diff --git a/Cargo-minimal.lock b/Cargo-minimal.lock index 3e7fd3d8b..52622cf36 100644 --- a/Cargo-minimal.lock +++ b/Cargo-minimal.lock @@ -223,7 +223,7 @@ dependencies = [ [[package]] name = "secp256k1-sys" -version = "0.11.0" +version = "0.12.0" dependencies = [ "cc", "libc", diff --git a/Cargo-recent.lock b/Cargo-recent.lock index 57d294f76..1fe42da54 100644 --- a/Cargo-recent.lock +++ b/Cargo-recent.lock @@ -214,7 +214,7 @@ dependencies = [ [[package]] name = "secp256k1-sys" -version = "0.11.0" +version = "0.12.0" dependencies = [ "cc", "libc", diff --git a/Cargo.toml b/Cargo.toml index efc6aed40..ca8d6697c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,7 @@ global-context-less-secure = ["global-context"] arbitrary = ["dep:arbitrary"] [dependencies] -secp256k1-sys = { version = "0.11.0", default-features = false, path = "./secp256k1-sys" } +secp256k1-sys = { version = "0.12.0-beta.0", default-features = false, path = "./secp256k1-sys" } arbitrary = { version = "1.4", optional = true } rand = { version = "0.9", default-features = false, optional = true } diff --git a/secp256k1-sys/CHANGELOG.md b/secp256k1-sys/CHANGELOG.md index d2ec70422..775048cf4 100644 --- a/secp256k1-sys/CHANGELOG.md +++ b/secp256k1-sys/CHANGELOG.md @@ -1,3 +1,10 @@ +# 0.12.0 - 2025-10-10 + +* Fix lowmemory feature [#799](https://github.com/rust-bitcoin/rust-secp256k1/pull/799) +* Add support for MuSig2, initial PR + [#716](https://github.com/rust-bitcoin/rust-secp256k1/pull/716) then + a bunch of follow up PRs. See `../CHANGELOG.md` for full listing. + # 0.10.0 - 2024-03-28 * Bump MSRV to Rust `v1.56.1` [#693](https://github.com/rust-bitcoin/rust-secp256k1/pull/693) diff --git a/secp256k1-sys/Cargo.toml b/secp256k1-sys/Cargo.toml index 3c7f7c36d..716f8b1d9 100644 --- a/secp256k1-sys/Cargo.toml +++ b/secp256k1-sys/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "secp256k1-sys" -version = "0.11.0" +version = "0.12.0" authors = [ "Dawid Ciężarkiewicz ", "Andrew Poelstra ", "Steven Roose " ] diff --git a/secp256k1-sys/depend/secp256k1-HEAD-revision.txt b/secp256k1-sys/depend/secp256k1-HEAD-revision.txt index ecdc0e55f..24396d6ac 100644 --- a/secp256k1-sys/depend/secp256k1-HEAD-revision.txt +++ b/secp256k1-sys/depend/secp256k1-HEAD-revision.txt @@ -1,2 +1,2 @@ # This file was automatically created by vendor-libsecp.sh -0cdc758a56360bf58a851fe91085a327ec97685a +baa265429fa8f1686138380e52a75c25b0344719 diff --git a/secp256k1-sys/depend/secp256k1/.cirrus.yml b/secp256k1-sys/depend/secp256k1/.cirrus.yml deleted file mode 100644 index 81a4f0432..000000000 --- a/secp256k1-sys/depend/secp256k1/.cirrus.yml +++ /dev/null @@ -1,101 +0,0 @@ -env: - ### cirrus config - CIRRUS_CLONE_DEPTH: 1 - ### compiler options - HOST: - WRAPPER_CMD: - # Specific warnings can be disabled with -Wno-error=foo. - # -pedantic-errors is not equivalent to -Werror=pedantic and thus not implied by -Werror according to the GCC manual. - WERROR_CFLAGS: -Werror -pedantic-errors - MAKEFLAGS: -j4 - BUILD: check - ### secp256k1 config - ECMULTWINDOW: 15 - ECMULTGENKB: 22 - ASM: no - WIDEMUL: auto - WITH_VALGRIND: yes - EXTRAFLAGS: - ### secp256k1 modules - EXPERIMENTAL: no - ECDH: no - RECOVERY: no - EXTRAKEYS: no - SCHNORRSIG: no - MUSIG: no - ELLSWIFT: no - ### test options - SECP256K1_TEST_ITERS: 64 - BENCH: yes - SECP256K1_BENCH_ITERS: 2 - CTIMETESTS: yes - # Compile and run the tests - EXAMPLES: yes - -cat_logs_snippet: &CAT_LOGS - always: - cat_tests_log_script: - - cat tests.log || true - cat_noverify_tests_log_script: - - cat noverify_tests.log || true - cat_exhaustive_tests_log_script: - - cat exhaustive_tests.log || true - cat_ctime_tests_log_script: - - cat ctime_tests.log || true - cat_bench_log_script: - - cat bench.log || true - cat_config_log_script: - - cat config.log || true - cat_test_env_script: - - cat test_env.log || true - cat_ci_env_script: - - env - -linux_arm64_container_snippet: &LINUX_ARM64_CONTAINER - env_script: - - env | tee /tmp/env - build_script: - - DOCKER_BUILDKIT=1 docker build --file "ci/linux-debian.Dockerfile" --tag="ci_secp256k1_arm" - - docker image prune --force # Cleanup stale layers - test_script: - - docker run --rm --mount "type=bind,src=./,dst=/ci_secp256k1" --env-file /tmp/env --replace --name "ci_secp256k1_arm" "ci_secp256k1_arm" bash -c "cd /ci_secp256k1/ && ./ci/ci.sh" - -task: - name: "ARM64: Linux (Debian stable)" - persistent_worker: - labels: - type: arm64 - env: - ECDH: yes - RECOVERY: yes - EXTRAKEYS: yes - SCHNORRSIG: yes - MUSIG: yes - ELLSWIFT: yes - matrix: - # Currently only gcc-snapshot, the other compilers are tested on GHA with QEMU - - env: { CC: 'gcc-snapshot' } - << : *LINUX_ARM64_CONTAINER - << : *CAT_LOGS - -task: - name: "ARM64: Linux (Debian stable), Valgrind" - persistent_worker: - labels: - type: arm64 - env: - ECDH: yes - RECOVERY: yes - EXTRAKEYS: yes - SCHNORRSIG: yes - MUSIG: yes - ELLSWIFT: yes - WRAPPER_CMD: 'valgrind --error-exitcode=42' - SECP256K1_TEST_ITERS: 2 - matrix: - - env: { CC: 'gcc' } - - env: { CC: 'clang' } - - env: { CC: 'gcc-snapshot' } - - env: { CC: 'clang-snapshot' } - << : *LINUX_ARM64_CONTAINER - << : *CAT_LOGS diff --git a/secp256k1-sys/depend/secp256k1/.github/actions/print-logs/action.yml b/secp256k1-sys/depend/secp256k1/.github/actions/print-logs/action.yml new file mode 100644 index 000000000..33de35cb3 --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/.github/actions/print-logs/action.yml @@ -0,0 +1,34 @@ +name: "Print logs" +description: "Print the log files produced by ci/ci.sh" +runs: + using: "composite" + steps: + - shell: bash + run: | + # Print the log files produced by ci/ci.sh + + # Helper functions + group() { + title=$1 + echo "::group::$title" + } + endgroup() { + echo "::endgroup::" + } + cat_file() { + file=$1 + group "$file" + cat "$file" + endgroup + } + + # Print all *.log files + shopt -s nullglob + for file in *.log; do + cat_file "$file" + done + + # Print environment + group "CI env" + env + endgroup diff --git a/secp256k1-sys/depend/secp256k1/.github/workflows/ci.yml b/secp256k1-sys/depend/secp256k1/.github/workflows/ci.yml index 54b2fab1c..9783251d6 100644 --- a/secp256k1-sys/depend/secp256k1/.github/workflows/ci.yml +++ b/secp256k1-sys/depend/secp256k1/.github/workflows/ci.yml @@ -40,13 +40,24 @@ env: BENCH: 'yes' SECP256K1_BENCH_ITERS: 2 CTIMETESTS: 'yes' + SYMBOL_CHECK: 'yes' # Compile and run the examples. EXAMPLES: 'yes' jobs: docker_cache: - name: "Build Docker image" - runs-on: ubuntu-latest + name: "Build ${{ matrix.arch }} Docker image" + runs-on: ${{ matrix.runner }} + + strategy: + fail-fast: false + matrix: + include: + - arch: x64 + runner: ubuntu-latest + - arch: arm64 + runner: ubuntu-24.04-arm + steps: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -59,11 +70,11 @@ jobs: uses: docker/build-push-action@v5 with: file: ./ci/linux-debian.Dockerfile - tags: linux-debian-image + tags: ${{ matrix.arch }}-debian-image cache-from: type=gha cache-to: type=gha,mode=min - linux_debian: + x86_64-debian: name: "x86_64: Linux (Debian stable)" runs-on: ubuntu-latest needs: docker_cache @@ -105,25 +116,11 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} i686_debian: name: "i686: Linux (Debian stable)" @@ -155,25 +152,11 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} s390x_debian: name: "s390x (big-endian): Linux (Debian stable, QEMU)" @@ -201,25 +184,12 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} + arm32_debian: name: "ARM32: Linux (Debian stable, QEMU)" @@ -255,35 +225,19 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} - - arm64_debian: - name: "ARM64: Linux (Debian stable, QEMU)" - runs-on: ubuntu-latest + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} + + arm64-debian: + name: "arm64: Linux (Debian stable)" + runs-on: ubuntu-24.04-arm needs: docker_cache env: - WRAPPER_CMD: 'qemu-aarch64' SECP256K1_TEST_ITERS: 16 - HOST: 'aarch64-linux-gnu' WITH_VALGRIND: 'no' ECDH: 'yes' RECOVERY: 'yes' @@ -292,45 +246,30 @@ jobs: MUSIG: 'yes' ELLSWIFT: 'yes' CTIMETESTS: 'no' + CC: ${{ matrix.cc }} strategy: fail-fast: false matrix: - configuration: - - env_vars: { } # gcc - - env_vars: # clang - CC: 'clang --target=aarch64-linux-gnu' - - env_vars: # clang-snapshot - CC: 'clang-snapshot --target=aarch64-linux-gnu' + cc: + - 'gcc' + - 'clang' + - 'gcc-snapshot' + - 'clang-snapshot' steps: - name: Checkout uses: actions/checkout@v4 - name: CI script - env: ${{ matrix.configuration.env_vars }} uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: arm64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} ppc64le_debian: name: "ppc64le: Linux (Debian stable, QEMU)" @@ -358,39 +297,46 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} + valgrind_debian: - name: "Valgrind (memcheck)" - runs-on: ubuntu-latest + name: "Valgrind ${{ matrix.binary_arch }} (memcheck)" + runs-on: ${{ matrix.runner }} needs: docker_cache strategy: fail-fast: false matrix: - configuration: - - env_vars: { CC: 'clang', ASM: 'auto' } - - env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'auto' } - - env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } - - env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } + include: + - docker_arch: x64 + runner: ubuntu-latest + binary_arch: x64 + env_vars: { CC: 'clang', ASM: 'auto' } + - docker_arch: x64 + runner: ubuntu-latest + binary_arch: i686 + env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'auto' } + - docker_arch: arm64 + runner: ubuntu-24.04-arm + binary_arch: arm64 + env_vars: { CC: 'clang', ASM: 'auto' } + - docker_arch: x64 + runner: ubuntu-latest + binary_arch: x64 + env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } + - docker_arch: x64 + runner: ubuntu-latest + binary_arch: i686 + env_vars: { CC: 'i686-linux-gnu-gcc', HOST: 'i686-linux-gnu', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } + - docker_arch: arm64 + runner: ubuntu-24.04-arm + binary_arch: arm64 + env_vars: { CC: 'clang', ASM: 'no', ECMULTGENKB: 2, ECMULTWINDOW: 2 } env: # The `--error-exitcode` is required to make the test fail if valgrind found errors, @@ -410,29 +356,15 @@ jobs: uses: actions/checkout@v4 - name: CI script - env: ${{ matrix.configuration.env_vars }} + env: ${{ matrix.env_vars }} uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: ${{ matrix.docker_arch }}-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} sanitizers_debian: name: "UBSan, ASan, LSan" @@ -461,6 +393,7 @@ jobs: ASAN_OPTIONS: 'strict_string_checks=1:detect_stack_use_after_return=1:detect_leaks=1' LSAN_OPTIONS: 'use_unaligned=1' SECP256K1_TEST_ITERS: 32 + SYMBOL_CHECK: 'no' steps: - name: Checkout @@ -471,25 +404,11 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} msan_debian: name: "MSan" @@ -525,6 +444,7 @@ jobs: SECP256K1_TEST_ITERS: 32 ASM: 'no' WITH_VALGRIND: 'no' + SYMBOL_CHECK: 'no' steps: - name: Checkout @@ -535,25 +455,12 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} + mingw_debian: name: ${{ matrix.configuration.job_name }} @@ -591,25 +498,11 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} x86_64-macos-native: name: "x86_64: macOS Ventura, Valgrind" @@ -620,6 +513,7 @@ jobs: CC: 'clang' HOMEBREW_NO_AUTO_UPDATE: 1 HOMEBREW_NO_INSTALL_CLEANUP: 1 + SYMBOL_CHECK: 'no' strategy: fail-fast: false @@ -652,23 +546,15 @@ jobs: env: ${{ matrix.env_vars }} run: ./ci/ci.sh - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + - name: Symbol check + run: | + python3 --version + python3 -m pip install lief + python3 ./tools/symbol-check.py .libs/libsecp256k1.dylib + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} arm64-macos-native: name: "ARM64: macOS Sonoma" @@ -681,18 +567,19 @@ jobs: HOMEBREW_NO_INSTALL_CLEANUP: 1 WITH_VALGRIND: 'no' CTIMETESTS: 'no' + SYMBOL_CHECK: 'no' strategy: fail-fast: false matrix: env_vars: - - { WIDEMUL: 'int64', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' } + - { WIDEMUL: 'int64', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' } - { WIDEMUL: 'int128_struct', ECMULTGENPRECISION: 2, ECMULTWINDOW: 4 } - - { WIDEMUL: 'int128', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' } + - { WIDEMUL: 'int128', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' } - { WIDEMUL: 'int128', RECOVERY: 'yes' } - - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes' } - - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes', CC: 'gcc' } - - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', ELLSWIFT: 'yes', CPPFLAGS: '-DVERIFY' } + - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes' } + - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CC: 'gcc' } + - { WIDEMUL: 'int128', RECOVERY: 'yes', ECDH: 'yes', EXTRAKEYS: 'yes', SCHNORRSIG: 'yes', MUSIG: 'yes', ELLSWIFT: 'yes', CPPFLAGS: '-DVERIFY' } - BUILD: 'distcheck' steps: @@ -708,23 +595,20 @@ jobs: env: ${{ matrix.env_vars }} run: ./ci/ci.sh - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + - name: Symbol check + env: + VIRTUAL_ENV: '${{ github.workspace }}/venv' + run: | + python3 --version + python3 -m venv $VIRTUAL_ENV + export PATH="$VIRTUAL_ENV/bin:$PATH" + python3 -m pip install lief + python3 ./tools/symbol-check.py .libs/libsecp256k1.dylib + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} + win64-native: name: ${{ matrix.configuration.job_name }} @@ -737,6 +621,7 @@ jobs: configuration: - job_name: 'x64 (MSVC): Windows (VS 2022, shared)' cmake_options: '-A x64 -DBUILD_SHARED_LIBS=ON' + symbol_check: 'true' - job_name: 'x64 (MSVC): Windows (VS 2022, static)' cmake_options: '-A x64 -DBUILD_SHARED_LIBS=OFF' - job_name: 'x64 (MSVC): Windows (VS 2022, int128_struct)' @@ -746,6 +631,16 @@ jobs: cpp_flags: '/DSECP256K1_MSVC_MULH_TEST_OVERRIDE' - job_name: 'x86 (MSVC): Windows (VS 2022)' cmake_options: '-A Win32' + - job_name: 'x64 (clang-cl): Windows (VS 2022, shared)' + cmake_options: '-T ClangCL -DBUILD_SHARED_LIBS=ON' + symbol_check: 'true' + - job_name: 'x64 (clang-cl): Windows (VS 2022, static)' + cmake_options: '-T ClangCL -DBUILD_SHARED_LIBS=OFF' + - job_name: 'x64 (clang-cl): Windows (VS 2022, int128_struct)' + cmake_options: '-T ClangCL -DSECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY=int128_struct' + - job_name: 'x64 (clang-cl): Windows (VS 2022, int128_struct with __(u)mulh)' + cmake_options: '-T ClangCL -DSECP256K1_TEST_OVERRIDE_WIDE_MULTIPLY=int128_struct' + cpp_flags: '/DSECP256K1_MSVC_MULH_TEST_OVERRIDE' steps: - name: Checkout @@ -763,6 +658,14 @@ jobs: run: | cd build/bin/RelWithDebInfo && file *tests.exe bench*.exe libsecp256k1-*.dll || true + - name: Symbol check + if: ${{ matrix.configuration.symbol_check }} + shell: bash + run: | + py -3 --version + py -3 -m pip install lief + py -3 ./tools/symbol-check.py build/bin/RelWithDebInfo/libsecp256k1-*.dll + - name: Check run: | ctest -C RelWithDebInfo --test-dir build -j ([int]$env:NUMBER_OF_PROCESSORS + 1) @@ -811,25 +714,11 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image - - - run: cat tests.log || true - if: ${{ always() }} - - run: cat noverify_tests.log || true - if: ${{ always() }} - - run: cat exhaustive_tests.log || true - if: ${{ always() }} - - run: cat ctime_tests.log || true - if: ${{ always() }} - - run: cat bench.log || true - if: ${{ always() }} - - run: cat config.log || true - if: ${{ always() }} - - run: cat test_env.log || true - if: ${{ always() }} - - name: CI env - run: env - if: ${{ always() }} + tag: x64-debian-image + + - name: Print logs + uses: ./.github/actions/print-logs + if: ${{ !cancelled() }} cxx_headers_debian: name: "C++ (public headers)" @@ -844,7 +733,7 @@ jobs: uses: ./.github/actions/run-in-docker-action with: dockerfile: ./ci/linux-debian.Dockerfile - tag: linux-debian-image + tag: x64-debian-image command: | g++ -Werror include/*.h clang -Werror -x c++-header include/*.h diff --git a/secp256k1-sys/depend/secp256k1/.gitignore b/secp256k1-sys/depend/secp256k1/.gitignore index bffba8cb2..ce33a84ad 100644 --- a/secp256k1-sys/depend/secp256k1/.gitignore +++ b/secp256k1-sys/depend/secp256k1/.gitignore @@ -65,3 +65,7 @@ libsecp256k1.pc /CMakeUserPresets.json # Default CMake build directory. /build + +### Python +__pycache__/ +*.py[oc] diff --git a/secp256k1-sys/depend/secp256k1/CHANGELOG.md b/secp256k1-sys/depend/secp256k1/CHANGELOG.md index ee447c0c1..53c787b38 100644 --- a/secp256k1-sys/depend/secp256k1/CHANGELOG.md +++ b/secp256k1-sys/depend/secp256k1/CHANGELOG.md @@ -5,6 +5,31 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [Unreleased] + +## [0.7.0] - 2025-07-21 + +#### Added + - CMake: Added `secp256k1_objs` interface library to allow parent projects to embed libsecp256k1 object files into their own static libraries. + - build: Added `SECP256K1_NO_API_VISIBILITY_ATTRIBUTES` preprocessor flag (CMake option: `SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES`) that disables explicit "visibility" attributes for API symbols. Defining this macro enables the user to control the visibility of the API symbols via `-fvisibility=` when building libsecp256k1. (All non-API declarations will always have hidden visibility, even with `SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES` defined.) For instance, `-fvisibility=hidden` can be useful even for the API symbols, e.g., when building a static libsecp256k1 which is linked into a shared library, and the latter should not re-export the libsecp256k1 API. + +#### Changed + - The pointers `secp256k1_context_static` and `secp256k1_context_no_precomp` to the constant context objects are now `const`. + - Removed `SECP256K1_WARN_UNUSED_RESULT` attribute (defined as `__attribute__ ((__warn_unused_result__))`) from several API functions that always return 1. Compilers will no longer warn if the return value is unused. + - CMake: Building with CMake is no longer considered experimental. + - CMake: The minimum required CMake version was increased to 3.22. + - CMake: Shared libraries built with CMake on FreeBSD now create the full versioned filename and symlink chain, matching the behavior of autotools builds. + +#### Removed +- Removed previously deprecated function aliases `secp256k1_ec_privkey_negate`, `secp256k1_ec_privkey_tweak_add` and + `secp256k1_ec_privkey_tweak_mul`. Use `secp256k1_ec_seckey_negate`, `secp256k1_ec_seckey_tweak_add` and + `secp256k1_ec_seckey_tweak_mul` instead. + +#### ABI Compatibility +The symbols `secp256k1_ec_privkey_negate`, `secp256k1_ec_privkey_tweak_add`, and `secp256k1_ec_privkey_tweak_mul` were removed. +The pointers `secp256k1_context_static` and `secp256k1_context_no_precomp` have been made `const`. +Otherwise, the library maintains backward compatibility with version 0.6.0. + ## [0.6.0] - 2024-11-04 #### Added @@ -108,7 +133,7 @@ We strongly recommend updating to 0.3.1 if you use or plan to use Clang >=14 to - Fix "constant-timeness" issue with Clang >=14 that could leave applications using libsecp256k1 vulnerable to a timing side-channel attack. The fix avoids secret-dependent control flow and secret-dependent memory accesses in conditional moves of memory objects when libsecp256k1 is compiled with Clang >=14. #### Added - - Added tests against [Project Wycheproof's](https://github.com/google/wycheproof/) set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases. + - Added tests against [Project Wycheproof's](https://github.com/C2SP/wycheproof/) set of ECDSA test vectors (Bitcoin "low-S" variant), a fixed set of test cases designed to trigger various edge cases. #### Changed - Increased minimum required CMake version to 3.13. CMake builds remain experimental. @@ -162,6 +187,8 @@ This version was in fact never released. The number was given by the build system since the introduction of autotools in Jan 2014 (ea0fe5a5bf0c04f9cc955b2966b614f5f378c6f6). Therefore, this version number does not uniquely identify a set of source files. +[unreleased]: https://github.com/bitcoin-core/secp256k1/compare/v0.7.0...HEAD +[0.7.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.6.0...v0.7.0 [0.6.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.5.1...v0.6.0 [0.5.1]: https://github.com/bitcoin-core/secp256k1/compare/v0.5.0...v0.5.1 [0.5.0]: https://github.com/bitcoin-core/secp256k1/compare/v0.4.1...v0.5.0 diff --git a/secp256k1-sys/depend/secp256k1/CMakeLists.txt b/secp256k1-sys/depend/secp256k1/CMakeLists.txt index 041bfa3dc..11dc3f6e5 100644 --- a/secp256k1-sys/depend/secp256k1/CMakeLists.txt +++ b/secp256k1-sys/depend/secp256k1/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 3.16) +cmake_minimum_required(VERSION 3.22) #============================= # Project / Package metadata @@ -7,32 +7,22 @@ project(libsecp256k1 # The package (a.k.a. release) version is based on semantic versioning 2.0.0 of # the API. All changes in experimental modules are treated as # backwards-compatible and therefore at most increase the minor version. - VERSION 0.6.0 + VERSION 0.7.1 DESCRIPTION "Optimized C library for ECDSA signatures and secret/public key operations on curve secp256k1." HOMEPAGE_URL "https://github.com/bitcoin-core/secp256k1" LANGUAGES C ) enable_testing() +include(CTestUseLaunchers) # Allow users to set CTEST_USE_LAUNCHERS in custom `ctest -S` scripts. list(APPEND CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake) -if(CMAKE_VERSION VERSION_LESS 3.21) - # Emulates CMake 3.21+ behavior. - if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) - set(PROJECT_IS_TOP_LEVEL ON) - set(${PROJECT_NAME}_IS_TOP_LEVEL ON) - else() - set(PROJECT_IS_TOP_LEVEL OFF) - set(${PROJECT_NAME}_IS_TOP_LEVEL OFF) - endif() -endif() - # The library version is based on libtool versioning of the ABI. The set of # rules for updating the version can be found here: # https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html # All changes in experimental modules are treated as if they don't affect the # interface and therefore only increase the revision. -set(${PROJECT_NAME}_LIB_VERSION_CURRENT 5) -set(${PROJECT_NAME}_LIB_VERSION_REVISION 0) +set(${PROJECT_NAME}_LIB_VERSION_CURRENT 6) +set(${PROJECT_NAME}_LIB_VERSION_REVISION 1) set(${PROJECT_NAME}_LIB_VERSION_AGE 0) #============================= @@ -44,18 +34,18 @@ set(CMAKE_C_EXTENSIONS OFF) #============================= # Configurable options #============================= -option(BUILD_SHARED_LIBS "Build shared libraries." ON) -option(SECP256K1_DISABLE_SHARED "Disable shared library. Overrides BUILD_SHARED_LIBS." OFF) -if(SECP256K1_DISABLE_SHARED) - set(BUILD_SHARED_LIBS OFF) +if(libsecp256k1_IS_TOP_LEVEL) + option(BUILD_SHARED_LIBS "Build shared libraries." ON) endif() option(SECP256K1_INSTALL "Enable installation." ${PROJECT_IS_TOP_LEVEL}) +option(SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES "Enable visibility attributes in the API." ON) + ## Modules # We declare all options before processing them, to make sure we can express -# dependendencies while processing. +# dependencies while processing. option(SECP256K1_ENABLE_MODULE_ECDH "Enable ECDH module." ON) option(SECP256K1_ENABLE_MODULE_RECOVERY "Enable ECDSA pubkey recovery module." OFF) option(SECP256K1_ENABLE_MODULE_EXTRAKEYS "Enable extrakeys module." ON) @@ -63,40 +53,6 @@ option(SECP256K1_ENABLE_MODULE_SCHNORRSIG "Enable schnorrsig module." ON) option(SECP256K1_ENABLE_MODULE_MUSIG "Enable musig module." ON) option(SECP256K1_ENABLE_MODULE_ELLSWIFT "Enable ElligatorSwift module." ON) -# Processing must be done in a topological sorting of the dependency graph -# (dependent module first). -if(SECP256K1_ENABLE_MODULE_ELLSWIFT) - add_compile_definitions(ENABLE_MODULE_ELLSWIFT=1) -endif() - -if(SECP256K1_ENABLE_MODULE_MUSIG) - if(DEFINED SECP256K1_ENABLE_MODULE_SCHNORRSIG AND NOT SECP256K1_ENABLE_MODULE_SCHNORRSIG) - message(FATAL_ERROR "Module dependency error: You have disabled the schnorrsig module explicitly, but it is required by the musig module.") - endif() - set(SECP256K1_ENABLE_MODULE_SCHNORRSIG ON) - add_compile_definitions(ENABLE_MODULE_MUSIG=1) -endif() - -if(SECP256K1_ENABLE_MODULE_SCHNORRSIG) - if(DEFINED SECP256K1_ENABLE_MODULE_EXTRAKEYS AND NOT SECP256K1_ENABLE_MODULE_EXTRAKEYS) - message(FATAL_ERROR "Module dependency error: You have disabled the extrakeys module explicitly, but it is required by the schnorrsig module.") - endif() - set(SECP256K1_ENABLE_MODULE_EXTRAKEYS ON) - add_compile_definitions(ENABLE_MODULE_SCHNORRSIG=1) -endif() - -if(SECP256K1_ENABLE_MODULE_EXTRAKEYS) - add_compile_definitions(ENABLE_MODULE_EXTRAKEYS=1) -endif() - -if(SECP256K1_ENABLE_MODULE_RECOVERY) - add_compile_definitions(ENABLE_MODULE_RECOVERY=1) -endif() - -if(SECP256K1_ENABLE_MODULE_ECDH) - add_compile_definitions(ENABLE_MODULE_ECDH=1) -endif() - option(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS "Enable external default callback functions." OFF) if(SECP256K1_USE_EXTERNAL_DEFAULT_CALLBACKS) add_compile_definitions(USE_EXTERNAL_DEFAULT_CALLBACKS=1) @@ -242,17 +198,21 @@ endif() include(TryAppendCFlags) if(MSVC) - # Keep the following commands ordered lexicographically. + # For both cl and clang-cl compilers. try_append_c_flags(/W3) # Production quality warning level. + # Eliminate deprecation warnings for the older, less secure functions. + add_compile_definitions(_CRT_SECURE_NO_WARNINGS) +else() + try_append_c_flags(-Wall) # GCC >= 2.95 and probably many other compilers. +endif() +if(CMAKE_C_COMPILER_ID STREQUAL "MSVC") + # Keep the following commands ordered lexicographically. try_append_c_flags(/wd4146) # Disable warning C4146 "unary minus operator applied to unsigned type, result still unsigned". try_append_c_flags(/wd4244) # Disable warning C4244 "'conversion' conversion from 'type1' to 'type2', possible loss of data". try_append_c_flags(/wd4267) # Disable warning C4267 "'var' : conversion from 'size_t' to 'type', possible loss of data". - # Eliminate deprecation warnings for the older, less secure functions. - add_compile_definitions(_CRT_SECURE_NO_WARNINGS) else() # Keep the following commands ordered lexicographically. try_append_c_flags(-pedantic) - try_append_c_flags(-Wall) # GCC >= 2.95 and probably many other compilers. try_append_c_flags(-Wcast-align) # GCC >= 2.95. try_append_c_flags(-Wcast-align=strict) # GCC >= 8.0. try_append_c_flags(-Wconditional-uninitialized) # Clang >= 3.0 only. @@ -267,8 +227,6 @@ else() try_append_c_flags(-Wundef) endif() -set(CMAKE_C_VISIBILITY_PRESET hidden) - set(print_msan_notice) if(SECP256K1_BUILD_CTIME_TESTS) include(CheckMemorySanitizer) @@ -354,6 +312,7 @@ else() set(cross_status "FALSE") endif() message("Cross compiling ....................... ${cross_status}") +message("API visibility attributes ............. ${SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES}") message("Valgrind .............................. ${SECP256K1_VALGRIND}") get_directory_property(definitions COMPILE_DEFINITIONS) string(REPLACE ";" " " definitions "${definitions}") diff --git a/secp256k1-sys/depend/secp256k1/CMakePresets.json b/secp256k1-sys/depend/secp256k1/CMakePresets.json index b35cd8057..6ed52b8fa 100644 --- a/secp256k1-sys/depend/secp256k1/CMakePresets.json +++ b/secp256k1-sys/depend/secp256k1/CMakePresets.json @@ -1,5 +1,4 @@ { - "cmakeMinimumRequired": {"major": 3, "minor": 21, "patch": 0}, "version": 3, "configurePresets": [ { diff --git a/secp256k1-sys/depend/secp256k1/CONTRIBUTING.md b/secp256k1-sys/depend/secp256k1/CONTRIBUTING.md index 2722c44e1..f00110862 100644 --- a/secp256k1-sys/depend/secp256k1/CONTRIBUTING.md +++ b/secp256k1-sys/depend/secp256k1/CONTRIBUTING.md @@ -44,11 +44,11 @@ The Contributor Workflow & Peer Review in libsecp256k1 are similar to Bitcoin Co In addition, libsecp256k1 tries to maintain the following coding conventions: -* No runtime heap allocation (e.g., no `malloc`) unless explicitly requested by the caller (via `rustsecp256k1_v0_11_context_create` or `rustsecp256k1_v0_11_scratch_space_create`, for example). Moreover, it should be possible to use the library without any heap allocations. +* No runtime heap allocation (e.g., no `malloc`) unless explicitly requested by the caller (via `secp256k1_context_create` or `secp256k1_scratch_space_create`, for example). Moreover, it should be possible to use the library without any heap allocations. * The tests should cover all lines and branches of the library (see [Test coverage](#coverage)). * Operations involving secret data should be tested for being constant time with respect to the secrets (see [src/ctime_tests.c](src/ctime_tests.c)). * Local variables containing secret data should be cleared explicitly to try to delete secrets from memory. -* Use `rustsecp256k1_v0_11_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)). +* Use `secp256k1_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)). * As a rule of thumb, the default values for configuration options should target standard desktop machines and align with Bitcoin Core's defaults, and the tests should mostly exercise the default configuration (see [#1549](https://github.com/bitcoin-core/secp256k1/issues/1549#issuecomment-2200559257)). #### Style conventions @@ -72,8 +72,9 @@ In addition, libsecp256k1 tries to maintain the following coding conventions: * Use `void *ptr` instead of `void* ptr`. * Arguments of the publicly-facing API must have a specific order defined in [include/secp256k1.h](include/secp256k1.h). * User-facing comment lines in headers should be limited to 80 chars if possible. -* All identifiers in file scope should start with `rustsecp256k1_v0_11_`. +* All identifiers in file scope should start with `secp256k1_`. * Avoid trailing whitespace. +* Use the constants `EXIT_SUCCESS`/`EXIT_FAILURE` (defined in `stdlib.h`) to indicate program execution status for examples and other binaries. ### Tests @@ -91,12 +92,14 @@ Run the tests: To create a report, `gcovr` is recommended, as it includes branch coverage reporting: - $ gcovr --exclude 'src/bench*' --print-summary + $ gcovr --gcov-ignore-parse-errors=all --merge-mode-functions=separate --exclude 'src/bench*' --exclude 'src/modules/.*/bench_impl.h' --print-summary To create a HTML report with coloured and annotated source code: $ mkdir -p coverage - $ gcovr --exclude 'src/bench*' --html --html-details -o coverage/coverage.html + $ gcovr --gcov-ignore-parse-errors=all --merge-mode-functions=separate --exclude 'src/bench*' --exclude 'src/modules/.*/bench_impl.h' --html --html-details -o coverage/coverage.html + +On `gcovr` >=8.3, `--gcov-ignore-parse-errors=all` can be replaced with `--gcov-suspicious-hits-threshold=140737488355330`. #### Exhaustive tests diff --git a/secp256k1-sys/depend/secp256k1/Makefile.am b/secp256k1-sys/depend/secp256k1/Makefile.am index 6b7c64f5f..d511853b0 100644 --- a/secp256k1-sys/depend/secp256k1/Makefile.am +++ b/secp256k1-sys/depend/secp256k1/Makefile.am @@ -6,7 +6,7 @@ AM_CFLAGS = $(SECP_CFLAGS) lib_LTLIBRARIES = libsecp256k1.la include_HEADERS = include/secp256k1.h -include_HEADERS += include/rustsecp256k1_v0_11_preallocated.h +include_HEADERS += include/secp256k1_preallocated.h noinst_HEADERS = noinst_HEADERS += src/scalar.h noinst_HEADERS += src/scalar_4x64.h @@ -47,6 +47,7 @@ noinst_HEADERS += src/assumptions.h noinst_HEADERS += src/checkmem.h noinst_HEADERS += src/testutil.h noinst_HEADERS += src/util.h +noinst_HEADERS += src/util_local_visibility.h noinst_HEADERS += src/int128.h noinst_HEADERS += src/int128_impl.h noinst_HEADERS += src/int128_native.h @@ -63,7 +64,7 @@ noinst_HEADERS += src/hash_impl.h noinst_HEADERS += src/field.h noinst_HEADERS += src/field_impl.h noinst_HEADERS += src/bench.h -noinst_HEADERS += src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.h +noinst_HEADERS += src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h noinst_HEADERS += src/hsort.h noinst_HEADERS += src/hsort_impl.h noinst_HEADERS += contrib/lax_der_parsing.h @@ -72,15 +73,15 @@ noinst_HEADERS += contrib/lax_der_privatekey_parsing.h noinst_HEADERS += contrib/lax_der_privatekey_parsing.c noinst_HEADERS += examples/examples_util.h -PRECOMPUTED_LIB = librustsecp256k1_v0_11_precomputed.la +PRECOMPUTED_LIB = libsecp256k1_precomputed.la noinst_LTLIBRARIES = $(PRECOMPUTED_LIB) -librustsecp256k1_v0_11_precomputed_la_SOURCES = src/precomputed_ecmult.c src/precomputed_ecmult_gen.c -# We need `-I$(top_srcdir)/src` in VPATH builds if librustsecp256k1_v0_11_precomputed_la_SOURCES have been recreated in the build tree. +libsecp256k1_precomputed_la_SOURCES = src/precomputed_ecmult.c src/precomputed_ecmult_gen.c +# We need `-I$(top_srcdir)/src` in VPATH builds if libsecp256k1_precomputed_la_SOURCES have been recreated in the build tree. # This helps users and packagers who insist on recreating the precomputed files (e.g., Gentoo). -librustsecp256k1_v0_11_precomputed_la_CPPFLAGS = -I$(top_srcdir)/src $(SECP_CONFIG_DEFINES) +libsecp256k1_precomputed_la_CPPFLAGS = -I$(top_srcdir)/src $(SECP_CONFIG_DEFINES) if USE_EXTERNAL_ASM -COMMON_LIB = librustsecp256k1_v0_11_common.la +COMMON_LIB = libsecp256k1_common.la else COMMON_LIB = endif @@ -91,14 +92,14 @@ pkgconfig_DATA = libsecp256k1.pc if USE_EXTERNAL_ASM if USE_ASM_ARM -librustsecp256k1_v0_11_common_la_SOURCES = src/asm/field_10x26_arm.s +libsecp256k1_common_la_SOURCES = src/asm/field_10x26_arm.s endif endif -librustsecp256k1_v0_11_la_SOURCES = src/secp256k1.c -librustsecp256k1_v0_11_la_CPPFLAGS = $(SECP_CONFIG_DEFINES) -librustsecp256k1_v0_11_la_LIBADD = $(COMMON_LIB) $(PRECOMPUTED_LIB) -librustsecp256k1_v0_11_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE) +libsecp256k1_la_SOURCES = src/secp256k1.c +libsecp256k1_la_CPPFLAGS = $(SECP_CONFIG_DEFINES) +libsecp256k1_la_LIBADD = $(COMMON_LIB) $(PRECOMPUTED_LIB) +libsecp256k1_la_LDFLAGS = -no-undefined -version-info $(LIB_VERSION_CURRENT):$(LIB_VERSION_REVISION):$(LIB_VERSION_AGE) noinst_PROGRAMS = if USE_BENCHMARK @@ -247,11 +248,19 @@ maintainer-clean-local: clean-precomp ### Pregenerated test vectors ### (see the comments in the previous section for detailed rationale) -TESTVECTORS = src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.h +TESTVECTORS = src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h -src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.h: +if ENABLE_MODULE_ECDH +TESTVECTORS += src/wycheproof/ecdh_secp256k1_test.h +endif + +src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h: + mkdir -p $(@D) + python3 $(top_srcdir)/tools/tests_wycheproof_generate_ecdsa.py $(top_srcdir)/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json > $@ + +src/wycheproof/ecdh_secp256k1_test.h: mkdir -p $(@D) - python3 $(top_srcdir)/tools/tests_wycheproof_generate.py $(top_srcdir)/src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.json > $@ + python3 $(top_srcdir)/tools/tests_wycheproof_generate_ecdh.py $(top_srcdir)/src/wycheproof/ecdh_secp256k1_test.json > $@ testvectors: $(TESTVECTORS) @@ -271,11 +280,13 @@ EXTRA_DIST += sage/gen_exhaustive_groups.sage EXTRA_DIST += sage/gen_split_lambda_constants.sage EXTRA_DIST += sage/group_prover.sage EXTRA_DIST += sage/prove_group_implementations.sage -EXTRA_DIST += sage/rustsecp256k1_v0_11_params.sage +EXTRA_DIST += sage/secp256k1_params.sage EXTRA_DIST += sage/weierstrass_prover.sage EXTRA_DIST += src/wycheproof/WYCHEPROOF_COPYING -EXTRA_DIST += src/wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.json -EXTRA_DIST += tools/tests_wycheproof_generate.py +EXTRA_DIST += src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json +EXTRA_DIST += src/wycheproof/ecdh_secp256k1_test.json +EXTRA_DIST += tools/tests_wycheproof_generate_ecdsa.py +EXTRA_DIST += tools/tests_wycheproof_generate_ecdh.py if ENABLE_MODULE_ECDH include src/modules/ecdh/Makefile.am.include diff --git a/secp256k1-sys/depend/secp256k1/README.md b/secp256k1-sys/depend/secp256k1/README.md index 222e5fb76..90edae1a2 100644 --- a/secp256k1-sys/depend/secp256k1/README.md +++ b/secp256k1-sys/depend/secp256k1/README.md @@ -61,52 +61,85 @@ Implementation details * Optional runtime blinding which attempts to frustrate differential power analysis. * The precomputed tables add and eventually subtract points for which no known scalar (secret key) is known, preventing even an attacker with control over the secret key used to control the data internally. +Obtaining and verifying +----------------------- + +The git tag for each release (e.g. `v0.6.0`) is GPG-signed by one of the maintainers. +For a fully verified build of this project, it is recommended to obtain this repository +via git, obtain the GPG keys of the signing maintainer(s), and then verify the release +tag's signature using git. + +This can be done with the following steps: + +1. Obtain the GPG keys listed in [SECURITY.md](./SECURITY.md). +2. If possible, cross-reference these key IDs with another source controlled by its owner (e.g. + social media, personal website). This is to mitigate the unlikely case that incorrect + content is being presented by this repository. +3. Clone the repository: + ``` + git clone https://github.com/bitcoin-core/secp256k1 + ``` +4. Check out the latest release tag, e.g. + ``` + git checkout v0.6.0 + ``` +5. Use git to verify the GPG signature: + ``` + % git tag -v v0.6.0 | grep -C 3 'Good signature' + + gpg: Signature made Mon 04 Nov 2024 12:14:44 PM EST + gpg: using RSA key 4BBB845A6F5A65A69DFAEC234861DBF262123605 + gpg: Good signature from "Jonas Nick " [unknown] + gpg: aka "Jonas Nick " [unknown] + gpg: WARNING: This key is not certified with a trusted signature! + gpg: There is no indication that the signature belongs to the owner. + Primary key fingerprint: 36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366 + Subkey fingerprint: 4BBB 845A 6F5A 65A6 9DFA EC23 4861 DBF2 6212 3605 + ``` + Building with Autotools ----------------------- - $ ./autogen.sh - $ ./configure - $ make - $ make check # run the test suite - $ sudo make install # optional + $ ./autogen.sh # Generate a ./configure script + $ ./configure # Generate a build system + $ make # Run the actual build process + $ make check # Run the test suite + $ sudo make install # Install the library into the system (optional) To compile optional modules (such as Schnorr signatures), you need to run `./configure` with additional flags (such as `--enable-module-schnorrsig`). Run `./configure --help` to see the full list of available flags. -Building with CMake (experimental) ----------------------------------- +Building with CMake +------------------- To maintain a pristine source tree, CMake encourages to perform an out-of-source build by using a separate dedicated build tree. ### Building on POSIX systems - $ mkdir build && cd build - $ cmake .. - $ cmake --build . - $ ctest # run the test suite - $ sudo cmake --install . # optional + $ cmake -B build # Generate a build system in subdirectory "build" + $ cmake --build build # Run the actual build process + $ ctest --test-dir build # Run the test suite + $ sudo cmake --install build # Install the library into the system (optional) -To compile optional modules (such as Schnorr signatures), you need to run `cmake` with additional flags (such as `-DSECP256K1_ENABLE_MODULE_SCHNORRSIG=ON`). Run `cmake .. -LH` to see the full list of available flags. +To compile optional modules (such as Schnorr signatures), you need to run `cmake` with additional flags (such as `-DSECP256K1_ENABLE_MODULE_SCHNORRSIG=ON`). Run `cmake -B build -LH` or `ccmake -B build` to see the full list of available flags. ### Cross compiling To alleviate issues with cross compiling, preconfigured toolchain files are available in the `cmake` directory. For example, to cross compile for Windows: - $ cmake .. -DCMAKE_TOOLCHAIN_FILE=../cmake/x86_64-w64-mingw32.toolchain.cmake + $ cmake -B build -DCMAKE_TOOLCHAIN_FILE=cmake/x86_64-w64-mingw32.toolchain.cmake To cross compile for Android with [NDK](https://developer.android.com/ndk/guides/cmake) (using NDK's toolchain file, and assuming the `ANDROID_NDK_ROOT` environment variable has been set): - $ cmake .. -DCMAKE_TOOLCHAIN_FILE="${ANDROID_NDK_ROOT}/build/cmake/android.toolchain.cmake" -DANDROID_ABI=arm64-v8a -DANDROID_PLATFORM=28 + $ cmake -B build -DCMAKE_TOOLCHAIN_FILE="${ANDROID_NDK_ROOT}/build/cmake/android.toolchain.cmake" -DANDROID_ABI=arm64-v8a -DANDROID_PLATFORM=28 ### Building on Windows -To build on Windows with Visual Studio, a proper [generator](https://cmake.org/cmake/help/latest/manual/cmake-generators.7.html#visual-studio-generators) must be specified for a new build tree. - -The following example assumes using of Visual Studio 2022 and CMake v3.21+. +The following example assumes Visual Studio 2022. Using clang-cl is recommended. In "Developer Command Prompt for VS 2022": - >cmake -G "Visual Studio 17 2022" -A x64 -S . -B build + >cmake -B build -T ClangCL >cmake --build build --config RelWithDebInfo Usage examples @@ -116,8 +149,9 @@ Usage examples can be found in the [examples](examples) directory. To compile th * [Schnorr signatures example](examples/schnorr.c) * [Deriving a shared secret (ECDH) example](examples/ecdh.c) * [ElligatorSwift key exchange example](examples/ellswift.c) + * [MuSig2 Schnorr multi-signatures example](examples/musig.c) -To compile the Schnorr signature and ECDH examples, you also need to configure with `--enable-module-schnorrsig` and `--enable-module-ecdh`. +To compile the examples, make sure the corresponding modules are enabled. Benchmark ------------ diff --git a/secp256k1-sys/depend/secp256k1/build-aux/m4/bitcoin_secp.m4 b/secp256k1-sys/depend/secp256k1/build-aux/m4/bitcoin_secp.m4 index 048267fa6..1428d4d9b 100644 --- a/secp256k1-sys/depend/secp256k1/build-aux/m4/bitcoin_secp.m4 +++ b/secp256k1-sys/depend/secp256k1/build-aux/m4/bitcoin_secp.m4 @@ -3,7 +3,7 @@ AC_DEFUN([SECP_X86_64_ASM_CHECK],[ AC_MSG_CHECKING(for x86_64 assembly availability) AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include ]],[[ - uint64_t a = 11, tmp; + uint64_t a = 11, tmp = 0; __asm__ __volatile__("movq \@S|@0x100000000,%1; mulq %%rsi" : "+a"(a) : "S"(tmp) : "cc", "%rdx"); ]])], [has_x86_64_asm=yes], [has_x86_64_asm=no]) AC_MSG_RESULT([$has_x86_64_asm]) diff --git a/secp256k1-sys/depend/secp256k1/ci/ci.sh b/secp256k1-sys/depend/secp256k1/ci/ci.sh index 3636deafa..08e84efd4 100755 --- a/secp256k1-sys/depend/secp256k1/ci/ci.sh +++ b/secp256k1-sys/depend/secp256k1/ci/ci.sh @@ -14,7 +14,7 @@ print_environment() { for var in WERROR_CFLAGS MAKEFLAGS BUILD \ ECMULTWINDOW ECMULTGENKB ASM WIDEMUL WITH_VALGRIND EXTRAFLAGS \ EXPERIMENTAL ECDH RECOVERY EXTRAKEYS MUSIG SCHNORRSIG ELLSWIFT \ - SECP256K1_TEST_ITERS BENCH SECP256K1_BENCH_ITERS CTIMETESTS\ + SECP256K1_TEST_ITERS BENCH SECP256K1_BENCH_ITERS CTIMETESTS SYMBOL_CHECK \ EXAMPLES \ HOST WRAPPER_CMD \ CC CFLAGS CPPFLAGS AR NM \ @@ -94,10 +94,10 @@ if [ $build_exit_code -ne 0 ]; then *snapshot*) # Ignore internal compiler errors in gcc-snapshot and clang-snapshot grep -e "internal compiler error:" -e "PLEASE submit a bug report" make.log - return $?; + exit $? ;; *) - return 1; + exit 1 ;; esac fi @@ -107,6 +107,20 @@ file *tests* || true file bench* || true file .libs/* || true +if [ "$SYMBOL_CHECK" = "yes" ] +then + python3 --version + case "$HOST" in + *mingw*) + ls -l .libs + python3 ./tools/symbol-check.py .libs/libsecp256k1-*.dll + ;; + *) + python3 ./tools/symbol-check.py .libs/libsecp256k1.so + ;; + esac +fi + # This tells `make check` to wrap test invocations. export LOG_COMPILER="$WRAPPER_CMD" diff --git a/secp256k1-sys/depend/secp256k1/ci/linux-debian.Dockerfile b/secp256k1-sys/depend/secp256k1/ci/linux-debian.Dockerfile index 241bfa971..8ced83f20 100644 --- a/secp256k1-sys/depend/secp256k1/ci/linux-debian.Dockerfile +++ b/secp256k1-sys/depend/secp256k1/ci/linux-debian.Dockerfile @@ -19,7 +19,7 @@ RUN dpkg --add-architecture i386 && \ dpkg --add-architecture arm64 && \ dpkg --add-architecture ppc64el -# dkpg-dev: to make pkg-config work in cross-builds +# dpkg-dev: to make pkg-config work in cross-builds # llvm: for llvm-symbolizer, which is used by clang's UBSan for symbolized stack traces RUN apt-get update && apt-get install --no-install-recommends -y \ git ca-certificates \ @@ -32,7 +32,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y \ gcc-powerpc64le-linux-gnu libc6-dev-ppc64el-cross libc6-dbg:ppc64el \ gcc-mingw-w64-x86-64-win32 wine64 wine \ gcc-mingw-w64-i686-win32 wine32 \ - python3 && \ + python3-full && \ if ! ( dpkg --print-architecture | grep --quiet "arm64" ) ; then \ apt-get install --no-install-recommends -y \ gcc-aarch64-linux-gnu libc6-dev-arm64-cross libc6-dbg:arm64 ;\ @@ -40,7 +40,7 @@ RUN apt-get update && apt-get install --no-install-recommends -y \ apt-get clean && rm -rf /var/lib/apt/lists/* # Build and install gcc snapshot -ARG GCC_SNAPSHOT_MAJOR=15 +ARG GCC_SNAPSHOT_MAJOR=16 RUN apt-get update && apt-get install --no-install-recommends -y wget libgmp-dev libmpfr-dev libmpc-dev flex && \ mkdir gcc && cd gcc && \ wget --progress=dot:giga --https-only --recursive --accept '*.tar.xz' --level 1 --no-directories "https://gcc.gnu.org/pub/gcc/snapshots/LATEST-${GCC_SNAPSHOT_MAJOR}" && \ @@ -77,3 +77,7 @@ RUN \ apt-get autoremove -y wget && \ apt-get clean && rm -rf /var/lib/apt/lists/* +ENV VIRTUAL_ENV=/root/venv +RUN python3 -m venv $VIRTUAL_ENV +ENV PATH="$VIRTUAL_ENV/bin:$PATH" +RUN pip install lief diff --git a/secp256k1-sys/depend/secp256k1/cmake/CheckX86_64Assembly.cmake b/secp256k1-sys/depend/secp256k1/cmake/CheckX86_64Assembly.cmake index ae82cd476..ca18919e0 100644 --- a/secp256k1-sys/depend/secp256k1/cmake/CheckX86_64Assembly.cmake +++ b/secp256k1-sys/depend/secp256k1/cmake/CheckX86_64Assembly.cmake @@ -4,10 +4,11 @@ function(check_x86_64_assembly) check_c_source_compiles(" #include - int main() + int main(void) { - uint64_t a = 11, tmp; + uint64_t a = 11, tmp = 0; __asm__ __volatile__(\"movq $0x100000000,%1; mulq %%rsi\" : \"+a\"(a) : \"S\"(tmp) : \"cc\", \"%rdx\"); + return 0; } " HAVE_X86_64_ASM) set(HAVE_X86_64_ASM ${HAVE_X86_64_ASM} PARENT_SCOPE) diff --git a/secp256k1-sys/depend/secp256k1/cmake/TryAppendCFlags.cmake b/secp256k1-sys/depend/secp256k1/cmake/TryAppendCFlags.cmake index 251cb61ca..1d81a9317 100644 --- a/secp256k1-sys/depend/secp256k1/cmake/TryAppendCFlags.cmake +++ b/secp256k1-sys/depend/secp256k1/cmake/TryAppendCFlags.cmake @@ -1,6 +1,6 @@ include(CheckCCompilerFlag) -function(rustsecp256k1_v0_11_check_c_flags_internal flags output) +function(secp256k1_check_c_flags_internal flags output) string(MAKE_C_IDENTIFIER "${flags}" result) string(TOUPPER "${result}" result) set(result "C_SUPPORTS_${result}") @@ -17,7 +17,7 @@ endfunction() # Append flags to the COMPILE_OPTIONS directory property if CC accepts them. macro(try_append_c_flags) - rustsecp256k1_v0_11_check_c_flags_internal("${ARGV}" result) + secp256k1_check_c_flags_internal("${ARGV}" result) if(result) add_compile_options(${ARGV}) endif() diff --git a/secp256k1-sys/depend/secp256k1/configure.ac b/secp256k1-sys/depend/secp256k1/configure.ac index f880a3578..2f156ddc2 100644 --- a/secp256k1-sys/depend/secp256k1/configure.ac +++ b/secp256k1-sys/depend/secp256k1/configure.ac @@ -4,17 +4,17 @@ AC_PREREQ([2.60]) # the API. All changes in experimental modules are treated as # backwards-compatible and therefore at most increase the minor version. define(_PKG_VERSION_MAJOR, 0) -define(_PKG_VERSION_MINOR, 6) -define(_PKG_VERSION_PATCH, 0) -define(_PKG_VERSION_IS_RELEASE, true) +define(_PKG_VERSION_MINOR, 7) +define(_PKG_VERSION_PATCH, 1) +define(_PKG_VERSION_IS_RELEASE, false) # The library version is based on libtool versioning of the ABI. The set of # rules for updating the version can be found here: # https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html # All changes in experimental modules are treated as if they don't affect the # interface and therefore only increase the revision. -define(_LIB_VERSION_CURRENT, 5) -define(_LIB_VERSION_REVISION, 0) +define(_LIB_VERSION_CURRENT, 6) +define(_LIB_VERSION_REVISION, 1) define(_LIB_VERSION_AGE, 0) AC_INIT([libsecp256k1],m4_join([.], _PKG_VERSION_MAJOR, _PKG_VERSION_MINOR, _PKG_VERSION_PATCH)m4_if(_PKG_VERSION_IS_RELEASE, [true], [], [-dev]),[https://github.com/bitcoin-core/secp256k1/issues],[libsecp256k1],[https://github.com/bitcoin-core/secp256k1]) @@ -111,7 +111,6 @@ AC_DEFUN([SECP_TRY_APPEND_DEFAULT_CFLAGS], [ SECP_TRY_APPEND_CFLAGS([-Wcast-align=strict], $1) # GCC >= 8.0 SECP_TRY_APPEND_CFLAGS([-Wconditional-uninitialized], $1) # Clang >= 3.0 only SECP_TRY_APPEND_CFLAGS([-Wreserved-identifier], $1) # Clang >= 13.0 only - SECP_TRY_APPEND_CFLAGS([-fvisibility=hidden], $1) # GCC >= 4.0 CFLAGS="$SECP_TRY_APPEND_DEFAULT_CFLAGS_saved_CFLAGS" fi @@ -145,7 +144,7 @@ AC_ARG_ENABLE(benchmark, [SECP_SET_DEFAULT([enable_benchmark], [yes], [yes])]) AC_ARG_ENABLE(coverage, - AS_HELP_STRING([--enable-coverage],[enable compiler flags to support kcov coverage analysis [default=no]]), [], + AS_HELP_STRING([--enable-coverage],[enable coverage analysis support [default=no]]), [], [SECP_SET_DEFAULT([enable_coverage], [no], [no])]) AC_ARG_ENABLE(tests, @@ -254,8 +253,8 @@ fi print_msan_notice=no if test x"$enable_ctime_tests" = x"yes"; then SECP_MSAN_CHECK - # MSan on Clang >=16 reports unitialized memory in function parameters and return values, even if - # the uninitalized variable is never actually "used". This is called "eager" checking, and it's + # MSan on Clang >=16 reports uninitialized memory in function parameters and return values, even if + # the uninitialized variable is never actually "used". This is called "eager" checking, and it's # sounds like good idea for normal use of MSan. However, it yields many false positives in the # ctime_tests because many return values depend on secret (i.e., "uninitialized") values, and # we're only interested in detecting branches (which count as "uses") on secret data. @@ -477,6 +476,7 @@ echo "Build Options:" echo " with external callbacks = $enable_external_default_callbacks" echo " with benchmarks = $enable_benchmark" echo " with tests = $enable_tests" +echo " with exhaustive tests = $enable_exhaustive_tests" echo " with ctime tests = $enable_ctime_tests" echo " with coverage = $enable_coverage" echo " with examples = $enable_examples" diff --git a/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c b/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c index 82b0a3a6e..bf562303e 100644 --- a/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c +++ b/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.c @@ -7,10 +7,8 @@ #include #include "lax_der_parsing.h" -extern int rustsecp256k1_v0_11_ecdsa_signature_parse_compact( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_ecdsa_signature *sig, const unsigned char *input64); -int rustsecp256k1_v0_11_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { + +int ecdsa_signature_parse_der_lax(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { size_t rpos, rlen, spos, slen; size_t pos = 0; size_t lenbyte; @@ -18,7 +16,7 @@ int rustsecp256k1_v0_11_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_11_ int overflow = 0; /* Hack to initialize sig with a correctly-parsed but invalid signature. */ - rustsecp256k1_v0_11_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); /* Sequence tag byte */ if (pos == inputlen || input[pos] != 0x30) { @@ -139,11 +137,11 @@ int rustsecp256k1_v0_11_ecdsa_signature_parse_der_lax(const rustsecp256k1_v0_11_ } if (!overflow) { - overflow = !rustsecp256k1_v0_11_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + overflow = !secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); } if (overflow) { memset(tmpsig, 0, 64); - rustsecp256k1_v0_11_ecdsa_signature_parse_compact(ctx, sig, tmpsig); + secp256k1_ecdsa_signature_parse_compact(ctx, sig, tmpsig); } return 1; } diff --git a/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h b/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h index 633d93104..37c8c691f 100644 --- a/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h +++ b/secp256k1-sys/depend/secp256k1/contrib/lax_der_parsing.h @@ -26,8 +26,8 @@ * certain violations are easily supported. You may need to adapt it. * * Do not use this for new systems. Use well-defined DER or compact signatures - * instead if you have the choice (see rustsecp256k1_v0_11_ecdsa_signature_parse_der and - * rustsecp256k1_v0_11_ecdsa_signature_parse_compact). + * instead if you have the choice (see secp256k1_ecdsa_signature_parse_der and + * secp256k1_ecdsa_signature_parse_compact). * * The supported violations are: * - All numbers are parsed as nonnegative integers, even though X.609-0207 @@ -83,9 +83,9 @@ extern "C" { * encoded numbers are out of range, signature validation with it is * guaranteed to fail for every message and public key. */ -int rustsecp256k1_v0_11_ecdsa_signature_parse_der_lax( - const rustsecp256k1_v0_11_context* ctx, - rustsecp256k1_v0_11_ecdsa_signature* sig, +int ecdsa_signature_parse_der_lax( + const secp256k1_context* ctx, + secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); diff --git a/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c b/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c index 3f0a7553d..a1b820007 100644 --- a/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c +++ b/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.c @@ -8,7 +8,7 @@ #include "lax_der_privatekey_parsing.h" -int ec_privkey_import_der(const rustsecp256k1_v0_11_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) { +int ec_privkey_import_der(const secp256k1_context* ctx, unsigned char *out32, const unsigned char *privkey, size_t privkeylen) { const unsigned char *end = privkey + privkeylen; int lenb = 0; int len = 0; @@ -45,17 +45,17 @@ int ec_privkey_import_der(const rustsecp256k1_v0_11_context* ctx, unsigned char return 0; } if (privkey[1]) memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]); - if (!rustsecp256k1_v0_11_ec_seckey_verify(ctx, out32)) { + if (!secp256k1_ec_seckey_verify(ctx, out32)) { memset(out32, 0, 32); return 0; } return 1; } -int ec_privkey_export_der(const rustsecp256k1_v0_11_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { - rustsecp256k1_v0_11_pubkey pubkey; +int ec_privkey_export_der(const secp256k1_context *ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *key32, int compressed) { + secp256k1_pubkey pubkey; size_t pubkeylen = 0; - if (!rustsecp256k1_v0_11_ec_pubkey_create(ctx, &pubkey, key32)) { + if (!secp256k1_ec_pubkey_create(ctx, &pubkey, key32)) { *privkeylen = 0; return 0; } @@ -79,7 +79,7 @@ int ec_privkey_export_der(const rustsecp256k1_v0_11_context *ctx, unsigned char memcpy(ptr, key32, 32); ptr += 32; memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); pubkeylen = 33; - rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED); + secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED); ptr += pubkeylen; *privkeylen = ptr - privkey; } else { @@ -104,7 +104,7 @@ int ec_privkey_export_der(const rustsecp256k1_v0_11_context *ctx, unsigned char memcpy(ptr, key32, 32); ptr += 32; memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle); pubkeylen = 65; - rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED); + secp256k1_ec_pubkey_serialize(ctx, ptr, &pubkeylen, &pubkey, SECP256K1_EC_UNCOMPRESSED); ptr += pubkeylen; *privkeylen = ptr - privkey; } diff --git a/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h b/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h index 01d2518fc..3749e418f 100644 --- a/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h +++ b/secp256k1-sys/depend/secp256k1/contrib/lax_der_privatekey_parsing.h @@ -43,7 +43,7 @@ extern "C" { /** Export a private key in DER format. * * Returns: 1 if the private key was valid. - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: privkey: pointer to an array for storing the private key in BER. * Should have space for 279 bytes, and cannot be NULL. * privkeylen: Pointer to an int where the length of the private key in @@ -57,10 +57,10 @@ extern "C" { * simple 32-byte private keys are sufficient. * * Note that this function does not guarantee correct DER output. It is - * guaranteed to be parsable by rustsecp256k1_v0_11_ec_privkey_import_der + * guaranteed to be parsable by secp256k1_ec_privkey_import_der */ SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der( - const rustsecp256k1_v0_11_context* ctx, + const secp256k1_context* ctx, unsigned char *privkey, size_t *privkeylen, const unsigned char *seckey, @@ -82,7 +82,7 @@ SECP256K1_WARN_UNUSED_RESULT int ec_privkey_export_der( * key. */ SECP256K1_WARN_UNUSED_RESULT int ec_privkey_import_der( - const rustsecp256k1_v0_11_context* ctx, + const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *privkey, size_t privkeylen diff --git a/secp256k1-sys/depend/secp256k1/doc/ellswift.md b/secp256k1-sys/depend/secp256k1/doc/ellswift.md index 64885a324..9d60e6be0 100644 --- a/secp256k1-sys/depend/secp256k1/doc/ellswift.md +++ b/secp256k1-sys/depend/secp256k1/doc/ellswift.md @@ -144,8 +144,8 @@ but the approach here is simple enough and gives fairly uniform output even in t **Note**: in the paper these conditions result in $\infty$ as output, due to the use of projective coordinates there. We wish to avoid the need for callers to deal with this special case. -This is implemented in `rustsecp256k1_v0_11_ellswift_xswiftec_frac_var` (which decodes to an x-coordinate represented as a fraction), and -in `rustsecp256k1_v0_11_ellswift_xswiftec_var` (which outputs the actual x-coordinate). +This is implemented in `secp256k1_ellswift_xswiftec_frac_var` (which decodes to an x-coordinate represented as a fraction), and +in `secp256k1_ellswift_xswiftec_var` (which outputs the actual x-coordinate). ## 3. The encoding function @@ -247,7 +247,7 @@ the loop can be simplified to only compute one of the inverses instead of all of * Let $t = G_{c,u}(x).$ * If $t \neq \bot$, return $(u, t)$; restart loop otherwise. -This is implemented in `rustsecp256k1_v0_11_ellswift_xelligatorswift_var`. +This is implemented in `secp256k1_ellswift_xelligatorswift_var`. ### 3.3 Finding the inverse @@ -388,7 +388,7 @@ Specialized for odd-ordered $a=0$ curves: * If $c \in \\{4, 6\\}:$ return $w(\frac{-\sqrt{-3}+1}{2}u + v).$ * If $c \in \\{5, 7\\}:$ return $w(\frac{-\sqrt{-3}-1}{2}u - v).$ -This is implemented in `rustsecp256k1_v0_11_ellswift_xswiftec_inv_var`. +This is implemented in `secp256k1_ellswift_xswiftec_inv_var`. And the x-only ElligatorSwift encoding algorithm is still: @@ -471,11 +471,11 @@ as decoder: * Let $y = \sqrt{g(x)}.$ * Return $(x, y)$ if $sign(y) = sign(t)$; $(x, -y)$ otherwise. -This is implemented in `rustsecp256k1_v0_11_ellswift_swiftec_var`. The used $sign(x)$ function is the parity of $x$ when represented as in integer in $[0,q).$ +This is implemented in `secp256k1_ellswift_swiftec_var`. The used $sign(x)$ function is the parity of $x$ when represented as in integer in $[0,q).$ The corresponding encoder would invoke the x-only one, but negating the output $t$ if $sign(t) \neq sign(y).$ -This is implemented in `rustsecp256k1_v0_11_ellswift_elligatorswift_var`. +This is implemented in `secp256k1_ellswift_elligatorswift_var`. Note that this is only intended for encoding points where both the x-coordinate and y-coordinate are unpredictable. When encoding x-only points where the y-coordinate is implicitly even (or implicitly square, or implicitly in $[0,q/2]$), the encoder in diff --git a/secp256k1-sys/depend/secp256k1/doc/musig.md b/secp256k1-sys/depend/secp256k1/doc/musig.md index de61c0f91..ae21f9b13 100644 --- a/secp256k1-sys/depend/secp256k1/doc/musig.md +++ b/secp256k1-sys/depend/secp256k1/doc/musig.md @@ -1,7 +1,7 @@ Notes on the musig module API =========================== -The following sections contain additional notes on the API of the musig module (`include/rustsecp256k1_v0_11_musig.h`). +The following sections contain additional notes on the API of the musig module (`include/secp256k1_musig.h`). A usage example can be found in `examples/musig.c`. ## API misuse @@ -12,17 +12,17 @@ While the results can be catastrophic (e.g. leaking of the secret key), it is un Therefore, users of the musig module must take great care to make sure of the following: -1. A unique nonce per signing session is generated in `rustsecp256k1_v0_11_musig_nonce_gen`. - See the corresponding comment in `include/rustsecp256k1_v0_11_musig.h` for how to ensure that. -2. The `rustsecp256k1_v0_11_musig_secnonce` structure is never copied or serialized. - See also the comment on `rustsecp256k1_v0_11_musig_secnonce` in `include/rustsecp256k1_v0_11_musig.h`. +1. A unique nonce per signing session is generated in `secp256k1_musig_nonce_gen`. + See the corresponding comment in `include/secp256k1_musig.h` for how to ensure that. +2. The `secp256k1_musig_secnonce` structure is never copied or serialized. + See also the comment on `secp256k1_musig_secnonce` in `include/secp256k1_musig.h`. 3. Opaque data structures are never written to or read from directly. Instead, only the provided accessor functions are used. ## Key Aggregation and (Taproot) Tweaking -Given a set of public keys, the aggregate public key is computed with `rustsecp256k1_v0_11_musig_pubkey_agg`. -A plain tweak can be added to the resulting public key with `rustsecp256k1_v0_11_ec_pubkey_tweak_add` by setting the `tweak32` argument to the hash defined in BIP 32. Similarly, a Taproot tweak can be added with `rustsecp256k1_v0_11_xonly_pubkey_tweak_add` by setting the `tweak32` argument to the TapTweak hash defined in BIP 341. +Given a set of public keys, the aggregate public key is computed with `secp256k1_musig_pubkey_agg`. +A plain tweak can be added to the resulting public key with `secp256k1_ec_pubkey_tweak_add` by setting the `tweak32` argument to the hash defined in BIP 32. Similarly, a Taproot tweak can be added with `secp256k1_xonly_pubkey_tweak_add` by setting the `tweak32` argument to the TapTweak hash defined in BIP 341. Both types of tweaking can be combined and invoked multiple times if the specific application requires it. ## Signing @@ -30,17 +30,17 @@ Both types of tweaking can be combined and invoked multiple times if the specifi This is covered by `examples/musig.c`. Essentially, the protocol proceeds in the following steps: -1. Generate a keypair with `rustsecp256k1_v0_11_keypair_create` and obtain the public key with `rustsecp256k1_v0_11_keypair_pub`. -2. Call `rustsecp256k1_v0_11_musig_pubkey_agg` with the pubkeys of all participants. -3. Optionally add a (Taproot) tweak with `rustsecp256k1_v0_11_musig_pubkey_xonly_tweak_add` and a plain tweak with `rustsecp256k1_v0_11_musig_pubkey_ec_tweak_add`. -4. Generate a pair of secret and public nonce with `rustsecp256k1_v0_11_musig_nonce_gen` and send the public nonce to the other signers. -5. Someone (not necessarily the signer) aggregates the public nonces with `rustsecp256k1_v0_11_musig_nonce_agg` and sends it to the signers. -6. Process the aggregate nonce with `rustsecp256k1_v0_11_musig_nonce_process`. -7. Create a partial signature with `rustsecp256k1_v0_11_musig_partial_sign`. -8. Verify the partial signatures (optional in some scenarios) with `rustsecp256k1_v0_11_musig_partial_sig_verify`. -9. Someone (not necessarily the signer) obtains all partial signatures and aggregates them into the final Schnorr signature using `rustsecp256k1_v0_11_musig_partial_sig_agg`. - -The aggregate signature can be verified with `rustsecp256k1_v0_11_schnorrsig_verify`. +1. Generate a keypair with `secp256k1_keypair_create` and obtain the public key with `secp256k1_keypair_pub`. +2. Call `secp256k1_musig_pubkey_agg` with the pubkeys of all participants. +3. Optionally add a (Taproot) tweak with `secp256k1_musig_pubkey_xonly_tweak_add` and a plain tweak with `secp256k1_musig_pubkey_ec_tweak_add`. +4. Generate a pair of secret and public nonce with `secp256k1_musig_nonce_gen` and send the public nonce to the other signers. +5. Someone (not necessarily the signer) aggregates the public nonces with `secp256k1_musig_nonce_agg` and sends it to the signers. +6. Process the aggregate nonce with `secp256k1_musig_nonce_process`. +7. Create a partial signature with `secp256k1_musig_partial_sign`. +8. Verify the partial signatures (optional in some scenarios) with `secp256k1_musig_partial_sig_verify`. +9. Someone (not necessarily the signer) obtains all partial signatures and aggregates them into the final Schnorr signature using `secp256k1_musig_partial_sig_agg`. + +The aggregate signature can be verified with `secp256k1_schnorrsig_verify`. Steps 1 through 5 above can occur before or after the signers are aware of the message to be signed. Whenever possible, it is recommended to generate the nonces only after the message is known. diff --git a/secp256k1-sys/depend/secp256k1/examples/CMakeLists.txt b/secp256k1-sys/depend/secp256k1/examples/CMakeLists.txt index 565116d6c..c9da9de6b 100644 --- a/secp256k1-sys/depend/secp256k1/examples/CMakeLists.txt +++ b/secp256k1-sys/depend/secp256k1/examples/CMakeLists.txt @@ -9,7 +9,7 @@ function(add_example name) $<$:bcrypt> ) set(test_name ${name}_example) - add_test(NAME rustsecp256k1_v0_11_${test_name} COMMAND ${target_name}) + add_test(NAME secp256k1_${test_name} COMMAND ${target_name}) endfunction() add_example(ecdsa) diff --git a/secp256k1-sys/depend/secp256k1/examples/ecdh.c b/secp256k1-sys/depend/secp256k1/examples/ecdh.c index 1c9d87d9d..67b8c2047 100644 --- a/secp256k1-sys/depend/secp256k1/examples/ecdh.c +++ b/secp256k1-sys/depend/secp256k1/examples/ecdh.c @@ -8,6 +8,7 @@ *************************************************************************/ #include +#include #include #include @@ -26,50 +27,50 @@ int main(void) { unsigned char randomize[32]; int return_val; size_t len; - rustsecp256k1_v0_11_pubkey pubkey1; - rustsecp256k1_v0_11_pubkey pubkey2; + secp256k1_pubkey pubkey1; + secp256k1_pubkey pubkey2; /* Before we can call actual API functions, we need to create a "context". */ - rustsecp256k1_v0_11_context* ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); if (!fill_random(randomize, sizeof(randomize))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* Randomizing the context is recommended to protect against side-channel - * leakage See `rustsecp256k1_v0_11_context_randomize` in secp256k1.h for more + * leakage See `secp256k1_context_randomize` in secp256k1.h for more * information about it. This should never fail. */ - return_val = rustsecp256k1_v0_11_context_randomize(ctx, randomize); + return_val = secp256k1_context_randomize(ctx, randomize); assert(return_val); /*** Key Generation ***/ if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* If the secret key is zero or out of range (greater than secp256k1's * order), we fail. Note that the probability of this occurring is negligible * with a properly functioning random number generator. */ - if (!rustsecp256k1_v0_11_ec_seckey_verify(ctx, seckey1) || !rustsecp256k1_v0_11_ec_seckey_verify(ctx, seckey2)) { + if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) { printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); - return 1; + return EXIT_FAILURE; } /* Public key creation using a valid context with a verified secret key should never fail */ - return_val = rustsecp256k1_v0_11_ec_pubkey_create(ctx, &pubkey1, seckey1); + return_val = secp256k1_ec_pubkey_create(ctx, &pubkey1, seckey1); assert(return_val); - return_val = rustsecp256k1_v0_11_ec_pubkey_create(ctx, &pubkey2, seckey2); + return_val = secp256k1_ec_pubkey_create(ctx, &pubkey2, seckey2); assert(return_val); /* Serialize pubkey1 in a compressed form (33 bytes), should always return 1 */ len = sizeof(compressed_pubkey1); - return_val = rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, compressed_pubkey1, &len, &pubkey1, SECP256K1_EC_COMPRESSED); + return_val = secp256k1_ec_pubkey_serialize(ctx, compressed_pubkey1, &len, &pubkey1, SECP256K1_EC_COMPRESSED); assert(return_val); /* Should be the same size as the size of the output, because we passed a 33 byte array. */ assert(len == sizeof(compressed_pubkey1)); /* Serialize pubkey2 in a compressed form (33 bytes) */ len = sizeof(compressed_pubkey2); - return_val = rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, compressed_pubkey2, &len, &pubkey2, SECP256K1_EC_COMPRESSED); + return_val = secp256k1_ec_pubkey_serialize(ctx, compressed_pubkey2, &len, &pubkey2, SECP256K1_EC_COMPRESSED); assert(return_val); /* Should be the same size as the size of the output, because we passed a 33 byte array. */ assert(len == sizeof(compressed_pubkey2)); @@ -78,12 +79,12 @@ int main(void) { /* Perform ECDH with seckey1 and pubkey2. Should never fail with a verified * seckey and valid pubkey */ - return_val = rustsecp256k1_v0_11_ecdh(ctx, shared_secret1, &pubkey2, seckey1, NULL, NULL); + return_val = secp256k1_ecdh(ctx, shared_secret1, &pubkey2, seckey1, NULL, NULL); assert(return_val); /* Perform ECDH with seckey2 and pubkey1. Should never fail with a verified * seckey and valid pubkey */ - return_val = rustsecp256k1_v0_11_ecdh(ctx, shared_secret2, &pubkey1, seckey2, NULL, NULL); + return_val = secp256k1_ecdh(ctx, shared_secret2, &pubkey1, seckey2, NULL, NULL); assert(return_val); /* Both parties should end up with the same shared secret */ @@ -102,7 +103,7 @@ int main(void) { print_hex(shared_secret1, sizeof(shared_secret1)); /* This will clear everything from the context and free the memory */ - rustsecp256k1_v0_11_context_destroy(ctx); + secp256k1_context_destroy(ctx); /* It's best practice to try to clear secrets from memory after using them. * This is done because some bugs can allow an attacker to leak memory, for @@ -116,5 +117,5 @@ int main(void) { secure_erase(shared_secret1, sizeof(shared_secret1)); secure_erase(shared_secret2, sizeof(shared_secret2)); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/examples/ecdsa.c b/secp256k1-sys/depend/secp256k1/examples/ecdsa.c index fcc9797f8..ae16c180d 100644 --- a/secp256k1-sys/depend/secp256k1/examples/ecdsa.c +++ b/secp256k1-sys/depend/secp256k1/examples/ecdsa.c @@ -8,6 +8,7 @@ *************************************************************************/ #include +#include #include #include @@ -34,40 +35,40 @@ int main(void) { size_t len; int is_signature_valid, is_signature_valid2; int return_val; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_ecdsa_signature sig; + secp256k1_pubkey pubkey; + secp256k1_ecdsa_signature sig; /* Before we can call actual API functions, we need to create a "context". */ - rustsecp256k1_v0_11_context* ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); if (!fill_random(randomize, sizeof(randomize))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* Randomizing the context is recommended to protect against side-channel - * leakage See `rustsecp256k1_v0_11_context_randomize` in secp256k1.h for more + * leakage See `secp256k1_context_randomize` in secp256k1.h for more * information about it. This should never fail. */ - return_val = rustsecp256k1_v0_11_context_randomize(ctx, randomize); + return_val = secp256k1_context_randomize(ctx, randomize); assert(return_val); /*** Key Generation ***/ if (!fill_random(seckey, sizeof(seckey))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* If the secret key is zero or out of range (greater than secp256k1's * order), we fail. Note that the probability of this occurring is negligible * with a properly functioning random number generator. */ - if (!rustsecp256k1_v0_11_ec_seckey_verify(ctx, seckey)) { + if (!secp256k1_ec_seckey_verify(ctx, seckey)) { printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); - return 1; + return EXIT_FAILURE; } /* Public key creation using a valid context with a verified secret key should never fail */ - return_val = rustsecp256k1_v0_11_ec_pubkey_create(ctx, &pubkey, seckey); + return_val = secp256k1_ec_pubkey_create(ctx, &pubkey, seckey); assert(return_val); /* Serialize the pubkey in a compressed form(33 bytes). Should always return 1. */ len = sizeof(compressed_pubkey); - return_val = rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, compressed_pubkey, &len, &pubkey, SECP256K1_EC_COMPRESSED); + return_val = secp256k1_ec_pubkey_serialize(ctx, compressed_pubkey, &len, &pubkey, SECP256K1_EC_COMPRESSED); assert(return_val); /* Should be the same size as the size of the output, because we passed a 33 byte array. */ assert(len == sizeof(compressed_pubkey)); @@ -78,31 +79,31 @@ int main(void) { * custom nonce function, passing `NULL` will use the RFC-6979 safe default. * Signing with a valid context, verified secret key * and the default nonce function should never fail. */ - return_val = rustsecp256k1_v0_11_ecdsa_sign(ctx, &sig, msg_hash, seckey, NULL, NULL); + return_val = secp256k1_ecdsa_sign(ctx, &sig, msg_hash, seckey, NULL, NULL); assert(return_val); /* Serialize the signature in a compact form. Should always return 1 * according to the documentation in secp256k1.h. */ - return_val = rustsecp256k1_v0_11_ecdsa_signature_serialize_compact(ctx, serialized_signature, &sig); + return_val = secp256k1_ecdsa_signature_serialize_compact(ctx, serialized_signature, &sig); assert(return_val); /*** Verification ***/ /* Deserialize the signature. This will return 0 if the signature can't be parsed correctly. */ - if (!rustsecp256k1_v0_11_ecdsa_signature_parse_compact(ctx, &sig, serialized_signature)) { + if (!secp256k1_ecdsa_signature_parse_compact(ctx, &sig, serialized_signature)) { printf("Failed parsing the signature\n"); - return 1; + return EXIT_FAILURE; } /* Deserialize the public key. This will return 0 if the public key can't be parsed correctly. */ - if (!rustsecp256k1_v0_11_ec_pubkey_parse(ctx, &pubkey, compressed_pubkey, sizeof(compressed_pubkey))) { + if (!secp256k1_ec_pubkey_parse(ctx, &pubkey, compressed_pubkey, sizeof(compressed_pubkey))) { printf("Failed parsing the public key\n"); - return 1; + return EXIT_FAILURE; } /* Verify a signature. This will return 1 if it's valid and 0 if it's not. */ - is_signature_valid = rustsecp256k1_v0_11_ecdsa_verify(ctx, &sig, msg_hash, &pubkey); + is_signature_valid = secp256k1_ecdsa_verify(ctx, &sig, msg_hash, &pubkey); printf("Is the signature valid? %s\n", is_signature_valid ? "true" : "false"); printf("Secret Key: "); @@ -113,14 +114,14 @@ int main(void) { print_hex(serialized_signature, sizeof(serialized_signature)); /* This will clear everything from the context and free the memory */ - rustsecp256k1_v0_11_context_destroy(ctx); + secp256k1_context_destroy(ctx); /* Bonus example: if all we need is signature verification (and no key generation or signing), we don't need to use a context created via - rustsecp256k1_v0_11_context_create(). We can simply use the static (i.e., global) - context rustsecp256k1_v0_11_context_static. See its description in + secp256k1_context_create(). We can simply use the static (i.e., global) + context secp256k1_context_static. See its description in include/secp256k1.h for details. */ - is_signature_valid2 = rustsecp256k1_v0_11_ecdsa_verify(rustsecp256k1_v0_11_context_static, + is_signature_valid2 = secp256k1_ecdsa_verify(secp256k1_context_static, &sig, msg_hash, &pubkey); assert(is_signature_valid2 == is_signature_valid); @@ -133,5 +134,5 @@ int main(void) { * will remove any writes that aren't used. */ secure_erase(seckey, sizeof(seckey)); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/examples/ellswift.c b/secp256k1-sys/depend/secp256k1/examples/ellswift.c index c50529745..d58e96b05 100644 --- a/secp256k1-sys/depend/secp256k1/examples/ellswift.c +++ b/secp256k1-sys/depend/secp256k1/examples/ellswift.c @@ -9,10 +9,11 @@ /** This file demonstrates how to use the ElligatorSwift module to perform * a key exchange according to BIP 324. Additionally, see the documentation - * in include/rustsecp256k1_v0_11_ellswift.h and doc/ellswift.md. + * in include/secp256k1_ellswift.h and doc/ellswift.md. */ #include +#include #include #include @@ -22,7 +23,7 @@ #include "examples_util.h" int main(void) { - rustsecp256k1_v0_11_context* ctx; + secp256k1_context* ctx; unsigned char randomize[32]; unsigned char auxrand1[32]; unsigned char auxrand2[32]; @@ -35,28 +36,28 @@ int main(void) { int return_val; /* Create a secp256k1 context */ - ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); if (!fill_random(randomize, sizeof(randomize))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* Randomizing the context is recommended to protect against side-channel - * leakage. See `rustsecp256k1_v0_11_context_randomize` in secp256k1.h for more + * leakage. See `secp256k1_context_randomize` in secp256k1.h for more * information about it. This should never fail. */ - return_val = rustsecp256k1_v0_11_context_randomize(ctx, randomize); + return_val = secp256k1_context_randomize(ctx, randomize); assert(return_val); /*** Generate secret keys ***/ if (!fill_random(seckey1, sizeof(seckey1)) || !fill_random(seckey2, sizeof(seckey2))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* If the secret key is zero or out of range (greater than secp256k1's * order), we fail. Note that the probability of this occurring is negligible * with a properly functioning random number generator. */ - if (!rustsecp256k1_v0_11_ec_seckey_verify(ctx, seckey1) || !rustsecp256k1_v0_11_ec_seckey_verify(ctx, seckey2)) { + if (!secp256k1_ec_seckey_verify(ctx, seckey1) || !secp256k1_ec_seckey_verify(ctx, seckey2)) { printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); - return 1; + return EXIT_FAILURE; } /* Generate ElligatorSwift public keys. This should never fail with valid context and @@ -64,11 +65,11 @@ int main(void) { optional, but recommended. */ if (!fill_random(auxrand1, sizeof(auxrand1)) || !fill_random(auxrand2, sizeof(auxrand2))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } - return_val = rustsecp256k1_v0_11_ellswift_create(ctx, ellswift_pubkey1, seckey1, auxrand1); + return_val = secp256k1_ellswift_create(ctx, ellswift_pubkey1, seckey1, auxrand1); assert(return_val); - return_val = rustsecp256k1_v0_11_ellswift_create(ctx, ellswift_pubkey2, seckey2, auxrand2); + return_val = secp256k1_ellswift_create(ctx, ellswift_pubkey2, seckey2, auxrand2); assert(return_val); /*** Create the shared secret on each side ***/ @@ -77,14 +78,14 @@ int main(void) { * with a verified seckey and valid pubkey. Note that both parties pass both * EllSwift pubkeys in the same order; the pubkey of the calling party is * determined by the "party" boolean (sixth parameter). */ - return_val = rustsecp256k1_v0_11_ellswift_xdh(ctx, shared_secret1, ellswift_pubkey1, ellswift_pubkey2, - seckey1, 0, rustsecp256k1_v0_11_ellswift_xdh_hash_function_bip324, NULL); + return_val = secp256k1_ellswift_xdh(ctx, shared_secret1, ellswift_pubkey1, ellswift_pubkey2, + seckey1, 0, secp256k1_ellswift_xdh_hash_function_bip324, NULL); assert(return_val); /* Perform x-only ECDH with seckey2 and ellswift_pubkey1. Should never fail * with a verified seckey and valid pubkey. */ - return_val = rustsecp256k1_v0_11_ellswift_xdh(ctx, shared_secret2, ellswift_pubkey1, ellswift_pubkey2, - seckey2, 1, rustsecp256k1_v0_11_ellswift_xdh_hash_function_bip324, NULL); + return_val = secp256k1_ellswift_xdh(ctx, shared_secret2, ellswift_pubkey1, ellswift_pubkey2, + seckey2, 1, secp256k1_ellswift_xdh_hash_function_bip324, NULL); assert(return_val); /* Both parties should end up with the same shared secret */ @@ -103,7 +104,7 @@ int main(void) { print_hex(shared_secret1, sizeof(shared_secret1)); /* This will clear everything from the context and free the memory */ - rustsecp256k1_v0_11_context_destroy(ctx); + secp256k1_context_destroy(ctx); /* It's best practice to try to clear secrets from memory after using them. * This is done because some bugs can allow an attacker to leak memory, for @@ -117,5 +118,5 @@ int main(void) { secure_erase(shared_secret1, sizeof(shared_secret1)); secure_erase(shared_secret2, sizeof(shared_secret2)); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/examples/musig.c b/secp256k1-sys/depend/secp256k1/examples/musig.c index a9ead9716..bdb8fced0 100644 --- a/secp256k1-sys/depend/secp256k1/examples/musig.c +++ b/secp256k1-sys/depend/secp256k1/examples/musig.c @@ -8,10 +8,11 @@ /** This file demonstrates how to use the MuSig module to create a * 3-of-3 multisignature. Additionally, see the documentation in - * include/rustsecp256k1_v0_11_musig.h and doc/musig.md. + * include/secp256k1_musig.h and doc/musig.md. */ #include +#include #include #include @@ -23,20 +24,20 @@ #include "examples_util.h" struct signer_secrets { - rustsecp256k1_v0_11_keypair keypair; - rustsecp256k1_v0_11_musig_secnonce secnonce; + secp256k1_keypair keypair; + secp256k1_musig_secnonce secnonce; }; struct signer { - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_musig_pubnonce pubnonce; - rustsecp256k1_v0_11_musig_partial_sig partial_sig; + secp256k1_pubkey pubkey; + secp256k1_musig_pubnonce pubnonce; + secp256k1_musig_partial_sig partial_sig; }; /* Number of public keys involved in creating the aggregate signature */ #define N_SIGNERS 3 /* Create a key pair, store it in signer_secrets->keypair and signer->pubkey */ -static int create_keypair(const rustsecp256k1_v0_11_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer) { +static int create_keypair(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer) { unsigned char seckey[32]; if (!fill_random(seckey, sizeof(seckey))) { @@ -47,10 +48,10 @@ static int create_keypair(const rustsecp256k1_v0_11_context* ctx, struct signer_ * secret key is zero or out of range (greater than secp256k1's order). Note * that the probability of this occurring is negligible with a properly * functioning random number generator. */ - if (!rustsecp256k1_v0_11_keypair_create(ctx, &signer_secrets->keypair, seckey)) { + if (!secp256k1_keypair_create(ctx, &signer_secrets->keypair, seckey)) { return 0; } - if (!rustsecp256k1_v0_11_keypair_pub(ctx, &signer->pubkey, &signer_secrets->keypair)) { + if (!secp256k1_keypair_pub(ctx, &signer->pubkey, &signer_secrets->keypair)) { return 0; } @@ -60,8 +61,8 @@ static int create_keypair(const rustsecp256k1_v0_11_context* ctx, struct signer_ /* Tweak the pubkey corresponding to the provided keyagg cache, update the cache * and return the tweaked aggregate pk. */ -static int tweak(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_xonly_pubkey *agg_pk, rustsecp256k1_v0_11_musig_keyagg_cache *cache) { - rustsecp256k1_v0_11_pubkey output_pk; +static int tweak(const secp256k1_context* ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *cache) { + secp256k1_pubkey output_pk; /* For BIP 32 tweaking the plain_tweak is set to a hash as defined in BIP * 32. */ unsigned char plain_tweak[32] = "this could be a BIP32 tweak...."; @@ -72,59 +73,59 @@ static int tweak(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_xon /* Plain tweaking which, for example, allows deriving multiple child * public keys from a single aggregate key using BIP32 */ - if (!rustsecp256k1_v0_11_musig_pubkey_ec_tweak_add(ctx, NULL, cache, plain_tweak)) { + if (!secp256k1_musig_pubkey_ec_tweak_add(ctx, NULL, cache, plain_tweak)) { return 0; } /* Note that we did not provide an output_pk argument, because the * resulting pk is also saved in the cache and so if one is just interested * in signing, the output_pk argument is unnecessary. On the other hand, if * one is not interested in signing, the same output_pk can be obtained by - * calling `rustsecp256k1_v0_11_musig_pubkey_get` right after key aggregation to get - * the full pubkey and then call `rustsecp256k1_v0_11_ec_pubkey_tweak_add`. */ + * calling `secp256k1_musig_pubkey_get` right after key aggregation to get + * the full pubkey and then call `secp256k1_ec_pubkey_tweak_add`. */ /* Xonly tweaking which, for example, allows creating Taproot commitments */ - if (!rustsecp256k1_v0_11_musig_pubkey_xonly_tweak_add(ctx, &output_pk, cache, xonly_tweak)) { + if (!secp256k1_musig_pubkey_xonly_tweak_add(ctx, &output_pk, cache, xonly_tweak)) { return 0; } /* Note that if we wouldn't care about signing, we can arrive at the same * output_pk by providing the untweaked public key to - * `rustsecp256k1_v0_11_xonly_pubkey_tweak_add` (after converting it to an xonly pubkey - * if necessary with `rustsecp256k1_v0_11_xonly_pubkey_from_pubkey`). */ + * `secp256k1_xonly_pubkey_tweak_add` (after converting it to an xonly pubkey + * if necessary with `secp256k1_xonly_pubkey_from_pubkey`). */ /* Now we convert the output_pk to an xonly pubkey to allow to later verify * the Schnorr signature against it. For this purpose we can ignore the * `pk_parity` output argument; we would need it if we would have to open * the Taproot commitment. */ - if (!rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(ctx, agg_pk, NULL, &output_pk)) { + if (!secp256k1_xonly_pubkey_from_pubkey(ctx, agg_pk, NULL, &output_pk)) { return 0; } return 1; } /* Sign a message hash with the given key pairs and store the result in sig */ -static int sign(const rustsecp256k1_v0_11_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer, const rustsecp256k1_v0_11_musig_keyagg_cache *cache, const unsigned char *msg32, unsigned char *sig64) { +static int sign(const secp256k1_context* ctx, struct signer_secrets *signer_secrets, struct signer *signer, const secp256k1_musig_keyagg_cache *cache, const unsigned char *msg32, unsigned char *sig64) { int i; - const rustsecp256k1_v0_11_musig_pubnonce *pubnonces[N_SIGNERS]; - const rustsecp256k1_v0_11_musig_partial_sig *partial_sigs[N_SIGNERS]; + const secp256k1_musig_pubnonce *pubnonces[N_SIGNERS]; + const secp256k1_musig_partial_sig *partial_sigs[N_SIGNERS]; /* The same for all signers */ - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_aggnonce agg_pubnonce; + secp256k1_musig_session session; + secp256k1_musig_aggnonce agg_pubnonce; for (i = 0; i < N_SIGNERS; i++) { unsigned char seckey[32]; unsigned char session_secrand[32]; /* Create random session ID. It is absolutely necessary that the session ID - * is unique for every call of rustsecp256k1_v0_11_musig_nonce_gen. Otherwise + * is unique for every call of secp256k1_musig_nonce_gen. Otherwise * it's trivial for an attacker to extract the secret key! */ if (!fill_random(session_secrand, sizeof(session_secrand))) { return 0; } - if (!rustsecp256k1_v0_11_keypair_sec(ctx, seckey, &signer_secrets[i].keypair)) { + if (!secp256k1_keypair_sec(ctx, seckey, &signer_secrets[i].keypair)) { return 0; } /* Initialize session and create secret nonce for signing and public * nonce to send to the other signers. */ - if (!rustsecp256k1_v0_11_musig_nonce_gen(ctx, &signer_secrets[i].secnonce, &signer[i].pubnonce, session_secrand, seckey, &signer[i].pubkey, msg32, NULL, NULL)) { + if (!secp256k1_musig_nonce_gen(ctx, &signer_secrets[i].secnonce, &signer[i].pubnonce, session_secrand, seckey, &signer[i].pubkey, msg32, NULL, NULL)) { return 0; } pubnonces[i] = &signer[i].pubnonce; @@ -133,23 +134,23 @@ static int sign(const rustsecp256k1_v0_11_context* ctx, struct signer_secrets *s } /* Communication round 1: Every signer sends their pubnonce to the - * coordinator. The coordinator runs rustsecp256k1_v0_11_musig_nonce_agg and sends + * coordinator. The coordinator runs secp256k1_musig_nonce_agg and sends * agg_pubnonce to each signer */ - if (!rustsecp256k1_v0_11_musig_nonce_agg(ctx, &agg_pubnonce, pubnonces, N_SIGNERS)) { + if (!secp256k1_musig_nonce_agg(ctx, &agg_pubnonce, pubnonces, N_SIGNERS)) { return 0; } /* Every signer creates a partial signature */ for (i = 0; i < N_SIGNERS; i++) { /* Initialize the signing session by processing the aggregate nonce */ - if (!rustsecp256k1_v0_11_musig_nonce_process(ctx, &session, &agg_pubnonce, msg32, cache)) { + if (!secp256k1_musig_nonce_process(ctx, &session, &agg_pubnonce, msg32, cache)) { return 0; } /* partial_sign will clear the secnonce by setting it to 0. That's because * you must _never_ reuse the secnonce (or use the same session_secrand to * create a secnonce). If you do, you effectively reuse the nonce and * leak the secret key. */ - if (!rustsecp256k1_v0_11_musig_partial_sign(ctx, &signer[i].partial_sig, &signer_secrets[i].secnonce, &signer_secrets[i].keypair, cache, &session)) { + if (!secp256k1_musig_partial_sign(ctx, &signer[i].partial_sig, &signer_secrets[i].secnonce, &signer_secrets[i].keypair, cache, &session)) { return 0; } partial_sigs[i] = &signer[i].partial_sig; @@ -159,7 +160,7 @@ static int sign(const rustsecp256k1_v0_11_context* ctx, struct signer_secrets *s for (i = 0; i < N_SIGNERS; i++) { /* To check whether signing was successful, it suffices to either verify * the aggregate signature with the aggregate public key using - * rustsecp256k1_v0_11_schnorrsig_verify, or verify all partial signatures of all + * secp256k1_schnorrsig_verify, or verify all partial signatures of all * signers individually. Verifying the aggregate signature is cheaper but * verifying the individual partial signatures has the advantage that it * can be used to determine which of the partial signatures are invalid @@ -168,58 +169,58 @@ static int sign(const rustsecp256k1_v0_11_context* ctx, struct signer_secrets *s * fine to first verify the aggregate sig, and only verify the individual * sigs if it does not work. */ - if (!rustsecp256k1_v0_11_musig_partial_sig_verify(ctx, &signer[i].partial_sig, &signer[i].pubnonce, &signer[i].pubkey, cache, &session)) { + if (!secp256k1_musig_partial_sig_verify(ctx, &signer[i].partial_sig, &signer[i].pubnonce, &signer[i].pubkey, cache, &session)) { return 0; } } - return rustsecp256k1_v0_11_musig_partial_sig_agg(ctx, sig64, &session, partial_sigs, N_SIGNERS); + return secp256k1_musig_partial_sig_agg(ctx, sig64, &session, partial_sigs, N_SIGNERS); } int main(void) { - rustsecp256k1_v0_11_context* ctx; + secp256k1_context* ctx; int i; struct signer_secrets signer_secrets[N_SIGNERS]; struct signer signers[N_SIGNERS]; - const rustsecp256k1_v0_11_pubkey *pubkeys_ptr[N_SIGNERS]; - rustsecp256k1_v0_11_xonly_pubkey agg_pk; - rustsecp256k1_v0_11_musig_keyagg_cache cache; + const secp256k1_pubkey *pubkeys_ptr[N_SIGNERS]; + secp256k1_xonly_pubkey agg_pk; + secp256k1_musig_keyagg_cache cache; unsigned char msg[32] = "this_could_be_the_hash_of_a_msg"; unsigned char sig[64]; /* Create a secp256k1 context */ - ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); printf("Creating key pairs......"); fflush(stdout); for (i = 0; i < N_SIGNERS; i++) { if (!create_keypair(ctx, &signer_secrets[i], &signers[i])) { printf("FAILED\n"); - return 1; + return EXIT_FAILURE; } pubkeys_ptr[i] = &signers[i].pubkey; } printf("ok\n"); - /* The aggregate public key produced by rustsecp256k1_v0_11_musig_pubkey_agg depends + /* The aggregate public key produced by secp256k1_musig_pubkey_agg depends * on the order of the provided public keys. If there is no canonical order * of the signers, the individual public keys can optionally be sorted with - * rustsecp256k1_v0_11_ec_pubkey_sort to ensure that the aggregate public key is + * secp256k1_ec_pubkey_sort to ensure that the aggregate public key is * independent of the order of signers. */ printf("Sorting public keys....."); fflush(stdout); - if (!rustsecp256k1_v0_11_ec_pubkey_sort(ctx, pubkeys_ptr, N_SIGNERS)) { + if (!secp256k1_ec_pubkey_sort(ctx, pubkeys_ptr, N_SIGNERS)) { printf("FAILED\n"); - return 1; + return EXIT_FAILURE; } printf("ok\n"); printf("Combining public keys..."); fflush(stdout); /* If you just want to aggregate and not sign, you can call - * rustsecp256k1_v0_11_musig_pubkey_agg with the keyagg_cache argument set to NULL + * secp256k1_musig_pubkey_agg with the keyagg_cache argument set to NULL * while providing a non-NULL agg_pk argument. */ - if (!rustsecp256k1_v0_11_musig_pubkey_agg(ctx, NULL, &cache, pubkeys_ptr, N_SIGNERS)) { + if (!secp256k1_musig_pubkey_agg(ctx, NULL, &cache, pubkeys_ptr, N_SIGNERS)) { printf("FAILED\n"); - return 1; + return EXIT_FAILURE; } printf("ok\n"); printf("Tweaking................"); @@ -227,21 +228,21 @@ int main(void) { /* Optionally tweak the aggregate key */ if (!tweak(ctx, &agg_pk, &cache)) { printf("FAILED\n"); - return 1; + return EXIT_FAILURE; } printf("ok\n"); printf("Signing message........."); fflush(stdout); if (!sign(ctx, signer_secrets, signers, &cache, msg, sig)) { printf("FAILED\n"); - return 1; + return EXIT_FAILURE; } printf("ok\n"); printf("Verifying signature....."); fflush(stdout); - if (!rustsecp256k1_v0_11_schnorrsig_verify(ctx, sig, msg, 32, &agg_pk)) { + if (!secp256k1_schnorrsig_verify(ctx, sig, msg, 32, &agg_pk)) { printf("FAILED\n"); - return 1; + return EXIT_FAILURE; } printf("ok\n"); @@ -255,6 +256,6 @@ int main(void) { for (i = 0; i < N_SIGNERS; i++) { secure_erase(&signer_secrets[i], sizeof(signer_secrets[i])); } - rustsecp256k1_v0_11_context_destroy(ctx); - return 0; + secp256k1_context_destroy(ctx); + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/examples/schnorr.c b/secp256k1-sys/depend/secp256k1/examples/schnorr.c index e41be3ee1..49baed24b 100644 --- a/secp256k1-sys/depend/secp256k1/examples/schnorr.c +++ b/secp256k1-sys/depend/secp256k1/examples/schnorr.c @@ -8,6 +8,7 @@ *************************************************************************/ #include +#include #include #include @@ -28,44 +29,44 @@ int main(void) { unsigned char signature[64]; int is_signature_valid, is_signature_valid2; int return_val; - rustsecp256k1_v0_11_xonly_pubkey pubkey; - rustsecp256k1_v0_11_keypair keypair; + secp256k1_xonly_pubkey pubkey; + secp256k1_keypair keypair; /* Before we can call actual API functions, we need to create a "context". */ - rustsecp256k1_v0_11_context* ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_context* ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); if (!fill_random(randomize, sizeof(randomize))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* Randomizing the context is recommended to protect against side-channel - * leakage See `rustsecp256k1_v0_11_context_randomize` in secp256k1.h for more + * leakage See `secp256k1_context_randomize` in secp256k1.h for more * information about it. This should never fail. */ - return_val = rustsecp256k1_v0_11_context_randomize(ctx, randomize); + return_val = secp256k1_context_randomize(ctx, randomize); assert(return_val); /*** Key Generation ***/ if (!fill_random(seckey, sizeof(seckey))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* Try to create a keypair with a valid context. This only fails if the * secret key is zero or out of range (greater than secp256k1's order). Note * that the probability of this occurring is negligible with a properly * functioning random number generator. */ - if (!rustsecp256k1_v0_11_keypair_create(ctx, &keypair, seckey)) { + if (!secp256k1_keypair_create(ctx, &keypair, seckey)) { printf("Generated secret key is invalid. This indicates an issue with the random number generator.\n"); - return 1; + return EXIT_FAILURE; } /* Extract the X-only public key from the keypair. We pass NULL for * `pk_parity` as the parity isn't needed for signing or verification. - * `rustsecp256k1_v0_11_keypair_xonly_pub` supports returning the parity for + * `secp256k1_keypair_xonly_pub` supports returning the parity for * other use cases such as tests or verifying Taproot tweaks. * This should never fail with a valid context and public key. */ - return_val = rustsecp256k1_v0_11_keypair_xonly_pub(ctx, &pubkey, NULL, &keypair); + return_val = secp256k1_keypair_xonly_pub(ctx, &pubkey, NULL, &keypair); assert(return_val); /* Serialize the public key. Should always return 1 for a valid public key. */ - return_val = rustsecp256k1_v0_11_xonly_pubkey_serialize(ctx, serialized_pubkey, &pubkey); + return_val = secp256k1_xonly_pubkey_serialize(ctx, serialized_pubkey, &pubkey); assert(return_val); /*** Signing ***/ @@ -73,7 +74,7 @@ int main(void) { /* Instead of signing (possibly very long) messages directly, we sign a * 32-byte hash of the message in this example. * - * We use rustsecp256k1_v0_11_tagged_sha256 to create this hash. This function expects + * We use secp256k1_tagged_sha256 to create this hash. This function expects * a context-specific "tag", which restricts the context in which the signed * messages should be considered valid. For example, if protocol A mandates * to use the tag "my_fancy_protocol" and protocol B mandates to use the tag @@ -84,41 +85,41 @@ int main(void) { * message that has intended consequences in the intended context (e.g., * protocol A) but would have unintended consequences if it were valid in * some other context (e.g., protocol B). */ - return_val = rustsecp256k1_v0_11_tagged_sha256(ctx, msg_hash, tag, sizeof(tag), msg, sizeof(msg)); + return_val = secp256k1_tagged_sha256(ctx, msg_hash, tag, sizeof(tag), msg, sizeof(msg)); assert(return_val); /* Generate 32 bytes of randomness to use with BIP-340 schnorr signing. */ if (!fill_random(auxiliary_rand, sizeof(auxiliary_rand))) { printf("Failed to generate randomness\n"); - return 1; + return EXIT_FAILURE; } /* Generate a Schnorr signature. * - * We use the rustsecp256k1_v0_11_schnorrsig_sign32 function that provides a simple + * We use the secp256k1_schnorrsig_sign32 function that provides a simple * interface for signing 32-byte messages (which in our case is a hash of * the actual message). BIP-340 recommends passing 32 bytes of randomness * to the signing function to improve security against side-channel attacks. * Signing with a valid context, a 32-byte message, a verified keypair, and * any 32 bytes of auxiliary random data should never fail. */ - return_val = rustsecp256k1_v0_11_schnorrsig_sign32(ctx, signature, msg_hash, &keypair, auxiliary_rand); + return_val = secp256k1_schnorrsig_sign32(ctx, signature, msg_hash, &keypair, auxiliary_rand); assert(return_val); /*** Verification ***/ /* Deserialize the public key. This will return 0 if the public key can't * be parsed correctly */ - if (!rustsecp256k1_v0_11_xonly_pubkey_parse(ctx, &pubkey, serialized_pubkey)) { + if (!secp256k1_xonly_pubkey_parse(ctx, &pubkey, serialized_pubkey)) { printf("Failed parsing the public key\n"); - return 1; + return EXIT_FAILURE; } /* Compute the tagged hash on the received messages using the same tag as the signer. */ - return_val = rustsecp256k1_v0_11_tagged_sha256(ctx, msg_hash, tag, sizeof(tag), msg, sizeof(msg)); + return_val = secp256k1_tagged_sha256(ctx, msg_hash, tag, sizeof(tag), msg, sizeof(msg)); assert(return_val); /* Verify a signature. This will return 1 if it's valid and 0 if it's not. */ - is_signature_valid = rustsecp256k1_v0_11_schnorrsig_verify(ctx, signature, msg_hash, 32, &pubkey); + is_signature_valid = secp256k1_schnorrsig_verify(ctx, signature, msg_hash, 32, &pubkey); printf("Is the signature valid? %s\n", is_signature_valid ? "true" : "false"); @@ -130,14 +131,14 @@ int main(void) { print_hex(signature, sizeof(signature)); /* This will clear everything from the context and free the memory */ - rustsecp256k1_v0_11_context_destroy(ctx); + secp256k1_context_destroy(ctx); /* Bonus example: if all we need is signature verification (and no key generation or signing), we don't need to use a context created via - rustsecp256k1_v0_11_context_create(). We can simply use the static (i.e., global) - context rustsecp256k1_v0_11_context_static. See its description in + secp256k1_context_create(). We can simply use the static (i.e., global) + context secp256k1_context_static. See its description in include/secp256k1.h for details. */ - is_signature_valid2 = rustsecp256k1_v0_11_schnorrsig_verify(rustsecp256k1_v0_11_context_static, + is_signature_valid2 = secp256k1_schnorrsig_verify(secp256k1_context_static, signature, msg_hash, 32, &pubkey); assert(is_signature_valid2 == is_signature_valid); @@ -149,5 +150,5 @@ int main(void) { * Here we are preventing these writes from being optimized out, as any good compiler * will remove any writes that aren't used. */ secure_erase(seckey, sizeof(seckey)); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1.h b/secp256k1-sys/depend/secp256k1/include/secp256k1.h index 300b6c912..b0a13b144 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1.h @@ -29,25 +29,25 @@ extern "C" { * The primary purpose of context objects is to store randomization data for * enhanced protection against side-channel leakage. This protection is only * effective if the context is randomized after its creation. See - * rustsecp256k1_v0_11_context_create for creation of contexts and - * rustsecp256k1_v0_11_context_randomize for randomization. + * secp256k1_context_create for creation of contexts and + * secp256k1_context_randomize for randomization. * * A secondary purpose of context objects is to store pointers to callback * functions that the library will call when certain error states arise. See - * rustsecp256k1_v0_11_context_set_error_callback as well as - * rustsecp256k1_v0_11_context_set_illegal_callback for details. Future library versions + * secp256k1_context_set_error_callback as well as + * secp256k1_context_set_illegal_callback for details. Future library versions * may use context objects for additional purposes. * * A constructed context can safely be used from multiple threads * simultaneously, but API calls that take a non-const pointer to a context * need exclusive access to it. In particular this is the case for - * rustsecp256k1_v0_11_context_destroy, rustsecp256k1_v0_11_context_preallocated_destroy, - * and rustsecp256k1_v0_11_context_randomize. + * secp256k1_context_destroy, secp256k1_context_preallocated_destroy, + * and secp256k1_context_randomize. * * Regarding randomization, either do it once at creation time (in which case * you do not need any locking for the other calls), or use a read-write lock. */ -typedef struct rustsecp256k1_v0_11_context_struct rustsecp256k1_v0_11_context; +typedef struct secp256k1_context_struct secp256k1_context; /** Opaque data structure that holds a parsed and valid public key. * @@ -55,12 +55,12 @@ typedef struct rustsecp256k1_v0_11_context_struct rustsecp256k1_v0_11_context; * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 64 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage or transmission, - * use rustsecp256k1_v0_11_ec_pubkey_serialize and rustsecp256k1_v0_11_ec_pubkey_parse. To - * compare keys, use rustsecp256k1_v0_11_ec_pubkey_cmp. + * use secp256k1_ec_pubkey_serialize and secp256k1_ec_pubkey_parse. To + * compare keys, use secp256k1_ec_pubkey_cmp. */ -typedef struct rustsecp256k1_v0_11_pubkey { +typedef struct secp256k1_pubkey { unsigned char data[64]; -} rustsecp256k1_v0_11_pubkey; +} secp256k1_pubkey; /** Opaque data structure that holds a parsed ECDSA signature. * @@ -68,12 +68,12 @@ typedef struct rustsecp256k1_v0_11_pubkey { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 64 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage, transmission, or - * comparison, use the rustsecp256k1_v0_11_ecdsa_signature_serialize_* and - * rustsecp256k1_v0_11_ecdsa_signature_parse_* functions. + * comparison, use the secp256k1_ecdsa_signature_serialize_* and + * secp256k1_ecdsa_signature_parse_* functions. */ -typedef struct rustsecp256k1_v0_11_ecdsa_signature { +typedef struct secp256k1_ecdsa_signature { unsigned char data[64]; -} rustsecp256k1_v0_11_ecdsa_signature; +} secp256k1_ecdsa_signature; /** A pointer to a function to deterministically generate a nonce. * @@ -91,7 +91,7 @@ typedef struct rustsecp256k1_v0_11_ecdsa_signature { * Except for test cases, this function should compute some cryptographic hash of * the message, the algorithm, the key and the attempt. */ -typedef int (*rustsecp256k1_v0_11_nonce_function)( +typedef int (*secp256k1_nonce_function)( unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, @@ -121,45 +121,57 @@ typedef int (*rustsecp256k1_v0_11_nonce_function)( #endif /* Symbol visibility. */ -#if defined(_WIN32) - /* GCC for Windows (e.g., MinGW) accepts the __declspec syntax - * for MSVC compatibility. A __declspec declaration implies (but is not - * exactly equivalent to) __attribute__ ((visibility("default"))), and so we - * actually want __declspec even on GCC, see "Microsoft Windows Function - * Attributes" in the GCC manual and the recommendations in - * https://gcc.gnu.org/wiki/Visibility. */ -# if defined(SECP256K1_BUILD) -# if defined(DLL_EXPORT) || defined(SECP256K1_DLL_EXPORT) - /* Building libsecp256k1 as a DLL. - * 1. If using Libtool, it defines DLL_EXPORT automatically. - * 2. In other cases, SECP256K1_DLL_EXPORT must be defined. */ -# define SECP256K1_API extern __declspec (dllexport) -# else - /* Building libsecp256k1 as a static library on Windows. - * No declspec is needed, and so we would want the non-Windows-specific - * logic below take care of this case. However, this may result in setting - * __attribute__ ((visibility("default"))), which is supposed to be a noop - * on Windows but may trigger warnings when compiling with -flto due to a - * bug in GCC, see - * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116478 . */ -# define SECP256K1_API extern -# endif - /* The user must define SECP256K1_STATIC when consuming libsecp256k1 as a static - * library on Windows. */ -# elif !defined(SECP256K1_STATIC) - /* Consuming libsecp256k1 as a DLL. */ -# define SECP256K1_API extern __declspec (dllimport) -# endif +#if !defined(SECP256K1_API) && defined(SECP256K1_NO_API_VISIBILITY_ATTRIBUTES) + /* The user has requested that we don't specify visibility attributes in + * the public API. + * + * Since all our non-API declarations use the static qualifier, this means + * that the user can use -fvisibility= to set the visibility of the + * API symbols. For instance, -fvisibility=hidden can be useful *even for + * the API symbols*, e.g., when building a static library which is linked + * into a shared library, and the latter should not re-export the + * libsecp256k1 API. + * + * While visibility is a concept that applies only to shared libraries, + * setting visibility will still make a difference when building a static + * library: the visibility settings will be stored in the static library, + * solely for the potential case that the static library will be linked into + * a shared library. In that case, the stored visibility settings will + * resurface and be honored for the shared library. */ +# define SECP256K1_API extern #endif -#ifndef SECP256K1_API -/* All cases not captured by the Windows-specific logic. */ -# if defined(__GNUC__) && (__GNUC__ >= 4) && defined(SECP256K1_BUILD) - /* Building libsecp256k1 using GCC or compatible. */ -# define SECP256K1_API extern __attribute__ ((visibility ("default"))) -# else - /* Fall back to standard C's extern. */ -# define SECP256K1_API extern -# endif +#if !defined(SECP256K1_API) +# if defined(SECP256K1_BUILD) + /* On Windows, assume a shared library only if explicitly requested. + * 1. If using Libtool, it defines DLL_EXPORT automatically. + * 2. In other cases, SECP256K1_DLL_EXPORT must be defined. */ +# if defined(_WIN32) && (defined(SECP256K1_DLL_EXPORT) || defined(DLL_EXPORT)) + /* GCC for Windows (e.g., MinGW) accepts the __declspec syntax for + * MSVC compatibility. A __declspec declaration implies (but is not + * exactly equivalent to) __attribute__ ((visibility("default"))), + * and so we actually want __declspec even on GCC, see "Microsoft + * Windows Function Attributes" in the GCC manual and the + * recommendations in https://gcc.gnu.org/wiki/Visibility . */ +# define SECP256K1_API extern __declspec(dllexport) + /* Avoid __attribute__ ((visibility("default"))) on Windows to get rid + * of warnings when compiling with -flto due to a bug in GCC, see + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116478 . */ +# elif !defined(_WIN32) && defined (__GNUC__) && (__GNUC__ >= 4) +# define SECP256K1_API extern __attribute__ ((visibility("default"))) +# else +# define SECP256K1_API extern +# endif +# else + /* On Windows, SECP256K1_STATIC must be defined when consuming + * libsecp256k1 as a static library. Note that SECP256K1_STATIC is a + * "consumer-only" macro, and it has no meaning when building + * libsecp256k1. */ +# if defined(_WIN32) && !defined(SECP256K1_STATIC) +# define SECP256K1_API extern __declspec(dllimport) +# else +# define SECP256K1_API extern +# endif +# endif #endif /* Warning attributes @@ -197,8 +209,8 @@ typedef int (*rustsecp256k1_v0_11_nonce_function)( #define SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY (1 << 10) #define SECP256K1_FLAGS_BIT_COMPRESSION (1 << 8) -/** Context flags to pass to rustsecp256k1_v0_11_context_create, rustsecp256k1_v0_11_context_preallocated_size, and - * rustsecp256k1_v0_11_context_preallocated_create. */ +/** Context flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and + * secp256k1_context_preallocated_create. */ #define SECP256K1_CONTEXT_NONE (SECP256K1_FLAGS_TYPE_CONTEXT) /** Deprecated context flags. These flags are treated equivalent to SECP256K1_CONTEXT_NONE. */ @@ -208,7 +220,7 @@ typedef int (*rustsecp256k1_v0_11_nonce_function)( /* Testing flag. Do not use. */ #define SECP256K1_CONTEXT_DECLASSIFY (SECP256K1_FLAGS_TYPE_CONTEXT | SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY) -/** Flag to pass to rustsecp256k1_v0_11_ec_pubkey_serialize. */ +/** Flag to pass to secp256k1_ec_pubkey_serialize. */ #define SECP256K1_EC_COMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION | SECP256K1_FLAGS_BIT_COMPRESSION) #define SECP256K1_EC_UNCOMPRESSED (SECP256K1_FLAGS_TYPE_COMPRESSION) @@ -220,20 +232,23 @@ typedef int (*rustsecp256k1_v0_11_nonce_function)( #define SECP256K1_TAG_PUBKEY_HYBRID_ODD 0x07 /** A built-in constant secp256k1 context object with static storage duration, to be - * used in conjunction with rustsecp256k1_v0_11_selftest. + * used in conjunction with secp256k1_selftest. * * This context object offers *only limited functionality* , i.e., it cannot be used * for API functions that perform computations involving secret keys, e.g., signing * and public key generation. If this restriction applies to a specific API function, - * it is mentioned in its documentation. See rustsecp256k1_v0_11_context_create if you need a + * it is mentioned in its documentation. See secp256k1_context_create if you need a * full context object that supports all functionality offered by the library. * - * It is highly recommended to call rustsecp256k1_v0_11_selftest before using this context. + * It is highly recommended to call secp256k1_selftest before using this context. */ +SECP256K1_API const secp256k1_context * const secp256k1_context_static; -/** Deprecated alias for rustsecp256k1_v0_11_context_static. */ +/** Deprecated alias for secp256k1_context_static. */ +SECP256K1_API const secp256k1_context * const secp256k1_context_no_precomp +SECP256K1_DEPRECATED("Use secp256k1_context_static instead"); -/** Perform basic self tests (to be used in conjunction with rustsecp256k1_v0_11_context_static) +/** Perform basic self tests (to be used in conjunction with secp256k1_context_static) * * This function performs self tests that detect some serious usage errors and * similar conditions, e.g., when the library is compiled for the wrong endianness. @@ -241,23 +256,23 @@ typedef int (*rustsecp256k1_v0_11_nonce_function)( * very rudimentary and are not intended as a replacement for running the test * binaries. * - * It is highly recommended to call this before using rustsecp256k1_v0_11_context_static. + * It is highly recommended to call this before using secp256k1_context_static. * It is not necessary to call this function before using a context created with - * rustsecp256k1_v0_11_context_create (or rustsecp256k1_v0_11_context_preallocated_create), which will + * secp256k1_context_create (or secp256k1_context_preallocated_create), which will * take care of performing the self tests. * - * If the tests fail, this function will call the default error handler to abort the - * program (see rustsecp256k1_v0_11_context_set_error_callback). + * If the tests fail, this function will call the default error callback to abort the + * program (see secp256k1_context_set_error_callback). */ -SECP256K1_API void rustsecp256k1_v0_11_selftest(void); +SECP256K1_API void secp256k1_selftest(void); /** Create a secp256k1 context object (in dynamically allocated memory). * * This function uses malloc to allocate memory. It is guaranteed that malloc is * called at most once for every call of this function. If you need to avoid dynamic - * memory allocation entirely, see rustsecp256k1_v0_11_context_static and the functions in - * rustsecp256k1_v0_11_preallocated.h. + * memory allocation entirely, see secp256k1_context_static and the functions in + * secp256k1_preallocated.h. * * Returns: pointer to a newly created context object. * In: flags: Always set to SECP256K1_CONTEXT_NONE (see below). @@ -270,78 +285,91 @@ SECP256K1_API void rustsecp256k1_v0_11_selftest(void); * * If the context is intended to be used for API functions that perform computations * involving secret keys, e.g., signing and public key generation, then it is highly - * recommended to call rustsecp256k1_v0_11_context_randomize on the context before calling + * recommended to call secp256k1_context_randomize on the context before calling * those API functions. This will provide enhanced protection against side-channel - * leakage, see rustsecp256k1_v0_11_context_randomize for details. + * leakage, see secp256k1_context_randomize for details. * * Do not create a new context object for each operation, as construction and * randomization can take non-negligible time. */ +SECP256K1_API secp256k1_context *secp256k1_context_create( + unsigned int flags +) SECP256K1_WARN_UNUSED_RESULT; + /** Copy a secp256k1 context object (into dynamically allocated memory). * * This function uses malloc to allocate memory. It is guaranteed that malloc is * called at most once for every call of this function. If you need to avoid dynamic - * memory allocation entirely, see the functions in rustsecp256k1_v0_11_preallocated.h. + * memory allocation entirely, see the functions in secp256k1_preallocated.h. * - * Cloning rustsecp256k1_v0_11_context_static is not possible, and should not be emulated by + * Cloning secp256k1_context_static is not possible, and should not be emulated by * the caller (e.g., using memcpy). Create a new context instead. * * Returns: pointer to a newly created context object. - * Args: ctx: pointer to a context to copy (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context to copy (not secp256k1_context_static). */ +SECP256K1_API secp256k1_context *secp256k1_context_clone( + const secp256k1_context *ctx +) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; + /** Destroy a secp256k1 context object (created in dynamically allocated memory). * * The context pointer may not be used afterwards. * - * The context to destroy must have been created using rustsecp256k1_v0_11_context_create - * or rustsecp256k1_v0_11_context_clone. If the context has instead been created using - * rustsecp256k1_v0_11_context_preallocated_create or rustsecp256k1_v0_11_context_preallocated_clone, the - * behaviour is undefined. In that case, rustsecp256k1_v0_11_context_preallocated_destroy must + * The context to destroy must have been created using secp256k1_context_create + * or secp256k1_context_clone. If the context has instead been created using + * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone, the + * behaviour is undefined. In that case, secp256k1_context_preallocated_destroy must * be used instead. * * Args: ctx: pointer to a context to destroy, constructed using - * rustsecp256k1_v0_11_context_create or rustsecp256k1_v0_11_context_clone - * (i.e., not rustsecp256k1_v0_11_context_static). + * secp256k1_context_create or secp256k1_context_clone + * (i.e., not secp256k1_context_static). */ +SECP256K1_API void secp256k1_context_destroy( + secp256k1_context *ctx +) SECP256K1_ARG_NONNULL(1); + /** Set a callback function to be called when an illegal argument is passed to * an API call. It will only trigger for violations that are mentioned * explicitly in the header. * - * The philosophy is that these shouldn't be dealt with through a - * specific return value, as calling code should not have branches to deal with - * the case that this code itself is broken. + * The philosophy is that these shouldn't be dealt with through a specific + * return value, as calling code should not have branches to deal with the case + * that this code itself is broken. * * On the other hand, during debug stage, one would want to be informed about - * such mistakes, and the default (crashing) may be inadvisable. - * When this callback is triggered, the API function called is guaranteed not - * to cause a crash, though its return value and output arguments are - * undefined. - * - * When this function has not been called (or called with fn==NULL), then the - * default handler will be used. The library provides a default handler which - * writes the message to stderr and calls abort. This default handler can be + * such mistakes, and the default (crashing) may be inadvisable. Should this + * callback return instead of crashing, the return value and output arguments + * of the API function call are undefined. Moreover, the same API call may + * trigger the callback again in this case. + * + * When this function has not been called (or called with fun==NULL), then the + * default callback will be used. The library provides a default callback which + * writes the message to stderr and calls abort. This default callback can be * replaced at link time if the preprocessor macro * USE_EXTERNAL_DEFAULT_CALLBACKS is defined, which is the case if the build * has been configured with --enable-external-default-callbacks. Then the * following two symbols must be provided to link against: - * - void rustsecp256k1_v0_11_default_illegal_callback_fn(const char *message, void *data); - * - void rustsecp256k1_v0_11_default_error_callback_fn(const char *message, void *data); - * The library can call these default handlers even before a proper callback data - * pointer could have been set using rustsecp256k1_v0_11_context_set_illegal_callback or - * rustsecp256k1_v0_11_context_set_error_callback, e.g., when the creation of a context - * fails. In this case, the corresponding default handler will be called with + * - void secp256k1_default_illegal_callback_fn(const char *message, void *data); + * - void secp256k1_default_error_callback_fn(const char *message, void *data); + * The library may call a default callback even before a proper callback data + * pointer could have been set using secp256k1_context_set_illegal_callback or + * secp256k1_context_set_error_callback, e.g., when the creation of a context + * fails. In this case, the corresponding default callback will be called with * the data pointer argument set to NULL. * * Args: ctx: pointer to a context object. * In: fun: pointer to a function to call when an illegal argument is * passed to the API, taking a message and an opaque pointer. - * (NULL restores the default handler.) - * data: the opaque pointer to pass to fun above, must be NULL for the default handler. + * (NULL restores the default callback.) + * data: the opaque pointer to pass to fun above, must be NULL for the + * default callback. * - * See also rustsecp256k1_v0_11_context_set_error_callback. + * See also secp256k1_context_set_error_callback. */ -SECP256K1_API void rustsecp256k1_v0_11_context_set_illegal_callback( - rustsecp256k1_v0_11_context *ctx, +SECP256K1_API void secp256k1_context_set_illegal_callback( + secp256k1_context *ctx, void (*fun)(const char *message, void *data), const void *data ) SECP256K1_ARG_NONNULL(1); @@ -353,23 +381,24 @@ SECP256K1_API void rustsecp256k1_v0_11_context_set_illegal_callback( * to abort the program. * * This can only trigger in case of a hardware failure, miscompilation, - * memory corruption, serious bug in the library, or other error would can - * otherwise result in undefined behaviour. It will not trigger due to mere - * incorrect usage of the API (see rustsecp256k1_v0_11_context_set_illegal_callback + * memory corruption, serious bug in the library, or other error that would + * result in undefined behaviour. It will not trigger due to mere + * incorrect usage of the API (see secp256k1_context_set_illegal_callback * for that). After this callback returns, anything may happen, including * crashing. * * Args: ctx: pointer to a context object. * In: fun: pointer to a function to call when an internal error occurs, * taking a message and an opaque pointer (NULL restores the - * default handler, see rustsecp256k1_v0_11_context_set_illegal_callback + * default callback, see secp256k1_context_set_illegal_callback * for details). - * data: the opaque pointer to pass to fun above, must be NULL for the default handler. + * data: the opaque pointer to pass to fun above, must be NULL for the + * default callback. * - * See also rustsecp256k1_v0_11_context_set_illegal_callback. + * See also secp256k1_context_set_illegal_callback. */ -SECP256K1_API void rustsecp256k1_v0_11_context_set_error_callback( - rustsecp256k1_v0_11_context *ctx, +SECP256K1_API void secp256k1_context_set_error_callback( + secp256k1_context *ctx, void (*fun)(const char *message, void *data), const void *data ) SECP256K1_ARG_NONNULL(1); @@ -388,9 +417,9 @@ SECP256K1_API void rustsecp256k1_v0_11_context_set_error_callback( * 0x03), uncompressed (65 bytes, header byte 0x04), or hybrid (65 bytes, header * byte 0x06 or 0x07) format public keys. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_parse( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_parse( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, const unsigned char *input, size_t inputlen ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -405,16 +434,16 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_par * In/Out: outputlen: pointer to an integer which is initially set to the * size of output, and is overwritten with the written * size. - * In: pubkey: pointer to a rustsecp256k1_v0_11_pubkey containing an + * In: pubkey: pointer to a secp256k1_pubkey containing an * initialized public key. * flags: SECP256K1_EC_COMPRESSED if serialization should be in * compressed format, otherwise SECP256K1_EC_UNCOMPRESSED. */ -SECP256K1_API int rustsecp256k1_v0_11_ec_pubkey_serialize( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_ec_pubkey_serialize( + const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, - const rustsecp256k1_v0_11_pubkey *pubkey, + const secp256k1_pubkey *pubkey, unsigned int flags ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -427,10 +456,10 @@ SECP256K1_API int rustsecp256k1_v0_11_ec_pubkey_serialize( * In: pubkey1: first public key to compare * pubkey2: second public key to compare */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_cmp( - const rustsecp256k1_v0_11_context *ctx, - const rustsecp256k1_v0_11_pubkey *pubkey1, - const rustsecp256k1_v0_11_pubkey *pubkey2 +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_cmp( + const secp256k1_context *ctx, + const secp256k1_pubkey *pubkey1, + const secp256k1_pubkey *pubkey2 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Sort public keys using lexicographic (of compressed serialization) order @@ -441,9 +470,9 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_cmp * In: pubkeys: array of pointers to pubkeys to sort * n_pubkeys: number of elements in the pubkeys array */ -SECP256K1_API int rustsecp256k1_v0_11_ec_pubkey_sort( - const rustsecp256k1_v0_11_context *ctx, - const rustsecp256k1_v0_11_pubkey **pubkeys, +SECP256K1_API int secp256k1_ec_pubkey_sort( + const secp256k1_context *ctx, + const secp256k1_pubkey **pubkeys, size_t n_pubkeys ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); @@ -462,9 +491,9 @@ SECP256K1_API int rustsecp256k1_v0_11_ec_pubkey_sort( * S are zero, the resulting sig value is guaranteed to fail verification for * any message and public key. */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_parse_compact( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_ecdsa_signature *sig, +SECP256K1_API int secp256k1_ecdsa_signature_parse_compact( + const secp256k1_context *ctx, + secp256k1_ecdsa_signature *sig, const unsigned char *input64 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -483,9 +512,9 @@ SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_parse_compact( * encoded numbers are out of range, signature verification with it is * guaranteed to fail for every message and public key. */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_parse_der( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_ecdsa_signature *sig, +SECP256K1_API int secp256k1_ecdsa_signature_parse_der( + const secp256k1_context *ctx, + secp256k1_ecdsa_signature *sig, const unsigned char *input, size_t inputlen ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -501,11 +530,11 @@ SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_parse_der( * if 0 was returned). * In: sig: pointer to an initialized signature object */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_serialize_der( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_ecdsa_signature_serialize_der( + const secp256k1_context *ctx, unsigned char *output, size_t *outputlen, - const rustsecp256k1_v0_11_ecdsa_signature *sig + const secp256k1_ecdsa_signature *sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Serialize an ECDSA signature in compact (64 byte) format. @@ -515,12 +544,12 @@ SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_serialize_der( * Out: output64: pointer to a 64-byte array to store the compact serialization * In: sig: pointer to an initialized signature object * - * See rustsecp256k1_v0_11_ecdsa_signature_parse_compact for details about the encoding. + * See secp256k1_ecdsa_signature_parse_compact for details about the encoding. */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_serialize_compact( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_ecdsa_signature_serialize_compact( + const secp256k1_context *ctx, unsigned char *output64, - const rustsecp256k1_v0_11_ecdsa_signature *sig + const secp256k1_ecdsa_signature *sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Verify an ECDSA signature. @@ -543,16 +572,16 @@ SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_serialize_compact( * form are accepted. * * If you need to accept ECDSA signatures from sources that do not obey this - * rule, apply rustsecp256k1_v0_11_ecdsa_signature_normalize to the signature prior to + * rule, apply secp256k1_ecdsa_signature_normalize to the signature prior to * verification, but be aware that doing so results in malleable signatures. * * For details, see the comments for that function. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ecdsa_verify( - const rustsecp256k1_v0_11_context *ctx, - const rustsecp256k1_v0_11_ecdsa_signature *sig, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_verify( + const secp256k1_context *ctx, + const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, - const rustsecp256k1_v0_11_pubkey *pubkey + const secp256k1_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Convert a signature to a normalized lower-S form. @@ -591,48 +620,50 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ecdsa_verify( * accept various non-unique encodings, so care should be taken when this * property is required for an application. * - * The rustsecp256k1_v0_11_ecdsa_sign function will by default create signatures in the - * lower-S form, and rustsecp256k1_v0_11_ecdsa_verify will not accept others. In case + * The secp256k1_ecdsa_sign function will by default create signatures in the + * lower-S form, and secp256k1_ecdsa_verify will not accept others. In case * signatures come from a system that cannot enforce this property, - * rustsecp256k1_v0_11_ecdsa_signature_normalize must be called before verification. + * secp256k1_ecdsa_signature_normalize must be called before verification. */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_signature_normalize( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_ecdsa_signature *sigout, - const rustsecp256k1_v0_11_ecdsa_signature *sigin +SECP256K1_API int secp256k1_ecdsa_signature_normalize( + const secp256k1_context *ctx, + secp256k1_ecdsa_signature *sigout, + const secp256k1_ecdsa_signature *sigin ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3); /** An implementation of RFC6979 (using HMAC-SHA256) as nonce generation function. * If a data pointer is passed, it is assumed to be a pointer to 32 bytes of * extra entropy. */ +SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979; -/** A default safe nonce generation function (currently equal to rustsecp256k1_v0_11_nonce_function_rfc6979). */ +/** A default safe nonce generation function (currently equal to secp256k1_nonce_function_rfc6979). */ +SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_default; /** Create an ECDSA signature. * * Returns: 1: signature created * 0: the nonce generation function failed, or the secret key was invalid. - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: sig: pointer to an array where the signature will be placed. * In: msghash32: the 32-byte message hash being signed. * seckey: pointer to a 32-byte secret key. * noncefp: pointer to a nonce generation function. If NULL, - * rustsecp256k1_v0_11_nonce_function_default is used. + * secp256k1_nonce_function_default is used. * ndata: pointer to arbitrary data used by the nonce generation function * (can be NULL). If it is non-NULL and - * rustsecp256k1_v0_11_nonce_function_default is used, then ndata must be a + * secp256k1_nonce_function_default is used, then ndata must be a * pointer to 32-bytes of additional data. * * The created signature is always in lower-S form. See - * rustsecp256k1_v0_11_ecdsa_signature_normalize for more details. + * secp256k1_ecdsa_signature_normalize for more details. */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_sign( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_ecdsa_signature *sig, +SECP256K1_API int secp256k1_ecdsa_sign( + const secp256k1_context *ctx, + secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, - rustsecp256k1_v0_11_nonce_function noncefp, + secp256k1_nonce_function noncefp, const void *ndata ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -650,8 +681,8 @@ SECP256K1_API int rustsecp256k1_v0_11_ecdsa_sign( * Args: ctx: pointer to a context object. * In: seckey: pointer to a 32-byte secret key. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_seckey_verify( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_verify( + const secp256k1_context *ctx, const unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); @@ -659,48 +690,40 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_seckey_ver * * Returns: 1: secret was valid, public key stores. * 0: secret was invalid, try again. - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: pubkey: pointer to the created public key. * In: seckey: pointer to a 32-byte secret key. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_create( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_create( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, const unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Negates a secret key in place. * * Returns: 0 if the given secret key is invalid according to - * rustsecp256k1_v0_11_ec_seckey_verify. 1 otherwise + * secp256k1_ec_seckey_verify. 1 otherwise * Args: ctx: pointer to a context object * In/Out: seckey: pointer to the 32-byte secret key to be negated. If the * secret key is invalid according to - * rustsecp256k1_v0_11_ec_seckey_verify, this function returns 0 and + * secp256k1_ec_seckey_verify, this function returns 0 and * seckey will be set to some unspecified value. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_seckey_negate( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_negate( + const secp256k1_context *ctx, unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); -/** Same as rustsecp256k1_v0_11_ec_seckey_negate, but DEPRECATED. Will be removed in - * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_privkey_negate( - const rustsecp256k1_v0_11_context *ctx, - unsigned char *seckey -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) - SECP256K1_DEPRECATED("Use rustsecp256k1_v0_11_ec_seckey_negate instead"); - /** Negates a public key in place. * * Returns: 1 always * Args: ctx: pointer to a context object * In/Out: pubkey: pointer to the public key to be negated. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_negate( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *pubkey +SECP256K1_API int secp256k1_ec_pubkey_negate( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2); /** Tweak a secret key by adding tweak to it. @@ -710,29 +733,20 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_neg * otherwise. * Args: ctx: pointer to a context object. * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is - * invalid according to rustsecp256k1_v0_11_ec_seckey_verify, this + * invalid according to secp256k1_ec_seckey_verify, this * function returns 0. seckey will be set to some unspecified * value if this function returns 0. * In: tweak32: pointer to a 32-byte tweak, which must be valid according to - * rustsecp256k1_v0_11_ec_seckey_verify or 32 zero bytes. For uniformly + * secp256k1_ec_seckey_verify or 32 zero bytes. For uniformly * random 32-byte tweaks, the chance of being invalid is * negligible (around 1 in 2^128). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_seckey_tweak_add( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_add( + const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); -/** Same as rustsecp256k1_v0_11_ec_seckey_tweak_add, but DEPRECATED. Will be removed in - * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_privkey_tweak_add( - const rustsecp256k1_v0_11_context *ctx, - unsigned char *seckey, - const unsigned char *tweak32 -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) - SECP256K1_DEPRECATED("Use rustsecp256k1_v0_11_ec_seckey_tweak_add instead"); - /** Tweak a public key by adding tweak times the generator to it. * * Returns: 0 if the arguments are invalid or the resulting public key would be @@ -742,13 +756,13 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_privkey_tw * In/Out: pubkey: pointer to a public key object. pubkey will be set to an * invalid value if this function returns 0. * In: tweak32: pointer to a 32-byte tweak, which must be valid according to - * rustsecp256k1_v0_11_ec_seckey_verify or 32 zero bytes. For uniformly + * secp256k1_ec_seckey_verify or 32 zero bytes. For uniformly * random 32-byte tweaks, the chance of being invalid is * negligible (around 1 in 2^128). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_tweak_add( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_add( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -757,29 +771,20 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_twe * Returns: 0 if the arguments are invalid. 1 otherwise. * Args: ctx: pointer to a context object. * In/Out: seckey: pointer to a 32-byte secret key. If the secret key is - * invalid according to rustsecp256k1_v0_11_ec_seckey_verify, this + * invalid according to secp256k1_ec_seckey_verify, this * function returns 0. seckey will be set to some unspecified * value if this function returns 0. * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_11_ec_seckey_verify, this function returns 0. For + * secp256k1_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_seckey_tweak_mul( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_seckey_tweak_mul( + const secp256k1_context *ctx, unsigned char *seckey, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); -/** Same as rustsecp256k1_v0_11_ec_seckey_tweak_mul, but DEPRECATED. Will be removed in - * future versions. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_privkey_tweak_mul( - const rustsecp256k1_v0_11_context *ctx, - unsigned char *seckey, - const unsigned char *tweak32 -) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) - SECP256K1_DEPRECATED("Use rustsecp256k1_v0_11_ec_seckey_tweak_mul instead"); - /** Tweak a public key by multiplying it by a tweak value. * * Returns: 0 if the arguments are invalid. 1 otherwise. @@ -787,13 +792,13 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_privkey_tw * In/Out: pubkey: pointer to a public key object. pubkey will be set to an * invalid value if this function returns 0. * In: tweak32: pointer to a 32-byte tweak. If the tweak is invalid according to - * rustsecp256k1_v0_11_ec_seckey_verify, this function returns 0. For + * secp256k1_ec_seckey_verify, this function returns 0. For * uniformly random 32-byte arrays the chance of being invalid * is negligible (around 1 in 2^128). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_tweak_mul( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_tweak_mul( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -801,7 +806,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_twe * * Returns: 1: randomization successful * 0: error - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context object (not secp256k1_context_static). * In: seed32: pointer to a 32-byte random seed (NULL resets to initial state). * * While secp256k1 code is written and tested to be constant-time no matter what @@ -812,25 +817,25 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_twe * certain computations which involve secret keys. * * It is highly recommended to call this function on contexts returned from - * rustsecp256k1_v0_11_context_create or rustsecp256k1_v0_11_context_clone (or from the corresponding - * functions in rustsecp256k1_v0_11_preallocated.h) before using these contexts to call API + * secp256k1_context_create or secp256k1_context_clone (or from the corresponding + * functions in secp256k1_preallocated.h) before using these contexts to call API * functions that perform computations involving secret keys, e.g., signing and * public key generation. It is possible to call this function more than once on * the same context, and doing so before every few computations involving secret * keys is recommended as a defense-in-depth measure. Randomization of the static - * context rustsecp256k1_v0_11_context_static is not supported. + * context secp256k1_context_static is not supported. * * Currently, the random seed is mainly used for blinding multiplications of a * secret scalar with the elliptic curve base point. Multiplications of this * kind are performed by exactly those API functions which are documented to - * require a context that is not rustsecp256k1_v0_11_context_static. As a rule of thumb, + * require a context that is not secp256k1_context_static. As a rule of thumb, * these are all functions which take a secret key (or a keypair) as an input. * A notable exception to that rule is the ECDH module, which relies on a different * kind of elliptic curve point multiplication and thus does not benefit from * enhanced protection against side-channel leakage currently. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_context_randomize( - rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_context_randomize( + secp256k1_context *ctx, const unsigned char *seed32 ) SECP256K1_ARG_NONNULL(1); @@ -843,10 +848,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_context_rando * In: ins: pointer to array of pointers to public keys. * n: the number of public keys to add together (must be at least 1). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_combine( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *out, - const rustsecp256k1_v0_11_pubkey * const *ins, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ec_pubkey_combine( + const secp256k1_context *ctx, + secp256k1_pubkey *out, + const secp256k1_pubkey * const *ins, size_t n ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -866,8 +871,8 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ec_pubkey_com * msg: pointer to an array containing the message * msglen: length of the message array */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_tagged_sha256( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_tagged_sha256( + const secp256k1_context *ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1.h.rej b/secp256k1-sys/depend/secp256k1/include/secp256k1.h.rej new file mode 100644 index 000000000..2630921a6 --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1.h.rej @@ -0,0 +1,40 @@ +*** /dev/null +--- /dev/null +*************** +*** 236 +- SECP256K1_API const secp256k1_context *secp256k1_context_static; +--- 0 ----- +*************** +*** 239,240 +- SECP256K1_API const secp256k1_context *secp256k1_context_no_precomp +- SECP256K1_DEPRECATED("Use secp256k1_context_static instead"); +--- 0 ----- +*************** +*** 286,289 +- SECP256K1_API secp256k1_context *secp256k1_context_create( +- unsigned int flags +- ) SECP256K1_WARN_UNUSED_RESULT; +- +--- 0 ----- +*************** +*** 302,305 +- SECP256K1_API secp256k1_context *secp256k1_context_clone( +- const secp256k1_context *ctx +- ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; +- +--- 0 ----- +*************** +*** 320,323 +- SECP256K1_API void secp256k1_context_destroy( +- secp256k1_context *ctx +- ) SECP256K1_ARG_NONNULL(1); +- +--- 0 ----- +*************** +*** 636 +- SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_rfc6979; +--- 0 ----- +*************** +*** 639 +- SECP256K1_API const secp256k1_nonce_function secp256k1_nonce_function_default; +--- 0 ----- diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_ecdh.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_ecdh.h index edf23a549..4d9da3461 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_ecdh.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_ecdh.h @@ -10,15 +10,15 @@ extern "C" { /** A pointer to a function that hashes an EC point to obtain an ECDH secret * * Returns: 1 if the point was successfully hashed. - * 0 will cause rustsecp256k1_v0_11_ecdh to fail and return 0. + * 0 will cause secp256k1_ecdh to fail and return 0. * Other return values are not allowed, and the behaviour of - * rustsecp256k1_v0_11_ecdh is undefined for other return values. + * secp256k1_ecdh is undefined for other return values. * Out: output: pointer to an array to be filled by the function * In: x32: pointer to a 32-byte x coordinate * y32: pointer to a 32-byte y coordinate * data: arbitrary data pointer that is passed through */ -typedef int (*rustsecp256k1_v0_11_ecdh_hash_function)( +typedef int (*secp256k1_ecdh_hash_function)( unsigned char *output, const unsigned char *x32, const unsigned char *y32, @@ -27,11 +27,11 @@ typedef int (*rustsecp256k1_v0_11_ecdh_hash_function)( /** An implementation of SHA256 hash function that applies to compressed public key. * Populates the output parameter with 32 bytes. */ -SECP256K1_API const rustsecp256k1_v0_11_ecdh_hash_function rustsecp256k1_v0_11_ecdh_hash_function_sha256; +SECP256K1_API const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256; -/** A default ECDH hash function (currently equal to rustsecp256k1_v0_11_ecdh_hash_function_sha256). +/** A default ECDH hash function (currently equal to secp256k1_ecdh_hash_function_sha256). * Populates the output parameter with 32 bytes. */ -SECP256K1_API const rustsecp256k1_v0_11_ecdh_hash_function rustsecp256k1_v0_11_ecdh_hash_function_default; +SECP256K1_API const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default; /** Compute an EC Diffie-Hellman secret in constant time * @@ -39,20 +39,20 @@ SECP256K1_API const rustsecp256k1_v0_11_ecdh_hash_function rustsecp256k1_v0_11_e * 0: scalar was invalid (zero or overflow) or hashfp returned 0 * Args: ctx: pointer to a context object. * Out: output: pointer to an array to be filled by hashfp. - * In: pubkey: pointer to a rustsecp256k1_v0_11_pubkey containing an initialized public key. + * In: pubkey: pointer to a secp256k1_pubkey containing an initialized public key. * seckey: a 32-byte scalar with which to multiply the point. * hashfp: pointer to a hash function. If NULL, - * rustsecp256k1_v0_11_ecdh_hash_function_sha256 is used + * secp256k1_ecdh_hash_function_sha256 is used * (in which case, 32 bytes will be written to output). * data: arbitrary data pointer that is passed through to hashfp - * (can be NULL for rustsecp256k1_v0_11_ecdh_hash_function_sha256). + * (can be NULL for secp256k1_ecdh_hash_function_sha256). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ecdh( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdh( + const secp256k1_context *ctx, unsigned char *output, - const rustsecp256k1_v0_11_pubkey *pubkey, + const secp256k1_pubkey *pubkey, const unsigned char *seckey, - rustsecp256k1_v0_11_ecdh_hash_function hashfp, + secp256k1_ecdh_hash_function hashfp, void *data ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_ellswift.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_ellswift.h index e7b9d4c40..4cda5d5ca 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_ellswift.