "flags" : [] 1432 1432 + }, 1433 1433 + { 1434 1434 + "tcId" : 133, 1435 1435 + "comment" : "special case public key", 1436 1436 + "public" : "0000000000000000000000000000000000000000000000000000000000000020", 1437 1437 + "private" : "4867a83ee9d01b7510840867db1af6a6049bdbb056b74443f70c358e162c8867", 1438 1438 + "shared" : "e12cc58fbeb70a5e35c861c33710be6516a6a92e52376060211b2487db542b4f", 1439 1439 + "result" : "acceptable", 1440 1440 + "flags" : [ 1441 1441 + "Twist" 1442 1442 + ] 1443 1443 + }, 1444 1444 + { 1445 1445 + "tcId" : 134, 1446 1446 + "comment" : "special case public key", 1447 1447 + "public" : "afa00e4a271beec478e42fad0618432fa7d7fb3d99004d2b0bdfc14f8024832b", 1448 1448 + "private" : "a015970a8add940fca5b1b5d23875397d547d8d494fcb314f2045a67a2d12c4b", 1449 1449 + "shared" : "421bed1b26da1e9adbeada1f32b91a0fb4ced0f1110e0a4a88e735a19ee4571e", 1450 1450 + "result" : "valid", 1451 1451 + "flags" : [] 1452 1452 + }, 1453 1453 + { 1454 1454 + "tcId" : 135, 1455 1455 + "comment" : "special case public key", 1456 1456 + "public" : "b1a00e4a271beec478e42fad0618432fa7d7fb3d99004d2b0bdfc14f8024832b", 1457 1457 + "private" : "4058cb6b9aaba02a338aaa392dbc10039e26e9e444117e758e24c5d8b232ea5e", 1458 1458 + "shared" : "d7b47463e2f4ca9a1a7deea098da8e74ac3b4a109083d997259b12992e7e7e06", 1459 1459 + "result" : "valid", 1460 1460 + "flags" : [] 1461 1461 + }, 1462 1462 + { 1463 1463 + "tcId" : 136, 1464 1464 + "comment" : "special case public key", 1465 1465 + "public" : "fbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff2f", 1466 1466 + "private" : "b876b05daff0530b139d9e11250563418077178246c5fa7005ba00e9b6647763", 1467 1467 + "shared" : "686eb910a937211b9147c8a051a1197906818fdc626668eb5f5d394afd86d41b", 1468 1468 + "result" : "acceptable", 1469 1469 + "flags" : [ 1470 1470 + "Twist" 1471 1471 + ] 1472 1472 + }, 1473 1473 + { 1474 1474 + "tcId" : 137, 1475 1475 + "comment" : "special case public key", 1476 1476 + "public" : "22231c64ef73ad62318b8a87bc38e272e1bb8bf1a60d7c00476d0b059d7b3c35", 1477 1477 + "private" : "d87fd6aa5d8deef6dee9619a56846a0829620590f2da40835d8e251597e39078", 1478 1478 + "shared" : "09559733b35bcc6bb8ac574b5abe3a4d8841deff051c294a07487e3eec3c5558", 1479 1479 + "result" : "valid", 1480 1480 + "flags" : [] 1481 1481 + }, 1482 1482 + { 1483 1483 + "tcId" : 138, 1484 1484 + "comment" : "special case public key", 1485 1485 + "public" : "f6ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", 1486 1486 + "private" : "90036321b63751f7622aa93da34d85e59ce81009ac5b9a068921d83bc4715b57", 1487 1487 + "shared" : "f7d5cbcf39eb722b01ed20c85563ebb81d076511aead4ccc429027866b9fd270", 1488 1488 + "result" : "valid", 1489 1489 + "flags" : [] 1490 1490 + }, 1491 1491 + { 1492 1492 + "tcId" : 139, 1493 1493 + "comment" : "special case public key", 1494 1494 + "public" : "f7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", 1495 1495 + "private" : "a06781fd4c4a0874e00e72ba131b9dd87a83b2904e294de176e8a9af1f695d67", 1496 1496 + "shared" : "e995ad6a1ec6c5ab32922cff9d204721704673143c4a11deaa203f3c81989b3f", 1497 1497 + "result" : "acceptable", 1498 1498 + "flags" : [ 1499 1499 + "Twist" 1500 1500 + ] 1501 1501 + }, 1502 1502 + { 1503 1503 + "tcId" : 140, 1504 1504 + "comment" : "special case public key", 1505 1505 + "public" : "feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", 1506 1506 + "private" : "b822d72d8b68bdb4fbf67e56a61d672b2c7747e94479fe5ae4072d0accdd6571", 1507 1507 + "shared" : "32b6dabe01d13867f3b5b0892fefd80dca666f2edc5afb43cd0baf703c3e6926", 1508 1508 + "result" : "acceptable", 1509 1509 + "flags" : [ 1510 1510 + "Twist" 1511 1511 + ] 1512 1512 + }, 1513 1513 + { 1514 1514 + "tcId" : 141, 1515 1515 + "comment" : "special case public key", 1516 1516 + "public" : "0000000000000000000000000000000000000000000000000000000000000040", 1517 1517 + "private" : "d08ce1237e248d02cdf619d20bea5848ade4f6ffd171b8dee8793fc67c459640", 1518 1518 + "shared" : "a93d83fc9ea0f6cb0cc8b631da600019b76cbb2ec57222f2e42dd540e3da850b", 1519 1519 + "result" : "valid", 1520 1520 + "flags" : [] 1521 1521 + }, 1522 1522 + { 1523 1523 + "tcId" : 142, 1524 1524 + "comment" : "special case public key", 1525 1525 + "public" : "cbdce39b108c529dce74757843c71d8d1e44740e59f283ffb892f4fa6284c34a", 1526 1526 + "private" : "180ae3c928514cfb9edd06e7dc1d5d066160e967445a5c58e4463b69ed205e6d", 1527 1527 + "shared" : "017cbfa2b38e9ef3297a339ecce1a917bdcf7e910036086a41d1e22d04241870", 1528 1528 + "result" : "valid", 1529 1529 + "flags" : [] 1530 1530 + }, 1531 1531 + { 1532 1532 + "tcId" : 143, 1533 1533 + "comment" : "special case public key", 1534 1534 + "public" : "3c5ff1b5d8e4113b871bd052f9e7bcd0582804c266ffb2d4f4203eb07fdb7c54", 1535 1535 + "private" : "e881d806a110560cd8fee899d59c0249f1233a4322c41aa369c7a2a99f5b5962", 1536 1536 + "shared" : "71133905b8a57ea8c38de0ecf213699a75b096c2df21f07f7e9eb03e9fa53f5c", 1537 1537 + "result" : "valid", 1538 1538 + "flags" : [] 1539 1539 + }, 1540 1540 + { 1541 1541 + "tcId" : 144, 1542 1542 + "comment" : "special case public key", 1543 1543 + "public" : "3e5ff1b5d8e4113b871bd052f9e7bcd0582804c266ffb2d4f4203eb07fdb7c54", 1544 1544 + "private" : "08e410e1d7e8b9411236af4a35d6b62a5d8931478e4c62197cfafb491467b162", 1545 1545 + "shared" : "3dc7b70e110766b2bf525252ebed98a100b2e532dc69544464da1bbab8625f6d", 1546 1546 + "result" : "valid", 1547 1547 + "flags" : [] 1548 1548 + }, 1549 1549 + { 1550 1550 + "tcId" : 145, 1551 1551 + "comment" : "special case public key", 1552 1552 + "public" : "f2ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5f", 1553 1553 + "private" : "e02fdf7e0ee3d55b4440f01432dd253c949793bc04da44ddece83e54c8c39b40", 1554 1554 + "shared" : "e317e5cc438b5f79ead5533ac7c45519a117b31033cc2140b19edf8572011240", 1555 1555 + "result" : "valid", 1556 1556 + "flags" : [] 1557 1557 + }, 1558 1558 + { 1559 1559 + "tcId" : 146, 1560 1560 + "comment" : "special case public key", 1561 1561 + "public" : "f6ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff5f", 1562 1562 + "private" : "f05d18f68ef7a5865c14db3a9c255fdf2dabea2aa36581e94f68b727b582867b", 1563 1563 + "shared" : "d86810516aeddc18061036f599a9eb84d1c6146b0f543652dd4526743ba42c04", 1564 1564 + "result" : "valid", 1565 1565 + "flags" : [] 1566 1566 + }, 1567 1567 + { 1568 1568 + "tcId" : 147, 1569 1569 + "comment" : "special case public key", 1570 1570 + "public" : "95aff85a6cf2889dc30d68a9fc735e682c140261b37f596a7a101fd8bf6d3e6a", 1571 1571 + "private" : "00c103578d5c079d7bcc22c1c31e787c1b15c57fcb493fdafefa20371cfc746b", 1572 1572 + "shared" : "dfa988a477003be125b95ccbf2223d97729577d25e1d6e89e3da0afabdd0ae71", 1573 1573 + "result" : "acceptable", 1574 1574 + "flags" : [ 1575 1575 + "Twist" 1576 1576 + ] 1577 1577 + }, 1578 1578 + { 1579 1579 + "tcId" : 148, 1580 1580 + "comment" : "special case public key", 1581 1581 + "public" : "434638c8dee75ac56216150f7971c4e5c27717e34d1bf8008eda160a3af7786a", 1582 1582 + "private" : "7005bb927485c435642b424a3dde014bcf76345e5be64ae6e9b24db39e1cdb51", 1583 1583 + "shared" : "d450af45b8ed5fe140cc5263ffb7b52e66736899a8b872b6e28552129819b25b", 1584 1584 + "result" : "acceptable", 1585 1585 + "flags" : [ 1586 1586 + "Twist" 1587 1587 + ] 1588 1588 + }, 1589 1589 + { 1590 1590 + "tcId" : 149, 1591 1591 + "comment" : "special case public key", 1592 1592 + "public" : "454638c8dee75ac56216150f7971c4e5c27717e34d1bf8008eda160a3af7786a", 1593 1593 + "private" : "0822039a5dc13c40fcccf346e2a7769b4fd272052d43260ad626468a50d44162", 1594 1594 + "shared" : "58002c89bf8bc32ae6fc205b796acd13ef7f8476f6492ae4b2be47f1095e8a4f", 1595 1595 + "result" : "valid", 1596 1596 + "flags" : [] 1597 1597 + }, 1598 1598 + { 1599 1599 + "tcId" : 150, 1600 1600 + "comment" : "special case public key", 1601 1601 + "public" : "ecfffffffffffffffffffffffffffeffffffffffffffffffffffffffffffff7f", 1602 1602 + "private" : "40a6349c03f0dc0a42358f6353ca67632af687b14c9dff626c54e211e8fc355a", 1603 1603 + "shared" : "7773aad6e72eb1735b65ad51f7dad258c11d7bfff53094424cb103cd6bfb4368", 1604 1604 + "result" : "valid", 1605 1605 + "flags" : [] 1606 1606 + }, 1607 1607 + { 1608 1608 + "tcId" : 151, 1609 1609 + "comment" : "special case public key", 1610 1610 + "public" : "eefffffffffffffffffffffffffffeffffffffffffffffffffffffffffffff7f", 1611 1611 + "private" : "50696d4d05209971d6ba0676ea274262ba639aac74fa75e5df4570768ad8ae74", 1612 1612 + "shared" : "c118ddf6462fbea80f14ef1f2972a1ab12cafa511d1323d4d22d0d426d651b5b", 1613 1613 + "result" : "valid", 1614 1614 + "flags" : [] 1615 1615 + }, 1616 1616 + { 1617 1617 + "tcId" : 152, 1618 1618 + "comment" : "special case public key", 1619 1619 + "public" : "edffffffffffffffffffffffff7fffffffffffffffffffffffffffffffffff7f", 1620 1620 + "private" : "68bb680c853f4e4daa47c586dc886cf4568d7b0383770f6df439a53be4a3236d", 1621 1621 + "shared" : "cc0775bfd970a2706b11c7222a4436a3d17160382c83b76f89b66192c81b4408", 1622 1622 + "result" : "valid", 1623 1623 + "flags" : [] 1624 1624 + }, 1625 1625 + { 1626 1626 + "tcId" : 153, 1627 1627 + "comment" : "special case public key", 1628 1628 + "public" : "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 1629 1629 + "private" : "b0f6c28dbdc647068a76d71805ef770f087cf76b82afdc0d26c45b71ace49768", 1630 1630 + "shared" : "f0097fa0ba70d019126277ab15c56ecc170ca88180b2bf9d80fcda3d7d74552a", 1631 1631 + "result" : "valid", 1632 1632 + "flags" : [] 1633 1633 + }, 1634 1634 + { 1635 1635 + "tcId" : 154, 1636 1636 + "comment" : "special case public key", 1637 1637 + "public" : "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", 1638 1638 + "private" : "18630f93598637c35da623a74559cf944374a559114c7937811041fc8605564a", 1639 1639 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 1640 1640 + "result" : "acceptable", 1641 1641 + "flags" : [ 1642 1642 + "LowOrderPublic", 1643 1643 + "Twist", 1644 1644 + "ZeroSharedSecret" 1645 1645 + ] 1646 1646 + }, 1647 1647 + { 1648 1648 + "tcId" : 155, 1649 1649 + "comment" : "special case for E in multiplication by 2", 1650 1650 + "public" : "0000000000000000000008000000000000000000000000000000000000000000", 1651 1651 + "private" : "581ecbda5a4a228044fefd6e03df234558c3c79152c6e2c5e60b142c4f26a851", 1652 1652 + "shared" : "59e7b1e6f47065a48bd34913d910176b6792a1372aad22e73cd7df45fcf91a0e", 1653 1653 + "result" : "acceptable", 1654 1654 + "flags" : [ 1655 1655 + "Twist" 1656 1656 + ] 1657 1657 + }, 1658 1658 + { 1659 1659 + "tcId" : 156, 1660 1660 + "comment" : "special case for E in multiplication by 2", 1661 1661 + "public" : "77af0d3897a715dfe25df5d538cf133bc9ab7ad52df6bd922a2fb75621d59901", 1662 1662 + "private" : "b0561a38000795b7cb537b55e975ea452c2118506295d5eb15fd9c83b67f7a50", 1663 1663 + "shared" : "179f6b020748acba349133eaa4518f1bd8bab7bfc4fb05fd4c24e7553da1e960", 1664 1664 + "result" : "valid", 1665 1665 + "flags" : [] 1666 1666 + }, 1667 1667 + { 1668 1668 + "tcId" : 157, 1669 1669 + "comment" : "special case for E in multiplication by 2", 1670 1670 + "public" : "4e39866127b6a12a54914e106aab86464af55631f3cb61766d5999aa8d2e070e", 1671 1671 + "private" : "b00f7df2d47128441c7270b9a87eee45b6056fc64236a57bdf81dbcccf5f5d42", 1672 1672 + "shared" : "43c5ee1451f213ef7624729e595a0fee7c9af7ee5d27eb03278ee9f94c202352", 1673 1673 + "result" : "valid", 1674 1674 + "flags" : [] 1675 1675 + }, 1676 1676 + { 1677 1677 + "tcId" : 158, 1678 1678 + "comment" : "special case for E in multiplication by 2", 1679 1679 + "public" : "adc6799ed8495ed5ab6eb1ef955479b9b50aa9ce0c349e8992a6665572d1f811", 1680 1680 + "private" : "c8f7a0c0bfb1e9c72576c534f86854fbe4af521d4fa807f67e2440e100ec8852", 1681 1681 + "shared" : "2f350bcf0b40784d1d756c9ca3e38ec9dd68ba80faf1f9847de50779c0d4902a", 1682 1682 + "result" : "valid", 1683 1683 + "flags" : [] 1684 1684 + }, 1685 1685 + { 1686 1686 + "tcId" : 159, 1687 1687 + "comment" : "special case for E in multiplication by 2", 1688 1688 + "public" : "770f4218ef234f5e185466e32442c302bbec21bbb6cd28c979e783fe5013333f", 1689 1689 + "private" : "58181f581aa37022ff71c56c6e68e6175d967c5c995a249885f66565074ded4d", 1690 1690 + "shared" : "d5d650dc621072eca952e4344efc7320b2b1459aba48f5e2480db881c50cc650", 1691 1691 + "result" : "acceptable", 1692 1692 + "flags" : [ 1693 1693 + "Twist" 1694 1694 + ] 1695 1695 + }, 1696 1696 + { 1697 1697 + "tcId" : 160, 1698 1698 + "comment" : "special case for E in multiplication by 2", 1699 1699 + "public" : "5c6118c4c74cfb842d9a87449f9d8db8b992d46c5a9093ce2fcb7a49b535c451", 1700 1700 + "private" : "301c935cae4357070b0adaf9cd6192830b2c989c153729eed99f589eb45f884b", 1701 1701 + "shared" : "909cc57275d54f20c67b45f9af9484fd67581afb7d887bee1db5461f303ef257", 1702 1702 + "result" : "acceptable", 1703 1703 + "flags" : [ 1704 1704 + "Twist" 1705 1705 + ] 1706 1706 + }, 1707 1707 + { 1708 1708 + "tcId" : 161, 1709 1709 + "comment" : "special case for E in multiplication by 2", 1710 1710 + "public" : "4039866127b6a12a54914e106aab86464af55631f3cb61766d5999aa8d2e076e", 1711 1711 + "private" : "d002292d4359a3d42bc8767f1380009332e7a0df2f3379011ab78f789f6baa54", 1712 1712 + "shared" : "4a7e2c5caf1d8180eb1c4f22692f29a14b4cdc9b193bd1d16e2f27438eef1448", 1713 1713 + "result" : "valid", 1714 1714 + "flags" : [] 1715 1715 + }, 1716 1716 + { 1717 1717 + "tcId" : 162, 1718 1718 + "comment" : "special case for E in multiplication by 2", 1719 1719 + "public" : "078fa523498fb51cba1112d83b20af448b8009d8eea14368564d01b8f9b6086f", 1720 1720 + "private" : "d0c2c49e644ab738270707ff9917065942687e2f12886d961161db46c05b565f", 1721 1721 + "shared" : "c0ee59d3685fc2c3c803608b5ee39a7f8da30b48e4293ae011f0ea1e5aeb7173", 1722 1722 + "result" : "acceptable", 1723 1723 + "flags" : [ 1724 1724 + "Twist" 1725 1725 + ] 1726 1726 + }, 1727 1727 + { 1728 1728 + "tcId" : 163, 1729 1729 + "comment" : "special case for E in multiplication by 2", 1730 1730 + "public" : "9fc6799ed8495ed5ab6eb1ef955479b9b50aa9ce0c349e8992a6665572d1f871", 1731 1731 + "private" : "f087d38b274c1dad1bce6eaa36b48e2190b90b9bf8ca59669cc5e00464534342", 1732 1732 + "shared" : "b252bc8eabfaa68c56e54d61b99061a35d11e3a7b9bda417d90f69b1119bcf45", 1733 1733 + "result" : "valid", 1734 1734 + "flags" : [] 1735 1735 + }, 1736 1736 + { 1737 1737 + "tcId" : 164, 1738 1738 + "comment" : "special case for E in multiplication by 2", 1739 1739 + "public" : "7650f2c76858ea201da2022ac730ecc43654852ad209426dd5d048a9de2a667e", 1740 1740 + "private" : "48dbcc5a695f1514bbbaa6ad00842b69d9ae5216b1963add07fb2947c97b8447", 1741 1741 + "shared" : "fbda33bc930c08df837208e19afdc1cfe3fd0f8f0e3976be34775e58a4a7771f", 1742 1742 + "result" : "valid", 1743 1743 + "flags" : [] 1744 1744 + }, 1745 1745 + { 1746 1746 + "tcId" : 165, 1747 1747 + "comment" : "D = 0 in multiplication by 2", 1748 1748 + "public" : "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", 1749 1749 + "private" : "5891c9272cf9a197735b701e5715268d36d7436b7e351a3e997a0862e4807d4d", 1750 1750 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 1751 1751 + "result" : "acceptable", 1752 1752 + "flags" : [ 1753 1753 + "LowOrderPublic", 1754 1754 + "ZeroSharedSecret" 1755 1755 + ] 1756 1756 + }, 1757 1757 + { 1758 1758 + "tcId" : 166, 1759 1759 + "comment" : "D = 0 in multiplication by 2", 1760 1760 + "public" : "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", 1761 1761 + "private" : "c0f9c60aea73731d92ab5ed9f4cea122f9a6eb2577bda72f94948fea4d4cc65d", 1762 1762 + "shared" : "0000000000000000000000000000000000000000000000000000000000000000", 1763 1763 + "result" : "acceptable", 1764 1764 + "flags" : [ 1765 1765 + "LowOrderPublic", 1766 1766 + "ZeroSharedSecret" 1767 1767 + ] 1768 1768 + }, 1769 1769 + { 1770 1770 + "tcId" : 167, 1771 1771 + "comment" : "special case for DA - CB in multiplication by 2", 1772 1772 + "public" : "b0224e7134cf92d40a31515f2f0e89c2a2777e8ac2fe741db0dc39399fdf2702", 1773 1773 + "private" : "0066dd7674fe51f9326c1e239b875f8ac0701aae69a804c25fe43595e8660b45", 1774 1774 + "shared" : "8dacfe7beaaa62b94bf6e50ee5214d99ad7cda5a431ea0c62f2b20a89d73c62e", 1775 1775 + "result" : "acceptable", 1776 1776 + "flags" : [ 1777 1777 + "Twist" 1778 1778 + ] 1779 1779 + }, 1780 1780 + { 1781 1781 + "tcId" : 168, 1782 1782 + "comment" : "special case for DA - CB in multiplication by 2", 1783 1783 + "public" : "601e3febb848ec3e57fce64588aad82afc9c2af99bbcdffcc4cd58d4b3d15c07", 1784 1784 + "private" : "80067f30f40d61318b420c859fce128c9017ab81b47b76028a57bc30d5856846", 1785 1785 + "shared" : "20f1d3fe90e08bc6f152bf5dacc3ed35899785333f1470e6a62c3b8cbe28d260", 1786 1786 + "result" : "valid", 1787 1787 + "flags" : [] 1788 1788 + }, 1789 1789 + { 1790 1790 + "tcId" : 169, 1791 1791 + "comment" : "special case for DA - CB in multiplication by 2", 1792 1792 + "public" : "82a3807bbdec2fa9938fb4141e27dc57456606301f78ff7133cf24f3d13ee117", 1793 1793 + "private" : "584577669d21ce0ae3e30b02c9783ffe97709cbfe396889aa31e8ee43352dc52", 1794 1794 + "shared" : "2b28cc5140b816add5ad3a77a81b1c073d67bf51bf95bda2064a14eb12d5f766", 1795 1795 + "result" : "acceptable", 1796 1796 + "flags" : [ 1797 1797 + "Twist" 1798 1798 + ] 1799 1799 + }, 1800 1800 + { 1801 1801 + "tcId" : 170, 1802 1802 + "comment" : "special case for DA - CB in multiplication by 2", 1803 1803 + "public" : "f329ab2376462e5f3128a2682086253c19222ac1e2bca45692f0c3b528f4c428", 1804 1804 + "private" : "18e597a4e2ccdb5e8052d57c9009938c2d4c43d6d8c9f93c98727b7311035953", 1805 1805 + "shared" : "8392160083b9af9e0ef44fcfce53ba8ff7282ee7a6c71ab66f8843a55d09cd68", 1806 1806 + "result" : "valid", 1807 1807 + "flags" : [] 1808 1808 + }, 1809 1809 + { 1810 1810 + "tcId" : 171, 1811 1811 + "comment" : "special case for DA in multiplication by 2", 1812 1812 + "public" : "4fce3bb6c8aaf022dbd100e3cde3941b37d543f00401dba7da9bc143dfc55709", 1813 1813 + "private" : "88281cc51d5512d8814ea5249b879dcbad0323d38512dafbdc7ba85bba8c8d5d", 1814 1814 + "shared" : "42184e22c535530c457bd3b4f1084cbf5e297f502fe136b8d1daecf5334cc96c", 1815 1815 + "result" : "valid", 1816 1816 + "flags" : [] 1817 1817 + }, 1818 1818 + { 1819 1819 + "tcId" : 172, 1820 1820 + "comment" : "special case for DA in multiplication by 2", 1821 1821 + "public" : "15c68851c1db844b5a1ef3456a659f188854b1a75fbdb2f68f514c9289ce711f", 1822 1822 + "private" : "d0e795450df0a813c6573496ec5793ca02e1bdbad10ed08df83fdaed68b3385f", 1823 1823 + "shared" : "f654d78e5945b24bc63e3e6d790e0ae986e53937764068b1bce920e1d79b756f", 1824 1824 + "result" : "valid", 1825 1825 + "flags" : [] 1826 1826 + }, 1827 1827 + { 1828 1828 + "tcId" : 173, 1829 1829 + "comment" : "special case for DA in multiplication by 2", 1830 1830 + "public" : "4200a242434337b8914f49345301ed782b13594f9ede089c41fb1e7ea82c9053", 1831 1831 + "private" : "30b69a1cc1eb2d0b83ea213846e90a2c922088bdf294a6995bf6e6e77c646c41", 1832 1832 + "shared" : "cd8a09b04795edcc7061867373981aa748651ebdce5ec218a335b878cefe4872", 1833 1833 + "result" : "valid", 1834 1834 + "flags" : [] 1835 1835 + }, 1836 1836 + { 1837 1837 + "tcId" : 174, 1838 1838 + "comment" : "special case for DA in multiplication by 2", 1839 1839 + "public" : "baabf0174aaaea4de48cc83adfb0401461a741903ea6fb130d7d64b7bf03a966", 1840 1840 + "private" : "78b30bb63cd8ade71b7a77d426f4419d05f199ffef349e89faa9d9a5f21f6654", 1841 1841 + "shared" : "c9f8258f237db1c80702c5c4d9048dfba9dfe259da4aeee90dc2945526961275", 1842 1842 + "result" : "valid", 1843 1843 + "flags" : [] 1844 1844 + }, 1845 1845 + { 1846 1846 + "tcId" : 175, 1847 1847 + "comment" : "special case for x_2 in multiplication by 2", 1848 1848 + "public" : "f12f18bd59c126348f6a7a9f4a5fdd9fcaf581345073a851fba098e5d64b4a0c", 1849 1849 + "private" : "c0b386f4ef0d4698686404977e7b60cb6c1f8b6012a22e29d6224c5947439041", 1850 1850 + "shared" : "6600cbe900616a770a126b8b19156d5e27e1174bd538d0944eb3c0be4899c758", 1851 1851 + "result" : "valid", 1852 1852 + "flags" : [] 1853 1853 + }, 1854 1854 + { 1855 1855 + "tcId" : 176, 1856 1856 + "comment" : "special case for x_2 in multiplication by 2", 1857 1857 + "public" : "bee386527b772490aeb96fc4d23b9304037cb4430f64b228f3d8b3b498319f22", 1858 1858 + "private" : "9886602e719bacafea092bb75b51ae7258abe1a364c176857f3dc188c03e6759", 1859 1859 + "shared" : "3fe710d6344ff0cb342e52349e1c5b57b7a271f2a133bb5249bbe40dc86e1b40", 1860 1860 + "result" : "acceptable", 1861 1861 + "flags" : [ 1862 1862 + "Twist" 1863 1863 + ] 1864 1864 + }, 1865 1865 + { 1866 1866 + "tcId" : 177, 1867 1867 + "comment" : "special case for x_2 in multiplication by 2", 1868 1868 + "public" : "cf911ac91b0d944049cec66ae5ef0c4549d1e612e107c68e87263a2fbcf8323f", 1869 1869 + "private" : "b83960f5d0613cdaac6dda690351666e9f277bba6bd406b0e27a1886bb2d3e46", 1870 1870 + "shared" : "71373ebe67f39a2c230027c7db4b3b74bab80ed212b232679785ee10f47c304e", 1871 1871 + "result" : "valid", 1872 1872 + "flags" : [] 1873 1873 + }, 1874 1874 + { 1875 1875 + "tcId" : 178, 1876 1876 + "comment" : "special case for x_2 in multiplication by 2", 1877 1877 + "public" : "1e6ee536e4f26bbfb63139951a10f3bab62e19ed1ef8397178d9c5d04307cd40", 1878 1878 + "private" : "d03b75f09ac807dfd2ee352c04a1f25984720f785ffaa0af88bc5db6ff9c3453", 1879 1879 + "shared" : "238eef43c589822e1d3de41c1cc46dcfec7a93febf37c8546b6625e1a123815d", 1880 1880 + "result" : "valid", 1881 1881 + "flags" : [] 1882 1882 + }, 1883 1883 + { 1884 1884 + "tcId" : 179, 1885 1885 + "comment" : "special case for x_2 in multiplication by 2", 1886 1886 + "public" : "2f1c79ad8488db6f5146903b2dc46cfbfc834bbcf09b4dd70c274c4b67ce605d", 1887 1887 + "private" : "d036948c0ec223f0ee577e390dbf87222358ed199f2823345ad154bbc4cbcc47", 1888 1888 + "shared" : "87a79c9c231d3b9526b49bf3d683bf38c3c319af7c7c5d1456487398da535010", 1889 1889 + "result" : "valid", 1890 1890 + "flags" : [] 1891 1891 + }, 1892 1892 + { 1893 1893 + "tcId" : 180, 1894 1894 + "comment" : "special case for x_2 in multiplication by 2", 1895 1895 + "public" : "fccfe742a63ed9cb70958560b5a02260350a7ecbaf8c57ae045f671a29b4b573", 1896 1896 + "private" : "d054ded613febf2950ac5c927fcb120c387de0ba61b331cd33024c8b6e737048", 1897 1897 + "shared" : "d683ca6194452d878c12d7da35f22833f99728bba89931a51274f61210336a5f", 1898 1898 + "result" : "valid", 1899 1899 + "flags" : [] 1900 1900 + }, 1901 1901 + { 1902 1902 + "tcId" : 181, 1903 1903 + "comment" : "special case for AA in multiplication by 2", 1904 1904 + "public" : "cb3d4a90f86b3011da3369d9988597c7fff1499273b4a04f84d0e26ed1683c0d", 1905 1905 + "private" : "e82c480631fb153ba2211fe603032b3e71b162dbd3c11bec03208ffcd510655f", 1906 1906 + "shared" : "dbf6203516635840cf69a02db87cf0d95dae315da7fc1ec7ce2b29e1f2db6666", 1907 1907 + "result" : "acceptable", 1908 1908 + "flags" : [ 1909 1909 + "Twist" 1910 1910 + ] 1911 1911 + }, 1912 1912 + { 1913 1913 + "tcId" : 182, 1914 1914 + "comment" : "special case for AA in multiplication by 2", 1915 1915 + "public" : "101e13f7bc0570fa2638caa20a67c6e0c21dab132f4b456191590264c493d018", 