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_ellswift.h @@ -45,13 +45,13 @@ extern "C" { * For mathematical background about the scheme, see the doc/ellswift.md file. */ -/** A pointer to a function used by rustsecp256k1_v0_11_ellswift_xdh to hash the shared X +/** A pointer to a function used by secp256k1_ellswift_xdh to hash the shared X * coordinate along with the encoded public keys to a uniform shared secret. * * Returns: 1 if a shared secret was successfully computed. - * 0 will cause rustsecp256k1_v0_11_ellswift_xdh to fail and return 0. + * 0 will cause secp256k1_ellswift_xdh to fail and return 0. * Other return values are not allowed, and the behaviour of - * rustsecp256k1_v0_11_ellswift_xdh is undefined for other return values. + * secp256k1_ellswift_xdh is undefined for other return values. * Out: output: pointer to an array to be filled by the function * In: x32: pointer to the 32-byte serialized X coordinate * of the resulting shared point (will not be NULL) @@ -61,7 +61,7 @@ extern "C" { * (will not be NULL) * data: arbitrary data pointer that is passed through */ -typedef int (*rustsecp256k1_v0_11_ellswift_xdh_hash_function)( +typedef int (*secp256k1_ellswift_xdh_hash_function)( unsigned char *output, const unsigned char *x32, const unsigned char *ell_a64, @@ -69,25 +69,25 @@ typedef int (*rustsecp256k1_v0_11_ellswift_xdh_hash_function)( void *data ); -/** An implementation of an rustsecp256k1_v0_11_ellswift_xdh_hash_function which uses +/** An implementation of an secp256k1_ellswift_xdh_hash_function which uses * SHA256(prefix64 || ell_a64 || ell_b64 || x32), where prefix64 is the 64-byte * array pointed to by data. */ -SECP256K1_API const rustsecp256k1_v0_11_ellswift_xdh_hash_function rustsecp256k1_v0_11_ellswift_xdh_hash_function_prefix; +SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_prefix; -/** An implementation of an rustsecp256k1_v0_11_ellswift_xdh_hash_function compatible with +/** An implementation of an secp256k1_ellswift_xdh_hash_function compatible with * BIP324. It returns H_tag(ell_a64 || ell_b64 || x32), where H_tag is the * BIP340 tagged hash function with tag "bip324_ellswift_xonly_ecdh". Equivalent - * to rustsecp256k1_v0_11_ellswift_xdh_hash_function_prefix with prefix64 set to + * to secp256k1_ellswift_xdh_hash_function_prefix with prefix64 set to * SHA256("bip324_ellswift_xonly_ecdh")||SHA256("bip324_ellswift_xonly_ecdh"). * The data argument is ignored. */ -SECP256K1_API const rustsecp256k1_v0_11_ellswift_xdh_hash_function rustsecp256k1_v0_11_ellswift_xdh_hash_function_bip324; +SECP256K1_API const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324; /** Construct a 64-byte ElligatorSwift encoding of a given pubkey. * * Returns: 1 always. * Args: ctx: pointer to a context object * Out: ell64: pointer to a 64-byte array to be filled - * In: pubkey: pointer to a rustsecp256k1_v0_11_pubkey containing an + * In: pubkey: pointer to a secp256k1_pubkey containing an * initialized public key * rnd32: pointer to 32 bytes of randomness * @@ -104,10 +104,10 @@ SECP256K1_API const rustsecp256k1_v0_11_ellswift_xdh_hash_function rustsecp256k1 * * This function runs in variable time. */ -SECP256K1_API int rustsecp256k1_v0_11_ellswift_encode( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_ellswift_encode( + const secp256k1_context *ctx, unsigned char *ell64, - const rustsecp256k1_v0_11_pubkey *pubkey, + const secp256k1_pubkey *pubkey, const unsigned char *rnd32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -115,14 +115,14 @@ SECP256K1_API int rustsecp256k1_v0_11_ellswift_encode( * * Returns: always 1 * Args: ctx: pointer to a context object - * Out: pubkey: pointer to a rustsecp256k1_v0_11_pubkey that will be filled + * Out: pubkey: pointer to a secp256k1_pubkey that will be filled * In: ell64: pointer to a 64-byte array to decode * * This function runs in variable time. */ -SECP256K1_API int rustsecp256k1_v0_11_ellswift_decode( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *pubkey, +SECP256K1_API int secp256k1_ellswift_decode( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, const unsigned char *ell64 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -130,7 +130,7 @@ SECP256K1_API int rustsecp256k1_v0_11_ellswift_decode( * * Returns: 1: secret was valid, public key was stored. * 0: secret was invalid, try again. - * Args: ctx: pointer to a context object + * Args: ctx: pointer to a context object (not secp256k1_context_static) * Out: ell64: pointer to a 64-byte array to receive the ElligatorSwift * public key * In: seckey32: pointer to a 32-byte secret key @@ -141,18 +141,18 @@ SECP256K1_API int rustsecp256k1_v0_11_ellswift_decode( * It is recommended that auxrnd32 contains 32 uniformly random bytes, though * it is optional (and does result in encodings that are indistinguishable from * uniform even without any auxrnd32). It differs from the (mandatory) rnd32 - * argument to rustsecp256k1_v0_11_ellswift_encode in this regard. + * argument to secp256k1_ellswift_encode in this regard. * - * This function can be used instead of calling rustsecp256k1_v0_11_ec_pubkey_create - * followed by rustsecp256k1_v0_11_ellswift_encode. It is safer, as it uses the secret + * This function can be used instead of calling secp256k1_ec_pubkey_create + * followed by secp256k1_ellswift_encode. It is safer, as it uses the secret * key as entropy for the encoding (supplemented with auxrnd32, if provided). * - * Like rustsecp256k1_v0_11_ellswift_encode, this function does not guarantee that the + * Like secp256k1_ellswift_encode, this function does not guarantee that the * computed encoding is stable across versions of the library, even if all * arguments (including auxrnd32) are the same. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ellswift_create( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_create( + const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32 @@ -182,14 +182,14 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ellswift_crea * This function is more efficient than decoding the public keys, and performing * ECDH on them. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ellswift_xdh( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ellswift_xdh( + const secp256k1_context *ctx, unsigned char *output, const unsigned char *ell_a64, const unsigned char *ell_b64, const unsigned char *seckey32, int party, - rustsecp256k1_v0_11_ellswift_xdh_hash_function hashfp, + secp256k1_ellswift_xdh_hash_function hashfp, void *data ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(7); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_extrakeys.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_extrakeys.h index ddcf821a2..1a517ded9 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_extrakeys.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_extrakeys.h @@ -16,12 +16,12 @@ extern "C" { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 64 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage, transmission, use - * use rustsecp256k1_v0_11_xonly_pubkey_serialize and rustsecp256k1_v0_11_xonly_pubkey_parse. To - * compare keys, use rustsecp256k1_v0_11_xonly_pubkey_cmp. + * use secp256k1_xonly_pubkey_serialize and secp256k1_xonly_pubkey_parse. To + * compare keys, use secp256k1_xonly_pubkey_cmp. */ -typedef struct rustsecp256k1_v0_11_xonly_pubkey { +typedef struct secp256k1_xonly_pubkey { unsigned char data[64]; -} rustsecp256k1_v0_11_xonly_pubkey; +} secp256k1_xonly_pubkey; /** Opaque data structure that holds a keypair consisting of a secret and a * public key. @@ -30,9 +30,9 @@ typedef struct rustsecp256k1_v0_11_xonly_pubkey { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 96 bytes in size, and can be safely copied/moved. */ -typedef struct rustsecp256k1_v0_11_keypair { +typedef struct secp256k1_keypair { unsigned char data[96]; -} rustsecp256k1_v0_11_keypair; +} secp256k1_keypair; /** Parse a 32-byte sequence into a xonly_pubkey object. * @@ -44,9 +44,9 @@ typedef struct rustsecp256k1_v0_11_keypair { * parsed version of input. If not, it's set to an invalid value. * In: input32: pointer to a serialized xonly_pubkey. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_xonly_pubkey_parse( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_xonly_pubkey *pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_parse( + const secp256k1_context *ctx, + secp256k1_xonly_pubkey *pubkey, const unsigned char *input32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -56,12 +56,12 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_xonly_pubkey_ * * Args: ctx: pointer to a context object. * Out: output32: pointer to a 32-byte array to place the serialized key in. - * In: pubkey: pointer to a rustsecp256k1_v0_11_xonly_pubkey containing an initialized public key. + * In: pubkey: pointer to a secp256k1_xonly_pubkey containing an initialized public key. */ -SECP256K1_API int rustsecp256k1_v0_11_xonly_pubkey_serialize( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_xonly_pubkey_serialize( + const secp256k1_context *ctx, unsigned char *output32, - const rustsecp256k1_v0_11_xonly_pubkey *pubkey + const secp256k1_xonly_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Compare two x-only public keys using lexicographic order @@ -73,13 +73,13 @@ SECP256K1_API int rustsecp256k1_v0_11_xonly_pubkey_serialize( * In: pubkey1: first public key to compare * pubkey2: second public key to compare */ -SECP256K1_API int rustsecp256k1_v0_11_xonly_pubkey_cmp( - const rustsecp256k1_v0_11_context *ctx, - const rustsecp256k1_v0_11_xonly_pubkey *pk1, - const rustsecp256k1_v0_11_xonly_pubkey *pk2 +SECP256K1_API int secp256k1_xonly_pubkey_cmp( + const secp256k1_context *ctx, + const secp256k1_xonly_pubkey *pk1, + const secp256k1_xonly_pubkey *pk2 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); -/** Converts a rustsecp256k1_v0_11_pubkey into a rustsecp256k1_v0_11_xonly_pubkey. +/** Converts a secp256k1_pubkey into a secp256k1_xonly_pubkey. * * Returns: 1 always. * @@ -90,11 +90,11 @@ SECP256K1_API int rustsecp256k1_v0_11_xonly_pubkey_cmp( * the negation of the pubkey and set to 0 otherwise. * In: pubkey: pointer to a public key that is converted. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_xonly_pubkey_from_pubkey( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_xonly_pubkey *xonly_pubkey, +SECP256K1_API int secp256k1_xonly_pubkey_from_pubkey( + const secp256k1_context *ctx, + secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, - const rustsecp256k1_v0_11_pubkey *pubkey + const secp256k1_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4); /** Tweak an x-only public key by adding the generator multiplied with tweak32 @@ -102,7 +102,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_xonly_pubkey_ * * Note that the resulting point can not in general be represented by an x-only * pubkey because it may have an odd Y coordinate. Instead, the output_pubkey - * is a normal rustsecp256k1_v0_11_pubkey. + * is a normal secp256k1_pubkey. * * Returns: 0 if the arguments are invalid or the resulting public key would be * invalid (only when the tweak is the negation of the corresponding @@ -113,23 +113,23 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_xonly_pubkey_ * to an invalid value if this function returns 0. * In: internal_pubkey: pointer to an x-only pubkey to apply the tweak to. * tweak32: pointer to a 32-byte tweak, which must be valid - * according to rustsecp256k1_v0_11_ec_seckey_verify or 32 zero + * according to secp256k1_ec_seckey_verify or 32 zero * bytes. For uniformly random 32-byte tweaks, the chance of * being invalid is negligible (around 1 in 2^128). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_xonly_pubkey_tweak_add( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *output_pubkey, - const rustsecp256k1_v0_11_xonly_pubkey *internal_pubkey, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add( + const secp256k1_context *ctx, + secp256k1_pubkey *output_pubkey, + const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Checks that a tweaked pubkey is the result of calling - * rustsecp256k1_v0_11_xonly_pubkey_tweak_add with internal_pubkey and tweak32. + * secp256k1_xonly_pubkey_tweak_add with internal_pubkey and tweak32. * * The tweaked pubkey is represented by its 32-byte x-only serialization and * its pk_parity, which can both be obtained by converting the result of - * tweak_add to a rustsecp256k1_v0_11_xonly_pubkey. + * tweak_add to a secp256k1_xonly_pubkey. * * Note that this alone does _not_ verify that the tweaked pubkey is a * commitment. If the tweak is not chosen in a specific way, the tweaked pubkey @@ -142,33 +142,33 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_xonly_pubkey_ * tweaked_pk_parity: the parity of the tweaked pubkey (whose serialization * is passed in as tweaked_pubkey32). This must match the * pk_parity value that is returned when calling - * rustsecp256k1_v0_11_xonly_pubkey with the tweaked pubkey, or + * secp256k1_xonly_pubkey with the tweaked pubkey, or * this function will fail. * internal_pubkey: pointer to an x-only public key object to apply the tweak to. * tweak32: pointer to a 32-byte tweak. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_xonly_pubkey_tweak_add_check( + const secp256k1_context *ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, - const rustsecp256k1_v0_11_xonly_pubkey *internal_pubkey, + const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5); /** Compute the keypair for a valid secret key. * - * See the documentation of `rustsecp256k1_v0_11_ec_seckey_verify` for more information + * See the documentation of `secp256k1_ec_seckey_verify` for more information * about the validity of secret keys. * * Returns: 1: secret key is valid * 0: secret key is invalid - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: keypair: pointer to the created keypair. * In: seckey: pointer to a 32-byte secret key. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_keypair_create( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_keypair *keypair, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_create( + const secp256k1_context *ctx, + secp256k1_keypair *keypair, const unsigned char *seckey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -179,10 +179,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_keypair_creat * Out: seckey: pointer to a 32-byte buffer for the secret key. * In: keypair: pointer to a keypair. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_keypair_sec( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_keypair_sec( + const secp256k1_context *ctx, unsigned char *seckey, - const rustsecp256k1_v0_11_keypair *keypair + const secp256k1_keypair *keypair ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Get the public key from a keypair. @@ -192,38 +192,38 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_keypair_sec( * Out: pubkey: pointer to a pubkey object, set to the keypair public key. * In: keypair: pointer to a keypair. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_keypair_pub( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *pubkey, - const rustsecp256k1_v0_11_keypair *keypair +SECP256K1_API int secp256k1_keypair_pub( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, + const secp256k1_keypair *keypair ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Get the x-only public key from a keypair. * - * This is the same as calling rustsecp256k1_v0_11_keypair_pub and then - * rustsecp256k1_v0_11_xonly_pubkey_from_pubkey. + * This is the same as calling secp256k1_keypair_pub and then + * secp256k1_xonly_pubkey_from_pubkey. * * Returns: 1 always. * Args: ctx: pointer to a context object. * Out: pubkey: pointer to an xonly_pubkey object, set to the keypair * public key after converting it to an xonly_pubkey. * pk_parity: Ignored if NULL. Otherwise, pointer to an integer that will be set to the - * pk_parity argument of rustsecp256k1_v0_11_xonly_pubkey_from_pubkey. + * pk_parity argument of secp256k1_xonly_pubkey_from_pubkey. * In: keypair: pointer to a keypair. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_keypair_xonly_pub( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_xonly_pubkey *pubkey, +SECP256K1_API int secp256k1_keypair_xonly_pub( + const secp256k1_context *ctx, + secp256k1_xonly_pubkey *pubkey, int *pk_parity, - const rustsecp256k1_v0_11_keypair *keypair + const secp256k1_keypair *keypair ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(4); /** Tweak a keypair by adding tweak32 to the secret key and updating the public * key accordingly. * - * Calling this function and then rustsecp256k1_v0_11_keypair_pub results in the same - * public key as calling rustsecp256k1_v0_11_keypair_xonly_pub and then - * rustsecp256k1_v0_11_xonly_pubkey_tweak_add. + * Calling this function and then secp256k1_keypair_pub results in the same + * public key as calling secp256k1_keypair_xonly_pub and then + * secp256k1_xonly_pubkey_tweak_add. * * Returns: 0 if the arguments are invalid or the resulting keypair would be * invalid (only when the tweak is the negation of the keypair's @@ -233,13 +233,13 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_keypair_xonly * In/Out: keypair: pointer to a keypair to apply the tweak to. Will be set to * an invalid value if this function returns 0. * In: tweak32: pointer to a 32-byte tweak, which must be valid according to - * rustsecp256k1_v0_11_ec_seckey_verify or 32 zero bytes. For uniformly + * secp256k1_ec_seckey_verify or 32 zero bytes. For uniformly * random 32-byte tweaks, the chance of being invalid is * negligible (around 1 in 2^128). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_keypair_xonly_tweak_add( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_keypair *keypair, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_keypair_xonly_tweak_add( + const secp256k1_context *ctx, + secp256k1_keypair *keypair, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_musig.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_musig.h index ec1e49bde..11b8f08c8 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_musig.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_musig.h @@ -29,7 +29,7 @@ extern "C" { * * The exact representation of data inside the opaque data structures is * implementation defined and not guaranteed to be portable between different - * platforms or versions. With the exception of `rustsecp256k1_v0_11_musig_secnonce`, the + * platforms or versions. With the exception of `secp256k1_musig_secnonce`, the * data structures can be safely copied/moved. If you need to convert to a * format suitable for storage, transmission, or comparison, use the * corresponding serialization and parsing functions. @@ -40,9 +40,9 @@ extern "C" { * Guaranteed to be 197 bytes in size. No serialization and parsing functions * (yet). */ -typedef struct rustsecp256k1_v0_11_musig_keyagg_cache { +typedef struct secp256k1_musig_keyagg_cache { unsigned char data[197]; -} rustsecp256k1_v0_11_musig_keyagg_cache; +} secp256k1_musig_keyagg_cache; /** Opaque data structure that holds a signer's _secret_ nonce. * @@ -56,27 +56,27 @@ typedef struct rustsecp256k1_v0_11_musig_keyagg_cache { * Copying this data structure can result in nonce reuse which will leak the * secret signing key. */ -typedef struct rustsecp256k1_v0_11_musig_secnonce { +typedef struct secp256k1_musig_secnonce { unsigned char data[132]; -} rustsecp256k1_v0_11_musig_secnonce; +} secp256k1_musig_secnonce; /** Opaque data structure that holds a signer's public nonce. * * Guaranteed to be 132 bytes in size. Serialized and parsed with * `musig_pubnonce_serialize` and `musig_pubnonce_parse`. */ -typedef struct rustsecp256k1_v0_11_musig_pubnonce { +typedef struct secp256k1_musig_pubnonce { unsigned char data[132]; -} rustsecp256k1_v0_11_musig_pubnonce; +} secp256k1_musig_pubnonce; /** Opaque data structure that holds an aggregate public nonce. * * Guaranteed to be 132 bytes in size. Serialized and parsed with * `musig_aggnonce_serialize` and `musig_aggnonce_parse`. */ -typedef struct rustsecp256k1_v0_11_musig_aggnonce { +typedef struct secp256k1_musig_aggnonce { unsigned char data[132]; -} rustsecp256k1_v0_11_musig_aggnonce; +} secp256k1_musig_aggnonce; /** Opaque data structure that holds a MuSig session. * @@ -84,18 +84,18 @@ typedef struct rustsecp256k1_v0_11_musig_aggnonce { * be secure. Guaranteed to be 133 bytes in size. No serialization and parsing * functions (yet). */ -typedef struct rustsecp256k1_v0_11_musig_session { +typedef struct secp256k1_musig_session { unsigned char data[133]; -} rustsecp256k1_v0_11_musig_session; +} secp256k1_musig_session; /** Opaque data structure that holds a partial MuSig signature. * * Guaranteed to be 36 bytes in size. Serialized and parsed with * `musig_partial_sig_serialize` and `musig_partial_sig_parse`. */ -typedef struct rustsecp256k1_v0_11_musig_partial_sig { +typedef struct secp256k1_musig_partial_sig { unsigned char data[36]; -} rustsecp256k1_v0_11_musig_partial_sig; +} secp256k1_musig_partial_sig; /** Parse a signer's public nonce. * @@ -104,9 +104,9 @@ typedef struct rustsecp256k1_v0_11_musig_partial_sig { * Out: nonce: pointer to a nonce object * In: in66: pointer to the 66-byte nonce to be parsed */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubnonce_parse( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_musig_pubnonce *nonce, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubnonce_parse( + const secp256k1_context *ctx, + secp256k1_musig_pubnonce *nonce, const unsigned char *in66 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -117,10 +117,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubnonc * Out: out66: pointer to a 66-byte array to store the serialized nonce * In: nonce: pointer to the nonce */ -SECP256K1_API int rustsecp256k1_v0_11_musig_pubnonce_serialize( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_musig_pubnonce_serialize( + const secp256k1_context *ctx, unsigned char *out66, - const rustsecp256k1_v0_11_musig_pubnonce *nonce + const secp256k1_musig_pubnonce *nonce ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Parse an aggregate public nonce. @@ -130,9 +130,9 @@ SECP256K1_API int rustsecp256k1_v0_11_musig_pubnonce_serialize( * Out: nonce: pointer to a nonce object * In: in66: pointer to the 66-byte nonce to be parsed */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_aggnonce_parse( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_musig_aggnonce *nonce, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_aggnonce_parse( + const secp256k1_context *ctx, + secp256k1_musig_aggnonce *nonce, const unsigned char *in66 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -143,10 +143,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_aggnonc * Out: out66: pointer to a 66-byte array to store the serialized nonce * In: nonce: pointer to the nonce */ -SECP256K1_API int rustsecp256k1_v0_11_musig_aggnonce_serialize( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_musig_aggnonce_serialize( + const secp256k1_context *ctx, unsigned char *out66, - const rustsecp256k1_v0_11_musig_aggnonce *nonce + const secp256k1_musig_aggnonce *nonce ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Parse a MuSig partial signature. @@ -156,9 +156,9 @@ SECP256K1_API int rustsecp256k1_v0_11_musig_aggnonce_serialize( * Out: sig: pointer to a signature object * In: in32: pointer to the 32-byte signature to be parsed */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_partial_sig_parse( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_musig_partial_sig *sig, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_parse( + const secp256k1_context *ctx, + secp256k1_musig_partial_sig *sig, const unsigned char *in32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -169,17 +169,17 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_partial * Out: out32: pointer to a 32-byte array to store the serialized signature * In: sig: pointer to the signature */ -SECP256K1_API int rustsecp256k1_v0_11_musig_partial_sig_serialize( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_musig_partial_sig_serialize( + const secp256k1_context *ctx, unsigned char *out32, - const rustsecp256k1_v0_11_musig_partial_sig *sig + const secp256k1_musig_partial_sig *sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Computes an aggregate public key and uses it to initialize a keyagg_cache * * Different orders of `pubkeys` result in different `agg_pk`s. * - * Before aggregating, the pubkeys can be sorted with `rustsecp256k1_v0_11_ec_pubkey_sort` + * Before aggregating, the pubkeys can be sorted with `secp256k1_ec_pubkey_sort` * which ensures the same `agg_pk` result for the same multiset of pubkeys. * This is useful to do before `pubkey_agg`, such that the order of pubkeys * does not affect the aggregate public key. @@ -196,11 +196,11 @@ SECP256K1_API int rustsecp256k1_v0_11_musig_partial_sig_serialize( * aggregate public key. * n_pubkeys: length of pubkeys array. Must be greater than 0. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_agg( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_xonly_pubkey *agg_pk, - rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, - const rustsecp256k1_v0_11_pubkey * const *pubkeys, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_agg( + const secp256k1_context *ctx, + secp256k1_xonly_pubkey *agg_pk, + secp256k1_musig_keyagg_cache *keyagg_cache, + const secp256k1_pubkey * const *pubkeys, size_t n_pubkeys ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(4); @@ -216,10 +216,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_ * In: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by * `musig_pubkey_agg` */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_get( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *agg_pk, - const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_get( + const secp256k1_context *ctx, + secp256k1_pubkey *agg_pk, + const secp256k1_musig_keyagg_cache *keyagg_cache ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Apply plain "EC" tweaking to a public key in a given keyagg_cache by adding @@ -230,20 +230,20 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_ * Callers are responsible for deriving `tweak32` in a way that does not reduce * the security of MuSig (for example, by following BIP 32). * - * The tweaking method is the same as `rustsecp256k1_v0_11_ec_pubkey_tweak_add`. So after + * The tweaking method is the same as `secp256k1_ec_pubkey_tweak_add`. So after * the following pseudocode buf and buf2 have identical contents (absent * earlier failures). * - * rustsecp256k1_v0_11_musig_pubkey_agg(..., keyagg_cache, pubkeys, ...) - * rustsecp256k1_v0_11_musig_pubkey_get(..., agg_pk, keyagg_cache) - * rustsecp256k1_v0_11_musig_pubkey_ec_tweak_add(..., output_pk, tweak32, keyagg_cache) - * rustsecp256k1_v0_11_ec_pubkey_serialize(..., buf, ..., output_pk, ...) - * rustsecp256k1_v0_11_ec_pubkey_tweak_add(..., agg_pk, tweak32) - * rustsecp256k1_v0_11_ec_pubkey_serialize(..., buf2, ..., agg_pk, ...) + * secp256k1_musig_pubkey_agg(..., keyagg_cache, pubkeys, ...) + * secp256k1_musig_pubkey_get(..., agg_pk, keyagg_cache) + * secp256k1_musig_pubkey_ec_tweak_add(..., output_pk, tweak32, keyagg_cache) + * secp256k1_ec_pubkey_serialize(..., buf, ..., output_pk, ...) + * secp256k1_ec_pubkey_tweak_add(..., agg_pk, tweak32) + * secp256k1_ec_pubkey_serialize(..., buf2, ..., agg_pk, ...) * * This function is required if you want to _sign_ for a tweaked aggregate key. * If you are only computing a public key but not intending to create a - * signature for it, use `rustsecp256k1_v0_11_ec_pubkey_tweak_add` instead. + * signature for it, use `secp256k1_ec_pubkey_tweak_add` instead. * * Returns: 0 if the arguments are invalid, 1 otherwise * Args: ctx: pointer to a context object @@ -253,16 +253,16 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_ * In/Out: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by * `musig_pubkey_agg` * In: tweak32: pointer to a 32-byte tweak. The tweak is valid if it passes - * `rustsecp256k1_v0_11_ec_seckey_verify` and is not equal to the + * `secp256k1_ec_seckey_verify` and is not equal to the * secret key corresponding to the public key represented * by keyagg_cache or its negation. For uniformly random * 32-byte arrays the chance of being invalid is * negligible (around 1 in 2^128). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_ec_tweak_add( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *output_pubkey, - rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_ec_tweak_add( + const secp256k1_context *ctx, + secp256k1_pubkey *output_pubkey, + secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -274,18 +274,18 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_ * Callers are responsible for deriving `tweak32` in a way that does not reduce * the security of MuSig (for example, by following Taproot BIP 341). * - * The tweaking method is the same as `rustsecp256k1_v0_11_xonly_pubkey_tweak_add`. So in + * The tweaking method is the same as `secp256k1_xonly_pubkey_tweak_add`. So in * the following pseudocode xonly_pubkey_tweak_add_check (absent earlier * failures) returns 1. * - * rustsecp256k1_v0_11_musig_pubkey_agg(..., agg_pk, keyagg_cache, pubkeys, ...) - * rustsecp256k1_v0_11_musig_pubkey_xonly_tweak_add(..., output_pk, keyagg_cache, tweak32) - * rustsecp256k1_v0_11_xonly_pubkey_serialize(..., buf, output_pk) - * rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(..., buf, ..., agg_pk, tweak32) + * secp256k1_musig_pubkey_agg(..., agg_pk, keyagg_cache, pubkeys, ...) + * secp256k1_musig_pubkey_xonly_tweak_add(..., output_pk, keyagg_cache, tweak32) + * secp256k1_xonly_pubkey_serialize(..., buf, output_pk) + * secp256k1_xonly_pubkey_tweak_add_check(..., buf, ..., agg_pk, tweak32) * * This function is required if you want to _sign_ for a tweaked aggregate key. * If you are only computing a public key but not intending to create a - * signature for it, use `rustsecp256k1_v0_11_xonly_pubkey_tweak_add` instead. + * signature for it, use `secp256k1_xonly_pubkey_tweak_add` instead. * * Returns: 0 if the arguments are invalid, 1 otherwise * Args: ctx: pointer to a context object @@ -295,16 +295,16 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_ * In/Out: keyagg_cache: pointer to a `musig_keyagg_cache` struct initialized by * `musig_pubkey_agg` * In: tweak32: pointer to a 32-byte tweak. The tweak is valid if it passes - * `rustsecp256k1_v0_11_ec_seckey_verify` and is not equal to the + * `secp256k1_ec_seckey_verify` and is not equal to the * secret key corresponding to the public key represented * by keyagg_cache or its negation. For uniformly random * 32-byte arrays the chance of being invalid is * negligible (around 1 in 2^128). */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_xonly_tweak_add( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *output_pubkey, - rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_pubkey_xonly_tweak_add( + const secp256k1_context *ctx, + secp256k1_pubkey *output_pubkey, + secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); @@ -329,18 +329,18 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_ * * If you don't have access to good randomness for session_secrand32, but you * have access to a non-repeating counter, then see - * rustsecp256k1_v0_11_musig_nonce_gen_counter. + * secp256k1_musig_nonce_gen_counter. * * Remember that nonce reuse will leak the secret key! * Note that using the same seckey for multiple MuSig sessions is fine. * * Returns: 0 if the arguments are invalid and 1 otherwise - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static) + * Args: ctx: pointer to a context object (not secp256k1_context_static) * Out: secnonce: pointer to a structure to store the secret nonce * pubnonce: pointer to a structure to store the public nonce * In/Out: * session_secrand32: a 32-byte session_secrand32 as explained above. Must be unique to this - * call to rustsecp256k1_v0_11_musig_nonce_gen and must be uniformly + * call to secp256k1_musig_nonce_gen and must be uniformly * random. If the function call is successful, the * session_secrand32 buffer is invalidated to prevent reuse. * In: @@ -359,15 +359,15 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_pubkey_ * extra_input32: an optional 32-byte array that is input to the nonce * derivation function (can be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_gen( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_musig_secnonce *secnonce, - rustsecp256k1_v0_11_musig_pubnonce *pubnonce, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen( + const secp256k1_context *ctx, + secp256k1_musig_secnonce *secnonce, + secp256k1_musig_pubnonce *pubnonce, unsigned char *session_secrand32, const unsigned char *seckey, - const rustsecp256k1_v0_11_pubkey *pubkey, + const secp256k1_pubkey *pubkey, const unsigned char *msg32, - const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, + const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(6); @@ -377,19 +377,19 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_g * This function outputs a secret nonce that will be required for signing and a * corresponding public nonce that is intended to be sent to other signers. * - * This function differs from `rustsecp256k1_v0_11_musig_nonce_gen` by accepting a + * This function differs from `secp256k1_musig_nonce_gen` by accepting a * non-repeating counter value instead of a secret random value. This requires - * that a secret key is provided to `rustsecp256k1_v0_11_musig_nonce_gen_counter` - * (through the keypair argument), as opposed to `rustsecp256k1_v0_11_musig_nonce_gen` + * that a secret key is provided to `secp256k1_musig_nonce_gen_counter` + * (through the keypair argument), as opposed to `secp256k1_musig_nonce_gen` * where the seckey argument is optional. * * MuSig differs from regular Schnorr signing in that implementers _must_ take * special care to not reuse a nonce. This can be ensured by following these rules: * * 1. The nonrepeating_cnt argument must be a counter value that never repeats, - * i.e., you must never call `rustsecp256k1_v0_11_musig_nonce_gen_counter` twice with + * i.e., you must never call `secp256k1_musig_nonce_gen_counter` twice with * the same keypair and nonrepeating_cnt value. For example, this implies - * that if the same keypair is used with `rustsecp256k1_v0_11_musig_nonce_gen_counter` + * that if the same keypair is used with `secp256k1_musig_nonce_gen_counter` * on multiple devices, none of the devices should have the same counter * value as any other device. * 2. If the seckey, message or aggregate public key cache is already available @@ -405,12 +405,12 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_g * Note that using the same keypair for multiple MuSig sessions is fine. * * Returns: 0 if the arguments are invalid and 1 otherwise - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static) + * Args: ctx: pointer to a context object (not secp256k1_context_static) * Out: secnonce: pointer to a structure to store the secret nonce * pubnonce: pointer to a structure to store the public nonce * In: * nonrepeating_cnt: the value of a counter as explained above. Must be - * unique to this call to rustsecp256k1_v0_11_musig_nonce_gen. + * unique to this call to secp256k1_musig_nonce_gen. * keypair: keypair of the signer creating the nonce. The secnonce * output of this function cannot be used to sign for any * other keypair. @@ -422,14 +422,14 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_g * extra_input32: an optional 32-byte array that is input to the nonce * derivation function (can be NULL) */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_gen_counter( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_musig_secnonce *secnonce, - rustsecp256k1_v0_11_musig_pubnonce *pubnonce, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_gen_counter( + const secp256k1_context *ctx, + secp256k1_musig_secnonce *secnonce, + secp256k1_musig_pubnonce *pubnonce, uint64_t nonrepeating_cnt, - const rustsecp256k1_v0_11_keypair *keypair, + const secp256k1_keypair *keypair, const unsigned char *msg32, - const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, + const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(5); @@ -452,10 +452,10 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_g * n_pubnonces: number of elements in the pubnonces array. Must be * greater than 0. */ -SECP256K1_API int rustsecp256k1_v0_11_musig_nonce_agg( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_musig_aggnonce *aggnonce, - const rustsecp256k1_v0_11_musig_pubnonce * const *pubnonces, +SECP256K1_API int secp256k1_musig_nonce_agg( + const secp256k1_context *ctx, + secp256k1_musig_aggnonce *aggnonce, + const secp256k1_musig_pubnonce * const *pubnonces, size_t n_pubnonces ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -471,12 +471,12 @@ SECP256K1_API int rustsecp256k1_v0_11_musig_nonce_agg( * keyagg_cache: pointer to the keyagg_cache that was used to create the * aggregate (and potentially tweaked) pubkey */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_process( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_musig_session *session, - const rustsecp256k1_v0_11_musig_aggnonce *aggnonce, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_nonce_process( + const secp256k1_context *ctx, + secp256k1_musig_session *session, + const secp256k1_musig_aggnonce *aggnonce, const unsigned char *msg32, - const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache + const secp256k1_musig_keyagg_cache *keyagg_cache ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5); /** Produces a partial signature @@ -494,7 +494,7 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_p * * This function does not verify the output partial signature, deviating from * the BIP 327 specification. It is recommended to verify the output partial - * signature with `rustsecp256k1_v0_11_musig_partial_sig_verify` to prevent random or + * signature with `secp256k1_musig_partial_sig_verify` to prevent random or * adversarially provoked computation errors. * * Returns: 0 if the arguments are invalid or the provided secnonce has already @@ -511,13 +511,13 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_nonce_p * session: pointer to the session that was created with * musig_nonce_process */ -SECP256K1_API int rustsecp256k1_v0_11_musig_partial_sign( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_musig_partial_sig *partial_sig, - rustsecp256k1_v0_11_musig_secnonce *secnonce, - const rustsecp256k1_v0_11_keypair *keypair, - const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, - const rustsecp256k1_v0_11_musig_session *session +SECP256K1_API int secp256k1_musig_partial_sign( + const secp256k1_context *ctx, + secp256k1_musig_partial_sig *partial_sig, + secp256k1_musig_secnonce *secnonce, + const secp256k1_keypair *keypair, + const secp256k1_musig_keyagg_cache *keyagg_cache, + const secp256k1_musig_session *session ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6); /** Verifies an individual signer's partial signature @@ -552,13 +552,13 @@ SECP256K1_API int rustsecp256k1_v0_11_musig_partial_sign( * session: pointer to the session that was created with * `musig_nonce_process` */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_partial_sig_verify( - const rustsecp256k1_v0_11_context *ctx, - const rustsecp256k1_v0_11_musig_partial_sig *partial_sig, - const rustsecp256k1_v0_11_musig_pubnonce *pubnonce, - const rustsecp256k1_v0_11_pubkey *pubkey, - const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, - const rustsecp256k1_v0_11_musig_session *session +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_musig_partial_sig_verify( + const secp256k1_context *ctx, + const secp256k1_musig_partial_sig *partial_sig, + const secp256k1_musig_pubnonce *pubnonce, + const secp256k1_pubkey *pubkey, + const secp256k1_musig_keyagg_cache *keyagg_cache, + const secp256k1_musig_session *session ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) SECP256K1_ARG_NONNULL(5) SECP256K1_ARG_NONNULL(6); /** Aggregates partial signatures @@ -573,11 +573,11 @@ SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_musig_partial * n_sigs: number of elements in the partial_sigs array. Must be * greater than 0. */ -SECP256K1_API int rustsecp256k1_v0_11_musig_partial_sig_agg( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_musig_partial_sig_agg( + const secp256k1_context *ctx, unsigned char *sig64, - const rustsecp256k1_v0_11_musig_session *session, - const rustsecp256k1_v0_11_musig_partial_sig * const *partial_sigs, + const secp256k1_musig_session *session, + const secp256k1_musig_partial_sig * const *partial_sigs, size_t n_sigs ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_preallocated.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_preallocated.h index 7ec542ec3..f2d95c245 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_preallocated.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_preallocated.h @@ -16,8 +16,8 @@ extern "C" { * objects created by functions in secp256k1.h, i.e., they can be passed to any * API function that expects a context object (see secp256k1.h for details). The * only exception is that context objects created by functions in this module - * must be destroyed using rustsecp256k1_v0_11_context_preallocated_destroy (in this - * module) instead of rustsecp256k1_v0_11_context_destroy (in secp256k1.h). + * must be destroyed using secp256k1_context_preallocated_destroy (in this + * module) instead of secp256k1_context_destroy (in secp256k1.h). * * It is guaranteed that functions in this module will not call malloc or its * friends realloc, calloc, and free. @@ -27,24 +27,24 @@ extern "C" { * caller-provided memory. * * The purpose of this function is to determine how much memory must be provided - * to rustsecp256k1_v0_11_context_preallocated_create. + * to secp256k1_context_preallocated_create. * * Returns: the required size of the caller-provided memory block * In: flags: which parts of the context to initialize. */ -SECP256K1_API size_t rustsecp256k1_v0_11_context_preallocated_size( +SECP256K1_API size_t secp256k1_context_preallocated_size( unsigned int flags ) SECP256K1_WARN_UNUSED_RESULT; /** Create a secp256k1 context object in caller-provided memory. * * The caller must provide a pointer to a rewritable contiguous block of memory - * of size at least rustsecp256k1_v0_11_context_preallocated_size(flags) bytes, suitably + * of size at least secp256k1_context_preallocated_size(flags) bytes, suitably * aligned to hold an object of any type. * * The block of memory is exclusively owned by the created context object during * the lifetime of this context object, which begins with the call to this - * function and ends when a call to rustsecp256k1_v0_11_context_preallocated_destroy + * function and ends when a call to secp256k1_context_preallocated_destroy * (which destroys the context object again) returns. During the lifetime of the * context object, the caller is obligated not to access this block of memory, * i.e., the caller may not read or write the memory, e.g., by copying the memory @@ -54,16 +54,16 @@ SECP256K1_API size_t rustsecp256k1_v0_11_context_preallocated_size( * * Returns: pointer to newly created context object. * In: prealloc: pointer to a rewritable contiguous block of memory of - * size at least rustsecp256k1_v0_11_context_preallocated_size(flags) + * size at least secp256k1_context_preallocated_size(flags) * bytes, as detailed above. * flags: which parts of the context to initialize. * - * See rustsecp256k1_v0_11_context_create (in secp256k1.h) for further details. + * See secp256k1_context_create (in secp256k1.h) for further details. * - * See also rustsecp256k1_v0_11_context_randomize (in secp256k1.h) - * and rustsecp256k1_v0_11_context_preallocated_destroy. + * See also secp256k1_context_randomize (in secp256k1.h) + * and secp256k1_context_preallocated_destroy. */ -SECP256K1_API rustsecp256k1_v0_11_context *rustsecp256k1_v0_11_context_preallocated_create( +SECP256K1_API secp256k1_context *secp256k1_context_preallocated_create( void *prealloc, unsigned int flags ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; @@ -74,31 +74,31 @@ SECP256K1_API rustsecp256k1_v0_11_context *rustsecp256k1_v0_11_context_prealloca * Returns: the required size of the caller-provided memory block. * In: ctx: pointer to a context to copy. */ -SECP256K1_API size_t rustsecp256k1_v0_11_context_preallocated_clone_size( - const rustsecp256k1_v0_11_context *ctx +SECP256K1_API size_t secp256k1_context_preallocated_clone_size( + const secp256k1_context *ctx ) SECP256K1_ARG_NONNULL(1) SECP256K1_WARN_UNUSED_RESULT; /** Copy a secp256k1 context object into caller-provided memory. * * The caller must provide a pointer to a rewritable contiguous block of memory - * of size at least rustsecp256k1_v0_11_context_preallocated_size(flags) bytes, suitably + * of size at least secp256k1_context_preallocated_size(flags) bytes, suitably * aligned to hold an object of any type. * * The block of memory is exclusively owned by the created context object during * the lifetime of this context object, see the description of - * rustsecp256k1_v0_11_context_preallocated_create for details. + * secp256k1_context_preallocated_create for details. * - * Cloning rustsecp256k1_v0_11_context_static is not possible, and should not be emulated by + * Cloning secp256k1_context_static is not possible, and should not be emulated by * the caller (e.g., using memcpy). Create a new context instead. * * Returns: pointer to a newly created context object. - * Args: ctx: pointer to a context to copy (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context to copy (not secp256k1_context_static). * In: prealloc: pointer to a rewritable contiguous block of memory of - * size at least rustsecp256k1_v0_11_context_preallocated_size(flags) + * size at least secp256k1_context_preallocated_size(flags) * bytes, as detailed above. */ -SECP256K1_API rustsecp256k1_v0_11_context *rustsecp256k1_v0_11_context_preallocated_clone( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API secp256k1_context *secp256k1_context_preallocated_clone( + const secp256k1_context *ctx, void *prealloc ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_WARN_UNUSED_RESULT; @@ -108,23 +108,23 @@ SECP256K1_API rustsecp256k1_v0_11_context *rustsecp256k1_v0_11_context_prealloca * The context pointer may not be used afterwards. * * The context to destroy must have been created using - * rustsecp256k1_v0_11_context_preallocated_create or rustsecp256k1_v0_11_context_preallocated_clone. - * If the context has instead been created using rustsecp256k1_v0_11_context_create or - * rustsecp256k1_v0_11_context_clone, the behaviour is undefined. In that case, - * rustsecp256k1_v0_11_context_destroy must be used instead. + * secp256k1_context_preallocated_create or secp256k1_context_preallocated_clone. + * If the context has instead been created using secp256k1_context_create or + * secp256k1_context_clone, the behaviour is undefined. In that case, + * secp256k1_context_destroy must be used instead. * * If required, it is the responsibility of the caller to deallocate the block * of memory properly after this function returns, e.g., by calling free on the - * preallocated pointer given to rustsecp256k1_v0_11_context_preallocated_create or - * rustsecp256k1_v0_11_context_preallocated_clone. + * preallocated pointer given to secp256k1_context_preallocated_create or + * secp256k1_context_preallocated_clone. * * Args: ctx: pointer to a context to destroy, constructed using - * rustsecp256k1_v0_11_context_preallocated_create or - * rustsecp256k1_v0_11_context_preallocated_clone - * (i.e., not rustsecp256k1_v0_11_context_static). + * secp256k1_context_preallocated_create or + * secp256k1_context_preallocated_clone + * (i.e., not secp256k1_context_static). */ -SECP256K1_API void rustsecp256k1_v0_11_context_preallocated_destroy( - rustsecp256k1_v0_11_context *ctx +SECP256K1_API void secp256k1_context_preallocated_destroy( + secp256k1_context *ctx ) SECP256K1_ARG_NONNULL(1); #ifdef __cplusplus diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_recovery.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_recovery.h index d6b0d602b..2430f9939 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_recovery.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_recovery.h @@ -14,16 +14,16 @@ extern "C" { * guaranteed to be portable between different platforms or versions. It is * however guaranteed to be 65 bytes in size, and can be safely copied/moved. * If you need to convert to a format suitable for storage or transmission, use - * the rustsecp256k1_v0_11_ecdsa_signature_serialize_* and - * rustsecp256k1_v0_11_ecdsa_signature_parse_* functions. + * the secp256k1_ecdsa_signature_serialize_* and + * secp256k1_ecdsa_signature_parse_* functions. * * Furthermore, it is guaranteed that identical signatures (including their * recoverability) will have identical representation, so they can be * memcmp'ed. */ -typedef struct rustsecp256k1_v0_11_ecdsa_recoverable_signature { +typedef struct secp256k1_ecdsa_recoverable_signature { unsigned char data[65]; -} rustsecp256k1_v0_11_ecdsa_recoverable_signature; +} secp256k1_ecdsa_recoverable_signature; /** Parse a compact ECDSA signature (64 bytes + recovery id). * @@ -33,9 +33,9 @@ typedef struct rustsecp256k1_v0_11_ecdsa_recoverable_signature { * In: input64: pointer to a 64-byte compact signature * recid: the recovery id (0, 1, 2 or 3) */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_ecdsa_recoverable_signature *sig, +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact( + const secp256k1_context *ctx, + secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *input64, int recid ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); @@ -47,10 +47,10 @@ SECP256K1_API int rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact( * Out: sig: pointer to a normal signature. * In: sigin: pointer to a recoverable signature. */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_ecdsa_signature *sig, - const rustsecp256k1_v0_11_ecdsa_recoverable_signature *sigin +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_convert( + const secp256k1_context *ctx, + secp256k1_ecdsa_signature *sig, + const secp256k1_ecdsa_recoverable_signature *sigin ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); /** Serialize an ECDSA signature in compact format (64 bytes + recovery id). @@ -61,48 +61,58 @@ SECP256K1_API int rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert( * recid: pointer to an integer to hold the recovery id. * In: sig: pointer to an initialized signature object. */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_ecdsa_recoverable_signature_serialize_compact( + const secp256k1_context *ctx, unsigned char *output64, int *recid, - const rustsecp256k1_v0_11_ecdsa_recoverable_signature *sig + const secp256k1_ecdsa_recoverable_signature *sig ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Create a recoverable ECDSA signature. * * Returns: 1: signature created * 0: the nonce generation function failed, or the secret key was invalid. - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: sig: pointer to an array where the signature will be placed. * In: msghash32: the 32-byte message hash being signed. * seckey: pointer to a 32-byte secret key. * noncefp: pointer to a nonce generation function. If NULL, - * rustsecp256k1_v0_11_nonce_function_default is used. + * secp256k1_nonce_function_default is used. * ndata: pointer to arbitrary data used by the nonce generation function - * (can be NULL for rustsecp256k1_v0_11_nonce_function_default). + * (can be NULL for secp256k1_nonce_function_default). */ -SECP256K1_API int rustsecp256k1_v0_11_ecdsa_sign_recoverable( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_ecdsa_recoverable_signature *sig, +SECP256K1_API int secp256k1_ecdsa_sign_recoverable( + const secp256k1_context *ctx, + secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32, const unsigned char *seckey, - rustsecp256k1_v0_11_nonce_function noncefp, + secp256k1_nonce_function noncefp, const void *ndata ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); /** Recover an ECDSA public key from a signature. * - * Returns: 1: public key successfully recovered (which guarantees a correct signature). + * Successful public key recovery guarantees that the signature, after normalization, + * passes `secp256k1_ecdsa_verify`. Thus, explicit verification is not necessary. + * + * However, a recoverable signature that successfully passes `secp256k1_ecdsa_recover`, + * when converted to a non-recoverable signature (using + * `secp256k1_ecdsa_recoverable_signature_convert`), is not guaranteed to be + * normalized and thus not guaranteed to pass `secp256k1_ecdsa_verify`. If a + * normalized signature is required, call `secp256k1_ecdsa_signature_normalize` + * after `secp256k1_ecdsa_recoverable_signature_convert`. + * + * Returns: 1: public key successfully recovered * 0: otherwise. * Args: ctx: pointer to a context object. * Out: pubkey: pointer to the recovered public key. * In: sig: pointer to initialized signature that supports pubkey recovery. * msghash32: the 32-byte message hash assumed to be signed. */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_ecdsa_recover( - const rustsecp256k1_v0_11_context *ctx, - rustsecp256k1_v0_11_pubkey *pubkey, - const rustsecp256k1_v0_11_ecdsa_recoverable_signature *sig, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_ecdsa_recover( + const secp256k1_context *ctx, + secp256k1_pubkey *pubkey, + const secp256k1_ecdsa_recoverable_signature *sig, const unsigned char *msghash32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); diff --git a/secp256k1-sys/depend/secp256k1/include/secp256k1_schnorrsig.h b/secp256k1-sys/depend/secp256k1/include/secp256k1_schnorrsig.h index 3efe3815f..013d4ee73 100644 --- a/secp256k1-sys/depend/secp256k1/include/secp256k1_schnorrsig.h +++ b/secp256k1-sys/depend/secp256k1/include/secp256k1_schnorrsig.h @@ -15,7 +15,7 @@ extern "C" { /** A pointer to a function to deterministically generate a nonce. * - * Same as rustsecp256k1_v0_11_nonce function with the exception of accepting an + * Same as secp256k1_nonce function with the exception of accepting an * additional pubkey argument and not requiring an attempt argument. The pubkey * argument can protect signature schemes with key-prefixed challenge hash * inputs against reusing the nonce when signing with the wrong precomputed @@ -38,7 +38,7 @@ extern "C" { * Except for test cases, this function should compute some cryptographic hash of * the message, the key, the pubkey, the algorithm description, and data. */ -typedef int (*rustsecp256k1_v0_11_nonce_function_hardened)( +typedef int (*secp256k1_nonce_function_hardened)( unsigned char *nonce32, const unsigned char *msg, size_t msglen, @@ -61,7 +61,7 @@ typedef int (*rustsecp256k1_v0_11_nonce_function_hardened)( * Therefore, to create BIP-340 compliant signatures, algo must be set to * "BIP0340/nonce" and algolen to 13. */ -SECP256K1_API const rustsecp256k1_v0_11_nonce_function_hardened rustsecp256k1_v0_11_nonce_function_bip340; +SECP256K1_API const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340; /** Data structure that contains additional arguments for schnorrsig_sign_custom. * @@ -73,17 +73,17 @@ SECP256K1_API const rustsecp256k1_v0_11_nonce_function_hardened rustsecp256k1_v0 * and has no other function than making sure the object is * initialized. * noncefp: pointer to a nonce generation function. If NULL, - * rustsecp256k1_v0_11_nonce_function_bip340 is used + * secp256k1_nonce_function_bip340 is used * ndata: pointer to arbitrary data used by the nonce generation function * (can be NULL). If it is non-NULL and - * rustsecp256k1_v0_11_nonce_function_bip340 is used, then ndata must be a + * secp256k1_nonce_function_bip340 is used, then ndata must be a * pointer to 32-byte auxiliary randomness as per BIP-340. */ -typedef struct rustsecp256k1_v0_11_schnorrsig_extraparams { +typedef struct secp256k1_schnorrsig_extraparams { unsigned char magic[4]; - rustsecp256k1_v0_11_nonce_function_hardened noncefp; + secp256k1_nonce_function_hardened noncefp; void *ndata; -} rustsecp256k1_v0_11_schnorrsig_extraparams; +} secp256k1_schnorrsig_extraparams; #define SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC { 0xda, 0x6f, 0xb3, 0x8c } #define SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT {\ @@ -95,18 +95,18 @@ typedef struct rustsecp256k1_v0_11_schnorrsig_extraparams { /** Create a Schnorr signature. * * Does _not_ strictly follow BIP-340 because it does not verify the resulting - * signature. Instead, you can manually use rustsecp256k1_v0_11_schnorrsig_verify and + * signature. Instead, you can manually use secp256k1_schnorrsig_verify and * abort if it fails. * * This function only signs 32-byte messages. If you have messages of a * different size (or the same size but without a context-specific tag * prefix), it is recommended to create a 32-byte message hash with - * rustsecp256k1_v0_11_tagged_sha256 and then sign the hash. Tagged hashing allows + * secp256k1_tagged_sha256 and then sign the hash. Tagged hashing allows * providing an context-specific tag for domain separation. This prevents * signatures from being valid in multiple contexts by accident. * * Returns 1 on success, 0 on failure. - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: sig64: pointer to a 64-byte array to store the serialized signature. * In: msg32: the 32-byte message being signed. * keypair: pointer to an initialized keypair. @@ -116,53 +116,53 @@ typedef struct rustsecp256k1_v0_11_schnorrsig_extraparams { * BIP-340 "Default Signing" for a full explanation of this * argument and for guidance if randomness is expensive. */ -SECP256K1_API int rustsecp256k1_v0_11_schnorrsig_sign32( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_schnorrsig_sign32( + const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, - const rustsecp256k1_v0_11_keypair *keypair, + const secp256k1_keypair *keypair, const unsigned char *aux_rand32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4); -/** Same as rustsecp256k1_v0_11_schnorrsig_sign32, but DEPRECATED. Will be removed in +/** Same as secp256k1_schnorrsig_sign32, but DEPRECATED. Will be removed in * future versions. */ -SECP256K1_API int rustsecp256k1_v0_11_schnorrsig_sign( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_schnorrsig_sign( + const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg32, - const rustsecp256k1_v0_11_keypair *keypair, + const secp256k1_keypair *keypair, const unsigned char *aux_rand32 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4) - SECP256K1_DEPRECATED("Use rustsecp256k1_v0_11_schnorrsig_sign32 instead"); + SECP256K1_DEPRECATED("Use secp256k1_schnorrsig_sign32 instead"); /** Create a Schnorr signature with a more flexible API. * - * Same arguments as rustsecp256k1_v0_11_schnorrsig_sign except that it allows signing + * Same arguments as secp256k1_schnorrsig_sign except that it allows signing * variable length messages and accepts a pointer to an extraparams object that * allows customizing signing by passing additional arguments. * - * Equivalent to rustsecp256k1_v0_11_schnorrsig_sign32(..., aux_rand32) if msglen is 32 + * Equivalent to secp256k1_schnorrsig_sign32(..., aux_rand32) if msglen is 32 * and extraparams is initialized as follows: * ``` - * rustsecp256k1_v0_11_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; + * secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; * extraparams.ndata = (unsigned char*)aux_rand32; * ``` * * Returns 1 on success, 0 on failure. - * Args: ctx: pointer to a context object (not rustsecp256k1_v0_11_context_static). + * Args: ctx: pointer to a context object (not secp256k1_context_static). * Out: sig64: pointer to a 64-byte array to store the serialized signature. * In: msg: the message being signed. Can only be NULL if msglen is 0. * msglen: length of the message. * keypair: pointer to an initialized keypair. * extraparams: pointer to an extraparams object (can be NULL). */ -SECP256K1_API int rustsecp256k1_v0_11_schnorrsig_sign_custom( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API int secp256k1_schnorrsig_sign_custom( + const secp256k1_context *ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, - const rustsecp256k1_v0_11_keypair *keypair, - rustsecp256k1_v0_11_schnorrsig_extraparams *extraparams + const secp256k1_keypair *keypair, + secp256k1_schnorrsig_extraparams *extraparams ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5); /** Verify a Schnorr signature. @@ -175,12 +175,12 @@ SECP256K1_API int rustsecp256k1_v0_11_schnorrsig_sign_custom( * msglen: length of the message * pubkey: pointer to an x-only public key to verify with */ -SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int rustsecp256k1_v0_11_schnorrsig_verify( - const rustsecp256k1_v0_11_context *ctx, +SECP256K1_API SECP256K1_WARN_UNUSED_RESULT int secp256k1_schnorrsig_verify( + const secp256k1_context *ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, - const rustsecp256k1_v0_11_xonly_pubkey *pubkey + const secp256k1_xonly_pubkey *pubkey ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(5); #ifdef __cplusplus diff --git a/secp256k1-sys/depend/secp256k1/sage/gen_exhaustive_groups.sage b/secp256k1-sys/depend/secp256k1/sage/gen_exhaustive_groups.sage index 141041116..070bc1285 100644 --- a/secp256k1-sys/depend/secp256k1/sage/gen_exhaustive_groups.sage +++ b/secp256k1-sys/depend/secp256k1/sage/gen_exhaustive_groups.sage @@ -1,4 +1,4 @@ -load("rustsecp256k1_v0_11_params.sage") +load("secp256k1_params.sage") MAX_ORDER = 1000 @@ -124,7 +124,7 @@ for f in sorted(solutions.keys()): print(f"# {'if' if first else 'elif'} EXHAUSTIVE_TEST_ORDER == {f}") first = False print() - print(f"static const rustsecp256k1_v0_11_ge rustsecp256k1_v0_11_ge_const_g = SECP256K1_G_ORDER_{f};") + print(f"static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G_ORDER_{f};") output_b(b) print() print("# else") @@ -132,7 +132,7 @@ print("# error No known generator for the specified exhaustive test group ord print("# endif") print("#else") print() -print("static const rustsecp256k1_v0_11_ge rustsecp256k1_v0_11_ge_const_g = SECP256K1_G;") +print("static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G;") output_b(7) print() print("#endif") diff --git a/secp256k1-sys/depend/secp256k1/sage/gen_split_lambda_constants.sage b/secp256k1-sys/depend/secp256k1/sage/gen_split_lambda_constants.sage index 65cb87414..7d4359e0f 100644 --- a/secp256k1-sys/depend/secp256k1/sage/gen_split_lambda_constants.sage +++ b/secp256k1-sys/depend/secp256k1/sage/gen_split_lambda_constants.sage @@ -1,9 +1,9 @@ -""" Generates the constants used in rustsecp256k1_v0_11_scalar_split_lambda. +""" Generates the constants used in secp256k1_scalar_split_lambda. -See the comments for rustsecp256k1_v0_11_scalar_split_lambda in src/scalar_impl.h for detailed explanations. +See the comments for secp256k1_scalar_split_lambda in src/scalar_impl.h for detailed explanations. """ -load("rustsecp256k1_v0_11_params.sage") +load("secp256k1_params.sage") def inf_norm(v): """Returns the infinity norm of a vector.""" @@ -24,17 +24,17 @@ def gauss_reduction(i1, i2): v2[1] -= m*v1[1] def find_split_constants_gauss(): - """Find constants for rustsecp256k1_v0_11_scalar_split_lamdba using gauss reduction.""" + """Find constants for secp256k1_scalar_split_lamdba using gauss reduction.""" (v11, v12), (v21, v22) = gauss_reduction([0, N], [1, int(LAMBDA)]) - # We use related vectors in rustsecp256k1_v0_11_scalar_split_lambda. + # We use related vectors in secp256k1_scalar_split_lambda. A1, B1 = -v21, -v11 A2, B2 = v22, -v21 return A1, B1, A2, B2 def find_split_constants_explicit_tof(): - """Find constants for rustsecp256k1_v0_11_scalar_split_lamdba using the trace of Frobenius. + """Find constants for secp256k1_scalar_split_lamdba using the trace of Frobenius. See Benjamin Smith: "Easy scalar decompositions for efficient scalar multiplication on elliptic curves and genus 2 Jacobians" (https://eprint.iacr.org/2013/672), Example 2 @@ -51,7 +51,7 @@ def find_split_constants_explicit_tof(): A2 = Integer((t + c)/2 - 1) B2 = Integer(1 - (t - c)/2) - # We use a negated b values in rustsecp256k1_v0_11_scalar_split_lambda. + # We use a negated b values in secp256k1_scalar_split_lambda. B1, B2 = -B1, -B2 return A1, B1, A2, B2 @@ -90,7 +90,7 @@ def rnddiv2(v): return v >> 1 def scalar_lambda_split(k): - """Equivalent to rustsecp256k1_v0_11_scalar_lambda_split().""" + """Equivalent to secp256k1_scalar_lambda_split().""" c1 = rnddiv2((k * G1) >> 383) c2 = rnddiv2((k * G2) >> 383) c1 = (c1 * -B1) % N diff --git a/secp256k1-sys/depend/secp256k1/sage/prove_group_implementations.sage b/secp256k1-sys/depend/secp256k1/sage/prove_group_implementations.sage index ff2275e1f..23799be52 100644 --- a/secp256k1-sys/depend/secp256k1/sage/prove_group_implementations.sage +++ b/secp256k1-sys/depend/secp256k1/sage/prove_group_implementations.sage @@ -5,8 +5,8 @@ import sys load("group_prover.sage") load("weierstrass_prover.sage") -def formula_rustsecp256k1_v0_11_gej_double_var(a): - """libsecp256k1's rustsecp256k1_v0_11_gej_double_var, used by various addition functions""" +def formula_secp256k1_gej_double_var(a): + """libsecp256k1's secp256k1_gej_double_var, used by various addition functions""" rz = a.Z * a.Y s = a.Y^2 l = a.X^2 @@ -24,8 +24,8 @@ def formula_rustsecp256k1_v0_11_gej_double_var(a): ry = -ry return jacobianpoint(rx, ry, rz) -def formula_rustsecp256k1_v0_11_gej_add_var(branch, a, b): - """libsecp256k1's rustsecp256k1_v0_11_gej_add_var""" +def formula_secp256k1_gej_add_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_var""" if branch == 0: return (constraints(), constraints(nonzero={a.Infinity : 'a_infinite'}), b) if branch == 1: @@ -43,7 +43,7 @@ def formula_rustsecp256k1_v0_11_gej_add_var(branch, a, b): i = -s2 i = i + s1 if branch == 2: - r = formula_rustsecp256k1_v0_11_gej_double_var(a) + r = formula_secp256k1_gej_double_var(a) return (constraints(), constraints(zero={h : 'h=0', i : 'i=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}), r) if branch == 3: return (constraints(), constraints(zero={h : 'h=0', a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={i : 'i!=0'}), point_at_infinity()) @@ -63,8 +63,8 @@ def formula_rustsecp256k1_v0_11_gej_add_var(branch, a, b): ry = ry + h3 return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) -def formula_rustsecp256k1_v0_11_gej_add_ge_var(branch, a, b): - """libsecp256k1's rustsecp256k1_v0_11_gej_add_ge_var, which assume bz==1""" +def formula_secp256k1_gej_add_ge_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_ge_var, which assume bz==1""" if branch == 0: return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(nonzero={a.Infinity : 'a_infinite'}), b) if branch == 1: @@ -80,7 +80,7 @@ def formula_rustsecp256k1_v0_11_gej_add_ge_var(branch, a, b): i = -s2 i = i + s1 if (branch == 2): - r = formula_rustsecp256k1_v0_11_gej_double_var(a) + r = formula_secp256k1_gej_double_var(a) return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) if (branch == 3): return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) @@ -99,8 +99,8 @@ def formula_rustsecp256k1_v0_11_gej_add_ge_var(branch, a, b): ry = ry + h3 return (constraints(zero={b.Z - 1 : 'b.z=1'}), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) -def formula_rustsecp256k1_v0_11_gej_add_zinv_var(branch, a, b): - """libsecp256k1's rustsecp256k1_v0_11_gej_add_zinv_var""" +def formula_secp256k1_gej_add_zinv_var(branch, a, b): + """libsecp256k1's secp256k1_gej_add_zinv_var""" bzinv = b.Z^(-1) if branch == 0: rinf = b.Infinity @@ -124,7 +124,7 @@ def formula_rustsecp256k1_v0_11_gej_add_zinv_var(branch, a, b): i = -s2 i = i + s1 if branch == 2: - r = formula_rustsecp256k1_v0_11_gej_double_var(a) + r = formula_secp256k1_gej_double_var(a) return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0', i : 'i=0'}), r) if branch == 3: return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite', h : 'h=0'}, nonzero={i : 'i!=0'}), point_at_infinity()) @@ -143,8 +143,8 @@ def formula_rustsecp256k1_v0_11_gej_add_zinv_var(branch, a, b): ry = ry + h3 return (constraints(), constraints(zero={a.Infinity : 'a_finite', b.Infinity : 'b_finite'}, nonzero={h : 'h!=0'}), jacobianpoint(rx, ry, rz)) -def formula_rustsecp256k1_v0_11_gej_add_ge(branch, a, b): - """libsecp256k1's rustsecp256k1_v0_11_gej_add_ge""" +def formula_secp256k1_gej_add_ge(branch, a, b): + """libsecp256k1's secp256k1_gej_add_ge""" zeroes = {} nonzeroes = {} a_infinity = False @@ -205,8 +205,8 @@ def formula_rustsecp256k1_v0_11_gej_add_ge(branch, a, b): nonzeroes.update({rz : 'r.z != 0'}) return (constraints(zero={b.Z - 1 : 'b.z=1', b.Infinity : 'b_finite'}), constraints(zero=zeroes, nonzero=nonzeroes), jacobianpoint(rx, ry, rz)) -def formula_rustsecp256k1_v0_11_gej_add_ge_old(branch, a, b): - """libsecp256k1's old rustsecp256k1_v0_11_gej_add_ge, which fails when ay+by=0 but ax!=bx""" +def formula_secp256k1_gej_add_ge_old(branch, a, b): + """libsecp256k1's old secp256k1_gej_add_ge, which fails when ay+by=0 but ax!=bx""" a_infinity = (branch & 1) != 0 zero = {} nonzero = {} @@ -269,17 +269,17 @@ def formula_rustsecp256k1_v0_11_gej_add_ge_old(branch, a, b): if __name__ == "__main__": success = True - success = success & check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_var", 0, 7, 5, formula_rustsecp256k1_v0_11_gej_add_var) - success = success & check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_ge_var", 0, 7, 5, formula_rustsecp256k1_v0_11_gej_add_ge_var) - success = success & check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_zinv_var", 0, 7, 5, formula_rustsecp256k1_v0_11_gej_add_zinv_var) - success = success & check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_ge", 0, 7, 8, formula_rustsecp256k1_v0_11_gej_add_ge) - success = success & (not check_symbolic_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_ge_old [should fail]", 0, 7, 4, formula_rustsecp256k1_v0_11_gej_add_ge_old)) + success = success & check_symbolic_jacobian_weierstrass("secp256k1_gej_add_var", 0, 7, 5, formula_secp256k1_gej_add_var) + success = success & check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge_var", 0, 7, 5, formula_secp256k1_gej_add_ge_var) + success = success & check_symbolic_jacobian_weierstrass("secp256k1_gej_add_zinv_var", 0, 7, 5, formula_secp256k1_gej_add_zinv_var) + success = success & check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge", 0, 7, 8, formula_secp256k1_gej_add_ge) + success = success & (not check_symbolic_jacobian_weierstrass("secp256k1_gej_add_ge_old [should fail]", 0, 7, 4, formula_secp256k1_gej_add_ge_old)) if len(sys.argv) >= 2 and sys.argv[1] == "--exhaustive": - success = success & check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_var", 0, 7, 5, formula_rustsecp256k1_v0_11_gej_add_var, 43) - success = success & check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_ge_var", 0, 7, 5, formula_rustsecp256k1_v0_11_gej_add_ge_var, 43) - success = success & check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_zinv_var", 0, 7, 5, formula_rustsecp256k1_v0_11_gej_add_zinv_var, 43) - success = success & check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_ge", 0, 7, 8, formula_rustsecp256k1_v0_11_gej_add_ge, 43) - success = success & (not check_exhaustive_jacobian_weierstrass("rustsecp256k1_v0_11_gej_add_ge_old [should fail]", 0, 7, 4, formula_rustsecp256k1_v0_11_gej_add_ge_old, 43)) + success = success & check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_var", 0, 7, 5, formula_secp256k1_gej_add_var, 43) + success = success & check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge_var", 0, 7, 5, formula_secp256k1_gej_add_ge_var, 43) + success = success & check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_zinv_var", 0, 7, 5, formula_secp256k1_gej_add_zinv_var, 43) + success = success & check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge", 0, 7, 8, formula_secp256k1_gej_add_ge, 43) + success = success & (not check_exhaustive_jacobian_weierstrass("secp256k1_gej_add_ge_old [should fail]", 0, 7, 4, formula_secp256k1_gej_add_ge_old, 43)) sys.exit(int(not success)) diff --git a/secp256k1-sys/depend/secp256k1/src/CMakeLists.txt b/secp256k1-sys/depend/secp256k1/src/CMakeLists.txt index bc2e04ba5..fa3b2903e 100644 --- a/secp256k1-sys/depend/secp256k1/src/CMakeLists.txt +++ b/secp256k1-sys/depend/secp256k1/src/CMakeLists.txt @@ -1,23 +1,77 @@ -# Must be included before CMAKE_INSTALL_INCLUDEDIR is used. -include(GNUInstallDirs) +add_library(secp256k1) -add_library(rustsecp256k1_v0_11_precomputed OBJECT EXCLUDE_FROM_ALL +set_property(TARGET secp256k1 PROPERTY PUBLIC_HEADER + ${PROJECT_SOURCE_DIR}/include/secp256k1.h + ${PROJECT_SOURCE_DIR}/include/secp256k1_preallocated.h +) + +# Processing must be done in a topological sorting of the dependency graph +# (dependent module first). +if(SECP256K1_ENABLE_MODULE_ELLSWIFT) + add_compile_definitions(ENABLE_MODULE_ELLSWIFT=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_ellswift.h) +endif() + +if(SECP256K1_ENABLE_MODULE_MUSIG) + if(DEFINED SECP256K1_ENABLE_MODULE_SCHNORRSIG AND NOT SECP256K1_ENABLE_MODULE_SCHNORRSIG) + message(FATAL_ERROR "Module dependency error: You have disabled the schnorrsig module explicitly, but it is required by the musig module.") + endif() + set(SECP256K1_ENABLE_MODULE_SCHNORRSIG ON) + add_compile_definitions(ENABLE_MODULE_MUSIG=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_musig.h) +endif() + +if(SECP256K1_ENABLE_MODULE_SCHNORRSIG) + if(DEFINED SECP256K1_ENABLE_MODULE_EXTRAKEYS AND NOT SECP256K1_ENABLE_MODULE_EXTRAKEYS) + message(FATAL_ERROR "Module dependency error: You have disabled the extrakeys module explicitly, but it is required by the schnorrsig module.") + endif() + set(SECP256K1_ENABLE_MODULE_EXTRAKEYS ON) + add_compile_definitions(ENABLE_MODULE_SCHNORRSIG=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_schnorrsig.h) +endif() + +if(SECP256K1_ENABLE_MODULE_EXTRAKEYS) + add_compile_definitions(ENABLE_MODULE_EXTRAKEYS=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_extrakeys.h) +endif() + +if(SECP256K1_ENABLE_MODULE_RECOVERY) + add_compile_definitions(ENABLE_MODULE_RECOVERY=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_recovery.h) +endif() + +if(SECP256K1_ENABLE_MODULE_ECDH) + add_compile_definitions(ENABLE_MODULE_ECDH=1) + set_property(TARGET secp256k1 APPEND PROPERTY PUBLIC_HEADER ${PROJECT_SOURCE_DIR}/include/secp256k1_ecdh.h) +endif() + +add_library(secp256k1_precomputed OBJECT EXCLUDE_FROM_ALL precomputed_ecmult.c precomputed_ecmult_gen.c ) # Add objects explicitly rather than linking to the object libs to keep them # from being exported. -add_library(secp256k1 secp256k1.c $) +target_sources(secp256k1 PRIVATE secp256k1.c $) -add_library(rustsecp256k1_v0_11_asm INTERFACE) +if(NOT SECP256K1_ENABLE_API_VISIBILITY_ATTRIBUTES) + target_compile_definitions(secp256k1 PRIVATE SECP256K1_NO_API_VISIBILITY_ATTRIBUTES) +endif() + +# Create a helper lib that parent projects can use to link secp256k1 into a +# static lib. +add_library(secp256k1_objs INTERFACE) +target_sources(secp256k1_objs INTERFACE $ $) + +add_library(secp256k1_asm INTERFACE) if(SECP256K1_ASM STREQUAL "arm32") - add_library(rustsecp256k1_v0_11_asm_arm OBJECT EXCLUDE_FROM_ALL) - target_sources(rustsecp256k1_v0_11_asm_arm PUBLIC + add_library(secp256k1_asm_arm OBJECT EXCLUDE_FROM_ALL) + target_sources(secp256k1_asm_arm PUBLIC asm/field_10x26_arm.s ) - target_sources(secp256k1 PRIVATE $) - target_link_libraries(rustsecp256k1_v0_11_asm INTERFACE rustsecp256k1_v0_11_asm_arm) + target_sources(secp256k1 PRIVATE $) + target_sources(secp256k1_objs INTERFACE $) + target_link_libraries(secp256k1_asm INTERFACE secp256k1_asm_arm) endif() if(WIN32) @@ -29,12 +83,15 @@ endif() # Object libs don't know if they're being built for a shared or static lib. # Grab the PIC property from secp256k1 which knows. get_target_property(use_pic secp256k1 POSITION_INDEPENDENT_CODE) -set_target_properties(rustsecp256k1_v0_11_precomputed PROPERTIES POSITION_INDEPENDENT_CODE ${use_pic}) +set_target_properties(secp256k1_precomputed PROPERTIES POSITION_INDEPENDENT_CODE ${use_pic}) +# Add the include path for parent projects so that they don't have to manually add it. target_include_directories(secp256k1 INTERFACE - # Add the include path for parent projects so that they don't have to manually add it. $>:${PROJECT_SOURCE_DIR}/include>> - $ +) +set_target_properties(secp256k1_objs PROPERTIES + INTERFACE_COMPILE_DEFINITIONS "$" + INTERFACE_INCLUDE_DIRECTORIES "$" ) # This emulates Libtool to make sure Libtool and CMake agree on the ABI version, @@ -43,25 +100,17 @@ math(EXPR ${PROJECT_NAME}_soversion "${${PROJECT_NAME}_LIB_VERSION_CURRENT} - ${ set_target_properties(secp256k1 PROPERTIES SOVERSION ${${PROJECT_NAME}_soversion} ) -if(CMAKE_SYSTEM_NAME STREQUAL "Linux") +if(CMAKE_SYSTEM_NAME MATCHES "^(Linux|FreeBSD)$") set_target_properties(secp256k1 PROPERTIES VERSION ${${PROJECT_NAME}_soversion}.${${PROJECT_NAME}_LIB_VERSION_AGE}.${${PROJECT_NAME}_LIB_VERSION_REVISION} ) elseif(APPLE) - if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.17) - math(EXPR ${PROJECT_NAME}_compatibility_version "${${PROJECT_NAME}_LIB_VERSION_CURRENT} + 1") - set_target_properties(secp256k1 PROPERTIES - MACHO_COMPATIBILITY_VERSION ${${PROJECT_NAME}_compatibility_version} - MACHO_CURRENT_VERSION ${${PROJECT_NAME}_compatibility_version}.${${PROJECT_NAME}_LIB_VERSION_REVISION} - ) - unset(${PROJECT_NAME}_compatibility_version) - elseif(BUILD_SHARED_LIBS) - message(WARNING - "The 'compatibility version' and 'current version' values of the DYLIB " - "will diverge from the values set by the GNU Libtool. To ensure " - "compatibility, it is recommended to upgrade CMake to at least version 3.17." - ) - endif() + math(EXPR ${PROJECT_NAME}_compatibility_version "${${PROJECT_NAME}_LIB_VERSION_CURRENT} + 1") + set_target_properties(secp256k1 PROPERTIES + MACHO_COMPATIBILITY_VERSION ${${PROJECT_NAME}_compatibility_version} + MACHO_CURRENT_VERSION ${${PROJECT_NAME}_compatibility_version}.${${PROJECT_NAME}_LIB_VERSION_REVISION} + ) + unset(${PROJECT_NAME}_compatibility_version) elseif(CMAKE_SYSTEM_NAME STREQUAL "Windows") set(${PROJECT_NAME}_windows "secp256k1") if(MSVC) @@ -79,29 +128,29 @@ if(SECP256K1_BUILD_BENCHMARK) add_executable(bench bench.c) target_link_libraries(bench secp256k1) add_executable(bench_internal bench_internal.c) - target_link_libraries(bench_internal rustsecp256k1_v0_11_precomputed rustsecp256k1_v0_11_asm) + target_link_libraries(bench_internal secp256k1_precomputed secp256k1_asm) add_executable(bench_ecmult bench_ecmult.c) - target_link_libraries(bench_ecmult rustsecp256k1_v0_11_precomputed rustsecp256k1_v0_11_asm) + target_link_libraries(bench_ecmult secp256k1_precomputed secp256k1_asm) endif() if(SECP256K1_BUILD_TESTS) add_executable(noverify_tests tests.c) - target_link_libraries(noverify_tests rustsecp256k1_v0_11_precomputed rustsecp256k1_v0_11_asm) - add_test(NAME rustsecp256k1_v0_11_noverify_tests COMMAND noverify_tests) + target_link_libraries(noverify_tests secp256k1_precomputed secp256k1_asm) + add_test(NAME secp256k1_noverify_tests COMMAND noverify_tests) if(NOT CMAKE_BUILD_TYPE STREQUAL "Coverage") add_executable(tests tests.c) target_compile_definitions(tests PRIVATE VERIFY) - target_link_libraries(tests rustsecp256k1_v0_11_precomputed rustsecp256k1_v0_11_asm) - add_test(NAME rustsecp256k1_v0_11_tests COMMAND tests) + target_link_libraries(tests secp256k1_precomputed secp256k1_asm) + add_test(NAME secp256k1_tests COMMAND tests) endif() endif() if(SECP256K1_BUILD_EXHAUSTIVE_TESTS) - # Note: do not include rustsecp256k1_v0_11_precomputed in exhaustive_tests (it uses runtime-generated tables). + # Note: do not include secp256k1_precomputed in exhaustive_tests (it uses runtime-generated tables). add_executable(exhaustive_tests tests_exhaustive.c) - target_link_libraries(exhaustive_tests rustsecp256k1_v0_11_asm) + target_link_libraries(exhaustive_tests secp256k1_asm) target_compile_definitions(exhaustive_tests PRIVATE $<$>:VERIFY>) - add_test(NAME rustsecp256k1_v0_11_exhaustive_tests COMMAND exhaustive_tests) + add_test(NAME secp256k1_exhaustive_tests COMMAND exhaustive_tests) endif() if(SECP256K1_BUILD_CTIME_TESTS) @@ -110,36 +159,16 @@ if(SECP256K1_BUILD_CTIME_TESTS) endif() if(SECP256K1_INSTALL) + include(GNUInstallDirs) + target_include_directories(secp256k1 INTERFACE + $ + ) install(TARGETS secp256k1 EXPORT ${PROJECT_NAME}-targets RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} - ) - set(${PROJECT_NAME}_headers - "${PROJECT_SOURCE_DIR}/include/secp256k1.h" - "${PROJECT_SOURCE_DIR}/include/rustsecp256k1_v0_11_preallocated.h" - ) - if(SECP256K1_ENABLE_MODULE_ECDH) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/rustsecp256k1_v0_11_ecdh.h") - endif() - if(SECP256K1_ENABLE_MODULE_RECOVERY) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/rustsecp256k1_v0_11_recovery.h") - endif() - if(SECP256K1_ENABLE_MODULE_EXTRAKEYS) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/rustsecp256k1_v0_11_extrakeys.h") - endif() - if(SECP256K1_ENABLE_MODULE_SCHNORRSIG) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/rustsecp256k1_v0_11_schnorrsig.h") - endif() - if(SECP256K1_ENABLE_MODULE_MUSIG) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/rustsecp256k1_v0_11_musig.h") - endif() - if(SECP256K1_ENABLE_MODULE_ELLSWIFT) - list(APPEND ${PROJECT_NAME}_headers "${PROJECT_SOURCE_DIR}/include/rustsecp256k1_v0_11_ellswift.h") - endif() - install(FILES ${${PROJECT_NAME}_headers} - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} ) install(EXPORT ${PROJECT_NAME}-targets diff --git a/secp256k1-sys/depend/secp256k1/src/asm/field_10x26_arm.s b/secp256k1-sys/depend/secp256k1/src/asm/field_10x26_arm.s index fb79bf90c..664b92140 100644 --- a/secp256k1-sys/depend/secp256k1/src/asm/field_10x26_arm.s +++ b/secp256k1-sys/depend/secp256k1/src/asm/field_10x26_arm.s @@ -27,9 +27,9 @@ Note: .set field_not_M, 0xfc000000 @ ~M = ~0x3ffffff .align 2 - .global rustsecp256k1_v0_11_fe_mul_inner - .type rustsecp256k1_v0_11_fe_mul_inner, %function - .hidden rustsecp256k1_v0_11_fe_mul_inner + .global secp256k1_fe_mul_inner + .type secp256k1_fe_mul_inner, %function + .hidden secp256k1_fe_mul_inner @ Arguments: @ r0 r Restrict: can overlap with a, not with b @ r1 a @@ -37,7 +37,7 @@ Note: @ Stack (total 4+10*4 = 44) @ sp + #0 saved 'r' pointer @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 -rustsecp256k1_v0_11_fe_mul_inner: +secp256k1_fe_mul_inner: stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} sub sp, sp, #48 @ frame=44 + alignment str r0, [sp, #0] @ save result address, we need it only at the end @@ -512,19 +512,19 @@ rustsecp256k1_v0_11_fe_mul_inner: add sp, sp, #48 ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} - .size rustsecp256k1_v0_11_fe_mul_inner, .-rustsecp256k1_v0_11_fe_mul_inner + .size secp256k1_fe_mul_inner, .-secp256k1_fe_mul_inner .align 2 - .global rustsecp256k1_v0_11_fe_sqr_inner - .type rustsecp256k1_v0_11_fe_sqr_inner, %function - .hidden rustsecp256k1_v0_11_fe_sqr_inner + .global secp256k1_fe_sqr_inner + .type secp256k1_fe_sqr_inner, %function + .hidden secp256k1_fe_sqr_inner @ Arguments: @ r0 r Can overlap with a @ r1 a @ Stack (total 4+10*4 = 44) @ sp + #0 saved 'r' pointer @ sp + #4 + 4*X t0,t1,t2,t3,t4,t5,t6,t7,u8,t9 -rustsecp256k1_v0_11_fe_sqr_inner: +secp256k1_fe_sqr_inner: stmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, r14} sub sp, sp, #48 @ frame=44 + alignment str r0, [sp, #0] @ save result address, we need it only at the end @@ -911,6 +911,6 @@ rustsecp256k1_v0_11_fe_sqr_inner: add sp, sp, #48 ldmfd sp!, {r4, r5, r6, r7, r8, r9, r10, r11, pc} - .size rustsecp256k1_v0_11_fe_sqr_inner, .-rustsecp256k1_v0_11_fe_sqr_inner + .size secp256k1_fe_sqr_inner, .-secp256k1_fe_sqr_inner .section .note.GNU-stack,"",%progbits diff --git a/secp256k1-sys/depend/secp256k1/src/assumptions.h b/secp256k1-sys/depend/secp256k1/src/assumptions.h index e29b7d555..796100535 100644 --- a/secp256k1-sys/depend/secp256k1/src/assumptions.h +++ b/secp256k1-sys/depend/secp256k1/src/assumptions.h @@ -24,7 +24,7 @@ __attribute__((__unavailable__("Don't call this function. It only exists because STATIC_ASSERT cannot be used outside a function."))) # endif #endif -static void rustsecp256k1_v0_11_assumption_checker(void) { +static void secp256k1_assumption_checker(void) { /* Bytes are 8 bits. */ STATIC_ASSERT(CHAR_BIT == 8); diff --git a/secp256k1-sys/depend/secp256k1/src/bench.c b/secp256k1-sys/depend/secp256k1/src/bench.c index 0b2c6bb12..8ba7623a0 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench.c +++ b/secp256k1-sys/depend/secp256k1/src/bench.c @@ -5,6 +5,7 @@ ***********************************************************************/ #include +#include #include #include "../include/secp256k1.h" @@ -15,18 +16,22 @@ static void help(int default_iters) { printf("Benchmarks the following algorithms:\n"); printf(" - ECDSA signing/verification\n"); -#ifdef ENABLE_MODULE_ECDH - printf(" - ECDH key exchange (optional module)\n"); -#endif - #ifdef ENABLE_MODULE_RECOVERY printf(" - Public key recovery (optional module)\n"); #endif +#ifdef ENABLE_MODULE_ECDH + printf(" - ECDH key exchange (optional module)\n"); +#endif + #ifdef ENABLE_MODULE_SCHNORRSIG printf(" - Schnorr signatures (optional module)\n"); #endif +#ifdef ENABLE_MODULE_ELLSWIFT + printf(" - ElligatorSwift (optional module)\n"); +#endif + printf("\n"); printf("The default number of iterations for each benchmark is %d. This can be\n", default_iters); printf("customized using the SECP256K1_BENCH_ITERS environment variable.\n"); @@ -67,7 +72,7 @@ static void help(int default_iters) { } typedef struct { - rustsecp256k1_v0_11_context *ctx; + secp256k1_context *ctx; unsigned char msg[32]; unsigned char key[32]; unsigned char sig[72]; @@ -81,14 +86,14 @@ static void bench_verify(void* arg, int iters) { bench_data* data = (bench_data*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_ecdsa_signature sig; + secp256k1_pubkey pubkey; + secp256k1_ecdsa_signature sig; data->sig[data->siglen - 1] ^= (i & 0xFF); data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(data->ctx, &pubkey, data->pubkey, data->pubkeylen) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(data->ctx, &sig, data->sig, data->siglen) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(data->ctx, &sig, data->msg, &pubkey) == (i == 0)); + CHECK(secp256k1_ec_pubkey_parse(data->ctx, &pubkey, data->pubkey, data->pubkeylen) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(data->ctx, &sig, data->sig, data->siglen) == 1); + CHECK(secp256k1_ecdsa_verify(data->ctx, &sig, data->msg, &pubkey) == (i == 0)); data->sig[data->siglen - 1] ^= (i & 0xFF); data->sig[data->siglen - 2] ^= ((i >> 8) & 0xFF); data->sig[data->siglen - 3] ^= ((i >> 16) & 0xFF); @@ -115,9 +120,9 @@ static void bench_sign_run(void* arg, int iters) { for (i = 0; i < iters; i++) { size_t siglen = 74; int j; - rustsecp256k1_v0_11_ecdsa_signature signature; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL)); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature)); + secp256k1_ecdsa_signature signature; + CHECK(secp256k1_ecdsa_sign(data->ctx, &signature, data->msg, data->key, NULL, NULL)); + CHECK(secp256k1_ecdsa_signature_serialize_der(data->ctx, sig, &siglen, &signature)); for (j = 0; j < 32; j++) { data->msg[j] = sig[j]; data->key[j] = sig[j + 32]; @@ -141,9 +146,9 @@ static void bench_keygen_run(void *arg, int iters) { for (i = 0; i < iters; i++) { unsigned char pub33[33]; size_t len = 33; - rustsecp256k1_v0_11_pubkey pubkey; - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(data->ctx, &pubkey, data->key)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(data->ctx, pub33, &len, &pubkey, SECP256K1_EC_COMPRESSED)); + secp256k1_pubkey pubkey; + CHECK(secp256k1_ec_pubkey_create(data->ctx, &pubkey, data->key)); + CHECK(secp256k1_ec_pubkey_serialize(data->ctx, pub33, &len, &pubkey, SECP256K1_EC_COMPRESSED)); memcpy(data->key, pub33 + 1, 32); } } @@ -167,8 +172,8 @@ static void bench_keygen_run(void *arg, int iters) { int main(int argc, char** argv) { int i; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_ecdsa_signature sig; + secp256k1_pubkey pubkey; + secp256k1_ecdsa_signature sig; bench_data data; int d = argc == 1; @@ -188,11 +193,11 @@ int main(int argc, char** argv) { || have_flag(argc, argv, "--help") || have_flag(argc, argv, "help")) { help(default_iters); - return 0; + return EXIT_SUCCESS; } else if (invalid_args) { fprintf(stderr, "./bench: unrecognized argument.\n\n"); help(default_iters); - return 1; + return EXIT_FAILURE; } } @@ -201,7 +206,7 @@ int main(int argc, char** argv) { if (have_flag(argc, argv, "ecdh")) { fprintf(stderr, "./bench: ECDH module not enabled.\n"); fprintf(stderr, "Use ./configure --enable-module-ecdh.\n\n"); - return 1; + return EXIT_FAILURE; } #endif @@ -209,7 +214,7 @@ int main(int argc, char** argv) { if (have_flag(argc, argv, "recover") || have_flag(argc, argv, "ecdsa_recover")) { fprintf(stderr, "./bench: Public key recovery module not enabled.\n"); fprintf(stderr, "Use ./configure --enable-module-recovery.\n\n"); - return 1; + return EXIT_FAILURE; } #endif @@ -217,7 +222,7 @@ int main(int argc, char** argv) { if (have_flag(argc, argv, "schnorrsig") || have_flag(argc, argv, "schnorrsig_sign") || have_flag(argc, argv, "schnorrsig_verify")) { fprintf(stderr, "./bench: Schnorr signatures module not enabled.\n"); fprintf(stderr, "Use ./configure --enable-module-schnorrsig.\n\n"); - return 1; + return EXIT_FAILURE; } #endif @@ -227,12 +232,12 @@ int main(int argc, char** argv) { have_flag(argc, argv, "ellswift_ecdh")) { fprintf(stderr, "./bench: ElligatorSwift module not enabled.\n"); fprintf(stderr, "Use ./configure --enable-module-ellswift.\n\n"); - return 1; + return EXIT_FAILURE; } #endif /* ECDSA benchmark */ - data.ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); for (i = 0; i < 32; i++) { data.msg[i] = 1 + i; @@ -241,11 +246,11 @@ int main(int argc, char** argv) { data.key[i] = 33 + i; } data.siglen = 72; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(data.ctx, &pubkey, data.key)); + CHECK(secp256k1_ecdsa_sign(data.ctx, &sig, data.msg, data.key, NULL, NULL)); + CHECK(secp256k1_ecdsa_signature_serialize_der(data.ctx, data.sig, &data.siglen, &sig)); + CHECK(secp256k1_ec_pubkey_create(data.ctx, &pubkey, data.key)); data.pubkeylen = 33; - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(data.ctx, data.pubkey, &data.pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); print_output_table_header_row(); if (d || have_flag(argc, argv, "ecdsa") || have_flag(argc, argv, "verify") || have_flag(argc, argv, "ecdsa_verify")) run_benchmark("ecdsa_verify", bench_verify, NULL, NULL, &data, 10, iters); @@ -253,7 +258,7 @@ int main(int argc, char** argv) { if (d || have_flag(argc, argv, "ecdsa") || have_flag(argc, argv, "sign") || have_flag(argc, argv, "ecdsa_sign")) run_benchmark("ecdsa_sign", bench_sign_run, bench_sign_setup, NULL, &data, 10, iters); if (d || have_flag(argc, argv, "ec") || have_flag(argc, argv, "keygen") || have_flag(argc, argv, "ec_keygen")) run_benchmark("ec_keygen", bench_keygen_run, bench_keygen_setup, NULL, &data, 10, iters); - rustsecp256k1_v0_11_context_destroy(data.ctx); + secp256k1_context_destroy(data.ctx); #ifdef ENABLE_MODULE_ECDH /* ECDH benchmarks */ @@ -275,5 +280,5 @@ int main(int argc, char** argv) { run_ellswift_bench(iters, argc, argv); #endif - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/src/bench.h b/secp256k1-sys/depend/secp256k1/src/bench.h index 1564b1a17..232fb35fc 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench.h +++ b/secp256k1-sys/depend/secp256k1/src/bench.h @@ -24,7 +24,7 @@ static int64_t gettime_i64(void) { struct timespec tv; if (!timespec_get(&tv, TIME_UTC)) { fputs("timespec_get failed!", stderr); - exit(1); + exit(EXIT_FAILURE); } return (int64_t)tv.tv_nsec / 1000 + (int64_t)tv.tv_sec * 1000000LL; #else diff --git a/secp256k1-sys/depend/secp256k1/src/bench_ecmult.c b/secp256k1-sys/depend/secp256k1/src/bench_ecmult.c index d42dc4166..b2bab65d2 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_ecmult.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_ecmult.c @@ -4,6 +4,7 @@ * file COPYING or https://www.opensource.org/licenses/mit-license.php.* ***********************************************************************/ #include +#include #include "secp256k1.c" #include "../include/secp256k1.h" @@ -35,14 +36,14 @@ static void help(char **argv) { typedef struct { /* Setup once in advance */ - rustsecp256k1_v0_11_context* ctx; - rustsecp256k1_v0_11_scratch_space* scratch; - rustsecp256k1_v0_11_scalar* scalars; - rustsecp256k1_v0_11_ge* pubkeys; - rustsecp256k1_v0_11_gej* pubkeys_gej; - rustsecp256k1_v0_11_scalar* seckeys; - rustsecp256k1_v0_11_gej* expected_output; - rustsecp256k1_v0_11_ecmult_multi_func ecmult_multi; + secp256k1_context* ctx; + secp256k1_scratch_space* scratch; + secp256k1_scalar* scalars; + secp256k1_ge* pubkeys; + secp256k1_gej* pubkeys_gej; + secp256k1_scalar* seckeys; + secp256k1_gej* expected_output; + secp256k1_ecmult_multi_func ecmult_multi; /* Changes per benchmark */ size_t count; @@ -54,7 +55,8 @@ typedef struct { size_t offset2; /* Benchmark output. */ - rustsecp256k1_v0_11_gej* output; + secp256k1_gej* output; + secp256k1_fe* output_xonly; } bench_data; /* Hashes x into [0, POINTS) twice and store the result in offset1 and offset2. */ @@ -67,24 +69,24 @@ static void hash_into_offset(bench_data* data, size_t x) { * sum(outputs) ?= (sum(scalars_gen) + sum(seckeys)*sum(scalars))*G */ static void bench_ecmult_teardown_helper(bench_data* data, size_t* seckey_offset, size_t* scalar_offset, size_t* scalar_gen_offset, int iters) { int i; - rustsecp256k1_v0_11_gej sum_output, tmp; - rustsecp256k1_v0_11_scalar sum_scalars; + secp256k1_gej sum_output, tmp; + secp256k1_scalar sum_scalars; - rustsecp256k1_v0_11_gej_set_infinity(&sum_output); - rustsecp256k1_v0_11_scalar_set_int(&sum_scalars, 0); + secp256k1_gej_set_infinity(&sum_output); + secp256k1_scalar_set_int(&sum_scalars, 0); for (i = 0; i < iters; ++i) { - rustsecp256k1_v0_11_gej_add_var(&sum_output, &sum_output, &data->output[i], NULL); + secp256k1_gej_add_var(&sum_output, &sum_output, &data->output[i], NULL); if (scalar_gen_offset != NULL) { - rustsecp256k1_v0_11_scalar_add(&sum_scalars, &sum_scalars, &data->scalars[(*scalar_gen_offset+i) % POINTS]); + secp256k1_scalar_add(&sum_scalars, &sum_scalars, &data->scalars[(*scalar_gen_offset+i) % POINTS]); } if (seckey_offset != NULL) { - rustsecp256k1_v0_11_scalar s = data->seckeys[(*seckey_offset+i) % POINTS]; - rustsecp256k1_v0_11_scalar_mul(&s, &s, &data->scalars[(*scalar_offset+i) % POINTS]); - rustsecp256k1_v0_11_scalar_add(&sum_scalars, &sum_scalars, &s); + secp256k1_scalar s = data->seckeys[(*seckey_offset+i) % POINTS]; + secp256k1_scalar_mul(&s, &s, &data->scalars[(*scalar_offset+i) % POINTS]); + secp256k1_scalar_add(&sum_scalars, &sum_scalars, &s); } } - rustsecp256k1_v0_11_ecmult_gen(&data->ctx->ecmult_gen_ctx, &tmp, &sum_scalars); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&tmp, &sum_output)); + secp256k1_ecmult_gen(&data->ctx->ecmult_gen_ctx, &tmp, &sum_scalars); + CHECK(secp256k1_gej_eq_var(&tmp, &sum_output)); } static void bench_ecmult_setup(void* arg) { @@ -99,7 +101,7 @@ static void bench_ecmult_gen(void* arg, int iters) { int i; for (i = 0; i < iters; ++i) { - rustsecp256k1_v0_11_ecmult_gen(&data->ctx->ecmult_gen_ctx, &data->output[i], &data->scalars[(data->offset1+i) % POINTS]); + secp256k1_ecmult_gen(&data->ctx->ecmult_gen_ctx, &data->output[i], &data->scalars[(data->offset1+i) % POINTS]); } } @@ -113,7 +115,7 @@ static void bench_ecmult_const(void* arg, int iters) { int i; for (i = 0; i < iters; ++i) { - rustsecp256k1_v0_11_ecmult_const(&data->output[i], &data->pubkeys[(data->offset1+i) % POINTS], &data->scalars[(data->offset2+i) % POINTS]); + secp256k1_ecmult_const(&data->output[i], &data->pubkeys[(data->offset1+i) % POINTS], &data->scalars[(data->offset2+i) % POINTS]); } } @@ -122,12 +124,38 @@ static void bench_ecmult_const_teardown(void* arg, int iters) { bench_ecmult_teardown_helper(data, &data->offset1, &data->offset2, NULL, iters); } +static void bench_ecmult_const_xonly(void* arg, int iters) { + bench_data* data = (bench_data*)arg; + int i; + + for (i = 0; i < iters; ++i) { + const secp256k1_ge* pubkey = &data->pubkeys[(data->offset1+i) % POINTS]; + const secp256k1_scalar* scalar = &data->scalars[(data->offset2+i) % POINTS]; + int known_on_curve = 1; + secp256k1_ecmult_const_xonly(&data->output_xonly[i], &pubkey->x, NULL, scalar, known_on_curve); + } +} + +static void bench_ecmult_const_xonly_teardown(void* arg, int iters) { + bench_data* data = (bench_data*)arg; + int i; + + /* verify by comparing with x coordinate of regular ecmult result */ + for (i = 0; i < iters; ++i) { + const secp256k1_gej* pubkey_gej = &data->pubkeys_gej[(data->offset1+i) % POINTS]; + const secp256k1_scalar* scalar = &data->scalars[(data->offset2+i) % POINTS]; + secp256k1_gej expected_gej; + secp256k1_ecmult(&expected_gej, pubkey_gej, scalar, NULL); + CHECK(secp256k1_gej_eq_x_var(&data->output_xonly[i], &expected_gej)); + } +} + static void bench_ecmult_1p(void* arg, int iters) { bench_data* data = (bench_data*)arg; int i; for (i = 0; i < iters; ++i) { - rustsecp256k1_v0_11_ecmult(&data->output[i], &data->pubkeys_gej[(data->offset1+i) % POINTS], &data->scalars[(data->offset2+i) % POINTS], NULL); + secp256k1_ecmult(&data->output[i], &data->pubkeys_gej[(data->offset1+i) % POINTS], &data->scalars[(data->offset2+i) % POINTS], NULL); } } @@ -141,7 +169,7 @@ static void bench_ecmult_0p_g(void* arg, int iters) { int i; for (i = 0; i < iters; ++i) { - rustsecp256k1_v0_11_ecmult(&data->output[i], NULL, &rustsecp256k1_v0_11_scalar_zero, &data->scalars[(data->offset1+i) % POINTS]); + secp256k1_ecmult(&data->output[i], NULL, &secp256k1_scalar_zero, &data->scalars[(data->offset1+i) % POINTS]); } } @@ -155,7 +183,7 @@ static void bench_ecmult_1p_g(void* arg, int iters) { int i; for (i = 0; i < iters/2; ++i) { - rustsecp256k1_v0_11_ecmult(&data->output[i], &data->pubkeys_gej[(data->offset1+i) % POINTS], &data->scalars[(data->offset2+i) % POINTS], &data->scalars[(data->offset1+i) % POINTS]); + secp256k1_ecmult(&data->output[i], &data->pubkeys_gej[(data->offset1+i) % POINTS], &data->scalars[(data->offset2+i) % POINTS], &data->scalars[(data->offset1+i) % POINTS]); } } @@ -170,6 +198,8 @@ static void run_ecmult_bench(bench_data* data, int iters) { run_benchmark(str, bench_ecmult_gen, bench_ecmult_setup, bench_ecmult_gen_teardown, data, 10, iters); sprintf(str, "ecmult_const"); run_benchmark(str, bench_ecmult_const, bench_ecmult_setup, bench_ecmult_const_teardown, data, 10, iters); + sprintf(str, "ecmult_const_xonly"); + run_benchmark(str, bench_ecmult_const_xonly, bench_ecmult_setup, bench_ecmult_const_xonly_teardown, data, 10, iters); /* ecmult with non generator point */ sprintf(str, "ecmult_1p"); run_benchmark(str, bench_ecmult_1p, bench_ecmult_setup, bench_ecmult_1p_teardown, data, 10, iters); @@ -181,12 +211,12 @@ static void run_ecmult_bench(bench_data* data, int iters) { run_benchmark(str, bench_ecmult_1p_g, bench_ecmult_setup, bench_ecmult_1p_g_teardown, data, 10, 2*iters); } -static int bench_ecmult_multi_callback(rustsecp256k1_v0_11_scalar* sc, rustsecp256k1_v0_11_ge* ge, size_t idx, void* arg) { +static int bench_ecmult_multi_callback(secp256k1_scalar* sc, secp256k1_ge* ge, size_t idx, void* arg) { bench_data* data = (bench_data*)arg; if (data->includes_g) ++idx; if (idx == 0) { *sc = data->scalars[data->offset1]; - *ge = rustsecp256k1_v0_11_ge_const_g; + *ge = secp256k1_ge_const_g; } else { *sc = data->scalars[(data->offset1 + idx) % POINTS]; *ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS]; @@ -220,14 +250,14 @@ static void bench_ecmult_multi_teardown(void* arg, int iters) { iters = iters / data->count; /* Verify the results in teardown, to avoid doing comparisons while benchmarking. */ for (iter = 0; iter < iters; ++iter) { - rustsecp256k1_v0_11_gej tmp; - rustsecp256k1_v0_11_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&tmp)); + secp256k1_gej tmp; + secp256k1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL); + CHECK(secp256k1_gej_is_infinity(&tmp)); } } -static void generate_scalar(uint32_t num, rustsecp256k1_v0_11_scalar* scalar) { - rustsecp256k1_v0_11_sha256 sha256; +static void generate_scalar(uint32_t num, secp256k1_scalar* scalar) { + secp256k1_sha256 sha256; unsigned char c[10] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0}; unsigned char buf[32]; int overflow = 0; @@ -235,10 +265,10 @@ static void generate_scalar(uint32_t num, rustsecp256k1_v0_11_scalar* scalar) { c[7] = num >> 8; c[8] = num >> 16; c[9] = num >> 24; - rustsecp256k1_v0_11_sha256_initialize(&sha256); - rustsecp256k1_v0_11_sha256_write(&sha256, c, sizeof(c)); - rustsecp256k1_v0_11_sha256_finalize(&sha256, buf); - rustsecp256k1_v0_11_scalar_set_b32(scalar, buf, &overflow); + secp256k1_sha256_initialize(&sha256); + secp256k1_sha256_write(&sha256, c, sizeof(c)); + secp256k1_sha256_finalize(&sha256, buf); + secp256k1_scalar_set_b32(scalar, buf, &overflow); CHECK(!overflow); } @@ -253,15 +283,15 @@ static void run_ecmult_multi_bench(bench_data* data, size_t count, int includes_ /* Compute (the negation of) the expected results directly. */ hash_into_offset(data, data->count); for (iter = 0; iter < iters; ++iter) { - rustsecp256k1_v0_11_scalar tmp; - rustsecp256k1_v0_11_scalar total = data->scalars[(data->offset1++) % POINTS]; + secp256k1_scalar tmp; + secp256k1_scalar total = data->scalars[(data->offset1++) % POINTS]; size_t i = 0; for (i = 0; i + 1 < count; ++i) { - rustsecp256k1_v0_11_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]); - rustsecp256k1_v0_11_scalar_add(&total, &total, &tmp); + secp256k1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]); + secp256k1_scalar_add(&total, &total, &tmp); } - rustsecp256k1_v0_11_scalar_negate(&total, &total); - rustsecp256k1_v0_11_ecmult(&data->expected_output[iter], NULL, &rustsecp256k1_v0_11_scalar_zero, &total); + secp256k1_scalar_negate(&total, &total); + secp256k1_ecmult(&data->expected_output[iter], NULL, &secp256k1_scalar_zero, &total); } /* Run the benchmark. */ @@ -280,56 +310,57 @@ int main(int argc, char **argv) { int iters = get_iters(10000); - data.ecmult_multi = rustsecp256k1_v0_11_ecmult_multi_var; + data.ecmult_multi = secp256k1_ecmult_multi_var; if (argc > 1) { if(have_flag(argc, argv, "-h") || have_flag(argc, argv, "--help") || have_flag(argc, argv, "help")) { help(argv); - return 0; + return EXIT_SUCCESS; } else if(have_flag(argc, argv, "pippenger_wnaf")) { printf("Using pippenger_wnaf:\n"); - data.ecmult_multi = rustsecp256k1_v0_11_ecmult_pippenger_batch_single; + data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single; } else if(have_flag(argc, argv, "strauss_wnaf")) { printf("Using strauss_wnaf:\n"); - data.ecmult_multi = rustsecp256k1_v0_11_ecmult_strauss_batch_single; + data.ecmult_multi = secp256k1_ecmult_strauss_batch_single; } else if(have_flag(argc, argv, "simple")) { printf("Using simple algorithm:\n"); } else { fprintf(stderr, "%s: unrecognized argument '%s'.\n\n", argv[0], argv[1]); help(argv); - return 1; + return EXIT_FAILURE; } } - data.ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); - scratch_size = rustsecp256k1_v0_11_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16; + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16; if (!have_flag(argc, argv, "simple")) { - data.scratch = rustsecp256k1_v0_11_scratch_space_create(data.ctx, scratch_size); + data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size); } else { data.scratch = NULL; } /* Allocate stuff */ - data.scalars = malloc(sizeof(rustsecp256k1_v0_11_scalar) * POINTS); - data.seckeys = malloc(sizeof(rustsecp256k1_v0_11_scalar) * POINTS); - data.pubkeys = malloc(sizeof(rustsecp256k1_v0_11_ge) * POINTS); - data.pubkeys_gej = malloc(sizeof(rustsecp256k1_v0_11_gej) * POINTS); - data.expected_output = malloc(sizeof(rustsecp256k1_v0_11_gej) * (iters + 1)); - data.output = malloc(sizeof(rustsecp256k1_v0_11_gej) * (iters + 1)); + data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS); + data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS); + data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS); + data.pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS); + data.expected_output = malloc(sizeof(secp256k1_gej) * (iters + 1)); + data.output = malloc(sizeof(secp256k1_gej) * (iters + 1)); + data.output_xonly = malloc(sizeof(secp256k1_fe) * (iters + 1)); /* Generate a set of scalars, and private/public keypairs. */ - rustsecp256k1_v0_11_gej_set_ge(&data.pubkeys_gej[0], &rustsecp256k1_v0_11_ge_const_g); - rustsecp256k1_v0_11_scalar_set_int(&data.seckeys[0], 1); + secp256k1_gej_set_ge(&data.pubkeys_gej[0], &secp256k1_ge_const_g); + secp256k1_scalar_set_int(&data.seckeys[0], 1); for (i = 0; i < POINTS; ++i) { generate_scalar(i, &data.scalars[i]); if (i) { - rustsecp256k1_v0_11_gej_double_var(&data.pubkeys_gej[i], &data.pubkeys_gej[i - 1], NULL); - rustsecp256k1_v0_11_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]); + secp256k1_gej_double_var(&data.pubkeys_gej[i], &data.pubkeys_gej[i - 1], NULL); + secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]); } } - rustsecp256k1_v0_11_ge_set_all_gej_var(data.pubkeys, data.pubkeys_gej, POINTS); + secp256k1_ge_set_all_gej_var(data.pubkeys, data.pubkeys_gej, POINTS); print_output_table_header_row(); @@ -353,15 +384,16 @@ int main(int argc, char **argv) { } if (data.scratch != NULL) { - rustsecp256k1_v0_11_scratch_space_destroy(data.ctx, data.scratch); + secp256k1_scratch_space_destroy(data.ctx, data.scratch); } - rustsecp256k1_v0_11_context_destroy(data.ctx); + secp256k1_context_destroy(data.ctx); free(data.scalars); free(data.pubkeys); free(data.pubkeys_gej); free(data.seckeys); + free(data.output_xonly); free(data.output); free(data.expected_output); - return(0); + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/src/bench_internal.c b/secp256k1-sys/depend/secp256k1/src/bench_internal.c index e9a301b83..8688a4dc7 100644 --- a/secp256k1-sys/depend/secp256k1/src/bench_internal.c +++ b/secp256k1-sys/depend/secp256k1/src/bench_internal.c @@ -4,6 +4,7 @@ * file COPYING or https://www.opensource.org/licenses/mit-license.php.* ***********************************************************************/ #include +#include #include "secp256k1.c" #include "../include/secp256k1.h" @@ -37,10 +38,10 @@ static void help(int default_iters) { } typedef struct { - rustsecp256k1_v0_11_scalar scalar[2]; - rustsecp256k1_v0_11_fe fe[4]; - rustsecp256k1_v0_11_ge ge[2]; - rustsecp256k1_v0_11_gej gej[2]; + secp256k1_scalar scalar[2]; + secp256k1_fe fe[4]; + secp256k1_ge ge[2]; + secp256k1_gej gej[2]; unsigned char data[64]; int wnaf[256]; } bench_inv; @@ -81,18 +82,18 @@ static void bench_setup(void* arg) { } }; - rustsecp256k1_v0_11_scalar_set_b32(&data->scalar[0], init[0], NULL); - rustsecp256k1_v0_11_scalar_set_b32(&data->scalar[1], init[1], NULL); - rustsecp256k1_v0_11_fe_set_b32_limit(&data->fe[0], init[0]); - rustsecp256k1_v0_11_fe_set_b32_limit(&data->fe[1], init[1]); - rustsecp256k1_v0_11_fe_set_b32_limit(&data->fe[2], init[2]); - rustsecp256k1_v0_11_fe_set_b32_limit(&data->fe[3], init[3]); - CHECK(rustsecp256k1_v0_11_ge_set_xo_var(&data->ge[0], &data->fe[0], 0)); - CHECK(rustsecp256k1_v0_11_ge_set_xo_var(&data->ge[1], &data->fe[1], 1)); - rustsecp256k1_v0_11_gej_set_ge(&data->gej[0], &data->ge[0]); - rustsecp256k1_v0_11_gej_rescale(&data->gej[0], &data->fe[2]); - rustsecp256k1_v0_11_gej_set_ge(&data->gej[1], &data->ge[1]); - rustsecp256k1_v0_11_gej_rescale(&data->gej[1], &data->fe[3]); + secp256k1_scalar_set_b32(&data->scalar[0], init[0], NULL); + secp256k1_scalar_set_b32(&data->scalar[1], init[1], NULL); + secp256k1_fe_set_b32_limit(&data->fe[0], init[0]); + secp256k1_fe_set_b32_limit(&data->fe[1], init[1]); + secp256k1_fe_set_b32_limit(&data->fe[2], init[2]); + secp256k1_fe_set_b32_limit(&data->fe[3], init[3]); + CHECK(secp256k1_ge_set_xo_var(&data->ge[0], &data->fe[0], 0)); + CHECK(secp256k1_ge_set_xo_var(&data->ge[1], &data->fe[1], 1)); + secp256k1_gej_set_ge(&data->gej[0], &data->ge[0]); + secp256k1_gej_rescale(&data->gej[0], &data->fe[2]); + secp256k1_gej_set_ge(&data->gej[1], &data->ge[1]); + secp256k1_gej_rescale(&data->gej[1], &data->fe[3]); memcpy(data->data, init[0], 32); memcpy(data->data + 32, init[1], 32); } @@ -102,7 +103,7 @@ static void bench_scalar_add(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - j += rustsecp256k1_v0_11_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + j += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(j <= iters); } @@ -112,17 +113,17 @@ static void bench_scalar_negate(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_scalar_negate(&data->scalar[0], &data->scalar[0]); + secp256k1_scalar_negate(&data->scalar[0], &data->scalar[0]); } } static void bench_scalar_half(void* arg, int iters) { int i; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_11_scalar s = data->scalar[0]; + secp256k1_scalar s = data->scalar[0]; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_scalar_half(&s, &s); + secp256k1_scalar_half(&s, &s); } data->scalar[0] = s; @@ -133,18 +134,18 @@ static void bench_scalar_mul(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_scalar_mul(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + secp256k1_scalar_mul(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } } static void bench_scalar_split(void* arg, int iters) { int i, j = 0; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_11_scalar tmp; + secp256k1_scalar tmp; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_scalar_split_lambda(&tmp, &data->scalar[1], &data->scalar[0]); - j += rustsecp256k1_v0_11_scalar_add(&data->scalar[0], &tmp, &data->scalar[1]); + secp256k1_scalar_split_lambda(&tmp, &data->scalar[1], &data->scalar[0]); + j += secp256k1_scalar_add(&data->scalar[0], &tmp, &data->scalar[1]); } CHECK(j <= iters); } @@ -154,8 +155,8 @@ static void bench_scalar_inverse(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_scalar_inverse(&data->scalar[0], &data->scalar[0]); - j += rustsecp256k1_v0_11_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + secp256k1_scalar_inverse(&data->scalar[0], &data->scalar[0]); + j += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(j <= iters); } @@ -165,8 +166,8 @@ static void bench_scalar_inverse_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_scalar_inverse_var(&data->scalar[0], &data->scalar[0]); - j += rustsecp256k1_v0_11_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + secp256k1_scalar_inverse_var(&data->scalar[0], &data->scalar[0]); + j += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(j <= iters); } @@ -176,7 +177,7 @@ static void bench_field_half(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_fe_half(&data->fe[0]); + secp256k1_fe_half(&data->fe[0]); } } @@ -185,7 +186,7 @@ static void bench_field_normalize(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_fe_normalize(&data->fe[0]); + secp256k1_fe_normalize(&data->fe[0]); } } @@ -194,7 +195,7 @@ static void bench_field_normalize_weak(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_fe_normalize_weak(&data->fe[0]); + secp256k1_fe_normalize_weak(&data->fe[0]); } } @@ -203,7 +204,7 @@ static void bench_field_mul(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_fe_mul(&data->fe[0], &data->fe[0], &data->fe[1]); + secp256k1_fe_mul(&data->fe[0], &data->fe[0], &data->fe[1]); } } @@ -212,7 +213,7 @@ static void bench_field_sqr(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_fe_sqr(&data->fe[0], &data->fe[0]); + secp256k1_fe_sqr(&data->fe[0], &data->fe[0]); } } @@ -221,8 +222,8 @@ static void bench_field_inverse(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_fe_inv(&data->fe[0], &data->fe[0]); - rustsecp256k1_v0_11_fe_add(&data->fe[0], &data->fe[1]); + secp256k1_fe_inv(&data->fe[0], &data->fe[0]); + secp256k1_fe_add(&data->fe[0], &data->fe[1]); } } @@ -231,20 +232,20 @@ static void bench_field_inverse_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_fe_inv_var(&data->fe[0], &data->fe[0]); - rustsecp256k1_v0_11_fe_add(&data->fe[0], &data->fe[1]); + secp256k1_fe_inv_var(&data->fe[0], &data->fe[0]); + secp256k1_fe_add(&data->fe[0], &data->fe[1]); } } static void bench_field_sqrt(void* arg, int iters) { int i, j = 0; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_11_fe t; + secp256k1_fe t; for (i = 0; i < iters; i++) { t = data->fe[0]; - j += rustsecp256k1_v0_11_fe_sqrt(&data->fe[0], &t); - rustsecp256k1_v0_11_fe_add(&data->fe[0], &data->fe[1]); + j += secp256k1_fe_sqrt(&data->fe[0], &t); + secp256k1_fe_add(&data->fe[0], &data->fe[1]); } CHECK(j <= iters); } @@ -252,12 +253,12 @@ static void bench_field_sqrt(void* arg, int iters) { static void bench_field_is_square_var(void* arg, int iters) { int i, j = 0; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_11_fe t = data->fe[0]; + secp256k1_fe t = data->fe[0]; for (i = 0; i < iters; i++) { - j += rustsecp256k1_v0_11_fe_is_square_var(&t); - rustsecp256k1_v0_11_fe_add(&t, &data->fe[1]); - rustsecp256k1_v0_11_fe_normalize_var(&t); + j += secp256k1_fe_is_square_var(&t); + secp256k1_fe_add(&t, &data->fe[1]); + secp256k1_fe_normalize_var(&t); } CHECK(j <= iters); } @@ -267,7 +268,7 @@ static void bench_group_double_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_gej_double_var(&data->gej[0], &data->gej[0], NULL); + secp256k1_gej_double_var(&data->gej[0], &data->gej[0], NULL); } } @@ -276,7 +277,7 @@ static void bench_group_add_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_gej_add_var(&data->gej[0], &data->gej[0], &data->gej[1], NULL); + secp256k1_gej_add_var(&data->gej[0], &data->gej[0], &data->gej[1], NULL); } } @@ -285,7 +286,7 @@ static void bench_group_add_affine(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_gej_add_ge(&data->gej[0], &data->gej[0], &data->ge[1]); + secp256k1_gej_add_ge(&data->gej[0], &data->gej[0], &data->ge[1]); } } @@ -294,7 +295,7 @@ static void bench_group_add_affine_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_gej_add_ge_var(&data->gej[0], &data->gej[0], &data->ge[1], NULL); + secp256k1_gej_add_ge_var(&data->gej[0], &data->gej[0], &data->ge[1], NULL); } } @@ -303,7 +304,7 @@ static void bench_group_add_zinv_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_gej_add_zinv_var(&data->gej[0], &data->gej[0], &data->ge[1], &data->gej[0].y); + secp256k1_gej_add_zinv_var(&data->gej[0], &data->gej[0], &data->ge[1], &data->gej[0].y); } } @@ -312,18 +313,18 @@ static void bench_group_to_affine_var(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; ++i) { - rustsecp256k1_v0_11_ge_set_gej_var(&data->ge[1], &data->gej[0]); + secp256k1_ge_set_gej_var(&data->ge[1], &data->gej[0]); /* Use the output affine X/Y coordinates to vary the input X/Y/Z coordinates. Note that the resulting coordinates will generally not correspond to a point on the curve, but this is not a problem for the code being benchmarked here. Adding and normalizing have less overhead than EC operations (which could guarantee the point remains on the curve). */ - rustsecp256k1_v0_11_fe_add(&data->gej[0].x, &data->ge[1].y); - rustsecp256k1_v0_11_fe_add(&data->gej[0].y, &data->fe[2]); - rustsecp256k1_v0_11_fe_add(&data->gej[0].z, &data->ge[1].x); - rustsecp256k1_v0_11_fe_normalize_var(&data->gej[0].x); - rustsecp256k1_v0_11_fe_normalize_var(&data->gej[0].y); - rustsecp256k1_v0_11_fe_normalize_var(&data->gej[0].z); + secp256k1_fe_add(&data->gej[0].x, &data->ge[1].y); + secp256k1_fe_add(&data->gej[0].y, &data->fe[2]); + secp256k1_fe_add(&data->gej[0].z, &data->ge[1].x); + secp256k1_fe_normalize_var(&data->gej[0].x); + secp256k1_fe_normalize_var(&data->gej[0].y); + secp256k1_fe_normalize_var(&data->gej[0].z); } } @@ -332,8 +333,8 @@ static void bench_ecmult_wnaf(void* arg, int iters) { bench_inv *data = (bench_inv*)arg; for (i = 0; i < iters; i++) { - bits += rustsecp256k1_v0_11_ecmult_wnaf(data->wnaf, 256, &data->scalar[0], WINDOW_A); - overflow += rustsecp256k1_v0_11_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); + bits += secp256k1_ecmult_wnaf(data->wnaf, 256, &data->scalar[0], WINDOW_A); + overflow += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]); } CHECK(overflow >= 0); CHECK(bits <= 256*iters); @@ -342,35 +343,35 @@ static void bench_ecmult_wnaf(void* arg, int iters) { static void bench_sha256(void* arg, int iters) { int i; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_sha256_initialize(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, data->data, 32); - rustsecp256k1_v0_11_sha256_finalize(&sha, data->data); + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, data->data, 32); + secp256k1_sha256_finalize(&sha, data->data); } } static void bench_hmac_sha256(void* arg, int iters) { int i; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_11_hmac_sha256 hmac; + secp256k1_hmac_sha256 hmac; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_hmac_sha256_initialize(&hmac, data->data, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, data->data, 32); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hmac, data->data); + secp256k1_hmac_sha256_initialize(&hmac, data->data, 32); + secp256k1_hmac_sha256_write(&hmac, data->data, 32); + secp256k1_hmac_sha256_finalize(&hmac, data->data); } } static void bench_rfc6979_hmac_sha256(void* arg, int iters) { int i; bench_inv *data = (bench_inv*)arg; - rustsecp256k1_v0_11_rfc6979_hmac_sha256 rng; + secp256k1_rfc6979_hmac_sha256 rng; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(&rng, data->data, 64); - rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(&rng, data->data, 32); + secp256k1_rfc6979_hmac_sha256_initialize(&rng, data->data, 64); + secp256k1_rfc6979_hmac_sha256_generate(&rng, data->data, 32); } } @@ -378,7 +379,7 @@ static void bench_context(void* arg, int iters) { int i; (void)arg; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_context_destroy(rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE)); + secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_NONE)); } } @@ -393,7 +394,7 @@ int main(int argc, char **argv) { || have_flag(argc, argv, "--help") || have_flag(argc, argv, "help")) { help(default_iters); - return 0; + return EXIT_SUCCESS; } } @@ -432,5 +433,5 @@ int main(int argc, char **argv) { if (d || have_flag(argc, argv, "context")) run_benchmark("context_create", bench_context, bench_setup, NULL, &data, 10, iters); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/src/ctime_tests.c b/secp256k1-sys/depend/secp256k1/src/ctime_tests.c index 19c0abe3e..f81bdb922 100644 --- a/secp256k1-sys/depend/secp256k1/src/ctime_tests.c +++ b/secp256k1-sys/depend/secp256k1/src/ctime_tests.c @@ -5,6 +5,7 @@ ***********************************************************************/ #include +#include #include #include "../include/secp256k1.h" @@ -16,15 +17,15 @@ #endif #ifdef ENABLE_MODULE_ECDH -# include "../include/rustsecp256k1_v0_11_ecdh.h" +# include "../include/secp256k1_ecdh.h" #endif #ifdef ENABLE_MODULE_RECOVERY -# include "../include/rustsecp256k1_v0_11_recovery.h" +# include "../include/secp256k1_recovery.h" #endif #ifdef ENABLE_MODULE_EXTRAKEYS -# include "../include/rustsecp256k1_v0_11_extrakeys.h" +# include "../include/secp256k1_extrakeys.h" #endif #ifdef ENABLE_MODULE_SCHNORRSIG @@ -39,19 +40,19 @@ #include "../include/secp256k1_ellswift.h" #endif -static void run_tests(rustsecp256k1_v0_11_context *ctx, unsigned char *key); +static void run_tests(secp256k1_context *ctx, unsigned char *key); int main(void) { - rustsecp256k1_v0_11_context* ctx; + secp256k1_context* ctx; unsigned char key[32]; int ret, i; if (!SECP256K1_CHECKMEM_RUNNING()) { fprintf(stderr, "This test can only usefully be run inside valgrind because it was not compiled under msan.\n"); fprintf(stderr, "Usage: libtool --mode=execute valgrind ./ctime_tests\n"); - return 1; + return EXIT_FAILURE; } - ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_DECLASSIFY); + ctx = secp256k1_context_create(SECP256K1_CONTEXT_DECLASSIFY); /** In theory, testing with a single secret input should be sufficient: * If control flow depended on secrets the tool would generate an error. */ @@ -64,17 +65,17 @@ int main(void) { /* Test context randomisation. Do this last because it leaves the context * tainted. */ SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_context_randomize(ctx, key); + ret = secp256k1_context_randomize(ctx, key); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret); - rustsecp256k1_v0_11_context_destroy(ctx); - return 0; + secp256k1_context_destroy(ctx); + return EXIT_SUCCESS; } -static void run_tests(rustsecp256k1_v0_11_context *ctx, unsigned char *key) { - rustsecp256k1_v0_11_ecdsa_signature signature; - rustsecp256k1_v0_11_pubkey pubkey; +static void run_tests(secp256k1_context *ctx, unsigned char *key) { + secp256k1_ecdsa_signature signature; + secp256k1_pubkey pubkey; size_t siglen = 74; size_t outputlen = 33; int i; @@ -83,11 +84,11 @@ static void run_tests(rustsecp256k1_v0_11_context *ctx, unsigned char *key) { unsigned char sig[74]; unsigned char spubkey[33]; #ifdef ENABLE_MODULE_RECOVERY - rustsecp256k1_v0_11_ecdsa_recoverable_signature recoverable_signature; + secp256k1_ecdsa_recoverable_signature recoverable_signature; int recid; #endif #ifdef ENABLE_MODULE_EXTRAKEYS - rustsecp256k1_v0_11_keypair keypair; + secp256k1_keypair keypair; #endif #ifdef ENABLE_MODULE_ELLSWIFT unsigned char ellswift[64]; @@ -100,24 +101,24 @@ static void run_tests(rustsecp256k1_v0_11_context *ctx, unsigned char *key) { /* Test keygen. */ SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_ec_pubkey_create(ctx, &pubkey, key); - SECP256K1_CHECKMEM_DEFINE(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); + ret = secp256k1_ec_pubkey_create(ctx, &pubkey, key); + SECP256K1_CHECKMEM_DEFINE(&pubkey, sizeof(secp256k1_pubkey)); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret); - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(ctx, spubkey, &outputlen, &pubkey, SECP256K1_EC_COMPRESSED) == 1); /* Test signing. */ SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL); - SECP256K1_CHECKMEM_DEFINE(&signature, sizeof(rustsecp256k1_v0_11_ecdsa_signature)); + ret = secp256k1_ecdsa_sign(ctx, &signature, msg, key, NULL, NULL); + SECP256K1_CHECKMEM_DEFINE(&signature, sizeof(secp256k1_ecdsa_signature)); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature)); + CHECK(secp256k1_ecdsa_signature_serialize_der(ctx, sig, &siglen, &signature)); #ifdef ENABLE_MODULE_ECDH /* Test ECDH. */ SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_ecdh(ctx, msg, &pubkey, key, NULL, NULL); + ret = secp256k1_ecdh(ctx, msg, &pubkey, key, NULL, NULL); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); #endif @@ -125,80 +126,80 @@ static void run_tests(rustsecp256k1_v0_11_context *ctx, unsigned char *key) { #ifdef ENABLE_MODULE_RECOVERY /* Test signing a recoverable signature. */ SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL); + ret = secp256k1_ecdsa_sign_recoverable(ctx, &recoverable_signature, msg, key, NULL, NULL); SECP256K1_CHECKMEM_DEFINE(&recoverable_signature, sizeof(recoverable_signature)); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature)); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, sig, &recid, &recoverable_signature)); CHECK(recid >= 0 && recid <= 3); #endif SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_ec_seckey_verify(ctx, key); + ret = secp256k1_ec_seckey_verify(ctx, key); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_ec_seckey_negate(ctx, key); + ret = secp256k1_ec_seckey_negate(ctx, key); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); SECP256K1_CHECKMEM_UNDEFINE(key, 32); SECP256K1_CHECKMEM_UNDEFINE(msg, 32); - ret = rustsecp256k1_v0_11_ec_seckey_tweak_add(ctx, key, msg); + ret = secp256k1_ec_seckey_tweak_add(ctx, key, msg); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); SECP256K1_CHECKMEM_UNDEFINE(key, 32); SECP256K1_CHECKMEM_UNDEFINE(msg, 32); - ret = rustsecp256k1_v0_11_ec_seckey_tweak_mul(ctx, key, msg); + ret = secp256k1_ec_seckey_tweak_mul(ctx, key, msg); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); /* Test keypair_create and keypair_xonly_tweak_add. */ #ifdef ENABLE_MODULE_EXTRAKEYS SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_keypair_create(ctx, &keypair, key); + ret = secp256k1_keypair_create(ctx, &keypair, key); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); /* The tweak is not treated as a secret in keypair_tweak_add */ SECP256K1_CHECKMEM_DEFINE(msg, 32); - ret = rustsecp256k1_v0_11_keypair_xonly_tweak_add(ctx, &keypair, msg); + ret = secp256k1_keypair_xonly_tweak_add(ctx, &keypair, msg); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); SECP256K1_CHECKMEM_UNDEFINE(key, 32); SECP256K1_CHECKMEM_UNDEFINE(&keypair, sizeof(keypair)); - ret = rustsecp256k1_v0_11_keypair_sec(ctx, key, &keypair); + ret = secp256k1_keypair_sec(ctx, key, &keypair); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); #endif #ifdef ENABLE_MODULE_SCHNORRSIG SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_keypair_create(ctx, &keypair, key); + ret = secp256k1_keypair_create(ctx, &keypair, key); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); - ret = rustsecp256k1_v0_11_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL); + ret = secp256k1_schnorrsig_sign32(ctx, sig, msg, &keypair, NULL); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); #endif #ifdef ENABLE_MODULE_MUSIG { - rustsecp256k1_v0_11_pubkey pk; - const rustsecp256k1_v0_11_pubkey *pk_ptr[1]; - rustsecp256k1_v0_11_xonly_pubkey agg_pk; + secp256k1_pubkey pk; + const secp256k1_pubkey *pk_ptr[1]; + secp256k1_xonly_pubkey agg_pk; unsigned char session_secrand[32]; uint64_t nonrepeating_cnt = 0; - rustsecp256k1_v0_11_musig_secnonce secnonce; - rustsecp256k1_v0_11_musig_pubnonce pubnonce; - const rustsecp256k1_v0_11_musig_pubnonce *pubnonce_ptr[1]; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; - rustsecp256k1_v0_11_musig_keyagg_cache cache; - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_partial_sig partial_sig; + secp256k1_musig_secnonce secnonce; + secp256k1_musig_pubnonce pubnonce; + const secp256k1_musig_pubnonce *pubnonce_ptr[1]; + secp256k1_musig_aggnonce aggnonce; + secp256k1_musig_keyagg_cache cache; + secp256k1_musig_session session; + secp256k1_musig_partial_sig partial_sig; unsigned char extra_input[32]; pk_ptr[0] = &pk; @@ -209,29 +210,29 @@ static void run_tests(rustsecp256k1_v0_11_context *ctx, unsigned char *key) { memcpy(extra_input, key, sizeof(extra_input)); extra_input[0] = extra_input[0] + 2; - CHECK(rustsecp256k1_v0_11_keypair_create(ctx, &keypair, key)); - CHECK(rustsecp256k1_v0_11_keypair_pub(ctx, &pk, &keypair)); - CHECK(rustsecp256k1_v0_11_musig_pubkey_agg(ctx, &agg_pk, &cache, pk_ptr, 1)); + CHECK(secp256k1_keypair_create(ctx, &keypair, key)); + CHECK(secp256k1_keypair_pub(ctx, &pk, &keypair)); + CHECK(secp256k1_musig_pubkey_agg(ctx, &agg_pk, &cache, pk_ptr, 1)); SECP256K1_CHECKMEM_UNDEFINE(key, 32); SECP256K1_CHECKMEM_UNDEFINE(session_secrand, sizeof(session_secrand)); SECP256K1_CHECKMEM_UNDEFINE(extra_input, sizeof(extra_input)); - ret = rustsecp256k1_v0_11_musig_nonce_gen(ctx, &secnonce, &pubnonce, session_secrand, key, &pk, msg, &cache, extra_input); + ret = secp256k1_musig_nonce_gen(ctx, &secnonce, &pubnonce, session_secrand, key, &pk, msg, &cache, extra_input); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); - ret = rustsecp256k1_v0_11_musig_nonce_gen_counter(ctx, &secnonce, &pubnonce, nonrepeating_cnt, &keypair, msg, &cache, extra_input); + ret = secp256k1_musig_nonce_gen_counter(ctx, &secnonce, &pubnonce, nonrepeating_cnt, &keypair, msg, &cache, extra_input); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 1)); + CHECK(secp256k1_musig_nonce_agg(ctx, &aggnonce, pubnonce_ptr, 1)); /* Make sure that previous tests don't undefine msg. It's not used as a secret here. */ SECP256K1_CHECKMEM_DEFINE(msg, sizeof(msg)); - CHECK(rustsecp256k1_v0_11_musig_nonce_process(ctx, &session, &aggnonce, msg, &cache) == 1); + CHECK(secp256k1_musig_nonce_process(ctx, &session, &aggnonce, msg, &cache) == 1); - ret = rustsecp256k1_v0_11_keypair_create(ctx, &keypair, key); + ret = secp256k1_keypair_create(ctx, &keypair, key); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); - ret = rustsecp256k1_v0_11_musig_partial_sign(ctx, &partial_sig, &secnonce, &keypair, &cache, &session); + ret = secp256k1_musig_partial_sign(ctx, &partial_sig, &secnonce, &keypair, &cache, &session); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); } @@ -239,25 +240,25 @@ static void run_tests(rustsecp256k1_v0_11_context *ctx, unsigned char *key) { #ifdef ENABLE_MODULE_ELLSWIFT SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_ellswift_create(ctx, ellswift, key, NULL); + ret = secp256k1_ellswift_create(ctx, ellswift, key, NULL); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); SECP256K1_CHECKMEM_UNDEFINE(key, 32); - ret = rustsecp256k1_v0_11_ellswift_create(ctx, ellswift, key, ellswift); + ret = secp256k1_ellswift_create(ctx, ellswift, key, ellswift); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); for (i = 0; i < 2; i++) { SECP256K1_CHECKMEM_UNDEFINE(key, 32); SECP256K1_CHECKMEM_DEFINE(&ellswift, sizeof(ellswift)); - ret = rustsecp256k1_v0_11_ellswift_xdh(ctx, msg, ellswift, ellswift, key, i, rustsecp256k1_v0_11_ellswift_xdh_hash_function_bip324, NULL); + ret = secp256k1_ellswift_xdh(ctx, msg, ellswift, ellswift, key, i, secp256k1_ellswift_xdh_hash_function_bip324, NULL); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); SECP256K1_CHECKMEM_UNDEFINE(key, 32); SECP256K1_CHECKMEM_DEFINE(&ellswift, sizeof(ellswift)); - ret = rustsecp256k1_v0_11_ellswift_xdh(ctx, msg, ellswift, ellswift, key, i, rustsecp256k1_v0_11_ellswift_xdh_hash_function_prefix, (void *)prefix); + ret = secp256k1_ellswift_xdh(ctx, msg, ellswift, ellswift, key, i, secp256k1_ellswift_xdh_hash_function_prefix, (void *)prefix); SECP256K1_CHECKMEM_DEFINE(&ret, sizeof(ret)); CHECK(ret == 1); } diff --git a/secp256k1-sys/depend/secp256k1/src/ecdsa.h b/secp256k1-sys/depend/secp256k1/src/ecdsa.h index 77ae94988..4441b0839 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecdsa.h +++ b/secp256k1-sys/depend/secp256k1/src/ecdsa.h @@ -13,9 +13,9 @@ #include "group.h" #include "ecmult.h" -static int rustsecp256k1_v0_11_ecdsa_sig_parse(rustsecp256k1_v0_11_scalar *r, rustsecp256k1_v0_11_scalar *s, const unsigned char *sig, size_t size); -static int rustsecp256k1_v0_11_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *s); -static int rustsecp256k1_v0_11_ecdsa_sig_verify(const rustsecp256k1_v0_11_scalar* r, const rustsecp256k1_v0_11_scalar* s, const rustsecp256k1_v0_11_ge *pubkey, const rustsecp256k1_v0_11_scalar *message); -static int rustsecp256k1_v0_11_ecdsa_sig_sign(const rustsecp256k1_v0_11_ecmult_gen_context *ctx, rustsecp256k1_v0_11_scalar* r, rustsecp256k1_v0_11_scalar* s, const rustsecp256k1_v0_11_scalar *seckey, const rustsecp256k1_v0_11_scalar *message, const rustsecp256k1_v0_11_scalar *nonce, int *recid); +static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *r, secp256k1_scalar *s, const unsigned char *sig, size_t size); +static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar *r, const secp256k1_scalar *s); +static int secp256k1_ecdsa_sig_verify(const secp256k1_scalar* r, const secp256k1_scalar* s, const secp256k1_ge *pubkey, const secp256k1_scalar *message); +static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid); #endif /* SECP256K1_ECDSA_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecdsa_impl.h b/secp256k1-sys/depend/secp256k1/src/ecdsa_impl.h index 2c8cb4dd6..ce36e85e6 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecdsa_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecdsa_impl.h @@ -16,24 +16,24 @@ #include "ecdsa.h" /** Group order for secp256k1 defined as 'n' in "Standards for Efficient Cryptography" (SEC2) 2.7.1 - * $ sage -c 'load("rustsecp256k1_v0_11_params.sage"); print(hex(N))' + * $ sage -c 'load("secp256k1_params.sage"); print(hex(N))' * 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141 */ -static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_ecdsa_const_order_as_fe = SECP256K1_FE_CONST( +static const secp256k1_fe secp256k1_ecdsa_const_order_as_fe = SECP256K1_FE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364141UL ); /** Difference between field and order, values 'p' and 'n' values defined in * "Standards for Efficient Cryptography" (SEC2) 2.7.1. - * $ sage -c 'load("rustsecp256k1_v0_11_params.sage"); print(hex(P-N))' + * $ sage -c 'load("secp256k1_params.sage"); print(hex(P-N))' * 0x14551231950b75fc4402da1722fc9baee */ -static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_ecdsa_const_p_minus_order = SECP256K1_FE_CONST( +static const secp256k1_fe secp256k1_ecdsa_const_p_minus_order = SECP256K1_FE_CONST( 0, 0, 0, 1, 0x45512319UL, 0x50B75FC4UL, 0x402DA172UL, 0x2FC9BAEEUL ); -static int rustsecp256k1_v0_11_der_read_len(size_t *len, const unsigned char **sigp, const unsigned char *sigend) { +static int secp256k1_der_read_len(size_t *len, const unsigned char **sigp, const unsigned char *sigend) { size_t lenleft; unsigned char b1; VERIFY_CHECK(len != NULL); @@ -87,7 +87,7 @@ static int rustsecp256k1_v0_11_der_read_len(size_t *len, const unsigned char **s return 1; } -static int rustsecp256k1_v0_11_der_parse_integer(rustsecp256k1_v0_11_scalar *r, const unsigned char **sig, const unsigned char *sigend) { +static int secp256k1_der_parse_integer(secp256k1_scalar *r, const unsigned char **sig, const unsigned char *sigend) { int overflow = 0; unsigned char ra[32] = {0}; size_t rlen; @@ -97,7 +97,7 @@ static int rustsecp256k1_v0_11_der_parse_integer(rustsecp256k1_v0_11_scalar *r, return 0; } (*sig)++; - if (rustsecp256k1_v0_11_der_read_len(&rlen, sig, sigend) == 0) { + if (secp256k1_der_read_len(&rlen, sig, sigend) == 0) { return 0; } if (rlen == 0 || rlen > (size_t)(sigend - *sig)) { @@ -129,23 +129,23 @@ static int rustsecp256k1_v0_11_der_parse_integer(rustsecp256k1_v0_11_scalar *r, } if (!overflow) { if (rlen) memcpy(ra + 32 - rlen, *sig, rlen); - rustsecp256k1_v0_11_scalar_set_b32(r, ra, &overflow); + secp256k1_scalar_set_b32(r, ra, &overflow); } if (overflow) { - rustsecp256k1_v0_11_scalar_set_int(r, 0); + secp256k1_scalar_set_int(r, 0); } (*sig) += rlen; return 1; } -static int rustsecp256k1_v0_11_ecdsa_sig_parse(rustsecp256k1_v0_11_scalar *rr, rustsecp256k1_v0_11_scalar *rs, const unsigned char *sig, size_t size) { +static int secp256k1_ecdsa_sig_parse(secp256k1_scalar *rr, secp256k1_scalar *rs, const unsigned char *sig, size_t size) { const unsigned char *sigend = sig + size; size_t rlen; if (sig == sigend || *(sig++) != 0x30) { /* The encoding doesn't start with a constructed sequence (X.690-0207 8.9.1). */ return 0; } - if (rustsecp256k1_v0_11_der_read_len(&rlen, &sig, sigend) == 0) { + if (secp256k1_der_read_len(&rlen, &sig, sigend) == 0) { return 0; } if (rlen != (size_t)(sigend - sig)) { @@ -153,10 +153,10 @@ static int rustsecp256k1_v0_11_ecdsa_sig_parse(rustsecp256k1_v0_11_scalar *rr, r return 0; } - if (!rustsecp256k1_v0_11_der_parse_integer(rr, &sig, sigend)) { + if (!secp256k1_der_parse_integer(rr, &sig, sigend)) { return 0; } - if (!rustsecp256k1_v0_11_der_parse_integer(rs, &sig, sigend)) { + if (!secp256k1_der_parse_integer(rs, &sig, sigend)) { return 0; } @@ -168,12 +168,12 @@ static int rustsecp256k1_v0_11_ecdsa_sig_parse(rustsecp256k1_v0_11_scalar *rr, r return 1; } -static int rustsecp256k1_v0_11_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const rustsecp256k1_v0_11_scalar* ar, const rustsecp256k1_v0_11_scalar* as) { +static int secp256k1_ecdsa_sig_serialize(unsigned char *sig, size_t *size, const secp256k1_scalar* ar, const secp256k1_scalar* as) { unsigned char r[33] = {0}, s[33] = {0}; unsigned char *rp = r, *sp = s; size_t lenR = 33, lenS = 33; - rustsecp256k1_v0_11_scalar_get_b32(&r[1], ar); - rustsecp256k1_v0_11_scalar_get_b32(&s[1], as); + secp256k1_scalar_get_b32(&r[1], ar); + secp256k1_scalar_get_b32(&s[1], as); while (lenR > 1 && rp[0] == 0 && rp[1] < 0x80) { lenR--; rp++; } while (lenS > 1 && sp[0] == 0 && sp[1] < 0x80) { lenS--; sp++; } if (*size < 6+lenS+lenR) { @@ -192,43 +192,43 @@ static int rustsecp256k1_v0_11_ecdsa_sig_serialize(unsigned char *sig, size_t *s return 1; } -static int rustsecp256k1_v0_11_ecdsa_sig_verify(const rustsecp256k1_v0_11_scalar *sigr, const rustsecp256k1_v0_11_scalar *sigs, const rustsecp256k1_v0_11_ge *pubkey, const rustsecp256k1_v0_11_scalar *message) { +static int secp256k1_ecdsa_sig_verify(const secp256k1_scalar *sigr, const secp256k1_scalar *sigs, const secp256k1_ge *pubkey, const secp256k1_scalar *message) { unsigned char c[32]; - rustsecp256k1_v0_11_scalar sn, u1, u2; + secp256k1_scalar sn, u1, u2; #if !defined(EXHAUSTIVE_TEST_ORDER) - rustsecp256k1_v0_11_fe xr; + secp256k1_fe xr; #endif - rustsecp256k1_v0_11_gej pubkeyj; - rustsecp256k1_v0_11_gej pr; + secp256k1_gej pubkeyj; + secp256k1_gej pr; - if (rustsecp256k1_v0_11_scalar_is_zero(sigr) || rustsecp256k1_v0_11_scalar_is_zero(sigs)) { + if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { return 0; } - rustsecp256k1_v0_11_scalar_inverse_var(&sn, sigs); - rustsecp256k1_v0_11_scalar_mul(&u1, &sn, message); - rustsecp256k1_v0_11_scalar_mul(&u2, &sn, sigr); - rustsecp256k1_v0_11_gej_set_ge(&pubkeyj, pubkey); - rustsecp256k1_v0_11_ecmult(&pr, &pubkeyj, &u2, &u1); - if (rustsecp256k1_v0_11_gej_is_infinity(&pr)) { + secp256k1_scalar_inverse_var(&sn, sigs); + secp256k1_scalar_mul(&u1, &sn, message); + secp256k1_scalar_mul(&u2, &sn, sigr); + secp256k1_gej_set_ge(&pubkeyj, pubkey); + secp256k1_ecmult(&pr, &pubkeyj, &u2, &u1); + if (secp256k1_gej_is_infinity(&pr)) { return 0; } #if defined(EXHAUSTIVE_TEST_ORDER) { - rustsecp256k1_v0_11_scalar computed_r; - rustsecp256k1_v0_11_ge pr_ge; - rustsecp256k1_v0_11_ge_set_gej(&pr_ge, &pr); - rustsecp256k1_v0_11_fe_normalize(&pr_ge.x); + secp256k1_scalar computed_r; + secp256k1_ge pr_ge; + secp256k1_ge_set_gej(&pr_ge, &pr); + secp256k1_fe_normalize(&pr_ge.x); - rustsecp256k1_v0_11_fe_get_b32(c, &pr_ge.x); - rustsecp256k1_v0_11_scalar_set_b32(&computed_r, c, NULL); - return rustsecp256k1_v0_11_scalar_eq(sigr, &computed_r); + secp256k1_fe_get_b32(c, &pr_ge.x); + secp256k1_scalar_set_b32(&computed_r, c, NULL); + return secp256k1_scalar_eq(sigr, &computed_r); } #else - rustsecp256k1_v0_11_scalar_get_b32(c, sigr); + secp256k1_scalar_get_b32(c, sigr); /* we can ignore the fe_set_b32_limit return value, because we know the input is in range */ - (void)rustsecp256k1_v0_11_fe_set_b32_limit(&xr, c); + (void)secp256k1_fe_set_b32_limit(&xr, c); /** We now have the recomputed R point in pr, and its claimed x coordinate (modulo n) * in xr. Naively, we would extract the x coordinate from pr (requiring a inversion modulo p), @@ -244,18 +244,18 @@ static int rustsecp256k1_v0_11_ecdsa_sig_verify(const rustsecp256k1_v0_11_scalar * <=> (xr * pr.z^2 mod p == pr.x) || (xr + n < p && (xr + n) * pr.z^2 mod p == pr.x) * * Thus, we can avoid the inversion, but we have to check both cases separately. - * rustsecp256k1_v0_11_gej_eq_x implements the (xr * pr.z^2 mod p == pr.x) test. + * secp256k1_gej_eq_x implements the (xr * pr.z^2 mod p == pr.x) test. */ - if (rustsecp256k1_v0_11_gej_eq_x_var(&xr, &pr)) { + if (secp256k1_gej_eq_x_var(&xr, &pr)) { /* xr * pr.z^2 mod p == pr.x, so the signature is valid. */ return 1; } - if (rustsecp256k1_v0_11_fe_cmp_var(&xr, &rustsecp256k1_v0_11_ecdsa_const_p_minus_order) >= 0) { + if (secp256k1_fe_cmp_var(&xr, &secp256k1_ecdsa_const_p_minus_order) >= 0) { /* xr + n >= p, so we can skip testing the second case. */ return 0; } - rustsecp256k1_v0_11_fe_add(&xr, &rustsecp256k1_v0_11_ecdsa_const_order_as_fe); - if (rustsecp256k1_v0_11_gej_eq_x_var(&xr, &pr)) { + secp256k1_fe_add(&xr, &secp256k1_ecdsa_const_order_as_fe); + if (secp256k1_gej_eq_x_var(&xr, &pr)) { /* (xr + n) * pr.z^2 mod p == pr.x, so the signature is valid. */ return 1; } @@ -263,42 +263,42 @@ static int rustsecp256k1_v0_11_ecdsa_sig_verify(const rustsecp256k1_v0_11_scalar #endif } -static int rustsecp256k1_v0_11_ecdsa_sig_sign(const rustsecp256k1_v0_11_ecmult_gen_context *ctx, rustsecp256k1_v0_11_scalar *sigr, rustsecp256k1_v0_11_scalar *sigs, const rustsecp256k1_v0_11_scalar *seckey, const rustsecp256k1_v0_11_scalar *message, const rustsecp256k1_v0_11_scalar *nonce, int *recid) { +static int secp256k1_ecdsa_sig_sign(const secp256k1_ecmult_gen_context *ctx, secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *seckey, const secp256k1_scalar *message, const secp256k1_scalar *nonce, int *recid) { unsigned char b[32]; - rustsecp256k1_v0_11_gej rp; - rustsecp256k1_v0_11_ge r; - rustsecp256k1_v0_11_scalar n; + secp256k1_gej rp; + secp256k1_ge r; + secp256k1_scalar n; int overflow = 0; int high; - rustsecp256k1_v0_11_ecmult_gen(ctx, &rp, nonce); - rustsecp256k1_v0_11_ge_set_gej(&r, &rp); - rustsecp256k1_v0_11_fe_normalize(&r.x); - rustsecp256k1_v0_11_fe_normalize(&r.y); - rustsecp256k1_v0_11_fe_get_b32(b, &r.x); - rustsecp256k1_v0_11_scalar_set_b32(sigr, b, &overflow); + secp256k1_ecmult_gen(ctx, &rp, nonce); + secp256k1_ge_set_gej(&r, &rp); + secp256k1_fe_normalize(&r.x); + secp256k1_fe_normalize(&r.y); + secp256k1_fe_get_b32(b, &r.x); + secp256k1_scalar_set_b32(sigr, b, &overflow); if (recid) { /* The overflow condition is cryptographically unreachable as hitting it requires finding the discrete log * of some P where P.x >= order, and only 1 in about 2^127 points meet this criteria. */ - *recid = (overflow << 1) | rustsecp256k1_v0_11_fe_is_odd(&r.y); - } - rustsecp256k1_v0_11_scalar_mul(&n, sigr, seckey); - rustsecp256k1_v0_11_scalar_add(&n, &n, message); - rustsecp256k1_v0_11_scalar_inverse(sigs, nonce); - rustsecp256k1_v0_11_scalar_mul(sigs, sigs, &n); - rustsecp256k1_v0_11_scalar_clear(&n); - rustsecp256k1_v0_11_gej_clear(&rp); - rustsecp256k1_v0_11_ge_clear(&r); - high = rustsecp256k1_v0_11_scalar_is_high(sigs); - rustsecp256k1_v0_11_scalar_cond_negate(sigs, high); + *recid = (overflow << 1) | secp256k1_fe_is_odd(&r.y); + } + secp256k1_scalar_mul(&n, sigr, seckey); + secp256k1_scalar_add(&n, &n, message); + secp256k1_scalar_inverse(sigs, nonce); + secp256k1_scalar_mul(sigs, sigs, &n); + secp256k1_scalar_clear(&n); + secp256k1_gej_clear(&rp); + secp256k1_ge_clear(&r); + high = secp256k1_scalar_is_high(sigs); + secp256k1_scalar_cond_negate(sigs, high); if (recid) { *recid ^= high; } /* P.x = order is on the curve, so technically sig->r could end up being zero, which would be an invalid signature. * This is cryptographically unreachable as hitting it requires finding the discrete log of P.x = N. */ - return (int)(!rustsecp256k1_v0_11_scalar_is_zero(sigr)) & (int)(!rustsecp256k1_v0_11_scalar_is_zero(sigs)); + return (int)(!secp256k1_scalar_is_zero(sigr)) & (int)(!secp256k1_scalar_is_zero(sigs)); } #endif /* SECP256K1_ECDSA_IMPL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/eckey.h b/secp256k1-sys/depend/secp256k1/src/eckey.h index 10eefa9b0..d54d44c99 100644 --- a/secp256k1-sys/depend/secp256k1/src/eckey.h +++ b/secp256k1-sys/depend/secp256k1/src/eckey.h @@ -14,12 +14,12 @@ #include "ecmult.h" #include "ecmult_gen.h" -static int rustsecp256k1_v0_11_eckey_pubkey_parse(rustsecp256k1_v0_11_ge *elem, const unsigned char *pub, size_t size); -static int rustsecp256k1_v0_11_eckey_pubkey_serialize(rustsecp256k1_v0_11_ge *elem, unsigned char *pub, size_t *size, int compressed); +static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size); +static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed); -static int rustsecp256k1_v0_11_eckey_privkey_tweak_add(rustsecp256k1_v0_11_scalar *key, const rustsecp256k1_v0_11_scalar *tweak); -static int rustsecp256k1_v0_11_eckey_pubkey_tweak_add(rustsecp256k1_v0_11_ge *key, const rustsecp256k1_v0_11_scalar *tweak); -static int rustsecp256k1_v0_11_eckey_privkey_tweak_mul(rustsecp256k1_v0_11_scalar *key, const rustsecp256k1_v0_11_scalar *tweak); -static int rustsecp256k1_v0_11_eckey_pubkey_tweak_mul(rustsecp256k1_v0_11_ge *key, const rustsecp256k1_v0_11_scalar *tweak); +static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_pubkey_tweak_add(secp256k1_ge *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak); +static int secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge *key, const secp256k1_scalar *tweak); #endif /* SECP256K1_ECKEY_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/eckey_impl.h b/secp256k1-sys/depend/secp256k1/src/eckey_impl.h index 2bd1bdb0b..a88a5964d 100644 --- a/secp256k1-sys/depend/secp256k1/src/eckey_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/eckey_impl.h @@ -9,83 +9,86 @@ #include "eckey.h" +#include "util.h" #include "scalar.h" #include "field.h" #include "group.h" #include "ecmult_gen.h" -static int rustsecp256k1_v0_11_eckey_pubkey_parse(rustsecp256k1_v0_11_ge *elem, const unsigned char *pub, size_t size) { +static int secp256k1_eckey_pubkey_parse(secp256k1_ge *elem, const unsigned char *pub, size_t size) { if (size == 33 && (pub[0] == SECP256K1_TAG_PUBKEY_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_ODD)) { - rustsecp256k1_v0_11_fe x; - return rustsecp256k1_v0_11_fe_set_b32_limit(&x, pub+1) && rustsecp256k1_v0_11_ge_set_xo_var(elem, &x, pub[0] == SECP256K1_TAG_PUBKEY_ODD); + secp256k1_fe x; + return secp256k1_fe_set_b32_limit(&x, pub+1) && secp256k1_ge_set_xo_var(elem, &x, pub[0] == SECP256K1_TAG_PUBKEY_ODD); } else if (size == 65 && (pub[0] == SECP256K1_TAG_PUBKEY_UNCOMPRESSED || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { - rustsecp256k1_v0_11_fe x, y; - if (!rustsecp256k1_v0_11_fe_set_b32_limit(&x, pub+1) || !rustsecp256k1_v0_11_fe_set_b32_limit(&y, pub+33)) { + secp256k1_fe x, y; + if (!secp256k1_fe_set_b32_limit(&x, pub+1) || !secp256k1_fe_set_b32_limit(&y, pub+33)) { return 0; } - rustsecp256k1_v0_11_ge_set_xy(elem, &x, &y); + secp256k1_ge_set_xy(elem, &x, &y); if ((pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_EVEN || pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD) && - rustsecp256k1_v0_11_fe_is_odd(&y) != (pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { + secp256k1_fe_is_odd(&y) != (pub[0] == SECP256K1_TAG_PUBKEY_HYBRID_ODD)) { return 0; } - return rustsecp256k1_v0_11_ge_is_valid_var(elem); + return secp256k1_ge_is_valid_var(elem); } else { return 0; } } -static int rustsecp256k1_v0_11_eckey_pubkey_serialize(rustsecp256k1_v0_11_ge *elem, unsigned char *pub, size_t *size, int compressed) { - if (rustsecp256k1_v0_11_ge_is_infinity(elem)) { +static int secp256k1_eckey_pubkey_serialize(secp256k1_ge *elem, unsigned char *pub, size_t *size, int compressed) { + VERIFY_CHECK(compressed == 0 || compressed == 1); + + if (secp256k1_ge_is_infinity(elem)) { return 0; } - rustsecp256k1_v0_11_fe_normalize_var(&elem->x); - rustsecp256k1_v0_11_fe_normalize_var(&elem->y); - rustsecp256k1_v0_11_fe_get_b32(&pub[1], &elem->x); + secp256k1_fe_normalize_var(&elem->x); + secp256k1_fe_normalize_var(&elem->y); + secp256k1_fe_get_b32(&pub[1], &elem->x); if (compressed) { *size = 33; - pub[0] = rustsecp256k1_v0_11_fe_is_odd(&elem->y) ? SECP256K1_TAG_PUBKEY_ODD : SECP256K1_TAG_PUBKEY_EVEN; + pub[0] = secp256k1_fe_is_odd(&elem->y) ? SECP256K1_TAG_PUBKEY_ODD : SECP256K1_TAG_PUBKEY_EVEN; } else { *size = 65; pub[0] = SECP256K1_TAG_PUBKEY_UNCOMPRESSED; - rustsecp256k1_v0_11_fe_get_b32(&pub[33], &elem->y); + secp256k1_fe_get_b32(&pub[33], &elem->y); } return 1; } -static int rustsecp256k1_v0_11_eckey_privkey_tweak_add(rustsecp256k1_v0_11_scalar *key, const rustsecp256k1_v0_11_scalar *tweak) { - rustsecp256k1_v0_11_scalar_add(key, key, tweak); - return !rustsecp256k1_v0_11_scalar_is_zero(key); +static int secp256k1_eckey_privkey_tweak_add(secp256k1_scalar *key, const secp256k1_scalar *tweak) { + secp256k1_scalar_add(key, key, tweak); + return !secp256k1_scalar_is_zero(key); } -static int rustsecp256k1_v0_11_eckey_pubkey_tweak_add(rustsecp256k1_v0_11_ge *key, const rustsecp256k1_v0_11_scalar *tweak) { - rustsecp256k1_v0_11_gej pt; - rustsecp256k1_v0_11_gej_set_ge(&pt, key); - rustsecp256k1_v0_11_ecmult(&pt, &pt, &rustsecp256k1_v0_11_scalar_one, tweak); +static int secp256k1_eckey_pubkey_tweak_add(secp256k1_ge *key, const secp256k1_scalar *tweak) { + secp256k1_gej pt; + secp256k1_gej_set_ge(&pt, key); + secp256k1_ecmult(&pt, &pt, &secp256k1_scalar_one, tweak); - if (rustsecp256k1_v0_11_gej_is_infinity(&pt)) { + if (secp256k1_gej_is_infinity(&pt)) { return 0; } - rustsecp256k1_v0_11_ge_set_gej(key, &pt); + secp256k1_ge_set_gej(key, &pt); return 1; } -static int rustsecp256k1_v0_11_eckey_privkey_tweak_mul(rustsecp256k1_v0_11_scalar *key, const rustsecp256k1_v0_11_scalar *tweak) { +static int secp256k1_eckey_privkey_tweak_mul(secp256k1_scalar *key, const secp256k1_scalar *tweak) { int ret; - ret = !rustsecp256k1_v0_11_scalar_is_zero(tweak); + ret = !secp256k1_scalar_is_zero(tweak); - rustsecp256k1_v0_11_scalar_mul(key, key, tweak); + secp256k1_scalar_mul(key, key, tweak); return ret; } -static int rustsecp256k1_v0_11_eckey_pubkey_tweak_mul(rustsecp256k1_v0_11_ge *key, const rustsecp256k1_v0_11_scalar *tweak) { - rustsecp256k1_v0_11_gej pt; - if (rustsecp256k1_v0_11_scalar_is_zero(tweak)) { +static int secp256k1_eckey_pubkey_tweak_mul(secp256k1_ge *key, const secp256k1_scalar *tweak) { + secp256k1_gej pt; + if (secp256k1_scalar_is_zero(tweak)) { return 0; } - rustsecp256k1_v0_11_gej_set_ge(&pt, key); - rustsecp256k1_v0_11_ecmult(&pt, &pt, tweak, &rustsecp256k1_v0_11_scalar_zero); - rustsecp256k1_v0_11_ge_set_gej(key, &pt); + secp256k1_gej_set_ge(&pt, key); + secp256k1_ecmult(&pt, &pt, tweak, &secp256k1_scalar_zero); + secp256k1_ge_set_gej(key, &pt); return 1; } diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult.h b/secp256k1-sys/depend/secp256k1/src/ecmult.h index 3eb3acf09..326a5eeb4 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult.h @@ -41,9 +41,9 @@ #define ECMULT_TABLE_SIZE(w) (1L << ((w)-2)) /** Double multiply: R = na*A + ng*G */ -static void rustsecp256k1_v0_11_ecmult(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_scalar *na, const rustsecp256k1_v0_11_scalar *ng); +static void secp256k1_ecmult(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng); -typedef int (rustsecp256k1_v0_11_ecmult_multi_callback)(rustsecp256k1_v0_11_scalar *sc, rustsecp256k1_v0_11_ge *pt, size_t idx, void *data); +typedef int (secp256k1_ecmult_multi_callback)(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *data); /** * Multi-multiply: R = inp_g_sc * G + sum_i ni * Ai. @@ -56,6 +56,6 @@ typedef int (rustsecp256k1_v0_11_ecmult_multi_callback)(rustsecp256k1_v0_11_scal * 0 if there is not enough scratch space for a single point or * callback returns 0 */ -static int rustsecp256k1_v0_11_ecmult_multi_var(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch *scratch, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *inp_g_sc, rustsecp256k1_v0_11_ecmult_multi_callback cb, void *cbdata, size_t n); +static int secp256k1_ecmult_multi_var(const secp256k1_callback* error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n); #endif /* SECP256K1_ECMULT_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_compute_table.h b/secp256k1-sys/depend/secp256k1/src/ecmult_compute_table.h index 714fa0041..665f87ff3 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_compute_table.