1916 1916 + "private" : "c0c01d28c1cab01f59700aca5f18d2697658b37fdd54a339ff391c0a1a1b1645", 1917 1917 + "shared" : "1fe314744390d525278b1f5fbf108101b8ded587081375ed4ac4ac690d92414f", 1918 1918 + "result" : "acceptable", 1919 1919 + "flags" : [ 1920 1920 + "Twist" 1921 1921 + ] 1922 1922 + }, 1923 1923 + { 1924 1924 + "tcId" : 183, 1925 1925 + "comment" : "special case for AA in multiplication by 2", 1926 1926 + "public" : "dce1ec0843fa8f05d9c7355df598391f3de254ecd0b4ba9e6ea6fd9b3b6c2f67", 1927 1927 + "private" : "c82bde72df36479688c485a8bf442f4a34412e429c02db97704f03daf4dfd542", 1928 1928 + "shared" : "ad454395ee392be677be7b9cb914038d57d2d87ec56cc98678dd84f19920912b", 1929 1929 + "result" : "acceptable", 1930 1930 + "flags" : [ 1931 1931 + "Twist" 1932 1932 + ] 1933 1933 + }, 1934 1934 + { 1935 1935 + "tcId" : 184, 1936 1936 + "comment" : "special case for AA in multiplication by 2", 1937 1937 + "public" : "21c2b56f0794cfee25cc9626677a6838000eb66d8c4b5fb07b2f1d912e97c372", 1938 1938 + "private" : "503f697617fb02a7b8ef00ba34e7fc8ce93f9ec3e1cbfe4bf2c05bcee0cb9757", 1939 1939 + "shared" : "c6d6499255133398f9dd7f32525db977a538118800bfaf3aad8bcd26f02c3863", 1940 1940 + "result" : "valid", 1941 1941 + "flags" : [] 1942 1942 + }, 1943 1943 + { 1944 1944 + "tcId" : 185, 1945 1945 + "comment" : "special case for BB in multiplication by 2", 1946 1946 + "public" : "cc3d4a90f86b3011da3369d9988597c7fff1499273b4a04f84d0e26ed1683c0d", 1947 1947 + "private" : "58cd4ca1e4331188de2b2889419ce20ec5ef88a0e93af092099065551b904e41", 1948 1948 + "shared" : "0d74214da1344b111d59dfad3713eb56effe7c560c59cbbb99ec313962dbba58", 1949 1949 + "result" : "valid", 1950 1950 + "flags" : [] 1951 1951 + }, 1952 1952 + { 1953 1953 + "tcId" : 186, 1954 1954 + "comment" : "special case for BB in multiplication by 2", 1955 1955 + "public" : "111e13f7bc0570fa2638caa20a67c6e0c21dab132f4b456191590264c493d018", 1956 1956 + "private" : "004ea3448b84ca509efec5fcc24c63ee984def63b29deb9037894709709c0957", 1957 1957 + "shared" : "7b9dbf8d6c6d65898b518167bf4011d54ddc265d953c0743d7868e22d9909e67", 1958 1958 + "result" : "acceptable", 1959 1959 + "flags" : [ 1960 1960 + "Twist" 1961 1961 + ] 1962 1962 + }, 1963 1963 + { 1964 1964 + "tcId" : 187, 1965 1965 + "comment" : "special case for BB in multiplication by 2", 1966 1966 + "public" : "dde1ec0843fa8f05d9c7355df598391f3de254ecd0b4ba9e6ea6fd9b3b6c2f67", 1967 1967 + "private" : "c8a6eb00a4d74bbdff239522c3c891ed7ce1904be2a329cd0ae0061a253c9542", 1968 1968 + "shared" : "fb0e0209c5b9d51b401183d7e56a59081d37a62ab1e05753a0667eebd377fd39", 1969 1969 + "result" : "valid", 1970 1970 + "flags" : [] 1971 1971 + }, 1972 1972 + { 1973 1973 + "tcId" : 188, 1974 1974 + "comment" : "special case for BB in multiplication by 2", 1975 1975 + "public" : "22c2b56f0794cfee25cc9626677a6838000eb66d8c4b5fb07b2f1d912e97c372", 1976 1976 + "private" : "50322ff0d0dcdd6b14f307c04dfecefe5b7cdeaf92bffb919e9d62ed27079040", 1977 1977 + "shared" : "dbe7a1fe3b337c9720123e6fcc02cf96953a17dc9b395a2206cb1bf91d41756e", 1978 1978 + "result" : "valid", 1979 1979 + "flags" : [] 1980 1980 + }, 1981 1981 + { 1982 1982 + "tcId" : 189, 1983 1983 + "comment" : "special case for D in multiplication by 2", 1984 1984 + "public" : "e58baccede32bcf33b3b6e3d69c02af8284a9631de74b6af3f046a9369df040f", 1985 1985 + "private" : "e0328c7d188d98faf2ac72d728b7d14f2bbbd7a94d0fbd8e8f79abe0b1fe1055", 1986 1986 + "shared" : "97bd42093e0d48f973f059dd7ab9f97d13d5b0d5eedffdf6da3c3c432872c549", 1987 1987 + "result" : "valid", 1988 1988 + "flags" : [] 1989 1989 + }, 1990 1990 + { 1991 1991 + "tcId" : 190, 1992 1992 + "comment" : "special case for D in multiplication by 2", 1993 1993 + "public" : "c6d5c693fc0a4e2df6b290026860566a166b6d7aebe3c98828d492745c8df936", 1994 1994 + "private" : "5017679a17bd23adf95ad47e310fc6526f4ba9ca3b0839b53bd0d92839eb5b4f", 1995 1995 + "shared" : "99bcbc7b9aa5e25580f92bf589e95dae874b83e420225d8a93e18e96dac00b63", 1996 1996 + "result" : "valid", 1997 1997 + "flags" : [] 1998 1998 + }, 1999 1999 + { 2000 2000 + "tcId" : 191, 2001 2001 + "comment" : "special case for D in multiplication by 2", 2002 2002 + "public" : "d15f4bf2ef5c7bda4ee95196f3c0df710df5d3d206360fc3174ea75c3aa3a743", 2003 2003 + "private" : "2864aaf61c146df06cc256b065f66b34985cc015da5b1d647a6ed4e2c76bfc43", 2004 2004 + "shared" : "afa2adb52a670aa9c3ec3020d5fda285474ede5c4f4c30e9238b884a77969443", 2005 2005 + "result" : "valid", 2006 2006 + "flags" : [] 2007 2007 + }, 2008 2008 + { 2009 2009 + "tcId" : 192, 2010 2010 + "comment" : "special case for D in multiplication by 2", 2011 2011 + "public" : "6dffb0a25888bf23cf1ac701bfbdede8a18e323b9d4d3d31e516a05fce7ce872", 2012 2012 + "private" : "184a6cfbabcbd1507a2ea41f52796583dbdb851b88a85781ee8e3c28782c3349", 2013 2013 + "shared" : "e6a2fc8ed93ce3530178fef94bb0056f43118e5be3a6eabee7d2ed384a73800c", 2014 2014 + "result" : "acceptable", 2015 2015 + "flags" : [ 2016 2016 + "Twist" 2017 2017 + ] 2018 2018 + }, 2019 2019 + { 2020 2020 + "tcId" : 193, 2021 2021 + "comment" : "special case for D in multiplication by 2", 2022 2022 + "public" : "21f86d123c923a92aaf2563df94b5b5c93874f5b7ab9954aaa53e3d72f0ff67e", 2023 2023 + "private" : "c85f954b85bc102aca799671793452176538d077862ee45e0b253619767dff42", 2024 2024 + "shared" : "7fc28781631410c5a6f25c9cfd91ec0a848adb7a9eb40bc5b495d0f4753f2260", 2025 2025 + "result" : "acceptable", 2026 2026 + "flags" : [ 2027 2027 + "Twist" 2028 2028 + ] 2029 2029 + }, 2030 2030 + { 2031 2031 + "tcId" : 194, 2032 2032 + "comment" : "special case for D in multiplication by 2", 2033 2033 + "public" : "587c347c8cb249564ab77383de358cc2a19fe7370a8476d43091123598941c7f", 2034 2034 + "private" : "50e3e5a9a19be2ee3548b0964672fb5e3134cb0d2f7adf000e4556d0ffa37643", 2035 2035 + "shared" : "314d8a2b5c76cc7ee1217df2283b7e6724436e273aeb80628dce0600ab478a63", 2036 2036 + "result" : "valid", 2037 2037 + "flags" : [] 2038 2038 + }, 2039 2039 + { 2040 2040 + "tcId" : 195, 2041 2041 + "comment" : "special case for DA + CB in multiplication by 2", 2042 2042 + "public" : "f5c6311a1dd1b9e0f8cfd034ac6d01bf28d9d0f962a1934ae2cb97cb173dd810", 2043 2043 + "private" : "08ece580bb6ddf96559b81d7a97dd4531def6cc78d448a70cebabdd26caab146", 2044 2044 + "shared" : "2bfd8e5308c34498eb2b4daf9ed51cf623da3beaeb0efd3d687f2b8becbf3101", 2045 2045 + "result" : "valid", 2046 2046 + "flags" : [] 2047 2047 + }, 2048 2048 + { 2049 2049 + "tcId" : 196, 2050 2050 + "comment" : "special case for DA + CB in multiplication by 2", 2051 2051 + "public" : "9316c06d27b24abc673ffb5105c5b9a89bdfaa79e81cdbb89556074377c70320", 2052 2052 + "private" : "a886033e9dc2b6a913fffbc2bd402e8c11ec34d49c0dc0fa1429329b694a285f", 2053 2053 + "shared" : "d53c3d6f538c126b9336785d1d4e6935dc8b21f3d7e9c25bc240a03e39023363", 2054 2054 + "result" : "acceptable", 2055 2055 + "flags" : [ 2056 2056 + "Twist" 2057 2057 + ] 2058 2058 + }, 2059 2059 + { 2060 2060 + "tcId" : 197, 2061 2061 + "comment" : "special case for DA + CB in multiplication by 2", 2062 2062 + "public" : "8a4179807b07649e04f711bf9473a79993f84293e4a8b9afee44a22ef1000b21", 2063 2063 + "private" : "98b1cc2020a8ec575d5c46c76024cf7c7ad7628eb909730bc4f460aaf0e6da4b", 2064 2064 + "shared" : "4531881ad9cf011693ddf02842fbdab86d71e27680e9b4b3f93b4cf15e737e50", 2065 2065 + "result" : "acceptable", 2066 2066 + "flags" : [ 2067 2067 + "Twist" 2068 2068 + ] 2069 2069 + }, 2070 2070 + { 2071 2071 + "tcId" : 198, 2072 2072 + "comment" : "special case for DA + CB in multiplication by 2", 2073 2073 + "public" : "a773277ae1029f854749137b0f3a02b5b3560b9c4ca4dbdeb3125ec896b81841", 2074 2074 + "private" : "c8e193de162aa349a3432c7a0c0521d92cbc5e3bf82615e42955dd67ec12345f", 2075 2075 + "shared" : "7ba4d3de697aa11addf3911e93c94b7e943beff3e3b1b56b7de4461f9e48be6b", 2076 2076 + "result" : "acceptable", 2077 2077 + "flags" : [ 2078 2078 + "Twist" 2079 2079 + ] 2080 2080 + }, 2081 2081 + { 2082 2082 + "tcId" : 199, 2083 2083 + "comment" : "special case for DA + CB in multiplication by 2", 2084 2084 + "public" : "1eceb2b3763231bc3c99dc62266a09ab5d3661c756524cddc5aabcedee92da61", 2085 2085 + "private" : "88e01237b336014075676082afbde51d595d47e1fa5214b51a351abbf6491442", 2086 2086 + "shared" : "bcf0884052f912a63bbab8c5c674b91c4989ae051fa07fcf30cb5317fb1f2e72", 2087 2087 + "result" : "acceptable", 2088 2088 + "flags" : [ 2089 2089 + "Twist" 2090 2090 + ] 2091 2091 + }, 2092 2092 + { 2093 2093 + "tcId" : 200, 2094 2094 + "comment" : "special case for DA + CB in multiplication by 2", 2095 2095 + "public" : "9a2acbb3b5a386a6102e3728be3a97de03981d5c71fd2d954604bee3d3d0ce62", 2096 2096 + "private" : "e82313e451a198dce4ae95c6832a8281d847fc87b28db00fe43757c16cc49c4a", 2097 2097 + "shared" : "e5772a92b103ee696a999705cf07110c460f0545682db3fac5d875d69648bc68", 2098 2098 + "result" : "acceptable", 2099 2099 + "flags" : [ 2100 2100 + "Twist" 2101 2101 + ] 2102 2102 + }, 2103 2103 + { 2104 2104 + "tcId" : 201, 2105 2105 + "comment" : "special case for DA + CB in multiplication by 2", 2106 2106 + "public" : "27430e1c2d3089708bca56d7a5ad03792828d47685b6131e023dd0808716b863", 2107 2107 + "private" : "2828594d16768e586df39601ecc86d3fad6389d872b53fca3edcaf6fb958f653", 2108 2108 + "shared" : "378c29e3be97a21b9f81afca0d0f5c242fd4f896114f77a77155d06ce5fbfa5e", 2109 2109 + "result" : "acceptable", 2110 2110 + "flags" : [ 2111 2111 + "Twist" 2112 2112 + ] 2113 2113 + }, 2114 2114 + { 2115 2115 + "tcId" : 202, 2116 2116 + "comment" : "special case for z_2 in multiplication by 2", 2117 2117 + "public" : "4ef367901aac8ba90a50e0cf86ca4e4a3ff164fb121605be346e2e48d04ac912", 2118 2118 + "private" : "a84f488e193139f986b0e5b249635b137d385e420342aef1f194fcde1fe5e850", 2119 2119 + "shared" : "7eb48a60b14fb9ea5728f6410aef627d1522fad481b934af64e2c483b64d585f", 2120 2120 + "result" : "valid", 2121 2121 + "flags" : [] 2122 2122 + }, 2123 2123 + { 2124 2124 + "tcId" : 203, 2125 2125 + "comment" : "special case for z_2 in multiplication by 2", 2126 2126 + "public" : "d1de303c4ddd05d57c29df92ad172dd8c8f424e63ec93445beaea44f9d124b17", 2127 2127 + "private" : "30fd2a781e095c34a483907b3dd2d8bd2736e279617bfa6b8b4e0e1cf90fbd46", 2128 2128 + "shared" : "b71bdbed78023a06deed1c182e14c98f7cf46bc627a4a2c102ad23c41cf32454", 2129 2129 + "result" : "valid", 2130 2130 + "flags" : [] 2131 2131 + }, 2132 2132 + { 2133 2133 + "tcId" : 204, 2134 2134 + "comment" : "special case for z_2 in multiplication by 2", 2135 2135 + "public" : "5bccd739fd7517d9344bf6b2b0f19a1e0c38d9349a25ad1f94af4a2cdcf5e837", 2136 2136 + "private" : "28312e17b47dd32d90561168245187963c7469a31c881e4a5c94384262b71959", 2137 2137 + "shared" : "5bb56877caf2cdac98611b60367fbb74265984614e5e73996e8ea1bd6f749f1a", 2138 2138 + "result" : "valid", 2139 2139 + "flags" : [] 2140 2140 + }, 2141 2141 + { 2142 2142 + "tcId" : 205, 2143 2143 + "comment" : "special case for z_2 in multiplication by 2", 2144 2144 + "public" : "8a7a939310df7ea768454df51bcd0dfbd7be4fcbb2ffc98429d913ec6911f337", 2145 2145 + "private" : "a87640cf8237b473c638b3e9df08644e8607e563b5964363ccc42133b2996742", 2146 2146 + "shared" : "b568ed46d04f6291f8c176dca8aff6d221de4c9cce4b404d5401fbe70a324501", 2147 2147 + "result" : "acceptable", 2148 2148 + "flags" : [ 2149 2149 + "Twist" 2150 2150 + ] 2151 2151 + }, 2152 2152 + { 2153 2153 + "tcId" : 206, 2154 2154 + "comment" : "special case for z_2 in multiplication by 2", 2155 2155 + "public" : "fe3590fc382da7a82e28d07fafe40d4afc91183a4536e3e6b550fee84a4b7b4b", 2156 2156 + "private" : "780c5b882720d85e5ddfaf1033e9a1385df9e21689eeda4dcc7444ad28330a50", 2157 2157 + "shared" : "11fb44e810bce8536a957eaa56e02d04dd866700298f13b04ebeb48e20d93647", 2158 2158 + "result" : "acceptable", 2159 2159 + "flags" : [ 2160 2160 + "Twist" 2161 2161 + ] 2162 2162 + }, 2163 2163 + { 2164 2164 + "tcId" : 207, 2165 2165 + "comment" : "special case for z_2 in multiplication by 2", 2166 2166 + "public" : "fad9ab3e803b49fc81b27ee69db6fc9fdb82e35453b59ef8fab2a3beb5e1134c", 2167 2167 + "private" : "209e5e0ae1994bd859ce8992b62ec3a66df2eb50232bcc3a3d27b6614f6b014d", 2168 2168 + "shared" : "85d9db8f182bc68db67de3471f786b45b1619aec0f32b108ace30ee7b2624305", 2169 2169 + "result" : "acceptable", 2170 2170 + "flags" : [ 2171 2171 + "Twist" 2172 2172 + ] 2173 2173 + }, 2174 2174 + { 2175 2175 + "tcId" : 208, 2176 2176 + "comment" : "special case for z_2 in multiplication by 2", 2177 2177 + "public" : "98bed955f1516c7a442751ac590046d7d52ca64f76df82be09d32e5d33b49073", 2178 2178 + "private" : "806d1dee5ff6aea84a848916991a89ef3625583e1bd4ae0b3dd25c2524a4ff46", 2179 2179 + "shared" : "61d4ef71cbe7be3128be829ab26ed3463eb4ab25937c309788e876b23412aa7c", 2180 2180 + "result" : "valid", 2181 2181 + "flags" : [] 2182 2182 + }, 2183 2183 + { 2184 2184 + "tcId" : 209, 2185 2185 + "comment" : "special case for z_2 in multiplication by 2", 2186 2186 + "public" : "e59be4917b3f05b6fc8748c9b90f1b910273c9c6e17ff96ef415ff3d927d987e", 2187 2187 + "private" : "00f98b02ae0df5274cc899f526eb1b877289e0963440a57dd97e414cdd2f7c51", 2188 2188 + "shared" : "5ba4394ed1a664811b01557944becf7585652a8acbdbf806742911207bd79346", 2189 2189 + "result" : "valid", 2190 2190 + "flags" : [] 2191 2191 + }, 2192 2192 + { 2193 2193 + "tcId" : 210, 2194 2194 + "comment" : "special case for A in multiplication by 2", 2195 2195 + "public" : "8c9885a26cb334054700a270f7a5f4aac06bad8263b651ebf0712eca1ebb6416", 2196 2196 + "private" : "d86c18f2be396b3bb72f22e6ece22e273af6e1506a1c09ad4d01bdd2f439f843", 2197 2197 + "shared" : "a5952588613eb7a5cd49dd526f1f20a4f0ffe9423e82cea302c2dd90ce559955", 2198 2198 + "result" : "acceptable", 2199 2199 + "flags" : [ 2200 2200 + "Twist" 2201 2201 + ] 2202 2202 + }, 2203 2203 + { 2204 2204 + "tcId" : 211, 2205 2205 + "comment" : "special case for A in multiplication by 2", 2206 2206 + "public" : "f6135fe9741c2c9de7dcf7627ef08832f351cb325dbb3a26f93a2b48620e1727", 2207 2207 + "private" : "f81aadb9053eb698996d0f781d9cda67f82ddefa3987d276ff5a94ffdf5d255f", 2208 2208 + "shared" : "cb6fb623084b6197443ec9ba1050c0923332e5e829ae0194269cfaf920a43601", 2209 2209 + "result" : "acceptable", 2210 2210 + "flags" : [ 2211 2211 + "Twist" 2212 2212 + ] 2213 2213 + }, 2214 2214 + { 2215 2215 + "tcId" : 212, 2216 2216 + "comment" : "special case for A in multiplication by 2", 2217 2217 + "public" : "f6ffffffffffffffffffffffffffffbfffffffffffffffffffffffffffffff3f", 2218 2218 + "private" : "305b4db4321b4923fc559bf91df677d0e12c3a31b16ec655cb708b759d7c114d", 2219 2219 + "shared" : "9e526079c2fcf12426ae6c2a54b5ffb70f2ec662e29ea5ce0c8385c3b21cd162", 2220 2220 + "result" : "valid", 2221 2221 + "flags" : [] 2222 2222 + }, 2223 2223 + { 2224 2224 + "tcId" : 213, 2225 2225 + "comment" : "special case for A in multiplication by 2", 2226 2226 + "public" : "f6ffffffffffffffffffffffffffff3f00000000000000000000000000000040", 2227 2227 + "private" : "900638d1979802db9b52e4dd84fa19579f61cd7bef3c0b62fcccaeaa15fa484d", 2228 2228 + "shared" : "6329c7dc2318ec36153ef4f6f91bc6e7d1e008f5293065d9586ab88abb58f241", 2229 2229 + "result" : "valid", 2230 2230 + "flags" : [] 2231 2231 + }, 2232 2232 + { 2233 2233 + "tcId" : 214, 2234 2234 + "comment" : "special case for A in multiplication by 2", 2235 2235 + "public" : "f6eba0168be3d3621823089d810f77cd0cae34cda244c5d906c5d4b79df1e858", 2236 2236 + "private" : "38575cf7c8691ecc79cd5f8d7d4703aa48592ff6e7f64731c2d98a19aeae514f", 2237 2237 + "shared" : "603f4fc410081f880944e0e13d56fc542a430eec813fad302b7c5ac380576f1c", 2238 2238 + "result" : "valid", 2239 2239 + "flags" : [] 2240 2240 + }, 2241 2241 + { 2242 2242 + "tcId" : 215, 2243 2243 + "comment" : "special case for A in multiplication by 2", 2244 2244 + "public" : "60677a5d934ccbfab8ff5d8f085a0b553f94527d9c49ae140f8ed135e1449b69", 2245 2245 + "private" : "e88bd02c7016547a24f428bc2a9dcccad6c6f880c17bffcf66fc68459627af4e", 2246 2246 + "shared" : "834bbad5470e1498c4b0148782dfe630e8bfadff1997de802ac8ce302a1bda28", 2247 2247 + "result" : "acceptable", 2248 2248 + "flags" : [ 2249 2249 + "Twist" 2250 2250 + ] 2251 2251 + }, 2252 2252 + { 2253 2253 + "tcId" : 216, 2254 2254 + "comment" : "special case for B in multiplication by 2", 2255 2255 + "public" : "8d9885a26cb334054700a270f7a5f4aac06bad8263b651ebf0712eca1ebb6416", 2256 2256 + "private" : "9036ed7d68f7448ac440dc51216b49840dcabd3d5e32e3b4ffc32a5fe9e96742", 2257 2257 + "shared" : "ec9070ad3491a5ff50d7d0db6c9c844783dde1c6fbd4fe163e9ade1ce9cd041d", 2258 2258 + "result" : "acceptable", 2259 2259 + "flags" : [ 2260 2260 + "Twist" 2261 2261 + ] 2262 2262 + }, 2263 2263 + { 2264 2264 + "tcId" : 217, 2265 2265 + "comment" : "special case for B in multiplication by 2", 2266 2266 + "public" : "f7135fe9741c2c9de7dcf7627ef08832f351cb325dbb3a26f93a2b48620e1727", 2267 2267 + "private" : "90c55e77aa0fe4afb1287109fd010f526364dea18d88e2fd870ac01b66e3fa4e", 2268 2268 + "shared" : "dc6d05b92edcdb5dc334b1fc3dff58fe5b24a5c5f0b2d4311555d0fc945d7759", 2269 2269 + "result" : "acceptable", 2270 2270 + "flags" : [ 2271 2271 + "Twist" 2272 2272 + ] 2273 2273 + }, 2274 2274 + { 2275 2275 + "tcId" : 218, 2276 2276 + "comment" : "special case for B in multiplication by 2", 2277 2277 + "public" : "f7ffffffffffffffffffffffffffffbfffffffffffffffffffffffffffffff3f", 2278 2278 + "private" : "a021ba2fd4e3ad57bcbf204d6f6c3e8018d8978552633b6dff1b7447bf529459", 2279 2279 + "shared" : "1b174b189981d81bc6887932083e8488df8bbbed57f9214c9cfa59d59b572359", 2280 2280 + "result" : "valid", 2281 2281 + "flags" : [] 2282 2282 + }, 2283 2283 + { 2284 2284 + "tcId" : 219, 2285 2285 + "comment" : "special case for B in multiplication by 2", 2286 2286 + "public" : "f7ffffffffffffffffffffffffffff3f00000000000000000000000000000040", 2287 2287 + "private" : "3035083e984837587f6b7346af871bf3fc9581c50eb55c83aefabeed68cee349", 2288 2288 + "shared" : "15a052148abaad1b0f2e7481a34edb61403589439b5bd5e5646cecebe2a1be2b", 2289 2289 + "result" : "valid", 2290 2290 + "flags" : [] 2291 2291 + }, 2292 2292 + { 2293 2293 + "tcId" : 220, 2294 2294 + "comment" : "special case for B in multiplication by 2", 2295 2295 + "public" : "f7eba0168be3d3621823089d810f77cd0cae34cda244c5d906c5d4b79df1e858", 2296 2296 + "private" : "30435ce187f2723f9a3bdea0eef892207e152e4cee8985fa72d2db4147bd2a53", 2297 2297 + "shared" : "1d048cbe2f8df07c233a8f93706f307d17130c2497fb752eeaa31fe3edfc725a", 2298 2298 + "result" : "valid", 2299 2299 + "flags" : [] 2300 2300 + }, 2301 2301 + { 2302 2302 + "tcId" : 221, 2303 2303 + "comment" : "special case for B in multiplication by 2", 2304 2304 + "public" : "61677a5d934ccbfab8ff5d8f085a0b553f94527d9c49ae140f8ed135e1449b69", 2305 2305 + "private" : "580f0a9bba7281a30fb033490e0f429f22e3f267852caeacefa3e5291f0e614e", 2306 2306 + "shared" : "cb92a98b6aa99ac9e3c5750cea6f0846b0181faa5992845b798923d419e82756", 2307 2307 + "result" : "acceptable", 2308 2308 + "flags" : [ 2309 2309 + "Twist" 2310 2310 + ] 2311 2311 + }, 2312 2312 + { 2313 2313 + "tcId" : 222, 2314 2314 + "comment" : "special case for C in multiplication by 2", 2315 2315 + "public" : "c8239b710136fe431fb4d98436157e47c9e78a10f09ff92e98baff159926061c", 2316 2316 + "private" : "709098feb2e25c67b4bfd3be0a01af409adb6da52b3fbe3d970642dd2c983856", 2317 2317 + "shared" : "f1bd12d9d32c6f4c5b2dcb3a5c52d9fd454d52ca704c2c137956ec8ad9aef107", 2318 2318 + "result" : "acceptable", 2319 2319 + "flags" : [ 2320 2320 + "Twist" 2321 2321 + ] 2322 2322 + }, 2323 2323 + { 2324 2324 + "tcId" : 223, 2325 2325 + "comment" : "special case for C in multiplication by 2", 2326 2326 + "public" : "b7a2f79e0de9b58147691b5546d9ec463da8325e1440e58bb20aa129d1b97327", 2327 2327 + "private" : "185ac62e729f88528950926c0de7c481c924bf9cf26a122f443b861e8b6af640", 2328 2328 + "shared" : "e6f1c494c9e4bd2325c17183e82d31ab0bbee6c847d4b0e4a99c7c6891117c3f", 2329 2329 + "result" : "valid", 2330 2330 + "flags" : [] 2331 2331 + }, 2332 2332 + { 2333 2333 + "tcId" : 224, 2334 2334 + "comment" : "special case for C in multiplication by 2", 2335 2335 + "public" : "2dc624e1663f42a7b9336350f277541b50b8ddc7ee0d86133ad53273aed4e62e", 2336 2336 + "private" : "f03743eead7c2f7719794324f271072817d1a04cbda42b232f3bee43f397cc40", 2337 2337 + "shared" : "aa2a12edf752d279bdb000fb1405a5df8c5f1d41309b4f2bd41aed7ac1ed0149", 2338 2338 + "result" : "valid", 2339 2339 + "flags" : [] 2340 2340 + }, 2341 2341 + { 2342 2342 + "tcId" : 225, 2343 2343 + "comment" : "special case for C in multiplication by 2", 2344 2344 + "public" : "0e5eceee9104a64f82c9093b9bf7b4076ee5bc70815af7ee9f942ef015756176", 2345 2345 + "private" : "a8fbb4f90da45794981405d59ef310621e3c3b6b7760b5e30308c7822c88ae5f", 2346 2346 + "shared" : "74d5606ba0b6ad1d8ba36ae6f264d6315f479b3984de573e9b001e0555247c32", 2347 2347 + "result" : "valid", 2348 2348 + "flags" : [] 2349 2349 + }, 2350 2350 + { 2351 2351 + "tcId" : 226, 2352 2352 + "comment" : "special case for CB in multiplication by 2", 2353 2353 + "public" : "737d45477e2beb77a6c38b98e2a19b05c395df7da998cb91f6dfab5819614f27", 2354 2354 + "private" : "c887886fd07107c7221f6d9dd36c305ec779ceca132ac933ff77dab2beac6345", 2355 2355 + "shared" : "8cf4538ae5f445cc6d273df4ad300a45d7bb2f6e373a562440f1b37773904e32", 2356 2356 + "result" : "acceptable", 2357 2357 + "flags" : [ 2358 2358 + "Twist" 2359 2359 + ] 2360 2360 + }, 2361 2361 + { 2362 2362 + "tcId" : 227, 2363 2363 + "comment" : "special case for CB in multiplication by 2", 2364 2364 + "public" : "873f8b260ea9d9ddac08b7b030727bf0072315ab54075ecc393a37a975882b7e", 2365 2365 + "private" : "58096ee29361978f630ad1fb00c1267c5a901f99c502f9569b933ad0dcce0f50", 2366 2366 + "shared" : "d5766753211d9968de4ac2559998f22ef44e8aa879f3328cbc46aa858dcb433c", 2367 2367 + "result" : "valid", 2368 2368 + "flags" : [] 2369 2369 + }, 2370 2370 + { 2371 2371 + "tcId" : 228, 2372 2372 + "comment" : "special case for CB in multiplication by 2", 2373 2373 + "public" : "75e1587c5eefc83715d71020aa6be5347bb9ec9d91ce5b28a9bbb74c92ef407e", 2374 2374 + "private" : "0829a49046dce2c07ab28440dbad146453e128960e85dd2e6a69a1512873dd44", 2375 2375 + "shared" : "761d8cecf13f93b379a772e5fac5b9ffe996cad9af06152580afe87ff9651c71", 2376 2376 + "result" : "valid", 2377 2377 + "flags" : [] 2378 2378 + }, 2379 2379 + { 2380 2380 + "tcId" : 229, 2381 2381 + "comment" : "special case for x_2 in multiplication by 3", 2382 2382 + "public" : "f85a06065ea2527238fc5ec1b75ead9262e6b1aed61feff83b91230aeb4b7d01", 2383 2383 + "private" : "587ac36b9a23594632679adea1a826f2f62d79738220fb487464039f36ca2372", 2384 2384 + "shared" : "f12acd36f6299a4d192c03aa4efeea7df51e2d15d763172e68accf7bc6f5c230", 2385 2385 + "result" : "acceptable", 2386 2386 + "flags" : [ 2387 2387 + "Twist" 2388 2388 + ] 2389 2389 + }, 2390 2390 + { 2391 2391 + "tcId" : 230, 2392 2392 + "comment" : "special case for x_2 in multiplication by 3", 2393 2393 + "public" : "6e0f1d00b1099d2a71f7be86655feb8988bba5577b02f964043a49f00c749613", 2394 2394 + "private" : "a8a442b7c0a99227b4cb5c75fb9e5a72cea25eba8a0bdf07271bb4a93c2b6665", 2395 2395 + "shared" : "b2bbbd173f41d952d329251da973a9500300628177ad0fb79d01e2e263905b38", 2396 2396 + "result" : "valid", 2397 2397 + "flags" : [] 2398 2398 + }, 2399 2399 + { 2400 2400 + "tcId" : 231, 2401 2401 + "comment" : "special case for x_2 in multiplication by 3", 2402 2402 + "public" : "696757ced3097fa960c8390a09e8bd6d390dbde8d1fa170261f3422edc192929", 2403 2403 + "private" : "d8f7233e9612c00c9dca2c751ec1d3f5f67bad77c2e714a20e71eb3f220a6671", 2404 2404 + "shared" : "45ecfa275f1daa25d3fadf33cdf89a152afea25eae37e68e00b30c367789887a", 2405 2405 + "result" : "acceptable", 2406 2406 + "flags" : [ 2407 2407 + "Twist" 2408 2408 + ] 2409 2409 + }, 2410 2410 + { 2411 2411 + "tcId" : 232, 2412 2412 + "comment" : "special case for x_2 in multiplication by 3", 2413 2413 + "public" : "fd84b3f2fbfa16aebf40c27f46e18d77bafa0c7971bedde4909212e771bd3c35", 2414 2414 + "private" : "d80c7c7557c9907e1b11e844bf1369cba669bc38e9b7b253e51f239bda322374", 2415 2415 + "shared" : "595e144e07bbe65b38e0e4163d02ad75a65e422e74067db35c90dfa6e055d456", 2416 2416 + "result" : "acceptable", 2417 2417 + "flags" : [ 2418 2418 + "Twist" 2419 2419 + ] 2420 2420 + }, 2421 2421 + { 2422 2422 + "tcId" : 233, 2423 2423 + "comment" : "special case for x_2 in multiplication by 3", 2424 2424 + "public" : "805485703ccfc4a221ef281267f52b61cebc879f0f13b1e5f521c17352a0784f", 2425 2425 + "private" : "8002a85115ad7b41c50f84f35fac750ee8e19734807102830ff6a306beed4464", 2426 2426 + "shared" : "226e16a279ac81e268437eb3e09e07406324cb72a9d4ee58e4cf009147497201", 2427 2427 + "result" : "acceptable", 2428 2428 + "flags" : [ 2429 2429 + "Twist" 2430 2430 + ] 2431 2431 + }, 2432 2432 + { 2433 2433 + "tcId" : 234, 2434 2434 + "comment" : "special case for x_2 in multiplication by 3", 2435 2435 + "public" : "80642a3279da6bf5fc13db14a569c7089db014225cfcae7dff5a0d25ecc9235b", 2436 2436 + "private" : "782db0c8e3e68f106fe0c56415e0bd13d812dea0e94cbd18bdf6761295613a6d", 2437 2437 + "shared" : "790d09b1726d210957ce8f65869ca1ec8fa0b2b06b6bcf9483b3eb55e49e9272", 2438 2438 + "result" : "acceptable", 2439 2439 + "flags" : [ 2440 2440 + "Twist" 2441 2441 + ] 2442 2442 + }, 2443 2443 + { 2444 2444 + "tcId" : 235, 2445 2445 + "comment" : "special case for z_2 in multiplication by 3", 2446 2446 + "public" : "84e827f78cae0cf063e4340198f788c284e07430b3a94a3873df38b1f872ce02", 2447 2447 + "private" : "909fb0bdbf53a69a2fe39c8b2497abd4fa57d2d54e046b5f514595e2c0f33d63", 2448 2448 + "shared" : "684cc83af806bcd9cd251e1858f3c10f0166e0a0cd2be154339a886b13e7c76f", 2449 2449 + "result" : "valid", 2450 2450 + "flags" : [] 2451 2451 + }, 2452 2452 + { 2453 2453 + "tcId" : 236, 2454 2454 + "comment" : "special case for z_2 in multiplication by 3", 2455 2455 + "public" : "d445e1df0083bb6b8e886e6632251807171d4e88c41816fc684373c09d7e5d6e", 2456 2456 + "private" : "78a67909757248665f79371eb014825ab6bd4af3571f140389c636e004bcf46b", 2457 2457 + "shared" : "e426e4a3c54d3e77f4f157301e0ac7d9e12337a2b58df16780041cf6d6198c5a", 2458 2458 + "result" : "valid", 2459 2459 + "flags" : [] 2460 2460 + }, 2461 2461 + { 2462 2462 + "tcId" : 237, 2463 2463 + "comment" : "special case for z_2 in multiplication by 3", 2464 2464 + "public" : "f26aa6151a4b22390176f6233e742f40f2ecd5137166fb2e1ec9b2f2454ac277", 2465 2465 + "private" : "286a302d5b076d2aba7c2a4daf9e7cc9d8539b7c0391307db65a2f4220d30f70", 2466 2466 + "shared" : "862df92e25277bd94f9af2e1dda51f905a6e2a3f6068a92fabfc6c53da21ec11", 2467 2467 + "result" : "acceptable", 2468 2468 + "flags" : [ 2469 2469 + "Twist" 2470 2470 + ] 2471 2471 + }, 2472 2472 + { 2473 2473 + "tcId" : 238, 2474 2474 + "comment" : "special case for DA - CB in multiplication by 3", 2475 2475 + "public" : "2b02db3c82477fe21aa7a94d85df379f571c8449b43cbd0605d0acc53c472f05", 2476 2476 + "private" : "a838b70d17161cb38222f7bc69a3c8576032d580275b3b7d63fba08908cb4879", 2477 2477 + "shared" : "3f438dbf03947995c99fd4cb366ca7e00e8cfbce64c3039c26d9fad00fa49c70", 2478 2478 + "result" : "valid", 2479 2479 + "flags" : [] 2480 2480 + }, 2481 2481 + { 2482 2482 + "tcId" : 239, 2483 2483 + "comment" : "special case for DA - CB in multiplication by 3", 2484 2484 + "public" : "d71dd7db122330c9bbaab5da6cf1f6e1c25345ee6a66b17512b1804ace287359", 2485 2485 + "private" : "b0733b4203267ab3c94c506acadb949a76cc600486fcd601478fcdef79c29d6c", 2486 2486 + "shared" : "95f3f1849b0a070184e6077c92ae36ba3324bf1441168b89bb4b9167edd67308", 2487 2487 + "result" : "acceptable", 2488 2488 + "flags" : [ 2489 2489 + "Twist" 2490 2490 + ] 2491 2491 + }, 2492 2492 + { 2493 2493 + "tcId" : 240, 2494 2494 + "comment" : "special case for BB in multiplication by 3", 2495 2495 + "public" : "737bc07de0729bbcfbee3a08e696f97f3770577e4b01ec108f59caf46406d205", 2496 2496 + "private" : "d844a36b58aefdb08b981796029a2766101884b348f70eed947c2541064caf6a", 2497 2497 + "shared" : "6a969af6d236aba08fa83160f699e9ed76fb6355f0662f03dbc5915a3c23063e", 2498 2498 + "result" : "acceptable", 2499 2499 + "flags" : [ 2500 2500 + "Twist" 2501 2501 + ] 2502 2502 + }, 2503 2503 + { 2504 2504 + "tcId" : 241, 2505 2505 + "comment" : "special case for BB in multiplication by 3", 2506 2506 + "public" : "9758061a7b3e2c02fb5c20875ae6b55b11fb6795990a0f4fdcd1147be5521607", 2507 2507 + "private" : "a0b7d312d9b832e124d1bc8cb21db545440e3cf14e7473ee9ccbe9b682f2156c", 2508 2508 + "shared" : "ab39db4aa29ac4017c7446f1ad0c7daa9a37f1b6b4f2e9d2902ccefb84839d28", 2509 2509 + "result" : "valid", 2510 2510 + "flags" : [] 2511 2511 + }, 2512 2512 + { 2513 2513 + "tcId" : 242, 2514 2514 + "comment" : "special case for BB in multiplication by 3", 2515 2515 + "public" : "37cd65d33036205f3449e8655a50d4b0c86fec02100b4f2db7da92dcf5e3aa0a", 2516 2516 + "private" : "787f1ddd78cc6473d3e63949409ad3f35bfe0ce0738f255dee682f2bfbc80f7f", 2517 2517 + "shared" : "13de41659e3e308d6e26c94282fcc3e0364ddf0809ddee6c8e7abb5091b02b00", 2518 2518 + "result" : "acceptable", 2519 2519 + "flags" : [ 2520 2520 + "Twist" 2521 2521 + ] 2522 2522 + }, 2523 2523 + { 2524 2524 + "tcId" : 243, 2525 2525 + "comment" : "special case for BB in multiplication by 3", 2526 2526 + "public" : "a9b6e8081460383adc587c8f91a02c59a7a35576ca62436ccd1b5fef1b92545d", 2527 2527 + "private" : "4080ae60a85c1fa95aad9beabd98b405e7f28141bf08f2c9a4fdbde1c5680265", 2528 2528 + "shared" : "69ed8a0a27812ae6741474bd5c6a4e683a126649f7245aa0f91a3a384bcde25a", 2529 2529 + "result" : "acceptable", 2530 2530 + "flags" : [ 2531 2531 + "Twist" 2532 2532 + ] 2533 2533 + }, 2534 2534 + { 2535 2535 + "tcId" : 244, 2536 2536 + "comment" : "special case for E in multiplication by 3", 2537 2537 + "public" : "fd1a2cd17a93f850deb8c45a2d34539232dfd8a558304209781c6cb58229870e", 2538 2538 + "private" : "08f9f4a4fac4db413315f74a59818b2452fc7b7685592e26556775f9b86d907f", 2539 2539 + "shared" : "010218bd67b1b92fee3e7fa4578c13617d73195de10279747e53ba01a254525a", 2540 2540 + "result" : "valid", 2541 2541 + "flags" : [] 2542 2542 + }, 2543 2543 + { 2544 2544 + "tcId" : 245, 2545 2545 + "comment" : "special case for E in multiplication by 3", 2546 2546 + "public" : "b88119e5ae6d9e6b912d52524739e612ef19ab7e5dd3d946cb9bc003c378f81f", 2547 2547 + "private" : "1888cfae3085867657b09435c42b74cc762457839451a3659db218d4214fdd63", 2548 2548 + "shared" : "e6b298de9cb6358fbbb00f11890f5714a3858e8f05a2a8d1cf39fe78cc55dd4e", 2549 2549 + "result" : "valid", 2550 2550 + "flags" : [] 2551 2551 + }, 2552 2552 + { 2553 2553 + "tcId" : 246, 2554 2554 + "comment" : "special case for E in multiplication by 3", 2555 2555 + "public" : "7b70e29dce0479cde4a36c7f9786582f104bc0788f046b48af495e67bdb88f36", 2556 2556 + "private" : "789ce13ed007818d7a5181e629eed944a20a058cfe39669c9831bfa5215a1269", 2557 2557 + "shared" : "967bbe298494b4a5f95853cfde9dc85970b2a4b5dd2c92782901e853957f5809", 2558 2558 + "result" : "valid", 2559 2559 + "flags" : [] 2560 2560 + }, 2561 2561 + { 2562 2562 + "tcId" : 247, 2563 2563 + "comment" : "special case for E in multiplication by 3", 2564 2564 + "public" : "2a209e2ace0e3d6973ffbf7403f9857ff97a5fdcd27f2c7098b444fc3c166738", 2565 2565 + "private" : "00022b43775ab2f4b91bc1cb54c97f78026289eaaf02abeed04ca84f736c686c", 2566 2566 + "shared" : "9f66848681d534e52b659946ea2c92d2fabed43fe6e69032c11153db43dca75b", 2567 2567 + "result" : "acceptable", 2568 2568 + "flags" : [ 2569 2569 + "Twist" 2570 2570 + ] 2571 2571 + }, 2572 2572 + { 2573 2573 + "tcId" : 248, 2574 2574 + "comment" : "special case for E in multiplication by 3", 2575 2575 + "public" : "f50709aca7f314e8d05b5ff97a427e427bd5e85c4e86712125076a771be21448", 2576 2576 + "private" : "8097a52fc562e8a516682f5363cc5e7c88e9c78e308df0deef40497b35cc127d", 2577 2577 + "shared" : "ea7572e27a9120de1f13b85710ba69a3471b7b3f5d12bc430c12c4bbf8aa3957", 2578 2578 + "result" : "valid", 2579 2579 + "flags" : [] 2580 2580 + }, 2581 2581 + { 2582 2582 + "tcId" : 249, 2583 2583 + "comment" : "special case for E in multiplication by 3", 2584 2584 + "public" : "0f13955978b93d7b9f9a2e70d96df922850a8ffd8412e236fb074aef99d37d54", 2585 2585 + "private" : "4028802030d8a8221a7160eebbf1846116c1c253abc467d6e43cb850f1459860", 2586 2586 + "shared" : "e23d63a46be67c7443c07b9371ff6a06afcd7a5794bf2537926074b88190307a", 2587 2587 + "result" : "valid", 2588 2588 + "flags" : [] 2589 2589 + }, 2590 2590 + { 2591 2591 + "tcId" : 250, 2592 2592 + "comment" : "special case for E in multiplication by 3", 2593 2593 + "public" : "18ffe992a729ce70c3b7cdc55bab55f2210d279134b3082a9f682d3a0b131273", 2594 2594 + "private" : "d8515d45c7ab2b9529816543150068b8e4bb614cf2b68a8a99363975af503d74", 2595 2595 + "shared" : "33ccaf24e1e26290ed7e462093e9f77607ef52a0626b2cd2511c41cd24c13849", 2596 2596 + "result" : "valid", 2597 2597 + "flags" : [] 2598 2598 + }, 2599 2599 + { 2600 2600 + "tcId" : 251, 2601 2601 + "comment" : "special case for AA in multiplication by 3", 2602 2602 + "public" : "c3ba28057728d0533965ec34979fe7bd93cf6cb644e8da038baa87997b8dc20e", 2603 2603 + "private" : "d8815bd144518fa526befdd373f5f9cff254d5d3c4660e8a90ef2a22c6876a74", 2604 2604 + "shared" : "74f95b4700f0185f33c5b5528ed5012a3363f8bbd6f6a840aa1f0f3bdb7c9650", 2605 2605 + "result" : "acceptable", 2606 2606 + "flags" : [ 2607 2607 + "Twist" 2608 2608 + ] 2609 2609 + }, 2610 2610 + { 2611 2611 + "tcId" : 252, 2612 2612 + "comment" : "special case for AA in multiplication by 3", 2613 2613 + "public" : "4eb095a86d1e781bb182233075ebf1db109d57135bf91d54fdb18eb371427640", 2614 2614 + "private" : "a82d996093eefdaf283f4049bba4f5af6ecc2e64894f325ee1f9ca1e156d0567", 2615 2615 + "shared" : "e9677b854851c41cc489e03981ae78690be6cbf0054ea9834759de3e27bcf03e", 2616 2616 + "result" : "valid", 2617 2617 + "flags" : [] 2618 2618 + }, 2619 2619 + { 2620 2620 + "tcId" : 253, 2621 2621 + "comment" : "special case for AA in multiplication by 3", 2622 2622 + "public" : "83f67d7c92b11c8fb072484642a01f43deb022b54d94a4015e39849a2e2e9555", 2623 2623 + "private" : "c02609df3d5436c123dcd7ee11f23f1da321666c09f379d37914203340510861", 2624 2624 + "shared" : "f148716ebe7269a7076f0cf1f22b6978d3c7e3607b0bcc87a8c7a85b9fd20c2f", 2625 2625 + "result" : "acceptable", 2626 2626 + "flags" : [ 2627 2627 + "Twist" 2628 2628 + ] 2629 2629 + }, 2630 2630 + { 2631 2631 + "tcId" : 254, 2632 2632 + "comment" : "special case for AA in multiplication by 3", 2633 2633 + "public" : "20cc75d376d8453b9d049c84f58eafcf61126c08a03661e735f0a8be228fd466", 2634 2634 + "private" : "a0e3b78c0f3be2a760b2c916f244df219624fdda2e9e31b15328f4a77690296a", 2635 2635 + "shared" : "1d5c123e88e9dc7a3b16ec90b60578dfca7e11eab9b88c6eca7bc33d91fde83b", 2636 2636 + "result" : "valid", 2637 2637 + "flags" : [] 2638 2638 + }, 2639 2639 + { 2640 2640 + "tcId" : 255, 2641 2641 + "comment" : "special case for AA in multiplication by 3", 2642 2642 + "public" : "ef31b43d19c0a5434deb56129c16298a394a7032a2e52cb997476bdeca325b73", 2643 2643 + "private" : "701f130a290584cb28c7d6539506a1a054f926a17ef7c568ae43047c05e10f60", 2644 2644 + "shared" : "2fc065ba8f5040a0a659f6f7330554bd1b9d7c893b91e316e0af90c37af4f135", 2645 2645 + "result" : "valid", 2646 2646 + "flags" : [] 2647 2647 + }, 2648 2648 + { 2649 2649 + "tcId" : 256, 2650 2650 + "comment" : "special case for AA in multiplication by 3", 2651 2651 + "public" : "d8c8e2c6f33a98525df3767d1d04430dab0bda41f1f904c95bc61cc122caca74", 2652 2652 + "private" : "d0e67f68183a4c1aed9c56864b36278bb7bb75d57a78321bc7c24ff61636607a", 2653 2653 + "shared" : "ef7612c156078dae3a81e50ef33951cab661fb07731d8f419bc0105c4d6d6050", 2654 2654 + "result" : "acceptable", 2655 2655 + "flags" : [ 2656 2656 + "Twist" 2657 2657 + ] 2658 2658 + }, 2659 2659 + { 2660 2660 + "tcId" : 257, 2661 2661 + "comment" : "special case for AA in multiplication by 3", 2662 2662 + "public" : "1833619516b80db0c05b225509e6698df028d83b66ed6bac6f0f6308970d2c7d", 2663 2663 + "private" : "88eb7775dacc32b045ceb35f261b3616315efa98b780e08c79d544edadb5467d", 2664 2664 + "shared" : "a3cf3d81ec56896a68fca0da6335171d0c622568738c0db26fe117033726a049", 2665 2665 + "result" : "acceptable", 2666 2666 + "flags" : [ 2667 2667 + "Twist" 2668 2668 + ] 2669 2669 + }, 2670 2670 + { 2671 2671 + "tcId" : 258, 2672 2672 + "comment" : "special case for AA in multiplication by 3", 2673 2673 + "public" : "e2e989aad2397fc34b6cbe2db27d5ab69b28048383c91d9e8226d548253fab7e", 2674 2674 + "private" : "7055b1c0576e7ab6c89fcc1ce49e79c8c371bf9fc2b22b8f8396a9b64c5ae26d", 2675 2675 + "shared" : "e7f45823a45b6a46192b37d73e8609b5bda68cd7cfbdccaa49082080993e640f", 2676 2676 + "result" : "valid", 2677 2677 + "flags" : [] 2678 2678 + }, 2679 2679 + { 2680 2680 + "tcId" : 259, 2681 2681 + "comment" : "special case for D in multiplication by 4", 2682 2682 + "public" : "b9bd793624d6a7e808486110058853edb25e136bd4d6a795d6d2ef53b25e3804", 2683 2683 + "private" : "906a9bfcfd71014d18967680d4509eaa41c666424af98bf9ff7ff49eb1baba41", 2684 2684 + "shared" : "7c6148134c9e8b2ba5daeca41e6a1f3a82d8f75d0b292b23c40fe7f5ce0a2b7a", 2685 2685 + "result" : "acceptable", 2686 2686 + "flags" : [ 2687 2687 + "Twist" 2688 2688 + ] 2689 2689 + }, 2690 2690 + { 2691 2691 + "tcId" : 260, 2692 2692 + "comment" : "special case for D in multiplication by 4", 2693 2693 + "public" : "e3f444e208da9043f3f74c20e28d7f404bb687a346709abcd555156f88607820", 2694 2694 + "private" : "28392b1b035a8465aa22aabb571061c6effeed40cc2530b628e4fd40395ae04a", 2695 2695 + "shared" : "ea5e772bac4693ce69ea3ac761011fa7674037653a433c7f05456e7291cd3c4e", 2696 2696 + "result" : "acceptable", 2697 2697 + "flags" : [ 2698 2698 + "Twist" 2699 2699 + ] 2700 2700 + }, 2701 2701 + { 2702 2702 + "tcId" : 261, 2703 2703 + "comment" : "special case for D in multiplication by 4", 2704 2704 + "public" : "87b43f90f76d12fb3a469fa8687c27e369d4a82f95cf95e8dc3970de8f86d92b", 2705 2705 + "private" : "78cbb35204cc88676c14e0ff18171392e998411b23d905d4c4dceab70511f442", 2706 2706 + "shared" : "81c395aed5cc5f5e2a206a8a4cacecd501df5b81e49433835ad8a3779edffb30", 2707 2707 + "result" : "acceptable", 2708 2708 + "flags" : [ 2709 2709 + "Twist" 2710 2710 + ] 2711 2711 + }, 2712 2712 + { 2713 2713 + "tcId" : 262, 2714 2714 + "comment" : "special case for D in multiplication by 4", 2715 2715 + "public" : "86441ea06c5cd2a34c6b51261e93a2f30ea7db0f74e14c42f0fc443c6735973c", 2716 2716 + "private" : "a8225b49ef7b7330e3de787cbc40479644db7ab126370295c94189673430d745", 2717 2717 + "shared" : "513eba5870dc5187e2552fe3ba8292b516d2af9ecb9a9bdc51eac2ce2de40112", 2718 2718 + "result" : "acceptable", 2719 2719 + "flags" : [ 2720 2720 + "Twist" 2721 2721 + ] 2722 2722 + }, 2723 2723 + { 2724 2724 + "tcId" : 263, 2725 2725 + "comment" : "special case for D in multiplication by 4", 2726 2726 + "public" : "4624aa4ae9d12725bf92b85f93e3e8cea16b7bd83fda0eb18fab2dbe0e8bf742", 2727 2727 + "private" : "0841e1a5c7420b94b6cc6991316ebdd608626339c09d0f67b24088588b9d0d49", 2728 2728 + "shared" : "983b7e236ffaddb4b759b7353fe87846f59fb6f28a3ed65c256176b6609b7c6e", 2729 2729 + "result" : "acceptable", 2730 2730 + "flags" : [ 2731 2731 + "Twist" 2732 2732 + ] 2733 2733 + }, 2734 2734 + { 2735 2735 + "tcId" : 264, 2736 2736 + "comment" : "special case for D in multiplication by 4", 2737 2737 + "public" : "a625a5b7a04cea462d123b485c39ea44a8079aa223c59e9ca97abcd30b500e4b", 2738 2738 + "private" : "08ecf76e31a23039ea8a15ee474b6251a9d725bff1a5751eb5ecde9d7d4e2f49", 2739 2739 + "shared" : "c941369b085c7465d50d23ceaf6717ab06e24638f217a7b8055ce8ebd3ca1225", 2740 2740 + "result" : "valid", 2741 2741 + "flags" : [] 2742 2742 + }, 2743 2743 + { 2744 2744 + "tcId" : 265, 2745 2745 + "comment" : "special case for D in multiplication by 4", 2746 2746 + "public" : "8a5f2063f259f3317ae3e0b459f82c4677666e49a2eb9bf0369aee663631265b", 2747 2747 + "private" : "6038fb0a830d1001ca8ea74a613ea98f6ab8512644e55e8d45a29071bd4bef45", 2748 2748 + "shared" : "a3f7e169db44d0d179c242e66347364ab92744dc6ad80e4775aef7f4ff9d5f34", 2749 2749 + "result" : "acceptable", 2750 2750 + "flags" : [ 2751 2751 + "Twist" 2752 2752 + ] 2753 2753 + }, 2754 2754 + { 2755 2755 + "tcId" : 266, 2756 2756 + "comment" : "special case for D in multiplication by 4", 2757 2757 + "public" : "54cfb6ad0d03e3115acafee12606397f2bb46a8c5f326a255c494118aead3b62", 2758 2758 + "private" : "c04cf129f0b33332e2654f8e45225c042d7fa6cbc793c88bd4c731985289b045", 2759 2759 + "shared" : "401aabfbb73fe6694c446ecfffb43006427a9d4756e049a1ffc79578d62f1660", 2760 2760 + "result" : "acceptable", 2761 2761 + "flags" : [ 2762 2762 + "Twist" 2763 2763 + ] 2764 2764 + }, 2765 2765 + { 2766 2766 + "tcId" : 267, 2767 2767 + "comment" : "special case for E in multiplication by 4", 2768 2768 + "public" : "0ee3bee8cb3a0afcec22fa2233706e8ec29ccf1af212c0a674745ebba34f9d08", 2769 2769 + "private" : "3806b036c92d7bc0771998d24dbda2945b601d42449bd3ec4bbf3757d01b894d", 2770 2770 + "shared" : "20322dd024fb5a40f327cf7c00da203734c2a279b9666a9ff7d8527c927b675e", 2771 2771 + "result" : "valid", 2772 2772 + "flags" : [] 2773 2773 + }, 2774 2774 + { 2775 2775 + "tcId" : 268, 2776 2776 + "comment" : "special case for E in multiplication by 4", 2777 2777 + "public" : "797ec7512afbf0ad918d0e4947903be95234f3abf36750a8f854888d117b774e", 2778 2778 + "private" : "380d9056b5a2f4b3dffb30e6ceb722ac4684245f1befafb5661bc8c7a9ad4c43", 2779 2779 + "shared" : "46152d59c2d2f3ecf03ce652d2b6978d401d5ede4570a6c911771bdcfb37cd41", 2780 2780 + "result" : "valid", 2781 2781 + "flags" : [] 2782 2782 + }, 2783 2783 + { 2784 2784 + "tcId" : 269, 2785 2785 + "comment" : "special case for E in multiplication by 4", 2786 2786 + "public" : "d570c7810f69e502b355253afa7c667bfa5060d90dc86e358ab445f6381e415d", 2787 2787 + "private" : "384929a42c8d8df146db9508e2f21a4e8cd4d99c1b1338df17a457e88afb0043", 2788 2788 + "shared" : "37567f7ec0449c7b823cf7b0e219e9dd880e56a1464d0417a9e67eff42332866", 2789 2789 + "result" : "valid", 2790 2790 + "flags" : [] 2791 2791 + }, 2792 2792 + { 2793 2793 + "tcId" : 270, 2794 2794 + "comment" : "special case for E in multiplication by 4", 2795 2795 + "public" : "2c611cb94448f1c7822425a4cf5356236b90a555b1ed4747820ba7f739c8f57d", 2796 2796 + "private" : "48a986825b2680e2f2547ba75a9599b04ed57f8ed18d98e7099c544efbdf284b", 2797 2797 + "shared" : "fbf6587ec181116cf1ace7dcd548029d69c130e50fcf6ad5dfcd25c23ee9f939", 2798 2798 + "result" : "valid", 2799 2799 + "flags" : [] 2800 2800 + }, 2801 2801 + { 2802 2802 + "tcId" : 271, 2803 2803 + "comment" : "special case for B in multiplication by 4", 2804 2804 + "public" : "e559c417da7fd5851352f508b90031d49b5d2d0aac88a9c8b5fb6e80165ac10b", 2805 2805 + "private" : "98452ad7df4e26bc4b3d403f9ebf72bb2d7b6b7d5860dbf6fb9a4f78dc02704a", 2806 2806 + "shared" : "c7c6f6d7ce1e4f54c727e5900686c34e6a6953254bd470bbbf0c7c18bbddad73", 2807 2807 + "result" : "acceptable", 2808 2808 + "flags" : [ 2809 2809 + "Twist" 2810 2810 + ] 2811 2811 + }, 2812 2812 + { 2813 2813 + "tcId" : 272, 2814 2814 + "comment" : "special case for B in multiplication by 4", 2815 2815 + "public" : "746d97e7774292a3d703f604e79d8764c99a6a2fe280eaa9811115f5e038f21a", 2816 2816 + "private" : "a8dbc9be5034ed7fe7f469264f2135e9c67cd30f525570d2d841e4bdeac52349", 2817 2817 + "shared" : "cf7d2a66ea4dfed94469b2d343533ff302a576f8402ed2187904437038e54665", 2818 2818 + "result" : "acceptable", 2819 2819 + "flags" : [ 2820 2820 + "Twist" 2821 2821 + ] 2822 2822 + }, 2823 2823 + { 2824 2824 + "tcId" : 273, 2825 2825 + "comment" : "special case for B in multiplication by 4", 2826 2826 + "public" : "1f354aa8ffc4eae2b40dad2ebf830db3feb07e2a1a2da39e55df87c8c613de1d", 2827 2827 + "private" : "f8d26878dff25ced02d3b27ce74002695bb879b3c4328930934315ecae842b47", 2828 2828 + "shared" : "b204d3bbcbdc624f9f1a743fa3daa8f4c8785ed088d37d08cd13c601170a461b", 2829 2829 + "result" : "valid", 2830 2830 + "flags" : [] 2831 2831 + }, 2832 2832 + { 2833 2833 + "tcId" : 274, 2834 2834 + "comment" : "special case for B in multiplication by 4", 2835 2835 + "public" : "9c3f0023e1a4832586af2483bbec64ce9f06f3ea806d4019a5e4abb1b5627029", 2836 2836 + "private" : "d0f5e9c43c95b1ffc36f832b943601d5e17647f7d78e2e7710ace63ff274d447", 2837 2837 + "shared" : "b9f21465615f39dddcc37520ce9b956f7de9883ac93a870d74e388b8e1775463", 2838 2838 + "result" : "acceptable", 2839 2839 + "flags" : [ 2840 2840 + "Twist" 2841 2841 + ] 2842 2842 + }, 2843 2843 + { 2844 2844 + "tcId" : 275, 2845 2845 + "comment" : "special case for B in multiplication by 4", 2846 2846 + "public" : "d05656aa014d476022dfc55e8d3b4884ed0bdf85209be8b55351394d52be684b", 2847 2847 + "private" : "700679e8c24df828f2e5212a3263d5e93ea61679988298bab3b480f46f961a48", 2848 2848 + "shared" : "20f1fc613874495f20562c10b7a8be47bfc12c168d829d6321aa2de17060e40d", 2849 2849 + "result" : "valid", 2850 2850 + "flags" : [] 2851 2851 + }, 2852 2852 + { 2853 2853 + "tcId" : 276, 2854 2854 + "comment" : "special case for B in multiplication by 4", 2855 2855 + "public" : "c4a19b8686e18c29359aa548427f06a368d55a8737483d4893523adac6795a4c", 2856 2856 + "private" : "d0d077c9461f747e5660be85cc620428b4cefe805de0fd254adaa465ea5e784f", 2857 2857 + "shared" : "652b18ffd41cfb7d1f0b6dc79baa3b2a392ef1617f5cf6259b5b4ff065916a16", 2858 2858 + "result" : "acceptable", 2859 2859 + "flags" : [ 2860 2860 + "Twist" 2861 2861 + ] 2862 2862 + }, 2863 2863 + { 2864 2864 + "tcId" : 277, 2865 2865 + "comment" : "special case for B in multiplication by 4", 2866 2866 + "public" : "4989de79853ff35be8c9f92fc94674feef38a0e65788471c521f8e259adf015d", 2867 2867 + "private" : "00711ac08ef88c3d43a3cbda67b6fe5f34f54723dbe6d725c8a3569070ab9a4e", 2868 2868 + "shared" : "679825c259392d86f8edb15328d4faf52300779d979a503a76e27be3d7a85e03", 2869 2869 + "result" : "valid", 2870 2870 + "flags" : [] 2871 2871 + }, 2872 2872 + { 2873 2873 + "tcId" : 278, 2874 2874 + "comment" : "special case for B