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_compute_table.h @@ -8,9 +8,9 @@ #define SECP256K1_ECMULT_COMPUTE_TABLE_H /* Construct table of all odd multiples of gen in range 1..(2**(window_g-1)-1). */ -static void rustsecp256k1_v0_11_ecmult_compute_table(rustsecp256k1_v0_11_ge_storage* table, int window_g, const rustsecp256k1_v0_11_gej* gen); +static void secp256k1_ecmult_compute_table(secp256k1_ge_storage* table, int window_g, const secp256k1_gej* gen); -/* Like rustsecp256k1_v0_11_ecmult_compute_table, but one for both gen and gen*2^128. */ -static void rustsecp256k1_v0_11_ecmult_compute_two_tables(rustsecp256k1_v0_11_ge_storage* table, rustsecp256k1_v0_11_ge_storage* table_128, int window_g, const rustsecp256k1_v0_11_ge* gen); +/* Like secp256k1_ecmult_compute_table, but one for both gen and gen*2^128. */ +static void secp256k1_ecmult_compute_two_tables(secp256k1_ge_storage* table, secp256k1_ge_storage* table_128, int window_g, const secp256k1_ge* gen); #endif /* SECP256K1_ECMULT_COMPUTE_TABLE_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_compute_table_impl.h b/secp256k1-sys/depend/secp256k1/src/ecmult_compute_table_impl.h index f8096f8c8..69d59ce59 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_compute_table_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_compute_table_impl.h @@ -13,37 +13,37 @@ #include "ecmult.h" #include "util.h" -static void rustsecp256k1_v0_11_ecmult_compute_table(rustsecp256k1_v0_11_ge_storage* table, int window_g, const rustsecp256k1_v0_11_gej* gen) { - rustsecp256k1_v0_11_gej gj; - rustsecp256k1_v0_11_ge ge, dgen; +static void secp256k1_ecmult_compute_table(secp256k1_ge_storage* table, int window_g, const secp256k1_gej* gen) { + secp256k1_gej gj; + secp256k1_ge ge, dgen; int j; gj = *gen; - rustsecp256k1_v0_11_ge_set_gej_var(&ge, &gj); - rustsecp256k1_v0_11_ge_to_storage(&table[0], &ge); + secp256k1_ge_set_gej_var(&ge, &gj); + secp256k1_ge_to_storage(&table[0], &ge); - rustsecp256k1_v0_11_gej_double_var(&gj, gen, NULL); - rustsecp256k1_v0_11_ge_set_gej_var(&dgen, &gj); + secp256k1_gej_double_var(&gj, gen, NULL); + secp256k1_ge_set_gej_var(&dgen, &gj); for (j = 1; j < ECMULT_TABLE_SIZE(window_g); ++j) { - rustsecp256k1_v0_11_gej_set_ge(&gj, &ge); - rustsecp256k1_v0_11_gej_add_ge_var(&gj, &gj, &dgen, NULL); - rustsecp256k1_v0_11_ge_set_gej_var(&ge, &gj); - rustsecp256k1_v0_11_ge_to_storage(&table[j], &ge); + secp256k1_gej_set_ge(&gj, &ge); + secp256k1_gej_add_ge_var(&gj, &gj, &dgen, NULL); + secp256k1_ge_set_gej_var(&ge, &gj); + secp256k1_ge_to_storage(&table[j], &ge); } } -/* Like rustsecp256k1_v0_11_ecmult_compute_table, but one for both gen and gen*2^128. */ -static void rustsecp256k1_v0_11_ecmult_compute_two_tables(rustsecp256k1_v0_11_ge_storage* table, rustsecp256k1_v0_11_ge_storage* table_128, int window_g, const rustsecp256k1_v0_11_ge* gen) { - rustsecp256k1_v0_11_gej gj; +/* Like secp256k1_ecmult_compute_table, but one for both gen and gen*2^128. */ +static void secp256k1_ecmult_compute_two_tables(secp256k1_ge_storage* table, secp256k1_ge_storage* table_128, int window_g, const secp256k1_ge* gen) { + secp256k1_gej gj; int i; - rustsecp256k1_v0_11_gej_set_ge(&gj, gen); - rustsecp256k1_v0_11_ecmult_compute_table(table, window_g, &gj); + secp256k1_gej_set_ge(&gj, gen); + secp256k1_ecmult_compute_table(table, window_g, &gj); for (i = 0; i < 128; ++i) { - rustsecp256k1_v0_11_gej_double_var(&gj, &gj, NULL); + secp256k1_gej_double_var(&gj, &gj, NULL); } - rustsecp256k1_v0_11_ecmult_compute_table(table_128, window_g, &gj); + secp256k1_ecmult_compute_table(table_128, window_g, &gj); } #endif /* SECP256K1_ECMULT_COMPUTE_TABLE_IMPL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_const.h b/secp256k1-sys/depend/secp256k1/src/ecmult_const.h index a13d4468d..080e04bc8 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_const.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_const.h @@ -13,10 +13,10 @@ /** * Multiply: R = q*A (in constant-time for q) */ -static void rustsecp256k1_v0_11_ecmult_const(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_ge *a, const rustsecp256k1_v0_11_scalar *q); +static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q); /** - * Same as rustsecp256k1_v0_11_ecmult_const, but takes in an x coordinate of the base point + * Same as secp256k1_ecmult_const, but takes in an x coordinate of the base point * only, specified as fraction n/d (numerator/denominator). Only the x coordinate of the result is * returned. * @@ -27,11 +27,11 @@ static void rustsecp256k1_v0_11_ecmult_const(rustsecp256k1_v0_11_gej *r, const r * * Constant time in the value of q, but not any other inputs. */ -static int rustsecp256k1_v0_11_ecmult_const_xonly( - rustsecp256k1_v0_11_fe *r, - const rustsecp256k1_v0_11_fe *n, - const rustsecp256k1_v0_11_fe *d, - const rustsecp256k1_v0_11_scalar *q, +static int secp256k1_ecmult_const_xonly( + secp256k1_fe *r, + const secp256k1_fe *n, + const secp256k1_fe *d, + const secp256k1_scalar *q, int known_on_curve ); diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_const_impl.h b/secp256k1-sys/depend/secp256k1/src/ecmult_const_impl.h index ba258de9d..4f6620910 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_const_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_const_impl.h @@ -41,11 +41,11 @@ * * 'pre' must be an array of size ECMULT_CONST_TABLE_SIZE. */ -static void rustsecp256k1_v0_11_ecmult_const_odd_multiples_table_globalz(rustsecp256k1_v0_11_ge *pre, rustsecp256k1_v0_11_fe *globalz, const rustsecp256k1_v0_11_gej *a) { - rustsecp256k1_v0_11_fe zr[ECMULT_CONST_TABLE_SIZE]; +static void secp256k1_ecmult_const_odd_multiples_table_globalz(secp256k1_ge *pre, secp256k1_fe *globalz, const secp256k1_gej *a) { + secp256k1_fe zr[ECMULT_CONST_TABLE_SIZE]; - rustsecp256k1_v0_11_ecmult_odd_multiples_table(ECMULT_CONST_TABLE_SIZE, pre, zr, globalz, a); - rustsecp256k1_v0_11_ge_table_set_globalz(ECMULT_CONST_TABLE_SIZE, pre, zr); + secp256k1_ecmult_odd_multiples_table(ECMULT_CONST_TABLE_SIZE, pre, zr, globalz, a); + secp256k1_ge_table_set_globalz(ECMULT_CONST_TABLE_SIZE, pre, zr); } /* Given a table 'pre' with odd multiples of a point, put in r the signed-bit multiplication of n with that point. @@ -84,7 +84,7 @@ static void rustsecp256k1_v0_11_ecmult_const_odd_multiples_table_globalz(rustsec * = sum((1 - n[i]) * 2^i, i=0..l-2) */ \ unsigned int index = ((unsigned int)(-negative) ^ n) & ((1U << (ECMULT_CONST_GROUP_SIZE - 1)) - 1U); \ - rustsecp256k1_v0_11_fe neg_y; \ + secp256k1_fe neg_y; \ VERIFY_CHECK((n) < (1U << ECMULT_CONST_GROUP_SIZE)); \ VERIFY_CHECK(index < (1U << (ECMULT_CONST_GROUP_SIZE - 1))); \ /* Unconditionally set r->x = (pre)[m].x. r->y = (pre)[m].y. because it's either the correct one @@ -94,34 +94,34 @@ static void rustsecp256k1_v0_11_ecmult_const_odd_multiples_table_globalz(rustsec for (m = 1; m < ECMULT_CONST_TABLE_SIZE; m++) { \ /* This loop is used to avoid secret data in array indices. See * the comment in ecmult_gen_impl.h for rationale. */ \ - rustsecp256k1_v0_11_fe_cmov(&(r)->x, &(pre)[m].x, m == index); \ - rustsecp256k1_v0_11_fe_cmov(&(r)->y, &(pre)[m].y, m == index); \ + secp256k1_fe_cmov(&(r)->x, &(pre)[m].x, m == index); \ + secp256k1_fe_cmov(&(r)->y, &(pre)[m].y, m == index); \ } \ (r)->infinity = 0; \ - rustsecp256k1_v0_11_fe_negate(&neg_y, &(r)->y, 1); \ - rustsecp256k1_v0_11_fe_cmov(&(r)->y, &neg_y, negative); \ + secp256k1_fe_negate(&neg_y, &(r)->y, 1); \ + secp256k1_fe_cmov(&(r)->y, &neg_y, negative); \ } while(0) -/* For K as defined in the comment of rustsecp256k1_v0_11_ecmult_const, we have several precomputed +/* For K as defined in the comment of secp256k1_ecmult_const, we have several precomputed * formulas/constants. * - in exhaustive test mode, we give an explicit expression to compute it at compile time: */ #ifdef EXHAUSTIVE_TEST_ORDER -static const rustsecp256k1_v0_11_scalar rustsecp256k1_v0_11_ecmult_const_K = ((SECP256K1_SCALAR_CONST(0, 0, 0, (1U << (ECMULT_CONST_BITS - 128)) - 2U, 0, 0, 0, 0) + EXHAUSTIVE_TEST_ORDER - 1U) * (1U + EXHAUSTIVE_TEST_LAMBDA)) % EXHAUSTIVE_TEST_ORDER; +static const secp256k1_scalar secp256k1_ecmult_const_K = ((SECP256K1_SCALAR_CONST(0, 0, 0, (1U << (ECMULT_CONST_BITS - 128)) - 2U, 0, 0, 0, 0) + EXHAUSTIVE_TEST_ORDER - 1U) * (1U + EXHAUSTIVE_TEST_LAMBDA)) % EXHAUSTIVE_TEST_ORDER; /* - for the real secp256k1 group we have constants for various ECMULT_CONST_BITS values. */ #elif ECMULT_CONST_BITS == 129 /* For GROUP_SIZE = 1,3. */ -static const rustsecp256k1_v0_11_scalar rustsecp256k1_v0_11_ecmult_const_K = SECP256K1_SCALAR_CONST(0xac9c52b3ul, 0x3fa3cf1ful, 0x5ad9e3fdul, 0x77ed9ba4ul, 0xa880b9fcul, 0x8ec739c2ul, 0xe0cfc810ul, 0xb51283ceul); +static const secp256k1_scalar secp256k1_ecmult_const_K = SECP256K1_SCALAR_CONST(0xac9c52b3ul, 0x3fa3cf1ful, 0x5ad9e3fdul, 0x77ed9ba4ul, 0xa880b9fcul, 0x8ec739c2ul, 0xe0cfc810ul, 0xb51283ceul); #elif ECMULT_CONST_BITS == 130 /* For GROUP_SIZE = 2,5. */ -static const rustsecp256k1_v0_11_scalar rustsecp256k1_v0_11_ecmult_const_K = SECP256K1_SCALAR_CONST(0xa4e88a7dul, 0xcb13034eul, 0xc2bdd6bful, 0x7c118d6bul, 0x589ae848ul, 0x26ba29e4ul, 0xb5c2c1dcul, 0xde9798d9ul); +static const secp256k1_scalar secp256k1_ecmult_const_K = SECP256K1_SCALAR_CONST(0xa4e88a7dul, 0xcb13034eul, 0xc2bdd6bful, 0x7c118d6bul, 0x589ae848ul, 0x26ba29e4ul, 0xb5c2c1dcul, 0xde9798d9ul); #elif ECMULT_CONST_BITS == 132 /* For GROUP_SIZE = 4,6 */ -static const rustsecp256k1_v0_11_scalar rustsecp256k1_v0_11_ecmult_const_K = SECP256K1_SCALAR_CONST(0x76b1d93dul, 0x0fae3c6bul, 0x3215874bul, 0x94e93813ul, 0x7937fe0dul, 0xb66bcaaful, 0xb3749ca5ul, 0xd7b6171bul); +static const secp256k1_scalar secp256k1_ecmult_const_K = SECP256K1_SCALAR_CONST(0x76b1d93dul, 0x0fae3c6bul, 0x3215874bul, 0x94e93813ul, 0x7937fe0dul, 0xb66bcaaful, 0xb3749ca5ul, 0xd7b6171bul); #else # error "Unknown ECMULT_CONST_BITS" #endif -static void rustsecp256k1_v0_11_ecmult_const(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_ge *a, const rustsecp256k1_v0_11_scalar *q) { +static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, const secp256k1_scalar *q) { /* The approach below combines the signed-digit logic from Mike Hamburg's * "Fast and compact elliptic-curve cryptography" (https://eprint.iacr.org/2012/309) * Section 3.3, with the GLV endomorphism. @@ -142,7 +142,7 @@ static void rustsecp256k1_v0_11_ecmult_const(rustsecp256k1_v0_11_gej *r, const r * It is appealing to try to combine this with the GLV optimization: the idea that a scalar * s can be written as s1 + lambda*s2, where lambda is a curve-specific constant such that * lambda*A is easy to compute, and where s1 and s2 are small. In particular we have the - * rustsecp256k1_v0_11_scalar_split_lambda function which performs such a split with the resulting s1 + * secp256k1_scalar_split_lambda function which performs such a split with the resulting s1 * and s2 in range (-2^128, 2^128) mod n. This does work, but is uninteresting: * * To compute q*A: @@ -189,33 +189,33 @@ static void rustsecp256k1_v0_11_ecmult_const(rustsecp256k1_v0_11_gej *r, const r */ /* The offset to add to s1 and s2 to make them non-negative. Equal to 2^128. */ - static const rustsecp256k1_v0_11_scalar S_OFFSET = SECP256K1_SCALAR_CONST(0, 0, 0, 1, 0, 0, 0, 0); - rustsecp256k1_v0_11_scalar s, v1, v2; - rustsecp256k1_v0_11_ge pre_a[ECMULT_CONST_TABLE_SIZE]; - rustsecp256k1_v0_11_ge pre_a_lam[ECMULT_CONST_TABLE_SIZE]; - rustsecp256k1_v0_11_fe global_z; + static const secp256k1_scalar S_OFFSET = SECP256K1_SCALAR_CONST(0, 0, 0, 1, 0, 0, 0, 0); + secp256k1_scalar s, v1, v2; + secp256k1_ge pre_a[ECMULT_CONST_TABLE_SIZE]; + secp256k1_ge pre_a_lam[ECMULT_CONST_TABLE_SIZE]; + secp256k1_fe global_z; int group, i; /* We're allowed to be non-constant time in the point, and the code below (in particular, - * rustsecp256k1_v0_11_ecmult_const_odd_multiples_table_globalz) cannot deal with infinity in a + * secp256k1_ecmult_const_odd_multiples_table_globalz) cannot deal with infinity in a * constant-time manner anyway. */ - if (rustsecp256k1_v0_11_ge_is_infinity(a)) { - rustsecp256k1_v0_11_gej_set_infinity(r); + if (secp256k1_ge_is_infinity(a)) { + secp256k1_gej_set_infinity(r); return; } /* Compute v1 and v2. */ - rustsecp256k1_v0_11_scalar_add(&s, q, &rustsecp256k1_v0_11_ecmult_const_K); - rustsecp256k1_v0_11_scalar_half(&s, &s); - rustsecp256k1_v0_11_scalar_split_lambda(&v1, &v2, &s); - rustsecp256k1_v0_11_scalar_add(&v1, &v1, &S_OFFSET); - rustsecp256k1_v0_11_scalar_add(&v2, &v2, &S_OFFSET); + secp256k1_scalar_add(&s, q, &secp256k1_ecmult_const_K); + secp256k1_scalar_half(&s, &s); + secp256k1_scalar_split_lambda(&v1, &v2, &s); + secp256k1_scalar_add(&v1, &v1, &S_OFFSET); + secp256k1_scalar_add(&v2, &v2, &S_OFFSET); #ifdef VERIFY /* Verify that v1 and v2 are in range [0, 2^129-1]. */ for (i = 129; i < 256; ++i) { - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_get_bits_limb32(&v1, i, 1) == 0); - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_get_bits_limb32(&v2, i, 1) == 0); + VERIFY_CHECK(secp256k1_scalar_get_bits_limb32(&v1, i, 1) == 0); + VERIFY_CHECK(secp256k1_scalar_get_bits_limb32(&v2, i, 1) == 0); } #endif @@ -225,10 +225,10 @@ static void rustsecp256k1_v0_11_ecmult_const(rustsecp256k1_v0_11_gej *r, const r * that the Z coordinate was 1, use affine addition formulae, and correct * the Z coordinate of the result once at the end. */ - rustsecp256k1_v0_11_gej_set_ge(r, a); - rustsecp256k1_v0_11_ecmult_const_odd_multiples_table_globalz(pre_a, &global_z, r); + secp256k1_gej_set_ge(r, a); + secp256k1_ecmult_const_odd_multiples_table_globalz(pre_a, &global_z, r); for (i = 0; i < ECMULT_CONST_TABLE_SIZE; i++) { - rustsecp256k1_v0_11_ge_mul_lambda(&pre_a_lam[i], &pre_a[i]); + secp256k1_ge_mul_lambda(&pre_a_lam[i], &pre_a[i]); } /* Next, we compute r = C_l(v1, A) + C_l(v2, lambda*A). @@ -243,31 +243,31 @@ static void rustsecp256k1_v0_11_ecmult_const(rustsecp256k1_v0_11_gej *r, const r */ for (group = ECMULT_CONST_GROUPS - 1; group >= 0; --group) { /* Using the _var get_bits function is ok here, since it's only variable in offset and count, not in the scalar. */ - unsigned int bits1 = rustsecp256k1_v0_11_scalar_get_bits_var(&v1, group * ECMULT_CONST_GROUP_SIZE, ECMULT_CONST_GROUP_SIZE); - unsigned int bits2 = rustsecp256k1_v0_11_scalar_get_bits_var(&v2, group * ECMULT_CONST_GROUP_SIZE, ECMULT_CONST_GROUP_SIZE); - rustsecp256k1_v0_11_ge t; + unsigned int bits1 = secp256k1_scalar_get_bits_var(&v1, group * ECMULT_CONST_GROUP_SIZE, ECMULT_CONST_GROUP_SIZE); + unsigned int bits2 = secp256k1_scalar_get_bits_var(&v2, group * ECMULT_CONST_GROUP_SIZE, ECMULT_CONST_GROUP_SIZE); + secp256k1_ge t; int j; ECMULT_CONST_TABLE_GET_GE(&t, pre_a, bits1); if (group == ECMULT_CONST_GROUPS - 1) { /* Directly set r in the first iteration. */ - rustsecp256k1_v0_11_gej_set_ge(r, &t); + secp256k1_gej_set_ge(r, &t); } else { /* Shift the result so far up. */ for (j = 0; j < ECMULT_CONST_GROUP_SIZE; ++j) { - rustsecp256k1_v0_11_gej_double(r, r); + secp256k1_gej_double(r, r); } - rustsecp256k1_v0_11_gej_add_ge(r, r, &t); + secp256k1_gej_add_ge(r, r, &t); } ECMULT_CONST_TABLE_GET_GE(&t, pre_a_lam, bits2); - rustsecp256k1_v0_11_gej_add_ge(r, r, &t); + secp256k1_gej_add_ge(r, r, &t); } /* Map the result back to the secp256k1 curve from the isomorphic curve. */ - rustsecp256k1_v0_11_fe_mul(&r->z, &r->z, &global_z); + secp256k1_fe_mul(&r->z, &r->z, &global_z); } -static int rustsecp256k1_v0_11_ecmult_const_xonly(rustsecp256k1_v0_11_fe* r, const rustsecp256k1_v0_11_fe *n, const rustsecp256k1_v0_11_fe *d, const rustsecp256k1_v0_11_scalar *q, int known_on_curve) { +static int secp256k1_ecmult_const_xonly(secp256k1_fe* r, const secp256k1_fe *n, const secp256k1_fe *d, const secp256k1_scalar *q, int known_on_curve) { /* This algorithm is a generalization of Peter Dettman's technique for * avoiding the square root in a random-basepoint x-only multiplication @@ -338,21 +338,21 @@ static int rustsecp256k1_v0_11_ecmult_const_xonly(rustsecp256k1_v0_11_fe* r, con * is needed anywhere in this computation. */ - rustsecp256k1_v0_11_fe g, i; - rustsecp256k1_v0_11_ge p; - rustsecp256k1_v0_11_gej rj; + secp256k1_fe g, i; + secp256k1_ge p; + secp256k1_gej rj; /* Compute g = (n^3 + B*d^3). */ - rustsecp256k1_v0_11_fe_sqr(&g, n); - rustsecp256k1_v0_11_fe_mul(&g, &g, n); + secp256k1_fe_sqr(&g, n); + secp256k1_fe_mul(&g, &g, n); if (d) { - rustsecp256k1_v0_11_fe b; - VERIFY_CHECK(!rustsecp256k1_v0_11_fe_normalizes_to_zero(d)); - rustsecp256k1_v0_11_fe_sqr(&b, d); + secp256k1_fe b; + VERIFY_CHECK(!secp256k1_fe_normalizes_to_zero(d)); + secp256k1_fe_sqr(&b, d); VERIFY_CHECK(SECP256K1_B <= 8); /* magnitude of b will be <= 8 after the next call */ - rustsecp256k1_v0_11_fe_mul_int(&b, SECP256K1_B); - rustsecp256k1_v0_11_fe_mul(&b, &b, d); - rustsecp256k1_v0_11_fe_add(&g, &b); + secp256k1_fe_mul_int(&b, SECP256K1_B); + secp256k1_fe_mul(&b, &b, d); + secp256k1_fe_add(&g, &b); if (!known_on_curve) { /* We need to determine whether (n/d)^3 + 7 is square. * @@ -361,37 +361,39 @@ static int rustsecp256k1_v0_11_ecmult_const_xonly(rustsecp256k1_v0_11_fe* r, con * <=> is_square((n^3 + 7*d^3) * d) * <=> is_square(g * d) */ - rustsecp256k1_v0_11_fe c; - rustsecp256k1_v0_11_fe_mul(&c, &g, d); - if (!rustsecp256k1_v0_11_fe_is_square_var(&c)) return 0; + secp256k1_fe c; + secp256k1_fe_mul(&c, &g, d); + if (!secp256k1_fe_is_square_var(&c)) return 0; } } else { - rustsecp256k1_v0_11_fe_add_int(&g, SECP256K1_B); + secp256k1_fe_add_int(&g, SECP256K1_B); if (!known_on_curve) { /* g at this point equals x^3 + 7. Test if it is square. */ - if (!rustsecp256k1_v0_11_fe_is_square_var(&g)) return 0; + if (!secp256k1_fe_is_square_var(&g)) return 0; } } + SECP256K1_FE_VERIFY_MAGNITUDE(&g, 2); + /* Compute base point P = (n*g, g^2), the effective affine version of (n*g, g^2, v), which has * corresponding affine X coordinate n/d. */ - rustsecp256k1_v0_11_fe_mul(&p.x, &g, n); - rustsecp256k1_v0_11_fe_sqr(&p.y, &g); + secp256k1_fe_mul(&p.x, &g, n); + secp256k1_fe_sqr(&p.y, &g); p.infinity = 0; /* Perform x-only EC multiplication of P with q. */ - VERIFY_CHECK(!rustsecp256k1_v0_11_scalar_is_zero(q)); - rustsecp256k1_v0_11_ecmult_const(&rj, &p, q); - VERIFY_CHECK(!rustsecp256k1_v0_11_gej_is_infinity(&rj)); + VERIFY_CHECK(!secp256k1_scalar_is_zero(q)); + secp256k1_ecmult_const(&rj, &p, q); + VERIFY_CHECK(!secp256k1_gej_is_infinity(&rj)); /* The resulting (X, Y, Z) point on the effective-affine isomorphic curve corresponds to * (X, Y, Z*v) on the secp256k1 curve. The affine version of that has X coordinate * (X / (Z^2*d*g)). */ - rustsecp256k1_v0_11_fe_sqr(&i, &rj.z); - rustsecp256k1_v0_11_fe_mul(&i, &i, &g); - if (d) rustsecp256k1_v0_11_fe_mul(&i, &i, d); - rustsecp256k1_v0_11_fe_inv(&i, &i); - rustsecp256k1_v0_11_fe_mul(r, &rj.x, &i); + secp256k1_fe_sqr(&i, &rj.z); + secp256k1_fe_mul(&i, &i, &g); + if (d) secp256k1_fe_mul(&i, &i, d); + secp256k1_fe_inv(&i, &i); + secp256k1_fe_mul(r, &rj.x, &i); return 1; } diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_gen.h b/secp256k1-sys/depend/secp256k1/src/ecmult_gen.h index 10f73288a..43dd10c38 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_gen.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_gen.h @@ -25,7 +25,7 @@ * COMB_SPACING * COMB_TEETH consecutive bits in the input. * * The size of the precomputed table is COMB_BLOCKS * (1 << (COMB_TEETH - 1)) - * rustsecp256k1_v0_11_ge_storages. + * secp256k1_ge_storages. * * The number of point additions equals COMB_BLOCKS * COMB_SPACING. Each point * addition involves a cmov from (1 << (COMB_TEETH - 1)) table entries and a @@ -35,7 +35,7 @@ #if defined(EXHAUSTIVE_TEST_ORDER) /* We need to control these values for exhaustive tests because - * the table cannot have infinities in them (rustsecp256k1_v0_11_ge_storage + * the table cannot have infinities in them (secp256k1_ge_storage * doesn't support infinities) */ # undef COMB_BLOCKS # undef COMB_TEETH @@ -124,20 +124,20 @@ typedef struct { * * This expression lets us use scalar blinding and optimize the comb precomputation. See * ecmult_gen_impl.h for more details. */ - rustsecp256k1_v0_11_scalar scalar_offset; - rustsecp256k1_v0_11_ge ge_offset; + secp256k1_scalar scalar_offset; + secp256k1_ge ge_offset; /* Factor used for projective blinding. This value is used to rescale the Z * coordinate of the first table lookup. */ - rustsecp256k1_v0_11_fe proj_blind; -} rustsecp256k1_v0_11_ecmult_gen_context; + secp256k1_fe proj_blind; +} secp256k1_ecmult_gen_context; -static void rustsecp256k1_v0_11_ecmult_gen_context_build(rustsecp256k1_v0_11_ecmult_gen_context* ctx); -static void rustsecp256k1_v0_11_ecmult_gen_context_clear(rustsecp256k1_v0_11_ecmult_gen_context* ctx); +static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context* ctx); +static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context* ctx); /** Multiply with the generator: R = a*G */ -static void rustsecp256k1_v0_11_ecmult_gen(const rustsecp256k1_v0_11_ecmult_gen_context* ctx, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *a); +static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context* ctx, secp256k1_gej *r, const secp256k1_scalar *a); -static void rustsecp256k1_v0_11_ecmult_gen_blind(rustsecp256k1_v0_11_ecmult_gen_context *ctx, const unsigned char *seed32); +static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32); #endif /* SECP256K1_ECMULT_GEN_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_gen_compute_table.h b/secp256k1-sys/depend/secp256k1/src/ecmult_gen_compute_table.h index 666901743..bd41803a8 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_gen_compute_table.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_gen_compute_table.h @@ -9,6 +9,6 @@ #include "ecmult_gen.h" -static void rustsecp256k1_v0_11_ecmult_gen_compute_table(rustsecp256k1_v0_11_ge_storage* table, const rustsecp256k1_v0_11_ge* gen, int blocks, int teeth, int spacing); +static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage* table, const secp256k1_ge* gen, int blocks, int teeth, int spacing); #endif /* SECP256K1_ECMULT_GEN_COMPUTE_TABLE_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_gen_compute_table_impl.h b/secp256k1-sys/depend/secp256k1/src/ecmult_gen_compute_table_impl.h index 4d44ccc93..6aa8d8408 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_gen_compute_table_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_gen_compute_table_impl.h @@ -14,56 +14,56 @@ #include "ecmult_gen.h" #include "util.h" -static void rustsecp256k1_v0_11_ecmult_gen_compute_table(rustsecp256k1_v0_11_ge_storage* table, const rustsecp256k1_v0_11_ge* gen, int blocks, int teeth, int spacing) { +static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage* table, const secp256k1_ge* gen, int blocks, int teeth, int spacing) { size_t points = ((size_t)1) << (teeth - 1); size_t points_total = points * blocks; - rustsecp256k1_v0_11_ge* prec = checked_malloc(&default_error_callback, points_total * sizeof(*prec)); - rustsecp256k1_v0_11_gej* ds = checked_malloc(&default_error_callback, teeth * sizeof(*ds)); - rustsecp256k1_v0_11_gej* vs = checked_malloc(&default_error_callback, points_total * sizeof(*vs)); - rustsecp256k1_v0_11_gej u; + secp256k1_ge* prec = checked_malloc(&default_error_callback, points_total * sizeof(*prec)); + secp256k1_gej* ds = checked_malloc(&default_error_callback, teeth * sizeof(*ds)); + secp256k1_gej* vs = checked_malloc(&default_error_callback, points_total * sizeof(*vs)); + secp256k1_gej u; size_t vs_pos = 0; - rustsecp256k1_v0_11_scalar half; + secp256k1_scalar half; int block, i; VERIFY_CHECK(points_total > 0); /* u is the running power of two times gen we're working with, initially gen/2. */ - rustsecp256k1_v0_11_scalar_half(&half, &rustsecp256k1_v0_11_scalar_one); - rustsecp256k1_v0_11_gej_set_infinity(&u); + secp256k1_scalar_half(&half, &secp256k1_scalar_one); + secp256k1_gej_set_infinity(&u); for (i = 255; i >= 0; --i) { /* Use a very simple multiplication ladder to avoid dependency on ecmult. */ - rustsecp256k1_v0_11_gej_double_var(&u, &u, NULL); - if (rustsecp256k1_v0_11_scalar_get_bits_limb32(&half, i, 1)) { - rustsecp256k1_v0_11_gej_add_ge_var(&u, &u, gen, NULL); + secp256k1_gej_double_var(&u, &u, NULL); + if (secp256k1_scalar_get_bits_limb32(&half, i, 1)) { + secp256k1_gej_add_ge_var(&u, &u, gen, NULL); } } #ifdef VERIFY { /* Verify that u*2 = gen. */ - rustsecp256k1_v0_11_gej double_u; - rustsecp256k1_v0_11_gej_double_var(&double_u, &u, NULL); - VERIFY_CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&double_u, gen)); + secp256k1_gej double_u; + secp256k1_gej_double_var(&double_u, &u, NULL); + VERIFY_CHECK(secp256k1_gej_eq_ge_var(&double_u, gen)); } #endif for (block = 0; block < blocks; ++block) { int tooth; /* Here u = 2^(block*teeth*spacing) * gen/2. */ - rustsecp256k1_v0_11_gej sum; - rustsecp256k1_v0_11_gej_set_infinity(&sum); + secp256k1_gej sum; + secp256k1_gej_set_infinity(&sum); for (tooth = 0; tooth < teeth; ++tooth) { /* Here u = 2^((block*teeth + tooth)*spacing) * gen/2. */ /* Make sum = sum(2^((block*teeth + t)*spacing), t=0..tooth) * gen/2. */ - rustsecp256k1_v0_11_gej_add_var(&sum, &sum, &u, NULL); + secp256k1_gej_add_var(&sum, &sum, &u, NULL); /* Make u = 2^((block*teeth + tooth)*spacing + 1) * gen/2. */ - rustsecp256k1_v0_11_gej_double_var(&u, &u, NULL); + secp256k1_gej_double_var(&u, &u, NULL); /* Make ds[tooth] = u = 2^((block*teeth + tooth)*spacing + 1) * gen/2. */ ds[tooth] = u; /* Make u = 2^((block*teeth + tooth + 1)*spacing) * gen/2, unless at the end. */ if (block + tooth != blocks + teeth - 2) { int bit_off; for (bit_off = 1; bit_off < spacing; ++bit_off) { - rustsecp256k1_v0_11_gej_double_var(&u, &u, NULL); + secp256k1_gej_double_var(&u, &u, NULL); } } } @@ -74,7 +74,7 @@ static void rustsecp256k1_v0_11_ecmult_gen_compute_table(rustsecp256k1_v0_11_ge_ * The entries will occupy vs[block*points + i] for i=0..points-1. * We start by computing the first (i=0) value corresponding to all summed * powers of two times G being negative. */ - rustsecp256k1_v0_11_gej_neg(&vs[vs_pos++], &sum); + secp256k1_gej_neg(&vs[vs_pos++], &sum); /* And then teeth-1 times "double" the range of i values for which the table * is computed: in each iteration, double the table by taking an existing * table entry and adding ds[tooth]. */ @@ -82,20 +82,20 @@ static void rustsecp256k1_v0_11_ecmult_gen_compute_table(rustsecp256k1_v0_11_ge_ size_t stride = ((size_t)1) << tooth; size_t index; for (index = 0; index < stride; ++index, ++vs_pos) { - rustsecp256k1_v0_11_gej_add_var(&vs[vs_pos], &vs[vs_pos - stride], &ds[tooth], NULL); + secp256k1_gej_add_var(&vs[vs_pos], &vs[vs_pos - stride], &ds[tooth], NULL); } } } VERIFY_CHECK(vs_pos == points_total); - /* Convert all points simultaneously from rustsecp256k1_v0_11_gej to rustsecp256k1_v0_11_ge. */ - rustsecp256k1_v0_11_ge_set_all_gej_var(prec, vs, points_total); - /* Convert all points from rustsecp256k1_v0_11_ge to rustsecp256k1_v0_11_ge_storage output. */ + /* Convert all points simultaneously from secp256k1_gej to secp256k1_ge. */ + secp256k1_ge_set_all_gej_var(prec, vs, points_total); + /* Convert all points from secp256k1_ge to secp256k1_ge_storage output. */ for (block = 0; block < blocks; ++block) { size_t index; for (index = 0; index < points; ++index) { - VERIFY_CHECK(!rustsecp256k1_v0_11_ge_is_infinity(&prec[block * points + index])); - rustsecp256k1_v0_11_ge_to_storage(&table[block * points + index], &prec[block * points + index]); + VERIFY_CHECK(!secp256k1_ge_is_infinity(&prec[block * points + index])); + secp256k1_ge_to_storage(&table[block * points + index], &prec[block * points + index]); } } diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_gen_impl.h b/secp256k1-sys/depend/secp256k1/src/ecmult_gen_impl.h index b6cf0cd92..2159eed5e 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_gen_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_gen_impl.h @@ -14,49 +14,49 @@ #include "hash_impl.h" #include "precomputed_ecmult_gen.h" -static void rustsecp256k1_v0_11_ecmult_gen_context_build(rustsecp256k1_v0_11_ecmult_gen_context *ctx) { - rustsecp256k1_v0_11_ecmult_gen_blind(ctx, NULL); +static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context *ctx) { + secp256k1_ecmult_gen_blind(ctx, NULL); ctx->built = 1; } -static int rustsecp256k1_v0_11_ecmult_gen_context_is_built(const rustsecp256k1_v0_11_ecmult_gen_context* ctx) { +static int secp256k1_ecmult_gen_context_is_built(const secp256k1_ecmult_gen_context* ctx) { return ctx->built; } -static void rustsecp256k1_v0_11_ecmult_gen_context_clear(rustsecp256k1_v0_11_ecmult_gen_context *ctx) { +static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context *ctx) { ctx->built = 0; - rustsecp256k1_v0_11_scalar_clear(&ctx->scalar_offset); - rustsecp256k1_v0_11_ge_clear(&ctx->ge_offset); - rustsecp256k1_v0_11_fe_clear(&ctx->proj_blind); + secp256k1_scalar_clear(&ctx->scalar_offset); + secp256k1_ge_clear(&ctx->ge_offset); + secp256k1_fe_clear(&ctx->proj_blind); } /* Compute the scalar (2^COMB_BITS - 1) / 2, the difference between the gn argument to - * rustsecp256k1_v0_11_ecmult_gen, and the scalar whose encoding the table lookup bits are drawn + * secp256k1_ecmult_gen, and the scalar whose encoding the table lookup bits are drawn * from (before applying blinding). */ -static void rustsecp256k1_v0_11_ecmult_gen_scalar_diff(rustsecp256k1_v0_11_scalar* diff) { +static void secp256k1_ecmult_gen_scalar_diff(secp256k1_scalar* diff) { int i; /* Compute scalar -1/2. */ - rustsecp256k1_v0_11_scalar neghalf; - rustsecp256k1_v0_11_scalar_half(&neghalf, &rustsecp256k1_v0_11_scalar_one); - rustsecp256k1_v0_11_scalar_negate(&neghalf, &neghalf); + secp256k1_scalar neghalf; + secp256k1_scalar_half(&neghalf, &secp256k1_scalar_one); + secp256k1_scalar_negate(&neghalf, &neghalf); /* Compute offset = 2^(COMB_BITS - 1). */ - *diff = rustsecp256k1_v0_11_scalar_one; + *diff = secp256k1_scalar_one; for (i = 0; i < COMB_BITS - 1; ++i) { - rustsecp256k1_v0_11_scalar_add(diff, diff, diff); + secp256k1_scalar_add(diff, diff, diff); } /* The result is the sum 2^(COMB_BITS - 1) + (-1/2). */ - rustsecp256k1_v0_11_scalar_add(diff, diff, &neghalf); + secp256k1_scalar_add(diff, diff, &neghalf); } -static void rustsecp256k1_v0_11_ecmult_gen(const rustsecp256k1_v0_11_ecmult_gen_context *ctx, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *gn) { +static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp256k1_gej *r, const secp256k1_scalar *gn) { uint32_t comb_off; - rustsecp256k1_v0_11_ge add; - rustsecp256k1_v0_11_fe neg; - rustsecp256k1_v0_11_ge_storage adds; - rustsecp256k1_v0_11_scalar d; + secp256k1_ge add; + secp256k1_fe neg; + secp256k1_ge_storage adds; + secp256k1_scalar d; /* Array of uint32_t values large enough to store COMB_BITS bits. Only the bottom * 8 are ever nonzero, but having the zero padding at the end if COMB_BITS>256 * avoids the need to deal with out-of-bounds reads from a scalar. */ @@ -107,14 +107,14 @@ static void rustsecp256k1_v0_11_ecmult_gen(const rustsecp256k1_v0_11_ecmult_gen_ */ /* Compute the scalar d = (gn + ctx->scalar_offset). */ - rustsecp256k1_v0_11_scalar_add(&d, &ctx->scalar_offset, gn); + secp256k1_scalar_add(&d, &ctx->scalar_offset, gn); /* Convert to recoded array. */ for (i = 0; i < 8 && i < ((COMB_BITS + 31) >> 5); ++i) { - recoded[i] = rustsecp256k1_v0_11_scalar_get_bits_limb32(&d, 32 * i, 32); + recoded[i] = secp256k1_scalar_get_bits_limb32(&d, 32 * i, 32); } - rustsecp256k1_v0_11_scalar_clear(&d); + secp256k1_scalar_clear(&d); - /* In rustsecp256k1_v0_11_ecmult_gen_prec_table we have precomputed sums of the + /* In secp256k1_ecmult_gen_prec_table we have precomputed sums of the * (2*d[i]-1) * 2^(i-1) * G points, for various combinations of i positions. * We rewrite our equation in terms of these table entries. * @@ -185,7 +185,7 @@ static void rustsecp256k1_v0_11_ecmult_gen(const rustsecp256k1_v0_11_ecmult_gen_ * entry from the second half is needed, we look up its bit-flipped version instead, and negate * it. * - * rustsecp256k1_v0_11_ecmult_gen_prec_table[b][index] stores the table(b, m) entries. Index + * secp256k1_ecmult_gen_prec_table[b][index] stores the table(b, m) entries. Index * is the relevant mask(b) bits of m packed together without gaps. */ /* Outer loop: iterate over comb_off from COMB_SPACING - 1 down to 0. */ @@ -213,10 +213,10 @@ static void rustsecp256k1_v0_11_ecmult_gen(const rustsecp256k1_v0_11_ecmult_gen_ * but this would simply discard the bits that fall off at the bottom, * and thus, for example, bitdata could still have only two values if we * happen to shift by exactly 31 positions. We use a rotation instead, - * which ensures that bitdata doesn't loose entropy. This relies on the + * which ensures that bitdata doesn't lose entropy. This relies on the * rotation being atomic, i.e., the compiler emitting an actual rot * instruction. */ - uint32_t bitdata = rustsecp256k1_v0_11_rotr32(recoded[bit_pos >> 5], bit_pos & 0x1f); + uint32_t bitdata = secp256k1_rotr32(recoded[bit_pos >> 5], bit_pos & 0x1f); /* Clear the bit at position tooth, but sssh, don't tell clang. */ uint32_t volatile vmask = ~(1 << tooth); @@ -242,100 +242,100 @@ static void rustsecp256k1_v0_11_ecmult_gen(const rustsecp256k1_v0_11_ecmult_gen_ * (https://cryptojedi.org/peter/data/chesrump-20130822.pdf) and * "Cache Attacks and Countermeasures: the Case of AES", RSA 2006, * by Dag Arne Osvik, Adi Shamir, and Eran Tromer - * (https://www.tau.ac.il/~tromer/papers/cache.pdf) + * (https://eprint.iacr.org/2005/271.pdf) */ for (index = 0; index < COMB_POINTS; ++index) { - rustsecp256k1_v0_11_ge_storage_cmov(&adds, &rustsecp256k1_v0_11_ecmult_gen_prec_table[block][index], index == abs); + secp256k1_ge_storage_cmov(&adds, &secp256k1_ecmult_gen_prec_table[block][index], index == abs); } /* Set add=adds or add=-adds, in constant time, based on sign. */ - rustsecp256k1_v0_11_ge_from_storage(&add, &adds); - rustsecp256k1_v0_11_fe_negate(&neg, &add.y, 1); - rustsecp256k1_v0_11_fe_cmov(&add.y, &neg, sign); + secp256k1_ge_from_storage(&add, &adds); + secp256k1_fe_negate(&neg, &add.y, 1); + secp256k1_fe_cmov(&add.y, &neg, sign); /* Add the looked up and conditionally negated value to r. */ if (EXPECT(first, 0)) { /* If this is the first table lookup, we can skip addition. */ - rustsecp256k1_v0_11_gej_set_ge(r, &add); + secp256k1_gej_set_ge(r, &add); /* Give the entry a random Z coordinate to blind intermediary results. */ - rustsecp256k1_v0_11_gej_rescale(r, &ctx->proj_blind); + secp256k1_gej_rescale(r, &ctx->proj_blind); first = 0; } else { - rustsecp256k1_v0_11_gej_add_ge(r, r, &add); + secp256k1_gej_add_ge(r, r, &add); } } /* Double the result, except in the last iteration. */ if (comb_off-- == 0) break; - rustsecp256k1_v0_11_gej_double(r, r); + secp256k1_gej_double(r, r); } /* Correct for the scalar_offset added at the start (ge_offset = b*G, while b was * subtracted from the input scalar gn). */ - rustsecp256k1_v0_11_gej_add_ge(r, r, &ctx->ge_offset); + secp256k1_gej_add_ge(r, r, &ctx->ge_offset); /* Cleanup. */ - rustsecp256k1_v0_11_fe_clear(&neg); - rustsecp256k1_v0_11_ge_clear(&add); - rustsecp256k1_v0_11_memclear(&adds, sizeof(adds)); - rustsecp256k1_v0_11_memclear(&recoded, sizeof(recoded)); + secp256k1_fe_clear(&neg); + secp256k1_ge_clear(&add); + secp256k1_memclear_explicit(&adds, sizeof(adds)); + secp256k1_memclear_explicit(&recoded, sizeof(recoded)); } -/* Setup blinding values for rustsecp256k1_v0_11_ecmult_gen. */ -static void rustsecp256k1_v0_11_ecmult_gen_blind(rustsecp256k1_v0_11_ecmult_gen_context *ctx, const unsigned char *seed32) { - rustsecp256k1_v0_11_scalar b; - rustsecp256k1_v0_11_scalar diff; - rustsecp256k1_v0_11_gej gb; - rustsecp256k1_v0_11_fe f; +/* Setup blinding values for secp256k1_ecmult_gen. */ +static void secp256k1_ecmult_gen_blind(secp256k1_ecmult_gen_context *ctx, const unsigned char *seed32) { + secp256k1_scalar b; + secp256k1_scalar diff; + secp256k1_gej gb; + secp256k1_fe f; unsigned char nonce32[32]; - rustsecp256k1_v0_11_rfc6979_hmac_sha256 rng; + secp256k1_rfc6979_hmac_sha256 rng; unsigned char keydata[64]; /* Compute the (2^COMB_BITS - 1)/2 term once. */ - rustsecp256k1_v0_11_ecmult_gen_scalar_diff(&diff); + secp256k1_ecmult_gen_scalar_diff(&diff); if (seed32 == NULL) { /* When seed is NULL, reset the final point and blinding value. */ - rustsecp256k1_v0_11_ge_neg(&ctx->ge_offset, &rustsecp256k1_v0_11_ge_const_g); - rustsecp256k1_v0_11_scalar_add(&ctx->scalar_offset, &rustsecp256k1_v0_11_scalar_one, &diff); - ctx->proj_blind = rustsecp256k1_v0_11_fe_one; + secp256k1_ge_neg(&ctx->ge_offset, &secp256k1_ge_const_g); + secp256k1_scalar_add(&ctx->scalar_offset, &secp256k1_scalar_one, &diff); + ctx->proj_blind = secp256k1_fe_one; return; } /* The prior blinding value (if not reset) is chained forward by including it in the hash. */ - rustsecp256k1_v0_11_scalar_get_b32(keydata, &ctx->scalar_offset); + secp256k1_scalar_get_b32(keydata, &ctx->scalar_offset); /** Using a CSPRNG allows a failure free interface, avoids needing large amounts of random data, * and guards against weak or adversarial seeds. This is a simpler and safer interface than * asking the caller for blinding values directly and expecting them to retry on failure. */ VERIFY_CHECK(seed32 != NULL); memcpy(keydata + 32, seed32, 32); - rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(&rng, keydata, 64); - rustsecp256k1_v0_11_memclear(keydata, sizeof(keydata)); + secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, 64); + secp256k1_memclear_explicit(keydata, sizeof(keydata)); /* Compute projective blinding factor (cannot be 0). */ - rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); - rustsecp256k1_v0_11_fe_set_b32_mod(&f, nonce32); - rustsecp256k1_v0_11_fe_cmov(&f, &rustsecp256k1_v0_11_fe_one, rustsecp256k1_v0_11_fe_normalizes_to_zero(&f)); + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + secp256k1_fe_set_b32_mod(&f, nonce32); + secp256k1_fe_cmov(&f, &secp256k1_fe_one, secp256k1_fe_normalizes_to_zero(&f)); ctx->proj_blind = f; /* For a random blinding value b, set scalar_offset=diff-b, ge_offset=bG */ - rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); - rustsecp256k1_v0_11_scalar_set_b32(&b, nonce32, NULL); + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + secp256k1_scalar_set_b32(&b, nonce32, NULL); /* The blinding value cannot be zero, as that would mean ge_offset = infinity, - * which rustsecp256k1_v0_11_gej_add_ge cannot handle. */ - rustsecp256k1_v0_11_scalar_cmov(&b, &rustsecp256k1_v0_11_scalar_one, rustsecp256k1_v0_11_scalar_is_zero(&b)); - rustsecp256k1_v0_11_rfc6979_hmac_sha256_finalize(&rng); - rustsecp256k1_v0_11_ecmult_gen(ctx, &gb, &b); - rustsecp256k1_v0_11_scalar_negate(&b, &b); - rustsecp256k1_v0_11_scalar_add(&ctx->scalar_offset, &b, &diff); - rustsecp256k1_v0_11_ge_set_gej(&ctx->ge_offset, &gb); + * which secp256k1_gej_add_ge cannot handle. */ + secp256k1_scalar_cmov(&b, &secp256k1_scalar_one, secp256k1_scalar_is_zero(&b)); + secp256k1_rfc6979_hmac_sha256_finalize(&rng); + secp256k1_ecmult_gen(ctx, &gb, &b); + secp256k1_scalar_negate(&b, &b); + secp256k1_scalar_add(&ctx->scalar_offset, &b, &diff); + secp256k1_ge_set_gej(&ctx->ge_offset, &gb); /* Clean up. */ - rustsecp256k1_v0_11_memclear(nonce32, sizeof(nonce32)); - rustsecp256k1_v0_11_scalar_clear(&b); - rustsecp256k1_v0_11_gej_clear(&gb); - rustsecp256k1_v0_11_fe_clear(&f); - rustsecp256k1_v0_11_rfc6979_hmac_sha256_clear(&rng); + secp256k1_memclear_explicit(nonce32, sizeof(nonce32)); + secp256k1_scalar_clear(&b); + secp256k1_gej_clear(&gb); + secp256k1_fe_clear(&f); + secp256k1_rfc6979_hmac_sha256_clear(&rng); } #endif /* SECP256K1_ECMULT_GEN_IMPL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/ecmult_impl.h b/secp256k1-sys/depend/secp256k1/src/ecmult_impl.h index 2077c1db6..0b53b3fcb 100644 --- a/secp256k1-sys/depend/secp256k1/src/ecmult_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/ecmult_impl.h @@ -33,8 +33,8 @@ /** Larger values for ECMULT_WINDOW_SIZE result in possibly better * performance at the cost of an exponentially larger precomputed * table. The exact table size is - * (1 << (WINDOW_G - 2)) * sizeof(rustsecp256k1_v0_11_ge_storage) bytes, - * where sizeof(rustsecp256k1_v0_11_ge_storage) is typically 64 bytes but can + * (1 << (WINDOW_G - 2)) * sizeof(secp256k1_ge_storage) bytes, + * where sizeof(secp256k1_ge_storage) is typically 64 bytes but can * be larger due to platform-specific padding and alignment. * Two tables of this size are used (due to the endomorphism * optimization). @@ -70,14 +70,14 @@ * Lastly the zr[0] value, which isn't used above, is set so that: * - a.z = z(pre_a[0]) / zr[0] */ -static void rustsecp256k1_v0_11_ecmult_odd_multiples_table(int n, rustsecp256k1_v0_11_ge *pre_a, rustsecp256k1_v0_11_fe *zr, rustsecp256k1_v0_11_fe *z, const rustsecp256k1_v0_11_gej *a) { - rustsecp256k1_v0_11_gej d, ai; - rustsecp256k1_v0_11_ge d_ge; +static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_ge *pre_a, secp256k1_fe *zr, secp256k1_fe *z, const secp256k1_gej *a) { + secp256k1_gej d, ai; + secp256k1_ge d_ge; int i; VERIFY_CHECK(!a->infinity); - rustsecp256k1_v0_11_gej_double_var(&d, a, NULL); + secp256k1_gej_double_var(&d, a, NULL); /* * Perform the additions using an isomorphic curve Y^2 = X^3 + 7*C^6 where C := d.z. @@ -90,11 +90,11 @@ static void rustsecp256k1_v0_11_ecmult_odd_multiples_table(int n, rustsecp256k1_ * * The group addition functions work correctly on these isomorphic curves. * In particular phi(d) is easy to represent in affine coordinates under this isomorphism. - * This lets us use the faster rustsecp256k1_v0_11_gej_add_ge_var group addition function that we wouldn't be able to use otherwise. + * This lets us use the faster secp256k1_gej_add_ge_var group addition function that we wouldn't be able to use otherwise. */ - rustsecp256k1_v0_11_ge_set_xy(&d_ge, &d.x, &d.y); - rustsecp256k1_v0_11_ge_set_gej_zinv(&pre_a[0], a, &d.z); - rustsecp256k1_v0_11_gej_set_ge(&ai, &pre_a[0]); + secp256k1_ge_set_xy(&d_ge, &d.x, &d.y); + secp256k1_ge_set_gej_zinv(&pre_a[0], a, &d.z); + secp256k1_gej_set_ge(&ai, &pre_a[0]); ai.z = a->z; /* pre_a[0] is the point (a.x*C^2, a.y*C^3, a.z*C) which is equivalent to a. @@ -103,18 +103,18 @@ static void rustsecp256k1_v0_11_ecmult_odd_multiples_table(int n, rustsecp256k1_ zr[0] = d.z; for (i = 1; i < n; i++) { - rustsecp256k1_v0_11_gej_add_ge_var(&ai, &ai, &d_ge, &zr[i]); - rustsecp256k1_v0_11_ge_set_xy(&pre_a[i], &ai.x, &ai.y); + secp256k1_gej_add_ge_var(&ai, &ai, &d_ge, &zr[i]); + secp256k1_ge_set_xy(&pre_a[i], &ai.x, &ai.y); } /* Multiply the last z-coordinate by C to undo the isomorphism. * Since the z-coordinates of the pre_a values are implied by the zr array of z-coordinate ratios, * undoing the isomorphism here undoes the isomorphism for all pre_a values. */ - rustsecp256k1_v0_11_fe_mul(z, &ai.z, &d.z); + secp256k1_fe_mul(z, &ai.z, &d.z); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_ecmult_table_verify(int n, int w) { +SECP256K1_INLINE static void secp256k1_ecmult_table_verify(int n, int w) { (void)n; (void)w; VERIFY_CHECK(((n) & 1) == 1); @@ -122,33 +122,33 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_ecmult_table_verify(int n, int VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_ecmult_table_get_ge(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge *pre, int n, int w) { - rustsecp256k1_v0_11_ecmult_table_verify(n,w); +SECP256K1_INLINE static void secp256k1_ecmult_table_get_ge(secp256k1_ge *r, const secp256k1_ge *pre, int n, int w) { + secp256k1_ecmult_table_verify(n,w); if (n > 0) { *r = pre[(n-1)/2]; } else { *r = pre[(-n-1)/2]; - rustsecp256k1_v0_11_fe_negate(&(r->y), &(r->y), 1); + secp256k1_fe_negate(&(r->y), &(r->y), 1); } } -SECP256K1_INLINE static void rustsecp256k1_v0_11_ecmult_table_get_ge_lambda(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge *pre, const rustsecp256k1_v0_11_fe *x, int n, int w) { - rustsecp256k1_v0_11_ecmult_table_verify(n,w); +SECP256K1_INLINE static void secp256k1_ecmult_table_get_ge_lambda(secp256k1_ge *r, const secp256k1_ge *pre, const secp256k1_fe *x, int n, int w) { + secp256k1_ecmult_table_verify(n,w); if (n > 0) { - rustsecp256k1_v0_11_ge_set_xy(r, &x[(n-1)/2], &pre[(n-1)/2].y); + secp256k1_ge_set_xy(r, &x[(n-1)/2], &pre[(n-1)/2].y); } else { - rustsecp256k1_v0_11_ge_set_xy(r, &x[(-n-1)/2], &pre[(-n-1)/2].y); - rustsecp256k1_v0_11_fe_negate(&(r->y), &(r->y), 1); + secp256k1_ge_set_xy(r, &x[(-n-1)/2], &pre[(-n-1)/2].y); + secp256k1_fe_negate(&(r->y), &(r->y), 1); } } -SECP256K1_INLINE static void rustsecp256k1_v0_11_ecmult_table_get_ge_storage(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge_storage *pre, int n, int w) { - rustsecp256k1_v0_11_ecmult_table_verify(n,w); +SECP256K1_INLINE static void secp256k1_ecmult_table_get_ge_storage(secp256k1_ge *r, const secp256k1_ge_storage *pre, int n, int w) { + secp256k1_ecmult_table_verify(n,w); if (n > 0) { - rustsecp256k1_v0_11_ge_from_storage(r, &pre[(n-1)/2]); + secp256k1_ge_from_storage(r, &pre[(n-1)/2]); } else { - rustsecp256k1_v0_11_ge_from_storage(r, &pre[(-n-1)/2]); - rustsecp256k1_v0_11_fe_negate(&(r->y), &(r->y), 1); + secp256k1_ge_from_storage(r, &pre[(-n-1)/2]); + secp256k1_fe_negate(&(r->y), &(r->y), 1); } } @@ -159,8 +159,8 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_ecmult_table_get_ge_storage(rus * - the number of set values in wnaf is returned. This number is at most 256, and at most one more * than the number of bits in the (absolute value) of the input. */ -static int rustsecp256k1_v0_11_ecmult_wnaf(int *wnaf, int len, const rustsecp256k1_v0_11_scalar *a, int w) { - rustsecp256k1_v0_11_scalar s; +static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w) { + secp256k1_scalar s; int last_set_bit = -1; int bit = 0; int sign = 1; @@ -176,8 +176,8 @@ static int rustsecp256k1_v0_11_ecmult_wnaf(int *wnaf, int len, const rustsecp256 } s = *a; - if (rustsecp256k1_v0_11_scalar_get_bits_limb32(&s, 255, 1)) { - rustsecp256k1_v0_11_scalar_negate(&s, &s); + if (secp256k1_scalar_get_bits_limb32(&s, 255, 1)) { + secp256k1_scalar_negate(&s, &s); sign = -1; } @@ -185,7 +185,7 @@ static int rustsecp256k1_v0_11_ecmult_wnaf(int *wnaf, int len, const rustsecp256 while (bit < len) { int now; int word; - if (rustsecp256k1_v0_11_scalar_get_bits_limb32(&s, bit, 1) == (unsigned int)carry) { + if (secp256k1_scalar_get_bits_limb32(&s, bit, 1) == (unsigned int)carry) { bit++; continue; } @@ -195,7 +195,7 @@ static int rustsecp256k1_v0_11_ecmult_wnaf(int *wnaf, int len, const rustsecp256 now = len - bit; } - word = rustsecp256k1_v0_11_scalar_get_bits_var(&s, bit, now) + carry; + word = secp256k1_scalar_get_bits_var(&s, bit, now) + carry; carry = (word >> (w-1)) & 1; word -= carry << w; @@ -212,7 +212,7 @@ static int rustsecp256k1_v0_11_ecmult_wnaf(int *wnaf, int len, const rustsecp256 VERIFY_CHECK(carry == 0); while (verify_bit < 256) { - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_get_bits_limb32(&s, verify_bit, 1) == 0); + VERIFY_CHECK(secp256k1_scalar_get_bits_limb32(&s, verify_bit, 1) == 0); verify_bit++; } } @@ -220,25 +220,25 @@ static int rustsecp256k1_v0_11_ecmult_wnaf(int *wnaf, int len, const rustsecp256 return last_set_bit + 1; } -struct rustsecp256k1_v0_11_strauss_point_state { +struct secp256k1_strauss_point_state { int wnaf_na_1[129]; int wnaf_na_lam[129]; int bits_na_1; int bits_na_lam; }; -struct rustsecp256k1_v0_11_strauss_state { +struct secp256k1_strauss_state { /* aux is used to hold z-ratios, and then used to hold pre_a[i].x * BETA values. */ - rustsecp256k1_v0_11_fe* aux; - rustsecp256k1_v0_11_ge* pre_a; - struct rustsecp256k1_v0_11_strauss_point_state* ps; + secp256k1_fe* aux; + secp256k1_ge* pre_a; + struct secp256k1_strauss_point_state* ps; }; -static void rustsecp256k1_v0_11_ecmult_strauss_wnaf(const struct rustsecp256k1_v0_11_strauss_state *state, rustsecp256k1_v0_11_gej *r, size_t num, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_scalar *na, const rustsecp256k1_v0_11_scalar *ng) { - rustsecp256k1_v0_11_ge tmpa; - rustsecp256k1_v0_11_fe Z; +static void secp256k1_ecmult_strauss_wnaf(const struct secp256k1_strauss_state *state, secp256k1_gej *r, size_t num, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng) { + secp256k1_ge tmpa; + secp256k1_fe Z; /* Split G factors. */ - rustsecp256k1_v0_11_scalar ng_1, ng_128; + secp256k1_scalar ng_1, ng_128; int wnaf_ng_1[129]; int bits_ng_1 = 0; int wnaf_ng_128[129]; @@ -248,19 +248,19 @@ static void rustsecp256k1_v0_11_ecmult_strauss_wnaf(const struct rustsecp256k1_v size_t np; size_t no = 0; - rustsecp256k1_v0_11_fe_set_int(&Z, 1); + secp256k1_fe_set_int(&Z, 1); for (np = 0; np < num; ++np) { - rustsecp256k1_v0_11_gej tmp; - rustsecp256k1_v0_11_scalar na_1, na_lam; - if (rustsecp256k1_v0_11_scalar_is_zero(&na[np]) || rustsecp256k1_v0_11_gej_is_infinity(&a[np])) { + secp256k1_gej tmp; + secp256k1_scalar na_1, na_lam; + if (secp256k1_scalar_is_zero(&na[np]) || secp256k1_gej_is_infinity(&a[np])) { continue; } /* split na into na_1 and na_lam (where na = na_1 + na_lam*lambda, and na_1 and na_lam are ~128 bit) */ - rustsecp256k1_v0_11_scalar_split_lambda(&na_1, &na_lam, &na[np]); + secp256k1_scalar_split_lambda(&na_1, &na_lam, &na[np]); /* build wnaf representation for na_1 and na_lam. */ - state->ps[no].bits_na_1 = rustsecp256k1_v0_11_ecmult_wnaf(state->ps[no].wnaf_na_1, 129, &na_1, WINDOW_A); - state->ps[no].bits_na_lam = rustsecp256k1_v0_11_ecmult_wnaf(state->ps[no].wnaf_na_lam, 129, &na_lam, WINDOW_A); + state->ps[no].bits_na_1 = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_1, 129, &na_1, WINDOW_A); + state->ps[no].bits_na_lam = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_lam, 129, &na_lam, WINDOW_A); VERIFY_CHECK(state->ps[no].bits_na_1 <= 129); VERIFY_CHECK(state->ps[no].bits_na_lam <= 129); if (state->ps[no].bits_na_1 > bits) { @@ -277,37 +277,37 @@ static void rustsecp256k1_v0_11_ecmult_strauss_wnaf(const struct rustsecp256k1_v * the Z coordinate of the result once at the end. * The exception is the precomputed G table points, which are actually * affine. Compared to the base used for other points, they have a Z ratio - * of 1/Z, so we can use rustsecp256k1_v0_11_gej_add_zinv_var, which uses the same + * of 1/Z, so we can use secp256k1_gej_add_zinv_var, which uses the same * isomorphism to efficiently add with a known Z inverse. */ tmp = a[np]; if (no) { - rustsecp256k1_v0_11_gej_rescale(&tmp, &Z); + secp256k1_gej_rescale(&tmp, &Z); } - rustsecp256k1_v0_11_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->pre_a + no * ECMULT_TABLE_SIZE(WINDOW_A), state->aux + no * ECMULT_TABLE_SIZE(WINDOW_A), &Z, &tmp); - if (no) rustsecp256k1_v0_11_fe_mul(state->aux + no * ECMULT_TABLE_SIZE(WINDOW_A), state->aux + no * ECMULT_TABLE_SIZE(WINDOW_A), &(a[np].z)); + secp256k1_ecmult_odd_multiples_table(ECMULT_TABLE_SIZE(WINDOW_A), state->pre_a + no * ECMULT_TABLE_SIZE(WINDOW_A), state->aux + no * ECMULT_TABLE_SIZE(WINDOW_A), &Z, &tmp); + if (no) secp256k1_fe_mul(state->aux + no * ECMULT_TABLE_SIZE(WINDOW_A), state->aux + no * ECMULT_TABLE_SIZE(WINDOW_A), &(a[np].z)); ++no; } /* Bring them to the same Z denominator. */ if (no) { - rustsecp256k1_v0_11_ge_table_set_globalz(ECMULT_TABLE_SIZE(WINDOW_A) * no, state->pre_a, state->aux); + secp256k1_ge_table_set_globalz(ECMULT_TABLE_SIZE(WINDOW_A) * no, state->pre_a, state->aux); } for (np = 0; np < no; ++np) { for (i = 0; i < ECMULT_TABLE_SIZE(WINDOW_A); i++) { - rustsecp256k1_v0_11_fe_mul(&state->aux[np * ECMULT_TABLE_SIZE(WINDOW_A) + i], &state->pre_a[np * ECMULT_TABLE_SIZE(WINDOW_A) + i].x, &rustsecp256k1_v0_11_const_beta); + secp256k1_fe_mul(&state->aux[np * ECMULT_TABLE_SIZE(WINDOW_A) + i], &state->pre_a[np * ECMULT_TABLE_SIZE(WINDOW_A) + i].x, &secp256k1_const_beta); } } if (ng) { /* split ng into ng_1 and ng_128 (where gn = gn_1 + gn_128*2^128, and gn_1 and gn_128 are ~128 bit) */ - rustsecp256k1_v0_11_scalar_split_128(&ng_1, &ng_128, ng); + secp256k1_scalar_split_128(&ng_1, &ng_128, ng); /* Build wnaf representation for ng_1 and ng_128 */ - bits_ng_1 = rustsecp256k1_v0_11_ecmult_wnaf(wnaf_ng_1, 129, &ng_1, WINDOW_G); - bits_ng_128 = rustsecp256k1_v0_11_ecmult_wnaf(wnaf_ng_128, 129, &ng_128, WINDOW_G); + bits_ng_1 = secp256k1_ecmult_wnaf(wnaf_ng_1, 129, &ng_1, WINDOW_G); + bits_ng_128 = secp256k1_ecmult_wnaf(wnaf_ng_128, 129, &ng_128, WINDOW_G); if (bits_ng_1 > bits) { bits = bits_ng_1; } @@ -316,61 +316,61 @@ static void rustsecp256k1_v0_11_ecmult_strauss_wnaf(const struct rustsecp256k1_v } } - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); for (i = bits - 1; i >= 0; i--) { int n; - rustsecp256k1_v0_11_gej_double_var(r, r, NULL); + secp256k1_gej_double_var(r, r, NULL); for (np = 0; np < no; ++np) { if (i < state->ps[np].bits_na_1 && (n = state->ps[np].wnaf_na_1[i])) { - rustsecp256k1_v0_11_ecmult_table_get_ge(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); - rustsecp256k1_v0_11_gej_add_ge_var(r, r, &tmpa, NULL); + secp256k1_ecmult_table_get_ge(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); + secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); } if (i < state->ps[np].bits_na_lam && (n = state->ps[np].wnaf_na_lam[i])) { - rustsecp256k1_v0_11_ecmult_table_get_ge_lambda(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), state->aux + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); - rustsecp256k1_v0_11_gej_add_ge_var(r, r, &tmpa, NULL); + secp256k1_ecmult_table_get_ge_lambda(&tmpa, state->pre_a + np * ECMULT_TABLE_SIZE(WINDOW_A), state->aux + np * ECMULT_TABLE_SIZE(WINDOW_A), n, WINDOW_A); + secp256k1_gej_add_ge_var(r, r, &tmpa, NULL); } } if (i < bits_ng_1 && (n = wnaf_ng_1[i])) { - rustsecp256k1_v0_11_ecmult_table_get_ge_storage(&tmpa, rustsecp256k1_v0_11_pre_g, n, WINDOW_G); - rustsecp256k1_v0_11_gej_add_zinv_var(r, r, &tmpa, &Z); + secp256k1_ecmult_table_get_ge_storage(&tmpa, secp256k1_pre_g, n, WINDOW_G); + secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); } if (i < bits_ng_128 && (n = wnaf_ng_128[i])) { - rustsecp256k1_v0_11_ecmult_table_get_ge_storage(&tmpa, rustsecp256k1_v0_11_pre_g_128, n, WINDOW_G); - rustsecp256k1_v0_11_gej_add_zinv_var(r, r, &tmpa, &Z); + secp256k1_ecmult_table_get_ge_storage(&tmpa, secp256k1_pre_g_128, n, WINDOW_G); + secp256k1_gej_add_zinv_var(r, r, &tmpa, &Z); } } if (!r->infinity) { - rustsecp256k1_v0_11_fe_mul(&r->z, &r->z, &Z); + secp256k1_fe_mul(&r->z, &r->z, &Z); } } -static void rustsecp256k1_v0_11_ecmult(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_scalar *na, const rustsecp256k1_v0_11_scalar *ng) { - rustsecp256k1_v0_11_fe aux[ECMULT_TABLE_SIZE(WINDOW_A)]; - rustsecp256k1_v0_11_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; - struct rustsecp256k1_v0_11_strauss_point_state ps[1]; - struct rustsecp256k1_v0_11_strauss_state state; +static void secp256k1_ecmult(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_scalar *na, const secp256k1_scalar *ng) { + secp256k1_fe aux[ECMULT_TABLE_SIZE(WINDOW_A)]; + secp256k1_ge pre_a[ECMULT_TABLE_SIZE(WINDOW_A)]; + struct secp256k1_strauss_point_state ps[1]; + struct secp256k1_strauss_state state; state.aux = aux; state.pre_a = pre_a; state.ps = ps; - rustsecp256k1_v0_11_ecmult_strauss_wnaf(&state, r, 1, a, na, ng); + secp256k1_ecmult_strauss_wnaf(&state, r, 1, a, na, ng); } -static size_t rustsecp256k1_v0_11_strauss_scratch_size(size_t n_points) { - static const size_t point_size = (sizeof(rustsecp256k1_v0_11_ge) + sizeof(rustsecp256k1_v0_11_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct rustsecp256k1_v0_11_strauss_point_state) + sizeof(rustsecp256k1_v0_11_gej) + sizeof(rustsecp256k1_v0_11_scalar); +static size_t secp256k1_strauss_scratch_size(size_t n_points) { + static const size_t point_size = (sizeof(secp256k1_ge) + sizeof(secp256k1_fe)) * ECMULT_TABLE_SIZE(WINDOW_A) + sizeof(struct secp256k1_strauss_point_state) + sizeof(secp256k1_gej) + sizeof(secp256k1_scalar); return n_points*point_size; } -static int rustsecp256k1_v0_11_ecmult_strauss_batch(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch *scratch, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *inp_g_sc, rustsecp256k1_v0_11_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { - rustsecp256k1_v0_11_gej* points; - rustsecp256k1_v0_11_scalar* scalars; - struct rustsecp256k1_v0_11_strauss_state state; +static int secp256k1_ecmult_strauss_batch(const secp256k1_callback* error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { + secp256k1_gej* points; + secp256k1_scalar* scalars; + struct secp256k1_strauss_state state; size_t i; - const size_t scratch_checkpoint = rustsecp256k1_v0_11_scratch_checkpoint(error_callback, scratch); + const size_t scratch_checkpoint = secp256k1_scratch_checkpoint(error_callback, scratch); - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); if (inp_g_sc == NULL && n_points == 0) { return 1; } @@ -378,37 +378,37 @@ static int rustsecp256k1_v0_11_ecmult_strauss_batch(const rustsecp256k1_v0_11_ca /* We allocate STRAUSS_SCRATCH_OBJECTS objects on the scratch space. If these * allocations change, make sure to update the STRAUSS_SCRATCH_OBJECTS * constant and strauss_scratch_size accordingly. */ - points = (rustsecp256k1_v0_11_gej*)rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, n_points * sizeof(rustsecp256k1_v0_11_gej)); - scalars = (rustsecp256k1_v0_11_scalar*)rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, n_points * sizeof(rustsecp256k1_v0_11_scalar)); - state.aux = (rustsecp256k1_v0_11_fe*)rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_11_fe)); - state.pre_a = (rustsecp256k1_v0_11_ge*)rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(rustsecp256k1_v0_11_ge)); - state.ps = (struct rustsecp256k1_v0_11_strauss_point_state*)rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, n_points * sizeof(struct rustsecp256k1_v0_11_strauss_point_state)); + points = (secp256k1_gej*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_gej)); + scalars = (secp256k1_scalar*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(secp256k1_scalar)); + state.aux = (secp256k1_fe*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_fe)); + state.pre_a = (secp256k1_ge*)secp256k1_scratch_alloc(error_callback, scratch, n_points * ECMULT_TABLE_SIZE(WINDOW_A) * sizeof(secp256k1_ge)); + state.ps = (struct secp256k1_strauss_point_state*)secp256k1_scratch_alloc(error_callback, scratch, n_points * sizeof(struct secp256k1_strauss_point_state)); if (points == NULL || scalars == NULL || state.aux == NULL || state.pre_a == NULL || state.ps == NULL) { - rustsecp256k1_v0_11_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } for (i = 0; i < n_points; i++) { - rustsecp256k1_v0_11_ge point; + secp256k1_ge point; if (!cb(&scalars[i], &point, i+cb_offset, cbdata)) { - rustsecp256k1_v0_11_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } - rustsecp256k1_v0_11_gej_set_ge(&points[i], &point); + secp256k1_gej_set_ge(&points[i], &point); } - rustsecp256k1_v0_11_ecmult_strauss_wnaf(&state, r, n_points, points, scalars, inp_g_sc); - rustsecp256k1_v0_11_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + secp256k1_ecmult_strauss_wnaf(&state, r, n_points, points, scalars, inp_g_sc); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 1; } -/* Wrapper for rustsecp256k1_v0_11_ecmult_multi_func interface */ -static int rustsecp256k1_v0_11_ecmult_strauss_batch_single(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch *scratch, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *inp_g_sc, rustsecp256k1_v0_11_ecmult_multi_callback cb, void *cbdata, size_t n) { - return rustsecp256k1_v0_11_ecmult_strauss_batch(error_callback, scratch, r, inp_g_sc, cb, cbdata, n, 0); +/* Wrapper for secp256k1_ecmult_multi_func interface */ +static int secp256k1_ecmult_strauss_batch_single(const secp256k1_callback* error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { + return secp256k1_ecmult_strauss_batch(error_callback, scratch, r, inp_g_sc, cb, cbdata, n, 0); } -static size_t rustsecp256k1_v0_11_strauss_max_points(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch *scratch) { - return rustsecp256k1_v0_11_scratch_max_allocation(error_callback, scratch, STRAUSS_SCRATCH_OBJECTS) / rustsecp256k1_v0_11_strauss_scratch_size(1); +static size_t secp256k1_strauss_max_points(const secp256k1_callback* error_callback, secp256k1_scratch *scratch) { + return secp256k1_scratch_max_allocation(error_callback, scratch, STRAUSS_SCRATCH_OBJECTS) / secp256k1_strauss_scratch_size(1); } /** Convert a number to WNAF notation. @@ -418,25 +418,25 @@ static size_t rustsecp256k1_v0_11_strauss_max_points(const rustsecp256k1_v0_11_c * - the number of words set is always WNAF_SIZE(w) * - the returned skew is 0 or 1 */ -static int rustsecp256k1_v0_11_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_11_scalar *s, int w) { +static int secp256k1_wnaf_fixed(int *wnaf, const secp256k1_scalar *s, int w) { int skew = 0; int pos; int max_pos; int last_w; - const rustsecp256k1_v0_11_scalar *work = s; + const secp256k1_scalar *work = s; - if (rustsecp256k1_v0_11_scalar_is_zero(s)) { + if (secp256k1_scalar_is_zero(s)) { for (pos = 0; pos < WNAF_SIZE(w); pos++) { wnaf[pos] = 0; } return 0; } - if (rustsecp256k1_v0_11_scalar_is_even(s)) { + if (secp256k1_scalar_is_even(s)) { skew = 1; } - wnaf[0] = rustsecp256k1_v0_11_scalar_get_bits_var(work, 0, w) + skew; + wnaf[0] = secp256k1_scalar_get_bits_var(work, 0, w) + skew; /* Compute last window size. Relevant when window size doesn't divide the * number of bits in the scalar */ last_w = WNAF_BITS - (WNAF_SIZE(w) - 1) * w; @@ -444,7 +444,7 @@ static int rustsecp256k1_v0_11_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_11_s /* Store the position of the first nonzero word in max_pos to allow * skipping leading zeros when calculating the wnaf. */ for (pos = WNAF_SIZE(w) - 1; pos > 0; pos--) { - int val = rustsecp256k1_v0_11_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); + int val = secp256k1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); if(val != 0) { break; } @@ -454,7 +454,7 @@ static int rustsecp256k1_v0_11_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_11_s pos = 1; while (pos <= max_pos) { - int val = rustsecp256k1_v0_11_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); + int val = secp256k1_scalar_get_bits_var(work, pos * w, pos == WNAF_SIZE(w)-1 ? last_w : w); if ((val & 1) == 0) { wnaf[pos - 1] -= (1 << w); wnaf[pos] = (val + 1); @@ -480,14 +480,14 @@ static int rustsecp256k1_v0_11_wnaf_fixed(int *wnaf, const rustsecp256k1_v0_11_s return skew; } -struct rustsecp256k1_v0_11_pippenger_point_state { +struct secp256k1_pippenger_point_state { int skew_na; size_t input_pos; }; -struct rustsecp256k1_v0_11_pippenger_state { +struct secp256k1_pippenger_state { int *wnaf_na; - struct rustsecp256k1_v0_11_pippenger_point_state* ps; + struct secp256k1_pippenger_point_state* ps; }; /* @@ -497,7 +497,7 @@ struct rustsecp256k1_v0_11_pippenger_state { * to the point's wnaf[i]. Second, the buckets are added together such that * r += 1*bucket[0] + 3*bucket[1] + 5*bucket[2] + ... */ -static int rustsecp256k1_v0_11_ecmult_pippenger_wnaf(rustsecp256k1_v0_11_gej *buckets, int bucket_window, struct rustsecp256k1_v0_11_pippenger_state *state, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *sc, const rustsecp256k1_v0_11_ge *pt, size_t num) { +static int secp256k1_ecmult_pippenger_wnaf(secp256k1_gej *buckets, int bucket_window, struct secp256k1_pippenger_state *state, secp256k1_gej *r, const secp256k1_scalar *sc, const secp256k1_ge *pt, size_t num) { size_t n_wnaf = WNAF_SIZE(bucket_window+1); size_t np; size_t no = 0; @@ -505,55 +505,55 @@ static int rustsecp256k1_v0_11_ecmult_pippenger_wnaf(rustsecp256k1_v0_11_gej *bu int j; for (np = 0; np < num; ++np) { - if (rustsecp256k1_v0_11_scalar_is_zero(&sc[np]) || rustsecp256k1_v0_11_ge_is_infinity(&pt[np])) { + if (secp256k1_scalar_is_zero(&sc[np]) || secp256k1_ge_is_infinity(&pt[np])) { continue; } state->ps[no].input_pos = np; - state->ps[no].skew_na = rustsecp256k1_v0_11_wnaf_fixed(&state->wnaf_na[no*n_wnaf], &sc[np], bucket_window+1); + state->ps[no].skew_na = secp256k1_wnaf_fixed(&state->wnaf_na[no*n_wnaf], &sc[np], bucket_window+1); no++; } - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); if (no == 0) { return 1; } for (i = n_wnaf - 1; i >= 0; i--) { - rustsecp256k1_v0_11_gej running_sum; + secp256k1_gej running_sum; for(j = 0; j < ECMULT_TABLE_SIZE(bucket_window+2); j++) { - rustsecp256k1_v0_11_gej_set_infinity(&buckets[j]); + secp256k1_gej_set_infinity(&buckets[j]); } for (np = 0; np < no; ++np) { int n = state->wnaf_na[np*n_wnaf + i]; - struct rustsecp256k1_v0_11_pippenger_point_state point_state = state->ps[np]; - rustsecp256k1_v0_11_ge tmp; + struct secp256k1_pippenger_point_state point_state = state->ps[np]; + secp256k1_ge tmp; int idx; if (i == 0) { /* correct for wnaf skew */ int skew = point_state.skew_na; if (skew) { - rustsecp256k1_v0_11_ge_neg(&tmp, &pt[point_state.input_pos]); - rustsecp256k1_v0_11_gej_add_ge_var(&buckets[0], &buckets[0], &tmp, NULL); + secp256k1_ge_neg(&tmp, &pt[point_state.input_pos]); + secp256k1_gej_add_ge_var(&buckets[0], &buckets[0], &tmp, NULL); } } if (n > 0) { idx = (n - 1)/2; - rustsecp256k1_v0_11_gej_add_ge_var(&buckets[idx], &buckets[idx], &pt[point_state.input_pos], NULL); + secp256k1_gej_add_ge_var(&buckets[idx], &buckets[idx], &pt[point_state.input_pos], NULL); } else