in multiplication by 4", 2875 2875 + "public" : "a981483cb0ea4385ffbb552826c3dd110d4ae89ff52ed0cd6018f99d3387987b", 2876 2876 + "private" : "989a75b40451139ec36ca6aa043765c61a18be323a5987fcb025c2dad8d4bd40", 2877 2877 + "shared" : "9cadc14ac153fa383ef66d1833f589100dff90523272e32b06e2c6f1f4424040", 2878 2878 + "result" : "valid", 2879 2879 + "flags" : [] 2880 2880 + }, 2881 2881 + { 2882 2882 + "tcId" : 279, 2883 2883 + "comment" : "special case for BB in multiplication by 4", 2884 2884 + "public" : "1df3dfdab74ff38177dac294b2da2f49a348bc3b3bc6ce9312bea5ef3ecdd30b", 2885 2885 + "private" : "90c3cfedd919a2ccd51fb455649e3ad2da1ef0ff619b59a7f9c55a68a8219645", 2886 2886 + "shared" : "bcc95fb4890ed311f3fb4f44c2b60866cdddec97db820a7f79f475337e16284a", 2887 2887 + "result" : "acceptable", 2888 2888 + "flags" : [ 2889 2889 + "Twist" 2890 2890 + ] 2891 2891 + }, 2892 2892 + { 2893 2893 + "tcId" : 280, 2894 2894 + "comment" : "special case for BB in multiplication by 4", 2895 2895 + "public" : "fc6b718ba8b47d24b1cfd6b5d0dd8b20fd920960fabc302dbe4f93bd2a06e933", 2896 2896 + "private" : "e8fef5c9b60f84984e8836d535acb372096ba8159824a0b49a17eccda843bd41", 2897 2897 + "shared" : "06f1b495b04a0010845c9d39b13bf2784ade860d9632c8847618c0b34297c249", 2898 2898 + "result" : "valid", 2899 2899 + "flags" : [] 2900 2900 + }, 2901 2901 + { 2902 2902 + "tcId" : 281, 2903 2903 + "comment" : "special case for BB in multiplication by 4", 2904 2904 + "public" : "b279b6c065f95c7040f148bcb4a3d310e34bdb005931a879be469573deedd041", 2905 2905 + "private" : "c0e05bde7727db4e352b5e7f035327b4d86a42d513ca116e22d64a4ede56434a", 2906 2906 + "shared" : "cce7bb644df94501421db49d15e821c7b0aaabecdf8837ab989b1f23bac08f35", 2907 2907 + "result" : "acceptable", 2908 2908 + "flags" : [ 2909 2909 + "Twist" 2910 2910 + ] 2911 2911 + }, 2912 2912 + { 2913 2913 + "tcId" : 282, 2914 2914 + "comment" : "special case for BB in multiplication by 4", 2915 2915 + "public" : "98e2cd4c10554e41b0a3e41082c8b6b61b55447d26c0aa97f9a06baeeb54b55b", 2916 2916 + "private" : "d87308bf753573f596ac8330b204014b2152dbdfc9881a0d9975058582bdf646", 2917 2917 + "shared" : "71fdd3405c30805701ae4dfad98c493aecfcf2e3b563e7068373c1b19137c268", 2918 2918 + "result" : "valid", 2919 2919 + "flags" : [] 2920 2920 + }, 2921 2921 + { 2922 2922 + "tcId" : 283, 2923 2923 + "comment" : "special case for BB in multiplication by 4", 2924 2924 + "public" : "872897f1bd1885da08b9d03e46811044fbb04186ba30c806f38b94ebdc27186a", 2925 2925 + "private" : "d80059a8a387e16f6ded6e7e980e806d1f78b470bb61103d0ca70623ccee8b4f", 2926 2926 + "shared" : "bf280aeecb74ab34e1310aa6fe8dc972f94dc40c7f88b72137ccfe34ed343c13", 2927 2927 + "result" : "acceptable", 2928 2928 + "flags" : [ 2929 2929 + "Twist" 2930 2930 + ] 2931 2931 + }, 2932 2932 + { 2933 2933 + "tcId" : 284, 2934 2934 + "comment" : "special case for x_2 in multiplication by 4", 2935 2935 + "public" : "c08f72760d9cb4a542aad6e2af777920c44563bd90356168c3608c6b9af2ef0f", 2936 2936 + "private" : "b0a4fe63515169bd82639b515ff7e5c4ac85bba0a53bbaca80477eb3b4250d44", 2937 2937 + "shared" : "72566a91ccd2bcf38cf639e4a5fcb296f0b67de192c6091242a62fae467fb635", 2938 2938 + "result" : "acceptable", 2939 2939 + "flags" : [ 2940 2940 + "Twist" 2941 2941 + ] 2942 2942 + }, 2943 2943 + { 2944 2944 + "tcId" : 285, 2945 2945 + "comment" : "special case for x_2 in multiplication by 4", 2946 2946 + "public" : "4f03849c24d584534d74302220cfdc90e1bc360bb5e297c0fd0fd5f8d799e416", 2947 2947 + "private" : "984256b12ef154ff6c2e1d030826164cba3614e3df7688d82b59e16201c9114d", 2948 2948 + "shared" : "24acb4afa63919621df795206c3929b599ec9d253693895d51a0555072e89a34", 2949 2949 + "result" : "valid", 2950 2950 + "flags" : [] 2951 2951 + }, 2952 2952 + { 2953 2953 + "tcId" : 286, 2954 2954 + "comment" : "special case for x_2 in multiplication by 4", 2955 2955 + "public" : "4959771a931e242d5713d5cb76f33310c6a283df16645604289553809cda6518", 2956 2956 + "private" : "6847141d5d4377af96a2a647c642ee81600fe48d3467e3a70f3ee312bb621742", 2957 2957 + "shared" : "5ba2112a41b5bb381f202446fa9f23c54d2de149f9ad233753417263840ea432", 2958 2958 + "result" : "acceptable", 2959 2959 + "flags" : [ 2960 2960 + "Twist" 2961 2961 + ] 2962 2962 + }, 2963 2963 + { 2964 2964 + "tcId" : 287, 2965 2965 + "comment" : "special case for x_2 in multiplication by 4", 2966 2966 + "public" : "f6fe690cf547049635bb3a7785537b4379c9ee06b46120493b8bdb152e09c81d", 2967 2967 + "private" : "e85f1164e2ab6faf62667c74b03ce529b49a0e2041b1ac0fa242e522d2b7694c", 2968 2968 + "shared" : "a87c9fdf40c409b9edab481b2cc69687ee1ab92e340c3db0107d40b5de6e7a20", 2969 2969 + "result" : "acceptable", 2970 2970 + "flags" : [ 2971 2971 + "Twist" 2972 2972 + ] 2973 2973 + }, 2974 2974 + { 2975 2975 + "tcId" : 288, 2976 2976 + "comment" : "special case for x_2 in multiplication by 4", 2977 2977 + "public" : "b468681a1275850c11d37ec736af939a75a7098514e04cfc1c6ca78239a88426", 2978 2978 + "private" : "281e1bbfa711de69921a64c5d2183c338db5504606ce2b6b4ce1cdd54b41e14a", 2979 2979 + "shared" : "3be98798f01e71639f3cb8fd4a17bf273e10c67f8974dd9802eed59d847d4020", 2980 2980 + "result" : "acceptable", 2981 2981 + "flags" : [ 2982 2982 + "Twist" 2983 2983 + ] 2984 2984 + }, 2985 2985 + { 2986 2986 + "tcId" : 289, 2987 2987 + "comment" : "special case for x_2 in multiplication by 4", 2988 2988 + "public" : "2d71e8457099e3f445f9e2a14f18b0f5914bb35f482f9c069b64bf63710d4228", 2989 2989 + "private" : "20aacf1902b3cd609d7ee15cc96453cc22e2899d7d17852680f2a728bac6dc4a", 2990 2990 + "shared" : "338c9917dbf11a0cabe8ad4a65959229bc00f99c211e752b20b8b49b87756d0b", 2991 2991 + "result" : "valid", 2992 2992 + "flags" : [] 2993 2993 + }, 2994 2994 + { 2995 2995 + "tcId" : 290, 2996 2996 + "comment" : "special case for x_2 in multiplication by 4", 2997 2997 + "public" : "fa8f24e944de5d003746d4630350c0f4f6175a3269c19184824105398fbdd329", 2998 2998 + "private" : "009e8e9fa993804dce94cecb96b1de2568245a97059e4d7ae116ecdb1badd141", 2999 2999 + "shared" : "56e2bfc7f6ab7da8fc734afc515e57d0794d002434f9bc8e18bd0b72c0df3c4a", 3000 3000 + "result" : "acceptable", 3001 3001 + "flags" : [ 3002 3002 + "Twist" 3003 3003 + ] 3004 3004 + }, 3005 3005 + { 3006 3006 + "tcId" : 291, 3007 3007 + "comment" : "special case for x_2 in multiplication by 4", 3008 3008 + "public" : "ae4e37ef53c79e25e8275a60f2fc1dfc277ebc5d3b88428c6432c3f98494212c", 3009 3009 + "private" : "f01574643f231ffac055bd235ee74dd416b94c8e55a2ab2b4d13a8b788d90148", 3010 3010 + "shared" : "17fa1276d9fd5025172736449a1c0ae33512e5037014a18db5903e47bb3bc950", 3011 3011 + "result" : "acceptable", 3012 3012 + "flags" : [ 3013 3013 + "Twist" 3014 3014 + ] 3015 3015 + }, 3016 3016 + { 3017 3017 + "tcId" : 292, 3018 3018 + "comment" : "special case for x_2 in multiplication by 4", 3019 3019 + "public" : "95e56a830792478f7c42504043a9cab8e2eebff5fd90983709e29e03c0a41b64", 3020 3020 + "private" : "3800a42659954281ca266d7cf1ea9db6d79891a406a70f9e84c3570a6a12d24e", 3021 3021 + "shared" : "167a3b2fdce9413c89ee892daf9f839a2eea80ea8044924035db1724a5b0217c", 3022 3022 + "result" : "valid", 3023 3023 + "flags" : [] 3024 3024 + }, 3025 3025 + { 3026 3026 + "tcId" : 293, 3027 3027 + "comment" : "special case for x_2 in multiplication by 4", 3028 3028 + "public" : "5f16aa7ccabf4da6b686bd28c7460e106bb1b97a823792527765c29a9ad8fc71", 3029 3029 + "private" : "70a826b186962218dbafca113319daefb5ddf3cf14e15fe3faadc4c0a2e46648", 3030 3030 + "shared" : "30a4ba793f2dffe1700c61428b4d84b5fcd0aa99a23b903f84a48eca5cc9fb0a", 3031 3031 + "result" : "acceptable", 3032 3032 + "flags" : [ 3033 3033 + "Twist" 3034 3034 + ] 3035 3035 + }, 3036 3036 + { 3037 3037 + "tcId" : 294, 3038 3038 + "comment" : "special case for DA + CB in multiplication by 4", 3039 3039 + "public" : "47fb78111805a11982a3d6c5d83e8e189e7fcc462c9abf805d3625be7a6eac11", 3040 3040 + "private" : "a85a5eda0a269500b3ab0b58495fc254c2691028ac533494b5f86d44e9dc654c", 3041 3041 + "shared" : "2bf9ab750bd58ff6f877b783eda45a71a65cc9b7c037fcfef4cb5f4c8842f529", 3042 3042 + "result" : "valid", 3043 3043 + "flags" : [] 3044 3044 + }, 3045 3045 + { 3046 3046 + "tcId" : 295, 3047 3047 + "comment" : "special case for DA + CB in multiplication by 4", 3048 3048 + "public" : "03b8ca5efd1777d6d625a945db52b81f11214daf015d09fdc9df7d47b9850e31", 3049 3049 + "private" : "183f28ec867624ef5eca4827ed0714a5525ef21d5e35038b24d307a3391a2846", 3050 3050 + "shared" : "35e9289234bd5e531da65d161a065a14f785076088d741c9a2d886efd7d17921", 3051 3051 + "result" : "valid", 3052 3052 + "flags" : [] 3053 3053 + }, 3054 3054 + { 3055 3055 + "tcId" : 296, 3056 3056 + "comment" : "special case for DA + CB in multiplication by 4", 3057 3057 + "public" : "4eca5f8731b0fa0c106acf578b83a350fa8173a290f1eba803956de34eeb7671", 3058 3058 + "private" : "888c6444ff5eb482b2b10bd4e8a01bdccb65f32934d8026106f16a91349f484c", 3059 3059 + "shared" : "833afb867054b8b9ac70d6013c163e8b7676fd45ae49a1325f3acb75975d8c13", 3060 3060 + "result" : "acceptable", 3061 3061 + "flags" : [ 3062 3062 + "Twist" 3063 3063 + ] 3064 3064 + }, 3065 3065 + { 3066 3066 + "tcId" : 297, 3067 3067 + "comment" : "special case for A in multiplication by 4", 3068 3068 + "public" : "a5562b4ba86b464dff4c2cfae85b384be211771efe8a9697e51d84de47f1eb14", 3069 3069 + "private" : "c8a85d140ba150f5c6a8d3cb363bcbcb75365e51c61640e974a0725b5e9d5940", 3070 3070 + "shared" : "8a914760129575c8ab3270d04b0465fc2f327acaf1676463113803bbb2ec8021", 3071 3071 + "result" : "valid", 3072 3072 + "flags" : [] 3073 3073 + }, 3074 3074 + { 3075 3075 + "tcId" : 298, 3076 3076 + "comment" : "special case for A in multiplication by 4", 3077 3077 + "public" : "88ae1631cd08ab54c24a31e1fec860391fe29bc50db23eb66709362ec4264929", 3078 3078 + "private" : "90a3aeb1417c3d61c1efef1ac052218fb55d3a59c4fe930b5a33cc5183b48547", 3079 3079 + "shared" : "c1988b6e1f020151ec913b4fb2695bae2c21cc553d0f91cf0c668623a3e5a43d", 3080 3080 + "result" : "acceptable", 3081 3081 + "flags" : [ 3082 3082 + "Twist" 3083 3083 + ] 3084 3084 + }, 3085 3085 + { 3086 3086 + "tcId" : 299, 3087 3087 + "comment" : "special case for A in multiplication by 4", 3088 3088 + "public" : "cbc4d55d5bfddd0bc5c5edbe3a04836b2c701d25195b26221cbea19311e55a3d", 3089 3089 + "private" : "b858d7414bd9ab9a3ebea79064ab87bc050e74407f4d4748f62fa4d9d203b640", 3090 3090 + "shared" : "bb24817bd9fff423dc0972908e2c03fddf4dbe100016b459f28fe9594adb3714", 3091 3091 + "result" : "valid", 3092 3092 + "flags" : [] 3093 3093 + }, 3094 3094 + { 3095 3095 + "tcId" : 300, 3096 3096 + "comment" : "special case for A in multiplication by 4", 3097 3097 + "public" : "d66a2f9f7577e2df4a56cb51962b3056ff5cc0494c60f39511782e79923edd41", 3098 3098 + "private" : "f825edf1f79eddd715a72b3ac267d6b2e97e18bb13bcafdac5940370b85ba64b", 3099 3099 + "shared" : "b3b4513f8a3102e1ae782fbc69888177f2c24c569303a5d01ab1c3c5e285524a", 3100 3100 + "result" : "acceptable", 3101 3101 + "flags" : [ 3102 3102 + "Twist" 3103 3103 + ] 3104 3104 + }, 3105 3105 + { 3106 3106 + "tcId" : 301, 3107 3107 + "comment" : "special case for DA - CB in multiplication by 4", 3108 3108 + "public" : "de0fed2fab6e01492675bc75cbe45d7b45b0306cec8dc67611699811c9aaef16", 3109 3109 + "private" : "b0a710b470e324bb56a7d8ff8788d05eb327616129b84972482425ea4ad4f34b", 3110 3110 + "shared" : "471ba91a99634f9acf34fd7fd58f72682be97ee1c821486d62ba4e448cbc0417", 3111 3111 + "result" : "valid", 3112 3112 + "flags" : [] 3113 3113 + }, 3114 3114 + { 3115 3115 + "tcId" : 302, 3116 3116 + "comment" : "special case for DA - CB in multiplication by 4", 3117 3117 + "public" : "6418d49fe440a755c9ff1a3582d35dc9b44c818498f15782c95284fe868a914c", 3118 3118 + "private" : "b898f0329794747d33269a3989b67e43a7ab5a55fa1210b0e5dba193f4fa094e", 3119 3119 + "shared" : "cdb3ca02d5fdb536dbc7395bab12bdcfd55b1ae771a4176dedb55eb4d755c752", 3120 3120 + "result" : "acceptable", 3121 3121 + "flags" : [ 3122 3122 + "Twist" 3123 3123 + ] 3124 3124 + }, 3125 3125 + { 3126 3126 + "tcId" : 303, 3127 3127 + "comment" : "special case for DA - CB in multiplication by 4", 3128 3128 + "public" : "a89bcfa236bbccf07c434b59f8655fb085b6cbe5ed6376281df813afba22b752", 3129 3129 + "private" : "a0528ed9a8ec22ebe9cc2e32fafc3f467500a9a22f5377382df6604edcdf4f44", 3130 3130 + "shared" : "cd3245403fd9edfcf91c9581ebb2eb7c77ad6837fca372479e78de9faf60a34a", 3131 3131 + "result" : "valid", 3132 3132 + "flags" : [] 3133 3133 + }, 3134 3134 + { 3135 3135 + "tcId" : 304, 3136 3136 + "comment" : "special case for DA - CB in multiplication by 4", 3137 3137 + "public" : "cdb1f95f6eacc24b6d029c6ed976666dc51794db8e4aa966ba850fd7f5048965", 3138 3138 + "private" : "f06888bde75d689d056874f6436000497d22d8ad9b95a1c67de1dda4ada3164d", 3139 3139 + "shared" : "ab7c47ecb0c0167156f44f66a527264b958fc992c21ce98cef3ae214d66bd82d", 3140 3140 + "result" : "valid", 3141 3141 + "flags" : [] 3142 3142 + }, 3143 3143 + { 3144 3144 + "tcId" : 305, 3145 3145 + "comment" : "special case for DA - CB in multiplication by 4", 3146 3146 + "public" : "9491a82744f1cb6105b76b0442e54e605ac67f47a1b2b3b552d486f75bd98e6a", 3147 3147 + "private" : "e034fcaa3ae40603f9b22af159fd67ef009380946de92cb1d83cc489e8b35041", 3148 3148 + "shared" : "1bfa264a7c7229147a20dd021211891e61f5d8c76cd83f0be24bc70e466a815b", 3149 3149 + "result" : "valid", 3150 3150 + "flags" : [] 3151 3151 + }, 3152 3152 + { 3153 3153 + "tcId" : 306, 3154 3154 + "comment" : "special case for C in multiplication by 4", 3155 3155 + "public" : "4d19e156e084fe582a0eb79b2f12b61d0b03f3f229227e798a933eea5a1b6129", 3156 3156 + "private" : "702a7448c0ed58e1f4e0e332d096a36360beca2f6955c815bc120b3a691d7742", 3157 3157 + "shared" : "c46057fcf63088b3a80e0be5ce24c8026dfadd341b5d8215b8afcb2a5a02bb2b", 3158 3158 + "result" : "acceptable", 3159 3159 + "flags" : [ 3160 3160 + "Twist" 3161 3161 + ] 3162 3162 + }, 3163 3163 + { 3164 3164 + "tcId" : 307, 3165 3165 + "comment" : "special case for C in multiplication by 4", 3166 3166 + "public" : "cc4729c4eae292e431ec3a5cf5020e19f9bea50ef3218d9a790034526c3ee14a", 3167 3167 + "private" : "50025cb508ad4faa06fafd0f4a33b747ccf1b3573885d3426500d51b56300144", 3168 3168 + "shared" : "d4361e26127adfbe37c2ed8f42cce4ebab8ab74ed9e74f14c3435d612c1a992a", 3169 3169 + "result" : "acceptable", 3170 3170 + "flags" : [ 3171 3171 + "Twist" 3172 3172 + ] 3173 3173 + }, 3174 3174 + { 3175 3175 + "tcId" : 308, 3176 3176 + "comment" : "special case for C in multiplication by 4", 3177 3177 + "public" : "4a474249af8f771f0cfb1116f24fda4c42f4136d2afb766d1b291c73c6668d5a", 3178 3178 + "private" : "7082fc53299a4d30e5d0c383c035935b1eeebd9408fe4d04b93eec24be52eb47", 3179 3179 + "shared" : "80dfae7a28bb13d9e51ff199267cec2a19dfc8b6f4974e3446b2f62fe9b62470", 3180 3180 + "result" : "valid", 3181 3181 + "flags" : [] 3182 3182 + }, 3183 3183 + { 3184 3184 + "tcId" : 309, 3185 3185 + "comment" : "special case for C in multiplication by 4", 3186 3186 + "public" : "0f2a5cbbe503139531ac0529183da8e624d25286f6e35d1407ab1f4d76ebc260", 3187 3187 + "private" : "98ff7e711d65cc7fd9d0ac12dfe8b894e0a93602ca9e75bf0eabbf0bfe670148", 3188 3188 + "shared" : "7a5c373065e339b26ee537cff1cf4597cfcb4bf2dc7c4bcfec9884443281c273", 3189 3189 + "result" : "valid", 3190 3190 + "flags" : [] 3191 3191 + }, 3192 3192 + { 3193 3193 + "tcId" : 310, 3194 3194 + "comment" : "special case for z_2 in multiplication by 4", 3195 3195 + "public" : "2fe11d723dba63559e1b96147893cb7ec862711806316daa86cd4da769d4b22d", 3196 3196 + "private" : "b080f4ac1e758bbfbfa888a78cb8d624d97b8688002b2017e35f52f3d7c79649", 3197 3197 + "shared" : "c5edcc5d447071c08dfa8281414ae6a02de753e2f7bb80af5f6253e56db43422", 3198 3198 + "result" : "valid", 3199 3199 + "flags" : [] 3200 3200 + }, 3201 3201 + { 3202 3202 + "tcId" : 311, 3203 3203 + "comment" : "special case for z_2 in multiplication by 4", 3204 3204 + "public" : "98e1211dcf6651fa9f2d00eb083ae5855869a2a53e835f2e03b30c0a19ba8051", 3205 3205 + "private" : "e815bf9a967e1208af8e74ce9af6d113dab17c01c90f1ae2bc25e3e2f9e3a44a", 3206 3206 + "shared" : "263a38fe538b50e8e988bf07ae86f33d49886b14c7143efd1d2025c840e36a25", 3207 3207 + "result" : "valid", 3208 3208 + "flags" : [] 3209 3209 + }, 3210 3210 + { 3211 3211 + "tcId" : 312, 3212 3212 + "comment" : "special case for z_2 in multiplication by 4", 3213 3213 + "public" : "2f1b938b81a4c90e1251135ad7fabe835f6a8bc5e22d4b2ab119f6f677877677", 3214 3214 + "private" : "4051b01cdf90af38f0a96ffb83f8d4133abe4fb035b6fe6f65276447caa7314f", 3215 3215 + "shared" : "340acf2801de71c18f4c79cfea372bc354e4c8a5eb5c2cce8b45d885df162f45", 3216 3216 + "result" : "valid", 3217 3217 + "flags" : [] 3218 3218 + }, 3219 3219 + { 3220 3220 + "tcId" : 313, 3221 3221 + "comment" : "special case for CB in multiplication by 4", 3222 3222 + "public" : "340b9f613550d14e3c6256caf029b31cad3fe6db588294e2d3af37605a68d837", 3223 3223 + "private" : "98c092363184e58ad6ce510bd32b309c9d5a46f8d9ee6f64a69d8180bbc6cb45", 3224 3224 + "shared" : "9efe5cd71102d899a333a45ea6d2c089604b926db8c2645ce5ff21492f27a314", 3225 3225 + "result" : "acceptable", 3226 3226 + "flags" : [ 3227 3227 + "Twist" 3228 3228 + ] 3229 3229 + }, 3230 3230 + { 3231 3231 + "tcId" : 314, 3232 3232 + "comment" : "special case for CB in multiplication by 4", 3233 3233 + "public" : "edfbd6f09aa32435440b0ca8ba436308319613f8f2d501133c526c3ff55c7b3d", 3234 3234 + "private" : "686e51c00116d1c191aa9d5823b96e5956102e8fe75f5cf2376d99989f6f4342", 3235 3235 + "shared" : "196182095bcd2ef46b18f64c63607e0ab162a0869e6265ac8ae35e358c3d8a63", 3236 3236 + "result" : "acceptable", 3237 3237 + "flags" : [ 3238 3238 + "Twist" 3239 3239 + ] 3240 3240 + }, 3241 3241 + { 3242 3242 + "tcId" : 315, 3243 3243 + "comment" : "special case for CB in multiplication by 4", 3244 3244 + "public" : "9b0538cd618b0a4de09e45420f84d54d74514fbb1a31c1a4aa1e93306f20723f", 3245 3245 + "private" : "208af2c9442b36b521fc3a1ecefe342aac308bd6e6296ee091c196dc02e7ae40", 3246 3246 + "shared" : "a3c6b75168211e8e0a49ca815bfe3f469f29864dc8166152b456e7074afa9b5b", 3247 3247 + "result" : "acceptable", 3248 3248 + "flags" : [ 3249 3249 + "Twist" 3250 3250 + ] 3251 3251 + }, 3252 3252 + { 3253 3253 + "tcId" : 316, 3254 3254 + "comment" : "special case for CB in multiplication by 4", 3255 3255 + "public" : "ae8cf2fcdde710c2c1184524bc32430874dfa08c125f61d6919daf8e66db415a", 3256 3256 + "private" : "c0d861a6d5ff91f91e3bd05934161ff0ab0f3ce7e4a2b5b4fcb31ae34b46664f", 3257 3257 + "shared" : "deaae6c9952844a3a1d01688e7105b0bbeadc160763c2002b6d0bcf35c22d123", 3258 3258 + "result" : "valid", 3259 3259 + "flags" : [] 3260 3260 + }, 3261 3261 + { 3262 3262 + "tcId" : 317, 3263 3263 + "comment" : "special case for AA in multiplication by 4", 3264 3264 + "public" : "2a59f478402d2829cd3b62e9f7cc01445e8e73a42cb11af00b6b9a9f0e44cb3b", 3265 3265 + "private" : "70785cad160972b711318659b47b574f6941ef6da1ea06508b2650f57ec9e54a", 3266 3266 + "shared" : "c204bd15f01a11a2efdabe2e902b7cd0aa079316f60e911b3ee5d46262e98631", 3267 3267 + "result" : "valid", 3268 3268 + "flags" : [] 3269 3269 + }, 3270 3270 + { 3271 3271 + "tcId" : 318, 3272 3272 + "comment" : "special case for AA in multiplication by 4", 3273 3273 + "public" : "836c8e45dd890e658c33e69b6f578a5a774c48b435bc3b91ac693df94a055857", 3274 3274 + "private" : "60afc8eb1f87df4b55287f3c4698c5f8b997b28a73c573fc273e9c467fb7e44c", 3275 3275 + "shared" : "c5457487e90932f57b94af2e8750403e09c9ac727e2bd213590462b6937b0753", 3276 3276 + "result" : "acceptable", 3277 3277 + "flags" : [ 3278 3278 + "Twist" 3279 3279 + ] 3280 3280 + }, 3281 3281 + { 3282 3282 + "tcId" : 319, 3283 3283 + "comment" : "special case for AA in multiplication by 4", 3284 3284 + "public" : "59519ead7995a6df89bb54c840d61a8481881098b8a4f83c6a2f6ba800338257", 3285 3285 + "private" : "a83c11b2834136b9aaf0152d90e76e3c27177693a2834e8beda0a3571bce6947", 3286 3286 + "shared" : "4ed6f8d62932541c6bea16e03835f1f758a5c41722b5c9989c9c7cc08e34e37b", 3287 3287 + "result" : "valid", 3288 3288 + "flags" : [] 3289 3289 + }, 3290 3290 + { 3291 3291 + "tcId" : 320, 3292 3292 + "comment" : "special case for AA in multiplication by 4", 3293 3293 + "public" : "32f34da84ab4bfca369c4b884691becf54be7fbed16449dc86969da7ea9abf62", 3294 3294 + "private" : "b80d8795735806579e71759894939d758853592127efe84fc82eb7cdee45014f", 3295 3295 + "shared" : "521a5b8149a132d155e6b4ed113900506cfc2f76d2a3e14196d69eb85db3c952", 3296 3296 + "result" : "acceptable", 3297 3297 + "flags" : [ 3298 3298 + "Twist" 3299 3299 + ] 3300 3300 + }, 3301 3301 + { 3302 3302 + "tcId" : 321, 3303 3303 + "comment" : "special case for AA in multiplication by 4", 3304 3304 + "public" : "82ae48dcf59bc5e469f9a11b18a32d4753ac818692dfae27d675411a2272b363", 3305 3305 + "private" : "e08ffa45efbe1f96584c76254554adb9177b58ed09609a6ce499e5bd22d35c45", 3306 3306 + "shared" : "e831d6cee95ca1b4c96bb89457562fff36cb4d08b81da89b810b425ecdbafd78", 3307 3307 + "result" : "valid", 3308 3308 + "flags" : [] 3309 3309 + }, 3310 3310 + { 3311 3311 + "tcId" : 322, 3312 3312 + "comment" : "special case for AA in multiplication by 4", 3313 3313 + "public" : "b33bd3ad14b66896f971cbdf27785fc3aa3cfb39adc6c29257d22ea4df8cbf63", 3314 3314 + "private" : "688e1bbb5114f34e8531c278b2d9714ba07c32a7aea6e627135bd1fc65238045", 3315 3315 + "shared" : "350e3ab9d0dbff78f3f2157428beba189333be274827c10d59673f21c0c48a24", 3316 3316 + "result" : "valid", 3317 3317 + "flags" : [] 3318 3318 + }, 3319 3319 + { 3320 3320 + "tcId" : 323, 3321 3321 + "comment" : "special case for AA in multiplication by 4", 3322 3322 + "public" : "18e58df6bfbe184b0e3c7c4bf2a051ed055b793501c0d4fc47bc8a95c4deec7c", 3323 3323 + "private" : "8036a4e2e93e9ed82d99d71a522aac9289bd9905fe41d01d08a499376a258442", 3324 3324 + "shared" : "ade71d6460287fe808e947560e67a9d6ff2f96eaa1355d2e9fbbe549e883381b", 3325 3325 + "result" : "acceptable", 3326 3326 + "flags" : [ 3327 3327 + "Twist" 3328 3328 + ] 3329 3329 + }, 3330 3330 + { 3331 3331 + "tcId" : 324, 3332 3332 + "comment" : "special case for DA in multiplication by 4", 3333 3333 + "public" : "772e31e776e8d4f23b7af2037af28a37e68f61e740b3904f4ec4c90157be1478", 3334 3334 + "private" : "901b20f0cda74076c3d4bf4e02653cd406ed480c355159e22ca44b984f10764f", 3335 3335 + "shared" : "91a9bec28cf18c7094e2d80d2764df59ada0cb1946be422864bd7ad0e533b663", 3336 3336 + "result" : "valid", 3337 3337 + "flags" : [] 3338 3338 + }, 3339 3339 + { 3340 3340 + "tcId" : 325, 3341 3341 + "comment" : "special case for z_2 in multiplication by 5", 3342 3342 + "public" : "a8d55d5c1137e9bb626557f9d6eea8d3120e9364f8bcd9b67934260b1a091801", 3343 3343 + "private" : "d83eb7affd1bcc1ec0b4823cee5cf0b15b5f57085aa2708ed437a2925329b550", 3344 3344 + "shared" : "6c1b8e240edfa5db2abb3dc12bcf9e8ac9ca10dd3507083746f6f36dc035d755", 3345 3345 + "result" : "valid", 3346 3346 + "flags" : [] 3347 3347 + }, 3348 3348 + { 3349 3349 + "tcId" : 326, 3350 3350 + "comment" : "special case