if (n < 0) { idx = -(n + 1)/2; - rustsecp256k1_v0_11_ge_neg(&tmp, &pt[point_state.input_pos]); - rustsecp256k1_v0_11_gej_add_ge_var(&buckets[idx], &buckets[idx], &tmp, NULL); + secp256k1_ge_neg(&tmp, &pt[point_state.input_pos]); + secp256k1_gej_add_ge_var(&buckets[idx], &buckets[idx], &tmp, NULL); } } for(j = 0; j < bucket_window; j++) { - rustsecp256k1_v0_11_gej_double_var(r, r, NULL); + secp256k1_gej_double_var(r, r, NULL); } - rustsecp256k1_v0_11_gej_set_infinity(&running_sum); + secp256k1_gej_set_infinity(&running_sum); /* Accumulate the sum: bucket[0] + 3*bucket[1] + 5*bucket[2] + 7*bucket[3] + ... * = bucket[0] + bucket[1] + bucket[2] + bucket[3] + ... * + 2 * (bucket[1] + 2*bucket[2] + 3*bucket[3] + ...) @@ -563,13 +563,13 @@ static int rustsecp256k1_v0_11_ecmult_pippenger_wnaf(rustsecp256k1_v0_11_gej *bu * The doubling is done implicitly by deferring the final window doubling (of 'r'). */ for(j = ECMULT_TABLE_SIZE(bucket_window+2) - 1; j > 0; j--) { - rustsecp256k1_v0_11_gej_add_var(&running_sum, &running_sum, &buckets[j], NULL); - rustsecp256k1_v0_11_gej_add_var(r, r, &running_sum, NULL); + secp256k1_gej_add_var(&running_sum, &running_sum, &buckets[j], NULL); + secp256k1_gej_add_var(r, r, &running_sum, NULL); } - rustsecp256k1_v0_11_gej_add_var(&running_sum, &running_sum, &buckets[0], NULL); - rustsecp256k1_v0_11_gej_double_var(r, r, NULL); - rustsecp256k1_v0_11_gej_add_var(r, r, &running_sum, NULL); + secp256k1_gej_add_var(&running_sum, &running_sum, &buckets[0], NULL); + secp256k1_gej_double_var(r, r, NULL); + secp256k1_gej_add_var(r, r, &running_sum, NULL); } return 1; } @@ -578,7 +578,7 @@ static int rustsecp256k1_v0_11_ecmult_pippenger_wnaf(rustsecp256k1_v0_11_gej *bu * Returns optimal bucket_window (number of bits of a scalar represented by a * set of buckets) for a given number of points. */ -static int rustsecp256k1_v0_11_pippenger_bucket_window(size_t n) { +static int secp256k1_pippenger_bucket_window(size_t n) { if (n <= 1) { return 1; } else if (n <= 4) { @@ -607,7 +607,7 @@ static int rustsecp256k1_v0_11_pippenger_bucket_window(size_t n) { /** * Returns the maximum optimal number of points for a bucket_window. */ -static size_t rustsecp256k1_v0_11_pippenger_bucket_window_inv(int bucket_window) { +static size_t secp256k1_pippenger_bucket_window_inv(int bucket_window) { switch(bucket_window) { case 1: return 1; case 2: return 4; @@ -626,18 +626,18 @@ static size_t rustsecp256k1_v0_11_pippenger_bucket_window_inv(int bucket_window) } -SECP256K1_INLINE static void rustsecp256k1_v0_11_ecmult_endo_split(rustsecp256k1_v0_11_scalar *s1, rustsecp256k1_v0_11_scalar *s2, rustsecp256k1_v0_11_ge *p1, rustsecp256k1_v0_11_ge *p2) { - rustsecp256k1_v0_11_scalar tmp = *s1; - rustsecp256k1_v0_11_scalar_split_lambda(s1, s2, &tmp); - rustsecp256k1_v0_11_ge_mul_lambda(p2, p1); +SECP256K1_INLINE static void secp256k1_ecmult_endo_split(secp256k1_scalar *s1, secp256k1_scalar *s2, secp256k1_ge *p1, secp256k1_ge *p2) { + secp256k1_scalar tmp = *s1; + secp256k1_scalar_split_lambda(s1, s2, &tmp); + secp256k1_ge_mul_lambda(p2, p1); - if (rustsecp256k1_v0_11_scalar_is_high(s1)) { - rustsecp256k1_v0_11_scalar_negate(s1, s1); - rustsecp256k1_v0_11_ge_neg(p1, p1); + if (secp256k1_scalar_is_high(s1)) { + secp256k1_scalar_negate(s1, s1); + secp256k1_ge_neg(p1, p1); } - if (rustsecp256k1_v0_11_scalar_is_high(s2)) { - rustsecp256k1_v0_11_scalar_negate(s2, s2); - rustsecp256k1_v0_11_ge_neg(p2, p2); + if (secp256k1_scalar_is_high(s2)) { + secp256k1_scalar_negate(s2, s2); + secp256k1_ge_neg(p2, p2); } } @@ -645,78 +645,78 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_ecmult_endo_split(rustsecp256k1 * Returns the scratch size required for a given number of points (excluding * base point G) without considering alignment. */ -static size_t rustsecp256k1_v0_11_pippenger_scratch_size(size_t n_points, int bucket_window) { +static size_t secp256k1_pippenger_scratch_size(size_t n_points, int bucket_window) { size_t entries = 2*n_points + 2; - size_t entry_size = sizeof(rustsecp256k1_v0_11_ge) + sizeof(rustsecp256k1_v0_11_scalar) + sizeof(struct rustsecp256k1_v0_11_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); - return (sizeof(rustsecp256k1_v0_11_gej) << bucket_window) + sizeof(struct rustsecp256k1_v0_11_pippenger_state) + entries * entry_size; + size_t entry_size = sizeof(secp256k1_ge) + sizeof(secp256k1_scalar) + sizeof(struct secp256k1_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); + return (sizeof(secp256k1_gej) << bucket_window) + sizeof(struct secp256k1_pippenger_state) + entries * entry_size; } -static int rustsecp256k1_v0_11_ecmult_pippenger_batch(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch *scratch, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *inp_g_sc, rustsecp256k1_v0_11_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { - const size_t scratch_checkpoint = rustsecp256k1_v0_11_scratch_checkpoint(error_callback, scratch); +static int secp256k1_ecmult_pippenger_batch(const secp256k1_callback* error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points, size_t cb_offset) { + const size_t scratch_checkpoint = secp256k1_scratch_checkpoint(error_callback, scratch); /* Use 2(n+1) with the endomorphism, when calculating batch * sizes. The reason for +1 is that we add the G scalar to the list of * other scalars. */ size_t entries = 2*n_points + 2; - rustsecp256k1_v0_11_ge *points; - rustsecp256k1_v0_11_scalar *scalars; - rustsecp256k1_v0_11_gej *buckets; - struct rustsecp256k1_v0_11_pippenger_state *state_space; + secp256k1_ge *points; + secp256k1_scalar *scalars; + secp256k1_gej *buckets; + struct secp256k1_pippenger_state *state_space; size_t idx = 0; size_t point_idx = 0; int bucket_window; - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); if (inp_g_sc == NULL && n_points == 0) { return 1; } - bucket_window = rustsecp256k1_v0_11_pippenger_bucket_window(n_points); + bucket_window = secp256k1_pippenger_bucket_window(n_points); /* We allocate PIPPENGER_SCRATCH_OBJECTS objects on the scratch space. If * these allocations change, make sure to update the * PIPPENGER_SCRATCH_OBJECTS constant and pippenger_scratch_size * accordingly. */ - points = (rustsecp256k1_v0_11_ge *) rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, entries * sizeof(*points)); - scalars = (rustsecp256k1_v0_11_scalar *) rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, entries * sizeof(*scalars)); - state_space = (struct rustsecp256k1_v0_11_pippenger_state *) rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, sizeof(*state_space)); + points = (secp256k1_ge *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*points)); + scalars = (secp256k1_scalar *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*scalars)); + state_space = (struct secp256k1_pippenger_state *) secp256k1_scratch_alloc(error_callback, scratch, sizeof(*state_space)); if (points == NULL || scalars == NULL || state_space == NULL) { - rustsecp256k1_v0_11_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } - state_space->ps = (struct rustsecp256k1_v0_11_pippenger_point_state *) rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, entries * sizeof(*state_space->ps)); - state_space->wnaf_na = (int *) rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, entries*(WNAF_SIZE(bucket_window+1)) * sizeof(int)); - buckets = (rustsecp256k1_v0_11_gej *) rustsecp256k1_v0_11_scratch_alloc(error_callback, scratch, ((size_t)1 << bucket_window) * sizeof(*buckets)); + state_space->ps = (struct secp256k1_pippenger_point_state *) secp256k1_scratch_alloc(error_callback, scratch, entries * sizeof(*state_space->ps)); + state_space->wnaf_na = (int *) secp256k1_scratch_alloc(error_callback, scratch, entries*(WNAF_SIZE(bucket_window+1)) * sizeof(int)); + buckets = (secp256k1_gej *) secp256k1_scratch_alloc(error_callback, scratch, ((size_t)1 << bucket_window) * sizeof(*buckets)); if (state_space->ps == NULL || state_space->wnaf_na == NULL || buckets == NULL) { - rustsecp256k1_v0_11_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } if (inp_g_sc != NULL) { scalars[0] = *inp_g_sc; - points[0] = rustsecp256k1_v0_11_ge_const_g; + points[0] = secp256k1_ge_const_g; idx++; - rustsecp256k1_v0_11_ecmult_endo_split(&scalars[0], &scalars[1], &points[0], &points[1]); + secp256k1_ecmult_endo_split(&scalars[0], &scalars[1], &points[0], &points[1]); idx++; } while (point_idx < n_points) { if (!cb(&scalars[idx], &points[idx], point_idx + cb_offset, cbdata)) { - rustsecp256k1_v0_11_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 0; } idx++; - rustsecp256k1_v0_11_ecmult_endo_split(&scalars[idx - 1], &scalars[idx], &points[idx - 1], &points[idx]); + secp256k1_ecmult_endo_split(&scalars[idx - 1], &scalars[idx], &points[idx - 1], &points[idx]); idx++; point_idx++; } - rustsecp256k1_v0_11_ecmult_pippenger_wnaf(buckets, bucket_window, state_space, r, scalars, points, idx); - rustsecp256k1_v0_11_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); + secp256k1_ecmult_pippenger_wnaf(buckets, bucket_window, state_space, r, scalars, points, idx); + secp256k1_scratch_apply_checkpoint(error_callback, scratch, scratch_checkpoint); return 1; } -/* Wrapper for rustsecp256k1_v0_11_ecmult_multi_func interface */ -static int rustsecp256k1_v0_11_ecmult_pippenger_batch_single(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch *scratch, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *inp_g_sc, rustsecp256k1_v0_11_ecmult_multi_callback cb, void *cbdata, size_t n) { - return rustsecp256k1_v0_11_ecmult_pippenger_batch(error_callback, scratch, r, inp_g_sc, cb, cbdata, n, 0); +/* Wrapper for secp256k1_ecmult_multi_func interface */ +static int secp256k1_ecmult_pippenger_batch_single(const secp256k1_callback* error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { + return secp256k1_ecmult_pippenger_batch(error_callback, scratch, r, inp_g_sc, cb, cbdata, n, 0); } /** @@ -724,20 +724,20 @@ static int rustsecp256k1_v0_11_ecmult_pippenger_batch_single(const rustsecp256k1 * a given scratch space. The function ensures that fewer points may also be * used. */ -static size_t rustsecp256k1_v0_11_pippenger_max_points(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch *scratch) { - size_t max_alloc = rustsecp256k1_v0_11_scratch_max_allocation(error_callback, scratch, PIPPENGER_SCRATCH_OBJECTS); +static size_t secp256k1_pippenger_max_points(const secp256k1_callback* error_callback, secp256k1_scratch *scratch) { + size_t max_alloc = secp256k1_scratch_max_allocation(error_callback, scratch, PIPPENGER_SCRATCH_OBJECTS); int bucket_window; size_t res = 0; for (bucket_window = 1; bucket_window <= PIPPENGER_MAX_BUCKET_WINDOW; bucket_window++) { size_t n_points; - size_t max_points = rustsecp256k1_v0_11_pippenger_bucket_window_inv(bucket_window); + size_t max_points = secp256k1_pippenger_bucket_window_inv(bucket_window); size_t space_for_points; size_t space_overhead; - size_t entry_size = sizeof(rustsecp256k1_v0_11_ge) + sizeof(rustsecp256k1_v0_11_scalar) + sizeof(struct rustsecp256k1_v0_11_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); + size_t entry_size = sizeof(secp256k1_ge) + sizeof(secp256k1_scalar) + sizeof(struct secp256k1_pippenger_point_state) + (WNAF_SIZE(bucket_window+1)+1)*sizeof(int); entry_size = 2*entry_size; - space_overhead = (sizeof(rustsecp256k1_v0_11_gej) << bucket_window) + entry_size + sizeof(struct rustsecp256k1_v0_11_pippenger_state); + space_overhead = (sizeof(secp256k1_gej) << bucket_window) + entry_size + sizeof(struct secp256k1_pippenger_state); if (space_overhead > max_alloc) { break; } @@ -760,32 +760,32 @@ static size_t rustsecp256k1_v0_11_pippenger_max_points(const rustsecp256k1_v0_11 /* Computes ecmult_multi by simply multiplying and adding each point. Does not * require a scratch space */ -static int rustsecp256k1_v0_11_ecmult_multi_simple_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *inp_g_sc, rustsecp256k1_v0_11_ecmult_multi_callback cb, void *cbdata, size_t n_points) { +static int secp256k1_ecmult_multi_simple_var(secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n_points) { size_t point_idx; - rustsecp256k1_v0_11_gej tmpj; + secp256k1_gej tmpj; - rustsecp256k1_v0_11_gej_set_infinity(r); - rustsecp256k1_v0_11_gej_set_infinity(&tmpj); + secp256k1_gej_set_infinity(r); + secp256k1_gej_set_infinity(&tmpj); /* r = inp_g_sc*G */ - rustsecp256k1_v0_11_ecmult(r, &tmpj, &rustsecp256k1_v0_11_scalar_zero, inp_g_sc); + secp256k1_ecmult(r, &tmpj, &secp256k1_scalar_zero, inp_g_sc); for (point_idx = 0; point_idx < n_points; point_idx++) { - rustsecp256k1_v0_11_ge point; - rustsecp256k1_v0_11_gej pointj; - rustsecp256k1_v0_11_scalar scalar; + secp256k1_ge point; + secp256k1_gej pointj; + secp256k1_scalar scalar; if (!cb(&scalar, &point, point_idx, cbdata)) { return 0; } /* r += scalar*point */ - rustsecp256k1_v0_11_gej_set_ge(&pointj, &point); - rustsecp256k1_v0_11_ecmult(&tmpj, &pointj, &scalar, NULL); - rustsecp256k1_v0_11_gej_add_var(r, r, &tmpj, NULL); + secp256k1_gej_set_ge(&pointj, &point); + secp256k1_ecmult(&tmpj, &pointj, &scalar, NULL); + secp256k1_gej_add_var(r, r, &tmpj, NULL); } return 1; } /* Compute the number of batches and the batch size given the maximum batch size and the * total number of points */ -static int rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n) { +static int secp256k1_ecmult_multi_batch_size_helper(size_t *n_batches, size_t *n_batch_points, size_t max_n_batch_points, size_t n) { if (max_n_batch_points == 0) { return 0; } @@ -803,48 +803,48 @@ static int rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(size_t *n_batches, return 1; } -typedef int (*rustsecp256k1_v0_11_ecmult_multi_func)(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch*, rustsecp256k1_v0_11_gej*, const rustsecp256k1_v0_11_scalar*, rustsecp256k1_v0_11_ecmult_multi_callback cb, void*, size_t); -static int rustsecp256k1_v0_11_ecmult_multi_var(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch *scratch, rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_scalar *inp_g_sc, rustsecp256k1_v0_11_ecmult_multi_callback cb, void *cbdata, size_t n) { +typedef int (*secp256k1_ecmult_multi_func)(const secp256k1_callback* error_callback, secp256k1_scratch*, secp256k1_gej*, const secp256k1_scalar*, secp256k1_ecmult_multi_callback cb, void*, size_t); +static int secp256k1_ecmult_multi_var(const secp256k1_callback* error_callback, secp256k1_scratch *scratch, secp256k1_gej *r, const secp256k1_scalar *inp_g_sc, secp256k1_ecmult_multi_callback cb, void *cbdata, size_t n) { size_t i; - int (*f)(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch*, rustsecp256k1_v0_11_gej*, const rustsecp256k1_v0_11_scalar*, rustsecp256k1_v0_11_ecmult_multi_callback cb, void*, size_t, size_t); + int (*f)(const secp256k1_callback* error_callback, secp256k1_scratch*, secp256k1_gej*, const secp256k1_scalar*, secp256k1_ecmult_multi_callback cb, void*, size_t, size_t); size_t n_batches; size_t n_batch_points; - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); if (inp_g_sc == NULL && n == 0) { return 1; } else if (n == 0) { - rustsecp256k1_v0_11_ecmult(r, r, &rustsecp256k1_v0_11_scalar_zero, inp_g_sc); + secp256k1_ecmult(r, r, &secp256k1_scalar_zero, inp_g_sc); return 1; } if (scratch == NULL) { - return rustsecp256k1_v0_11_ecmult_multi_simple_var(r, inp_g_sc, cb, cbdata, n); + return secp256k1_ecmult_multi_simple_var(r, inp_g_sc, cb, cbdata, n); } /* Compute the batch sizes for Pippenger's algorithm given a scratch space. If it's greater than * a threshold use Pippenger's algorithm. Otherwise use Strauss' algorithm. * As a first step check if there's enough space for Pippenger's algo (which requires less space * than Strauss' algo) and if not, use the simple algorithm. */ - if (!rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, rustsecp256k1_v0_11_pippenger_max_points(error_callback, scratch), n)) { - return rustsecp256k1_v0_11_ecmult_multi_simple_var(r, inp_g_sc, cb, cbdata, n); + if (!secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, secp256k1_pippenger_max_points(error_callback, scratch), n)) { + return secp256k1_ecmult_multi_simple_var(r, inp_g_sc, cb, cbdata, n); } if (n_batch_points >= ECMULT_PIPPENGER_THRESHOLD) { - f = rustsecp256k1_v0_11_ecmult_pippenger_batch; + f = secp256k1_ecmult_pippenger_batch; } else { - if (!rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, rustsecp256k1_v0_11_strauss_max_points(error_callback, scratch), n)) { - return rustsecp256k1_v0_11_ecmult_multi_simple_var(r, inp_g_sc, cb, cbdata, n); + if (!secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, secp256k1_strauss_max_points(error_callback, scratch), n)) { + return secp256k1_ecmult_multi_simple_var(r, inp_g_sc, cb, cbdata, n); } - f = rustsecp256k1_v0_11_ecmult_strauss_batch; + f = secp256k1_ecmult_strauss_batch; } for(i = 0; i < n_batches; i++) { size_t nbp = n < n_batch_points ? n : n_batch_points; size_t offset = n_batch_points*i; - rustsecp256k1_v0_11_gej tmp; + secp256k1_gej tmp; if (!f(error_callback, scratch, &tmp, i == 0 ? inp_g_sc : NULL, cb, cbdata, nbp, offset)) { return 0; } - rustsecp256k1_v0_11_gej_add_var(r, r, &tmp, NULL); + secp256k1_gej_add_var(r, r, &tmp, NULL); n -= nbp; } return 1; diff --git a/secp256k1-sys/depend/secp256k1/src/field.h b/secp256k1-sys/depend/secp256k1/src/field.h index dd4e38358..1f6ba7460 100644 --- a/secp256k1-sys/depend/secp256k1/src/field.h +++ b/secp256k1-sys/depend/secp256k1/src/field.h @@ -9,15 +9,15 @@ #include "util.h" -/* This file defines the generic interface for working with rustsecp256k1_v0_11_fe +/* This file defines the generic interface for working with secp256k1_fe * objects, which represent field elements (integers modulo 2^256 - 2^32 - 977). * - * The actual definition of the rustsecp256k1_v0_11_fe type depends on the chosen field + * The actual definition of the secp256k1_fe type depends on the chosen field * implementation; see the field_5x52.h and field_10x26.h files for details. * - * All rustsecp256k1_v0_11_fe objects have implicit properties that determine what + * All secp256k1_fe objects have implicit properties that determine what * operations are permitted on it. These are purely a function of what - * rustsecp256k1_v0_11_fe_ operations are applied on it, generally (implicitly) fixed at + * secp256k1_fe_ operations are applied on it, generally (implicitly) fixed at * compile time, and do not depend on the chosen field implementation. Despite * that, what these properties actually entail for the field representation * values depends on the chosen field implementation. These properties are: @@ -26,7 +26,7 @@ * * In VERIFY mode, they are materialized explicitly as fields in the struct, * allowing run-time verification of these properties. In that case, the field - * implementation also provides a rustsecp256k1_v0_11_fe_verify routine to verify that + * implementation also provides a secp256k1_fe_verify routine to verify that * these fields match the run-time value and perform internal consistency * checks. */ #ifdef VERIFY @@ -56,7 +56,7 @@ #define SECP256K1_FE_VERIFY_CONST(d7, d6, d5, d4, d3, d2, d1, d0) #endif -/** This expands to an initializer for a rustsecp256k1_v0_11_fe valued sum((i*32) * d_i, i=0..7) mod p. +/** This expands to an initializer for a secp256k1_fe valued sum((i*32) * d_i, i=0..7) mod p. * * It has magnitude 1, unless d_i are all 0, in which case the magnitude is 0. * It is normalized, unless sum(2^(i*32) * d_i, i=0..7) >= p. @@ -65,8 +65,8 @@ */ #define SECP256K1_FE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {SECP256K1_FE_CONST_INNER((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)) SECP256K1_FE_VERIFY_CONST((d7), (d6), (d5), (d4), (d3), (d2), (d1), (d0)) } -static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_fe_one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); -static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_const_beta = SECP256K1_FE_CONST( +static const secp256k1_fe secp256k1_fe_one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); +static const secp256k1_fe secp256k1_const_beta = SECP256K1_FE_CONST( 0x7ae96a2bul, 0x657c0710ul, 0x6e64479eul, 0xac3434e9ul, 0x9cf04975ul, 0x12f58995ul, 0xc1396c28ul, 0x719501eeul ); @@ -75,32 +75,32 @@ static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_const_beta = SECP256K1_F /* In non-VERIFY mode, we #define the fe operations to be identical to their * internal field implementation, to avoid the potential overhead of a * function call (even though presumably inlinable). */ -# define rustsecp256k1_v0_11_fe_normalize rustsecp256k1_v0_11_fe_impl_normalize -# define rustsecp256k1_v0_11_fe_normalize_weak rustsecp256k1_v0_11_fe_impl_normalize_weak -# define rustsecp256k1_v0_11_fe_normalize_var rustsecp256k1_v0_11_fe_impl_normalize_var -# define rustsecp256k1_v0_11_fe_normalizes_to_zero rustsecp256k1_v0_11_fe_impl_normalizes_to_zero -# define rustsecp256k1_v0_11_fe_normalizes_to_zero_var rustsecp256k1_v0_11_fe_impl_normalizes_to_zero_var -# define rustsecp256k1_v0_11_fe_set_int rustsecp256k1_v0_11_fe_impl_set_int -# define rustsecp256k1_v0_11_fe_is_zero rustsecp256k1_v0_11_fe_impl_is_zero -# define rustsecp256k1_v0_11_fe_is_odd rustsecp256k1_v0_11_fe_impl_is_odd -# define rustsecp256k1_v0_11_fe_cmp_var rustsecp256k1_v0_11_fe_impl_cmp_var -# define rustsecp256k1_v0_11_fe_set_b32_mod rustsecp256k1_v0_11_fe_impl_set_b32_mod -# define rustsecp256k1_v0_11_fe_set_b32_limit rustsecp256k1_v0_11_fe_impl_set_b32_limit -# define rustsecp256k1_v0_11_fe_get_b32 rustsecp256k1_v0_11_fe_impl_get_b32 -# define rustsecp256k1_v0_11_fe_negate_unchecked rustsecp256k1_v0_11_fe_impl_negate_unchecked -# define rustsecp256k1_v0_11_fe_mul_int_unchecked rustsecp256k1_v0_11_fe_impl_mul_int_unchecked -# define rustsecp256k1_v0_11_fe_add rustsecp256k1_v0_11_fe_impl_add -# define rustsecp256k1_v0_11_fe_mul rustsecp256k1_v0_11_fe_impl_mul -# define rustsecp256k1_v0_11_fe_sqr rustsecp256k1_v0_11_fe_impl_sqr -# define rustsecp256k1_v0_11_fe_cmov rustsecp256k1_v0_11_fe_impl_cmov -# define rustsecp256k1_v0_11_fe_to_storage rustsecp256k1_v0_11_fe_impl_to_storage -# define rustsecp256k1_v0_11_fe_from_storage rustsecp256k1_v0_11_fe_impl_from_storage -# define rustsecp256k1_v0_11_fe_inv rustsecp256k1_v0_11_fe_impl_inv -# define rustsecp256k1_v0_11_fe_inv_var rustsecp256k1_v0_11_fe_impl_inv_var -# define rustsecp256k1_v0_11_fe_get_bounds rustsecp256k1_v0_11_fe_impl_get_bounds -# define rustsecp256k1_v0_11_fe_half rustsecp256k1_v0_11_fe_impl_half -# define rustsecp256k1_v0_11_fe_add_int rustsecp256k1_v0_11_fe_impl_add_int -# define rustsecp256k1_v0_11_fe_is_square_var rustsecp256k1_v0_11_fe_impl_is_square_var +# define secp256k1_fe_normalize secp256k1_fe_impl_normalize +# define secp256k1_fe_normalize_weak secp256k1_fe_impl_normalize_weak +# define secp256k1_fe_normalize_var secp256k1_fe_impl_normalize_var +# define secp256k1_fe_normalizes_to_zero secp256k1_fe_impl_normalizes_to_zero +# define secp256k1_fe_normalizes_to_zero_var secp256k1_fe_impl_normalizes_to_zero_var +# define secp256k1_fe_set_int secp256k1_fe_impl_set_int +# define secp256k1_fe_is_zero secp256k1_fe_impl_is_zero +# define secp256k1_fe_is_odd secp256k1_fe_impl_is_odd +# define secp256k1_fe_cmp_var secp256k1_fe_impl_cmp_var +# define secp256k1_fe_set_b32_mod secp256k1_fe_impl_set_b32_mod +# define secp256k1_fe_set_b32_limit secp256k1_fe_impl_set_b32_limit +# define secp256k1_fe_get_b32 secp256k1_fe_impl_get_b32 +# define secp256k1_fe_negate_unchecked secp256k1_fe_impl_negate_unchecked +# define secp256k1_fe_mul_int_unchecked secp256k1_fe_impl_mul_int_unchecked +# define secp256k1_fe_add secp256k1_fe_impl_add +# define secp256k1_fe_mul secp256k1_fe_impl_mul +# define secp256k1_fe_sqr secp256k1_fe_impl_sqr +# define secp256k1_fe_cmov secp256k1_fe_impl_cmov +# define secp256k1_fe_to_storage secp256k1_fe_impl_to_storage +# define secp256k1_fe_from_storage secp256k1_fe_impl_from_storage +# define secp256k1_fe_inv secp256k1_fe_impl_inv +# define secp256k1_fe_inv_var secp256k1_fe_impl_inv_var +# define secp256k1_fe_get_bounds secp256k1_fe_impl_get_bounds +# define secp256k1_fe_half secp256k1_fe_impl_half +# define secp256k1_fe_add_int secp256k1_fe_impl_add_int +# define secp256k1_fe_is_square_var secp256k1_fe_impl_is_square_var #endif /* !defined(VERIFY) */ /** Normalize a field element. @@ -108,60 +108,60 @@ static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_const_beta = SECP256K1_F * On input, r must be a valid field element. * On output, r represents the same value but has normalized=1 and magnitude=1. */ -static void rustsecp256k1_v0_11_fe_normalize(rustsecp256k1_v0_11_fe *r); +static void secp256k1_fe_normalize(secp256k1_fe *r); /** Give a field element magnitude 1. * * On input, r must be a valid field element. * On output, r represents the same value but has magnitude=1. Normalized is unchanged. */ -static void rustsecp256k1_v0_11_fe_normalize_weak(rustsecp256k1_v0_11_fe *r); +static void secp256k1_fe_normalize_weak(secp256k1_fe *r); /** Normalize a field element, without constant-time guarantee. * - * Identical in behavior to rustsecp256k1_v0_11_fe_normalize, but not constant time in r. + * Identical in behavior to secp256k1_fe_normalize, but not constant time in r. */ -static void rustsecp256k1_v0_11_fe_normalize_var(rustsecp256k1_v0_11_fe *r); +static void secp256k1_fe_normalize_var(secp256k1_fe *r); /** Determine whether r represents field element 0. * * On input, r must be a valid field element. * Returns whether r = 0 (mod p). */ -static int rustsecp256k1_v0_11_fe_normalizes_to_zero(const rustsecp256k1_v0_11_fe *r); +static int secp256k1_fe_normalizes_to_zero(const secp256k1_fe *r); /** Determine whether r represents field element 0, without constant-time guarantee. * - * Identical in behavior to rustsecp256k1_v0_11_normalizes_to_zero, but not constant time in r. + * Identical in behavior to secp256k1_normalizes_to_zero, but not constant time in r. */ -static int rustsecp256k1_v0_11_fe_normalizes_to_zero_var(const rustsecp256k1_v0_11_fe *r); +static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r); /** Set a field element to an integer in range [0,0x7FFF]. * * On input, r does not need to be initialized, a must be in [0,0x7FFF]. * On output, r represents value a, is normalized and has magnitude (a!=0). */ -static void rustsecp256k1_v0_11_fe_set_int(rustsecp256k1_v0_11_fe *r, int a); +static void secp256k1_fe_set_int(secp256k1_fe *r, int a); /** Clear a field element to prevent leaking sensitive information. */ -static void rustsecp256k1_v0_11_fe_clear(rustsecp256k1_v0_11_fe *a); +static void secp256k1_fe_clear(secp256k1_fe *a); /** Determine whether a represents field element 0. * * On input, a must be a valid normalized field element. * Returns whether a = 0 (mod p). * - * This behaves identical to rustsecp256k1_v0_11_normalizes_to_zero{,_var}, but requires + * This behaves identical to secp256k1_normalizes_to_zero{,_var}, but requires * normalized input (and is much faster). */ -static int rustsecp256k1_v0_11_fe_is_zero(const rustsecp256k1_v0_11_fe *a); +static int secp256k1_fe_is_zero(const secp256k1_fe *a); /** Determine whether a (mod p) is odd. * * On input, a must be a valid normalized field element. * Returns (int(a) mod p) & 1. */ -static int rustsecp256k1_v0_11_fe_is_odd(const rustsecp256k1_v0_11_fe *a); +static int secp256k1_fe_is_odd(const secp256k1_fe *a); /** Determine whether two field elements are equal. * @@ -169,7 +169,7 @@ static int rustsecp256k1_v0_11_fe_is_odd(const rustsecp256k1_v0_11_fe *a); * 1 and 31, respectively. * Returns a = b (mod p). */ -static int rustsecp256k1_v0_11_fe_equal(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b); +static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b); /** Compare the values represented by 2 field elements, without constant-time guarantee. * @@ -177,7 +177,7 @@ static int rustsecp256k1_v0_11_fe_equal(const rustsecp256k1_v0_11_fe *a, const r * Returns 1 if a > b, -1 if a < b, and 0 if a = b (comparisons are done as integers * in range 0..p-1). */ -static int rustsecp256k1_v0_11_fe_cmp_var(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b); +static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b); /** Set a field element equal to the element represented by a provided 32-byte big endian value * interpreted modulo p. @@ -185,7 +185,7 @@ static int rustsecp256k1_v0_11_fe_cmp_var(const rustsecp256k1_v0_11_fe *a, const * On input, r does not need to be initialized. a must be a pointer to an initialized 32-byte array. * On output, r = a (mod p). It will have magnitude 1, and not be normalized. */ -static void rustsecp256k1_v0_11_fe_set_b32_mod(rustsecp256k1_v0_11_fe *r, const unsigned char *a); +static void secp256k1_fe_set_b32_mod(secp256k1_fe *r, const unsigned char *a); /** Set a field element equal to a provided 32-byte big endian value, checking for overflow. * @@ -193,13 +193,13 @@ static void rustsecp256k1_v0_11_fe_set_b32_mod(rustsecp256k1_v0_11_fe *r, const * On output, r = a if (a < p), it will be normalized with magnitude 1, and 1 is returned. * If a >= p, 0 is returned, and r will be made invalid (and must not be used without overwriting). */ -static int rustsecp256k1_v0_11_fe_set_b32_limit(rustsecp256k1_v0_11_fe *r, const unsigned char *a); +static int secp256k1_fe_set_b32_limit(secp256k1_fe *r, const unsigned char *a); /** Convert a field element to 32-byte big endian byte array. * On input, a must be a valid normalized field element, and r a pointer to a 32-byte array. * On output, r = a (mod p). */ -static void rustsecp256k1_v0_11_fe_get_b32(unsigned char *r, const rustsecp256k1_v0_11_fe *a); +static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a); /** Negate a field element. * @@ -208,20 +208,20 @@ static void rustsecp256k1_v0_11_fe_get_b32(unsigned char *r, const rustsecp256k1 * Performs {r = -a}. * On output, r will not be normalized, and will have magnitude m+1. */ -#define rustsecp256k1_v0_11_fe_negate(r, a, m) ASSERT_INT_CONST_AND_DO(m, rustsecp256k1_v0_11_fe_negate_unchecked(r, a, m)) +#define secp256k1_fe_negate(r, a, m) ASSERT_INT_CONST_AND_DO(m, secp256k1_fe_negate_unchecked(r, a, m)) -/** Like rustsecp256k1_v0_11_fe_negate_unchecked but m is not checked to be an integer constant expression. +/** Like secp256k1_fe_negate_unchecked but m is not checked to be an integer constant expression. * * Should not be called directly outside of tests. */ -static void rustsecp256k1_v0_11_fe_negate_unchecked(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int m); +static void secp256k1_fe_negate_unchecked(secp256k1_fe *r, const secp256k1_fe *a, int m); /** Add a small integer to a field element. * * Performs {r += a}. The magnitude of r increases by 1, and normalized is cleared. * a must be in range [0,0x7FFF]. */ -static void rustsecp256k1_v0_11_fe_add_int(rustsecp256k1_v0_11_fe *r, int a); +static void secp256k1_fe_add_int(secp256k1_fe *r, int a); /** Multiply a field element with a small integer. * @@ -230,13 +230,13 @@ static void rustsecp256k1_v0_11_fe_add_int(rustsecp256k1_v0_11_fe *r, int a); * Performs {r *= a}. * On output, r's magnitude is multiplied by a, and r will not be normalized. */ -#define rustsecp256k1_v0_11_fe_mul_int(r, a) ASSERT_INT_CONST_AND_DO(a, rustsecp256k1_v0_11_fe_mul_int_unchecked(r, a)) +#define secp256k1_fe_mul_int(r, a) ASSERT_INT_CONST_AND_DO(a, secp256k1_fe_mul_int_unchecked(r, a)) -/** Like rustsecp256k1_v0_11_fe_mul_int but a is not checked to be an integer constant expression. +/** Like secp256k1_fe_mul_int but a is not checked to be an integer constant expression. * * Should not be called directly outside of tests. */ -static void rustsecp256k1_v0_11_fe_mul_int_unchecked(rustsecp256k1_v0_11_fe *r, int a); +static void secp256k1_fe_mul_int_unchecked(secp256k1_fe *r, int a); /** Increment a field element by another. * @@ -245,7 +245,7 @@ static void rustsecp256k1_v0_11_fe_mul_int_unchecked(rustsecp256k1_v0_11_fe *r, * Performs {r += a}. * On output, r will not be normalized, and will have magnitude incremented by a's. */ -static void rustsecp256k1_v0_11_fe_add(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a); +static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a); /** Multiply two field elements. * @@ -255,7 +255,7 @@ static void rustsecp256k1_v0_11_fe_add(rustsecp256k1_v0_11_fe *r, const rustsecp * Performs {r = a * b} * On output, r will have magnitude 1, but won't be normalized. */ -static void rustsecp256k1_v0_11_fe_mul(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT b); +static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b); /** Square a field element. * @@ -264,7 +264,7 @@ static void rustsecp256k1_v0_11_fe_mul(rustsecp256k1_v0_11_fe *r, const rustsecp * Performs {r = a**2} * On output, r will have magnitude 1, but won't be normalized. */ -static void rustsecp256k1_v0_11_fe_sqr(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a); +static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a); /** Compute a square root of a field element. * @@ -275,7 +275,7 @@ static void rustsecp256k1_v0_11_fe_sqr(rustsecp256k1_v0_11_fe *r, const rustsecp * Variables r and a must not point to the same object. * On output, r will have magnitude 1 but will not be normalized. */ -static int rustsecp256k1_v0_11_fe_sqrt(rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT r, const rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT a); +static int secp256k1_fe_sqrt(secp256k1_fe * SECP256K1_RESTRICT r, const secp256k1_fe * SECP256K1_RESTRICT a); /** Compute the modular inverse of a field element. * @@ -284,31 +284,31 @@ static int rustsecp256k1_v0_11_fe_sqrt(rustsecp256k1_v0_11_fe * SECP256K1_RESTRI * inverse). * On output, r will have magnitude (a.magnitude != 0) and be normalized. */ -static void rustsecp256k1_v0_11_fe_inv(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a); +static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a); /** Compute the modular inverse of a field element, without constant-time guarantee. * - * Behaves identically to rustsecp256k1_v0_11_fe_inv, but is not constant-time in a. + * Behaves identically to secp256k1_fe_inv, but is not constant-time in a. */ -static void rustsecp256k1_v0_11_fe_inv_var(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a); +static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a); -/** Convert a field element to rustsecp256k1_v0_11_fe_storage. +/** Convert a field element to secp256k1_fe_storage. * * On input, a must be a valid normalized field element. * Performs {r = a}. */ -static void rustsecp256k1_v0_11_fe_to_storage(rustsecp256k1_v0_11_fe_storage *r, const rustsecp256k1_v0_11_fe *a); +static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a); -/** Convert a field element back from rustsecp256k1_v0_11_fe_storage. +/** Convert a field element back from secp256k1_fe_storage. * * On input, r need not be initialized. * Performs {r = a}. * On output, r will be normalized and will have magnitude 1. */ -static void rustsecp256k1_v0_11_fe_from_storage(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe_storage *a); +static void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a); /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ -static void rustsecp256k1_v0_11_fe_storage_cmov(rustsecp256k1_v0_11_fe_storage *r, const rustsecp256k1_v0_11_fe_storage *a, int flag); +static void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag); /** Conditionally move a field element in constant time. * @@ -318,7 +318,7 @@ static void rustsecp256k1_v0_11_fe_storage_cmov(rustsecp256k1_v0_11_fe_storage * * On output, r's magnitude will be the maximum of both input magnitudes. * It will be normalized if and only if both inputs were normalized. */ -static void rustsecp256k1_v0_11_fe_cmov(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int flag); +static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag); /** Halve the value of a field element modulo the field prime in constant-time. * @@ -326,25 +326,25 @@ static void rustsecp256k1_v0_11_fe_cmov(rustsecp256k1_v0_11_fe *r, const rustsec * On output, r will be normalized and have magnitude floor(m/2) + 1 where m is * the magnitude of r on input. */ -static void rustsecp256k1_v0_11_fe_half(rustsecp256k1_v0_11_fe *r); +static void secp256k1_fe_half(secp256k1_fe *r); /** Sets r to a field element with magnitude m, normalized if (and only if) m==0. * The value is chosen so that it is likely to trigger edge cases related to * internal overflows. */ -static void rustsecp256k1_v0_11_fe_get_bounds(rustsecp256k1_v0_11_fe *r, int m); +static void secp256k1_fe_get_bounds(secp256k1_fe *r, int m); /** Determine whether a is a square (modulo p). * * On input, a must be a valid field element. */ -static int rustsecp256k1_v0_11_fe_is_square_var(const rustsecp256k1_v0_11_fe *a); +static int secp256k1_fe_is_square_var(const secp256k1_fe *a); /** Check invariants on a field element (no-op unless VERIFY is enabled). */ -static void rustsecp256k1_v0_11_fe_verify(const rustsecp256k1_v0_11_fe *a); -#define SECP256K1_FE_VERIFY(a) rustsecp256k1_v0_11_fe_verify(a) +static void secp256k1_fe_verify(const secp256k1_fe *a); +#define SECP256K1_FE_VERIFY(a) secp256k1_fe_verify(a) /** Check that magnitude of a is at most m (no-op unless VERIFY is enabled). */ -static void rustsecp256k1_v0_11_fe_verify_magnitude(const rustsecp256k1_v0_11_fe *a, int m); -#define SECP256K1_FE_VERIFY_MAGNITUDE(a, m) rustsecp256k1_v0_11_fe_verify_magnitude(a, m) +static void secp256k1_fe_verify_magnitude(const secp256k1_fe *a, int m); +#define SECP256K1_FE_VERIFY_MAGNITUDE(a, m) secp256k1_fe_verify_magnitude(a, m) #endif /* SECP256K1_FIELD_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/field_10x26.h b/secp256k1-sys/depend/secp256k1/src/field_10x26.h index 0371dc410..203c10167 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_10x26.h +++ b/secp256k1-sys/depend/secp256k1/src/field_10x26.h @@ -31,7 +31,7 @@ typedef struct { * (together these imply n[9] <= 2^22 - 1) */ SECP256K1_FE_VERIFY_FIELDS -} rustsecp256k1_v0_11_fe; +} secp256k1_fe; /* Unpacks a constant into a overlapping multi-limbed FE element. */ #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ @@ -49,7 +49,7 @@ typedef struct { typedef struct { uint32_t n[8]; -} rustsecp256k1_v0_11_fe_storage; +} secp256k1_fe_storage; #define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ (d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7) }} #define SECP256K1_FE_STORAGE_CONST_GET(d) d.n[7], d.n[6], d.n[5], d.n[4],d.n[3], d.n[2], d.n[1], d.n[0] diff --git a/secp256k1-sys/depend/secp256k1/src/field_10x26_impl.h b/secp256k1-sys/depend/secp256k1/src/field_10x26_impl.h index a85241b9e..ea14c2731 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_10x26_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_10x26_impl.h @@ -13,7 +13,7 @@ #include "modinv32_impl.h" #ifdef VERIFY -static void rustsecp256k1_v0_11_fe_impl_verify(const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_verify(const secp256k1_fe *a) { const uint32_t *d = a->n; int m = a->normalized ? 1 : 2 * a->magnitude; VERIFY_CHECK(d[0] <= 0x3FFFFFFUL * m); @@ -37,7 +37,7 @@ static void rustsecp256k1_v0_11_fe_impl_verify(const rustsecp256k1_v0_11_fe *a) } #endif -static void rustsecp256k1_v0_11_fe_impl_get_bounds(rustsecp256k1_v0_11_fe *r, int m) { +static void secp256k1_fe_impl_get_bounds(secp256k1_fe *r, int m) { r->n[0] = 0x3FFFFFFUL * 2 * m; r->n[1] = 0x3FFFFFFUL * 2 * m; r->n[2] = 0x3FFFFFFUL * 2 * m; @@ -50,7 +50,7 @@ static void rustsecp256k1_v0_11_fe_impl_get_bounds(rustsecp256k1_v0_11_fe *r, in r->n[9] = 0x03FFFFFUL * 2 * m; } -static void rustsecp256k1_v0_11_fe_impl_normalize(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize(secp256k1_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -99,7 +99,7 @@ static void rustsecp256k1_v0_11_fe_impl_normalize(rustsecp256k1_v0_11_fe *r) { r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; } -static void rustsecp256k1_v0_11_fe_impl_normalize_weak(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -125,7 +125,7 @@ static void rustsecp256k1_v0_11_fe_impl_normalize_weak(rustsecp256k1_v0_11_fe *r r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; } -static void rustsecp256k1_v0_11_fe_impl_normalize_var(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize_var(secp256k1_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -175,7 +175,7 @@ static void rustsecp256k1_v0_11_fe_impl_normalize_var(rustsecp256k1_v0_11_fe *r) r->n[5] = t5; r->n[6] = t6; r->n[7] = t7; r->n[8] = t8; r->n[9] = t9; } -static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero(const rustsecp256k1_v0_11_fe *r) { +static int secp256k1_fe_impl_normalizes_to_zero(const secp256k1_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; @@ -204,7 +204,7 @@ static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero(const rustsecp256k1_v0 return (z0 == 0) | (z1 == 0x3FFFFFFUL); } -static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero_var(const rustsecp256k1_v0_11_fe *r) { +static int secp256k1_fe_impl_normalizes_to_zero_var(const secp256k1_fe *r) { uint32_t t0, t1, t2, t3, t4, t5, t6, t7, t8, t9; uint32_t z0, z1; uint32_t x; @@ -256,21 +256,21 @@ static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero_var(const rustsecp256k return (z0 == 0) | (z1 == 0x3FFFFFFUL); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_set_int(rustsecp256k1_v0_11_fe *r, int a) { +SECP256K1_INLINE static void secp256k1_fe_impl_set_int(secp256k1_fe *r, int a) { r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0; } -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_impl_is_zero(const rustsecp256k1_v0_11_fe *a) { +SECP256K1_INLINE static int secp256k1_fe_impl_is_zero(const secp256k1_fe *a) { const uint32_t *t = a->n; return (t[0] | t[1] | t[2] | t[3] | t[4] | t[5] | t[6] | t[7] | t[8] | t[9]) == 0; } -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_impl_is_odd(const rustsecp256k1_v0_11_fe *a) { +SECP256K1_INLINE static int secp256k1_fe_impl_is_odd(const secp256k1_fe *a) { return a->n[0] & 1; } -static int rustsecp256k1_v0_11_fe_impl_cmp_var(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b) { +static int secp256k1_fe_impl_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { int i; for (i = 9; i >= 0; i--) { if (a->n[i] > b->n[i]) { @@ -283,7 +283,7 @@ static int rustsecp256k1_v0_11_fe_impl_cmp_var(const rustsecp256k1_v0_11_fe *a, return 0; } -static void rustsecp256k1_v0_11_fe_impl_set_b32_mod(rustsecp256k1_v0_11_fe *r, const unsigned char *a) { +static void secp256k1_fe_impl_set_b32_mod(secp256k1_fe *r, const unsigned char *a) { r->n[0] = (uint32_t)a[31] | ((uint32_t)a[30] << 8) | ((uint32_t)a[29] << 16) | ((uint32_t)(a[28] & 0x3) << 24); r->n[1] = (uint32_t)((a[28] >> 2) & 0x3f) | ((uint32_t)a[27] << 6) | ((uint32_t)a[26] << 14) | ((uint32_t)(a[25] & 0xf) << 22); r->n[2] = (uint32_t)((a[25] >> 4) & 0xf) | ((uint32_t)a[24] << 4) | ((uint32_t)a[23] << 12) | ((uint32_t)(a[22] & 0x3f) << 20); @@ -296,13 +296,13 @@ static void rustsecp256k1_v0_11_fe_impl_set_b32_mod(rustsecp256k1_v0_11_fe *r, c r->n[9] = (uint32_t)((a[2] >> 2) & 0x3f) | ((uint32_t)a[1] << 6) | ((uint32_t)a[0] << 14); } -static int rustsecp256k1_v0_11_fe_impl_set_b32_limit(rustsecp256k1_v0_11_fe *r, const unsigned char *a) { - rustsecp256k1_v0_11_fe_impl_set_b32_mod(r, a); +static int secp256k1_fe_impl_set_b32_limit(secp256k1_fe *r, const unsigned char *a) { + secp256k1_fe_impl_set_b32_mod(r, a); return !((r->n[9] == 0x3FFFFFUL) & ((r->n[8] & r->n[7] & r->n[6] & r->n[5] & r->n[4] & r->n[3] & r->n[2]) == 0x3FFFFFFUL) & ((r->n[1] + 0x40UL + ((r->n[0] + 0x3D1UL) >> 26)) > 0x3FFFFFFUL)); } /** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ -static void rustsecp256k1_v0_11_fe_impl_get_b32(unsigned char *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_get_b32(unsigned char *r, const secp256k1_fe *a) { r[0] = (a->n[9] >> 14) & 0xff; r[1] = (a->n[9] >> 6) & 0xff; r[2] = ((a->n[9] & 0x3F) << 2) | ((a->n[8] >> 24) & 0x3); @@ -337,7 +337,7 @@ static void rustsecp256k1_v0_11_fe_impl_get_b32(unsigned char *r, const rustsecp r[31] = a->n[0] & 0xff; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_negate_unchecked(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int m) { +SECP256K1_INLINE static void secp256k1_fe_impl_negate_unchecked(secp256k1_fe *r, const secp256k1_fe *a, int m) { /* For all legal values of m (0..31), the following properties hold: */ VERIFY_CHECK(0x3FFFC2FUL * 2 * (m + 1) >= 0x3FFFFFFUL * 2 * m); VERIFY_CHECK(0x3FFFFBFUL * 2 * (m + 1) >= 0x3FFFFFFUL * 2 * m); @@ -358,7 +358,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_negate_unchecked(rustse r->n[9] = 0x03FFFFFUL * 2 * (m + 1) - a->n[9]; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_mul_int_unchecked(rustsecp256k1_v0_11_fe *r, int a) { +SECP256K1_INLINE static void secp256k1_fe_impl_mul_int_unchecked(secp256k1_fe *r, int a) { r->n[0] *= a; r->n[1] *= a; r->n[2] *= a; @@ -371,7 +371,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_mul_int_unchecked(rusts r->n[9] *= a; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_add(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a) { +SECP256K1_INLINE static void secp256k1_fe_impl_add(secp256k1_fe *r, const secp256k1_fe *a) { r->n[0] += a->n[0]; r->n[1] += a->n[1]; r->n[2] += a->n[2]; @@ -384,21 +384,21 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_add(rustsecp256k1_v0_11 r->n[9] += a->n[9]; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_add_int(rustsecp256k1_v0_11_fe *r, int a) { +SECP256K1_INLINE static void secp256k1_fe_impl_add_int(secp256k1_fe *r, int a) { r->n[0] += a; } #if defined(USE_EXTERNAL_ASM) /* External assembler implementation */ -void rustsecp256k1_v0_11_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b); -void rustsecp256k1_v0_11_fe_sqr_inner(uint32_t *r, const uint32_t *a); +void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b); +void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t *a); #else #define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0) -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b) { +SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint32_t *r, const uint32_t *a, const uint32_t * SECP256K1_RESTRICT b) { uint64_t c, d; uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; uint32_t t9, t1, t0, t2, t3, t4, t5, t6, t7; @@ -728,7 +728,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul_inner(uint32_t *r, const /* [r9 r8 r7 r6 r5 r4 r3 r2 r1 r0] = [p18 p17 p16 p15 p14 p13 p12 p11 p10 p9 p8 p7 p6 p5 p4 p3 p2 p1 p0] */ } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_sqr_inner(uint32_t *r, const uint32_t *a) { +SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint32_t *r, const uint32_t *a) { uint64_t c, d; uint64_t u0, u1, u2, u3, u4, u5, u6, u7, u8; uint32_t t9, t0, t1, t2, t3, t4, t5, t6, t7; @@ -1003,15 +1003,15 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_sqr_inner(uint32_t *r, const } #endif -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_mul(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT b) { - rustsecp256k1_v0_11_fe_mul_inner(r->n, a->n, b->n); +SECP256K1_INLINE static void secp256k1_fe_impl_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { + secp256k1_fe_mul_inner(r->n, a->n, b->n); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_sqr(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a) { - rustsecp256k1_v0_11_fe_sqr_inner(r->n, a->n); +SECP256K1_INLINE static void secp256k1_fe_impl_sqr(secp256k1_fe *r, const secp256k1_fe *a) { + secp256k1_fe_sqr_inner(r->n, a->n); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_cmov(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int flag) { +SECP256K1_INLINE static void secp256k1_fe_impl_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { uint32_t mask0, mask1; volatile int vflag = flag; SECP256K1_CHECKMEM_CHECK_VERIFY(r->n, sizeof(r->n)); @@ -1029,7 +1029,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_cmov(rustsecp256k1_v0_1 r->n[9] = (r->n[9] & mask0) | (a->n[9] & mask1); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_impl_half(rustsecp256k1_v0_11_fe *r) { +static SECP256K1_INLINE void secp256k1_fe_impl_half(secp256k1_fe *r) { uint32_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4], t5 = r->n[5], t6 = r->n[6], t7 = r->n[7], t8 = r->n[8], t9 = r->n[9]; uint32_t one = (uint32_t)1; @@ -1094,7 +1094,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_impl_half(rustsecp256k1_v0_1 */ } -static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_storage_cmov(rustsecp256k1_v0_11_fe_storage *r, const rustsecp256k1_v0_11_fe_storage *a, int flag) { +static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) { uint32_t mask0, mask1; volatile int vflag = flag; SECP256K1_CHECKMEM_CHECK_VERIFY(r->n, sizeof(r->n)); @@ -1110,7 +1110,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_storage_cmov(rustsecp256k1_v r->n[7] = (r->n[7] & mask0) | (a->n[7] & mask1); } -static void rustsecp256k1_v0_11_fe_impl_to_storage(rustsecp256k1_v0_11_fe_storage *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { r->n[0] = a->n[0] | a->n[1] << 26; r->n[1] = a->n[1] >> 6 | a->n[2] << 20; r->n[2] = a->n[2] >> 12 | a->n[3] << 14; @@ -1121,7 +1121,7 @@ static void rustsecp256k1_v0_11_fe_impl_to_storage(rustsecp256k1_v0_11_fe_storag r->n[7] = a->n[8] >> 16 | a->n[9] << 10; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_impl_from_storage(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe_storage *a) { +static SECP256K1_INLINE void secp256k1_fe_impl_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { r->n[0] = a->n[0] & 0x3FFFFFFUL; r->n[1] = a->n[0] >> 26 | ((a->n[1] << 6) & 0x3FFFFFFUL); r->n[2] = a->n[1] >> 20 | ((a->n[2] << 12) & 0x3FFFFFFUL); @@ -1134,12 +1134,12 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_impl_from_storage(rustsecp25 r->n[9] = a->n[7] >> 10; } -static void rustsecp256k1_v0_11_fe_from_signed30(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_modinv32_signed30 *a) { +static void secp256k1_fe_from_signed30(secp256k1_fe *r, const secp256k1_modinv32_signed30 *a) { const uint32_t M26 = UINT32_MAX >> 6; const uint32_t a0 = a->v[0], a1 = a->v[1], a2 = a->v[2], a3 = a->v[3], a4 = a->v[4], a5 = a->v[5], a6 = a->v[6], a7 = a->v[7], a8 = a->v[8]; - /* The output from rustsecp256k1_v0_11_modinv32{_var} should be normalized to range [0,modulus), and + /* The output from secp256k1_modinv32{_var} should be normalized to range [0,modulus), and * have limbs in [0,2^30). The modulus is < 2^256, so the top limb must be below 2^(256-30*8). */ VERIFY_CHECK(a0 >> 30 == 0); @@ -1164,7 +1164,7 @@ static void rustsecp256k1_v0_11_fe_from_signed30(rustsecp256k1_v0_11_fe *r, cons r->n[9] = (a7 >> 24 | a8 << 6); } -static void rustsecp256k1_v0_11_fe_to_signed30(rustsecp256k1_v0_11_modinv32_signed30 *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_to_signed30(secp256k1_modinv32_signed30 *r, const secp256k1_fe *a) { const uint32_t M30 = UINT32_MAX >> 2; const uint64_t a0 = a->n[0], a1 = a->n[1], a2 = a->n[2], a3 = a->n[3], a4 = a->n[4], a5 = a->n[5], a6 = a->n[6], a7 = a->n[7], a8 = a->n[8], a9 = a->n[9]; @@ -1181,48 +1181,48 @@ static void rustsecp256k1_v0_11_fe_to_signed30(rustsecp256k1_v0_11_modinv32_sign r->v[8] = a9 >> 6; } -static const rustsecp256k1_v0_11_modinv32_modinfo rustsecp256k1_v0_11_const_modinfo_fe = { +static const secp256k1_modinv32_modinfo secp256k1_const_modinfo_fe = { {{-0x3D1, -4, 0, 0, 0, 0, 0, 0, 65536}}, 0x2DDACACFL }; -static void rustsecp256k1_v0_11_fe_impl_inv(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *x) { - rustsecp256k1_v0_11_fe tmp = *x; - rustsecp256k1_v0_11_modinv32_signed30 s; +static void secp256k1_fe_impl_inv(secp256k1_fe *r, const secp256k1_fe *x) { + secp256k1_fe tmp = *x; + secp256k1_modinv32_signed30 s; - rustsecp256k1_v0_11_fe_normalize(&tmp); - rustsecp256k1_v0_11_fe_to_signed30(&s, &tmp); - rustsecp256k1_v0_11_modinv32(&s, &rustsecp256k1_v0_11_const_modinfo_fe); - rustsecp256k1_v0_11_fe_from_signed30(r, &s); + secp256k1_fe_normalize(&tmp); + secp256k1_fe_to_signed30(&s, &tmp); + secp256k1_modinv32(&s, &secp256k1_const_modinfo_fe); + secp256k1_fe_from_signed30(r, &s); } -static void rustsecp256k1_v0_11_fe_impl_inv_var(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *x) { - rustsecp256k1_v0_11_fe tmp = *x; - rustsecp256k1_v0_11_modinv32_signed30 s; +static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x) { + secp256k1_fe tmp = *x; + secp256k1_modinv32_signed30 s; - rustsecp256k1_v0_11_fe_normalize_var(&tmp); - rustsecp256k1_v0_11_fe_to_signed30(&s, &tmp); - rustsecp256k1_v0_11_modinv32_var(&s, &rustsecp256k1_v0_11_const_modinfo_fe); - rustsecp256k1_v0_11_fe_from_signed30(r, &s); + secp256k1_fe_normalize_var(&tmp); + secp256k1_fe_to_signed30(&s, &tmp); + secp256k1_modinv32_var(&s, &secp256k1_const_modinfo_fe); + secp256k1_fe_from_signed30(r, &s); } -static int rustsecp256k1_v0_11_fe_impl_is_square_var(const rustsecp256k1_v0_11_fe *x) { - rustsecp256k1_v0_11_fe tmp; - rustsecp256k1_v0_11_modinv32_signed30 s; +static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x) { + secp256k1_fe tmp; + secp256k1_modinv32_signed30 s; int jac, ret; tmp = *x; - rustsecp256k1_v0_11_fe_normalize_var(&tmp); - /* rustsecp256k1_v0_11_jacobi32_maybe_var cannot deal with input 0. */ - if (rustsecp256k1_v0_11_fe_is_zero(&tmp)) return 1; - rustsecp256k1_v0_11_fe_to_signed30(&s, &tmp); - jac = rustsecp256k1_v0_11_jacobi32_maybe_var(&s, &rustsecp256k1_v0_11_const_modinfo_fe); + secp256k1_fe_normalize_var(&tmp); + /* secp256k1_jacobi32_maybe_var cannot deal with input 0. */ + if (secp256k1_fe_is_zero(&tmp)) return 1; + secp256k1_fe_to_signed30(&s, &tmp); + jac = secp256k1_jacobi32_maybe_var(&s, &secp256k1_const_modinfo_fe); if (jac == 0) { - /* rustsecp256k1_v0_11_jacobi32_maybe_var failed to compute the Jacobi symbol. Fall back + /* secp256k1_jacobi32_maybe_var failed to compute the Jacobi symbol. Fall back * to computing a square root. This should be extremely rare with random * input (except in VERIFY mode, where a lower iteration count is used). */ - rustsecp256k1_v0_11_fe dummy; - ret = rustsecp256k1_v0_11_fe_sqrt(&dummy, &tmp); + secp256k1_fe dummy; + ret = secp256k1_fe_sqrt(&dummy, &tmp); } else { ret = jac >= 0; } diff --git a/secp256k1-sys/depend/secp256k1/src/field_5x52.h b/secp256k1-sys/depend/secp256k1/src/field_5x52.h index d14ae4d8e..f20c246fd 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_5x52.h +++ b/secp256k1-sys/depend/secp256k1/src/field_5x52.h @@ -31,7 +31,7 @@ typedef struct { * (together these imply n[4] <= 2^48 - 1) */ SECP256K1_FE_VERIFY_FIELDS -} rustsecp256k1_v0_11_fe; +} secp256k1_fe; /* Unpacks a constant into a overlapping multi-limbed FE element. */ #define SECP256K1_FE_CONST_INNER(d7, d6, d5, d4, d3, d2, d1, d0) { \ @@ -44,7 +44,7 @@ typedef struct { typedef struct { uint64_t n[4]; -} rustsecp256k1_v0_11_fe_storage; +} secp256k1_fe_storage; #define SECP256K1_FE_STORAGE_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{ \ (d0) | (((uint64_t)(d1)) << 32), \ diff --git a/secp256k1-sys/depend/secp256k1/src/field_5x52_impl.h b/secp256k1-sys/depend/secp256k1/src/field_5x52_impl.h index 1387e8913..46dca6b98 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_5x52_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_5x52_impl.h @@ -15,7 +15,7 @@ #include "field_5x52_int128_impl.h" #ifdef VERIFY -static void rustsecp256k1_v0_11_fe_impl_verify(const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_verify(const secp256k1_fe *a) { const uint64_t *d = a->n; int m = a->normalized ? 1 : 2 * a->magnitude; /* secp256k1 'p' value defined in "Standards for Efficient Cryptography" (SEC2) 2.7.1. */ @@ -32,7 +32,7 @@ static void rustsecp256k1_v0_11_fe_impl_verify(const rustsecp256k1_v0_11_fe *a) } #endif -static void rustsecp256k1_v0_11_fe_impl_get_bounds(rustsecp256k1_v0_11_fe *r, int m) { +static void secp256k1_fe_impl_get_bounds(secp256k1_fe *r, int m) { r->n[0] = 0xFFFFFFFFFFFFFULL * 2 * m; r->n[1] = 0xFFFFFFFFFFFFFULL * 2 * m; r->n[2] = 0xFFFFFFFFFFFFFULL * 2 * m; @@ -40,7 +40,7 @@ static void rustsecp256k1_v0_11_fe_impl_get_bounds(rustsecp256k1_v0_11_fe *r, in r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * m; } -static void rustsecp256k1_v0_11_fe_impl_normalize(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize(secp256k1_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ @@ -77,7 +77,7 @@ static void rustsecp256k1_v0_11_fe_impl_normalize(rustsecp256k1_v0_11_fe *r) { r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; } -static void rustsecp256k1_v0_11_fe_impl_normalize_weak(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ @@ -96,7 +96,7 @@ static void rustsecp256k1_v0_11_fe_impl_normalize_weak(rustsecp256k1_v0_11_fe *r r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; } -static void rustsecp256k1_v0_11_fe_impl_normalize_var(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize_var(secp256k1_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* Reduce t4 at the start so there will be at most a single carry from the first pass */ @@ -134,7 +134,7 @@ static void rustsecp256k1_v0_11_fe_impl_normalize_var(rustsecp256k1_v0_11_fe *r) r->n[0] = t0; r->n[1] = t1; r->n[2] = t2; r->n[3] = t3; r->n[4] = t4; } -static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero(const rustsecp256k1_v0_11_fe *r) { +static int secp256k1_fe_impl_normalizes_to_zero(const secp256k1_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; /* z0 tracks a possible raw value of 0, z1 tracks a possible raw value of P */ @@ -157,7 +157,7 @@ static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero(const rustsecp256k1_v0 return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); } -static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero_var(const rustsecp256k1_v0_11_fe *r) { +static int secp256k1_fe_impl_normalizes_to_zero_var(const secp256k1_fe *r) { uint64_t t0, t1, t2, t3, t4; uint64_t z0, z1; uint64_t x; @@ -198,21 +198,21 @@ static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero_var(const rustsecp256k return (z0 == 0) | (z1 == 0xFFFFFFFFFFFFFULL); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_set_int(rustsecp256k1_v0_11_fe *r, int a) { +SECP256K1_INLINE static void secp256k1_fe_impl_set_int(secp256k1_fe *r, int a) { r->n[0] = a; r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0; } -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_impl_is_zero(const rustsecp256k1_v0_11_fe *a) { +SECP256K1_INLINE static int secp256k1_fe_impl_is_zero(const secp256k1_fe *a) { const uint64_t *t = a->n; return (t[0] | t[1] | t[2] | t[3] | t[4]) == 0; } -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_impl_is_odd(const rustsecp256k1_v0_11_fe *a) { +SECP256K1_INLINE static int secp256k1_fe_impl_is_odd(const secp256k1_fe *a) { return a->n[0] & 1; } -static int rustsecp256k1_v0_11_fe_impl_cmp_var(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b) { +static int secp256k1_fe_impl_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { int i; for (i = 4; i >= 0; i--) { if (a->n[i] > b->n[i]) { @@ -225,7 +225,7 @@ static int rustsecp256k1_v0_11_fe_impl_cmp_var(const rustsecp256k1_v0_11_fe *a, return 0; } -static void rustsecp256k1_v0_11_fe_impl_set_b32_mod(rustsecp256k1_v0_11_fe *r, const unsigned char *a) { +static void secp256k1_fe_impl_set_b32_mod(secp256k1_fe *r, const unsigned char *a) { r->n[0] = (uint64_t)a[31] | ((uint64_t)a[30] << 8) | ((uint64_t)a[29] << 16) @@ -262,13 +262,13 @@ static void rustsecp256k1_v0_11_fe_impl_set_b32_mod(rustsecp256k1_v0_11_fe *r, c | ((uint64_t)a[0] << 40); } -static int rustsecp256k1_v0_11_fe_impl_set_b32_limit(rustsecp256k1_v0_11_fe *r, const unsigned char *a) { - rustsecp256k1_v0_11_fe_impl_set_b32_mod(r, a); +static int secp256k1_fe_impl_set_b32_limit(secp256k1_fe *r, const unsigned char *a) { + secp256k1_fe_impl_set_b32_mod(r, a); return !((r->n[4] == 0x0FFFFFFFFFFFFULL) & ((r->n[3] & r->n[2] & r->n[1]) == 0xFFFFFFFFFFFFFULL) & (r->n[0] >= 0xFFFFEFFFFFC2FULL)); } /** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */ -static void rustsecp256k1_v0_11_fe_impl_get_b32(unsigned char *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_get_b32(unsigned char *r, const secp256k1_fe *a) { r[0] = (a->n[4] >> 40) & 0xFF; r[1] = (a->n[4] >> 32) & 0xFF; r[2] = (a->n[4] >> 24) & 0xFF; @@ -303,7 +303,7 @@ static void rustsecp256k1_v0_11_fe_impl_get_b32(unsigned char *r, const rustsecp r[31] = a->n[0] & 0xFF; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_negate_unchecked(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int m) { +SECP256K1_INLINE static void secp256k1_fe_impl_negate_unchecked(secp256k1_fe *r, const secp256k1_fe *a, int m) { /* For all legal values of m (0..31), the following properties hold: */ VERIFY_CHECK(0xFFFFEFFFFFC2FULL * 2 * (m + 1) >= 0xFFFFFFFFFFFFFULL * 2 * m); VERIFY_CHECK(0xFFFFFFFFFFFFFULL * 2 * (m + 1) >= 0xFFFFFFFFFFFFFULL * 2 * m); @@ -318,7 +318,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_negate_unchecked(rustse r->n[4] = 0x0FFFFFFFFFFFFULL * 2 * (m + 1) - a->n[4]; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_mul_int_unchecked(rustsecp256k1_v0_11_fe *r, int a) { +SECP256K1_INLINE static void secp256k1_fe_impl_mul_int_unchecked(secp256k1_fe *r, int a) { r->n[0] *= a; r->n[1] *= a; r->n[2] *= a; @@ -326,11 +326,11 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_mul_int_unchecked(rusts r->n[4] *= a; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_add_int(rustsecp256k1_v0_11_fe *r, int a) { +SECP256K1_INLINE static void secp256k1_fe_impl_add_int(secp256k1_fe *r, int a) { r->n[0] += a; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_add(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a) { +SECP256K1_INLINE static void secp256k1_fe_impl_add(secp256k1_fe *r, const secp256k1_fe *a) { r->n[0] += a->n[0]; r->n[1] += a->n[1]; r->n[2] += a->n[2]; @@ -338,15 +338,15 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_add(rustsecp256k1_v0_11 r->n[4] += a->n[4]; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_mul(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT b) { - rustsecp256k1_v0_11_fe_mul_inner(r->n, a->n, b->n); +SECP256K1_INLINE static void secp256k1_fe_impl_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { + secp256k1_fe_mul_inner(r->n, a->n, b->n); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_sqr(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a) { - rustsecp256k1_v0_11_fe_sqr_inner(r->n, a->n); +SECP256K1_INLINE static void secp256k1_fe_impl_sqr(secp256k1_fe *r, const secp256k1_fe *a) { + secp256k1_fe_sqr_inner(r->n, a->n); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_cmov(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int flag) { +SECP256K1_INLINE static void secp256k1_fe_impl_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { uint64_t mask0, mask1; volatile int vflag = flag; SECP256K1_CHECKMEM_CHECK_VERIFY(r->n, sizeof(r->n)); @@ -359,7 +359,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_impl_cmov(rustsecp256k1_v0_1 r->n[4] = (r->n[4] & mask0) | (a->n[4] & mask1); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_impl_half(rustsecp256k1_v0_11_fe *r) { +static SECP256K1_INLINE void secp256k1_fe_impl_half(secp256k1_fe *r) { uint64_t t0 = r->n[0], t1 = r->n[1], t2 = r->n[2], t3 = r->n[3], t4 = r->n[4]; uint64_t one = (uint64_t)1; uint64_t mask = -(t0 & one) >> 12; @@ -413,7 +413,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_impl_half(rustsecp256k1_v0_1 */ } -static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_storage_cmov(rustsecp256k1_v0_11_fe_storage *r, const rustsecp256k1_v0_11_fe_storage *a, int flag) { +static SECP256K1_INLINE void secp256k1_fe_storage_cmov(secp256k1_fe_storage *r, const secp256k1_fe_storage *a, int flag) { uint64_t mask0, mask1; volatile int vflag = flag; SECP256K1_CHECKMEM_CHECK_VERIFY(r->n, sizeof(r->n)); @@ -425,14 +425,14 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_storage_cmov(rustsecp256k1_v r->n[3] = (r->n[3] & mask0) | (a->n[3] & mask1); } -static void rustsecp256k1_v0_11_fe_impl_to_storage(rustsecp256k1_v0_11_fe_storage *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { r->n[0] = a->n[0] | a->n[1] << 52; r->n[1] = a->n[1] >> 12 | a->n[2] << 40; r->n[2] = a->n[2] >> 24 | a->n[3] << 28; r->n[3] = a->n[3] >> 36 | a->n[4] << 16; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_impl_from_storage(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe_storage *a) { +static SECP256K1_INLINE void secp256k1_fe_impl_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { r->n[0] = a->n[0] & 0xFFFFFFFFFFFFFULL; r->n[1] = a->n[0] >> 52 | ((a->n[1] << 12) & 0xFFFFFFFFFFFFFULL); r->n[2] = a->n[1] >> 40 | ((a->n[2] << 24) & 0xFFFFFFFFFFFFFULL); @@ -440,11 +440,11 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_fe_impl_from_storage(rustsecp25 r->n[4] = a->n[3] >> 16; } -static void rustsecp256k1_v0_11_fe_from_signed62(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_modinv64_signed62 *a) { +static void secp256k1_fe_from_signed62(secp256k1_fe *r, const secp256k1_modinv64_signed62 *a) { const uint64_t M52 = UINT64_MAX >> 12; const uint64_t a0 = a->v[0], a1 = a->v[1], a2 = a->v[2], a3 = a->v[3], a4 = a->v[4]; - /* The output from rustsecp256k1_v0_11_modinv64{_var} should be normalized to range [0,modulus), and + /* The output from secp256k1_modinv64{_var} should be normalized to range [0,modulus), and * have limbs in [0,2^62). The modulus is < 2^256, so the top limb must be below 2^(256-62*4). */ VERIFY_CHECK(a0 >> 62 == 0); @@ -460,7 +460,7 @@ static void rustsecp256k1_v0_11_fe_from_signed62(rustsecp256k1_v0_11_fe *r, cons r->n[4] = (a3 >> 22 | a4 << 40); } -static void rustsecp256k1_v0_11_fe_to_signed62(rustsecp256k1_v0_11_modinv64_signed62 *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_to_signed62(secp256k1_modinv64_signed62 *r, const secp256k1_fe *a) { const uint64_t M62 = UINT64_MAX >> 2; const uint64_t a0 = a->n[0], a1 = a->n[1], a2 = a->n[2], a3 = a->n[3], a4 = a->n[4]; @@ -471,48 +471,48 @@ static void rustsecp256k1_v0_11_fe_to_signed62(rustsecp256k1_v0_11_modinv64_sign r->v[4] = a4 >> 40; } -static const rustsecp256k1_v0_11_modinv64_modinfo rustsecp256k1_v0_11_const_modinfo_fe = { +static const secp256k1_modinv64_modinfo secp256k1_const_modinfo_fe = { {{-0x1000003D1LL, 0, 0, 0, 256}}, 0x27C7F6E22DDACACFLL }; -static void rustsecp256k1_v0_11_fe_impl_inv(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *x) { - rustsecp256k1_v0_11_fe tmp = *x; - rustsecp256k1_v0_11_modinv64_signed62 s; +static void secp256k1_fe_impl_inv(secp256k1_fe *r, const secp256k1_fe *x) { + secp256k1_fe tmp = *x; + secp256k1_modinv64_signed62 s; - rustsecp256k1_v0_11_fe_normalize(&tmp); - rustsecp256k1_v0_11_fe_to_signed62(&s, &tmp); - rustsecp256k1_v0_11_modinv64(&s, &rustsecp256k1_v0_11_const_modinfo_fe); - rustsecp256k1_v0_11_fe_from_signed62(r, &s); + secp256k1_fe_normalize(&tmp); + secp256k1_fe_to_signed62(&s, &tmp); + secp256k1_modinv64(&s, &secp256k1_const_modinfo_fe); + secp256k1_fe_from_signed62(r, &s); } -static void rustsecp256k1_v0_11_fe_impl_inv_var(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *x) { - rustsecp256k1_v0_11_fe tmp = *x; - rustsecp256k1_v0_11_modinv64_signed62 s; +static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x) { + secp256k1_fe tmp = *x; + secp256k1_modinv64_signed62 s; - rustsecp256k1_v0_11_fe_normalize_var(&tmp); - rustsecp256k1_v0_11_fe_to_signed62(&s, &tmp); - rustsecp256k1_v0_11_modinv64_var(&s, &rustsecp256k1_v0_11_const_modinfo_fe); - rustsecp256k1_v0_11_fe_from_signed62(r, &s); + secp256k1_fe_normalize_var(&tmp); + secp256k1_fe_to_signed62(&s, &tmp); + secp256k1_modinv64_var(&s, &secp256k1_const_modinfo_fe); + secp256k1_fe_from_signed62(r, &s); } -static int rustsecp256k1_v0_11_fe_impl_is_square_var(const rustsecp256k1_v0_11_fe *x) { - rustsecp256k1_v0_11_fe tmp; - rustsecp256k1_v0_11_modinv64_signed62 s; +static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x) { + secp256k1_fe tmp; + secp256k1_modinv64_signed62 s; int jac, ret; tmp = *x; - rustsecp256k1_v0_11_fe_normalize_var(&tmp); - /* rustsecp256k1_v0_11_jacobi64_maybe_var cannot deal with input 0. */ - if (rustsecp256k1_v0_11_fe_is_zero(&tmp)) return 1; - rustsecp256k1_v0_11_fe_to_signed62(&s, &tmp); - jac = rustsecp256k1_v0_11_jacobi64_maybe_var(&s, &rustsecp256k1_v0_11_const_modinfo_fe); + secp256k1_fe_normalize_var(&tmp); + /* secp256k1_jacobi64_maybe_var cannot deal with input 0. */ + if (secp256k1_fe_is_zero(&tmp)) return 1; + secp256k1_fe_to_signed62(&s, &tmp); + jac = secp256k1_jacobi64_maybe_var(&s, &secp256k1_const_modinfo_fe); if (jac == 0) { - /* rustsecp256k1_v0_11_jacobi64_maybe_var failed to compute the Jacobi symbol. Fall back + /* secp256k1_jacobi64_maybe_var failed to compute the Jacobi symbol. Fall back * to computing a square root. This should be extremely rare with random * input (except in VERIFY mode, where a lower iteration count is used). */ - rustsecp256k1_v0_11_fe dummy; - ret = rustsecp256k1_v0_11_fe_sqrt(&dummy, &tmp); + secp256k1_fe dummy; + ret = secp256k1_fe_sqrt(&dummy, &tmp); } else { ret = jac >= 0; } diff --git a/secp256k1-sys/depend/secp256k1/src/field_5x52_int128_impl.h b/secp256k1-sys/depend/secp256k1/src/field_5x52_int128_impl.h index 042b14708..f23f8ee1c 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_5x52_int128_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_5x52_int128_impl.h @@ -13,10 +13,10 @@ #include "util.h" #define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0) -#define VERIFY_BITS_128(x, n) VERIFY_CHECK(rustsecp256k1_v0_11_u128_check_bits((x), (n))) +#define VERIFY_BITS_128(x, n) VERIFY_CHECK(secp256k1_u128_check_bits((x), (n))) -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { - rustsecp256k1_v0_11_uint128 c, d; +SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b) { + secp256k1_uint128 c, d; uint64_t t3, t4, tx, u0; uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; @@ -40,35 +40,35 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul_inner(uint64_t *r, const * Note that [x 0 0 0 0 0] = [x*R]. */ - rustsecp256k1_v0_11_u128_mul(&d, a0, b[3]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a1, b[2]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a2, b[1]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a3, b[0]); + secp256k1_u128_mul(&d, a0, b[3]); + secp256k1_u128_accum_mul(&d, a1, b[2]); + secp256k1_u128_accum_mul(&d, a2, b[1]); + secp256k1_u128_accum_mul(&d, a3, b[0]); VERIFY_BITS_128(&d, 114); /* [d 0 0 0] = [p3 0 0 0] */ - rustsecp256k1_v0_11_u128_mul(&c, a4, b[4]); + secp256k1_u128_mul(&c, a4, b[4]); VERIFY_BITS_128(&c, 112); /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, R, rustsecp256k1_v0_11_u128_to_u64(&c)); rustsecp256k1_v0_11_u128_rshift(&c, 64); + secp256k1_u128_accum_mul(&d, R, secp256k1_u128_to_u64(&c)); secp256k1_u128_rshift(&c, 64); VERIFY_BITS_128(&d, 115); VERIFY_BITS_128(&c, 48); /* [(c<<12) 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - t3 = rustsecp256k1_v0_11_u128_to_u64(&d) & M; rustsecp256k1_v0_11_u128_rshift(&d, 52); + t3 = secp256k1_u128_to_u64(&d) & M; secp256k1_u128_rshift(&d, 52); VERIFY_BITS(t3, 52); VERIFY_BITS_128(&d, 63); /* [(c<<12) 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, a0, b[4]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a1, b[3]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a2, b[2]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a3, b[1]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a4, b[0]); + secp256k1_u128_accum_mul(&d, a0, b[4]); + secp256k1_u128_accum_mul(&d, a1, b[3]); + secp256k1_u128_accum_mul(&d, a2, b[2]); + secp256k1_u128_accum_mul(&d, a3, b[1]); + secp256k1_u128_accum_mul(&d, a4, b[0]); VERIFY_BITS_128(&d, 115); /* [(c<<12) 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, R << 12, rustsecp256k1_v0_11_u128_to_u64(&c)); + secp256k1_u128_accum_mul(&d, R << 12, secp256k1_u128_to_u64(&c)); VERIFY_BITS_128(&d, 116); /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - t4 = rustsecp256k1_v0_11_u128_to_u64(&d) & M; rustsecp256k1_v0_11_u128_rshift(&d, 52); + t4 = secp256k1_u128_to_u64(&d) & M; secp256k1_u128_rshift(&d, 52); VERIFY_BITS(t4, 52); VERIFY_BITS_128(&d, 64); /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ @@ -77,16 +77,16 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul_inner(uint64_t *r, const VERIFY_BITS(t4, 48); /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - rustsecp256k1_v0_11_u128_mul(&c, a0, b[0]); + secp256k1_u128_mul(&c, a0, b[0]); VERIFY_BITS_128(&c, 112); /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, a1, b[4]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a2, b[3]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a3, b[2]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a4, b[1]); + secp256k1_u128_accum_mul(&d, a1, b[4]); + secp256k1_u128_accum_mul(&d, a2, b[3]); + secp256k1_u128_accum_mul(&d, a3, b[2]); + secp256k1_u128_accum_mul(&d, a4, b[1]); VERIFY_BITS_128(&d, 114); /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - u0 = rustsecp256k1_v0_11_u128_to_u64(&d) & M; rustsecp256k1_v0_11_u128_rshift(&d, 52); + u0 = secp256k1_u128_to_u64(&d) & M; secp256k1_u128_rshift(&d, 52); VERIFY_BITS(u0, 52); VERIFY_BITS_128(&d, 62); /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ @@ -94,65 +94,65 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul_inner(uint64_t *r, const u0 = (u0 << 4) | tx; VERIFY_BITS(u0, 56); /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, u0, R >> 4); + secp256k1_u128_accum_mul(&c, u0, R >> 4); VERIFY_BITS_128(&c, 113); /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - r[0] = rustsecp256k1_v0_11_u128_to_u64(&c) & M; rustsecp256k1_v0_11_u128_rshift(&c, 52); + r[0] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[0], 52); VERIFY_BITS_128(&c, 61); /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, a0, b[1]); - rustsecp256k1_v0_11_u128_accum_mul(&c, a1, b[0]); + secp256k1_u128_accum_mul(&c, a0, b[1]); + secp256k1_u128_accum_mul(&c, a1, b[0]); VERIFY_BITS_128(&c, 114); /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, a2, b[4]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a3, b[3]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a4, b[2]); + secp256k1_u128_accum_mul(&d, a2, b[4]); + secp256k1_u128_accum_mul(&d, a3, b[3]); + secp256k1_u128_accum_mul(&d, a4, b[2]); VERIFY_BITS_128(&d, 114); /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, rustsecp256k1_v0_11_u128_to_u64(&d) & M, R); rustsecp256k1_v0_11_u128_rshift(&d, 52); + secp256k1_u128_accum_mul(&c, secp256k1_u128_to_u64(&d) & M, R); secp256k1_u128_rshift(&d, 52); VERIFY_BITS_128(&c, 115); VERIFY_BITS_128(&d, 62); /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - r[1] = rustsecp256k1_v0_11_u128_to_u64(&c) & M; rustsecp256k1_v0_11_u128_rshift(&c, 52); + r[1] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[1], 52); VERIFY_BITS_128(&c, 63); /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, a0, b[2]); - rustsecp256k1_v0_11_u128_accum_mul(&c, a1, b[1]); - rustsecp256k1_v0_11_u128_accum_mul(&c, a2, b[0]); + secp256k1_u128_accum_mul(&c, a0, b[2]); + secp256k1_u128_accum_mul(&c, a1, b[1]); + secp256k1_u128_accum_mul(&c, a2, b[0]); VERIFY_BITS_128(&c, 114); /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, a3, b[4]); - rustsecp256k1_v0_11_u128_accum_mul(&d, a4, b[3]); + secp256k1_u128_accum_mul(&d, a3, b[4]); + secp256k1_u128_accum_mul(&d, a4, b[3]); VERIFY_BITS_128(&d, 114); /* [d 0 0 t4 t3 c t1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, R, rustsecp256k1_v0_11_u128_to_u64(&d)); rustsecp256k1_v0_11_u128_rshift(&d, 64); + secp256k1_u128_accum_mul(&c, R, secp256k1_u128_to_u64(&d)); secp256k1_u128_rshift(&d, 64); VERIFY_BITS_128(&c, 115); VERIFY_BITS_128(&d, 50); /* [(d<<12) 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[2] = rustsecp256k1_v0_11_u128_to_u64(&c) & M; rustsecp256k1_v0_11_u128_rshift(&c, 52); + r[2] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[2], 52); VERIFY_BITS_128(&c, 63); /* [(d<<12) 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, R << 12, rustsecp256k1_v0_11_u128_to_u64(&d)); - rustsecp256k1_v0_11_u128_accum_u64(&c, t3); + secp256k1_u128_accum_mul(&c, R << 12, secp256k1_u128_to_u64(&d)); + secp256k1_u128_accum_u64(&c, t3); VERIFY_BITS_128(&c, 100); /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[3] = rustsecp256k1_v0_11_u128_to_u64(&c) & M; rustsecp256k1_v0_11_u128_rshift(&c, 52); + r[3] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[3], 52); VERIFY_BITS_128(&c, 48); /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[4] = rustsecp256k1_v0_11_u128_to_u64(&c) + t4; + r[4] = secp256k1_u128_to_u64(&c) + t4; VERIFY_BITS(r[4], 49); /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ } -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_sqr_inner(uint64_t *r, const uint64_t *a) { - rustsecp256k1_v0_11_uint128 c, d; +SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t *a) { + secp256k1_uint128 c, d; uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4]; uint64_t t3, t4, tx, u0; const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL; @@ -168,32 +168,32 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_sqr_inner(uint64_t *r, const * Note that [x 0 0 0 0 0] = [x*R]. */ - rustsecp256k1_v0_11_u128_mul(&d, a0*2, a3); - rustsecp256k1_v0_11_u128_accum_mul(&d, a1*2, a2); + secp256k1_u128_mul(&d, a0*2, a3); + secp256k1_u128_accum_mul(&d, a1*2, a2); VERIFY_BITS_128(&d, 114); /* [d 0 0 0] = [p3 0 0 0] */ - rustsecp256k1_v0_11_u128_mul(&c, a4, a4); + secp256k1_u128_mul(&c, a4, a4); VERIFY_BITS_128(&c, 112); /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, R, rustsecp256k1_v0_11_u128_to_u64(&c)); rustsecp256k1_v0_11_u128_rshift(&c, 64); + secp256k1_u128_accum_mul(&d, R, secp256k1_u128_to_u64(&c)); secp256k1_u128_rshift(&c, 64); VERIFY_BITS_128(&d, 115); VERIFY_BITS_128(&c, 48); /* [(c<<12) 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ - t3 = rustsecp256k1_v0_11_u128_to_u64(&d) & M; rustsecp256k1_v0_11_u128_rshift(&d, 52); + t3 = secp256k1_u128_to_u64(&d) & M; secp256k1_u128_rshift(&d, 52); VERIFY_BITS(t3, 52); VERIFY_BITS_128(&d, 63); /* [(c<<12) 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */ a4 *= 2; - rustsecp256k1_v0_11_u128_accum_mul(&d, a0, a4); - rustsecp256k1_v0_11_u128_accum_mul(&d, a1*2, a3); - rustsecp256k1_v0_11_u128_accum_mul(&d, a2, a2); + secp256k1_u128_accum_mul(&d, a0, a4); + secp256k1_u128_accum_mul(&d, a1*2, a3); + secp256k1_u128_accum_mul(&d, a2, a2); VERIFY_BITS_128(&d, 115); /* [(c<<12) 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, R << 12, rustsecp256k1_v0_11_u128_to_u64(&c)); + secp256k1_u128_accum_mul(&d, R << 12, secp256k1_u128_to_u64(&c)); VERIFY_BITS_128(&d, 116); /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - t4 = rustsecp256k1_v0_11_u128_to_u64(&d) & M; rustsecp256k1_v0_11_u128_rshift(&d, 52); + t4 = secp256k1_u128_to_u64(&d) & M; secp256k1_u128_rshift(&d, 52); VERIFY_BITS(t4, 52); VERIFY_BITS_128(&d, 64); /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ @@ -202,14 +202,14 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_sqr_inner(uint64_t *r, const VERIFY_BITS(t4, 48); /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */ - rustsecp256k1_v0_11_u128_mul(&c, a0, a0); + secp256k1_u128_mul(&c, a0, a0); VERIFY_BITS_128(&c, 112); /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, a1, a4); - rustsecp256k1_v0_11_u128_accum_mul(&d, a2*2, a3); + secp256k1_u128_accum_mul(&d, a1, a4); + secp256k1_u128_accum_mul(&d, a2*2, a3); VERIFY_BITS_128(&d, 114); /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - u0 = rustsecp256k1_v0_11_u128_to_u64(&d) & M; rustsecp256k1_v0_11_u128_rshift(&d, 52); + u0 = secp256k1_u128_to_u64(&d) & M; secp256k1_u128_rshift(&d, 52); VERIFY_BITS(u0, 52); VERIFY_BITS_128(&d, 62); /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ @@ -217,56 +217,56 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_sqr_inner(uint64_t *r, const u0 = (u0 << 4) | tx; VERIFY_BITS(u0, 56); /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, u0, R >> 4); + secp256k1_u128_accum_mul(&c, u0, R >> 4); VERIFY_BITS_128(&c, 113); /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */ - r[0] = rustsecp256k1_v0_11_u128_to_u64(&c) & M; rustsecp256k1_v0_11_u128_rshift(&c, 52); + r[0] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[0], 52); VERIFY_BITS_128(&c, 61); /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */ a0 *= 2; - rustsecp256k1_v0_11_u128_accum_mul(&c, a0, a1); + secp256k1_u128_accum_mul(&c, a0, a1); VERIFY_BITS_128(&c, 114); /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, a2, a4); - rustsecp256k1_v0_11_u128_accum_mul(&d, a3, a3); + secp256k1_u128_accum_mul(&d, a2, a4); + secp256k1_u128_accum_mul(&d, a3, a3); VERIFY_BITS_128(&d, 114); /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, rustsecp256k1_v0_11_u128_to_u64(&d) & M, R); rustsecp256k1_v0_11_u128_rshift(&d, 52); + secp256k1_u128_accum_mul(&c, secp256k1_u128_to_u64(&d) & M, R); secp256k1_u128_rshift(&d, 52); VERIFY_BITS_128(&c, 115); VERIFY_BITS_128(&d, 62); /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - r[1] = rustsecp256k1_v0_11_u128_to_u64(&c) & M; rustsecp256k1_v0_11_u128_rshift(&c, 52); + r[1] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[1], 52); VERIFY_BITS_128(&c, 63); /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, a0, a2); - rustsecp256k1_v0_11_u128_accum_mul(&c, a1, a1); + secp256k1_u128_accum_mul(&c, a0, a2); + secp256k1_u128_accum_mul(&c, a1, a1); VERIFY_BITS_128(&c, 114); /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&d, a3, a4); + secp256k1_u128_accum_mul(&d, a3, a4); VERIFY_BITS_128(&d, 114); /* [d 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, R, rustsecp256k1_v0_11_u128_to_u64(&d)); rustsecp256k1_v0_11_u128_rshift(&d, 64); + secp256k1_u128_accum_mul(&c, R, secp256k1_u128_to_u64(&d)); secp256k1_u128_rshift(&d, 64); VERIFY_BITS_128(&c, 115); VERIFY_BITS_128(&d, 50); /* [(d<<12) 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[2] = rustsecp256k1_v0_11_u128_to_u64(&c) & M; rustsecp256k1_v0_11_u128_rshift(&c, 52); + r[2] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[2], 52); VERIFY_BITS_128(&c, 63); /* [(d<<12) 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - rustsecp256k1_v0_11_u128_accum_mul(&c, R << 12, rustsecp256k1_v0_11_u128_to_u64(&d)); - rustsecp256k1_v0_11_u128_accum_u64(&c, t3); + secp256k1_u128_accum_mul(&c, R << 12, secp256k1_u128_to_u64(&d)); + secp256k1_u128_accum_u64(&c, t3); VERIFY_BITS_128(&c, 100); /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[3] = rustsecp256k1_v0_11_u128_to_u64(&c) & M; rustsecp256k1_v0_11_u128_rshift(&c, 52); + r[3] = secp256k1_u128_to_u64(&c) & M; secp256k1_u128_rshift(&c, 52); VERIFY_BITS(r[3], 52); VERIFY_BITS_128(&c, 48); /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ - r[4] = rustsecp256k1_v0_11_u128_to_u64(&c) + t4; + r[4] = secp256k1_u128_to_u64(&c) + t4; VERIFY_BITS(r[4], 49); /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */ } diff --git a/secp256k1-sys/depend/secp256k1/src/field_impl.h b/secp256k1-sys/depend/secp256k1/src/field_impl.h index d44d4d457..7aa7de431 100644 --- a/secp256k1-sys/depend/secp256k1/src/field_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/field_impl.h @@ -18,23 +18,23 @@ #error "Please select wide multiplication implementation" #endif -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_clear(rustsecp256k1_v0_11_fe *a) { - rustsecp256k1_v0_11_memclear(a, sizeof(rustsecp256k1_v0_11_fe)); +SECP256K1_INLINE static void secp256k1_fe_clear(secp256k1_fe *a) { + secp256k1_memclear_explicit(a, sizeof(secp256k1_fe)); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_equal(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b) { - rustsecp256k1_v0_11_fe na; +SECP256K1_INLINE static int secp256k1_fe_equal(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe na; SECP256K1_FE_VERIFY(a); SECP256K1_FE_VERIFY(b); SECP256K1_FE_VERIFY_MAGNITUDE(a, 1); SECP256K1_FE_VERIFY_MAGNITUDE(b, 31); - rustsecp256k1_v0_11_fe_negate(&na, a, 1); - rustsecp256k1_v0_11_fe_add(&na, b); - return rustsecp256k1_v0_11_fe_normalizes_to_zero(&na); + secp256k1_fe_negate(&na, a, 1); + secp256k1_fe_add(&na, b); + return secp256k1_fe_normalizes_to_zero(&na); } -static int rustsecp256k1_v0_11_fe_sqrt(rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT r, const rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT a) { +static int secp256k1_fe_sqrt(secp256k1_fe * SECP256K1_RESTRICT r, const secp256k1_fe * SECP256K1_RESTRICT a) { /** Given that p is congruent to 3 mod 4, we can compute the square root of * a mod p as the (p+1)/4'th power of a. * @@ -44,7 +44,7 @@ static int rustsecp256k1_v0_11_fe_sqrt(rustsecp256k1_v0_11_fe * SECP256K1_RESTRI * Also because (p+1)/4 is an even number, the computed square root is * itself always a square (a ** ((p+1)/4) is the square of a ** ((p+1)/8)). */ - rustsecp256k1_v0_11_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; + secp256k1_fe x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1; int j, ret; VERIFY_CHECK(r != a); @@ -56,101 +56,101 @@ static int rustsecp256k1_v0_11_fe_sqrt(rustsecp256k1_v0_11_fe * SECP256K1_RESTRI * 1, [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223] */ - rustsecp256k1_v0_11_fe_sqr(&x2, a); - rustsecp256k1_v0_11_fe_mul(&x2, &x2, a); + secp256k1_fe_sqr(&x2, a); + secp256k1_fe_mul(&x2, &x2, a); - rustsecp256k1_v0_11_fe_sqr(&x3, &x2); - rustsecp256k1_v0_11_fe_mul(&x3, &x3, a); + secp256k1_fe_sqr(&x3, &x2); + secp256k1_fe_mul(&x3, &x3, a); x6 = x3; for (j=0; j<3; j++) { - rustsecp256k1_v0_11_fe_sqr(&x6, &x6); + secp256k1_fe_sqr(&x6, &x6); } - rustsecp256k1_v0_11_fe_mul(&x6, &x6, &x3); + secp256k1_fe_mul(&x6, &x6, &x3); x9 = x6; for (j=0; j<3; j++) { - rustsecp256k1_v0_11_fe_sqr(&x9, &x9); + secp256k1_fe_sqr(&x9, &x9); } - rustsecp256k1_v0_11_fe_mul(&x9, &x9, &x3); + secp256k1_fe_mul(&x9, &x9, &x3); x11 = x9; for (j=0; j<2; j++) { - rustsecp256k1_v0_11_fe_sqr(&x11, &x11); + secp256k1_fe_sqr(&x11, &x11); } - rustsecp256k1_v0_11_fe_mul(&x11, &x11, &x2); + secp256k1_fe_mul(&x11, &x11, &x2); x22 = x11; for (j=0; j<11; j++) { - rustsecp256k1_v0_11_fe_sqr(&x22, &x22); + secp256k1_fe_sqr(&x22, &x22); } - rustsecp256k1_v0_11_fe_mul(&x22, &x22, &x11); + secp256k1_fe_mul(&x22, &x22, &x11); x44 = x22; for (j=0; j<22; j++) { - rustsecp256k1_v0_11_fe_sqr(&x44, &x44); + secp256k1_fe_sqr(&x44, &x44); } - rustsecp256k1_v0_11_fe_mul(&x44, &x44, &x22); + secp256k1_fe_mul(&x44, &x44, &x22); x88 = x44; for (j=0; j<44; j++) { - rustsecp256k1_v0_11_fe_sqr(&x88, &x88); + secp256k1_fe_sqr(&x88, &x88); } - rustsecp256k1_v0_11_fe_mul(&x88, &x88, &x44); + secp256k1_fe_mul(&x88, &x88, &x44); x176 = x88; for (j=0; j<88; j++) { - rustsecp256k1_v0_11_fe_sqr(&x176, &x176); + secp256k1_fe_sqr(&x176, &x176); } - rustsecp256k1_v0_11_fe_mul(&x176, &x176, &x88); + secp256k1_fe_mul(&x176, &x176, &x88); x220 = x176; for (j=0; j<44; j++) { - rustsecp256k1_v0_11_fe_sqr(&x220, &x220); + secp256k1_fe_sqr(&x220, &x220); } - rustsecp256k1_v0_11_fe_mul(&x220, &x220, &x44); + secp256k1_fe_mul(&x220, &x220, &x44); x223 = x220; for (j=0; j<3; j++) { - rustsecp256k1_v0_11_fe_sqr(&x223, &x223); + secp256k1_fe_sqr(&x223, &x223); } - rustsecp256k1_v0_11_fe_mul(&x223, &x223, &x3); + secp256k1_fe_mul(&x223, &x223, &x3); /* The final result is then assembled using a sliding window over the blocks. */ t1 = x223; for (j=0; j<23; j++) { - rustsecp256k1_v0_11_fe_sqr(&t1, &t1); + secp256k1_fe_sqr(&t1, &t1); } - rustsecp256k1_v0_11_fe_mul(&t1, &t1, &x22); + secp256k1_fe_mul(&t1, &t1, &x22); for (j=0; j<6; j++) { - rustsecp256k1_v0_11_fe_sqr(&t1, &t1); + secp256k1_fe_sqr(&t1, &t1); } - rustsecp256k1_v0_11_fe_mul(&t1, &t1, &x2); - rustsecp256k1_v0_11_fe_sqr(&t1, &t1); - rustsecp256k1_v0_11_fe_sqr(r, &t1); + secp256k1_fe_mul(&t1, &t1, &x2); + secp256k1_fe_sqr(&t1, &t1); + secp256k1_fe_sqr(r, &t1); /* Check that a square root was actually calculated */ - rustsecp256k1_v0_11_fe_sqr(&t1, r); - ret = rustsecp256k1_v0_11_fe_equal(&t1, a); + secp256k1_fe_sqr(&t1, r); + ret = secp256k1_fe_equal(&t1, a); #ifdef VERIFY if (!ret) { - rustsecp256k1_v0_11_fe_negate(&t1, &t1, 1); - rustsecp256k1_v0_11_fe_normalize_var(&t1); - VERIFY_CHECK(rustsecp256k1_v0_11_fe_equal(&t1, a)); + secp256k1_fe_negate(&t1, &t1, 1); + secp256k1_fe_normalize_var(&t1); + VERIFY_CHECK(secp256k1_fe_equal(&t1, a)); } #endif return ret; } #ifndef VERIFY -static void rustsecp256k1_v0_11_fe_verify(const rustsecp256k1_v0_11_fe *a) { (void)a; } -static void rustsecp256k1_v0_11_fe_verify_magnitude(const rustsecp256k1_v0_11_fe *a, int m) { (void)a; (void)m; } +static void secp256k1_fe_verify(const secp256k1_fe *a) { (void)a; } +static void secp256k1_fe_verify_magnitude(const secp256k1_fe *a, int m) { (void)a; (void)m; } #else -static void rustsecp256k1_v0_11_fe_impl_verify(const rustsecp256k1_v0_11_fe *a); -static void rustsecp256k1_v0_11_fe_verify(const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_verify(const secp256k1_fe *a); +static void secp256k1_fe_verify(const secp256k1_fe *a) { /* Magnitude between 0 and 32. */ SECP256K1_FE_VERIFY_MAGNITUDE(a, 32); /* Normalized is 0 or 1. */ @@ -158,122 +158,122 @@ static void rustsecp256k1_v0_11_fe_verify(const rustsecp256k1_v0_11_fe *a) { /* If normalized, magnitude must be 0 or 1. */ if (a->normalized) SECP256K1_FE_VERIFY_MAGNITUDE(a, 1); /* Invoke implementation-specific checks. */ - rustsecp256k1_v0_11_fe_impl_verify(a); + secp256k1_fe_impl_verify(a); } -static void rustsecp256k1_v0_11_fe_verify_magnitude(const rustsecp256k1_v0_11_fe *a, int m) { +static void secp256k1_fe_verify_magnitude(const secp256k1_fe *a, int m) { VERIFY_CHECK(m >= 0); VERIFY_CHECK(m <= 32); VERIFY_CHECK(a->magnitude <= m); } -static void rustsecp256k1_v0_11_fe_impl_normalize(rustsecp256k1_v0_11_fe *r); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_normalize(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize(secp256k1_fe *r); +SECP256K1_INLINE static void secp256k1_fe_normalize(secp256k1_fe *r) { SECP256K1_FE_VERIFY(r); - rustsecp256k1_v0_11_fe_impl_normalize(r); + secp256k1_fe_impl_normalize(r); r->magnitude = 1; r->normalized = 1; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_normalize_weak(rustsecp256k1_v0_11_fe *r); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_normalize_weak(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize_weak(secp256k1_fe *r); +SECP256K1_INLINE static void secp256k1_fe_normalize_weak(secp256k1_fe *r) { SECP256K1_FE_VERIFY(r); - rustsecp256k1_v0_11_fe_impl_normalize_weak(r); + secp256k1_fe_impl_normalize_weak(r); r->magnitude = 1; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_normalize_var(rustsecp256k1_v0_11_fe *r); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_normalize_var(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_normalize_var(secp256k1_fe *r); +SECP256K1_INLINE static void secp256k1_fe_normalize_var(secp256k1_fe *r) { SECP256K1_FE_VERIFY(r); - rustsecp256k1_v0_11_fe_impl_normalize_var(r); + secp256k1_fe_impl_normalize_var(r); r->magnitude = 1; r->normalized = 1; SECP256K1_FE_VERIFY(r); } -static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero(const rustsecp256k1_v0_11_fe *r); -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_normalizes_to_zero(const rustsecp256k1_v0_11_fe *r) { +static int secp256k1_fe_impl_normalizes_to_zero(const secp256k1_fe *r); +SECP256K1_INLINE static int secp256k1_fe_normalizes_to_zero(const secp256k1_fe *r) { SECP256K1_FE_VERIFY(r); - return rustsecp256k1_v0_11_fe_impl_normalizes_to_zero(r); + return secp256k1_fe_impl_normalizes_to_zero(r); } -static int rustsecp256k1_v0_11_fe_impl_normalizes_to_zero_var(const rustsecp256k1_v0_11_fe *r); -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_normalizes_to_zero_var(const rustsecp256k1_v0_11_fe *r) { +static int secp256k1_fe_impl_normalizes_to_zero_var(const secp256k1_fe *r); +SECP256K1_INLINE static int secp256k1_fe_normalizes_to_zero_var(const secp256k1_fe *r) { SECP256K1_FE_VERIFY(r); - return rustsecp256k1_v0_11_fe_impl_normalizes_to_zero_var(r); + return secp256k1_fe_impl_normalizes_to_zero_var(r); } -static void rustsecp256k1_v0_11_fe_impl_set_int(rustsecp256k1_v0_11_fe *r, int a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_set_int(rustsecp256k1_v0_11_fe *r, int a) { +static void secp256k1_fe_impl_set_int(secp256k1_fe *r, int a); +SECP256K1_INLINE static void secp256k1_fe_set_int(secp256k1_fe *r, int a) { VERIFY_CHECK(0 <= a && a <= 0x7FFF); - rustsecp256k1_v0_11_fe_impl_set_int(r, a); + secp256k1_fe_impl_set_int(r, a); r->magnitude = (a != 0); r->normalized = 1; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_add_int(rustsecp256k1_v0_11_fe *r, int a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_add_int(rustsecp256k1_v0_11_fe *r, int a) { +static void secp256k1_fe_impl_add_int(secp256k1_fe *r, int a); +SECP256K1_INLINE static void secp256k1_fe_add_int(secp256k1_fe *r, int a) { VERIFY_CHECK(0 <= a && a <= 0x7FFF); SECP256K1_FE_VERIFY(r); - rustsecp256k1_v0_11_fe_impl_add_int(r, a); + secp256k1_fe_impl_add_int(r, a); r->magnitude += 1; r->normalized = 0; SECP256K1_FE_VERIFY(r); } -static int rustsecp256k1_v0_11_fe_impl_is_zero(const rustsecp256k1_v0_11_fe *a); -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_is_zero(const rustsecp256k1_v0_11_fe *a) { +static int secp256k1_fe_impl_is_zero(const secp256k1_fe *a); +SECP256K1_INLINE static int secp256k1_fe_is_zero(const secp256k1_fe *a) { SECP256K1_FE_VERIFY(a); VERIFY_CHECK(a->normalized); - return rustsecp256k1_v0_11_fe_impl_is_zero(a); + return secp256k1_fe_impl_is_zero(a); } -static int rustsecp256k1_v0_11_fe_impl_is_odd(const rustsecp256k1_v0_11_fe *a); -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_is_odd(const rustsecp256k1_v0_11_fe *a) { +static int secp256k1_fe_impl_is_odd(const secp256k1_fe *a); +SECP256K1_INLINE static int secp256k1_fe_is_odd(const secp256k1_fe *a) { SECP256K1_FE_VERIFY(a); VERIFY_CHECK(a->normalized); - return rustsecp256k1_v0_11_fe_impl_is_odd(a); + return secp256k1_fe_impl_is_odd(a); } -static int rustsecp256k1_v0_11_fe_impl_cmp_var(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b); -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_cmp_var(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b) { +static int secp256k1_fe_impl_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b); +SECP256K1_INLINE static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) { SECP256K1_FE_VERIFY(a); SECP256K1_FE_VERIFY(b); VERIFY_CHECK(a->normalized); VERIFY_CHECK(b->normalized); - return rustsecp256k1_v0_11_fe_impl_cmp_var(a, b); + return secp256k1_fe_impl_cmp_var(a, b); } -static void rustsecp256k1_v0_11_fe_impl_set_b32_mod(rustsecp256k1_v0_11_fe *r, const unsigned char *a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_set_b32_mod(rustsecp256k1_v0_11_fe *r, const unsigned char *a) { - rustsecp256k1_v0_11_fe_impl_set_b32_mod(r, a); +static void secp256k1_fe_impl_set_b32_mod(secp256k1_fe *r, const unsigned char *a); +SECP256K1_INLINE static void secp256k1_fe_set_b32_mod(secp256k1_fe *r, const unsigned char *a) { + secp256k1_fe_impl_set_b32_mod(r, a); r->magnitude = 1; r->normalized = 0; SECP256K1_FE_VERIFY(r); } -static int rustsecp256k1_v0_11_fe_impl_set_b32_limit(rustsecp256k1_v0_11_fe *r, const unsigned char *a); -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_set_b32_limit(rustsecp256k1_v0_11_fe *r, const unsigned char *a) { - if (rustsecp256k1_v0_11_fe_impl_set_b32_limit(r, a)) { +static int secp256k1_fe_impl_set_b32_limit(secp256k1_fe *r, const unsigned char *a); +SECP256K1_INLINE static int secp256k1_fe_set_b32_limit(secp256k1_fe *r, const unsigned char *a) { + if (secp256k1_fe_impl_set_b32_limit(r, a)) { r->magnitude = 1; r->normalized = 1; SECP256K1_FE_VERIFY(r); @@ -285,55 +285,55 @@ SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_set_b32_limit(rustsecp256k1_v } } -static void rustsecp256k1_v0_11_fe_impl_get_b32(unsigned char *r, const rustsecp256k1_v0_11_fe *a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_get_b32(unsigned char *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_get_b32(unsigned char *r, const secp256k1_fe *a); +SECP256K1_INLINE static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a) { SECP256K1_FE_VERIFY(a); VERIFY_CHECK(a->normalized); - rustsecp256k1_v0_11_fe_impl_get_b32(r, a); + secp256k1_fe_impl_get_b32(r, a); } -static void rustsecp256k1_v0_11_fe_impl_negate_unchecked(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int m); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_negate_unchecked(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int m) { +static void secp256k1_fe_impl_negate_unchecked(secp256k1_fe *r, const secp256k1_fe *a, int m); +SECP256K1_INLINE static void secp256k1_fe_negate_unchecked(secp256k1_fe *r, const secp256k1_fe *a, int m) { SECP256K1_FE_VERIFY(a); VERIFY_CHECK(m >= 0 && m <= 31); SECP256K1_FE_VERIFY_MAGNITUDE(a, m); - rustsecp256k1_v0_11_fe_impl_negate_unchecked(r, a, m); + secp256k1_fe_impl_negate_unchecked(r, a, m); r->magnitude = m + 1; r->normalized = 0; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_mul_int_unchecked(rustsecp256k1_v0_11_fe *r, int a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul_int_unchecked(rustsecp256k1_v0_11_fe *r, int a) { +static void secp256k1_fe_impl_mul_int_unchecked(secp256k1_fe *r, int a); +SECP256K1_INLINE static void secp256k1_fe_mul_int_unchecked(secp256k1_fe *r, int a) { SECP256K1_FE_VERIFY(r); VERIFY_CHECK(a >= 0 && a <= 32); VERIFY_CHECK(a*r->magnitude <= 32); - rustsecp256k1_v0_11_fe_impl_mul_int_unchecked(r, a); + secp256k1_fe_impl_mul_int_unchecked(r, a); r->magnitude *= a; r->normalized = 0; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_add(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_add(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_add(secp256k1_fe *r, const secp256k1_fe *a); +SECP256K1_INLINE static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a) { SECP256K1_FE_VERIFY(r); SECP256K1_FE_VERIFY(a); VERIFY_CHECK(r->magnitude + a->magnitude <= 32); - rustsecp256k1_v0_11_fe_impl_add(r, a); + secp256k1_fe_impl_add(r, a); r->magnitude += a->magnitude; r->normalized = 0; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_mul(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT b); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe * SECP256K1_RESTRICT b) { +static void secp256k1_fe_impl_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b); +SECP256K1_INLINE static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe * SECP256K1_RESTRICT b) { SECP256K1_FE_VERIFY(a); SECP256K1_FE_VERIFY(b); SECP256K1_FE_VERIFY_MAGNITUDE(a, 8); @@ -341,111 +341,111 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_mul(rustsecp256k1_v0_11_fe * VERIFY_CHECK(r != b); VERIFY_CHECK(a != b); - rustsecp256k1_v0_11_fe_impl_mul(r, a, b); + secp256k1_fe_impl_mul(r, a, b); r->magnitude = 1; r->normalized = 0; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_sqr(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_sqr(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_sqr(secp256k1_fe *r, const secp256k1_fe *a); +SECP256K1_INLINE static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a) { SECP256K1_FE_VERIFY(a); SECP256K1_FE_VERIFY_MAGNITUDE(a, 8); - rustsecp256k1_v0_11_fe_impl_sqr(r, a); + secp256k1_fe_impl_sqr(r, a); r->magnitude = 1; r->normalized = 0; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_cmov(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int flag); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_cmov(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *a, int flag) { +static void secp256k1_fe_impl_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag); +SECP256K1_INLINE static void secp256k1_fe_cmov(secp256k1_fe *r, const secp256k1_fe *a, int flag) { VERIFY_CHECK(flag == 0 || flag == 1); SECP256K1_FE_VERIFY(a); SECP256K1_FE_VERIFY(r); - rustsecp256k1_v0_11_fe_impl_cmov(r, a, flag); + secp256k1_fe_impl_cmov(r, a, flag); if (a->magnitude > r->magnitude) r->magnitude = a->magnitude; if (!a->normalized) r->normalized = 0; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_to_storage(rustsecp256k1_v0_11_fe_storage *r, const rustsecp256k1_v0_11_fe *a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_to_storage(rustsecp256k1_v0_11_fe_storage *r, const rustsecp256k1_v0_11_fe *a) { +static void secp256k1_fe_impl_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a); +SECP256K1_INLINE static void secp256k1_fe_to_storage(secp256k1_fe_storage *r, const secp256k1_fe *a) { SECP256K1_FE_VERIFY(a); VERIFY_CHECK(a->normalized); - rustsecp256k1_v0_11_fe_impl_to_storage(r, a); + secp256k1_fe_impl_to_storage(r, a); } -static void rustsecp256k1_v0_11_fe_impl_from_storage(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe_storage *a); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_from_storage(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe_storage *a) { - rustsecp256k1_v0_11_fe_impl_from_storage(r, a); +static void secp256k1_fe_impl_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a); +SECP256K1_INLINE static void secp256k1_fe_from_storage(secp256k1_fe *r, const secp256k1_fe_storage *a) { + secp256k1_fe_impl_from_storage(r, a); r->magnitude = 1; r->normalized = 1; SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_inv(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *x); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_inv(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *x) { - int input_is_zero = rustsecp256k1_v0_11_fe_normalizes_to_zero(x); +static void secp256k1_fe_impl_inv(secp256k1_fe *r, const secp256k1_fe *x); +SECP256K1_INLINE static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *x) { + int input_is_zero = secp256k1_fe_normalizes_to_zero(x); SECP256K1_FE_VERIFY(x); - rustsecp256k1_v0_11_fe_impl_inv(r, x); + secp256k1_fe_impl_inv(r, x); r->magnitude = x->magnitude > 0; r->normalized = 1; - VERIFY_CHECK(rustsecp256k1_v0_11_fe_normalizes_to_zero(r) == input_is_zero); + VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == input_is_zero); SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_inv_var(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *x); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_inv_var(rustsecp256k1_v0_11_fe *r, const rustsecp256k1_v0_11_fe *x) { - int input_is_zero = rustsecp256k1_v0_11_fe_normalizes_to_zero(x); +static void secp256k1_fe_impl_inv_var(secp256k1_fe *r, const secp256k1_fe *x); +SECP256K1_INLINE static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *x) { + int input_is_zero = secp256k1_fe_normalizes_to_zero(x); SECP256K1_FE_VERIFY(x); - rustsecp256k1_v0_11_fe_impl_inv_var(r, x); + secp256k1_fe_impl_inv_var(r, x); r->magnitude = x->magnitude > 0; r->normalized = 1; - VERIFY_CHECK(rustsecp256k1_v0_11_fe_normalizes_to_zero(r) == input_is_zero); + VERIFY_CHECK(secp256k1_fe_normalizes_to_zero(r) == input_is_zero); SECP256K1_FE_VERIFY(r); } -static int rustsecp256k1_v0_11_fe_impl_is_square_var(const rustsecp256k1_v0_11_fe *x); -SECP256K1_INLINE static int rustsecp256k1_v0_11_fe_is_square_var(const rustsecp256k1_v0_11_fe *x) { +static int secp256k1_fe_impl_is_square_var(const secp256k1_fe *x); +SECP256K1_INLINE static int secp256k1_fe_is_square_var(const secp256k1_fe *x) { int ret; - rustsecp256k1_v0_11_fe tmp = *x, sqrt; + secp256k1_fe tmp = *x, sqrt; SECP256K1_FE_VERIFY(x); - ret = rustsecp256k1_v0_11_fe_impl_is_square_var(x); - rustsecp256k1_v0_11_fe_normalize_weak(&tmp); - VERIFY_CHECK(ret == rustsecp256k1_v0_11_fe_sqrt(&sqrt, &tmp)); + ret = secp256k1_fe_impl_is_square_var(x); + secp256k1_fe_normalize_weak(&tmp); + VERIFY_CHECK(ret == secp256k1_fe_sqrt(&sqrt, &tmp)); return ret; } -static void rustsecp256k1_v0_11_fe_impl_get_bounds(rustsecp256k1_v0_11_fe* r, int m); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_get_bounds(rustsecp256k1_v0_11_fe* r, int m) { +static void secp256k1_fe_impl_get_bounds(secp256k1_fe* r, int m); +SECP256K1_INLINE static void secp256k1_fe_get_bounds(secp256k1_fe* r, int m) { VERIFY_CHECK(m >= 0); VERIFY_CHECK(m <= 32); - rustsecp256k1_v0_11_fe_impl_get_bounds(r, m); + secp256k1_fe_impl_get_bounds(r, m); r->magnitude = m; r->normalized = (m == 0); SECP256K1_FE_VERIFY(r); } -static void rustsecp256k1_v0_11_fe_impl_half(rustsecp256k1_v0_11_fe *r); -SECP256K1_INLINE static void rustsecp256k1_v0_11_fe_half(rustsecp256k1_v0_11_fe *r) { +static void secp256k1_fe_impl_half(secp256k1_fe *r); +SECP256K1_INLINE static void secp256k1_fe_half(secp256k1_fe *r) { SECP256K1_FE_VERIFY(r); SECP256K1_FE_VERIFY_MAGNITUDE(r, 31); - rustsecp256k1_v0_11_fe_impl_half(r); + secp256k1_fe_impl_half(r); r->magnitude = (r->magnitude >> 1) + 1; r->normalized = 0; diff --git a/secp256k1-sys/depend/secp256k1/src/group.h b/secp256k1-sys/depend/secp256k1/src/group.h index afc71916a..05ae0d203 100644 --- a/secp256k1-sys/depend/secp256k1/src/group.h +++ b/secp256k1-sys/depend/secp256k1/src/group.h @@ -14,10 +14,10 @@ * Note: For exhaustive test mode, secp256k1 is replaced by a small subgroup of a different curve. */ typedef struct { - rustsecp256k1_v0_11_fe x; - rustsecp256k1_v0_11_fe y; + secp256k1_fe x; + secp256k1_fe y; int infinity; /* whether this represents the point at infinity */ -} rustsecp256k1_v0_11_ge; +} secp256k1_ge; #define SECP256K1_GE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), 0} #define SECP256K1_GE_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} @@ -26,19 +26,19 @@ typedef struct { * Note: For exhastive test mode, secp256k1 is replaced by a small subgroup of a different curve. */ typedef struct { - rustsecp256k1_v0_11_fe x; /* actual X: x/z^2 */ - rustsecp256k1_v0_11_fe y; /* actual Y: y/z^3 */ - rustsecp256k1_v0_11_fe z; + secp256k1_fe x; /* actual X: x/z^2 */ + secp256k1_fe y; /* actual Y: y/z^3 */ + secp256k1_fe z; int infinity; /* whether this represents the point at infinity */ -} rustsecp256k1_v0_11_gej; +} secp256k1_gej; #define SECP256K1_GEJ_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_CONST((i),(j),(k),(l),(m),(n),(o),(p)), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1), 0} #define SECP256K1_GEJ_CONST_INFINITY {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), 1} typedef struct { - rustsecp256k1_v0_11_fe_storage x; - rustsecp256k1_v0_11_fe_storage y; -} rustsecp256k1_v0_11_ge_storage; + secp256k1_fe_storage x; + secp256k1_fe_storage y; +} secp256k1_ge_storage; #define SECP256K1_GE_STORAGE_CONST(a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p) {SECP256K1_FE_STORAGE_CONST((a),(b),(c),(d),(e),(f),(g),(h)), SECP256K1_FE_STORAGE_CONST((i),(j),(k),(l),(m),(n),(o),(p))} @@ -53,35 +53,39 @@ typedef struct { #define SECP256K1_GEJ_Z_MAGNITUDE_MAX 1 /** Set a group element equal to the point with given X and Y coordinates */ -static void rustsecp256k1_v0_11_ge_set_xy(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_fe *x, const rustsecp256k1_v0_11_fe *y); +static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y); /** Set a group element (affine) equal to the point with the given X coordinate, and given oddness * for Y. Return value indicates whether the result is valid. */ -static int rustsecp256k1_v0_11_ge_set_xo_var(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_fe *x, int odd); +static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd); /** Determine whether x is a valid X coordinate on the curve. */ -static int rustsecp256k1_v0_11_ge_x_on_curve_var(const rustsecp256k1_v0_11_fe *x); +static int secp256k1_ge_x_on_curve_var(const secp256k1_fe *x); /** Determine whether fraction xn/xd is a valid X coordinate on the curve (xd != 0). */ -static int rustsecp256k1_v0_11_ge_x_frac_on_curve_var(const rustsecp256k1_v0_11_fe *xn, const rustsecp256k1_v0_11_fe *xd); +static int secp256k1_ge_x_frac_on_curve_var(const secp256k1_fe *xn, const secp256k1_fe *xd); /** Check whether a group element is the point at infinity. */ -static int rustsecp256k1_v0_11_ge_is_infinity(const rustsecp256k1_v0_11_ge *a); +static int secp256k1_ge_is_infinity(const secp256k1_ge *a); /** Check whether a group element is valid (i.e., on the curve). */ -static int rustsecp256k1_v0_11_ge_is_valid_var(const rustsecp256k1_v0_11_ge *a); +static int secp256k1_ge_is_valid_var(const secp256k1_ge *a); /** Set r equal to the inverse of a (i.e., mirrored around the X axis) */ -static void rustsecp256k1_v0_11_ge_neg(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge *a); +static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a); /** Set a group element equal to another which is given in jacobian coordinates. Constant time. */ -static void rustsecp256k1_v0_11_ge_set_gej(rustsecp256k1_v0_11_ge *r, rustsecp256k1_v0_11_gej *a); +static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a); /** Set a group element equal to another which is given in jacobian coordinates. */ -static void rustsecp256k1_v0_11_ge_set_gej_var(rustsecp256k1_v0_11_ge *r, rustsecp256k1_v0_11_gej *a); +static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a); -/** Set a batch of group elements equal to the inputs given in jacobian coordinates */ -static void rustsecp256k1_v0_11_ge_set_all_gej_var(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_gej *a, size_t len); +/** Set group elements r[0:len] (affine) equal to group elements a[0:len] (jacobian). + * None of the group elements in a[0:len] may be infinity. Constant time. */ +static void secp256k1_ge_set_all_gej(secp256k1_ge *r, const secp256k1_gej *a, size_t len); + +/** Set group elements r[0:len] (affine) equal to group elements a[0:len] (jacobian). */ +static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len); /** Bring a batch of inputs to the same global z "denominator", based on ratios between * (omitted) z coordinates of adjacent elements. @@ -100,95 +104,95 @@ static void rustsecp256k1_v0_11_ge_set_all_gej_var(rustsecp256k1_v0_11_ge *r, co * * The coordinates of the final element a[len-1] are not changed. */ -static void rustsecp256k1_v0_11_ge_table_set_globalz(size_t len, rustsecp256k1_v0_11_ge *a, const rustsecp256k1_v0_11_fe *zr); +static void secp256k1_ge_table_set_globalz(size_t len, secp256k1_ge *a, const secp256k1_fe *zr); /** Check two group elements (affine) for equality in variable time. */ -static int rustsecp256k1_v0_11_ge_eq_var(const rustsecp256k1_v0_11_ge *a, const rustsecp256k1_v0_11_ge *b); +static int secp256k1_ge_eq_var(const secp256k1_ge *a, const secp256k1_ge *b); /** Set a group element (affine) equal to the point at infinity. */ -static void rustsecp256k1_v0_11_ge_set_infinity(rustsecp256k1_v0_11_ge *r); +static void secp256k1_ge_set_infinity(secp256k1_ge *r); /** Set a group element (jacobian) equal to the point at infinity. */ -static void rustsecp256k1_v0_11_gej_set_infinity(rustsecp256k1_v0_11_gej *r); +static void secp256k1_gej_set_infinity(secp256k1_gej *r); /** Set a group element (jacobian) equal to another which is given in affine coordinates. */ -static void rustsecp256k1_v0_11_gej_set_ge(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_ge *a); +static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a); /** Check two group elements (jacobian) for equality in variable time. */ -static int rustsecp256k1_v0_11_gej_eq_var(const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_gej *b); +static int secp256k1_gej_eq_var(const secp256k1_gej *a, const secp256k1_gej *b); /** Check two group elements (jacobian and affine) for equality in variable time. */ -static int rustsecp256k1_v0_11_gej_eq_ge_var(const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_ge *b); +static int secp256k1_gej_eq_ge_var(const secp256k1_gej *a, const secp256k1_ge *b); /** Compare the X coordinate of a group element (jacobian). * The magnitude of the group element's X coordinate must not exceed 31. */ -static int rustsecp256k1_v0_11_gej_eq_x_var(const rustsecp256k1_v0_11_fe *x, const rustsecp256k1_v0_11_gej *a); +static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a); /** Set r equal to the inverse of a (i.e., mirrored around the X axis) */ -static void rustsecp256k1_v0_11_gej_neg(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a); +static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a); /** Check whether a group element is the point at infinity. */ -static int rustsecp256k1_v0_11_gej_is_infinity(const rustsecp256k1_v0_11_gej *a); +static int secp256k1_gej_is_infinity(const secp256k1_gej *a); /** Set r equal to the double of a. Constant time. */ -static void rustsecp256k1_v0_11_gej_double(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a); +static void secp256k1_gej_double(secp256k1_gej *r, const secp256k1_gej *a); /** Set r equal to the double of a. If rzr is not-NULL this sets *rzr such that r->z == a->z * *rzr (where infinity means an implicit z = 0). */ -static void rustsecp256k1_v0_11_gej_double_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, rustsecp256k1_v0_11_fe *rzr); +static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr); /** Set r equal to the sum of a and b. If rzr is non-NULL this sets *rzr such that r->z == a->z * *rzr (a cannot be infinity in that case). */ -static void rustsecp256k1_v0_11_gej_add_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_gej *b, rustsecp256k1_v0_11_fe *rzr); +static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr); /** Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity). */ -static void rustsecp256k1_v0_11_gej_add_ge(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_ge *b); +static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b); /** Set r equal to the sum of a and b (with b given in affine coordinates). This is more efficient - than rustsecp256k1_v0_11_gej_add_var. It is identical to rustsecp256k1_v0_11_gej_add_ge but without constant-time + than secp256k1_gej_add_var. It is identical to secp256k1_gej_add_ge but without constant-time guarantee, and b is allowed to be infinity. If rzr is non-NULL this sets *rzr such that r->z == a->z * *rzr (a cannot be infinity in that case). */ -static void rustsecp256k1_v0_11_gej_add_ge_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_ge *b, rustsecp256k1_v0_11_fe *rzr); +static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr); /** Set r equal to the sum of a and b (with the inverse of b's Z coordinate passed as bzinv). */ -static void rustsecp256k1_v0_11_gej_add_zinv_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_ge *b, const rustsecp256k1_v0_11_fe *bzinv); +static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv); /** Set r to be equal to lambda times a, where lambda is chosen in a way such that this is very fast. */ -static void rustsecp256k1_v0_11_ge_mul_lambda(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge *a); +static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a); -/** Clear a rustsecp256k1_v0_11_gej to prevent leaking sensitive information. */ -static void rustsecp256k1_v0_11_gej_clear(rustsecp256k1_v0_11_gej *r); +/** Clear a secp256k1_gej to prevent leaking sensitive information. */ +static void secp256k1_gej_clear(secp256k1_gej *r); -/** Clear a rustsecp256k1_v0_11_ge to prevent leaking sensitive information. */ -static void rustsecp256k1_v0_11_ge_clear(rustsecp256k1_v0_11_ge *r); +/** Clear a secp256k1_ge to prevent leaking sensitive information. */ +static void secp256k1_ge_clear(secp256k1_ge *r); /** Convert a group element to the storage type. */ -static void rustsecp256k1_v0_11_ge_to_storage(rustsecp256k1_v0_11_ge_storage *r, const rustsecp256k1_v0_11_ge *a); +static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a); /** Convert a group element back from the storage type. */ -static void rustsecp256k1_v0_11_ge_from_storage(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge_storage *a); +static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a); /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ -static void rustsecp256k1_v0_11_gej_cmov(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, int flag); +static void secp256k1_gej_cmov(secp256k1_gej *r, const secp256k1_gej *a, int flag); /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ -static void rustsecp256k1_v0_11_ge_storage_cmov(rustsecp256k1_v0_11_ge_storage *r, const rustsecp256k1_v0_11_ge_storage *a, int flag); +static void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag); /** Rescale a jacobian point by b which must be non-zero. Constant-time. */ -static void rustsecp256k1_v0_11_gej_rescale(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_fe *b); +static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b); /** Convert a group element that is not infinity to a 64-byte array. The output * array is platform-dependent. */ -static void rustsecp256k1_v0_11_ge_to_bytes(unsigned char *buf, const rustsecp256k1_v0_11_ge *a); +static void secp256k1_ge_to_bytes(unsigned char *buf, const secp256k1_ge *a); /** Convert a 64-byte array into group element. This function assumes that the * provided buffer correctly encodes a group element. */ -static void rustsecp256k1_v0_11_ge_from_bytes(rustsecp256k1_v0_11_ge *r, const unsigned char *buf); +static void secp256k1_ge_from_bytes(secp256k1_ge *r, const unsigned char *buf); /** Convert a group element (that is allowed to be infinity) to a 64-byte * array. The output array is platform-dependent. */ -static void rustsecp256k1_v0_11_ge_to_bytes_ext(unsigned char *data, const rustsecp256k1_v0_11_ge *ge); +static void secp256k1_ge_to_bytes_ext(unsigned char *data, const secp256k1_ge *ge); /** Convert a 64-byte array into a group element. This function assumes that the - * provided buffer is the output of rustsecp256k1_v0_11_ge_to_bytes_ext. */ -static void rustsecp256k1_v0_11_ge_from_bytes_ext(rustsecp256k1_v0_11_ge *ge, const unsigned char *data); + * provided buffer is the output of secp256k1_ge_to_bytes_ext. */ +static void secp256k1_ge_from_bytes_ext(secp256k1_ge *ge, const unsigned char *data); /** Determine if a point (which is assumed to be on the curve) is in the correct (sub)group of the curve. * @@ -199,14 +203,14 @@ static void rustsecp256k1_v0_11_ge_from_bytes_ext(rustsecp256k1_v0_11_ge *ge, co * (very) small subgroup, and that subgroup is what is used for all cryptographic operations. In that mode, this * function checks whether a point that is on the curve is in fact also in that subgroup. */ -static int rustsecp256k1_v0_11_ge_is_in_correct_subgroup(const rustsecp256k1_v0_11_ge* ge); +static int secp256k1_ge_is_in_correct_subgroup(const secp256k1_ge* ge); /** Check invariants on an affine group element (no-op unless VERIFY is enabled). */ -static void rustsecp256k1_v0_11_ge_verify(const rustsecp256k1_v0_11_ge *a); -#define SECP256K1_GE_VERIFY(a) rustsecp256k1_v0_11_ge_verify(a) +static void secp256k1_ge_verify(const secp256k1_ge *a); +#define SECP256K1_GE_VERIFY(a) secp256k1_ge_verify(a) /** Check invariants on a Jacobian group element (no-op unless VERIFY is enabled). */ -static void rustsecp256k1_v0_11_gej_verify(const rustsecp256k1_v0_11_gej *a); -#define SECP256K1_GEJ_VERIFY(a) rustsecp256k1_v0_11_gej_verify(a) +static void secp256k1_gej_verify(const secp256k1_gej *a); +#define SECP256K1_GEJ_VERIFY(a) secp256k1_gej_verify(a) #endif /* SECP256K1_GROUP_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/group_impl.h b/secp256k1-sys/depend/secp256k1/src/group_impl.h index 765bf595c..81a24b9d5 100644 --- a/secp256k1-sys/depend/secp256k1/src/group_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/group_impl.h @@ -51,17 +51,17 @@ #if defined(EXHAUSTIVE_TEST_ORDER) # if EXHAUSTIVE_TEST_ORDER == 7 -static const rustsecp256k1_v0_11_ge rustsecp256k1_v0_11_ge_const_g = SECP256K1_G_ORDER_7; +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G_ORDER_7; #define SECP256K1_B 6 # elif EXHAUSTIVE_TEST_ORDER == 13 -static const rustsecp256k1_v0_11_ge rustsecp256k1_v0_11_ge_const_g = SECP256K1_G_ORDER_13; +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G_ORDER_13; #define SECP256K1_B 2 # elif EXHAUSTIVE_TEST_ORDER == 199 -static const rustsecp256k1_v0_11_ge rustsecp256k1_v0_11_ge_const_g = SECP256K1_G_ORDER_199; +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G_ORDER_199; #define SECP256K1_B 4 # else @@ -69,13 +69,13 @@ static const rustsecp256k1_v0_11_ge rustsecp256k1_v0_11_ge_const_g = SECP256K1_G # endif #else -static const rustsecp256k1_v0_11_ge rustsecp256k1_v0_11_ge_const_g = SECP256K1_G; +static const secp256k1_ge secp256k1_ge_const_g = SECP256K1_G; #define SECP256K1_B 7 #endif /* End of section generated by sage/gen_exhaustive_groups.sage. */ -static void rustsecp256k1_v0_11_ge_verify(const rustsecp256k1_v0_11_ge *a) { +static void secp256k1_ge_verify(const secp256k1_ge *a) { SECP256K1_FE_VERIFY(&a->x); SECP256K1_FE_VERIFY(&a->y); SECP256K1_FE_VERIFY_MAGNITUDE(&a->x, SECP256K1_GE_X_MAGNITUDE_MAX); @@ -84,7 +84,7 @@ static void rustsecp256k1_v0_11_ge_verify(const rustsecp256k1_v0_11_ge *a) { (void)a; } -static void rustsecp256k1_v0_11_gej_verify(const rustsecp256k1_v0_11_gej *a) { +static void secp256k1_gej_verify(const secp256k1_gej *a) { SECP256K1_FE_VERIFY(&a->x); SECP256K1_FE_VERIFY(&a->y); SECP256K1_FE_VERIFY(&a->z); @@ -96,40 +96,40 @@ static void rustsecp256k1_v0_11_gej_verify(const rustsecp256k1_v0_11_gej *a) { } /* Set r to the affine coordinates of Jacobian point (a.x, a.y, 1/zi). */ -static void rustsecp256k1_v0_11_ge_set_gej_zinv(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_fe *zi) { - rustsecp256k1_v0_11_fe zi2; - rustsecp256k1_v0_11_fe zi3; +static void secp256k1_ge_set_gej_zinv(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zi) { + secp256k1_fe zi2; + secp256k1_fe zi3; SECP256K1_GEJ_VERIFY(a); SECP256K1_FE_VERIFY(zi); VERIFY_CHECK(!a->infinity); - rustsecp256k1_v0_11_fe_sqr(&zi2, zi); - rustsecp256k1_v0_11_fe_mul(&zi3, &zi2, zi); - rustsecp256k1_v0_11_fe_mul(&r->x, &a->x, &zi2); - rustsecp256k1_v0_11_fe_mul(&r->y, &a->y, &zi3); + secp256k1_fe_sqr(&zi2, zi); + secp256k1_fe_mul(&zi3, &zi2, zi); + secp256k1_fe_mul(&r->x, &a->x, &zi2); + secp256k1_fe_mul(&r->y, &a->y, &zi3); r->infinity = a->infinity; SECP256K1_GE_VERIFY(r); } /* Set r to the affine coordinates of Jacobian point (a.x, a.y, 1/zi). */ -static void rustsecp256k1_v0_11_ge_set_ge_zinv(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge *a, const rustsecp256k1_v0_11_fe *zi) { - rustsecp256k1_v0_11_fe zi2; - rustsecp256k1_v0_11_fe zi3; +static void secp256k1_ge_set_ge_zinv(secp256k1_ge *r, const secp256k1_ge *a, const secp256k1_fe *zi) { + secp256k1_fe zi2; + secp256k1_fe zi3; SECP256K1_GE_VERIFY(a); SECP256K1_FE_VERIFY(zi); VERIFY_CHECK(!a->infinity); - rustsecp256k1_v0_11_fe_sqr(&zi2, zi); - rustsecp256k1_v0_11_fe_mul(&zi3, &zi2, zi); - rustsecp256k1_v0_11_fe_mul(&r->x, &a->x, &zi2); - rustsecp256k1_v0_11_fe_mul(&r->y, &a->y, &zi3); + secp256k1_fe_sqr(&zi2, zi); + secp256k1_fe_mul(&zi3, &zi2, zi); + secp256k1_fe_mul(&r->x, &a->x, &zi2); + secp256k1_fe_mul(&r->y, &a->y, &zi3); r->infinity = a->infinity; SECP256K1_GE_VERIFY(r); } -static void rustsecp256k1_v0_11_ge_set_xy(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_fe *x, const rustsecp256k1_v0_11_fe *y) { +static void secp256k1_ge_set_xy(secp256k1_ge *r, const secp256k1_fe *x, const secp256k1_fe *y) { SECP256K1_FE_VERIFY(x); SECP256K1_FE_VERIFY(y); @@ -140,33 +140,33 @@ static void rustsecp256k1_v0_11_ge_set_xy(rustsecp256k1_v0_11_ge *r, const rusts SECP256K1_GE_VERIFY(r); } -static int rustsecp256k1_v0_11_ge_is_infinity(const rustsecp256k1_v0_11_ge *a) { +static int secp256k1_ge_is_infinity(const secp256k1_ge *a) { SECP256K1_GE_VERIFY(a); return a->infinity; } -static void rustsecp256k1_v0_11_ge_neg(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge *a) { +static void secp256k1_ge_neg(secp256k1_ge *r, const secp256k1_ge *a) { SECP256K1_GE_VERIFY(a); *r = *a; - rustsecp256k1_v0_11_fe_normalize_weak(&r->y); - rustsecp256k1_v0_11_fe_negate(&r->y, &r->y, 1); + secp256k1_fe_normalize_weak(&r->y); + secp256k1_fe_negate(&r->y, &r->y, 1); SECP256K1_GE_VERIFY(r); } -static void rustsecp256k1_v0_11_ge_set_gej(rustsecp256k1_v0_11_ge *r, rustsecp256k1_v0_11_gej *a) { - rustsecp256k1_v0_11_fe z2, z3; +static void secp256k1_ge_set_gej(secp256k1_ge *r, secp256k1_gej *a) { + secp256k1_fe z2, z3; SECP256K1_GEJ_VERIFY(a); r->infinity = a->infinity; - rustsecp256k1_v0_11_fe_inv(&a->z, &a->z); - rustsecp256k1_v0_11_fe_sqr(&z2, &a->z); - rustsecp256k1_v0_11_fe_mul(&z3, &a->z, &z2); - rustsecp256k1_v0_11_fe_mul(&a->x, &a->x, &z2); - rustsecp256k1_v0_11_fe_mul(&a->y, &a->y, &z3); - rustsecp256k1_v0_11_fe_set_int(&a->z, 1); + secp256k1_fe_inv(&a->z, &a->z); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_mul(&z3, &a->z, &z2); + secp256k1_fe_mul(&a->x, &a->x, &z2); + secp256k1_fe_mul(&a->y, &a->y, &z3); + secp256k1_fe_set_int(&a->z, 1); r->x = a->x; r->y = a->y; @@ -174,29 +174,67 @@ static void rustsecp256k1_v0_11_ge_set_gej(rustsecp256k1_v0_11_ge *r, rustsecp25 SECP256K1_GE_VERIFY(r); } -static void rustsecp256k1_v0_11_ge_set_gej_var(rustsecp256k1_v0_11_ge *r, rustsecp256k1_v0_11_gej *a) { - rustsecp256k1_v0_11_fe z2, z3; +static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a) { + secp256k1_fe z2, z3; SECP256K1_GEJ_VERIFY(a); - if (rustsecp256k1_v0_11_gej_is_infinity(a)) { - rustsecp256k1_v0_11_ge_set_infinity(r); + if (secp256k1_gej_is_infinity(a)) { + secp256k1_ge_set_infinity(r); return; } r->infinity = 0; - rustsecp256k1_v0_11_fe_inv_var(&a->z, &a->z); - rustsecp256k1_v0_11_fe_sqr(&z2, &a->z); - rustsecp256k1_v0_11_fe_mul(&z3, &a->z, &z2); - rustsecp256k1_v0_11_fe_mul(&a->x, &a->x, &z2); - rustsecp256k1_v0_11_fe_mul(&a->y, &a->y, &z3); - rustsecp256k1_v0_11_fe_set_int(&a->z, 1); - rustsecp256k1_v0_11_ge_set_xy(r, &a->x, &a->y); + secp256k1_fe_inv_var(&a->z, &a->z); + secp256k1_fe_sqr(&z2, &a->z); + secp256k1_fe_mul(&z3, &a->z, &z2); + secp256k1_fe_mul(&a->x, &a->x, &z2); + secp256k1_fe_mul(&a->y, &a->y, &z3); + secp256k1_fe_set_int(&a->z, 1); + secp256k1_ge_set_xy(r, &a->x, &a->y); SECP256K1_GEJ_VERIFY(a); SECP256K1_GE_VERIFY(r); } -static void rustsecp256k1_v0_11_ge_set_all_gej_var(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_gej *a, size_t len) { - rustsecp256k1_v0_11_fe u; +static void secp256k1_ge_set_all_gej(secp256k1_ge *r, const secp256k1_gej *a, size_t len) { + secp256k1_fe u; + size_t i; +#ifdef VERIFY + for (i = 0; i < len; i++) { + SECP256K1_GEJ_VERIFY(&a[i]); + VERIFY_CHECK(!secp256k1_gej_is_infinity(&a[i])); + } +#endif + + if (len == 0) { + return; + } + + /* Use destination's x coordinates as scratch space */ + r[0].x = a[0].z; + for (i = 1; i < len; i++) { + secp256k1_fe_mul(&r[i].x, &r[i - 1].x, &a[i].z); + } + secp256k1_fe_inv(&u, &r[len - 1].x); + + for (i = len - 1; i > 0; i--) { + secp256k1_fe_mul(&r[i].x, &r[i - 1].x, &u); + secp256k1_fe_mul(&u, &u, &a[i].z); + } + r[0].x = u; + + for (i = 0; i < len; i++) { + secp256k1_ge_set_gej_zinv(&r[i], &a[i], &r[i].x); + } + +#ifdef VERIFY + for (i = 0; i < len; i++) { + SECP256K1_GE_VERIFY(&r[i]); + } +#endif +} + +static void secp256k1_ge_set_all_gej_var(secp256k1_ge *r, const secp256k1_gej *a, size_t len) { + secp256k1_fe u; size_t i; size_t last_i = SIZE_MAX; #ifdef VERIFY @@ -207,13 +245,13 @@ static void rustsecp256k1_v0_11_ge_set_all_gej_var(rustsecp256k1_v0_11_ge *r, co for (i = 0; i < len; i++) { if (a[i].infinity) { - rustsecp256k1_v0_11_ge_set_infinity(&r[i]); + secp256k1_ge_set_infinity(&r[i]); } else { /* Use destination's x coordinates as scratch space */ if (last_i == SIZE_MAX) { r[i].x = a[i].z; } else { - rustsecp256k1_v0_11_fe_mul(&r[i].x, &r[last_i].x, &a[i].z); + secp256k1_fe_mul(&r[i].x, &r[last_i].x, &a[i].z); } last_i = i; } @@ -221,14 +259,14 @@ static void rustsecp256k1_v0_11_ge_set_all_gej_var(rustsecp256k1_v0_11_ge *r, co if (last_i == SIZE_MAX) { return; } - rustsecp256k1_v0_11_fe_inv_var(&u, &r[last_i].x); + secp256k1_fe_inv_var(&u, &r[last_i].x); i = last_i; while (i > 0) { i--; if (!a[i].infinity) { - rustsecp256k1_v0_11_fe_mul(&r[last_i].x, &r[i].x, &u); - rustsecp256k1_v0_11_fe_mul(&u, &u, &a[last_i].z); + secp256k1_fe_mul(&r[last_i].x, &r[i].x, &u); + secp256k1_fe_mul(&u, &u, &a[last_i].z); last_i = i; } } @@ -237,7 +275,7 @@ static void rustsecp256k1_v0_11_ge_set_all_gej_var(rustsecp256k1_v0_11_ge *r, co for (i = 0; i < len; i++) { if (!a[i].infinity) { - rustsecp256k1_v0_11_ge_set_gej_zinv(&r[i], &a[i], &r[i].x); + secp256k1_ge_set_gej_zinv(&r[i], &a[i], &r[i].x); } } @@ -248,9 +286,9 @@ static void rustsecp256k1_v0_11_ge_set_all_gej_var(rustsecp256k1_v0_11_ge *r, co #endif } -static void rustsecp256k1_v0_11_ge_table_set_globalz(size_t len, rustsecp256k1_v0_11_ge *a, const rustsecp256k1_v0_11_fe *zr) { +static void secp256k1_ge_table_set_globalz(size_t len, secp256k1_ge *a, const secp256k1_fe *zr) { size_t i; - rustsecp256k1_v0_11_fe zs; + secp256k1_fe zs; #ifdef VERIFY for (i = 0; i < len; i++) { SECP256K1_GE_VERIFY(&a[i]); @@ -261,16 +299,16 @@ static void rustsecp256k1_v0_11_ge_table_set_globalz(size_t len, rustsecp256k1_v if (len > 0) { i = len - 1; /* Ensure all y values are in weak normal form for fast negation of points */ - rustsecp256k1_v0_11_fe_normalize_weak(&a[i].y); + secp256k1_fe_normalize_weak(&a[i].y); zs = zr[i]; /* Work our way backwards, using the z-ratios to scale the x/y values. */ while (i > 0) { if (i != len - 1) { - rustsecp256k1_v0_11_fe_mul(&zs, &zs, &zr[i]); + secp256k1_fe_mul(&zs, &zs, &zr[i]); } i--; - rustsecp256k1_v0_11_ge_set_ge_zinv(&a[i], &a[i], &zs); + secp256k1_ge_set_ge_zinv(&a[i], &a[i], &zs); } } @@ -281,84 +319,84 @@ static void rustsecp256k1_v0_11_ge_table_set_globalz(size_t len, rustsecp256k1_v #endif } -static void rustsecp256k1_v0_11_gej_set_infinity(rustsecp256k1_v0_11_gej *r) { +static void secp256k1_gej_set_infinity(secp256k1_gej *r) { r->infinity = 1; - rustsecp256k1_v0_11_fe_set_int(&r->x, 0); - rustsecp256k1_v0_11_fe_set_int(&r->y, 0); - rustsecp256k1_v0_11_fe_set_int(&r->z, 0); + secp256k1_fe_set_int(&r->x, 0); + secp256k1_fe_set_int(&r->y, 0); + secp256k1_fe_set_int(&r->z, 0); SECP256K1_GEJ_VERIFY(r); } -static void rustsecp256k1_v0_11_ge_set_infinity(rustsecp256k1_v0_11_ge *r) { +static void secp256k1_ge_set_infinity(secp256k1_ge *r) { r->infinity = 1; - rustsecp256k1_v0_11_fe_set_int(&r->x, 0); - rustsecp256k1_v0_11_fe_set_int(&r->y, 0); + secp256k1_fe_set_int(&r->x, 0); + secp256k1_fe_set_int(&r->y, 0); SECP256K1_GE_VERIFY(r); } -static void rustsecp256k1_v0_11_gej_clear(rustsecp256k1_v0_11_gej *r) { - rustsecp256k1_v0_11_memclear(r, sizeof(rustsecp256k1_v0_11_gej)); +static void secp256k1_gej_clear(secp256k1_gej *r) { + secp256k1_memclear_explicit(r, sizeof(secp256k1_gej)); } -static void rustsecp256k1_v0_11_ge_clear(rustsecp256k1_v0_11_ge *r) { - rustsecp256k1_v0_11_memclear(r, sizeof(rustsecp256k1_v0_11_ge)); +static void secp256k1_ge_clear(secp256k1_ge *r) { + secp256k1_memclear_explicit(r, sizeof(secp256k1_ge)); } -static int rustsecp256k1_v0_11_ge_set_xo_var(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_fe *x, int odd) { - rustsecp256k1_v0_11_fe x2, x3; +static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd) { + secp256k1_fe x2, x3; int ret; SECP256K1_FE_VERIFY(x); r->x = *x; - rustsecp256k1_v0_11_fe_sqr(&x2, x); - rustsecp256k1_v0_11_fe_mul(&x3, x, &x2); + secp256k1_fe_sqr(&x2, x); + secp256k1_fe_mul(&x3, x, &x2); r->infinity = 0; - rustsecp256k1_v0_11_fe_add_int(&x3, SECP256K1_B); - ret = rustsecp256k1_v0_11_fe_sqrt(&r->y, &x3); - rustsecp256k1_v0_11_fe_normalize_var(&r->y); - if (rustsecp256k1_v0_11_fe_is_odd(&r->y) != odd) { - rustsecp256k1_v0_11_fe_negate(&r->y, &r->y, 1); + secp256k1_fe_add_int(&x3, SECP256K1_B); + ret = secp256k1_fe_sqrt(&r->y, &x3); + secp256k1_fe_normalize_var(&r->y); + if (secp256k1_fe_is_odd(&r->y) != odd) { + secp256k1_fe_negate(&r->y, &r->y, 1); } SECP256K1_GE_VERIFY(r); return ret; } -static void rustsecp256k1_v0_11_gej_set_ge(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_ge *a) { +static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a) { SECP256K1_GE_VERIFY(a); r->infinity = a->infinity; r->x = a->x; r->y = a->y; - rustsecp256k1_v0_11_fe_set_int(&r->z, 1); + secp256k1_fe_set_int(&r->z, 1); SECP256K1_GEJ_VERIFY(r); } -static int rustsecp256k1_v0_11_gej_eq_var(const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_gej *b) { - rustsecp256k1_v0_11_gej tmp; +static int secp256k1_gej_eq_var(const secp256k1_gej *a, const secp256k1_gej *b) { + secp256k1_gej tmp; SECP256K1_GEJ_VERIFY(b); SECP256K1_GEJ_VERIFY(a); - rustsecp256k1_v0_11_gej_neg(&tmp, a); - rustsecp256k1_v0_11_gej_add_var(&tmp, &tmp, b, NULL); - return rustsecp256k1_v0_11_gej_is_infinity(&tmp); + secp256k1_gej_neg(&tmp, a); + secp256k1_gej_add_var(&tmp, &tmp, b, NULL); + return secp256k1_gej_is_infinity(&tmp); } -static int rustsecp256k1_v0_11_gej_eq_ge_var(const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_ge *b) { - rustsecp256k1_v0_11_gej tmp; +static int secp256k1_gej_eq_ge_var(const secp256k1_gej *a, const secp256k1_ge *b) { + secp256k1_gej tmp; SECP256K1_GEJ_VERIFY(a); SECP256K1_GE_VERIFY(b); - rustsecp256k1_v0_11_gej_neg(&tmp, a); - rustsecp256k1_v0_11_gej_add_ge_var(&tmp, &tmp, b, NULL); - return rustsecp256k1_v0_11_gej_is_infinity(&tmp); + secp256k1_gej_neg(&tmp, a); + secp256k1_gej_add_ge_var(&tmp, &tmp, b, NULL); + return secp256k1_gej_is_infinity(&tmp); } -static int rustsecp256k1_v0_11_ge_eq_var(const rustsecp256k1_v0_11_ge *a, const rustsecp256k1_v0_11_ge *b) { - rustsecp256k1_v0_11_fe tmp; +static int secp256k1_ge_eq_var(const secp256k1_ge *a, const secp256k1_ge *b) { + secp256k1_fe tmp; SECP256K1_GE_VERIFY(a); SECP256K1_GE_VERIFY(b); @@ -366,62 +404,62 @@ static int rustsecp256k1_v0_11_ge_eq_var(const rustsecp256k1_v0_11_ge *a, const if (a->infinity) return 1; tmp = a->x; - rustsecp256k1_v0_11_fe_normalize_weak(&tmp); - if (!rustsecp256k1_v0_11_fe_equal(&tmp, &b->x)) return 0; + secp256k1_fe_normalize_weak(&tmp); + if (!secp256k1_fe_equal(&tmp, &b->x)) return 0; tmp = a->y; - rustsecp256k1_v0_11_fe_normalize_weak(&tmp); - if (!rustsecp256k1_v0_11_fe_equal(&tmp, &b->y)) return 0; + secp256k1_fe_normalize_weak(&tmp); + if (!secp256k1_fe_equal(&tmp, &b->y)) return 0; return 1; } -static int rustsecp256k1_v0_11_gej_eq_x_var(const rustsecp256k1_v0_11_fe *x, const rustsecp256k1_v0_11_gej *a) { - rustsecp256k1_v0_11_fe r; +static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a) { + secp256k1_fe r; SECP256K1_FE_VERIFY(x); SECP256K1_GEJ_VERIFY(a); VERIFY_CHECK(!a->infinity); - rustsecp256k1_v0_11_fe_sqr(&r, &a->z); rustsecp256k1_v0_11_fe_mul(&r, &r, x); - return rustsecp256k1_v0_11_fe_equal(&r, &a->x); + secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x); + return secp256k1_fe_equal(&r, &a->x); } -static void rustsecp256k1_v0_11_gej_neg(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a) { +static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a) { SECP256K1_GEJ_VERIFY(a); r->infinity = a->infinity; r->x = a->x; r->y = a->y; r->z = a->z; - rustsecp256k1_v0_11_fe_normalize_weak(&r->y); - rustsecp256k1_v0_11_fe_negate(&r->y, &r->y, 1); + secp256k1_fe_normalize_weak(&r->y); + secp256k1_fe_negate(&r->y, &r->y, 1); SECP256K1_GEJ_VERIFY(r); } -static int rustsecp256k1_v0_11_gej_is_infinity(const rustsecp256k1_v0_11_gej *a) { +static int secp256k1_gej_is_infinity(const secp256k1_gej *a) { SECP256K1_GEJ_VERIFY(a); return a->infinity; } -static int rustsecp256k1_v0_11_ge_is_valid_var(const rustsecp256k1_v0_11_ge *a) { - rustsecp256k1_v0_11_fe y2, x3; +static int secp256k1_ge_is_valid_var(const secp256k1_ge *a) { + secp256k1_fe y2, x3; SECP256K1_GE_VERIFY(a); if (a->infinity) { return 0; } /* y^2 = x^3 + 7 */ - rustsecp256k1_v0_11_fe_sqr(&y2, &a->y); - rustsecp256k1_v0_11_fe_sqr(&x3, &a->x); rustsecp256k1_v0_11_fe_mul(&x3, &x3, &a->x); - rustsecp256k1_v0_11_fe_add_int(&x3, SECP256K1_B); - return rustsecp256k1_v0_11_fe_equal(&y2, &x3); + secp256k1_fe_sqr(&y2, &a->y); + secp256k1_fe_sqr(&x3, &a->x); secp256k1_fe_mul(&x3, &x3, &a->x); + secp256k1_fe_add_int(&x3, SECP256K1_B); + return secp256k1_fe_equal(&y2, &x3); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_gej_double(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a) { +static SECP256K1_INLINE void secp256k1_gej_double(secp256k1_gej *r, const secp256k1_gej *a) { /* Operations: 3 mul, 4 sqr, 8 add/half/mul_int/negate */ - rustsecp256k1_v0_11_fe l, s, t; + secp256k1_fe l, s, t; SECP256K1_GEJ_VERIFY(a); r->infinity = a->infinity; @@ -435,26 +473,26 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_gej_double(rustsecp256k1_v0_11_ * Z3 = Y1*Z1 */ - rustsecp256k1_v0_11_fe_mul(&r->z, &a->z, &a->y); /* Z3 = Y1*Z1 (1) */ - rustsecp256k1_v0_11_fe_sqr(&s, &a->y); /* S = Y1^2 (1) */ - rustsecp256k1_v0_11_fe_sqr(&l, &a->x); /* L = X1^2 (1) */ - rustsecp256k1_v0_11_fe_mul_int(&l, 3); /* L = 3*X1^2 (3) */ - rustsecp256k1_v0_11_fe_half(&l); /* L = 3/2*X1^2 (2) */ - rustsecp256k1_v0_11_fe_negate(&t, &s, 1); /* T = -S (2) */ - rustsecp256k1_v0_11_fe_mul(&t, &t, &a->x); /* T = -X1*S (1) */ - rustsecp256k1_v0_11_fe_sqr(&r->x, &l); /* X3 = L^2 (1) */ - rustsecp256k1_v0_11_fe_add(&r->x, &t); /* X3 = L^2 + T (2) */ - rustsecp256k1_v0_11_fe_add(&r->x, &t); /* X3 = L^2 + 2*T (3) */ - rustsecp256k1_v0_11_fe_sqr(&s, &s); /* S' = S^2 (1) */ - rustsecp256k1_v0_11_fe_add(&t, &r->x); /* T' = X3 + T (4) */ - rustsecp256k1_v0_11_fe_mul(&r->y, &t, &l); /* Y3 = L*(X3 + T) (1) */ - rustsecp256k1_v0_11_fe_add(&r->y, &s); /* Y3 = L*(X3 + T) + S^2 (2) */ - rustsecp256k1_v0_11_fe_negate(&r->y, &r->y, 2); /* Y3 = -(L*(X3 + T) + S^2) (3) */ + secp256k1_fe_mul(&r->z, &a->z, &a->y); /* Z3 = Y1*Z1 (1) */ + secp256k1_fe_sqr(&s, &a->y); /* S = Y1^2 (1) */ + secp256k1_fe_sqr(&l, &a->x); /* L = X1^2 (1) */ + secp256k1_fe_mul_int(&l, 3); /* L = 3*X1^2 (3) */ + secp256k1_fe_half(&l); /* L = 3/2*X1^2 (2) */ + secp256k1_fe_negate(&t, &s, 1); /* T = -S (2) */ + secp256k1_fe_mul(&t, &t, &a->x); /* T = -X1*S (1) */ + secp256k1_fe_sqr(&r->x, &l); /* X3 = L^2 (1) */ + secp256k1_fe_add(&r->x, &t); /* X3 = L^2 + T (2) */ + secp256k1_fe_add(&r->x, &t); /* X3 = L^2 + 2*T (3) */ + secp256k1_fe_sqr(&s, &s); /* S' = S^2 (1) */ + secp256k1_fe_add(&t, &r->x); /* T' = X3 + T (4) */ + secp256k1_fe_mul(&r->y, &t, &l); /* Y3 = L*(X3 + T) (1) */ + secp256k1_fe_add(&r->y, &s); /* Y3 = L*(X3 + T) + S^2 (2) */ + secp256k1_fe_negate(&r->y, &r->y, 2); /* Y3 = -(L*(X3 + T) + S^2) (3) */ SECP256K1_GEJ_VERIFY(r); } -static void rustsecp256k1_v0_11_gej_double_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, rustsecp256k1_v0_11_fe *rzr) { +static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr) { SECP256K1_GEJ_VERIFY(a); /** For secp256k1, 2Q is infinity if and only if Q is infinity. This is because if 2Q = infinity, @@ -468,26 +506,26 @@ static void rustsecp256k1_v0_11_gej_double_var(rustsecp256k1_v0_11_gej *r, const * point will be gibberish (z = 0 but infinity = 0). */ if (a->infinity) { - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); if (rzr != NULL) { - rustsecp256k1_v0_11_fe_set_int(rzr, 1); + secp256k1_fe_set_int(rzr, 1); } return; } if (rzr != NULL) { *rzr = a->y; - rustsecp256k1_v0_11_fe_normalize_weak(rzr); + secp256k1_fe_normalize_weak(rzr); } - rustsecp256k1_v0_11_gej_double(r, a); + secp256k1_gej_double(r, a); SECP256K1_GEJ_VERIFY(r); } -static void rustsecp256k1_v0_11_gej_add_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_gej *b, rustsecp256k1_v0_11_fe *rzr) { +static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr) { /* 12 mul, 4 sqr, 11 add/negate/normalizes_to_zero (ignoring special cases) */ - rustsecp256k1_v0_11_fe z22, z12, u1, u2, s1, s2, h, i, h2, h3, t; + secp256k1_fe z22, z12, u1, u2, s1, s2, h, i, h2, h3, t; SECP256K1_GEJ_VERIFY(a); SECP256K1_GEJ_VERIFY(b); @@ -498,91 +536,91 @@ static void rustsecp256k1_v0_11_gej_add_var(rustsecp256k1_v0_11_gej *r, const ru } if (b->infinity) { if (rzr != NULL) { - rustsecp256k1_v0_11_fe_set_int(rzr, 1); + secp256k1_fe_set_int(rzr, 1); } *r = *a; return; } - rustsecp256k1_v0_11_fe_sqr(&z22, &b->z); - rustsecp256k1_v0_11_fe_sqr(&z12, &a->z); - rustsecp256k1_v0_11_fe_mul(&u1, &a->x, &z22); - rustsecp256k1_v0_11_fe_mul(&u2, &b->x, &z12); - rustsecp256k1_v0_11_fe_mul(&s1, &a->y, &z22); rustsecp256k1_v0_11_fe_mul(&s1, &s1, &b->z); - rustsecp256k1_v0_11_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_11_fe_mul(&s2, &s2, &a->z); - rustsecp256k1_v0_11_fe_negate(&h, &u1, 1); rustsecp256k1_v0_11_fe_add(&h, &u2); - rustsecp256k1_v0_11_fe_negate(&i, &s2, 1); rustsecp256k1_v0_11_fe_add(&i, &s1); - if (rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&h)) { - if (rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&i)) { - rustsecp256k1_v0_11_gej_double_var(r, a, rzr); + secp256k1_fe_sqr(&z22, &b->z); + secp256k1_fe_sqr(&z12, &a->z); + secp256k1_fe_mul(&u1, &a->x, &z22); + secp256k1_fe_mul(&u2, &b->x, &z12); + secp256k1_fe_mul(&s1, &a->y, &z22); secp256k1_fe_mul(&s1, &s1, &b->z); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); + secp256k1_fe_negate(&h, &u1, 1); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s2, 1); secp256k1_fe_add(&i, &s1); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, rzr); } else { if (rzr != NULL) { - rustsecp256k1_v0_11_fe_set_int(rzr, 0); + secp256k1_fe_set_int(rzr, 0); } - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); } return; } r->infinity = 0; - rustsecp256k1_v0_11_fe_mul(&t, &h, &b->z); + secp256k1_fe_mul(&t, &h, &b->z); if (rzr != NULL) { *rzr = t; } - rustsecp256k1_v0_11_fe_mul(&r->z, &a->z, &t); + secp256k1_fe_mul(&r->z, &a->z, &t); - rustsecp256k1_v0_11_fe_sqr(&h2, &h); - rustsecp256k1_v0_11_fe_negate(&h2, &h2, 1); - rustsecp256k1_v0_11_fe_mul(&h3, &h2, &h); - rustsecp256k1_v0_11_fe_mul(&t, &u1, &h2); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_negate(&h2, &h2, 1); + secp256k1_fe_mul(&h3, &h2, &h); + secp256k1_fe_mul(&t, &u1, &h2); - rustsecp256k1_v0_11_fe_sqr(&r->x, &i); - rustsecp256k1_v0_11_fe_add(&r->x, &h3); - rustsecp256k1_v0_11_fe_add(&r->x, &t); - rustsecp256k1_v0_11_fe_add(&r->x, &t); + secp256k1_fe_sqr(&r->x, &i); + secp256k1_fe_add(&r->x, &h3); + secp256k1_fe_add(&r->x, &t); + secp256k1_fe_add(&r->x, &t); - rustsecp256k1_v0_11_fe_add(&t, &r->x); - rustsecp256k1_v0_11_fe_mul(&r->y, &t, &i); - rustsecp256k1_v0_11_fe_mul(&h3, &h3, &s1); - rustsecp256k1_v0_11_fe_add(&r->y, &h3); + secp256k1_fe_add(&t, &r->x); + secp256k1_fe_mul(&r->y, &t, &i); + secp256k1_fe_mul(&h3, &h3, &s1); + secp256k1_fe_add(&r->y, &h3); SECP256K1_GEJ_VERIFY(r); } -static void rustsecp256k1_v0_11_gej_add_ge_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_ge *b, rustsecp256k1_v0_11_fe *rzr) { +static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr) { /* Operations: 8 mul, 3 sqr, 11 add/negate/normalizes_to_zero (ignoring special cases) */ - rustsecp256k1_v0_11_fe z12, u1, u2, s1, s2, h, i, h2, h3, t; + secp256k1_fe z12, u1, u2, s1, s2, h, i, h2, h3, t; SECP256K1_GEJ_VERIFY(a); SECP256K1_GE_VERIFY(b); if (a->infinity) { VERIFY_CHECK(rzr == NULL); - rustsecp256k1_v0_11_gej_set_ge(r, b); + secp256k1_gej_set_ge(r, b); return; } if (b->infinity) { if (rzr != NULL) { - rustsecp256k1_v0_11_fe_set_int(rzr, 1); + secp256k1_fe_set_int(rzr, 1); } *r = *a; return; } - rustsecp256k1_v0_11_fe_sqr(&z12, &a->z); + secp256k1_fe_sqr(&z12, &a->z); u1 = a->x; - rustsecp256k1_v0_11_fe_mul(&u2, &b->x, &z12); + secp256k1_fe_mul(&u2, &b->x, &z12); s1 = a->y; - rustsecp256k1_v0_11_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_11_fe_mul(&s2, &s2, &a->z); - rustsecp256k1_v0_11_fe_negate(&h, &u1, SECP256K1_GEJ_X_MAGNITUDE_MAX); rustsecp256k1_v0_11_fe_add(&h, &u2); - rustsecp256k1_v0_11_fe_negate(&i, &s2, 1); rustsecp256k1_v0_11_fe_add(&i, &s1); - if (rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&h)) { - if (rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&i)) { - rustsecp256k1_v0_11_gej_double_var(r, a, rzr); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &a->z); + secp256k1_fe_negate(&h, &u1, SECP256K1_GEJ_X_MAGNITUDE_MAX); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s2, 1); secp256k1_fe_add(&i, &s1); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, rzr); } else { if (rzr != NULL) { - rustsecp256k1_v0_11_fe_set_int(rzr, 0); + secp256k1_fe_set_int(rzr, 0); } - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); } return; } @@ -591,42 +629,42 @@ static void rustsecp256k1_v0_11_gej_add_ge_var(rustsecp256k1_v0_11_gej *r, const if (rzr != NULL) { *rzr = h; } - rustsecp256k1_v0_11_fe_mul(&r->z, &a->z, &h); + secp256k1_fe_mul(&r->z, &a->z, &h); - rustsecp256k1_v0_11_fe_sqr(&h2, &h); - rustsecp256k1_v0_11_fe_negate(&h2, &h2, 1); - rustsecp256k1_v0_11_fe_mul(&h3, &h2, &h); - rustsecp256k1_v0_11_fe_mul(&t, &u1, &h2); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_negate(&h2, &h2, 