for z_2 in multiplication by 5", 3351 3351 + "public" : "33c94be58b0f0e6cf363e1b12a2ebfb93040715be91518f21df2953eeab5fb01", 3352 3352 + "private" : "989eee317b9c254dc023f9e35eff0224bc2e0bc871996b946a96970e7506a85e", 3353 3353 + "shared" : "d4c3b3467714f2d105904a84cc7e81d7f291304e908041682d8906a683c12125", 3354 3354 + "result" : "acceptable", 3355 3355 + "flags" : [ 3356 3356 + "Twist" 3357 3357 + ] 3358 3358 + }, 3359 3359 + { 3360 3360 + "tcId" : 327, 3361 3361 + "comment" : "special case for z_2 in multiplication by 5", 3362 3362 + "public" : "a218ae9624b07ce05178b9d0cc1b71dee21f27852a2ceb18610b4052b244f00f", 3363 3363 + "private" : "b8355455d358f2dd7c5707b2c6973c9c27b99e7d8ac1650c791e5fdbcbea4957", 3364 3364 + "shared" : "1ebe6ca711a649ae487b332747e3dc0306340560cab6bc6029e44f6a7e0ee41c", 3365 3365 + "result" : "acceptable", 3366 3366 + "flags" : [ 3367 3367 + "Twist" 3368 3368 + ] 3369 3369 + }, 3370 3370 + { 3371 3371 + "tcId" : 328, 3372 3372 + "comment" : "special case for z_2 in multiplication by 5", 3373 3373 + "public" : "d7067faeafd3e966e57525f930b3317c9e8b9c9a9ae946e76c1e4602a59a7e33", 3374 3374 + "private" : "8065567ef082b16c20853487f54893012ba4762224e5c59f250dfbf82581e85a", 3375 3375 + "shared" : "03e7a777e648bdc612189f3cd42d34e35736d3e52e6edc8ac873a58e244a6073", 3376 3376 + "result" : "acceptable", 3377 3377 + "flags" : [ 3378 3378 + "Twist" 3379 3379 + ] 3380 3380 + }, 3381 3381 + { 3382 3382 + "tcId" : 329, 3383 3383 + "comment" : "special case for z_2 in multiplication by 5", 3384 3384 + "public" : "8df9682cbe8802478a8531377e752cdde54738d528d639bea9eaf47702f8bf3b", 3385 3385 + "private" : "00b51448139a61fe6c5fbf9395877d53d820ef59da3be856458b5eb90985ba53", 3386 3386 + "shared" : "308ef99dae1064a444fa90775b5dd5b1952d7224a0e5ae031df432640f416208", 3387 3387 + "result" : "acceptable", 3388 3388 + "flags" : [ 3389 3389 + "Twist" 3390 3390 + ] 3391 3391 + }, 3392 3392 + { 3393 3393 + "tcId" : 330, 3394 3394 + "comment" : "special case for z_2 in multiplication by 5", 3395 3395 + "public" : "7d92706868aa09538638d633c255f333b9da03bc74b49b35941c57820cd3fd47", 3396 3396 + "private" : "e8eb9f6f62f93dbc325b833aa763a90f13f0acb2c2c4b8b33decd471ce70c45f", 3397 3397 + "shared" : "f33e2e86443a2c68823b72a2b59d6a028e0a8e283cfe29fea4f7aa22bd1afe72", 3398 3398 + "result" : "valid", 3399 3399 + "flags" : [] 3400 3400 + }, 3401 3401 + { 3402 3402 + "tcId" : 331, 3403 3403 + "comment" : "special case for E in multiplication by 5", 3404 3404 + "public" : "dfb1ffc176aff84db30182d2378f83728f83dd1b33d79856f3da5459cf9df907", 3405 3405 + "private" : "68a1a7ccc50bab4b01e55e18cbd464aff43131fb0741e68d53cdebfc54f33051", 3406 3406 + "shared" : "7b535fc31c6c2a3803d8bd45410a1781bd90a09205da28c9df120df23a9fa32d", 3407 3407 + "result" : "valid", 3408 3408 + "flags" : [] 3409 3409 + }, 3410 3410 + { 3411 3411 + "tcId" : 332, 3412 3412 + "comment" : "special case for E in multiplication by 5", 3413 3413 + "public" : "12e81e838b21eac96dc130432571216d7a9b4a817f1938721d2267dd150ebf20", 3414 3414 + "private" : "e075bcfc165a471b2f76c3003fb0172c82f707137de2fa7082e43a87a255935c", 3415 3415 + "shared" : "ca23a781da0911e4115a29a9f56447157c23bee187b0c17369c4f7730d781718", 3416 3416 + "result" : "valid", 3417 3417 + "flags" : [] 3418 3418 + }, 3419 3419 + { 3420 3420 + "tcId" : 333, 3421 3421 + "comment" : "special case for E in multiplication by 5", 3422 3422 + "public" : "832a46aec02240d716fe22dea94ad566a3fafbeedcce35c83e41e58076c99749", 3423 3423 + "private" : "c0e19634dbf6460e1486930c46e8556b3c16d6de959904600549bb3e08603455", 3424 3424 + "shared" : "cd0686b32ea4cddb8e13ff20a78d380749a5d4f6a3dc55d72f4813d949a0ea57", 3425 3425 + "result" : "acceptable", 3426 3426 + "flags" : [ 3427 3427 + "Twist" 3428 3428 + ] 3429 3429 + }, 3430 3430 + { 3431 3431 + "tcId" : 334, 3432 3432 + "comment" : "special case for E in multiplication by 5", 3433 3433 + "public" : "8c8033432bcc12d479f67d6d876b1c8e89f16a234b9b093322effa9dee94554d", 3434 3434 + "private" : "b84caa18acc3db37225d32cab4f60e6fba4acab1277e20425d30f94cab2e2c55", 3435 3435 + "shared" : "a950aa57bb2beb9ed5d3228c7ef448dab69552f3d3b1e466accf41bfb6d5b874", 3436 3436 + "result" : "valid", 3437 3437 + "flags" : [] 3438 3438 + }, 3439 3439 + { 3440 3440 + "tcId" : 335, 3441 3441 + "comment" : "special case for E in multiplication by 5", 3442 3442 + "public" : "6df799bba6cdf5f46a57ab227f93fba491dad296a2fdb7e491921d610cce8f5e", 3443 3443 + "private" : "2896818cddf572521943e9f0c5e845f530b740427588a0f6de2504bd5bf40c53", 3444 3444 + "shared" : "54f5ae57e676d08c8f8a3cf891e36ddaab751093f92f409060c57e745941700e", 3445 3445 + "result" : "acceptable", 3446 3446 + "flags" : [ 3447 3447 + "Twist" 3448 3448 + ] 3449 3449 + }, 3450 3450 + { 3451 3451 + "tcId" : 336, 3452 3452 + "comment" : "special case for AA in multiplication by 5", 3453 3453 + "public" : "0c8090e1cfe7f761cfdf08d944d4aeb7a509a07a6101645b9a4c7c9e9c3d4609", 3454 3454 + "private" : "a01f0cad98cf2905b812d3530531bb3ac899391abd1eaf4a3ebed96ac6126f58", 3455 3455 + "shared" : "2d49b09f81f3f6fab2c67e32f1bcead2ad09ac9e0d642b0873becfb64de2ab23", 3456 3456 + "result" : "valid", 3457 3457 + "flags" : [] 3458 3458 + }, 3459 3459 + { 3460 3460 + "tcId" : 337, 3461 3461 + "comment" : "special case for AA in multiplication by 5", 3462 3462 + "public" : "08352936c8afd8543ac95f24bce9a07e3e3235763ea512a584298967b83c070a", 3463 3463 + "private" : "106b36344cc4a5a389d8168137786806ff03cd4a00f8636bb7e758d456151d59", 3464 3464 + "shared" : "a199368e683c3036a48f4c5f32b32a547dd39f3d1007ca0a0bebcad0a8ac6f5c", 3465 3465 + "result" : "valid", 3466 3466 + "flags" : [] 3467 3467 + }, 3468 3468 + { 3469 3469 + "tcId" : 338, 3470 3470 + "comment" : "special case for AA in multiplication by 5", 3471 3471 + "public" : "73bdeef8cc044f5ad8d6a241273e1995e0007dc9e6579046df86aa6cd97f5d2a", 3472 3472 + "private" : "88f9a0d2354adfcbab2d12a0e09b3c7719c944384edfbaa27fe0731cb9c6fc5a", 3473 3473 + "shared" : "5aa750de4207869ec7fddab34c639559b1eb27ef244aaf2a702c84963b6d6e7c", 3474 3474 + "result" : "acceptable", 3475 3475 + "flags" : [ 3476 3476 + "Twist" 3477 3477 + ] 3478 3478 + }, 3479 3479 + { 3480 3480 + "tcId" : 339, 3481 3481 + "comment" : "special case for AA in multiplication by 5", 3482 3482 + "public" : "7fdd399b6ef4a3f5cade62e74113b29c27db15203f9b8e398d2c6f230051cd2b", 3483 3483 + "private" : "0811f2e560a205e96e28bc312bcad45fe8befefb7f6da5faa035311eed80b251", 3484 3484 + "shared" : "a6947ee089ff28ce3644ea4c6eb33dbb20c7974fb8d853f4e146e2466177502d", 3485 3485 + "result" : "valid", 3486 3486 + "flags" : [] 3487 3487 + }, 3488 3488 + { 3489 3489 + "tcId" : 340, 3490 3490 + "comment" : "special case for DA - CB in multiplication by 5", 3491 3491 + "public" : "f0173a96273c646fb63d13b0c686b89e37676fcc7178faf4a6f4601f3068150d", 3492 3492 + "private" : "40ad984066a69080fb4a315878e736096cc577dae4c42c40d893d8c2173b785a", 3493 3493 + "shared" : "230b6aa1f24df90a60839179ba5e9de673cff11cab59e8020b20626c22090b0a", 3494 3494 + "result" : "valid", 3495 3495 + "flags" : [] 3496 3496 + }, 3497 3497 + { 3498 3498 + "tcId" : 341, 3499 3499 + "comment" : "special case for DA - CB in multiplication by 5", 3500 3500 + "public" : "255bbe7230cd2bee90d283f418a474ab30146ce5e801a0f5ed60ee8def3e6558", 3501 3501 + "private" : "48b10cd45639bbbf83a0b28f0dd3ad0b7b00caf48d05534480556a8278116d59", 3502 3502 + "shared" : "2299e384958bedd2c3d367759155136d1ff76e4434dc1d9e8212cdca52ea8421", 3503 3503 + "result" : "valid", 3504 3504 + "flags" : [] 3505 3505 + }, 3506 3506 + { 3507 3507 + "tcId" : 342, 3508 3508 + "comment" : "special case for DA - CB in multiplication by 5", 3509 3509 + "public" : "21accf97b7fee173001ccfcab21637c175ef5186ff0002502b3d52fa8c51e766", 3510 3510 + "private" : "e8fad77946e0de4cf4236798490b838948b82cfb29f8e7686001b11e8d961657", 3511 3511 + "shared" : "97fca065acd3b943c654997c0f125767f9abc4b7c9d8b7246942f12be65d9231", 3512 3512 + "result" : "valid", 3513 3513 + "flags" : [] 3514 3514 + }, 3515 3515 + { 3516 3516 + "tcId" : 343, 3517 3517 + "comment" : "special case for BB in multiplication by 5", 3518 3518 + "public" : "5b40777e80ff6efe378b5e81959ccdcbb4ca04b9d77edc6b3006deb99926fa22", 3519 3519 + "private" : "d07babed90b27c4eacafdc871703bd036b720a82b5c094dceb4749eeaeb81052", 3520 3520 + "shared" : "f482531e523d058d6e3fe3a427fc40dbce6dd6f18defbc097bfd7d0cdd2f710d", 3521 3521 + "result" : "valid", 3522 3522 + "flags" : [] 3523 3523 + }, 3524 3524 + { 3525 3525 + "tcId" : 344, 3526 3526 + "comment" : "special case for BB in multiplication by 5", 3527 3527 + "public" : "48d952a2924ff167f037707469ec715da72bb65f49aaf4dce7ec5a17039ddb42", 3528 3528 + "private" : "68a3049aef8c069b906cf743286d3952a888bf2b9b93bc8775fb5adde06e9f53", 3529 3529 + "shared" : "de88af905d37417d8331105345dabaab9fd2d3cb1ee902911c1c8eae2991d911", 3530 3530 + "result" : "acceptable", 3531 3531 + "flags" : [ 3532 3532 + "Twist" 3533 3533 + ] 3534 3534 + }, 3535 3535 + { 3536 3536 + "tcId" : 345, 3537 3537 + "comment" : "special case for BB in multiplication by 5", 3538 3538 + "public" : "a5ef265ccbc5c54021d34f82364a4624030f5b9d5ff7e63d7a379e533de5e742", 3539 3539 + "private" : "18d8c3d2a4e366185a85c38698d937e13bbbafdbdab1a0a83dbbe89badf70756", 3540 3540 + "shared" : "075d18ccc984761b70752279e7f6a757208f6c11e29480c32b40aba128a4d52b", 3541 3541 + "result" : "valid", 3542 3542 + "flags" : [] 3543 3543 + }, 3544 3544 + { 3545 3545 + "tcId" : 346, 3546 3546 + "comment" : "special case for x_2 in multiplication by 5", 3547 3547 + "public" : "9051e55a4050ef4dce0b0c40811f16371e8b16932541da37f069406d848ea424", 3548 3548 + "private" : "18efcd5fe345be4985316695391d2c952eee13b0e1ee7584721fbe8b19d4fc5f", 3549 3549 + "shared" : "212dbf9bc89b6873a60dfc8731a10be11ab2dca4b172142e6c9f06614cd72852", 3550 3550 + "result" : "acceptable", 3551 3551 + "flags" : [ 3552 3552 + "Twist" 3553 3553 + ] 3554 3554 + }, 3555 3555 + { 3556 3556 + "tcId" : 347, 3557 3557 + "comment" : "special case for x_2 in multiplication by 5", 3558 3558 + "public" : "419adb8b1f2f87de016b0c78d1029a210492eb8cadd164b12cd65b1d57bf3634", 3559 3559 + "private" : "28ec7c693e222c72ac0815f1fd36661357e0a8da7bc996daeeeafcd21c013451", 3560 3560 + "shared" : "379f9221abebf3582681a0e857f3da578a1b0121982b96f14b94de5dc8b24528", 3561 3561 + "result" : "valid", 3562 3562 + "flags" : [] 3563 3563 + }, 3564 3564 + { 3565 3565 + "tcId" : 348, 3566 3566 + "comment" : "special case for x_2 in multiplication by 5", 3567 3567 + "public" : "13e00dae3b1ccc97ccd649088c4a7f32ca9976214d645667bd082039bbd9ab7a", 3568 3568 + "private" : "78b35e7ae549308b6414bb610196c04f2af79d4266c86e8a9ce0c02bbdb88d59", 3569 3569 + "shared" : "cff2596b7afe36f4cab9c70133d7aa0f9914f9abc6c3b9895472e2a5894a8037", 3570 3570 + "result" : "valid", 3571 3571 + "flags" : [] 3572 3572 + }, 3573 3573 + { 3574 3574 + "tcId" : 349, 3575 3575 + "comment" : "special case for C in multiplication by 6", 3576 3576 + "public" : "441c487a48f0a4989d931cd77a6142a0a13d1aabad82623ba8d94b5c374f4f08", 3577 3577 + "private" : "f0de9c5f8a9372f30c41ca47a55743ce697d46e32e7a9ae26d32503fd5222767", 3578 3578 + "shared" : "d47c46b4329bedcbc1986b3c6d2aa9bcd027d6b68925175d35bbb536b3440801", 3579 3579 + "result" : "valid", 3580 3580 + "flags" : [] 3581 3581 + }, 3582 3582 + { 3583 3583 + "tcId" : 350, 3584 3584 + "comment" : "special case for C in multiplication by 6", 3585 3585 + "public" : "0e67ee5c6b65aa802259810b2605f8d7accf9b49bf14cb4a536928e883172915", 3586 3586 + "private" : "686be5a12b310420f9bfb209381fd459a5ccd55c752b88337ebe89e1921ae765", 3587 3587 + "shared" : "1d730158da880533dbf1e6c64a8e99f9169611660969b0a84fb42dd8dc2efa3d", 3588 3588 + "result" : "acceptable", 3589 3589 + "flags" : [ 3590 3590 + "Twist" 3591 3591 + ] 3592 3592 + }, 3593 3593 + { 3594 3594 + "tcId" : 351, 3595 3595 + "comment" : "special case for C in multiplication by 6", 3596 3596 + "public" : "dc9d7ef1cb49c191e258663a94e731b9c066c11a17d8b5fdea1987f5d9a00568", 3597 3597 + "private" : "a0c0337c5bec5ca24dea2f1d701498ae2bad87b8269ac23be113929fe4eb1963", 3598 3598 + "shared" : "07732529a628badeb8d74946775ba457c700bf8390f46bc523fb64e471c86a7e", 3599 3599 + "result" : "valid", 3600 3600 + "flags" : [] 3601 3601 + }, 3602 3602 + { 3603 3603 + "tcId" : 352, 3604 3604 + "comment" : "special case for C in multiplication by 6", 3605 3605 + "public" : "556b3ee7cd0d37979056ecc1f56a5677a4935be6e49ce28e394f8bfb73d13b6a", 3606 3606 + "private" : "b8824cfce5550b5e17b12f74e28459cab34eb49895cc36bf645a0cf00e3d2d67", 3607 3607 + "shared" : "9e3aae35fa1cc80a359878e212180294ff6608dcb4929e91901abbf976f39c16", 3608 3608 + "result" : "valid", 3609 3609 + "flags" : [] 3610 3610 + }, 3611 3611 + { 3612 3612 + "tcId" : 353, 3613 3613 + "comment" : "special case for C in multiplication by 6", 3614 3614 + "public" : "1211be5809605b54f5727d233c783a2a199a3db24ed4499d7b48c7603e4ad371", 3615 3615 + "private" : "e02dba7335af8fb9168de2fcd310c2e2df4a3e25263e0ab9ada87bfb8258a66b", 3616 3616 + "shared" : "880f6dc73220307a597670f3282fc366aa66f04a0a9ca30d895fdde337afe825", 3617 3617 + "result" : "valid", 3618 3618 + "flags" : [] 3619 3619 + }, 3620 3620 + { 3621 3621 + "tcId" : 354, 3622 3622 + "comment" : "special case for CB in multiplication by 6", 3623 3623 + "public" : "505e7851e2352e311ca9536a1fe6c0d95d648197374ce08e4b8a0fbddf62910b", 3624 3624 + "private" : "30ce71f856ceb874fe580039ca67e896e6d08207a73cd55db7059127c1342b67", 3625 3625 + "shared" : "ea62b0eda2d7b249a42417675a2b82b1e6c0d69a4e7cef336448844d2f432251", 3626 3626 + "result" : "valid", 3627 3627 + "flags" : [] 3628 3628 + }, 3629 3629 + { 3630 3630 + "tcId" : 355, 3631 3631 + "comment" : "special case for CB in multiplication by 6", 3632 3632 + "public" : "ddf4e90503dd82610c3a034b925a880b72dbde30c626009202b358c6eb00f418", 3633 3633 + "private" : "e881f46d4141ea69a671649b93b63e97dc67c12521d445862f087b2626fa2b6f", 3634 3634 + "shared" : "302c4f83b5c5bf30c1e3afd9f643f65bfe56ca1628ee042b1ab7393bafe36c06", 3635 3635 + "result" : "valid", 3636 3636 + "flags" : [] 3637 3637 + }, 3638 3638 + { 3639 3639 + "tcId" : 356, 3640 3640 + "comment" : "special case for CB in multiplication by 6", 3641 3641 + "public" : "0e9c4431999ef1ce177e900d37ec6ae665e387e2d4fa27cba8e7baebc65c6520", 3642 3642 + "private" : "e879752683cd73a834251c65749135e06eb9064d3ae35095d88cde14a02ba366", 3643 3643 + "shared" : "8ff2ac65c85ee2fe9452fce460f8c87f9570d769cadddc87fe93ef8b7657c726", 3644 3644 + "result" : "acceptable", 3645 3645 + "flags" : [ 3646 3646 + "Twist" 3647 3647 + ] 3648 3648 + }, 3649 3649 + { 3650 3650 + "tcId" : 357, 3651 3651 + "comment" : "special case for CB in multiplication by 6", 3652 3652 + "public" : "5761d6c08624104d4117ff17c75e9211a591c9ca9aecca3a665a7ed844195225", 3653 3653 + "private" : "20576ab456da26c18da5fbf06ec4d16564e111bfae2a92b9f6e1927c15770a62", 3654 3654 + "shared" : "97c91a23c3e4f3ff727d188a352b67ad490b62381566fb3e111cb67aa9e3435c", 3655 3655 + "result" : "acceptable", 3656 3656 + "flags" : [ 3657 3657 + "Twist" 3658 3658 + ] 3659 3659 + }, 3660 3660 + { 3661 3661 + "tcId" : 358, 3662 3662 + "comment" : "special case for CB in multiplication by 6", 3663 3663 + "public" : "e92d45b3ec56531266303c5113c46310c41650001065b4d87b02b382fc82662e", 3664 3664 + "private" : "a8467418b924c2c003c56e1610a35469356360c29d52aa557a2bb30fb8a9a464", 3665 3665 + "shared" : "24346bb133dd9ae3ff02d2f50510b3a92d9030834d60e5af08b0eebbf1d4dd6f", 3666 3666 + "result" : "valid", 3667 3667 + "flags" : [] 3668 3668 + }, 3669 3669 + { 3670 3670 + "tcId" : 359, 3671 3671 + "comment" : "special case for CB in multiplication by 6", 3672 3672 + "public" : "f38b63459d05e422ad024c2dcea5029a0a7a6b6c4c1d2093ce556aab331e2540", 3673 3673 + "private" : "f0f5e162923d7c299388bed781199417ade097475515162d9590976a196fb16f", 3674 3674 + "shared" : "b3453c9c82a2d1d956156de2399cb70dd4e1ec53aea967e035753c1cdae13c39", 3675 3675 + "result" : "valid", 3676 3676 + "flags" : [] 3677 3677 + }, 3678 3678 + { 3679 3679 + "tcId" : 360, 3680 3680 + "comment" : "special case for CB in multiplication by 6", 3681 3681 + "public" : "a7ded0eea45a400b8f5637154d42974aa98c92962314d822ef88b01383a9da4d", 3682 3682 + "private" : "608fcf787fe789644a09bcab958f0737aa81a9e29d505f51035c78e374b9e46b", 3683 3683 + "shared" : "ebeb0c7b7a4165cd02a278f3a222c236eed83266b806d13494c1c3f98a2f3425", 3684 3684 + "result" : "valid", 3685 3685 + "flags" : [] 3686 3686 + }, 3687 3687 + { 3688 3688 + "tcId" : 361, 3689 3689 + "comment" : "special case for CB in multiplication by 6", 3690 3690 + "public" : "7b0ecb4c72ee147789d74813ced3ebe40f45c3da526ed1272952e453e43b796d", 3691 3691 + "private" : "58a3396d291eb23571b52d98a31549e514e501e8d0958ad9f25fe5a76c503e69", 3692 3692 + "shared" : "9213a53f22ff0cb5eca87b27b193c773bfdf4c01a193a11f37c157474e15cb07", 3693 3693 + "result" : "valid", 3694 3694 + "flags" : [] 3695 3695 + }, 3696 3696 + { 3697 3697 + "tcId" : 362, 3698 3698 + "comment" : "special case for x_2 in multiplication by 6", 3699 3699 + "public" : "a244413ddc3a205d038d64266833eea1efba51ba62c9c6cdcdbe943be52bb00c", 3700 3700 + "private" : "d805a7014755dd656f98d2b331f2d2d4912725ef3d03752f26f74dc1ad61666a", 3701 3701 + "shared" : "66484a4120e0eb0c7e0505e1d2c5d15de9b52b72e094c9bac88634200c557267", 3702 3702 + "result" : "acceptable", 3703 3703 + "flags" : [ 3704 3704 + "Twist" 3705 3705 + ] 3706 3706 + }, 3707 3707 + { 3708 3708 + "tcId" : 363, 3709 3709 + "comment" : "special case for x_2 in multiplication by 6", 3710 3710 + "public" : "ec3c8b0c10b1fa65dbbd17cf1ba5f86381284765709b07c5f0428e3d5bcd3920", 3711 3711 + "private" : "40cb1fe06b08f068f7080ba07c695eda91a2bebeadd4db95c97dd7c91af2566d", 3712 3712 + "shared" : "384f2221618e71d456b1551651efdb708a161d7f89f5604b27eb872d4aa93276", 3713 3713 + "result" : "valid", 3714 3714 + "flags" : [] 3715 3715 + }, 3716 3716 + { 3717 3717 + "tcId" : 364, 3718 3718 + "comment" : "special case for x_2 in multiplication by 6", 3719 3719 + "public" : "6330d3e28a8b6126ace165a9dfccc6e4bd40dbc9768cfb16330cb7f27f906230", 3720 3720 + "private" : "8021464c64c9d6d3c0c852f6972d11969b04c9e066562fa7f0d5fa0d98ebad62", 3721 3721 + "shared" : "8daf5f4b84730144ea8a53ce39cc907e39a89ed09f0202e7be0d3bda38da663b", 3722 3722 + "result" : "acceptable", 3723 3723 + "flags" : [ 3724 3724 + "Twist" 3725 3725 + ] 3726 3726 + }, 3727 3727 + { 3728 3728 + "tcId" : 365, 3729 3729 + "comment" : "special case for x_2 in multiplication by 6", 3730 3730 + "public" : "8678aa29cbc06e78b218d22a3e66c38ec0da8fdb0f2570c585c62517c9704f37", 3731 3731 + "private" : "707a2d710b32f55c6eba34898020a2fb981d61b1e822fca84c47d9321e279268", 3732 3732 + "shared" : "da8b7eba6f72c3f3ef33d8982093492e06be39bb0db29c465d95a8e52ef64341", 3733 3733 + "result" : "acceptable", 3734 3734 + "flags" : [ 3735 3735 + "Twist" 3736 3736 + ] 3737 3737 + }, 3738 3738 + { 3739 3739 + "tcId" : 366, 3740 3740 + "comment" : "special case for x_2 in multiplication by 6", 3741 3741 + "public" : "303289c2b1079ea59412faccfeba8c113d2299b9dcfedeabc42697b0829c4658", 3742 3742 + "private" : "204a43dea79d779577581b8c2a51be66e1effce96425b7422b9ca65bdf1a4867", 3743 3743 + "shared" : "0419a71a08d3fdd574cbc932e8f1605933ddcdd9774f5614269b7ed850c8650e", 3744 3744 + "result" : "acceptable", 3745 3745 + "flags" : [ 3746 3746 + "Twist" 3747 3747 + ] 3748 3748 + }, 3749 3749 + { 3750 3750 + "tcId" : 367, 3751 3751 + "comment" : "special case for x_2 in multiplication by 6", 3752 3752 + "public" : "3e6e16e02d44ebd94680832e065aeddcbb74af64fbb7c6d8367e7605be13ff5b", 3753 3753 + "private" : "58e4741735d2589322151947a1ce2f5829908626886941cb1631d25a8a684169", 3754 3754 + "shared" : "9f2fcd0c756288c1716ecd1f2a74864b93a7717bfaf5248858dcb6fdbea12864", 3755 3755 + "result" : "valid", 3756 3756 + "flags" : [] 3757 3757 + }, 3758 3758 + { 3759 3759 + "tcId" : 368, 3760 3760 + "comment" : "special case for x_2 in multiplication by 6", 3761 3761 + "public" : "a7c1716a41ed23a8870438714ff9745fb0e46f7a5baeb37c9a2d83fe477d146c", 3762 3762 + "private" : "d0af3428ea5205f6bf8d4f1b4e4903cd76f04236a1c0b3ecfdcaf28b21348e63", 3763 3763 + "shared" : "261ab6267c35a9755359e957473870522b7f923fe839f2b155408649cc5e8004", 3764 3764 + "result" : "valid", 3765 3765 + "flags" : [] 3766 3766 + }, 3767 3767 + { 3768 3768 + "tcId" : 369, 3769 3769 + "comment" : "special case for DA - CB in multiplication by 6", 3770 3770 + "public" : "dad981552c57541c57ef395ed770ce5edc48f8015461b2ba7aa831ec593ceb15", 3771 3771 + "private" : "c0ea97e442e5dc1c8142bfab7089ecb9bb9c5ae372f9907c2825e678defae567", 3772 3772 + "shared" : "9093bfa3ed3491d0891f02ae466e5e13c980df229db7404c5b9d34e4ed21c653", 3773 3773 + "result" : "valid", 3774 3774 + "flags" : [] 3775 3775 + }, 3776 3776 + { 3777 3777 + "tcId" : 370, 3778 3778 + "comment" : "special case for DA - CB in multiplication by 6", 3779 3779 + "public" : "c588dfe6e733d90581cbe112079749d8eb30ab8631134ec29abfb98b32e76522", 3780 3780 + "private" : "b0333f09ac1eaacd3cd617eb8832e9de488b458b735cb4b5345f517130c25d6b", 3781 3781 + "shared" : "6e88bb6bf75596bbe5f1fbe91e365a527a156f4f1b57c13ac1e3e6db93191239", 3782 3782 + "result" : "acceptable", 3783 3783 + "flags" : [ 3784 3784 + "Twist" 3785 3785 + ] 3786 3786 + }, 3787 3787 + { 3788 3788 + "tcId" : 371, 3789 3789 + "comment" : "special case for DA - CB in multiplication by 6", 3790 3790 + "public" : "0670116a435e8d9b7a12ffc4322fd6b149d0b1dc799b5c0957d9d6e42546e824", 3791 3791 + "private" : "10719099dc63bcc282ef525845c108897ac9fae9590b593e0d505d1cf167c061", 3792 3792 + "shared" : "e6de74d2c5cea54094d7a70af03c768afe05d52a038bb72d56dcacf0ba502d74", 3793 3793 + "result" : "valid", 3794 3794 + "flags" : [] 3795 3795 + }, 3796 3796 + { 3797 3797 + "tcId" : 372, 3798 3798 + "comment" : "special case for DA - CB in multiplication by 6", 3799 3799 + "public" : "8b200dd226c5c0f7e116e5388ba162438caf1dddf4edc3b6ba838c21b5929737", 3800 3800 + "private" : "10e20e4fda57084ca90f7ad572a78aa8e6575c659cd01f30c43c58040c20e860", 3801 3801 + "shared" : "78c9c3aff9416a538ce3ea8fa553244528d1fbecbcf91695a33ca464ef76b85a", 3802 3802 + "result" : "valid", 3803 3803 + "flags" : [] 3804 3804 + }, 3805 3805 + { 3806 3806 + "tcId" : 373, 3807 3807 + "comment" : "special case for DA - CB in multiplication by 6", 3808 3808 + "public" : "419a076b179f79720096eaabaf03477e8f89d61f885c8d7f58f6eaa4fa77df5f", 3809 3809 + "private" : "a8312df473adfec7171e1635f5bad44f0753a88a6b3174ec5ae762703ae25e60", 3810 3810 + "shared" : "c1a96ccba08bdd82d0fc12e8cde4cc1f25cfd5276dce7f18e407ed0e4a898466", 3811 3811 + "result" : "acceptable", 3812 3812 + "flags" : [ 3813 3813 + "Twist" 3814 3814 + ] 3815 3815 + }, 3816 3816 + { 3817 3817 + "tcId" : 374, 3818 3818 + "comment" : "special case for DA + CB in multiplication by 6", 3819 3819 + "public" : "aa34d772e9ace43c4d92f4f85596ab9ccd8c36c4f4cbddc819afe2a33cb8b216", 3820 3820 + "private" : "109697f400210f9a92de80a8bed264097199bc240e22767b54d8bb22050b7a61", 3821 3821 + "shared" : "2533b845bb83e3d48cffa8dbd1edd5d601778662d5da03759152a5e0a84b357d", 3822 3822 + "result" : "valid", 3823 3823 + "flags" : [] 3824 3824 + }, 3825 3825 + { 3826 3826 + "tcId" : 375, 3827 3827 + "comment" : "special case for DA + CB in multiplication by 6", 3828 3828 + "public" : "1f06cfe464ccc0e27a5ec5f9edd9bc7bc822ad2ff5068ca5c963d20edd1a2d22", 3829 3829 + "private" : "d036308a53c11bebcb02e83688ad74fec43f8462ef4d806272676637d99b3765", 3830 3830 + "shared" : "eb40a3974b1b0310b1597d1f1f4101c08dca727455a9d8224cd061a7aa3cb628", 3831 3831 + "result" : "acceptable", 3832 3832 + "flags" : [ 3833 3833 + "Twist" 3834 3834 + ] 3835 3835 + }, 3836 3836 + { 3837 3837 + "tcId" : 376, 3838 3838 + "comment" : "special case for DA + CB in multiplication by 6", 3839 3839 + "public" : "9d4b2ed7817132af5830e899627ea97dc39bd3772e82f2d05769a918273dc02e", 3840 3840 + "private" : "786e5a5ff37405c769d0d3788c3c1b05a62a8442c385570e4438bc5f2eaacd67", 3841 3841 + "shared" : "9509757e289553cfa2cc71313473c3ff1eebce484ee237eae554fda3d3d22f0e", 3842 3842 + "result" : "valid", 3843 3843 + "flags" : [] 3844 3844 + }, 3845 3845 + { 3846 3846 + "tcId" : 377, 3847 3847 + "comment" : "special case for DA + CB in multiplication by 6", 3848 3848 + "public" : "4e056b317a31dd96f8ec14b48474af587d195efcc2a70f01f052ef882d7b3a45", 3849 3849 + "private" : "c01f66cb094289d728421dd46c6f9718412e1c546dad70e586851be4da58bf67", 3850 3850 + "shared" : "bad9f7b27dac64b0fc980a41f1cefa50c5ca40c714296c0c4042095c2db60e11", 3851 3851 + "result" : "valid", 3852 3852 + "flags" : [] 3853 3853 + }, 3854 3854 + { 3855 3855 + "tcId" : 378, 3856 3856 + "comment" : "special case for DA + CB in multiplication by 6", 3857 3857 + "public" : "72c60535e9c423f302d6a10796d954d778032cd4dbd40ca0f359e204d67b6f4c", 3858 3858 + "private" : "3877d9ce25cededeb572604f2d123df685690c26e181f777ed33302b82082966", 3859 3859 + "shared" : "51c359768ab0219003af193e2bdb8e5cc9f8e176b8db49e597afca3e7125e370", 3860 3860 + "result" : "valid", 3861 3861 + "flags" : [] 3862 3862 + }, 3863 3863 + { 3864 3864 + "tcId" : 379, 3865 3865 + "comment" : "special case for DA + CB in multiplication by 6", 3866 3866 + "public" : "5856358ed420047cd084f17ae696bad79a4d26c6d5bb79bfb82bbc6332442d51", 3867 3867 + "private" : "50b84618d073c4618f9aa69a3b8518da76dbb2127286214fb43a2b44503b9969", 3868 3868 + "shared" : "fa9fb0df4cfbacd0fbf3262d3a1bf8d7aacb45f73bf94671775e509c8043df7d", 3869 3869 + "result" : "valid", 3870 3870 + "flags" : [] 3871 3871 + }, 3872 3872 + { 3873 3873 + "tcId" : 380, 3874 3874 + "comment" : "special case for DA + CB in multiplication by 6", 3875 3875 + "public" : "c31e37b04332abca8315f317171566aef38111f622d8bffa29c23c0151cdad6e", 3876 3876 + "private" : "109acfa638e112f6bbec21e352a74e8fc9b7ffe5d9dc28634eeb516e59830a63", 3877 3877 + "shared" : "91ac72b0ed8d7fc4c8846b8a2530d9fb8f0532064880c00dab100c977697db28", 3878 3878 + "result" : "acceptable", 3879 3879 + "flags" : [ 3880 3880 + "Twist" 3881 3881 + ] 3882 3882 + }, 3883 3883 + { 3884 3884 + "tcId" : 381, 3885 3885 + "comment" : "special case for z_2 in multiplication by 6", 3886 3886 + "public" : "b775e016b32a97f49971121906763f3a0b41689092b9583b6710cf7dee03a61c", 3887 3887 + "private" : "685c0784aa6d194c1b859bda44c4e27cd1dfdf34776e498dd03d09f87ae68a65", 3888 3888 + "shared" : "11393bb548813e04fb54133edbe0626458e80981885e1fe5f3377e8ebe9afa52", 3889 3889 + "result" : "acceptable", 3890 3890 + "flags" : [ 3891 3891 + "Twist" 3892 3892 + ] 3893 3893 + }, 3894 3894 + { 3895 3895 + "tcId" : 382, 3896 3896 + "comment" : "special case for z_2 in multiplication by 6", 3897 3897 + "public" : "f8bd0e7cf6ec6186f205ab03ab72c8f6b3cde8f6ad9b166916a04d43d1d6d546", 3898 3898 + "private" : "18e9a05a20436cf0dbc3d5b92dac8d996e62ea11fbb3445f29195fc75a8beb69", 3899 3899 + "shared" : "0a83a224fbfcbc5d0f07f6dd8ebb2e9bbee8134f0fab268002ce837f5495d833", 3900 3900 + "result" : "acceptable", 3901 3901 + "flags" : [ 3902 3902 + "Twist" 3903 3903 + ] 3904 3904 + }, 3905 3905 + { 3906 3906 + "tcId" : 383, 3907 3907 + "comment" : "special case for z_2 in multiplication by 6", 3908 3908 + "public" : "8dfee48ad8b367488ea4dafcf7086e305356a80901f87c720149a5f522337453", 3909 3909 + "private" : "00e099eb23125dab5ec35a419d455d0ba8c01da160f9354e9fb21e6a55d55c64", 3910 3910 + "shared" : "45dc39831f3471d7466bbe29c8142b1a6d6b00c47fea021be2ffc452d9046806", 3911 3911 + "result" : "valid", 3912 3912 + "flags" : [] 3913 3913 + }, 3914 3914 + { 3915 3915 + "tcId" : 384, 3916 3916 + "comment" : "special case for z_2 in multiplication by 6", 3917 3917 + "public" : "8f68bfc57d792c322ebb27f44a37c1c93e7eb15c5d5fcedffc1de850487b3372", 3918 3918 + "private" : "b0ca251e0dbae7324a6ca0c2c8d6a888edd12d1447d400a47bcba004b648716e", 3919 3919 + "shared" : "a29005c6b9dbf1707dc2adce4506b55831e8675b7d2d54b0c1037741e3bc611b", 3920 3920 + "result" : "valid", 3921 3921 + "flags" : [] 3922 3922 + }, 3923 3923 + { 3924 3924 + "tcId" : 385, 3925 3925 + "comment" : "special case for D in multiplication by 6", 3926 3926 + "public" : "ff0f15adeab334afeda3916785ddd38d252dce9876c2357b643b5dc2c06a3b1d", 3927 3927 + "private" : "a8b64b8ed397773b8290425ca5c2f7c3e50fac7a4781bd4a54c133781c9a1360", 3928 3928 + "shared" : "9f04e42c1b2f311d87e1470a4708bba25ac6ffd3f7b486f9b6b502ecbb2c004e", 3929 3929 + "result" : "valid", 3930 3930 + "flags" : [] 3931 3931 + }, 3932 3932 + { 3933 3933 + "tcId" : 386, 3934 3934 + "comment" : "special case for D in multiplication by 6", 3935 3935 + "public" : "1076fdc827f2550ee95ff9a15d044aedfac65b5e9ba809f62438ccea54637a29", 3936 3936 + "private" : "d0cd0db51ff232afa0919d3106fcb3a8ae581ef12d09c877aa6f31ef74eed068", 3937 3937 + "shared" : "688000bd60af375b4eeac4a7d0e0782c0e6188eabdc608b732f49b4d6ccab44f", 3938 3938 + "result" : "valid", 3939 3939 + "flags" : [] 3940 3940 + }, 3941 3941 + { 3942 3942 + "tcId" : 387, 3943 3943 + "comment" : "special case for D in multiplication by 6", 3944 3944 + "public" : "ed1c82082b74cc2aaebf3dc772ba09557c0fc14139a8814fc5f9370bb8e98858", 3945 3945 + "private" : "204a3b5652854ff48e25cd385cabe6360f64ce44fea5621db1fa2f6e219f3063", 3946 3946 + "shared" : "e0a82f313046024b3cea93b98e2f8ecf228cbfab8ae10b10292c32feccff1603", 3947 3947 + "result" : "acceptable", 3948 3948 + "flags" : [ 3949 3949 + "Twist" 3950 3950 + ] 3951 3951 + }, 3952 3952 + { 3953 3953 + "tcId" : 388, 3954 3954 + "comment" : "special case for D in multiplication by 6", 3955 3955 + "public" : "12e1589a34094af5f121c9bd3c1119f2b1f05264c573f667a748683c5633a47e", 3956 3956 + "private" : "88109b1d0e7bace44d41a15d5bcbcd36968c5b8b47c0a2c606b57c4a68cc5f66", 3957 3957 + "shared" : "1fcc50333eb90706935f25b02f437bfd22b6b16cc375afff8a1aa7432fb86251", 3958 3958 + "result" : "acceptable", 3959 3959 + "flags" : [ 3960 3960 + "Twist" 3961 3961 + ] 3962 3962 + }, 3963 3963 + { 3964 3964 + "tcId" : 389, 3965 3965 + "comment" : "special case for DA in multiplication by 6", 3966 3966 + "public" : "151f54a8a899711757b3b118fc5501779d621d25227af53d0af00b7583ba8824", 3967 3967 + "private" : "5082e497c42979cdbfdd1b3b0653cfea6f2ceb7d07639ebf3541866bb60edb62", 3968 3968 + "shared" : "fac30a74f4ca99f6cf233065e9acd826690cab364bf69320b58095783ed76e11", 3969 3969 + "result" : "valid", 3970 3970 + "flags" : [] 3971 3971 + }, 3972 3972 + { 3973 3973 + "tcId" : 390, 3974 3974 + "comment" : "special case for DA in multiplication by 6", 3975 3975 + "public" : "a819c667ed466bd9a69ea0b38642ee8e53f40a50377b051eb590142dd27e3431", 3976 3976 + "private" : "f85a8db44f9e56b11729f51682a9769fc504f93597cbe39444616b224532106e", 3977 3977 + "shared" : "17f6543c4727e7f129ee82477655577635c125a20c3dc8ba206ca3cc4854ca6c", 3978 3978 + "result" : "acceptable", 3979 3979 + "flags" : [ 3980 3980 + "Twist" 3981 3981 + ] 3982 3982 + }, 3983 3983 + { 3984 3984 + "tcId" : 391, 3985 3985 + "comment" : "special case for DA in multiplication by 6", 3986 3986 + "public" : "40b053d056668982a1f550be95e16348e303945f53a3ac64491a9a56d4095b71", 3987 3987 + "private" : "505a076641fac398fc7d8c629937f42db559db5e12052ad366d46d7b20e95769", 3988 3988 + "shared" : "889a8d611e0a7da71475e7c93a2d7f6f7228c787a00ee5cf55474adc376ff762", 3989 3989 + "result" : "valid", 3990 3990 + "flags" : [] 3991 3991 + }, 3992 3992 + { 3993 3993 + "tcId" : 392, 3994 3994 + "comment" : "special case for DA in multiplication by 6", 3995 3995 + "public" : "e7dd0549a765bbef34be2e8da18a1bc1b989a8b0614d358ebf38c12a9ca64079", 3996 3996 + "private" : "e8db2bf1af5b8907420789c56e71414706aef0d9f6ffaed0c249c3b7ab14bf65", 3997 3997 + "shared" : "37232fb397af27f5fb5ca493284ff1c5d25786b0d716c73b33aca8d42265f318", 3998 3998 + "result" : "acceptable", 3999 3999 + "flags" : [ 4000 4000 + "Twist" 4001 4001 + ] 4002 4002 + }, 4003 4003 + { 4004 4004 + "tcId" : 393, 4005 4005 + "comment" : "special case for z_2 in multiplication by 7", 4006 4006 + "public" : "1ee1b9a74604ac31c3db83280170e3811504fcc78c7626b5b2c07a99d80daa0a", 4007 4007 + "private" : "c006ab1762720882017d106b9a4675fdd47005657155c90ca61d4cbf7cc4f973", 4008 4008 + "shared" : "a1b30418436ba1908804ffcce1be2cdcf50c61a8e3938d95c790abdb786b8022", 4009 4009 + "result" : "valid", 4010 4010 + "flags" : [] 4011 4011 + }, 4012 4012 + { 4013 4013 + "tcId" : 394, 4014 4014 + "comment" : "special case for z_2 in multiplication by 7", 4015 4015 + "public" : "f226c2d6bd7831eda1b51ee5aec29443a507ef9f7a04e2340f349dbf14933844", 4016 4016 + "private" : "d071807d607953da432d8574d5f3f420676dafdbc6a285a36e1d737624d77c75", 4017 4017 + "shared" : "a5976fda89954a81e442107f9e416a2b4b481bbd4654ebc0c7b57a78b45b4979", 4018 4018 + "result" : "acceptable", 4019 4019 + "flags" : [ 4020 4020 + "Twist" 4021 4021 + ] 4022 4022 + }, 4023 4023 + { 4024 4024 + "tcId" : 395, 4025 4025 + "comment" : "special case for z_2 in multiplication by 7", 4026 4026 + "public" : "c5197312de3a7a3ee11b29873bae3fc8c85109c66784804f89435db210fcc24b", 4027 4027 + "private" : "304b526f6fe994731980c0975529bca4d061017fbec56f6070d42678d3e11177", 4028 4028 + "shared" : "55b5b5eb38b127617ffe00056d84d35a5071d18783e3a82b5f4e131b1538b150", 4029 4029 + "result" : "acceptable", 4030 4030 + "flags" : [ 4031 4031 + "Twist" 4032 4032 + ] 4033 4033 + }, 4034 4034 + { 4035 4035 + "tcId" : 396, 4036 4036 + "comment" : "special case for z_2 in multiplication by 7", 4037 4037 + "public" : "590ed0b879319c38a19962a5d216ff2bfaf33555518877969c20c054cbe43e56", 4038 4038 + "private" : "982ddf2c035789379b8a58917d5c3c6c061b503b19a0028e01894c2eb371d079", 4039 4039 + "shared" : "0080e5b9985a960a832133812a7ab9951c6b2c75894deb3e35509190a6bdf457", 4040 4040 + "result" : "acceptable", 4041 4041 + "flags" : [ 4042 4042 + "Twist" 4043 4043 + ] 4044 4044 + }, 4045 4045 + { 4046 4046 + "tcId" : 397, 4047 4047 + "comment" : "special case for z_2 in multiplication by 7", 4048 4048 + "public" : "7c5f0143a6682f60ccad16f21150c7bb5bc6f807254d08b353fc96ce07bceb6f", 4049 4049 + "private" : "78cc3ec0687e3e53d9cec56b79d11bf049d173f127f5b40fae122a6d0016cd76", 4050 4050 + "shared" : "5241222226638c4bbbc98792cdbd74882ca2e08aa2edf313070425031009e925", 4051 4051 + "result" : "valid", 4052 4052 + "flags" : [] 4053 4053 + }, 4054 4054 + { 4055 4055 + "tcId" : 398, 4056 4056 + "comment" : "special case for BB in multiplication by 7", 4057 4057 + "public" : "010850a0974d3e89c029d252b46f739548294c0f9a23183863f9455b9559c211", 4058 4058 + "private" : "c86fc76650cf3b58837aa0f0633560415241c6c4f8f293ba0222b7d6a3875773", 4059 4059 + "shared" : "63788190b10d7451f5fc2b82c421151db4f3e22782e392da6d8d3aba2c344306", 4060 4060 + "result" : "valid", 4061 4061 + "flags" : [] 4062 4062 + }, 4063 4063 + { 4064 4064 + "tcId" : 399, 4065 4065 + "comment" : "special case for BB in multiplication by 7", 4066 4066 + "public" : "ad1dd82c23d6a0d5fe0f2a4561d1c16733a3e1e6afa6d902dd077dc43a961628", 4067 4067 + "private" : "888d51c0a2230369e5b65a814b3213dde2e62f2eb95d0971486b733e4f90c174", 4068 4068 + "shared" : "e4b40974a166ac49ed831715c071c751752744b891465e6c45001855aacdc362", 4069 4069 + "result" : "valid", 4070 4070 + "flags" : [] 4071 4071 + }, 4072 4072 + { 4073 4073 + "tcId" : 400, 4074 4074 + "comment" : "special case for BB in multiplication by 7", 4075 4075 + "public" : "d0c0d6393c41f4d7e0d5e850b7716f401eda1e028a4ed4a05bea8bf81acfd930", 4076 4076 + "private" : "68bed425d534315584d80f79da6eab9b7e6036b51fe62e1ad933e266640b4673", 4077 4077 + "shared" : "514a4cd0676f1c3101c8c45c17ad416bd33e20a405544fc1a60449abb22fa104", 4078 4078 + "result" : "valid", 4079 4079 + "flags" : [] 4080 4080 + }, 4081 4081 + { 4082 4082 + "tcId" : 401, 4083 4083 + "comment" : "special case for E in multiplication by 7", 4084 4084 + "public" : "0f460100d88a1d316dff02d1b22ffb2e42d99d0b92474fc3ec7d62567d0cf112", 4085 4085 + "private" : "98ff2856ef44b4fa14d86782ea793828bdf6f1ef9b669cac1aae338a7bb69376", 4086 4086 + "shared" : "ed83e810ce5ff0868f8589623bb13478dec1c22326c92765ae5e48c84bbabb24", 4087 4087 + "result" : "acceptable", 4088 4088 + "flags" : [ 4089 4089 + "Twist" 4090 4090 + ] 4091 4091 + }, 4092 4092 + { 4093 4093 + "tcId" : 402, 4094 4094 + "comment" : "special case for E in multiplication by 7", 4095 4095 + "public" : "13756a411ff3ae0c39222dde0810f08c432463162d81ef061071249a48439e15", 4096 4096 + "private" : "b0cdbfdd98bd988d7c6a530455c51c57dd33fd2c7aee3961971bd3a31388fc71", 4097 4097 + "shared" : "ff94862117d3c6edc9dd5f4852fa8a589452b924ca8a75cb23b3d68dfed88c4b", 4098 4098 + "result" : "valid", 4099 4099 + "flags" : [] 4100 4100 + }, 4101 4101 + { 4102 4102 + "tcId" : 403, 4103 4103 + "comment" : "special case for E in multiplication by 7", 4104 4104 + "public" : "8fc1fae969a6185404db22749ef6d225de86773a4d1bf3857eb8fbbd829a1b47", 4105 4105 + "private" : "e0677644ed4935f01e052e9967302d0fb78ff22bb92fbae0605f3ee54e2f6878", 4106 4106 + "shared" : "1c94868bc8acb3137498209b2812feb53501389f5aa37fecbfd5cb54e1358e0e", 4107 4107 + "result" : "valid", 4108 4108 + "flags" : [] 4109 4109 + }, 4110 4110 + { 4111 4111 + "tcId" : 404, 4112 4112 + "comment" : "special case for E in multiplication by 7", 4113 4113 + "public" : "7bab0891ecb9e72a15771f0a4fff90547024206339c340b1a2fdb53bcfb86b59", 4114 4114 + "private" : "887b61553843ca99ad1ca92253a6fe082b82494752513fd53ff6530f54c40572", 4115 4115 + "shared" : "adbf3b439b16dbc653578f53374ed3a86f9c0bf1f736573349773bc3b8d60734", 4116 4116 + "result" : "valid", 4117 4117 + "flags" : [] 4118 4118 + }, 4119 4119 + { 4120 4120 + "tcId" : 405, 4121 4121 + "comment" : "special case for AA in multiplication by 7", 4122 4122 + "public" : "102e95eadca7c3c28e5d52336c857bad99ea246f299b06334f401276f49ca814", 4123 4123 + "private" : "00615e4697014fc12484ef53a1440206410a8df78caa0bfff82161db83fea574", 4124 4124 + "shared" : "3952efb93573ae9ce2162d10e4b8c46435859f3f2778db89f72bc579e695cb51", 4125 4125 + "result" : "acceptable", 4126 4126 + "flags" : [ 4127 4127 + "Twist" 4128 4128 + ] 4129 4129 + }, 4130 4130 + { 4131 4131 + "tcId" : 406, 4132 4132 + "comment" : "special case for AA in multiplication by 7", 4133 4133 + "public" : "3548c16bf31afdcd445ad9bef0e60d7bd6195aa591ca8c82813cd7d446226720", 4134 4134 + "private" : "58175113550faad56458fb375a6cb3f05df2f6ff3c4ee09d4a6ba643e022d17a", 4135 4135 + "shared" : "96128f929fc03c1269d429f609a1a8acac7a758e3446a125ecf4a359a0e37b73", 4136 4136 + "result" : "acceptable", 4137 4137 + "flags" : [ 4138 4138 + "Twist" 4139 4139 + ] 4140 4140 + }, 4141 4141 + { 4142 4142 + "tcId" : 407, 4143 4143 + "comment" : "special case for AA in multiplication by 7", 4144 4144 + "public" : "ba74e766d44855ec93bd441aa41058a4c4ad2be63c639a3f9a87bde51eeaba20", 4145 4145 + "private" : "009738e1e6efef9e2cad8b416fe90a098eb5cb0199f2df5218166c7b181ea079", 4146 4146 + "shared" : "fec3e94cb5f316625b090c2c820828ce0f3ee431e8d6e12abccc7ef2bd0be81a", 4147 4147 + "result" : "valid", 4148 4148 + "flags" : [] 4149 4149 + }, 4150 4150 + { 4151 4151 + "tcId" : 408, 4152 4152 + "comment" : "special case for AA in multiplication by 7", 4153 4153 + "public" : "9a5a1d37e5010c356aa80afb347c3d613542ddfa0be7abb8e8cdcd6674411449", 4154 4154 + "private" : "c82019159be792747a39f388ea48a8c568594e3383273e51100721b376e8ba73", 4155 4155 + "shared" : "96903bac9dc60b6178d734890c25db4bed9ea4dbcf6fcbcdc90e6f5694c8b21c", 4156 4156 + "result" : "valid", 4157 4157 + "flags" : [] 4158 4158 + }, 4159 4159 + { 4160 4160 + "tcId" : 409, 4161 4161 + "comment" : "special case for AA in multiplication by 7", 4162 4162 + "public" : "630847e28274dbae5491210303c85a359074ee742957b0fc3c9ff55d9e019a50", 4163 4163 + "private" : "10ac9f8383262ef280faac1e4da15a7de4f2cb74af33b50e0d82dcb85d8bcb70", 4164 4164 + "shared" : "50050d0ab1ddd2dd90c460ab8f09e1f80e37cae57d4231adae10c10a4a2b003e", 4165 4165 + "result" : "valid", 4166 4166 + "flags" : [] 4167 4167 + }, 4168 4168 + { 4169 4169 + "tcId" : 410, 4170 4170 + "comment" : "special case for AA in multiplication by 7", 4171 4171 + "public" : "11749b00a45067af2c7e7d50f8d178d5a9fedb8f1b69b239763885bc611b136c", 4172 4172 + "private" : "b84c098382f6e37d510cc33e62ddc664e02c8bb6ed9ed0e5fa78cc099a26fe73", 4173 4173 + "shared" : "9170c4c628d5fcfd0ec719cf6e1796dab0a69e46d6379fffa247d444a0056041", 4174 4174 + "result" : "valid", 4175 4175 + "flags" : [] 4176 4176 + }, 4177 4177 + { 4178 4178 + "tcId" : 411, 4179 4179 + "comment" : "special case for AA in multiplication by 7", 4180 4180 + "public" : "df1021d8f95950afde77c86ba5ee2f5876ef778376a7fdc7efb8dff0e4836e7b", 4181 4181 + "private" : "78cde8930a1d81aef6601f71409728854987578b0f8349588c04adbe2c1f6e74", 4182 4182 + "shared" : "d7d2a82953f680cee0c81c4d00fe628ac530ce682eb7fb3b0af24f804a58ef5c", 4183 4183 + "result" : "valid", 4184 4184 + "flags" : [] 4185 4185 + }, 4186 4186 + { 4187 4187 + "tcId" : 412, 4188 4188 + "comment" : "special case for x_2 in multiplication by 7", 4189 4189 + "public" : "2743ba408d5f68c65324a485086a004b6bbf784cc9e8b1a7dbeb8c4b9414b018", 4190 4190 + "private" : "b0fe7b06b9950600b3a7ce1d7bb2a1d984194cc9d6c8964504c364dd5c875b74", 4191 4191 + "shared" : "a6b97da989dccf730f122d455152328051c8ed9abc1815c19eec6501d6cfc77c", 4192 4192 + "result" : "acceptable", 4193 4193 + "flags" : [ 4194 4194 + "Twist" 4195 4195 + ] 4196 4196 + }, 4197 4197 + { 4198 4198 + "tcId" : 413, 4199 4199 + "comment" : "special case for x_2 in multiplication by 7", 4200 4200 + "public" : "cc275a2cdd9125e52f20ce2abad41f920afa5a643fb7f276ef416f761d689f1e", 4201 4201 + "private" : "f0c9c3984854d5bd599d3819738a023eb795e93586dc0e5e29b1c870c612d178", 4202 4202 + "shared" : "b210e368729501d9f9b6ebefbebae38f195f91eaf2a5a3a49288bb615ff2216c", 4203 4203 + "result" : "valid", 4204 4204 + "flags" : [] 4205 4205 + }, 4206 4206 + { 4207 4207 + "tcId" : 414, 4208 4208 + "comment" : "special case for x_2 in multiplication by 7", 4209 4209 + "public" : "4929543101ee7ae239059cd134c35d400e50d0821441351d0fa6c3d54efb342e", 4210 4210 + "private" : "906c2f12be89702db26fa7ee905ce36525d2dee4e96a879ca07da097a6aa5075", 4211 4211 + "shared" : "b9e3796c58701ded4237c52994501cee14e18f2fb02b781a8400923484bd4a6c", 4212 4212 + "result" : "valid", 4213 4213 + "flags" : [] 4214 4214 + }, 4215 4215 + { 4216 4216 + "tcId" : 415, 4217 4217 + "comment" : "special case for x_2 in multiplication by 7", 4218 4218 + "public" : "1324e0368597b3181555bb5b2cc7b7ebba46931aeabb6f05ababd4240f0fb933", 4219 4219 + "private" : "f026031ea373e1d16e6e7e0357bc96bc093f4b6bb76a738cbb54fe6cfd2ea271", 4220 4220 + "shared" : "6dcdf8e86903b0caded124d8a7da18e623430ca869aaf267d31029d93de99e66", 4221 4221 + "result" : "acceptable", 4222 4222 + "flags" : [ 4223 4223 + "Twist" 4224 4224 + ] 4225 4225 + }, 4226 4226 + { 4227 4227 + "tcId" : 416, 4228 4228 + "comment" : "special case for x_2 in multiplication by 7", 4229 4229 + "public" : "c7f3842297d6941cac63d6f1bdaea0709437c82dbc9161fc1bae6c79d668eb44", 4230 4230 + "private" : "703f4ac8667d77f9536045cf748f18d42345e39ccab10c18dde0f5170d307f73", 4231 4231 + "shared" : "385ddbf2505ebf537bf5e976b61a4b69d190ae965b7e4a81ae4e1c16b7148748", 4232 4232 + "result" : "acceptable", 4233 4233 + "flags" : [ 4234 4234 + "Twist" 4235 4235 + ] 4236 4236 + }, 4237 4237 + { 4238 4238 + "tcId" : 417, 4239 4239 + "comment" : "special case for x_2 in multiplication by 7", 4240 4240 + "public" : "1e4660ba865fb8085afd4692885d74237fa3bca5af4b84ba3de400f16a5ac45c", 4241 4241 + "private" : "c8a96ae4e77271a0680dd24fcb09f9c5d3ee8316536eec7cc2276597e50fe37f", 4242 4242 + "shared" : "0fbaea73f9518795e026c1fc1079c3738aeb9ee9c8dc9761d65bbf8f94e30154", 4243 4243 + "result" : "valid", 4244 4244 + "flags" : [] 4245 4245 + }, 4246 4246 + { 4247 4247 + "tcId" : 418, 4248 4248 + "comment" : "special case for x_2 in multiplication by 7", 4249 4249 + "public" : "2488bb6fadb79d46585ff01c160c5b4172799d92bd168edceb65cededc492762", 4250 4250 + "private" : "d0dde8eda38c3783442864c0cb46a0e9832dcf784c21268a21bed2cace87cd70", 4251 4251 + "shared" : "510c64151e5d0737fc324bd15fb5d3966908751cd1a06954b556196655ee5540", 4252 4252 + "result" : "acceptable", 4253 4253 + "flags" : [ 4254 4254 + "Twist" 4255 4255 + ] 4256 4256 + }, 4257 4257 + { 4258 4258 + "tcId" : 419, 4259 4259 + "comment" : "special case for x_2 in multiplication by 7", 4260 4260 + "public" : "a0c1087811af1491171bc51691b8ca84716af36c4baa764ec536280cc1983d6d", 4261 4261 + "private" : "c09cd47e1ce53604f14e4e13426c8f08962f556bcd81f8d75375b1507c6fda78", 4262 4262 + "shared" : "23ef825e1c8e6e64428001a7463e32a9701c81cf78203e6ae753740c91570e6b", 4263 4263 + "result" : "acceptable", 4264 4264 + "flags" : [ 4265 4265 + "Twist" 4266 4266 + ] 4267 4267 + }, 4268 4268 + { 4269 4269 + "tcId" : 420, 4270 4270 + "comment" : "special case for x_2 in multiplication by 7", 4271 4271 + "public" : "cc5c97934607d8b981bce1d6a232bb3aecc3001f698ae1ae84938fbf2861077b", 4272 4272 + "private" : "e09a5f74f318f02303857aa0208d76913d9e240a80549d12013118bad620597f", 4273 4273 + "shared" : "0e55a7ec1a2ddbea1ac5981200812232f7f4c3a60ee3c9ab09f2163bd13da329", 4274 4274 + "result" : "acceptable", 4275 4275 + "flags" : [ 4276 4276 + "Twist" 4277 4277 + ] 4278 4278 + }, 4279 4279 + { 4280 4280 + "tcId" : 421, 4281 4281 + "comment" : "special case for DA - CB in multiplication by 7", 4282 4282 + "public" : "238de7fcc8a3f194c3554c328efb1215d0640ac674b61a98ef934ec004cfd73b", 4283 4283 + "private" : "706cee5f9b357c03b2f1913294f6e4f0ca5a190a87d30268327d0cb6bdd5bc79", 4284 4284 + "shared" : "0681036a0d27583ba6f2be7630613171a33fb8a6c8991c53b379999f0f15923b", 4285 4285 + "result" : "acceptable", 4286 4286 + "flags" : [ 4287 4287 + "Twist" 4288 4288 + ] 4289 4289 + }, 4290 4290 + { 4291 4291 + "tcId" : 422, 4292 4292 + "comment" : "special case for DA - CB in multiplication by 7", 4293 4293 + "public" : "ac9fd80a45da109fa2329390e5a951cfc03065d7bb4a7855826ccb22c3bfeb3d", 4294 4294 + "private" : "40e300cb1ff260574f85b3f04aac478464a86e6203b3d4656418f4305157877b", 4295 4295 + "shared" : "67b88774f19bd1081d6f23656a135803e34ae1cdcae10818124a78569c299f42", 4296 4296 + "result" : "valid", 4297 4297 + "flags" : [] 4298 4298 + }, 4299 4299 + { 4300 4300 + "tcId" : 423, 4301 4301 + "comment" : "special case for DA - CB in multiplication by 7", 4302 4302 + "public" : "a45ab1dc2fa2c50718fb4985d9791401e8d2d34ffe3cd93cffb4e870cce5e855", 4303 4303 + "private" : "882f78b4558b7faa835904c9235e32f300fc8b5ef0a718406a5c8520ca54d071", 4304 4304 + "shared" : "a512e864bd898a5ba6551adcebd836c6a78e7871728e1b8ee528d483af276104", 4305 4305 + "result" : "valid", 4306 4306 + "flags" : [] 4307 4307 + }, 4308 4308 + { 4309 4309 + "tcId" : 424, 4310 4310 + "comment" : "special case for DA - CB in multiplication by 7", 4311 4311 + "public" : "1761d3d50ba46b446655aa6a8d9b8b75aa5bb24a7953208d5b69fcc38f18ec7a", 4312 4312 + "private" : "d8649b735590a17d0fc4c378fbf4c2f7d6600569b2e84cbe0ff7bcdbac0b5f71", 4313 4313 + "shared" : "518b778cf5e976c60235abcf6211a18bad2a8e693ab261074c7fab43dbb5da27", 4314 4314 + "result" : "valid", 4315 4315 + "flags" : [] 4316 4316 + }, 4317 4317 + { 4318 4318 + "tcId" : 425, 4319 4319 + "comment" : "special case for D in multiplication by 8", 4320 4320 + "public" : "dc99ad0031463e4537c01e16629966d1b962c0b4e4872f067ca3c26ccc957001", 4321 4321 + "private" : "a8edec59ae6ba23813ec54d66df152e0626762b97d4b0c20e0dd8a5695d86e47", 4322 4322 + "shared" : "6cfa935f24b031ff261a7cd3526660fd6b396c5c30e299575f6a322281191e03", 4323 4323 + "result" : "acceptable", 4324 4324 + "flags" : [ 4325 4325 + "Twist" 4326 4326 + ] 4327 4327 + }, 4328 4328 + { 4329 4329 + "tcId" : 426, 4330 4330 + "comment" : "special case for D in multiplication by 8", 4331 4331 + "public" : "b32750fd80d2d7c62c6b8e39670654baea5719a3e072e99507fd5bcb23898264", 4332 4332 + "private" : "1098723ffe567ea6dcc8d04ecc01efafeea0aee44e1c733be8b1e5d97c8b8041", 4333 4333 + "shared" : "c623e2d2083f18110a525f2b66d89ed82d313b6a2dd082f6b7a6e733134f5a06", 4334 4334 + "result" : "valid", 4335 4335 + "flags" : [] 4336 4336 + }, 4337 4337 + { 4338 4338 + "tcId" : 427, 4339 4339 + "comment" : "special case for D in multiplication by 8", 4340 4340 + "public" : "e7b3205777b375f1b1515a50a16a6067953ff221e12b4f416d74fb28c1c85865", 4341 4341 + "private" : "a0f20df98b49218ac832f26fa8c218a0d6872eb7aea07c1d43c9ff699b465b47", 4342 4342 + "shared" : "388ea421650a8d837bad8904018195e99ef494c2d170b93ee721a67d2c108729", 4343 4343 + "result" : "acceptable", 4344 4344 + "flags" : [ 4345 4345 + "Twist" 4346 4346 + ] 4347 4347 + }, 4348 4348 + { 4349 4349 + "tcId" : 428, 4350 4350 + "comment" : "special case for DA + CB in multiplication by 8", 4351 4351 + "public" : "21cc338d7869e5863349cc739c8a6946cfc797cb82fbf62dcd2154844b106003", 4352 4352 + "private" : "30473a77a98374f67d5bd43df231ce142916aea0d271e72333fa47dc441a0247", 4353 4353 + "shared" : "b9e5728b37435b1d339988f93267d59f3bd1c517851c5a258e74cb64aea73d2d", 4354 4354 + "result" : "valid", 4355 4355 + "flags" : [] 4356 4356 + }, 4357 4357 + { 4358 4358 + "tcId" : 429, 4359 4359 + "comment" : "special case for DA + CB in multiplication by 8", 4360 4360 + "public" : "c34217c02072d7e2bca0454525030780cfb60215d7ca82dbec8f4a59034c5f43", 4361 4361 + "private" : "d8657be3a30fc85fb2f3a68e92ace1b31b26e76e6bdb6727aea507cb7c10dc45", 4362 4362 + "shared" : "20b67b205e22ce87fd44a8e8fd10a6d8890b9270b60e1c6a68b4aa78e6e37961", 4363 4363 + "result" : "valid", 4364 4364 + "flags" : [] 4365 4365 + }, 4366 4366 + { 4367 4367 + "tcId" : 430, 4368 4368 + "comment" : "special case for DA + CB in multiplication by 8", 4369 4369 + "public" : "8abb8cfd60c6f8a4d84d0750d3b40a4f846b30edf2052fef7df84142cd0d9e47", 4370 4370 + "private" : "882f5578ae4a13d8f5af473bdde1709bf2e059df809ee05b505f34de857c3447", 4371 4371 + "shared" : "5faba645fc21f9421ebd35c69bdb1d85b46f95e3746ff7f4886bc280a9ab2522", 4372 4372 + "result" : "acceptable", 4373 4373 + "flags" : [ 4374 4374 + "Twist" 4375 4375 + ] 4376 4376 + }, 4377 4377 + { 4378 4378 + "tcId" : 431, 4379 4379 + "comment" : "special case for DA + CB in multiplication by 8", 4380 4380 + "public" : "9fd7b49a08f206688d72db737df8e517aa7b764f5de7c9a2b1c3fcbaa985f64c", 4381 4381 + "private" : "98294db7cbf4958bfb3ed21d5d5c91e13cc8dc27b3c716c86f7167a4819f8741", 4382 4382 + "shared" : "9cb8a0f4ad86a27b96ca61242eab198db2767d3862dd323e41368fcdcc5fab68", 4383 4383 + "result" : "acceptable", 4384 4384 + "flags" : [ 4385 4385 + "Twist" 4386 4386 + ] 4387 4387 + }, 4388 4388 + { 4389 4389 + "tcId" : 432, 4390 4390 + "comment" : "special case for DA + CB in multiplication by 8", 4391 4391 + "public" : "c4fefac7acd448e8fd4d6ac4f5dd1bc21f2c67d638444060918fb344aa77e757", 4392 4392 + "private" : "789bc4047ad81b9b6656eef298b766e8763a2f8ea64e374a603dc1fdf2eee146", 4393 4393 + "shared" : "4b42fcf84b51b2b82f1f70b3cf49bd9dc6ab2672920a8de37e81ba7e99acf734", 4394 4394 + "result" : "acceptable", 4395 4395 + "flags" : [ 4396 4396 + "Twist" 4397 4397 + ] 4398 4398 + }, 4399 4399 + { 4400 4400 + "tcId" : 433, 4401 4401 + "comment" : "special case for DA + CB in multiplication by 8", 4402 4402 + "public" : "a8341deecc0be6db11401ef7f884ac3ade35650cc21f14b5cdb0a5cf0ee6b15a", 4403 4403 + "private" : "801ffe4e0f6eeb8a50c8fe79663ff585f9d6aebcfbf4b7edc676c693900cb141", 4404 4404 + "shared" : "e55fc931669bd02d1c64689eda62648212b1078c43b5caf97cf9763ff87a3455", 4405 4405 + "result" : "valid", 4406 4406 + "flags" : [] 4407 4407 + }, 4408 4408 + { 4409 4409 + "tcId" : 434, 4410 4410 + "comment" : "special case for DA + CB in multiplication by 8", 4411 4411 + "public" : "55a0e6631a52f29fb90a1777ccbc69ff94547459d541f72e8316e4d616535a67", 4412 4412 + "private" : "e04e412383a63b338b70e1be5fd75995350321dee428aa4f3ba62a50a3b0de44", 4413 4413 + "shared" : "87f7976a17f3e03a7f1eb74e6db950b8c0994f40b7903495599d227725809e01", 4414 4414 + "result" : "valid", 4415 4415 + "flags" : [] 4416 4416 + }, 4417 4417 + { 4418 4418 + "tcId" : 435, 4419 4419 + "comment" : "special case for DA + CB in multiplication by 8", 4420 4420 + "public" : "7976d520f1a2512d564af41c68313f5351b0156d5118be4817f192798ae9777d", 4421 4421 + "private" : "382dbe9f10158bfbb7d1d79a35a7809214899a6b8572b35b55875d79bd2f1640", 4422 4422 + "shared" : "3bb3e30105a71901b115065e39bdb3e053d387b39027b12c92cdf4c638adf00d", 4423 4423 + "result" : "acceptable", 4424 4424 + "flags" : [ 4425 4425 + "Twist" 4426 4426 + ] 4427 4427 + }, 4428 4428 + { 4429 4429 + "tcId" : 436, 4430 4430 + "comment" : "special case for AA in multiplication by 8", 4431 4431 + "public" : "a26a722f7ba71ccfc96ed8e108d7c9f842d17f92051ee7d429ea7fa7908ab907", 4432 4432 + "private" : "60c9af7f4d03136a6034ae52deadfd9d4f274ad8122812eb92a53169c8354141", 4433 4433 + "shared" : "f5cb3a1b76185a29a6360b2142feebb11f3d08f4fd8d73df3a5228624a521c02", 4434 4434 + "result" : "valid", 4435 4435 + "flags" : [] 4436 4436 + }, 4437 4437 + { 4438 4438 + "tcId" : 437, 4439 4439 + "comment" : "special case for AA in multiplication by 8", 4440 4440 + "public" : "ca3a2d96f5dda482b002324cbbdcf1dacc9815eab797c7151c3a88c75cded621", 4441 4441 + "private" : "283fae8bd8b294de2848056449751965abb5c7fa86ba4c2c5cdc3bb524dad140", 4442 4442 + "shared" : "b0b47868e70465ee2dd737f1ba5a6399e09cd813d72da7585ab45c946cc28d4d", 4443 4443 + "result" : "valid", 4444 4444 + "flags" : [] 4445 4445 + }, 4446 4446 + { 4447 4447 + "tcId" : 438, 4448 4448 + "comment" : "special case for AA in multiplication by 8", 4449 4449 + "public" : "eebd858850b56febb707f27a7aad5ff5ab4b0e0c73b9c86ec4ca0f42e7f38e75", 4450 4450 + "private" : "401539703ca4980db4ba42c59fc29e83b4189f2ddea53ba54ca966c06898a640", 4451 4451 + "shared" : "581e4b12b0f39a7cc42dee4513ecfdd20b595f905f17ad8c1fbf1b5cb2068b31", 4452 4452 + "result" : "acceptable", 4453 4453 + "flags" : [ 4454 4454 + "Twist" 4455 4455 + ] 4456 4456 + }, 4457 4457 + { 4458 4458 + "tcId" : 439, 4459 4459 + "comment" : "special case for z_2 in multiplication by 8", 4460 4460 + "public" : "c800bf799783275eb93312b43dc032ccdfb00a4b77c8b3772cd2fec8db7e4a09", 4461 4461 + "private" : "c8eb056286e098e6b2c79e42f007ebc6ab3705346cdbdace949b5de1e8c36743", 4462 4462 + "shared" : "6bf264532fc70a6a7e459f4579eca6b84f8f76ab85c3264b20bca725a6eb6c40", 4463 4463 + "result" : "valid", 4464 4464 + "flags" : [] 4465 4465 + }, 4466 4466 + { 4467 4467 + "tcId" : 440, 4468 4468 + "comment" : "special case for z_2 in multiplication by 8", 4469 4469 + "public" : "7bbc504e04d134eedc13f06dfdfc69c518257a3f374040a49a8d21dac109110c", 4470 4470 + "private" : "487882956c49c69fd0e2d7277a24fb1dbe4b0365b36a13f63440248bca2fbb42", 4471 4471 + "shared" : "690305c9e192cd8a513f705b3f101ecdf3db1ea15a09c4a1bce3a8cdc3a1a93f", 4472 4472 + "result" : "valid", 4473 4473 + "flags" : [] 4474 4474 + }, 4475 4475 + { 4476 4476 + "tcId" : 441, 4477 4477 + "comment" : "special case for z_2 in multiplication by 8", 4478 4478 + "public" : "132533db62aff4fa06e96314383bf58ebdec5183a19f2e4cb17552ae19a3366e", 4479 4479 + "private" : "9876010f4d64c77ffc4d7dccd72b9ac82078deb883609650b8cff8a686719d46", 4480 4480 + "shared" : "c58591b33e490e4766ff7addff570ce4e89a98338015a55df3d2f232aea3fc4f", 4481 4481 + "result" : "valid", 4482 4482 + "flags" : [] 4483 4483 + }, 4484 4484 + { 4485 4485 + "tcId" : 442, 4486 4486 + "comment" : "special case for B in multiplication by 8", 4487 4487 + "public" : "ceb90c56508cf330c7f25bab42b05b5612a8310690107ac63a404c0ade788009", 4488 4488 + "private" : "a8a5d4f7894a519537babfac736de36054f508dae434b4fe63cd5633846a2647", 4489 4489 + "shared" : "3d145851b6ff2b92b5807ed1df21eb50c9f24c4474d4721db3abb7356df7b764", 4490 4490 + "result" : "valid", 4491 4491 + "flags" : [] 4492 4492 + }, 4493 4493 + { 4494 4494 + "tcId" : 443, 4495 4495 + "comment" : "special case for B in multiplication by 8", 4496 4496 + "public" : "66a09767a0d83bb18d404e1200375a745d1f1f749d5dc6f84a205efa6a11bc65", 4497 4497 + "private" : "f83e4647e82c560aa082c59641e13bf366be8f24dc01d14801e67841160bed47", 4498 4498 + "shared" : "1401829aac4e64bcfa297a7effc60477090d3627a64a35b872ae055d2091785f", 4499 4499 + "result" : "acceptable", 4500 4500 + "flags" : [ 4501 4501 + "Twist" 4502 4502 + ] 4503 4503 + }, 4504 4504 + { 4505 4505 + "tcId" : 444, 4506 4506 + "comment" : "special case for B in multiplication by 8", 4507 4507 + "public" : "39d431316307c85747bd2bcf4f9e0f8892ee45df15f7806ce65147d97f503478", 4508 4508 + "private" : "58c6b94bce9b15f64946c2aa6a4e383b0b2d4365b7997eb2310ac4eef1803145", 4509 4509 + "shared" : "a0ebe6908c5472f937769b9aeb313224437fc5d73f4f866fe7ef41f30e359e09", 4510 4510 + "result" : "valid", 4511 4511 + "flags" : [] 4512 4512 + }, 4513 4513 + { 4514 4514 + "tcId" : 445, 4515 4515 + "comment" : "special case for C in multiplication by 8", 4516 4516 + "public" : "84c92d8ecf3d0cb22dde7d721f04140c2d9c179cc813ce6cf8db2dce6168880d", 4517 4517 + "private" : "786a97207adbd4b0d6bfc9f49b18660ad3606c12e325044b8690b4fa07874641", 4518 4518 + "shared" : "07538f1b6583041c4949fafae3349d62f9dd302d3d86857af0dedc0d5ad6741f", 4519 4519 + "result" : "acceptable", 4520 4520 + "flags" : [ 4521 4521 + "Twist" 4522 4522 + ] 4523 4523 + }, 4524 4524 + { 4525 4525 + "tcId" : 446, 4526 4526 + "comment" : "special case for C in multiplication by 8", 4527 4527 + "public" : "a9cedb9e942a47221e4296953220d10007db327d2acb68da6ef3a4f877b8ef1e", 4528 4528 + "private" : "282310210e575a59393cf19bbe6e24752dc247706f1e0031e5d39b2de4fff745", 4529 4529 + "shared" : "1223505fbb534c1bc6108e6b98b4f0af29e11158c02d333d6559beecd6d3e558", 4530 4530 + "result" : "acceptable", 4531 4531 + "flags" : [ 4532 4532 + "Twist" 4533 4533 + ] 4534 4534 + }, 4535 4535 + { 4536 4536 + "tcId" : 447, 4537 4537 + "comment" : "special case for C in multiplication by 8", 4538 4538 + "public" : "64e1c0c5f59405bbc6c7db41a3485cc9f91c183b0f2b7e1894a7abd8fbbeeb23", 4539 4539 + "private" : "c8bf2fd4c40d00f1465aada682b12fa92dec10343484ab62b8871337de1d3345", 4540 4540 + "shared" : "ee031868165f456f75907bf39742b820e0f8e6df9f9768d757d408e1cc92ff7b", 4541 4541 + "result" : "acceptable", 4542 4542 + "flags" : [ 4543 4543 + "Twist" 4544 4544 + ] 4545 4545 + }, 4546 4546 + { 4547 4547 + "tcId" : 448, 4548 4548 + "comment" : "special case for C in multiplication by 8", 4549 4549 + "public" : "a68d2f55e60eac7983926310f4fae13f95b2bbf140be5ea91751884d900ab44d", 4550 4550 + "private" : "c06a4a4b70f613136f18c0f88e2245086c3d1a52717210a21ac9d63682f2e740", 4551 4551 + "shared" : "c954fa7b042c32943e03191e367d54be0085fa8950ef2bec99620df79ecbea4b", 4552 4552 + "result" : "acceptable", 4553 4553 + "flags" : [ 4554 4554 + "Twist" 4555 4555 + ] 4556 4556 + }, 4557 4557 + { 4558 4558 + "tcId" : 449, 4559 4559 + "comment" : "special case for x_2 in multiplication by 8", 4560 4560 + "public" : "6d3cd623f26a7453fa05a01ae758ba84d3c58d93d60ce32735a15e0d053d5b12", 4561 4561 + "private" : "20596e1dc56596823d37698dfa699c79874aaefde797f863ef92135980fb2043", 4562 4562 + "shared" : "7c3219b3c1fae1f95590ac843efd2084a1f4bd3efa2f592f022032db64ebcd77", 4563 4563 + "result" : "valid", 4564 4564 + "flags" : [] 4565 4565 + }, 4566 4566 + { 4567 4567 + "tcId" : 450, 4568 4568 + "comment" : "special case for x_2 in multiplication by 8", 4569 4569 + "public" : "8f195547346b3d53b7ea4f742b22f1ef7b3cc01a7d3dcd19aa7c5b03f31bd214", 4570 4570 + "private" : "38141518e8e5efa1d031c6c4d95480239f6c30b8ccd8c751a9e04bd3aec17342", 4571 4571 + "shared" : "a31f6b249d64a87c4aed329c6c05c3f2240b3ca938ccdc920ba8016c1aeaeb45", 4572 4572 + "result" : "acceptable", 4573 4573 + "flags" : [ 4574 4574 + "Twist" 4575 4575 + ] 4576 4576 + }, 4577 4577 + { 4578 4578 + "tcId" : 451, 4579 4579 + "comment" : "special case for x_2 in multiplication by 8", 4580 4580 + "public" : "ffc4fe2c2127a309c739565651e9812f834a86dbadbb78776977f786ecdb0217", 4581 4581 + "private" : "207147f2b68fef1efc10a04f988f0eb18b273b0b5ed17aa7af32c90480e19b43", 4582 4582 + "shared" : "4cff9f53ce82064882329a18ea4e4d0bc6d80a631c87c9e6fdc918f9c1bda34a", 4583 4583 + "result" : "acceptable", 4584 4584 + "flags" : [ 4585 4585 + "Twist" 4586 4586 + ] 4587 4587 + }, 4588 4588 + { 4589 4589 + "tcId" : 452, 4590 4590 + "comment" : "special case for x_2 in multiplication by 8", 4591 4591 + "public" : "8475babeeab9980d426abd5323dfb335b219e129bddae4d6cebcda50754a6825", 4592 4592 + "private" : "488084537b840f9c93ca57b3ee80491418d44221113e03f56355302604d03547", 4593 4593 + "shared" : "248d3d1a49b7d173eb080ab716ac8fde6bd1c3ed8e7fd5b448af21bcdc2c1616", 4594 4594 + "result" : "acceptable", 4595 4595 + "flags" : [ 4596 4596 + "Twist" 4597 4597 + ] 4598 4598 + }, 4599 4599 + { 4600 4600 + "tcId" : 453, 4601 4601 + "comment" : "special case for x_2 in multiplication by 8", 4602 4602 + "public" : "81f90a2f6633d30c2b72a25795d2a49463a80b6b0edc5aa68bae4bf738185539", 4603 4603 + "private" : "28cfc1d03f5c7428ff3e20b137268b33ccc74db03582d2127c566df4ac99f441", 4604 4604 + "shared" : "66c6e70cf630be90a2c88fcde7f58cff3868660fa96406e8df4ac677dbd85f50", 4605 4605 + "result" : "valid", 4606 4606 + "flags" : [] 4607 4607 + }, 4608 4608 + { 4609 4609 + "tcId" : 454, 4610 4610 + "comment" : "special case for x_2 in multiplication by 8", 4611 4611 + "public" : "41626e33b3c8f48bd19e49ded307f2b63bde705c4f3cdf9d4f92bf37c48cba42", 4612 4612 + "private" : "c8e37d10f3d03db3f43e467bddf98f595cb529ad253c20d491282d1400b9e740", 4613 4613 + "shared" : "06283fcf69dc83e99d92e5336f499a1d8fa75ed2c819b5ae6ea8094454324b27", 4614 4614 + "result" : "valid", 4615 4615 + "flags" : [] 4616 4616 + }, 4617 4617 + { 4618 4618 + "tcId" : 455, 4619 4619 + "comment" : "special case for x_2 in multiplication by 8", 4620 4620 + "public" : "ebb32f781c0e89b252e611f9d8f79f8567874c966598314b2f16aa44cfc07843", 4621 4621 + "private" : "00237e91406a7b4db61e780c5976fbb926cdace2fbdfdbcfce65e6dbe7782a42", 4622 4622 + "shared" : "7d2affb43355f5db1294daff55f59b1f17e7d25bca20746f12484d78e5015517", 4623 4623 + "result" : "valid", 4624 4624 + "flags" : [] 4625 4625 + }, 4626 4626 + { 4627 4627 + "tcId" : 456, 4628 4628 + "comment" : "special case for x_2 in multiplication by 8", 4629 4629 + "public" : "fa75e6f08ca815b4e42af24a8e057c9e00e828e33d12c0e94d1012a758336744", 4630 4630 + "private" : "489c4184a23a8f5eec68a31b41aa2c0392cd6fb123f10acdb4de75292b4b9a43", 4631 4631 + "shared" : "ef8e78cab091d667888489fd3a2ec93fb633427d02eb77b328d556f2b2b0e266", 4632 4632 + "result" : "valid", 4633 4633 + "flags" : [] 4634 4634 + }, 4635 4635 + { 4636 4636 + "tcId" : 457, 4637 4637 + "comment" : "special case for x_2 in multiplication by 8", 4638 4638 + "public" : "4d96320cdb0ca52655e91118c33f93afe4ae69e9e513ff4506750b8ea784ce46", 4639 4639 + "private" : "c05957fbc3a0e2c22a2aef627651ca1e99307b82a0c6170f7950a334f3004941", 4640 4640 + "shared" : "c8d85bfa74b4b26461297b350c975183fea9d33ba29c3a4934509c2ecda58a79", 4641 4641 + "result" : "acceptable", 4642 4642 + "flags" : [ 4643 4643 + "Twist" 4644 4644 + ] 4645 4645 + }, 4646 4646 + { 4647 4647 + "tcId" : 458, 4648 4648 + "comment" : "special case for x_2 in multiplication by 8", 4649 4649 + "public" : "c0ef1b7c20237db370501f24274e4eba91998ae4545f937007e1c4a2eab63365", 4650 4650 + "private" : "60111c6629f73635985be964b845f87a88ae5652d45bb1451ce8cfd2ea45fe41", 4651 4651 + "shared" : "22557e0d8741ed2a63afd5e313aa1579fc0c88c7772e23a676c94b60c89df577", 4652 4652 + "result" : "acceptable", 4653 4653 + "flags" : [ 4654 4654 + "Twist" 4655 4655 + ] 4656 4656 + }, 4657 4657 + { 4658 4658 + "tcId" : 459, 4659 4659 + "comment" : "special case for x_2 in multiplication by 8", 4660 4660 + "public" : "d534d8ff4d56a73ef7615e94523b17e35edb3d0fb87e98c68536f63f114a8d6c", 4661 4661 + "private" : "58785889a216d15456582d4e1e3de9e9ca4a432954416d81caf52b2b434c1746", 4662 4662 + "shared" : "54d7fc17bad00296ba50b0f3d5bf8fb83f82d571952a5fdb5a494120cc61446b", 4663 4663 + "result" : "valid", 4664 4664 + "flags" : [] 4665 4665 + }, 4666 4666 + { 4667 4667 + "tcId" : 460, 4668 4668 + "comment" : "special case for x_2 in multiplication by 8", 4669 4669 + "public" : "733a711ba01b6e9b64a0be4cdca8c7cf3c66df2435d5248fb4413fec6ee03f70", 4670 4670 + "private" : "60bef38a3890ec1ed05c299fceb77db5ead4b88d9e931b0f21d664f77df9b544", 4671 4671 + "shared" : "db6851b12585bc11be9362c96a545c6f2ba55f04009792463b96a38cb9b3f07c", 4672 4672 + "result" : "valid", 4673 4673 + "flags" : [] 4674 4674 + }, 4675 4675 + { 4676 4676 + "tcId" : 461, 4677 4677 + "comment" : "special case for x_2 in multiplication by 8", 4678 4678 + "public" : "35738dd539d60f69cd1a1cffc8a42b6af68fe7de45392d02831e2a77500ea278", 4679 4679 + "private" : "5854ee566878ef8b7ebaf5a058306f250edf0c84fd52af2d74b7ce3c1edda746", 4680 4680 + "shared" : "f6d1a664257fa5de3d4d57f04eda2976bf1e35cc3ac513e1ee84d57d2135ed13", 4681 4681 + "result" : "acceptable", 4682 4682 + "flags" : [ 4683 4683 + "Twist" 4684 4684 + ] 4685 4685 + }, 4686 4686 + { 4687 4687 + "tcId" : 462, 4688 4688 + "comment" : "special case for x_2 in multiplication by 8", 4689 4689 + "public" : "ce932b5af4be4721f96f7b79ba1c43b20687d4af49c37b58dc894279e04bb578", 4690 4690 + "private" : "985b551261fce38ddc8ff3add32f5c26811d271b9a1794e249dd76a38df28446", 4691 4691 + "shared" : "f8f7625ac5bde63f753a9bb4aefbfb9c4647207708af9d774ef08ff1b1e5a354", 4692 4692 + "result" : "acceptable", 4693 4693 + "flags" : [ 4694 4694 + "Twist" 4695 4695 + ] 4696 4696 + }, 4697 4697 + { 4698 4698 + "tcId" : 463, 4699 4699 + "comment" : "special case for E in multiplication by 8", 4700 4700 + "public" : "e3655448339e4850806eb58abba0c89185511ea72c37c49e9583ee6dd235d213", 4701 4701 + "private" : "8815052344dcad97efd1341e9072a808cf999e46e52cf04e0cfbcd9901e18d43", 4702 4702 + "shared" : "5e10dfbff4443efcae2ccc78c289a41460d5a82f79df726b8824ccbef7146d40", 4703 4703 + "result" : "acceptable", 4704 4704 + "flags" : [ 4705 4705 + "Twist" 4706 4706 + ] 4707 4707 + }, 4708 4708 + { 4709 4709 + "tcId" : 464, 4710 4710 + "comment" : "special case for E in multiplication by 8", 4711 4711 + "public" : "4d16965b1637e9d7ae8feb499ed0553962a9aa0022d1620c928072f6501bc41b", 4712 4712 + "private" : "b8e032e9e5ffbaa004390f3a0b900bc7cf5d11238b7ec964afc4bda2aa6c3444", 4713 4713 + "shared" : "19d7b44c1847c44e8f37a22ab69c180fd9d787f204123013e1b16800b9cd0f57", 4714 4714 + "result" : "acceptable", 4715 4715 + "flags" : [ 4716 4716 + "Twist" 4717 4717 + ] 4718 4718 + }, 4719 4719 + { 4720 4720 + "tcId" : 465, 4721 4721 + "comment" : "special case for E in multiplication by 8", 4722 4722 + "public" : "c6b9e6288737ad40452cec1022871d90af1642d10bd0a97792b1a9c8998e2220", 4723 4723 + "private" : "7012852211f6536fca79937e7e316c9149b0e20ea03f951e1bb072895ca0e044", 4724 4724 + "shared" : "db990d979f4f22f766e7826d93554e771b361de461274d6c37baadeb8ef7be4e", 4725 4725 + "result" : "valid", 4726 4726 + "flags" : [] 4727 4727 + }, 4728 4728 + { 4729 4729 + "tcId" : 466, 4730 4730 + "comment" : "special case for E in multiplication by 8", 4731 4731 + "public" : "d566fab505ac4c7a3dc3b9403ef121392cbbe21216e5bcb8eab2dc9408986e34", 4732 4732 + "private" : "d039c1b9ec4763e0ad8a0ef2b0870297d0f8b487e660595a484105d180e14a47", 4733 4733 + "shared" : "6d7fc5d4a8f534b1bc0fa5e078104234675c02664736957abdb27df6faf07c00", 4734 4734 + "result" : "acceptable", 4735 4735 + "flags" : [ 4736 4736 + "Twist" 4737 4737 + ] 4738 4738 + }, 4739 4739 + { 4740 4740 + "tcId" : 467, 4741 4741 + "comment" : "special case for E in multiplication by 8", 4742 4742 + "public" : "468d35ecfb6d9b7272523276cc5e13760519667f0e1e3888da4c56955fe91151", 4743 4743 + "private" : "58efcbc8777c1b54f09c61a216efd427292eb12312dbb3b32bd45254a6683e47", 4744 4744 + "shared" : "539c8d629ab51c2f3ea7278fd5f1c31b6c150a82fe3f786b93ffa159fd6d9316", 4745 4745 + "result" : "valid", 4746 4746 + "flags" : [] 4747 4747 + }, 4748 4748 + { 4749 4749 + "tcId" : 468, 4750 4750 + "comment" : "special case for E in multiplication by 8", 4751 4751 + "public" : "1929538743977dfea20bf4927ddabb2f3bb15cac2461054508849718854b5568", 4752 4752 + "private" : "c8d73446026cd0ea795773c2eb7b16348cd5f228e352dbc77328c2d8b9cde240", 4753 4753 + "shared" : "dee3fd19c8f296415448b21af44385ec46727bbe67d4839b93efe2f680e76d34", 4754 4754 + "result" : "valid", 4755 4755 + "flags" : [] 4756 4756 + }, 4757 4757 + { 4758 4758 + "tcId" : 469, 4759 4759 + "comment" : "special case for E in multiplication by 8", 4760 4760 + "public" : "2d7ab4c6f59865355ee8e9de57db19aadf7708b7c1d1a818487c340623badc6d", 4761 4761 + "private" : "98b559523bc778b0418af53c0c32f6ff5cf771ff5df8ae7cbf7c3b72aedb5b43", 4762 4762 + "shared" : "2a0340aaafa05d00529c09057ed0145f34d2de66a3e149cf084ea97168914f39", 4763 4763 + "result" : "acceptable", 4764 4764 + "flags" : [ 4765 4765 + "Twist" 4766 4766 + ] 4767 4767 + }, 4768 4768 + { 4769 4769 + "tcId" : 470, 4770 4770 + "comment" : "special case for E in multiplication by 8", 4771 4771 + "public" : "43839f4a6aa206c82c5a73f49d8c9e573826b3ba7235d312987c17aebee62776", 4772 4772 + "private" : "589815027caf82714e96c9f91bace66ec4ba3e92df3fa14b9b8fe503556e4543", 4773 4773 + "shared" : "00313717d33e3b41a0865986157582e053502a172b88d01bb7b10831a9fc4e6c", 4774 4774 + "result" : "valid", 4775 4775 + "flags" : [] 4776 4776 + }, 4777 4777 + { 4778 4778 + "tcId" : 471, 4779 4779 + "comment" : "special case for E in multiplication by 8", 4780 4780 + "public" : "3c321e7f0b9e555bc264a2cea617e6b2b562ebab21fe0c226c3e487b7df9a27d", 4781 4781 + "private" : "80715f67270c99789855ceaea99b9957ccda33326f76bb4474ab52ab1ec37041", 4782 4782 + "shared" : "9b6be9e6f2fdb5d3321842225d3e91d14828cc53ba6654dabe190b0c3edeb309", 4783 4783 + "result" : "valid", 4784 4784 + "flags" : [] 4785 4785 + }, 4786 4786 + { 4787 4787 + "tcId" : 472, 4788 4788 + "comment" : "special case for DA - CB in multiplication by 8", 4789 4789 + "public" : "42e5a6b8e9654bb4ad624af3f491877977513cc8775c8fb312ad19dbf3903a28", 4790 4790 + "private" : "101b990bd83d684126ff047d930c27d086a588dd19683d2629f0e34f4374ab41", 4791 4791 + "shared" : "223f1eb552308373026d11c954684ce6db870b638b190b9443e50aae219f4e3e", 4792 4792 + "result" : "acceptable", 4793 4793 + "flags" : [ 4794 4794 + "Twist" 4795 4795 + ] 4796 4796 + }, 4797 4797 + { 4798 4798 + "tcId" : 473, 4799 4799 + "comment" : "special case for DA - CB in multiplication by 8", 4800 4800 + "public" : "0a51dd90ab985f6deaf72f16c45014da26df848697f6582d75688f5223342b51", 4801 4801 + "private" : "200089b712d9a2050597779d463712fcd223e3d67879c0fb7606f8f5f0efee40", 4802 4802 + "shared" : "fb95ce4a3c1f325638b7d47f4216d39a7c6c5da9a01caa297c37b62816555b2a", 4803 4803 + "result" : "acceptable", 4804 4804 + "flags" : [ 4805 4805 + "Twist" 4806 4806 + ] 4807 4807 + }, 4808 4808 + { 4809 4809 + "tcId" : 474, 4810 4810 + "comment" : "special case for DA - CB in multiplication by 8", 4811 4811 + "public" : "8842317357bde825ef438a1c53906fb8b04ea360f7ef338c78e668586047936a", 4812 4812 + "private" : "f04f87f4e623af4c31ceca0bb87fac2d5b12517b5a7284902ad75838e65f1e41", 4813 4813 + "shared" : "488b8341c9cb1bbf124510b9f8dae4faf2e0dca9b84e00e952a63b5aa328a860", 4814 4814 + "result" : "valid", 4815 4815 + "flags" : [] 4816 4816 + }, 4817 4817 + { 4818 4818 + "tcId" : 475, 4819 4819 + "comment" : "special case for DA - CB in multiplication by 8", 4820 4820 + "public" : "c71d92d3c92dbfaed755fb32797b667cc86b0e79362498e2aca38c689713b16e", 4821 4821 + "private" : "383cbd5a3dd0901d09a3cac3d3a77a979cecf15e206a553e4ca3f24b90783945", 4822 4822 + "shared" : "1129eae97bf75f7314f2e1b403b18737ad830c80429e2ba0d4866b362399855f", 4823 4823 + "result" : "valid", 4824 4824 + "flags" : [] 4825 4825 + }, 4826 4826 + { 4827 4827 + "tcId" : 476, 4828 4828 + "comment" : "special case for DA - CB in multiplication by 8", 4829 4829 + "public" : "3a21d1cf7b3744d1ad26197335844982c2a0c6a5aa835492bd03c401a4fe6778", 4830 4830 + "private" : "701df09e57b98aec375745df147b72949a6b2bb2ca3a34881512ee31e790ad42", 4831 4831 + "shared" : "072f51d94727f392d59dc7caff1f4460452352ec39c32a1c9f071e388833da56", 4832 4832 + "result" : "valid", 4833 4833 + "flags" : [] 4834 4834 + }, 4835 4835 + { 4836 4836 + "tcId" : 477, 4837 4837 + "comment" : "special case for CB in multiplication by 8", 4838 4838 + "public" : "d128ea3e13325ed6ebd6533a9fd3045a55f25ad8b67def30912843504c1aab29", 4839 4839 + "private" : "b0ffa5f4922bb117ad75ff43acac62331efaa45536fe88306e4a4cb58db73a47", 4840 4840 + "shared" : "30512142d3e3a4cad6726d9d35f2e043fca9dfb750884ae22b2547c840f3587b", 4841 4841 + "result" : "acceptable", 4842 4842 + "flags" : [ 4843 4843 + "Twist" 4844 4844 + ] 4845 4845 + }, 4846 4846 + { 4847 4847 + "tcId" : 478, 4848 4848 + "comment" : "special case for CB in multiplication by 8", 4849 4849 + "public" : "e079c8f8423165c7e0a2c48b4abe90aece4e6d903d7a5a1625fad0410cd55b32", 4850 4850 + "private" : "685e3271d2015741756612a930e858b930acf2018145f382c83d8cced2e22044", 4851 4851 + "shared" : "5b81b3761a66d199e8ef99d2494bd57a0229d4564a7f6d6055f22aa48681bd3a", 4852 4852 + "result" : "acceptable", 4853 4853 + "flags" : [ 4854 4854 + "Twist" 4855 4855 + ] 4856 4856 + }, 4857 4857 + { 4858 4858 + "tcId" : 479, 4859 4859 + "comment" : "special case for BB in multiplication by 8", 4860 4860 + "public" : "65922a06e9be4e8a5e8aceb1a4e08fe90f01e10ef2dd27315427cedfcf95ec32", 4861 4861 + "private" : "f8e161d69297e017d7c51b1b1ff3ba703d4c4cf8fc2b8ff47f74c3ff8c7d3541", 4862 4862 + "shared" : "038de7fdb9cc0030f5c11dda00589f0a95f65658815b06ed013553a02b6c5017", 4863 4863 + "result" : "valid", 4864 4864 + "flags" : [] 4865 4865 + }, 4866 4866 + { 4867 4867 + "tcId" : 480, 4868 4868 + "comment" : "special case for BB in multiplication by 8", 4869 4869 + "public" : "d36a240e972dc16e9b97a997ada337f02760d05c46d7f8d7b4e9ea9a635c7c64", 4870 4870 + "private" : "105d7589f8abef0acf0940da84a69e8f2f306fa73c9afd27342287c1dba80044", 4871 4871 + "shared" : "22b0dea3b3b7ca55eceeaae6443426548c7c15cc7ddf31780318d1c23879c16a", 4872 4872 + "result" : "valid", 4873 4873 + "flags" : [] 4874 4874 + }, 4875 4875 + { 4876 4876 + "tcId" : 481, 4877 4877 + "comment" : "special case for BB in multiplication by 8", 4878 4878 + "public" : "4f5b8b9892b8a46df08d76a4745b1c58d4e7a394905435875688ca11f1e9d86a", 4879 4879 + "private" : "1893d4388b0e90f0b50208aa8f0cc24f576d03641baf1c3eddb2a3efa69c9d40", 4880 4880 + "shared" : "a25e1306684ad7870a31f0404566e8d28f2d83d4b9497822c57f8781b18fec20", 4881 4881 + "result" : "acceptable", 4882 4882 + "flags" : [ 4883 4883 + "Twist" 4884 4884 + ] 4885 4885 + }, 4886 4886 + { 4887 4887 + "tcId" : 482, 4888 4888 + "comment" : "special case for BB in multiplication by 8", 4889 4889 + "public" : "aa2f02628269139a7a8a16fde95c9bad7da7ffbd5439c396a7d77b6c3213e67f", 4890 4890 + "private" : "0065171301bf6b90fb16efa35509161f1bd6b3b93130d490af9fe224dd155f45", 4891 4891 + "shared" : "bb4431bea7a5871c1be27a2674094627eaaa4425c99cd3fa41bd7e13cbd7bf7e", 4892 4892 + "result" : "acceptable", 4893 4893 + "flags" : [ 4894 4894 + "Twist" 4895 4895 + ] 4896 4896 + }, 4897 4897 + { 4898 4898 + "tcId" : 483, 4899 4899 + "comment" : "special case for A in multiplication by 8", 4900 4900 + "public" : "d995cb287e9a9c5791f3cae3d494a5b516a1e26cbc930f43e73c8b70b69d783b", 4901 4901 + "private" : "10c81a4e78d82145b266e1d74b3869bf1c27427803ebb11c92ff8073d1e4cc46", 4902 4902 + "shared" : "330f5d0b5bccc90f7694dfdd9c6449a62d93af8840eaf571e3e0610e0198b03f", 4903 4903 + "result" : "valid", 4904 4904 + "flags" : [] 4905 4905 + }, 4906 4906 + { 4907 4907 + "tcId" : 484, 4908 4908 + "comment" : "special case for A in multiplication by 8", 4909 4909 + "public" : "479afb1e73dc77c3743e51e9ec0bcc61ce66ed084dc10bfa2794b4c3e4953769", 4910 4910 + "private" : "48b98b4a99eadd73012c07fe5c4a0b9590ac55e821353b41d5f665e17188bc41", 4911 4911 + "shared" : "bdef00caa514b2f8ab1fb2241e83787a02601ecdff6cf166c4210f8c1ade4211", 4912 4912 + "result" : "acceptable", 4913 4913 + "flags" : [ 4914 4914 + "Twist" 4915 4915 + ] 4916 4916 + }, 4917 4917 + { 4918 4918 + "tcId" : 485, 4919 4919 + "comment" : "special case for DA in multiplication by 8", 4920 4920 + "public" : "378eda41470b0f238a200f80809ad562ca41e62411a61feb7f7e9b752b554642", 4921 4921 + "private" : "1897678e38222a61fe105dc6643c1eb5940e8dbc73ed6c00f25a34328f43a641", 4922 4922 + "shared" : "bfd5b5acd2d89f213a26caf54062f9a24e6f6fd8ddd0cd2e5e47b7fea4a9c537", 4923 4923 + "result" : "acceptable", 4924 4924 + "flags" : [ 4925 4925 + "Twist" 4926 4926 + ] 4927 4927 + }, 4928 4928 + { 4929 4929 + "tcId" : 486, 4930 4930 + "comment" : "special case for DA in multiplication by 8", 4931 4931 + "public" : "0cad7545ade2fd93fcae007c97648348f26d85829bdb7223a63eccb84e56d475", 4932 4932 + "private" : "a898af8138e11ae45bbcefa737182a571885f92d515c32056c7cb0d7deac4741", 4933 4933 + "shared" : "c8085877800c175e949cdd88e196eb9c4841da2ac446dfed9085bda5bbec265d", 4934 4934 + "result" : "valid", 4935 4935 + "flags" : [] 4936 4936 + }, 4937 4937 + { 4938 4938 + "tcId" : 487, 4939 4939 + "comment" : "special case for AA in multiplication by 9", 4940 4940 + "public" : "60f27ed0a27804ced237cf3c1cc776650fb320bae6d5acb564e97b56cba25210", 4941 4941 + "private" : "b0bfef6ec095b5a1f93917d32f16a21d0462c1fde17446f5a590232d9c895f4a", 4942 4942 + "shared" : "4c300895827382a9d1079028bd6f694a7a12ddac9c76abac6fdf5d29457a3310", 4943 4943 + "result" : "valid", 4944 4944 + "flags" : [] 4945 4945 + }, 4946 4946 + { 4947 4947 + "tcId" : 488, 4948 4948 + "comment" : "special case for AA in multiplication by 9", 4949 4949 + "public" : "f93a73270ac19194b8e4ffd02be4b1438525f84a76224688ea89a9dd6a1bd623", 4950 4950 + "private" : "60497d4464ed8823c50fbc6b68620826c4f629c1d9193058df6bf857c6aecc4b", 4951 4951 + "shared" : "7285fbb3f76340a979ab6e288727a2113332cf933809b018b8739a796a09d00b", 4952 4952 + "result" : "acceptable", 4953 4953 + "flags" : [ 4954 4954 + "Twist" 4955 4955 + ] 4956 4956 + }, 4957 4957 + { 4958 4958 + "tcId" : 489, 4959 4959 + "comment" : "special case for AA in multiplication by 9", 4960 4960 + "public" : "cf80c30fcbfd535666ca1da499e2e99cc537063e2de19458fcf92f5ee34acf47", 4961 4961 + "private" : "08c6cbe03792a3829f06e8ad54c55db113236ac0dcc9ab6a9a6b10eed1041b48", 4962 4962 + "shared" : "dabc3bd49f19cf7071802e43c863ed0b1d93a841588098b98a0c581bf4fe0a11", 4963 4963 + "result" : "acceptable", 4964 4964 + "flags" : [ 4965 4965 + "Twist" 4966 4966 + ] 4967 4967 + }, 4968 4968 + { 4969 4969 + "tcId" : 490, 4970 4970 + "comment" : "special case for AA in multiplication by 9", 4971 4971 + "public" : "698effe0ad42e15ee1f46fde6fc5074ffda183bcf1b2db8647f561ddd191dd60", 4972 4972 + "private" : "50044da3315dd082e9dfb6a1994aabb331f53e0d1c12633383b2a3c8678cfe4c", 4973 4973 + "shared" : "a61a3b150b4770532373676298c9a5da28adcc4365b06fe07c959ca80e477a57", 4974 4974 + "result" : "valid", 4975 4975 + "flags" : [] 4976 4976 + }, 4977 4977 + { 4978 4978 + "tcId" : 491, 4979 4979 + "comment" : "special case for AA in multiplication by 9", 4980 4980 + "public" : "bd1565b4a3f8515dff577be6dcb414511d3d4ec2de15e0bd45b28e9cc4caef60", 4981 4981 + "private" : "285640da7a48252e35ddce60c14addb73097fbc9ac2f87c8d2772ce89aa6be4d", 4982 4982 + "shared" : "916ab4f3bfc8321e1087d9c5444f8f7a43e9ca6d29e7ba98a19dc05fff34ed4c", 4983 4983 + "result" : "valid", 4984 4984 + "flags" : [] 4985 4985 + }, 4986 4986 + { 4987 4987 + "tcId" : 492, 4988 4988 + "comment" : "special case for AA in multiplication by 9", 4989 4989 + "public" : "b8649e13843f80cf5702398e4a9a8c378f29da96dfd6579f1eb4f7ea34df6765", 4990 4990 + "private" : "783271c21199ba2e94ead92cd9dd79f70aab378b59497455d327a5907dafcb4a", 4991 4991 + "shared" : "844a5dd5139554ca7b41cbe6a4796193912e7aa4e201cc68944ce2a55774a10f", 4992 4992 + "result" : "acceptable", 4993 4993 + "flags" : [ 4994 4994 + "Twist" 4995 4995 + ] 4996 4996 + }, 4997 4997 + { 4998 4998 + "tcId" : 493, 4999 4999 + "comment" : "special case for AA in multiplication by 9", 5000 5000 + "public" : "c396938737abdf791e09a97eba577c437d9b67c2dae94e13eab7296ec0fc737e", 5001 5001 + "private" : "d0676a0b9a046c62d5b2e740d9cc43fa37965dea93c23254f7bf569f2bebaa4a", 5002 5002 + "shared" : "10780333b2a6170136265bb5ebc6c818817f2e48ae372528c8f34433fdd6215a", 5003 5003 + "result" : "valid", 5004 5004 + "flags" : [] 5005 5005 + }, 5006 5006 + { 5007 5007 + "tcId" : 494, 5008 5008 + "comment" : "special case for DA - CB in multiplication by 9", 5009 5009 + "public" : "557b825012d98f065bb95a2ab9b2d2d8b83fd2037912508c263f86d7e36c4f24", 5010 5010 + "private" : "608c84d2b76fccda579e974db3d3b2ce39a6bc0dad440599db22411b60467849", 5011 5011 + "shared" : "5ce84842dbae8b795b3d545343558045508f271383bfb3dd3943f4101398c864", 5012 5012 + "result" : "acceptable", 5013 5013 + "flags" : [ 5014 5014 + "Twist" 5015 5015 + ] 5016 5016 + }, 5017 5017 + { 5018 5018 + "tcId" : 495, 5019 5019 + "comment" : "special case for z_2 in multiplication by 9", 5020 5020 + "public" : "ae98296d4a2fbcbb40b472f4063231608bb1465c226c8a4a2dff29afd915882a", 5021 5021 + "private" : "80f233936a8821936d39114c84d929e79760b27680779e5009e1709410dd8e4f", 5022 5022 + "shared" : "4f11aa0c313195f96f25cadcbf49f06a932d8b051879ea537d1c6dfee7f36d35", 5023 5023 + "result" : "valid", 5024 5024 + "flags" : [] 5025 5025 + }, 5026 5026 + { 5027 5027 + "tcId" : 496, 5028 5028 + "comment" : "special case for z_2 in multiplication by 9", 5029 5029 + "public" : "8b9d249829fbe81333d85050da88998f63fac665679e27dbbe21b745dd14e145", 5030 5030 + "private" : "c8d80b1a34f21194f047a6f0328bb947e2e7aff6a043553aa07f2abf99aaf048", 5031 5031 + "shared" : "1d619070bf5626064be10025e74e336c81ef3166b743f99c751fb90587c31d7e", 5032 5032 + "result" : "valid", 5033 5033 + "flags" : [] 5034 5034 + }, 5035 5035 + { 5036 5036 + "tcId" : 497, 5037 5037 + "comment" : "special case for z_2 in multiplication by 9", 5038 5038 + "public" : "61896093e2697c78230afdda12639cbe4342827b8d2b093281f148eb60b9034b", 5039 5039 + "private" : "9021477b452361580059364c6f94f4981ee94ea3f9b7d37439bc82ae45816f4d", 5040 5040 + "shared" : "532e797861db56b9d5db8825fb72f8629c2422f8abea721ad2d7b9e77a95b576", 5041 5041 + "result" : "valid", 5042 5042 + "flags" : [] 5043 5043 + }, 5044 5044 + { 5045 5045 + "tcId" : 498, 5046 5046 + "comment" : "special case for z_2 in multiplication by 9", 5047 5047 + "public" : "ccc1dc186229dba9a9360a0f7ff00247a3732625acaacd18ea13a9a8b40fac4f", 5048 5048 + "private" : "6079dae04c40a59ea4e0c8c17092e4c85ea9133d143307363487836df4e30349", 5049 5049 + "shared" : "4f678b64fd1f85cbbd5f7e7f3c8ac95ec7500e102e9006d6d42f48fb2473ab02", 5050 5050 + "result" : "acceptable", 5051 5051 + "flags" : [ 5052 5052 + "Twist" 5053 5053 + ] 5054 5054 + }, 5055 5055 + { 5056 5056 + "tcId" : 499, 5057 5057 + "comment" : "special case for z_2 in multiplication by 9", 5058 5058 + "public" : "69e368c0b7e78eb9f3a53bf458f6e79dc4883bf9458f04a8c12c4ddd94d62151", 5059 5059 + "private" : "281db6a5ac9a47d4a7b2b91a87f6536ce62d4e5129b8d647b97f9c504014894c", 5060 5060 + "shared" : "e069fd06702f10f33adb8cf0766880634865b510e2da409241fb5f178050514a", 5061 5061 + "result" : "valid", 5062 5062 + "flags" : [] 5063 5063 + }, 5064 5064 + { 5065 5065 + "tcId" : 500, 5066 5066 + "comment" : "special case for z_2 in multiplication by 9", 5067 5067 + "public" : "f21f9badd98dd8a103cc2ab5484fac6c2bfdd2671ee6e674134a86b89cee9160", 5068 5068 + "private" : "d830f3c4785829a0f945857e0e85e0ae723702b57783b933cd2a2ad05484fe49", 5069 5069 + "shared" : "fee218eb1f92864486e83c1731f04bb8c7e6d7143e3915bcbf80fe03ff69dc77", 5070 5070 + "result" : "valid", 5071 5071 + "flags" : [] 5072 5072 + }, 5073 5073 + { 5074 5074 + "tcId" : 501, 5075 5075 + "comment" : "special case for E in multiplication by 9", 5076 5076 + "public" : "e853062b2d6f38d021d645163ea208d0e193a479f11f99971b98e21188fd0b2c", 5077 5077 + "private" : "10230bd0721f4c8c4b921881dd88c603af501ee80e2102f8acc30cf8b2acd349", 5078 5078 + "shared" : "64bdfa0207a174ca17eeba8df74d79b25f54510e6174923034a4d6ee0c167e7b", 5079 5079 + "result" : "acceptable", 5080 5080 + "flags" : [ 5081 5081 + "Twist" 5082 5082 + ] 5083 5083 + }, 5084 5084 + { 5085 5085 + "tcId" : 502, 5086 5086 + "comment" : "special case for E in multiplication by 9", 5087 5087 + "public" : "362eb92dab9fb29f7ed0e03843dcc15797928c2b4e51ec260204179c1c12945f", 5088 5088 + "private" : "f0a34d6d76896e17cb8f66feda23115ffb96f246b823bb63dec08335787de74c", 5089 5089 + "shared" : "d7f4583ee4fe86af3a3f1dfcb295ba3a3e37bced7b9c6f000a95336530318902", 5090 5090 + "result" : "valid", 5091 5091 + "flags" : [] 5092 5092 + }, 5093 5093 + { 5094 5094 + "tcId" : 503, 5095 5095 + "comment" : "special case for E in multiplication by 9", 5096 5096 + "public" : "ff543f1e81996e88631f030ceba7e603b13033efd205e68bd36b28468134aa73", 5097 5097 + "private" : "9073c1d0a173c7ff02dc966a165993d9c4c9357514f7a6bb7aaa4b0827718948", 5098 5098 + "shared" : "c1b5e5f4401c98fa14eba8aafae30a641bfd8fb132be03413f3bf29290d49e0b", 5099 5099 + "result" : "acceptable", 5100 5100 + "flags" : [ 5101 5101 + "Twist" 5102 5102 + ] 5103 5103 + }, 5104 5104 + { 5105 5105 + "tcId" : 504, 5106 5106 + "comment" : "special case for x_2 in multiplication by 9", 5107 5107 + "public" : "90ef70844ead1613f69df7d78c057813f866c0d95e6d22caee4a012b9c1c4b33", 5108 5108 + "private" : "b0c1822566e016c12ae35ec035edd09af3cb7a48f55c9028e05e1178a8c3824e", 5109 5109 + "shared" : "9369ebb3d2b744341cba77302719a4b2d63aff612872f86d9877a76bc919ca1c", 5110 5110 + "result" : "valid", 5111 5111 + "flags" : [] 5112 5112 + }, 5113 5113 + { 5114 5114 + "tcId" : 505, 5115 5115 + "comment" : "special case for x_2 in multiplication by 9", 5116 5116 + "public" : "88c1ae575ad073dda66c6eacb7b7f436e1f8ad72a0db5c04e5660b7b719e4c4b", 5117 5117 + "private" : "e06fe64e2117796f997bbcd3bcad3067cf1291640a3a643fb359809a4016834d", 5118 5118 + "shared" : "335394be9c154901c0b4063300001804b1cd01b27fa562e44f3302168837166e", 5119 5119 + "result" : "acceptable", 5120 5120 + "flags" : [ 5121 5121 + "Twist" 5122 5122 + ] 5123 5123 + }, 5124 5124 + { 5125 5125 + "tcId" : 506, 5126 5126 + "comment" : "special case for x_2 in multiplication by 9", 5127 5127 + "public" : "dcffc4c1e1fba5fda9d5c98421d99c257afa90921bc212a046d90f6683e8a467", 5128 5128 + "private" : "707ee81f113a244c9d87608b12158c50f9ac1f2c8948d170ad16ab0ad866d74b", 5129 5129 + "shared" : "7ecdd54c5e15f7b4061be2c30b5a4884a0256581f87df60d579a3345653eb641", 5130 5130 + "result" : "acceptable", 5131 5131 + "flags" : [ 5132 5132 + "Twist" 5133 5133 + ] 5134 5134 + }, 5135 5135 + { 5136 5136 + "tcId" : 507, 5137 5137 + "comment" : "special case for BB in multiplication by 9", 5138 5138 + "public" : "6c0044cd10578c5aff1ff4917b041b76c9a9ae23664eb8cf978bd7aa192cf249", 5139 5139 + "private" : "7089654baacbb65bd00cd8cb9de4680e748075e8842ca69d448fb50fea85e74e", 5140 5140 + "shared" : "0d8c21fa800ee63ce5e473d4c2975495062d8afa655091122cb41799d374594f", 5141 5141 + "result" : "valid", 5142 5142 + "flags" : [] 5143 5143 + }, 5144 5144 + { 5145 5145 + "tcId" : 508, 5146 5146 + "comment" : "special case for BB in multiplication by 9", 5147 5147 + "public" : "d9089de902e143dcd9107e5a3393a3f7fe05d926c357b47e307a236cb590fd64", 5148 5148 + "private" : "8089784c52cd67e4536e568218c7b7033b28413f942fca24ed69e43496efa14b", 5149 5149 + "shared" : "db6fec44bf118316a6bdfbae9af447baede4d82daa16bed596ea6f05d4a51400", 5150 5150 + "result" : "valid", 5151 5151 + "flags" : [] 5152 5152 + }, 5153 5153 + { 5154 5154 + "tcId" : 509, 5155 5155 + "comment" : "special case for BB in multiplication by 9", 5156 5156 + "public" : "8c4a26aa319c2cc4a4158c2bc69a0d5b340b60628a14cf31bb0ae5ddc38ae866", 5157 5157 + "private" : "00e73e4e013148b9f05273bad626bb126a40ec4558f5425096b48947e0a9de4a", 5158 5158 + "shared" : "ecc1204bc753c4cec4c9059fd7b504944ebf995ab1b1d49f0b3b325353be3a15", 5159 5159 + "result" : "valid", 5160 5160 + "flags" : [] 5161 5161 + }, 5162 5162 + { 5163 5163 + "tcId" : 510, 5164 5164 + "comment" : "special case for BB in multiplication by 9", 5165 5165 + "public" : "ce7295d1227c9062aab9cf02fc5671fb81632e725367f131d4122824a6132d68", 5166 5166 + "private" : "78ed4c9bf9f44db8d93388985191ecf59226b9c1205fe7e762c327581c75884e", 5167 5167 + "shared" : "3740de297ff0122067951e8985247123440e0f27171da99e263d5b4450f59f3d", 5168 5168 + "result" : "valid", 5169 5169 + "flags" : [] 5170 5170 + }, 5171 5171 + { 5172 5172 + "tcId" : 511, 5173 5173 + "comment" : "private key == -1 (mod order)", 5174 5174 + "public" : "6c05871352a451dbe182ed5e6ba554f2034456ffe041a054ff9cc56b8e946376", 5175 5175 + "private" : "a023cdd083ef5bb82f10d62e59e15a6800000000000000000000000000000050", 5176 5176 + "shared" : "6c05871352a451dbe182ed5e6ba554f2034456ffe041a054ff9cc56b8e946376", 5177 5177 + "result" : "valid", 5178 5178 + "flags" : [] 5179 5179 + }, 5180 5180 + { 5181 5181 + "tcId" : 512, 5182 5182 + "comment" : "private key == 1 (mod order) on twist", 5183 5183 + "public" : "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035", 5184 5184 + "private" : "58083dd261ad91eff952322ec824c682ffffffffffffffffffffffffffffff5f", 5185 5185 + "shared" : "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035", 5186 5186 + "result" : "acceptable", 5187 5187 + "flags" : [ 5188 5188 + "Twist" 5189 5189 + ] 5190 5190 + }, 5191 5191 + { 5192 5192 + "tcId" : 513, 5193 5193 + "comment" : "special case private key", 5194 5194 + "public" : "3e3e7708ef72a6dd78d858025089765b1c30a19715ac19e8d917067d208e0666", 5195 5195 + "private" : "4855555555555555555555555555555555555555555555555555555555555555", 5196 5196 + "shared" : "63ef7d1c586476ec78bb7f747e321e01102166bf967a9ea9ba9741f49d439510", 5197 5197 + "result" : "valid", 5198 5198 + "flags" : [] 5199 5199 + }, 5200 5200 + { 5201 5201 + "tcId" : 514, 5202 5202 + "comment" : "special case private key", 5203 5203 + "public" : "9f40bb30f68ab67b1c4b8b664982fdab04ff385cd850deac732f7fb705e6013a", 5204 5204 + "private" : "4855555555555555555555555555555555555555555555555555555555555555", 5205 5205 + "shared" : "8b98ef4d6bf30df7f88e58d51505d37ed6845a969fe598747c033dcd08014065", 5206 5206 + "result" : "valid", 5207 5207 + "flags" : [] 5208 5208 + }, 5209 5209 + { 5210 5210 + "tcId" : 515, 5211 5211 + "comment" : "special case private key", 5212 5212 + "public" : "be3b3edeffaf83c54ae526379b23dd79f1cb41446e3687fef347eb9b5f0dc308", 5213 5213 + "private" : "4855555555555555555555555555555555555555555555555555555555555555", 5214 5214 + "shared" : "cfa83e098829fe82fd4c14355f70829015219942c01e2b85bdd9ac4889ec2921", 5215 5215 + "result" : "valid", 5216 5216 + "flags" : [] 5217 5217 + }, 5218 5218 + { 5219 5219 + "tcId" : 516, 5220 5220 + "comment" : "special case private key", 5221 5221 + "public" : "3e3e7708ef72a6dd78d858025089765b1c30a19715ac19e8d917067d208e0666", 5222 5222 + "private" : "b8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa6a", 5223 5223 + "shared" : "4782036d6b136ca44a2fd7674d8afb0169943230ac8eab5160a212376c06d778", 5224 5224 + "result" : "valid", 5225 5225 + "flags" : [] 5226 5226 + }, 5227 5227 + { 5228 5228 + "tcId" : 517, 5229 5229 + "comment" : "special case private key", 5230 5230 + "public" : "9f40bb30f68ab67b1c4b8b664982fdab04ff385cd850deac732f7fb705e6013a", 5231 5231 + "private" : "b8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa6a", 5232 5232 + "shared" : "65fc1e7453a3f8c7ebcd577ade4b8efe1035efc181ab3bdb2fcc7484cbcf1e4e", 5233 5233 + "result" : "valid", 5234 5234 + "flags" : [] 5235 5235 + }, 5236 5236 + { 5237 5237 + "tcId" : 518, 5238 5238 + "comment" : "special case private key", 5239 5239 + "public" : "be3b3edeffaf83c54ae526379b23dd79f1cb41446e3687fef347eb9b5f0dc308", 5240 5240 + "private" : "b8aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa6a", 5241 5241 + "shared" : "e3c649beae7cc4a0698d519a0a61932ee5493cbb590dbe14db0274cc8611f914", 5242 5242 + "result" : "valid", 5243 5243 + "flags" : [] 5244 5244 + } 5245 5245 + ] 5246 5246 + } 5247 5247 + ] 5248 5248 + }