1); + secp256k1_fe_mul(&h3, &h2, &h); + secp256k1_fe_mul(&t, &u1, &h2); - rustsecp256k1_v0_11_fe_sqr(&r->x, &i); - rustsecp256k1_v0_11_fe_add(&r->x, &h3); - rustsecp256k1_v0_11_fe_add(&r->x, &t); - rustsecp256k1_v0_11_fe_add(&r->x, &t); + secp256k1_fe_sqr(&r->x, &i); + secp256k1_fe_add(&r->x, &h3); + secp256k1_fe_add(&r->x, &t); + secp256k1_fe_add(&r->x, &t); - rustsecp256k1_v0_11_fe_add(&t, &r->x); - rustsecp256k1_v0_11_fe_mul(&r->y, &t, &i); - rustsecp256k1_v0_11_fe_mul(&h3, &h3, &s1); - rustsecp256k1_v0_11_fe_add(&r->y, &h3); + secp256k1_fe_add(&t, &r->x); + secp256k1_fe_mul(&r->y, &t, &i); + secp256k1_fe_mul(&h3, &h3, &s1); + secp256k1_fe_add(&r->y, &h3); SECP256K1_GEJ_VERIFY(r); if (rzr != NULL) SECP256K1_FE_VERIFY(rzr); } -static void rustsecp256k1_v0_11_gej_add_zinv_var(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_ge *b, const rustsecp256k1_v0_11_fe *bzinv) { +static void secp256k1_gej_add_zinv_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, const secp256k1_fe *bzinv) { /* Operations: 9 mul, 3 sqr, 11 add/negate/normalizes_to_zero (ignoring special cases) */ - rustsecp256k1_v0_11_fe az, z12, u1, u2, s1, s2, h, i, h2, h3, t; + secp256k1_fe az, z12, u1, u2, s1, s2, h, i, h2, h3, t; SECP256K1_GEJ_VERIFY(a); SECP256K1_GE_VERIFY(b); SECP256K1_FE_VERIFY(bzinv); if (a->infinity) { - rustsecp256k1_v0_11_fe bzinv2, bzinv3; + secp256k1_fe bzinv2, bzinv3; r->infinity = b->infinity; - rustsecp256k1_v0_11_fe_sqr(&bzinv2, bzinv); - rustsecp256k1_v0_11_fe_mul(&bzinv3, &bzinv2, bzinv); - rustsecp256k1_v0_11_fe_mul(&r->x, &b->x, &bzinv2); - rustsecp256k1_v0_11_fe_mul(&r->y, &b->y, &bzinv3); - rustsecp256k1_v0_11_fe_set_int(&r->z, 1); + secp256k1_fe_sqr(&bzinv2, bzinv); + secp256k1_fe_mul(&bzinv3, &bzinv2, bzinv); + secp256k1_fe_mul(&r->x, &b->x, &bzinv2); + secp256k1_fe_mul(&r->y, &b->y, &bzinv3); + secp256k1_fe_set_int(&r->z, 1); SECP256K1_GEJ_VERIFY(r); return; } @@ -643,50 +681,50 @@ static void rustsecp256k1_v0_11_gej_add_zinv_var(rustsecp256k1_v0_11_gej *r, con * The variable az below holds the modified Z coordinate for a, which is used * for the computation of rx and ry, but not for rz. */ - rustsecp256k1_v0_11_fe_mul(&az, &a->z, bzinv); + secp256k1_fe_mul(&az, &a->z, bzinv); - rustsecp256k1_v0_11_fe_sqr(&z12, &az); + secp256k1_fe_sqr(&z12, &az); u1 = a->x; - rustsecp256k1_v0_11_fe_mul(&u2, &b->x, &z12); + secp256k1_fe_mul(&u2, &b->x, &z12); s1 = a->y; - rustsecp256k1_v0_11_fe_mul(&s2, &b->y, &z12); rustsecp256k1_v0_11_fe_mul(&s2, &s2, &az); - rustsecp256k1_v0_11_fe_negate(&h, &u1, SECP256K1_GEJ_X_MAGNITUDE_MAX); rustsecp256k1_v0_11_fe_add(&h, &u2); - rustsecp256k1_v0_11_fe_negate(&i, &s2, 1); rustsecp256k1_v0_11_fe_add(&i, &s1); - if (rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&h)) { - if (rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&i)) { - rustsecp256k1_v0_11_gej_double_var(r, a, NULL); + secp256k1_fe_mul(&s2, &b->y, &z12); secp256k1_fe_mul(&s2, &s2, &az); + secp256k1_fe_negate(&h, &u1, SECP256K1_GEJ_X_MAGNITUDE_MAX); secp256k1_fe_add(&h, &u2); + secp256k1_fe_negate(&i, &s2, 1); secp256k1_fe_add(&i, &s1); + if (secp256k1_fe_normalizes_to_zero_var(&h)) { + if (secp256k1_fe_normalizes_to_zero_var(&i)) { + secp256k1_gej_double_var(r, a, NULL); } else { - rustsecp256k1_v0_11_gej_set_infinity(r); + secp256k1_gej_set_infinity(r); } return; } r->infinity = 0; - rustsecp256k1_v0_11_fe_mul(&r->z, &a->z, &h); + secp256k1_fe_mul(&r->z, &a->z, &h); - rustsecp256k1_v0_11_fe_sqr(&h2, &h); - rustsecp256k1_v0_11_fe_negate(&h2, &h2, 1); - rustsecp256k1_v0_11_fe_mul(&h3, &h2, &h); - rustsecp256k1_v0_11_fe_mul(&t, &u1, &h2); + secp256k1_fe_sqr(&h2, &h); + secp256k1_fe_negate(&h2, &h2, 1); + secp256k1_fe_mul(&h3, &h2, &h); + secp256k1_fe_mul(&t, &u1, &h2); - rustsecp256k1_v0_11_fe_sqr(&r->x, &i); - rustsecp256k1_v0_11_fe_add(&r->x, &h3); - rustsecp256k1_v0_11_fe_add(&r->x, &t); - rustsecp256k1_v0_11_fe_add(&r->x, &t); + secp256k1_fe_sqr(&r->x, &i); + secp256k1_fe_add(&r->x, &h3); + secp256k1_fe_add(&r->x, &t); + secp256k1_fe_add(&r->x, &t); - rustsecp256k1_v0_11_fe_add(&t, &r->x); - rustsecp256k1_v0_11_fe_mul(&r->y, &t, &i); - rustsecp256k1_v0_11_fe_mul(&h3, &h3, &s1); - rustsecp256k1_v0_11_fe_add(&r->y, &h3); + secp256k1_fe_add(&t, &r->x); + secp256k1_fe_mul(&r->y, &t, &i); + secp256k1_fe_mul(&h3, &h3, &s1); + secp256k1_fe_add(&r->y, &h3); SECP256K1_GEJ_VERIFY(r); } -static void rustsecp256k1_v0_11_gej_add_ge(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_ge *b) { +static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b) { /* Operations: 7 mul, 5 sqr, 21 add/cmov/half/mul_int/negate/normalizes_to_zero */ - rustsecp256k1_v0_11_fe zz, u1, u2, s1, s2, t, tt, m, n, q, rr; - rustsecp256k1_v0_11_fe m_alt, rr_alt; + secp256k1_fe zz, u1, u2, s1, s2, t, tt, m, n, q, rr; + secp256k1_fe m_alt, rr_alt; int degenerate; SECP256K1_GEJ_VERIFY(a); SECP256K1_GE_VERIFY(b); @@ -742,62 +780,62 @@ static void rustsecp256k1_v0_11_gej_add_ge(rustsecp256k1_v0_11_gej *r, const rus * so this covers everything. */ - rustsecp256k1_v0_11_fe_sqr(&zz, &a->z); /* z = Z1^2 */ + secp256k1_fe_sqr(&zz, &a->z); /* z = Z1^2 */ u1 = a->x; /* u1 = U1 = X1*Z2^2 (GEJ_X_M) */ - rustsecp256k1_v0_11_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ + secp256k1_fe_mul(&u2, &b->x, &zz); /* u2 = U2 = X2*Z1^2 (1) */ s1 = a->y; /* s1 = S1 = Y1*Z2^3 (GEJ_Y_M) */ - rustsecp256k1_v0_11_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z1^2 (1) */ - rustsecp256k1_v0_11_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ - t = u1; rustsecp256k1_v0_11_fe_add(&t, &u2); /* t = T = U1+U2 (GEJ_X_M+1) */ - m = s1; rustsecp256k1_v0_11_fe_add(&m, &s2); /* m = M = S1+S2 (GEJ_Y_M+1) */ - rustsecp256k1_v0_11_fe_sqr(&rr, &t); /* rr = T^2 (1) */ - rustsecp256k1_v0_11_fe_negate(&m_alt, &u2, 1); /* Malt = -X2*Z1^2 (2) */ - rustsecp256k1_v0_11_fe_mul(&tt, &u1, &m_alt); /* tt = -U1*U2 (1) */ - rustsecp256k1_v0_11_fe_add(&rr, &tt); /* rr = R = T^2-U1*U2 (2) */ + secp256k1_fe_mul(&s2, &b->y, &zz); /* s2 = Y2*Z1^2 (1) */ + secp256k1_fe_mul(&s2, &s2, &a->z); /* s2 = S2 = Y2*Z1^3 (1) */ + t = u1; secp256k1_fe_add(&t, &u2); /* t = T = U1+U2 (GEJ_X_M+1) */ + m = s1; secp256k1_fe_add(&m, &s2); /* m = M = S1+S2 (GEJ_Y_M+1) */ + secp256k1_fe_sqr(&rr, &t); /* rr = T^2 (1) */ + secp256k1_fe_negate(&m_alt, &u2, 1); /* Malt = -X2*Z1^2 (2) */ + secp256k1_fe_mul(&tt, &u1, &m_alt); /* tt = -U1*U2 (1) */ + secp256k1_fe_add(&rr, &tt); /* rr = R = T^2-U1*U2 (2) */ /* If lambda = R/M = R/0 we have a problem (except in the "trivial" * case that Z = z1z2 = 0, and this is special-cased later on). */ - degenerate = rustsecp256k1_v0_11_fe_normalizes_to_zero(&m); + degenerate = secp256k1_fe_normalizes_to_zero(&m); /* This only occurs when y1 == -y2 and x1^3 == x2^3, but x1 != x2. * This means either x1 == beta*x2 or beta*x1 == x2, where beta is * a nontrivial cube root of one. In either case, an alternate * non-indeterminate expression for lambda is (y1 - y2)/(x1 - x2), * so we set R/M equal to this. */ rr_alt = s1; - rustsecp256k1_v0_11_fe_mul_int(&rr_alt, 2); /* rr_alt = Y1*Z2^3 - Y2*Z1^3 (GEJ_Y_M*2) */ - rustsecp256k1_v0_11_fe_add(&m_alt, &u1); /* Malt = X1*Z2^2 - X2*Z1^2 (GEJ_X_M+2) */ + secp256k1_fe_mul_int(&rr_alt, 2); /* rr_alt = Y1*Z2^3 - Y2*Z1^3 (GEJ_Y_M*2) */ + secp256k1_fe_add(&m_alt, &u1); /* Malt = X1*Z2^2 - X2*Z1^2 (GEJ_X_M+2) */ - rustsecp256k1_v0_11_fe_cmov(&rr_alt, &rr, !degenerate); /* rr_alt (GEJ_Y_M*2) */ - rustsecp256k1_v0_11_fe_cmov(&m_alt, &m, !degenerate); /* m_alt (GEJ_X_M+2) */ + secp256k1_fe_cmov(&rr_alt, &rr, !degenerate); /* rr_alt (GEJ_Y_M*2) */ + secp256k1_fe_cmov(&m_alt, &m, !degenerate); /* m_alt (GEJ_X_M+2) */ /* Now Ralt / Malt = lambda and is guaranteed not to be Ralt / 0. * From here on out Ralt and Malt represent the numerator * and denominator of lambda; R and M represent the explicit * expressions x1^2 + x2^2 + x1x2 and y1 + y2. */ - rustsecp256k1_v0_11_fe_sqr(&n, &m_alt); /* n = Malt^2 (1) */ - rustsecp256k1_v0_11_fe_negate(&q, &t, + secp256k1_fe_sqr(&n, &m_alt); /* n = Malt^2 (1) */ + secp256k1_fe_negate(&q, &t, SECP256K1_GEJ_X_MAGNITUDE_MAX + 1); /* q = -T (GEJ_X_M+2) */ - rustsecp256k1_v0_11_fe_mul(&q, &q, &n); /* q = Q = -T*Malt^2 (1) */ + secp256k1_fe_mul(&q, &q, &n); /* q = Q = -T*Malt^2 (1) */ /* These two lines use the observation that either M == Malt or M == 0, * so M^3 * Malt is either Malt^4 (which is computed by squaring), or * zero (which is "computed" by cmov). So the cost is one squaring * versus two multiplications. */ - rustsecp256k1_v0_11_fe_sqr(&n, &n); /* n = Malt^4 (1) */ - rustsecp256k1_v0_11_fe_cmov(&n, &m, degenerate); /* n = M^3 * Malt (GEJ_Y_M+1) */ - rustsecp256k1_v0_11_fe_sqr(&t, &rr_alt); /* t = Ralt^2 (1) */ - rustsecp256k1_v0_11_fe_mul(&r->z, &a->z, &m_alt); /* r->z = Z3 = Malt*Z (1) */ - rustsecp256k1_v0_11_fe_add(&t, &q); /* t = Ralt^2 + Q (2) */ + secp256k1_fe_sqr(&n, &n); /* n = Malt^4 (1) */ + secp256k1_fe_cmov(&n, &m, degenerate); /* n = M^3 * Malt (GEJ_Y_M+1) */ + secp256k1_fe_sqr(&t, &rr_alt); /* t = Ralt^2 (1) */ + secp256k1_fe_mul(&r->z, &a->z, &m_alt); /* r->z = Z3 = Malt*Z (1) */ + secp256k1_fe_add(&t, &q); /* t = Ralt^2 + Q (2) */ r->x = t; /* r->x = X3 = Ralt^2 + Q (2) */ - rustsecp256k1_v0_11_fe_mul_int(&t, 2); /* t = 2*X3 (4) */ - rustsecp256k1_v0_11_fe_add(&t, &q); /* t = 2*X3 + Q (5) */ - rustsecp256k1_v0_11_fe_mul(&t, &t, &rr_alt); /* t = Ralt*(2*X3 + Q) (1) */ - rustsecp256k1_v0_11_fe_add(&t, &n); /* t = Ralt*(2*X3 + Q) + M^3*Malt (GEJ_Y_M+2) */ - rustsecp256k1_v0_11_fe_negate(&r->y, &t, + secp256k1_fe_mul_int(&t, 2); /* t = 2*X3 (4) */ + secp256k1_fe_add(&t, &q); /* t = 2*X3 + Q (5) */ + secp256k1_fe_mul(&t, &t, &rr_alt); /* t = Ralt*(2*X3 + Q) (1) */ + secp256k1_fe_add(&t, &n); /* t = Ralt*(2*X3 + Q) + M^3*Malt (GEJ_Y_M+2) */ + secp256k1_fe_negate(&r->y, &t, SECP256K1_GEJ_Y_MAGNITUDE_MAX + 2); /* r->y = -(Ralt*(2*X3 + Q) + M^3*Malt) (GEJ_Y_M+3) */ - rustsecp256k1_v0_11_fe_half(&r->y); /* r->y = Y3 = -(Ralt*(2*X3 + Q) + M^3*Malt)/2 ((GEJ_Y_M+3)/2 + 1) */ + secp256k1_fe_half(&r->y); /* r->y = Y3 = -(Ralt*(2*X3 + Q) + M^3*Malt)/2 ((GEJ_Y_M+3)/2 + 1) */ /* In case a->infinity == 1, replace r with (b->x, b->y, 1). */ - rustsecp256k1_v0_11_fe_cmov(&r->x, &b->x, a->infinity); - rustsecp256k1_v0_11_fe_cmov(&r->y, &b->y, a->infinity); - rustsecp256k1_v0_11_fe_cmov(&r->z, &rustsecp256k1_v0_11_fe_one, a->infinity); + secp256k1_fe_cmov(&r->x, &b->x, a->infinity); + secp256k1_fe_cmov(&r->y, &b->y, a->infinity); + secp256k1_fe_cmov(&r->z, &secp256k1_fe_one, a->infinity); /* Set r->infinity if r->z is 0. * @@ -815,89 +853,89 @@ static void rustsecp256k1_v0_11_gej_add_ge(rustsecp256k1_v0_11_gej *r, const rus * In this case, we can't have a = -b. * We have degenerate = false, r->z = (y1 + y2) * Z. * Then r->infinity = ((y1 + y2)Z == 0) = (y1 == -y2) = false. */ - r->infinity = rustsecp256k1_v0_11_fe_normalizes_to_zero(&r->z); + r->infinity = secp256k1_fe_normalizes_to_zero(&r->z); SECP256K1_GEJ_VERIFY(r); } -static void rustsecp256k1_v0_11_gej_rescale(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_fe *s) { +static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *s) { /* Operations: 4 mul, 1 sqr */ - rustsecp256k1_v0_11_fe zz; + secp256k1_fe zz; SECP256K1_GEJ_VERIFY(r); SECP256K1_FE_VERIFY(s); - VERIFY_CHECK(!rustsecp256k1_v0_11_fe_normalizes_to_zero_var(s)); + VERIFY_CHECK(!secp256k1_fe_normalizes_to_zero_var(s)); - rustsecp256k1_v0_11_fe_sqr(&zz, s); - rustsecp256k1_v0_11_fe_mul(&r->x, &r->x, &zz); /* r->x *= s^2 */ - rustsecp256k1_v0_11_fe_mul(&r->y, &r->y, &zz); - rustsecp256k1_v0_11_fe_mul(&r->y, &r->y, s); /* r->y *= s^3 */ - rustsecp256k1_v0_11_fe_mul(&r->z, &r->z, s); /* r->z *= s */ + secp256k1_fe_sqr(&zz, s); + secp256k1_fe_mul(&r->x, &r->x, &zz); /* r->x *= s^2 */ + secp256k1_fe_mul(&r->y, &r->y, &zz); + secp256k1_fe_mul(&r->y, &r->y, s); /* r->y *= s^3 */ + secp256k1_fe_mul(&r->z, &r->z, s); /* r->z *= s */ SECP256K1_GEJ_VERIFY(r); } -static void rustsecp256k1_v0_11_ge_to_storage(rustsecp256k1_v0_11_ge_storage *r, const rustsecp256k1_v0_11_ge *a) { - rustsecp256k1_v0_11_fe x, y; +static void secp256k1_ge_to_storage(secp256k1_ge_storage *r, const secp256k1_ge *a) { + secp256k1_fe x, y; SECP256K1_GE_VERIFY(a); VERIFY_CHECK(!a->infinity); x = a->x; - rustsecp256k1_v0_11_fe_normalize(&x); + secp256k1_fe_normalize(&x); y = a->y; - rustsecp256k1_v0_11_fe_normalize(&y); - rustsecp256k1_v0_11_fe_to_storage(&r->x, &x); - rustsecp256k1_v0_11_fe_to_storage(&r->y, &y); + secp256k1_fe_normalize(&y); + secp256k1_fe_to_storage(&r->x, &x); + secp256k1_fe_to_storage(&r->y, &y); } -static void rustsecp256k1_v0_11_ge_from_storage(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge_storage *a) { - rustsecp256k1_v0_11_fe_from_storage(&r->x, &a->x); - rustsecp256k1_v0_11_fe_from_storage(&r->y, &a->y); +static void secp256k1_ge_from_storage(secp256k1_ge *r, const secp256k1_ge_storage *a) { + secp256k1_fe_from_storage(&r->x, &a->x); + secp256k1_fe_from_storage(&r->y, &a->y); r->infinity = 0; SECP256K1_GE_VERIFY(r); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_gej_cmov(rustsecp256k1_v0_11_gej *r, const rustsecp256k1_v0_11_gej *a, int flag) { +static SECP256K1_INLINE void secp256k1_gej_cmov(secp256k1_gej *r, const secp256k1_gej *a, int flag) { SECP256K1_GEJ_VERIFY(r); SECP256K1_GEJ_VERIFY(a); - rustsecp256k1_v0_11_fe_cmov(&r->x, &a->x, flag); - rustsecp256k1_v0_11_fe_cmov(&r->y, &a->y, flag); - rustsecp256k1_v0_11_fe_cmov(&r->z, &a->z, flag); + secp256k1_fe_cmov(&r->x, &a->x, flag); + secp256k1_fe_cmov(&r->y, &a->y, flag); + secp256k1_fe_cmov(&r->z, &a->z, flag); r->infinity ^= (r->infinity ^ a->infinity) & flag; SECP256K1_GEJ_VERIFY(r); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_ge_storage_cmov(rustsecp256k1_v0_11_ge_storage *r, const rustsecp256k1_v0_11_ge_storage *a, int flag) { - rustsecp256k1_v0_11_fe_storage_cmov(&r->x, &a->x, flag); - rustsecp256k1_v0_11_fe_storage_cmov(&r->y, &a->y, flag); +static SECP256K1_INLINE void secp256k1_ge_storage_cmov(secp256k1_ge_storage *r, const secp256k1_ge_storage *a, int flag) { + secp256k1_fe_storage_cmov(&r->x, &a->x, flag); + secp256k1_fe_storage_cmov(&r->y, &a->y, flag); } -static void rustsecp256k1_v0_11_ge_mul_lambda(rustsecp256k1_v0_11_ge *r, const rustsecp256k1_v0_11_ge *a) { +static void secp256k1_ge_mul_lambda(secp256k1_ge *r, const secp256k1_ge *a) { SECP256K1_GE_VERIFY(a); *r = *a; - rustsecp256k1_v0_11_fe_mul(&r->x, &r->x, &rustsecp256k1_v0_11_const_beta); + secp256k1_fe_mul(&r->x, &r->x, &secp256k1_const_beta); SECP256K1_GE_VERIFY(r); } -static int rustsecp256k1_v0_11_ge_is_in_correct_subgroup(const rustsecp256k1_v0_11_ge* ge) { +static int secp256k1_ge_is_in_correct_subgroup(const secp256k1_ge* ge) { #ifdef EXHAUSTIVE_TEST_ORDER - rustsecp256k1_v0_11_gej out; + secp256k1_gej out; int i; SECP256K1_GE_VERIFY(ge); /* A very simple EC multiplication ladder that avoids a dependency on ecmult. */ - rustsecp256k1_v0_11_gej_set_infinity(&out); + secp256k1_gej_set_infinity(&out); for (i = 0; i < 32; ++i) { - rustsecp256k1_v0_11_gej_double_var(&out, &out, NULL); + secp256k1_gej_double_var(&out, &out, NULL); if ((((uint32_t)EXHAUSTIVE_TEST_ORDER) >> (31 - i)) & 1) { - rustsecp256k1_v0_11_gej_add_ge_var(&out, &out, ge, NULL); + secp256k1_gej_add_ge_var(&out, &out, ge, NULL); } } - return rustsecp256k1_v0_11_gej_is_infinity(&out); + return secp256k1_gej_is_infinity(&out); #else SECP256K1_GE_VERIFY(ge); @@ -907,67 +945,67 @@ static int rustsecp256k1_v0_11_ge_is_in_correct_subgroup(const rustsecp256k1_v0_ #endif } -static int rustsecp256k1_v0_11_ge_x_on_curve_var(const rustsecp256k1_v0_11_fe *x) { - rustsecp256k1_v0_11_fe c; - rustsecp256k1_v0_11_fe_sqr(&c, x); - rustsecp256k1_v0_11_fe_mul(&c, &c, x); - rustsecp256k1_v0_11_fe_add_int(&c, SECP256K1_B); - return rustsecp256k1_v0_11_fe_is_square_var(&c); +static int secp256k1_ge_x_on_curve_var(const secp256k1_fe *x) { + secp256k1_fe c; + secp256k1_fe_sqr(&c, x); + secp256k1_fe_mul(&c, &c, x); + secp256k1_fe_add_int(&c, SECP256K1_B); + return secp256k1_fe_is_square_var(&c); } -static int rustsecp256k1_v0_11_ge_x_frac_on_curve_var(const rustsecp256k1_v0_11_fe *xn, const rustsecp256k1_v0_11_fe *xd) { +static int secp256k1_ge_x_frac_on_curve_var(const secp256k1_fe *xn, const secp256k1_fe *xd) { /* We want to determine whether (xn/xd) is on the curve. * * (xn/xd)^3 + 7 is square <=> xd*xn^3 + 7*xd^4 is square (multiplying by xd^4, a square). */ - rustsecp256k1_v0_11_fe r, t; - VERIFY_CHECK(!rustsecp256k1_v0_11_fe_normalizes_to_zero_var(xd)); - - rustsecp256k1_v0_11_fe_mul(&r, xd, xn); /* r = xd*xn */ - rustsecp256k1_v0_11_fe_sqr(&t, xn); /* t = xn^2 */ - rustsecp256k1_v0_11_fe_mul(&r, &r, &t); /* r = xd*xn^3 */ - rustsecp256k1_v0_11_fe_sqr(&t, xd); /* t = xd^2 */ - rustsecp256k1_v0_11_fe_sqr(&t, &t); /* t = xd^4 */ + secp256k1_fe r, t; + VERIFY_CHECK(!secp256k1_fe_normalizes_to_zero_var(xd)); + + secp256k1_fe_mul(&r, xd, xn); /* r = xd*xn */ + secp256k1_fe_sqr(&t, xn); /* t = xn^2 */ + secp256k1_fe_mul(&r, &r, &t); /* r = xd*xn^3 */ + secp256k1_fe_sqr(&t, xd); /* t = xd^2 */ + secp256k1_fe_sqr(&t, &t); /* t = xd^4 */ VERIFY_CHECK(SECP256K1_B <= 31); - rustsecp256k1_v0_11_fe_mul_int(&t, SECP256K1_B); /* t = 7*xd^4 */ - rustsecp256k1_v0_11_fe_add(&r, &t); /* r = xd*xn^3 + 7*xd^4 */ - return rustsecp256k1_v0_11_fe_is_square_var(&r); + secp256k1_fe_mul_int(&t, SECP256K1_B); /* t = 7*xd^4 */ + secp256k1_fe_add(&r, &t); /* r = xd*xn^3 + 7*xd^4 */ + return secp256k1_fe_is_square_var(&r); } -static void rustsecp256k1_v0_11_ge_to_bytes(unsigned char *buf, const rustsecp256k1_v0_11_ge *a) { - rustsecp256k1_v0_11_ge_storage s; +static void secp256k1_ge_to_bytes(unsigned char *buf, const secp256k1_ge *a) { + secp256k1_ge_storage s; - /* We require that the rustsecp256k1_v0_11_ge_storage type is exactly 64 bytes. + /* We require that the secp256k1_ge_storage type is exactly 64 bytes. * This is formally not guaranteed by the C standard, but should hold on any * sane compiler in the real world. */ - STATIC_ASSERT(sizeof(rustsecp256k1_v0_11_ge_storage) == 64); - VERIFY_CHECK(!rustsecp256k1_v0_11_ge_is_infinity(a)); - rustsecp256k1_v0_11_ge_to_storage(&s, a); + STATIC_ASSERT(sizeof(secp256k1_ge_storage) == 64); + VERIFY_CHECK(!secp256k1_ge_is_infinity(a)); + secp256k1_ge_to_storage(&s, a); memcpy(buf, &s, 64); } -static void rustsecp256k1_v0_11_ge_from_bytes(rustsecp256k1_v0_11_ge *r, const unsigned char *buf) { - rustsecp256k1_v0_11_ge_storage s; +static void secp256k1_ge_from_bytes(secp256k1_ge *r, const unsigned char *buf) { + secp256k1_ge_storage s; - STATIC_ASSERT(sizeof(rustsecp256k1_v0_11_ge_storage) == 64); + STATIC_ASSERT(sizeof(secp256k1_ge_storage) == 64); memcpy(&s, buf, 64); - rustsecp256k1_v0_11_ge_from_storage(r, &s); + secp256k1_ge_from_storage(r, &s); } -static void rustsecp256k1_v0_11_ge_to_bytes_ext(unsigned char *data, const rustsecp256k1_v0_11_ge *ge) { - if (rustsecp256k1_v0_11_ge_is_infinity(ge)) { +static void secp256k1_ge_to_bytes_ext(unsigned char *data, const secp256k1_ge *ge) { + if (secp256k1_ge_is_infinity(ge)) { memset(data, 0, 64); } else { - rustsecp256k1_v0_11_ge_to_bytes(data, ge); + secp256k1_ge_to_bytes(data, ge); } } -static void rustsecp256k1_v0_11_ge_from_bytes_ext(rustsecp256k1_v0_11_ge *ge, const unsigned char *data) { +static void secp256k1_ge_from_bytes_ext(secp256k1_ge *ge, const unsigned char *data) { static const unsigned char zeros[64] = { 0 }; - if (rustsecp256k1_v0_11_memcmp_var(data, zeros, sizeof(zeros)) == 0) { - rustsecp256k1_v0_11_ge_set_infinity(ge); + if (secp256k1_memcmp_var(data, zeros, sizeof(zeros)) == 0) { + secp256k1_ge_set_infinity(ge); } else { - rustsecp256k1_v0_11_ge_from_bytes(ge, data); + secp256k1_ge_from_bytes(ge, data); } } diff --git a/secp256k1-sys/depend/secp256k1/src/hash.h b/secp256k1-sys/depend/secp256k1/src/hash.h index 357763aaa..6d903ca7e 100644 --- a/secp256k1-sys/depend/secp256k1/src/hash.h +++ b/secp256k1-sys/depend/secp256k1/src/hash.h @@ -14,31 +14,31 @@ typedef struct { uint32_t s[8]; unsigned char buf[64]; uint64_t bytes; -} rustsecp256k1_v0_11_sha256; +} secp256k1_sha256; -static void rustsecp256k1_v0_11_sha256_initialize(rustsecp256k1_v0_11_sha256 *hash); -static void rustsecp256k1_v0_11_sha256_write(rustsecp256k1_v0_11_sha256 *hash, const unsigned char *data, size_t size); -static void rustsecp256k1_v0_11_sha256_finalize(rustsecp256k1_v0_11_sha256 *hash, unsigned char *out32); -static void rustsecp256k1_v0_11_sha256_clear(rustsecp256k1_v0_11_sha256 *hash); +static void secp256k1_sha256_initialize(secp256k1_sha256 *hash); +static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size); +static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32); +static void secp256k1_sha256_clear(secp256k1_sha256 *hash); typedef struct { - rustsecp256k1_v0_11_sha256 inner, outer; -} rustsecp256k1_v0_11_hmac_sha256; + secp256k1_sha256 inner, outer; +} secp256k1_hmac_sha256; -static void rustsecp256k1_v0_11_hmac_sha256_initialize(rustsecp256k1_v0_11_hmac_sha256 *hash, const unsigned char *key, size_t size); -static void rustsecp256k1_v0_11_hmac_sha256_write(rustsecp256k1_v0_11_hmac_sha256 *hash, const unsigned char *data, size_t size); -static void rustsecp256k1_v0_11_hmac_sha256_finalize(rustsecp256k1_v0_11_hmac_sha256 *hash, unsigned char *out32); -static void rustsecp256k1_v0_11_hmac_sha256_clear(rustsecp256k1_v0_11_hmac_sha256 *hash); +static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t size); +static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size); +static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32); +static void secp256k1_hmac_sha256_clear(secp256k1_hmac_sha256 *hash); typedef struct { unsigned char v[32]; unsigned char k[32]; int retry; -} rustsecp256k1_v0_11_rfc6979_hmac_sha256; +} secp256k1_rfc6979_hmac_sha256; -static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(rustsecp256k1_v0_11_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen); -static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(rustsecp256k1_v0_11_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen); -static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_finalize(rustsecp256k1_v0_11_rfc6979_hmac_sha256 *rng); -static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_clear(rustsecp256k1_v0_11_rfc6979_hmac_sha256 *rng); +static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen); +static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen); +static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng); +static void secp256k1_rfc6979_hmac_sha256_clear(secp256k1_rfc6979_hmac_sha256 *rng); #endif /* SECP256K1_HASH_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/hash_impl.h b/secp256k1-sys/depend/secp256k1/src/hash_impl.h index 373af72d4..434191777 100644 --- a/secp256k1-sys/depend/secp256k1/src/hash_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/hash_impl.h @@ -28,7 +28,7 @@ (h) = t1 + t2; \ } while(0) -static void rustsecp256k1_v0_11_sha256_initialize(rustsecp256k1_v0_11_sha256 *hash) { +static void secp256k1_sha256_initialize(secp256k1_sha256 *hash) { hash->s[0] = 0x6a09e667ul; hash->s[1] = 0xbb67ae85ul; hash->s[2] = 0x3c6ef372ul; @@ -41,26 +41,26 @@ static void rustsecp256k1_v0_11_sha256_initialize(rustsecp256k1_v0_11_sha256 *ha } /** Perform one SHA-256 transformation, processing 16 big endian 32-bit words. */ -static void rustsecp256k1_v0_11_sha256_transform(uint32_t* s, const unsigned char* buf) { +static void secp256k1_sha256_transform(uint32_t* s, const unsigned char* buf) { uint32_t a = s[0], b = s[1], c = s[2], d = s[3], e = s[4], f = s[5], g = s[6], h = s[7]; uint32_t w0, w1, w2, w3, w4, w5, w6, w7, w8, w9, w10, w11, w12, w13, w14, w15; - Round(a, b, c, d, e, f, g, h, 0x428a2f98, w0 = rustsecp256k1_v0_11_read_be32(&buf[0])); - Round(h, a, b, c, d, e, f, g, 0x71374491, w1 = rustsecp256k1_v0_11_read_be32(&buf[4])); - Round(g, h, a, b, c, d, e, f, 0xb5c0fbcf, w2 = rustsecp256k1_v0_11_read_be32(&buf[8])); - Round(f, g, h, a, b, c, d, e, 0xe9b5dba5, w3 = rustsecp256k1_v0_11_read_be32(&buf[12])); - Round(e, f, g, h, a, b, c, d, 0x3956c25b, w4 = rustsecp256k1_v0_11_read_be32(&buf[16])); - Round(d, e, f, g, h, a, b, c, 0x59f111f1, w5 = rustsecp256k1_v0_11_read_be32(&buf[20])); - Round(c, d, e, f, g, h, a, b, 0x923f82a4, w6 = rustsecp256k1_v0_11_read_be32(&buf[24])); - Round(b, c, d, e, f, g, h, a, 0xab1c5ed5, w7 = rustsecp256k1_v0_11_read_be32(&buf[28])); - Round(a, b, c, d, e, f, g, h, 0xd807aa98, w8 = rustsecp256k1_v0_11_read_be32(&buf[32])); - Round(h, a, b, c, d, e, f, g, 0x12835b01, w9 = rustsecp256k1_v0_11_read_be32(&buf[36])); - Round(g, h, a, b, c, d, e, f, 0x243185be, w10 = rustsecp256k1_v0_11_read_be32(&buf[40])); - Round(f, g, h, a, b, c, d, e, 0x550c7dc3, w11 = rustsecp256k1_v0_11_read_be32(&buf[44])); - Round(e, f, g, h, a, b, c, d, 0x72be5d74, w12 = rustsecp256k1_v0_11_read_be32(&buf[48])); - Round(d, e, f, g, h, a, b, c, 0x80deb1fe, w13 = rustsecp256k1_v0_11_read_be32(&buf[52])); - Round(c, d, e, f, g, h, a, b, 0x9bdc06a7, w14 = rustsecp256k1_v0_11_read_be32(&buf[56])); - Round(b, c, d, e, f, g, h, a, 0xc19bf174, w15 = rustsecp256k1_v0_11_read_be32(&buf[60])); + Round(a, b, c, d, e, f, g, h, 0x428a2f98, w0 = secp256k1_read_be32(&buf[0])); + Round(h, a, b, c, d, e, f, g, 0x71374491, w1 = secp256k1_read_be32(&buf[4])); + Round(g, h, a, b, c, d, e, f, 0xb5c0fbcf, w2 = secp256k1_read_be32(&buf[8])); + Round(f, g, h, a, b, c, d, e, 0xe9b5dba5, w3 = secp256k1_read_be32(&buf[12])); + Round(e, f, g, h, a, b, c, d, 0x3956c25b, w4 = secp256k1_read_be32(&buf[16])); + Round(d, e, f, g, h, a, b, c, 0x59f111f1, w5 = secp256k1_read_be32(&buf[20])); + Round(c, d, e, f, g, h, a, b, 0x923f82a4, w6 = secp256k1_read_be32(&buf[24])); + Round(b, c, d, e, f, g, h, a, 0xab1c5ed5, w7 = secp256k1_read_be32(&buf[28])); + Round(a, b, c, d, e, f, g, h, 0xd807aa98, w8 = secp256k1_read_be32(&buf[32])); + Round(h, a, b, c, d, e, f, g, 0x12835b01, w9 = secp256k1_read_be32(&buf[36])); + Round(g, h, a, b, c, d, e, f, 0x243185be, w10 = secp256k1_read_be32(&buf[40])); + Round(f, g, h, a, b, c, d, e, 0x550c7dc3, w11 = secp256k1_read_be32(&buf[44])); + Round(e, f, g, h, a, b, c, d, 0x72be5d74, w12 = secp256k1_read_be32(&buf[48])); + Round(d, e, f, g, h, a, b, c, 0x80deb1fe, w13 = secp256k1_read_be32(&buf[52])); + Round(c, d, e, f, g, h, a, b, 0x9bdc06a7, w14 = secp256k1_read_be32(&buf[56])); + Round(b, c, d, e, f, g, h, a, 0xc19bf174, w15 = secp256k1_read_be32(&buf[60])); Round(a, b, c, d, e, f, g, h, 0xe49b69c1, w0 += sigma1(w14) + w9 + sigma0(w1)); Round(h, a, b, c, d, e, f, g, 0xefbe4786, w1 += sigma1(w15) + w10 + sigma0(w2)); @@ -123,7 +123,7 @@ static void rustsecp256k1_v0_11_sha256_transform(uint32_t* s, const unsigned cha s[7] += h; } -static void rustsecp256k1_v0_11_sha256_write(rustsecp256k1_v0_11_sha256 *hash, const unsigned char *data, size_t len) { +static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t len) { size_t bufsize = hash->bytes & 0x3F; hash->bytes += len; VERIFY_CHECK(hash->bytes >= len); @@ -133,7 +133,7 @@ static void rustsecp256k1_v0_11_sha256_write(rustsecp256k1_v0_11_sha256 *hash, c memcpy(hash->buf + bufsize, data, chunk_len); data += chunk_len; len -= chunk_len; - rustsecp256k1_v0_11_sha256_transform(hash->s, hash->buf); + secp256k1_sha256_transform(hash->s, hash->buf); bufsize = 0; } if (len) { @@ -142,85 +142,85 @@ static void rustsecp256k1_v0_11_sha256_write(rustsecp256k1_v0_11_sha256 *hash, c } } -static void rustsecp256k1_v0_11_sha256_finalize(rustsecp256k1_v0_11_sha256 *hash, unsigned char *out32) { +static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32) { static const unsigned char pad[64] = {0x80}; unsigned char sizedesc[8]; int i; /* The maximum message size of SHA256 is 2^64-1 bits. */ VERIFY_CHECK(hash->bytes < ((uint64_t)1 << 61)); - rustsecp256k1_v0_11_write_be32(&sizedesc[0], hash->bytes >> 29); - rustsecp256k1_v0_11_write_be32(&sizedesc[4], hash->bytes << 3); - rustsecp256k1_v0_11_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); - rustsecp256k1_v0_11_sha256_write(hash, sizedesc, 8); + secp256k1_write_be32(&sizedesc[0], hash->bytes >> 29); + secp256k1_write_be32(&sizedesc[4], hash->bytes << 3); + secp256k1_sha256_write(hash, pad, 1 + ((119 - (hash->bytes % 64)) % 64)); + secp256k1_sha256_write(hash, sizedesc, 8); for (i = 0; i < 8; i++) { - rustsecp256k1_v0_11_write_be32(&out32[4*i], hash->s[i]); + secp256k1_write_be32(&out32[4*i], hash->s[i]); hash->s[i] = 0; } } /* Initializes a sha256 struct and writes the 64 byte string * SHA256(tag)||SHA256(tag) into it. */ -static void rustsecp256k1_v0_11_sha256_initialize_tagged(rustsecp256k1_v0_11_sha256 *hash, const unsigned char *tag, size_t taglen) { +static void secp256k1_sha256_initialize_tagged(secp256k1_sha256 *hash, const unsigned char *tag, size_t taglen) { unsigned char buf[32]; - rustsecp256k1_v0_11_sha256_initialize(hash); - rustsecp256k1_v0_11_sha256_write(hash, tag, taglen); - rustsecp256k1_v0_11_sha256_finalize(hash, buf); + secp256k1_sha256_initialize(hash); + secp256k1_sha256_write(hash, tag, taglen); + secp256k1_sha256_finalize(hash, buf); - rustsecp256k1_v0_11_sha256_initialize(hash); - rustsecp256k1_v0_11_sha256_write(hash, buf, 32); - rustsecp256k1_v0_11_sha256_write(hash, buf, 32); + secp256k1_sha256_initialize(hash); + secp256k1_sha256_write(hash, buf, 32); + secp256k1_sha256_write(hash, buf, 32); } -static void rustsecp256k1_v0_11_sha256_clear(rustsecp256k1_v0_11_sha256 *hash) { - rustsecp256k1_v0_11_memclear(hash, sizeof(*hash)); +static void secp256k1_sha256_clear(secp256k1_sha256 *hash) { + secp256k1_memclear_explicit(hash, sizeof(*hash)); } -static void rustsecp256k1_v0_11_hmac_sha256_initialize(rustsecp256k1_v0_11_hmac_sha256 *hash, const unsigned char *key, size_t keylen) { +static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t keylen) { size_t n; unsigned char rkey[64]; if (keylen <= sizeof(rkey)) { memcpy(rkey, key, keylen); memset(rkey + keylen, 0, sizeof(rkey) - keylen); } else { - rustsecp256k1_v0_11_sha256 sha256; - rustsecp256k1_v0_11_sha256_initialize(&sha256); - rustsecp256k1_v0_11_sha256_write(&sha256, key, keylen); - rustsecp256k1_v0_11_sha256_finalize(&sha256, rkey); + secp256k1_sha256 sha256; + secp256k1_sha256_initialize(&sha256); + secp256k1_sha256_write(&sha256, key, keylen); + secp256k1_sha256_finalize(&sha256, rkey); memset(rkey + 32, 0, 32); } - rustsecp256k1_v0_11_sha256_initialize(&hash->outer); + secp256k1_sha256_initialize(&hash->outer); for (n = 0; n < sizeof(rkey); n++) { rkey[n] ^= 0x5c; } - rustsecp256k1_v0_11_sha256_write(&hash->outer, rkey, sizeof(rkey)); + secp256k1_sha256_write(&hash->outer, rkey, sizeof(rkey)); - rustsecp256k1_v0_11_sha256_initialize(&hash->inner); + secp256k1_sha256_initialize(&hash->inner); for (n = 0; n < sizeof(rkey); n++) { rkey[n] ^= 0x5c ^ 0x36; } - rustsecp256k1_v0_11_sha256_write(&hash->inner, rkey, sizeof(rkey)); - rustsecp256k1_v0_11_memclear(rkey, sizeof(rkey)); + secp256k1_sha256_write(&hash->inner, rkey, sizeof(rkey)); + secp256k1_memclear_explicit(rkey, sizeof(rkey)); } -static void rustsecp256k1_v0_11_hmac_sha256_write(rustsecp256k1_v0_11_hmac_sha256 *hash, const unsigned char *data, size_t size) { - rustsecp256k1_v0_11_sha256_write(&hash->inner, data, size); +static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size) { + secp256k1_sha256_write(&hash->inner, data, size); } -static void rustsecp256k1_v0_11_hmac_sha256_finalize(rustsecp256k1_v0_11_hmac_sha256 *hash, unsigned char *out32) { +static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32) { unsigned char temp[32]; - rustsecp256k1_v0_11_sha256_finalize(&hash->inner, temp); - rustsecp256k1_v0_11_sha256_write(&hash->outer, temp, 32); - rustsecp256k1_v0_11_memclear(temp, sizeof(temp)); - rustsecp256k1_v0_11_sha256_finalize(&hash->outer, out32); + secp256k1_sha256_finalize(&hash->inner, temp); + secp256k1_sha256_write(&hash->outer, temp, 32); + secp256k1_memclear_explicit(temp, sizeof(temp)); + secp256k1_sha256_finalize(&hash->outer, out32); } -static void rustsecp256k1_v0_11_hmac_sha256_clear(rustsecp256k1_v0_11_hmac_sha256 *hash) { - rustsecp256k1_v0_11_memclear(hash, sizeof(*hash)); +static void secp256k1_hmac_sha256_clear(secp256k1_hmac_sha256 *hash) { + secp256k1_memclear_explicit(hash, sizeof(*hash)); } -static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(rustsecp256k1_v0_11_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { - rustsecp256k1_v0_11_hmac_sha256 hmac; +static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen) { + secp256k1_hmac_sha256 hmac; static const unsigned char zero[1] = {0x00}; static const unsigned char one[1] = {0x01}; @@ -228,47 +228,47 @@ static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(rustsecp256k1_v0_ memset(rng->k, 0x00, 32); /* RFC6979 3.2.c. */ /* RFC6979 3.2.d. */ - rustsecp256k1_v0_11_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, zero, 1); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, key, keylen); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hmac, rng->k); - rustsecp256k1_v0_11_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hmac, rng->v); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, zero, 1); + secp256k1_hmac_sha256_write(&hmac, key, keylen); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); /* RFC6979 3.2.f. */ - rustsecp256k1_v0_11_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, one, 1); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, key, keylen); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hmac, rng->k); - rustsecp256k1_v0_11_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hmac, rng->v); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, one, 1); + secp256k1_hmac_sha256_write(&hmac, key, keylen); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); rng->retry = 0; } -static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(rustsecp256k1_v0_11_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen) { +static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen) { /* RFC6979 3.2.h. */ static const unsigned char zero[1] = {0x00}; if (rng->retry) { - rustsecp256k1_v0_11_hmac_sha256 hmac; - rustsecp256k1_v0_11_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, zero, 1); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hmac, rng->k); - rustsecp256k1_v0_11_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hmac, rng->v); + secp256k1_hmac_sha256 hmac; + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_write(&hmac, zero, 1); + secp256k1_hmac_sha256_finalize(&hmac, rng->k); + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); } while (outlen > 0) { - rustsecp256k1_v0_11_hmac_sha256 hmac; - int now = outlen; - rustsecp256k1_v0_11_hmac_sha256_initialize(&hmac, rng->k, 32); - rustsecp256k1_v0_11_hmac_sha256_write(&hmac, rng->v, 32); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hmac, rng->v); + secp256k1_hmac_sha256 hmac; + size_t now = outlen; + secp256k1_hmac_sha256_initialize(&hmac, rng->k, 32); + secp256k1_hmac_sha256_write(&hmac, rng->v, 32); + secp256k1_hmac_sha256_finalize(&hmac, rng->v); if (now > 32) { now = 32; } @@ -280,12 +280,12 @@ static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(rustsecp256k1_v0_11 rng->retry = 1; } -static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_finalize(rustsecp256k1_v0_11_rfc6979_hmac_sha256 *rng) { +static void secp256k1_rfc6979_hmac_sha256_finalize(secp256k1_rfc6979_hmac_sha256 *rng) { (void) rng; } -static void rustsecp256k1_v0_11_rfc6979_hmac_sha256_clear(rustsecp256k1_v0_11_rfc6979_hmac_sha256 *rng) { - rustsecp256k1_v0_11_memclear(rng, sizeof(*rng)); +static void secp256k1_rfc6979_hmac_sha256_clear(secp256k1_rfc6979_hmac_sha256 *rng) { + secp256k1_memclear_explicit(rng, sizeof(*rng)); } #undef Round diff --git a/secp256k1-sys/depend/secp256k1/src/hsort.h b/secp256k1-sys/depend/secp256k1/src/hsort.h index 8c8660ff5..d54995caa 100644 --- a/secp256k1-sys/depend/secp256k1/src/hsort.h +++ b/secp256k1-sys/depend/secp256k1/src/hsort.h @@ -21,13 +21,13 @@ * size: size in bytes of each element. * cmp: pointer to a comparison function that is called with two * arguments that point to the objects being compared. The cmp_data - * argument of rustsecp256k1_v0_11_hsort is passed as third argument. The + * argument of secp256k1_hsort is passed as third argument. The * function must return an integer less than, equal to, or greater * than zero if the first argument is considered to be respectively * less than, equal to, or greater than the second. * cmp_data: pointer passed as third argument to cmp. */ -static void rustsecp256k1_v0_11_hsort(void *ptr, size_t count, size_t size, +static void secp256k1_hsort(void *ptr, size_t count, size_t size, int (*cmp)(const void *, const void *, void *), void *cmp_data); #endif diff --git a/secp256k1-sys/depend/secp256k1/src/hsort_impl.h b/secp256k1-sys/depend/secp256k1/src/hsort_impl.h index 310ec1972..1c674ff1c 100644 --- a/secp256k1-sys/depend/secp256k1/src/hsort_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/hsort_impl.h @@ -13,17 +13,17 @@ * compares as less than or equal to the element at index parent(i) = (i-1)/2. */ -static SECP256K1_INLINE size_t rustsecp256k1_v0_11_heap_child1(size_t i) { +static SECP256K1_INLINE size_t secp256k1_heap_child1(size_t i) { VERIFY_CHECK(i <= (SIZE_MAX - 1)/2); return 2*i + 1; } -static SECP256K1_INLINE size_t rustsecp256k1_v0_11_heap_child2(size_t i) { +static SECP256K1_INLINE size_t secp256k1_heap_child2(size_t i) { VERIFY_CHECK(i <= SIZE_MAX/2 - 1); - return rustsecp256k1_v0_11_heap_child1(i)+1; + return secp256k1_heap_child1(i)+1; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_heap_swap64(unsigned char *a, unsigned char *b, size_t len) { +static SECP256K1_INLINE void secp256k1_heap_swap64(unsigned char *a, unsigned char *b, size_t len) { unsigned char tmp[64]; VERIFY_CHECK(len <= 64); memcpy(tmp, a, len); @@ -31,15 +31,15 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_heap_swap64(unsigned char *a, u memcpy(b, tmp, len); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_heap_swap(unsigned char *arr, size_t i, size_t j, size_t stride) { +static SECP256K1_INLINE void secp256k1_heap_swap(unsigned char *arr, size_t i, size_t j, size_t stride) { unsigned char *a = arr + i*stride; unsigned char *b = arr + j*stride; size_t len = stride; while (64 < len) { - rustsecp256k1_v0_11_heap_swap64(a + (len - 64), b + (len - 64), 64); + secp256k1_heap_swap64(a + (len - 64), b + (len - 64), 64); len -= 64; } - rustsecp256k1_v0_11_heap_swap64(a, b, len); + secp256k1_heap_swap64(a, b, len); } /* This function accepts an array arr containing heap_size elements, each of @@ -48,7 +48,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_heap_swap(unsigned char *arr, s * are smaller than the element itself. The purpose of the function is to update * the array so that all elements at indices >=i satisfy the max-heap * property. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_heap_down(unsigned char *arr, size_t i, size_t heap_size, size_t stride, +static SECP256K1_INLINE void secp256k1_heap_down(unsigned char *arr, size_t i, size_t heap_size, size_t stride, int (*cmp)(const void *, const void *, void *), void *cmp_data) { while (i < heap_size/2) { VERIFY_CHECK(i <= SIZE_MAX/2 - 1); @@ -59,7 +59,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_heap_down(unsigned char *arr, s * 2*i <= SIZE_MAX - 2 */ - VERIFY_CHECK(rustsecp256k1_v0_11_heap_child1(i) < heap_size); + VERIFY_CHECK(secp256k1_heap_child1(i) < heap_size); /* Proof: * i < heap_size/2 * i + 1 <= heap_size/2 @@ -77,20 +77,20 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_heap_down(unsigned char *arr, s * Else if [child1(i)] > [i], swap [i] with [child1(i)]. * Else if [child2(i)] > [i], swap [i] with [child2(i)]. */ - if (rustsecp256k1_v0_11_heap_child2(i) < heap_size - && 0 <= cmp(arr + rustsecp256k1_v0_11_heap_child2(i)*stride, arr + rustsecp256k1_v0_11_heap_child1(i)*stride, cmp_data)) { - if (0 < cmp(arr + rustsecp256k1_v0_11_heap_child2(i)*stride, arr + i*stride, cmp_data)) { - rustsecp256k1_v0_11_heap_swap(arr, i, rustsecp256k1_v0_11_heap_child2(i), stride); - i = rustsecp256k1_v0_11_heap_child2(i); + if (secp256k1_heap_child2(i) < heap_size + && 0 <= cmp(arr + secp256k1_heap_child2(i)*stride, arr + secp256k1_heap_child1(i)*stride, cmp_data)) { + if (0 < cmp(arr + secp256k1_heap_child2(i)*stride, arr + i*stride, cmp_data)) { + secp256k1_heap_swap(arr, i, secp256k1_heap_child2(i), stride); + i = secp256k1_heap_child2(i); } else { /* At this point we have [child2(i)] >= [child1(i)] and we have * [child2(i)] <= [i], and thus [child1(i)] <= [i] which means * that the next comparison can be skipped. */ return; } - } else if (0 < cmp(arr + rustsecp256k1_v0_11_heap_child1(i)*stride, arr + i*stride, cmp_data)) { - rustsecp256k1_v0_11_heap_swap(arr, i, rustsecp256k1_v0_11_heap_child1(i), stride); - i = rustsecp256k1_v0_11_heap_child1(i); + } else if (0 < cmp(arr + secp256k1_heap_child1(i)*stride, arr + i*stride, cmp_data)) { + secp256k1_heap_swap(arr, i, secp256k1_heap_child1(i), stride); + i = secp256k1_heap_child1(i); } else { return; } @@ -105,20 +105,20 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_heap_down(unsigned char *arr, s } /* In-place heap sort. */ -static void rustsecp256k1_v0_11_hsort(void *ptr, size_t count, size_t size, +static void secp256k1_hsort(void *ptr, size_t count, size_t size, int (*cmp)(const void *, const void *, void *), void *cmp_data) { size_t i; for (i = count/2; 0 < i; --i) { - rustsecp256k1_v0_11_heap_down(ptr, i-1, count, size, cmp, cmp_data); + secp256k1_heap_down(ptr, i-1, count, size, cmp, cmp_data); } for (i = count; 1 < i; --i) { /* Extract the largest value from the heap */ - rustsecp256k1_v0_11_heap_swap(ptr, 0, i-1, size); + secp256k1_heap_swap(ptr, 0, i-1, size); /* Repair the heap condition */ - rustsecp256k1_v0_11_heap_down(ptr, 0, i-1, size, cmp, cmp_data); + secp256k1_heap_down(ptr, 0, i-1, size, cmp, cmp_data); } } diff --git a/secp256k1-sys/depend/secp256k1/src/int128.h b/secp256k1-sys/depend/secp256k1/src/int128.h index 85d557291..5355fbfae 100644 --- a/secp256k1-sys/depend/secp256k1/src/int128.h +++ b/secp256k1-sys/depend/secp256k1/src/int128.h @@ -13,77 +13,77 @@ # endif /* Construct an unsigned 128-bit value from a high and a low 64-bit value. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_load(rustsecp256k1_v0_11_uint128 *r, uint64_t hi, uint64_t lo); +static SECP256K1_INLINE void secp256k1_u128_load(secp256k1_uint128 *r, uint64_t hi, uint64_t lo); /* Multiply two unsigned 64-bit values a and b and write the result to r. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_mul(rustsecp256k1_v0_11_uint128 *r, uint64_t a, uint64_t b); +static SECP256K1_INLINE void secp256k1_u128_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b); /* Multiply two unsigned 64-bit values a and b and add the result to r. * The final result is taken modulo 2^128. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_accum_mul(rustsecp256k1_v0_11_uint128 *r, uint64_t a, uint64_t b); +static SECP256K1_INLINE void secp256k1_u128_accum_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b); /* Add an unsigned 64-bit value a to r. * The final result is taken modulo 2^128. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_accum_u64(rustsecp256k1_v0_11_uint128 *r, uint64_t a); +static SECP256K1_INLINE void secp256k1_u128_accum_u64(secp256k1_uint128 *r, uint64_t a); /* Unsigned (logical) right shift. * Non-constant time in n. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_rshift(rustsecp256k1_v0_11_uint128 *r, unsigned int n); +static SECP256K1_INLINE void secp256k1_u128_rshift(secp256k1_uint128 *r, unsigned int n); /* Return the low 64-bits of a 128-bit value as an unsigned 64-bit value. */ -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_u128_to_u64(const rustsecp256k1_v0_11_uint128 *a); +static SECP256K1_INLINE uint64_t secp256k1_u128_to_u64(const secp256k1_uint128 *a); /* Return the high 64-bits of a 128-bit value as an unsigned 64-bit value. */ -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_u128_hi_u64(const rustsecp256k1_v0_11_uint128 *a); +static SECP256K1_INLINE uint64_t secp256k1_u128_hi_u64(const secp256k1_uint128 *a); /* Write an unsigned 64-bit value to r. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_from_u64(rustsecp256k1_v0_11_uint128 *r, uint64_t a); +static SECP256K1_INLINE void secp256k1_u128_from_u64(secp256k1_uint128 *r, uint64_t a); /* Tests if r is strictly less than to 2^n. * n must be strictly less than 128. */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_u128_check_bits(const rustsecp256k1_v0_11_uint128 *r, unsigned int n); +static SECP256K1_INLINE int secp256k1_u128_check_bits(const secp256k1_uint128 *r, unsigned int n); /* Construct an signed 128-bit value from a high and a low 64-bit value. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_load(rustsecp256k1_v0_11_int128 *r, int64_t hi, uint64_t lo); +static SECP256K1_INLINE void secp256k1_i128_load(secp256k1_int128 *r, int64_t hi, uint64_t lo); /* Multiply two signed 64-bit values a and b and write the result to r. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_mul(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b); +static SECP256K1_INLINE void secp256k1_i128_mul(secp256k1_int128 *r, int64_t a, int64_t b); /* Multiply two signed 64-bit values a and b and add the result to r. * Overflow or underflow from the addition is undefined behaviour. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_accum_mul(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b); +static SECP256K1_INLINE void secp256k1_i128_accum_mul(secp256k1_int128 *r, int64_t a, int64_t b); /* Compute a*d - b*c from signed 64-bit values and write the result to r. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_det(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b, int64_t c, int64_t d); +static SECP256K1_INLINE void secp256k1_i128_det(secp256k1_int128 *r, int64_t a, int64_t b, int64_t c, int64_t d); /* Signed (arithmetic) right shift. * Non-constant time in b. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_rshift(rustsecp256k1_v0_11_int128 *r, unsigned int b); +static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned int b); /* Return the input value modulo 2^64. */ -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_i128_to_u64(const rustsecp256k1_v0_11_int128 *a); +static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a); /* Return the value as a signed 64-bit value. * Requires the input to be between INT64_MIN and INT64_MAX. */ -static SECP256K1_INLINE int64_t rustsecp256k1_v0_11_i128_to_i64(const rustsecp256k1_v0_11_int128 *a); +static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a); /* Write a signed 64-bit value to r. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_from_i64(rustsecp256k1_v0_11_int128 *r, int64_t a); +static SECP256K1_INLINE void secp256k1_i128_from_i64(secp256k1_int128 *r, int64_t a); /* Compare two 128-bit values for equality. */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_i128_eq_var(const rustsecp256k1_v0_11_int128 *a, const rustsecp256k1_v0_11_int128 *b); +static SECP256K1_INLINE int secp256k1_i128_eq_var(const secp256k1_int128 *a, const secp256k1_int128 *b); /* Tests if r is equal to sign*2^n (sign must be 1 or -1). * n must be strictly less than 127. */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_i128_check_pow2(const rustsecp256k1_v0_11_int128 *r, unsigned int n, int sign); +static SECP256K1_INLINE int secp256k1_i128_check_pow2(const secp256k1_int128 *r, unsigned int n, int sign); #endif diff --git a/secp256k1-sys/depend/secp256k1/src/int128_native.h b/secp256k1-sys/depend/secp256k1/src/int128_native.h index 95c6361f2..7c97aafc7 100644 --- a/secp256k1-sys/depend/secp256k1/src/int128_native.h +++ b/secp256k1-sys/depend/secp256k1/src/int128_native.h @@ -13,7 +13,7 @@ SECP256K1_GNUC_EXT typedef __int128 int128_t; /* No (U)INT128_C macros because compilers providing __int128 do not support 128-bit literals. */ #endif -typedef uint128_t rustsecp256k1_v0_11_uint128; -typedef int128_t rustsecp256k1_v0_11_int128; +typedef uint128_t secp256k1_uint128; +typedef int128_t secp256k1_int128; #endif diff --git a/secp256k1-sys/depend/secp256k1/src/int128_native_impl.h b/secp256k1-sys/depend/secp256k1/src/int128_native_impl.h index c708a0b60..7f02e1590 100644 --- a/secp256k1-sys/depend/secp256k1/src/int128_native_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/int128_native_impl.h @@ -4,88 +4,88 @@ #include "int128.h" #include "util.h" -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_load(rustsecp256k1_v0_11_uint128 *r, uint64_t hi, uint64_t lo) { +static SECP256K1_INLINE void secp256k1_u128_load(secp256k1_uint128 *r, uint64_t hi, uint64_t lo) { *r = (((uint128_t)hi) << 64) + lo; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_mul(rustsecp256k1_v0_11_uint128 *r, uint64_t a, uint64_t b) { +static SECP256K1_INLINE void secp256k1_u128_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b) { *r = (uint128_t)a * b; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_accum_mul(rustsecp256k1_v0_11_uint128 *r, uint64_t a, uint64_t b) { +static SECP256K1_INLINE void secp256k1_u128_accum_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b) { *r += (uint128_t)a * b; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_accum_u64(rustsecp256k1_v0_11_uint128 *r, uint64_t a) { +static SECP256K1_INLINE void secp256k1_u128_accum_u64(secp256k1_uint128 *r, uint64_t a) { *r += a; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_rshift(rustsecp256k1_v0_11_uint128 *r, unsigned int n) { +static SECP256K1_INLINE void secp256k1_u128_rshift(secp256k1_uint128 *r, unsigned int n) { VERIFY_CHECK(n < 128); *r >>= n; } -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_u128_to_u64(const rustsecp256k1_v0_11_uint128 *a) { +static SECP256K1_INLINE uint64_t secp256k1_u128_to_u64(const secp256k1_uint128 *a) { return (uint64_t)(*a); } -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_u128_hi_u64(const rustsecp256k1_v0_11_uint128 *a) { +static SECP256K1_INLINE uint64_t secp256k1_u128_hi_u64(const secp256k1_uint128 *a) { return (uint64_t)(*a >> 64); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_from_u64(rustsecp256k1_v0_11_uint128 *r, uint64_t a) { +static SECP256K1_INLINE void secp256k1_u128_from_u64(secp256k1_uint128 *r, uint64_t a) { *r = a; } -static SECP256K1_INLINE int rustsecp256k1_v0_11_u128_check_bits(const rustsecp256k1_v0_11_uint128 *r, unsigned int n) { +static SECP256K1_INLINE int secp256k1_u128_check_bits(const secp256k1_uint128 *r, unsigned int n) { VERIFY_CHECK(n < 128); return (*r >> n == 0); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_load(rustsecp256k1_v0_11_int128 *r, int64_t hi, uint64_t lo) { +static SECP256K1_INLINE void secp256k1_i128_load(secp256k1_int128 *r, int64_t hi, uint64_t lo) { *r = (((uint128_t)(uint64_t)hi) << 64) + lo; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_mul(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b) { +static SECP256K1_INLINE void secp256k1_i128_mul(secp256k1_int128 *r, int64_t a, int64_t b) { *r = (int128_t)a * b; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_accum_mul(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b) { +static SECP256K1_INLINE void secp256k1_i128_accum_mul(secp256k1_int128 *r, int64_t a, int64_t b) { int128_t ab = (int128_t)a * b; VERIFY_CHECK(0 <= ab ? *r <= INT128_MAX - ab : INT128_MIN - ab <= *r); *r += ab; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_det(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b, int64_t c, int64_t d) { +static SECP256K1_INLINE void secp256k1_i128_det(secp256k1_int128 *r, int64_t a, int64_t b, int64_t c, int64_t d) { int128_t ad = (int128_t)a * d; int128_t bc = (int128_t)b * c; VERIFY_CHECK(0 <= bc ? INT128_MIN + bc <= ad : ad <= INT128_MAX + bc); *r = ad - bc; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_rshift(rustsecp256k1_v0_11_int128 *r, unsigned int n) { +static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned int n) { VERIFY_CHECK(n < 128); *r >>= n; } -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_i128_to_u64(const rustsecp256k1_v0_11_int128 *a) { +static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a) { return (uint64_t)*a; } -static SECP256K1_INLINE int64_t rustsecp256k1_v0_11_i128_to_i64(const rustsecp256k1_v0_11_int128 *a) { +static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) { VERIFY_CHECK(INT64_MIN <= *a && *a <= INT64_MAX); return *a; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_from_i64(rustsecp256k1_v0_11_int128 *r, int64_t a) { +static SECP256K1_INLINE void secp256k1_i128_from_i64(secp256k1_int128 *r, int64_t a) { *r = a; } -static SECP256K1_INLINE int rustsecp256k1_v0_11_i128_eq_var(const rustsecp256k1_v0_11_int128 *a, const rustsecp256k1_v0_11_int128 *b) { +static SECP256K1_INLINE int secp256k1_i128_eq_var(const secp256k1_int128 *a, const secp256k1_int128 *b) { return *a == *b; } -static SECP256K1_INLINE int rustsecp256k1_v0_11_i128_check_pow2(const rustsecp256k1_v0_11_int128 *r, unsigned int n, int sign) { +static SECP256K1_INLINE int secp256k1_i128_check_pow2(const secp256k1_int128 *r, unsigned int n, int sign) { VERIFY_CHECK(n < 127); VERIFY_CHECK(sign == 1 || sign == -1); return (*r == (int128_t)((uint128_t)sign << n)); diff --git a/secp256k1-sys/depend/secp256k1/src/int128_struct.h b/secp256k1-sys/depend/secp256k1/src/int128_struct.h index d0b7d01c2..6156f82cc 100644 --- a/secp256k1-sys/depend/secp256k1/src/int128_struct.h +++ b/secp256k1-sys/depend/secp256k1/src/int128_struct.h @@ -7,8 +7,8 @@ typedef struct { uint64_t lo; uint64_t hi; -} rustsecp256k1_v0_11_uint128; +} secp256k1_uint128; -typedef rustsecp256k1_v0_11_uint128 rustsecp256k1_v0_11_int128; +typedef secp256k1_uint128 secp256k1_int128; #endif diff --git a/secp256k1-sys/depend/secp256k1/src/int128_struct_impl.h b/secp256k1-sys/depend/secp256k1/src/int128_struct_impl.h index d89d74e94..962a71d13 100644 --- a/secp256k1-sys/depend/secp256k1/src/int128_struct_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/int128_struct_impl.h @@ -13,23 +13,23 @@ # if defined(SECP256K1_MSVC_MULH_TEST_OVERRIDE) # pragma message(__FILE__ ": SECP256K1_MSVC_MULH_TEST_OVERRIDE is defined, forcing use of __(u)mulh.") # endif -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_umul128(uint64_t a, uint64_t b, uint64_t* hi) { +static SECP256K1_INLINE uint64_t secp256k1_umul128(uint64_t a, uint64_t b, uint64_t* hi) { *hi = __umulh(a, b); return a * b; } -static SECP256K1_INLINE int64_t rustsecp256k1_v0_11_mul128(int64_t a, int64_t b, int64_t* hi) { +static SECP256K1_INLINE int64_t secp256k1_mul128(int64_t a, int64_t b, int64_t* hi) { *hi = __mulh(a, b); return (uint64_t)a * (uint64_t)b; } # else /* On x84_64 MSVC, use native _(u)mul128 for 64x64->128 multiplications. */ -# define rustsecp256k1_v0_11_umul128 _umul128 -# define rustsecp256k1_v0_11_mul128 _mul128 +# define secp256k1_umul128 _umul128 +# define secp256k1_mul128 _mul128 # endif #else /* On other systems, emulate 64x64->128 multiplications using 32x32->64 multiplications. */ -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_umul128(uint64_t a, uint64_t b, uint64_t* hi) { +static SECP256K1_INLINE uint64_t secp256k1_umul128(uint64_t a, uint64_t b, uint64_t* hi) { uint64_t ll = (uint64_t)(uint32_t)a * (uint32_t)b; uint64_t lh = (uint32_t)a * (b >> 32); uint64_t hl = (a >> 32) * (uint32_t)b; @@ -39,7 +39,7 @@ static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_umul128(uint64_t a, uint64_ return (mid34 << 32) + (uint32_t)ll; } -static SECP256K1_INLINE int64_t rustsecp256k1_v0_11_mul128(int64_t a, int64_t b, int64_t* hi) { +static SECP256K1_INLINE int64_t secp256k1_mul128(int64_t a, int64_t b, int64_t* hi) { uint64_t ll = (uint64_t)(uint32_t)a * (uint32_t)b; int64_t lh = (uint32_t)a * (b >> 32); int64_t hl = (a >> 32) * (uint32_t)b; @@ -50,23 +50,23 @@ static SECP256K1_INLINE int64_t rustsecp256k1_v0_11_mul128(int64_t a, int64_t b, } #endif -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_load(rustsecp256k1_v0_11_uint128 *r, uint64_t hi, uint64_t lo) { +static SECP256K1_INLINE void secp256k1_u128_load(secp256k1_uint128 *r, uint64_t hi, uint64_t lo) { r->hi = hi; r->lo = lo; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_mul(rustsecp256k1_v0_11_uint128 *r, uint64_t a, uint64_t b) { - r->lo = rustsecp256k1_v0_11_umul128(a, b, &r->hi); +static SECP256K1_INLINE void secp256k1_u128_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b) { + r->lo = secp256k1_umul128(a, b, &r->hi); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_accum_mul(rustsecp256k1_v0_11_uint128 *r, uint64_t a, uint64_t b) { +static SECP256K1_INLINE void secp256k1_u128_accum_mul(secp256k1_uint128 *r, uint64_t a, uint64_t b) { uint64_t lo, hi; - lo = rustsecp256k1_v0_11_umul128(a, b, &hi); + lo = secp256k1_umul128(a, b, &hi); r->lo += lo; r->hi += hi + (r->lo < lo); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_accum_u64(rustsecp256k1_v0_11_uint128 *r, uint64_t a) { +static SECP256K1_INLINE void secp256k1_u128_accum_u64(secp256k1_uint128 *r, uint64_t a) { r->lo += a; r->hi += r->lo < a; } @@ -74,7 +74,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_accum_u64(rustsecp256k1_v0 /* Unsigned (logical) right shift. * Non-constant time in n. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_rshift(rustsecp256k1_v0_11_uint128 *r, unsigned int n) { +static SECP256K1_INLINE void secp256k1_u128_rshift(secp256k1_uint128 *r, unsigned int n) { VERIFY_CHECK(n < 128); if (n >= 64) { r->lo = r->hi >> (n-64); @@ -90,39 +90,39 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_rshift(rustsecp256k1_v0_11 } } -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_u128_to_u64(const rustsecp256k1_v0_11_uint128 *a) { +static SECP256K1_INLINE uint64_t secp256k1_u128_to_u64(const secp256k1_uint128 *a) { return a->lo; } -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_u128_hi_u64(const rustsecp256k1_v0_11_uint128 *a) { +static SECP256K1_INLINE uint64_t secp256k1_u128_hi_u64(const secp256k1_uint128 *a) { return a->hi; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_u128_from_u64(rustsecp256k1_v0_11_uint128 *r, uint64_t a) { +static SECP256K1_INLINE void secp256k1_u128_from_u64(secp256k1_uint128 *r, uint64_t a) { r->hi = 0; r->lo = a; } -static SECP256K1_INLINE int rustsecp256k1_v0_11_u128_check_bits(const rustsecp256k1_v0_11_uint128 *r, unsigned int n) { +static SECP256K1_INLINE int secp256k1_u128_check_bits(const secp256k1_uint128 *r, unsigned int n) { VERIFY_CHECK(n < 128); return n >= 64 ? r->hi >> (n - 64) == 0 : r->hi == 0 && r->lo >> n == 0; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_load(rustsecp256k1_v0_11_int128 *r, int64_t hi, uint64_t lo) { +static SECP256K1_INLINE void secp256k1_i128_load(secp256k1_int128 *r, int64_t hi, uint64_t lo) { r->hi = hi; r->lo = lo; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_mul(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b) { +static SECP256K1_INLINE void secp256k1_i128_mul(secp256k1_int128 *r, int64_t a, int64_t b) { int64_t hi; - r->lo = (uint64_t)rustsecp256k1_v0_11_mul128(a, b, &hi); + r->lo = (uint64_t)secp256k1_mul128(a, b, &hi); r->hi = (uint64_t)hi; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_accum_mul(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b) { +static SECP256K1_INLINE void secp256k1_i128_accum_mul(secp256k1_int128 *r, int64_t a, int64_t b) { int64_t hi; - uint64_t lo = (uint64_t)rustsecp256k1_v0_11_mul128(a, b, &hi); + uint64_t lo = (uint64_t)secp256k1_mul128(a, b, &hi); r->lo += lo; hi += r->lo < lo; /* Verify no overflow. @@ -139,9 +139,9 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_accum_mul(rustsecp256k1_v0 r->hi += hi; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_dissip_mul(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b) { +static SECP256K1_INLINE void secp256k1_i128_dissip_mul(secp256k1_int128 *r, int64_t a, int64_t b) { int64_t hi; - uint64_t lo = (uint64_t)rustsecp256k1_v0_11_mul128(a, b, &hi); + uint64_t lo = (uint64_t)secp256k1_mul128(a, b, &hi); hi += r->lo < lo; /* Verify no overflow. * If r represents a positive value (the sign bit is not set) and the value we are subtracting is a negative value (the sign bit is set), @@ -157,15 +157,15 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_dissip_mul(rustsecp256k1_v r->lo -= lo; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_det(rustsecp256k1_v0_11_int128 *r, int64_t a, int64_t b, int64_t c, int64_t d) { - rustsecp256k1_v0_11_i128_mul(r, a, d); - rustsecp256k1_v0_11_i128_dissip_mul(r, b, c); +static SECP256K1_INLINE void secp256k1_i128_det(secp256k1_int128 *r, int64_t a, int64_t b, int64_t c, int64_t d) { + secp256k1_i128_mul(r, a, d); + secp256k1_i128_dissip_mul(r, b, c); } /* Signed (arithmetic) right shift. * Non-constant time in n. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_rshift(rustsecp256k1_v0_11_int128 *r, unsigned int n) { +static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned int n) { VERIFY_CHECK(n < 128); if (n >= 64) { r->lo = (uint64_t)((int64_t)(r->hi) >> (n-64)); @@ -176,26 +176,26 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_rshift(rustsecp256k1_v0_11 } } -static SECP256K1_INLINE uint64_t rustsecp256k1_v0_11_i128_to_u64(const rustsecp256k1_v0_11_int128 *a) { +static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a) { return a->lo; } -static SECP256K1_INLINE int64_t rustsecp256k1_v0_11_i128_to_i64(const rustsecp256k1_v0_11_int128 *a) { +static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) { /* Verify that a represents a 64 bit signed value by checking that the high bits are a sign extension of the low bits. */ VERIFY_CHECK(a->hi == -(a->lo >> 63)); - return (int64_t)rustsecp256k1_v0_11_i128_to_u64(a); + return (int64_t)secp256k1_i128_to_u64(a); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_i128_from_i64(rustsecp256k1_v0_11_int128 *r, int64_t a) { +static SECP256K1_INLINE void secp256k1_i128_from_i64(secp256k1_int128 *r, int64_t a) { r->hi = (uint64_t)(a >> 63); r->lo = (uint64_t)a; } -static SECP256K1_INLINE int rustsecp256k1_v0_11_i128_eq_var(const rustsecp256k1_v0_11_int128 *a, const rustsecp256k1_v0_11_int128 *b) { +static SECP256K1_INLINE int secp256k1_i128_eq_var(const secp256k1_int128 *a, const secp256k1_int128 *b) { return a->hi == b->hi && a->lo == b->lo; } -static SECP256K1_INLINE int rustsecp256k1_v0_11_i128_check_pow2(const rustsecp256k1_v0_11_int128 *r, unsigned int n, int sign) { +static SECP256K1_INLINE int secp256k1_i128_check_pow2(const secp256k1_int128 *r, unsigned int n, int sign) { VERIFY_CHECK(n < 127); VERIFY_CHECK(sign == 1 || sign == -1); return n >= 64 ? r->hi == (uint64_t)sign << (n - 64) && r->lo == 0 diff --git a/secp256k1-sys/depend/secp256k1/src/modinv32.h b/secp256k1-sys/depend/secp256k1/src/modinv32.h index 269fbe8ef..846c642f8 100644 --- a/secp256k1-sys/depend/secp256k1/src/modinv32.h +++ b/secp256k1-sys/depend/secp256k1/src/modinv32.h @@ -14,15 +14,15 @@ * Its value is sum(v[i] * 2^(30*i), i=0..8). */ typedef struct { int32_t v[9]; -} rustsecp256k1_v0_11_modinv32_signed30; +} secp256k1_modinv32_signed30; typedef struct { /* The modulus in signed30 notation, must be odd and in [3, 2^256]. */ - rustsecp256k1_v0_11_modinv32_signed30 modulus; + secp256k1_modinv32_signed30 modulus; /* modulus^{-1} mod 2^30 */ uint32_t modulus_inv30; -} rustsecp256k1_v0_11_modinv32_modinfo; +} secp256k1_modinv32_modinfo; /* Replace x with its modular inverse mod modinfo->modulus. x must be in range [0, modulus). * If x is zero, the result will be zero as well. If not, the inverse must exist (i.e., the gcd of @@ -30,14 +30,14 @@ typedef struct { * * On output, all of x's limbs will be in [0, 2^30). */ -static void rustsecp256k1_v0_11_modinv32_var(rustsecp256k1_v0_11_modinv32_signed30 *x, const rustsecp256k1_v0_11_modinv32_modinfo *modinfo); +static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo); -/* Same as rustsecp256k1_v0_11_modinv32_var, but constant time in x (not in the modulus). */ -static void rustsecp256k1_v0_11_modinv32(rustsecp256k1_v0_11_modinv32_signed30 *x, const rustsecp256k1_v0_11_modinv32_modinfo *modinfo); +/* Same as secp256k1_modinv32_var, but constant time in x (not in the modulus). */ +static void secp256k1_modinv32(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo); /* Compute the Jacobi symbol for (x | modinfo->modulus). x must be coprime with modulus (and thus * cannot be 0, as modulus >= 3). All limbs of x must be non-negative. Returns 0 if the result * cannot be computed. */ -static int rustsecp256k1_v0_11_jacobi32_maybe_var(const rustsecp256k1_v0_11_modinv32_signed30 *x, const rustsecp256k1_v0_11_modinv32_modinfo *modinfo); +static int secp256k1_jacobi32_maybe_var(const secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo); #endif /* SECP256K1_MODINV32_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/modinv32_impl.h b/secp256k1-sys/depend/secp256k1/src/modinv32_impl.h index 82eaec253..981d2abc6 100644 --- a/secp256k1-sys/depend/secp256k1/src/modinv32_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modinv32_impl.h @@ -21,10 +21,10 @@ */ #ifdef VERIFY -static const rustsecp256k1_v0_11_modinv32_signed30 SECP256K1_SIGNED30_ONE = {{1}}; +static const secp256k1_modinv32_signed30 SECP256K1_SIGNED30_ONE = {{1}}; /* Compute a*factor and put it in r. All but the top limb in r will be in range [0,2^30). */ -static void rustsecp256k1_v0_11_modinv32_mul_30(rustsecp256k1_v0_11_modinv32_signed30 *r, const rustsecp256k1_v0_11_modinv32_signed30 *a, int alen, int32_t factor) { +static void secp256k1_modinv32_mul_30(secp256k1_modinv32_signed30 *r, const secp256k1_modinv32_signed30 *a, int alen, int32_t factor) { const int32_t M30 = (int32_t)(UINT32_MAX >> 2); int64_t c = 0; int i; @@ -38,11 +38,11 @@ static void rustsecp256k1_v0_11_modinv32_mul_30(rustsecp256k1_v0_11_modinv32_sig } /* Return -1 for ab*factor. A consists of alen limbs; b has 9. */ -static int rustsecp256k1_v0_11_modinv32_mul_cmp_30(const rustsecp256k1_v0_11_modinv32_signed30 *a, int alen, const rustsecp256k1_v0_11_modinv32_signed30 *b, int32_t factor) { +static int secp256k1_modinv32_mul_cmp_30(const secp256k1_modinv32_signed30 *a, int alen, const secp256k1_modinv32_signed30 *b, int32_t factor) { int i; - rustsecp256k1_v0_11_modinv32_signed30 am, bm; - rustsecp256k1_v0_11_modinv32_mul_30(&am, a, alen, 1); /* Normalize all but the top limb of a. */ - rustsecp256k1_v0_11_modinv32_mul_30(&bm, b, 9, factor); + secp256k1_modinv32_signed30 am, bm; + secp256k1_modinv32_mul_30(&am, a, alen, 1); /* Normalize all but the top limb of a. */ + secp256k1_modinv32_mul_30(&bm, b, 9, factor); for (i = 0; i < 8; ++i) { /* Verify that all but the top limb of a and b are normalized. */ VERIFY_CHECK(am.v[i] >> 30 == 0); @@ -60,7 +60,7 @@ static int rustsecp256k1_v0_11_modinv32_mul_cmp_30(const rustsecp256k1_v0_11_mod * to it to bring it to range [0,modulus). If sign < 0, the input will also be negated in the * process. The input must have limbs in range (-2^30,2^30). The output will have limbs in range * [0,2^30). */ -static void rustsecp256k1_v0_11_modinv32_normalize_30(rustsecp256k1_v0_11_modinv32_signed30 *r, int32_t sign, const rustsecp256k1_v0_11_modinv32_modinfo *modinfo) { +static void secp256k1_modinv32_normalize_30(secp256k1_modinv32_signed30 *r, int32_t sign, const secp256k1_modinv32_modinfo *modinfo) { const int32_t M30 = (int32_t)(UINT32_MAX >> 2); int32_t r0 = r->v[0], r1 = r->v[1], r2 = r->v[2], r3 = r->v[3], r4 = r->v[4], r5 = r->v[5], r6 = r->v[6], r7 = r->v[7], r8 = r->v[8]; @@ -73,8 +73,8 @@ static void rustsecp256k1_v0_11_modinv32_normalize_30(rustsecp256k1_v0_11_modinv VERIFY_CHECK(r->v[i] >= -M30); VERIFY_CHECK(r->v[i] <= M30); } - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, -2) > 0); /* r > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 1) < 0); /* r < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, -2) > 0); /* r > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 1) < 0); /* r < modulus */ #endif /* In a first step, add the modulus if the input is negative, and then negate if requested. @@ -153,8 +153,8 @@ static void rustsecp256k1_v0_11_modinv32_normalize_30(rustsecp256k1_v0_11_modinv VERIFY_CHECK(r6 >> 30 == 0); VERIFY_CHECK(r7 >> 30 == 0); VERIFY_CHECK(r8 >> 30 == 0); - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 0) >= 0); /* r >= 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 1) < 0); /* r < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 0) >= 0); /* r >= 0 */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(r, 9, &modinfo->modulus, 1) < 0); /* r < modulus */ } /* Data type for transition matrices (see section 3 of explanation). @@ -164,7 +164,7 @@ static void rustsecp256k1_v0_11_modinv32_normalize_30(rustsecp256k1_v0_11_modinv */ typedef struct { int32_t u, v, q, r; -} rustsecp256k1_v0_11_modinv32_trans2x2; +} secp256k1_modinv32_trans2x2; /* Compute the transition matrix and zeta for 30 divsteps. * @@ -176,7 +176,7 @@ typedef struct { * * Implements the divsteps_n_matrix function from the explanation. */ -static int32_t rustsecp256k1_v0_11_modinv32_divsteps_30(int32_t zeta, uint32_t f0, uint32_t g0, rustsecp256k1_v0_11_modinv32_trans2x2 *t) { +static int32_t secp256k1_modinv32_divsteps_30(int32_t zeta, uint32_t f0, uint32_t g0, secp256k1_modinv32_trans2x2 *t) { /* u,v,q,r are the elements of the transformation matrix being built up, * starting with the identity matrix. Semantically they are signed integers * in range [-2^30,2^30], but here represented as unsigned mod 2^32. This @@ -233,8 +233,8 @@ static int32_t rustsecp256k1_v0_11_modinv32_divsteps_30(int32_t zeta, uint32_t f return zeta; } -/* rustsecp256k1_v0_11_modinv32_inv256[i] = -(2*i+1)^-1 (mod 256) */ -static const uint8_t rustsecp256k1_v0_11_modinv32_inv256[128] = { +/* secp256k1_modinv32_inv256[i] = -(2*i+1)^-1 (mod 256) */ +static const uint8_t secp256k1_modinv32_inv256[128] = { 0xFF, 0x55, 0x33, 0x49, 0xC7, 0x5D, 0x3B, 0x11, 0x0F, 0xE5, 0xC3, 0x59, 0xD7, 0xED, 0xCB, 0x21, 0x1F, 0x75, 0x53, 0x69, 0xE7, 0x7D, 0x5B, 0x31, 0x2F, 0x05, 0xE3, 0x79, 0xF7, 0x0D, 0xEB, 0x41, 0x3F, 0x95, 0x73, 0x89, @@ -258,8 +258,8 @@ static const uint8_t rustsecp256k1_v0_11_modinv32_inv256[128] = { * * Implements the divsteps_n_matrix_var function from the explanation. */ -static int32_t rustsecp256k1_v0_11_modinv32_divsteps_30_var(int32_t eta, uint32_t f0, uint32_t g0, rustsecp256k1_v0_11_modinv32_trans2x2 *t) { - /* Transformation matrix; see comments in rustsecp256k1_v0_11_modinv32_divsteps_30. */ +static int32_t secp256k1_modinv32_divsteps_30_var(int32_t eta, uint32_t f0, uint32_t g0, secp256k1_modinv32_trans2x2 *t) { + /* Transformation matrix; see comments in secp256k1_modinv32_divsteps_30. */ uint32_t u = 1, v = 0, q = 0, r = 1; uint32_t f = f0, g = g0, m; uint16_t w; @@ -267,7 +267,7 @@ static int32_t rustsecp256k1_v0_11_modinv32_divsteps_30_var(int32_t eta, uint32_ for (;;) { /* Use a sentinel bit to count zeros only up to i. */ - zeros = rustsecp256k1_v0_11_ctz32_var(g | (UINT32_MAX << i)); + zeros = secp256k1_ctz32_var(g | (UINT32_MAX << i)); /* Perform zeros divsteps at once; they all just divide g by two. */ g >>= zeros; u <<= zeros; @@ -298,7 +298,7 @@ static int32_t rustsecp256k1_v0_11_modinv32_divsteps_30_var(int32_t eta, uint32_ VERIFY_CHECK(limit > 0 && limit <= 30); m = (UINT32_MAX >> (32 - limit)) & 255U; /* Find what multiple of f must be added to g to cancel its bottom min(limit, 8) bits. */ - w = (g * rustsecp256k1_v0_11_modinv32_inv256[(f >> 1) & 127]) & m; + w = (g * secp256k1_modinv32_inv256[(f >> 1) & 127]) & m; /* Do so. */ g += f * w; q += u * w; @@ -331,7 +331,7 @@ static int32_t rustsecp256k1_v0_11_modinv32_divsteps_30_var(int32_t eta, uint32_ * change, but are meaningless. * Return: final eta */ -static int32_t rustsecp256k1_v0_11_modinv32_posdivsteps_30_var(int32_t eta, uint32_t f0, uint32_t g0, rustsecp256k1_v0_11_modinv32_trans2x2 *t, int *jacp) { +static int32_t secp256k1_modinv32_posdivsteps_30_var(int32_t eta, uint32_t f0, uint32_t g0, secp256k1_modinv32_trans2x2 *t, int *jacp) { /* Transformation matrix. */ uint32_t u = 1, v = 0, q = 0, r = 1; uint32_t f = f0, g = g0, m; @@ -341,7 +341,7 @@ static int32_t rustsecp256k1_v0_11_modinv32_posdivsteps_30_var(int32_t eta, uint for (;;) { /* Use a sentinel bit to count zeros only up to i. */ - zeros = rustsecp256k1_v0_11_ctz32_var(g | (UINT32_MAX << i)); + zeros = secp256k1_ctz32_var(g | (UINT32_MAX << i)); /* Perform zeros divsteps at once; they all just divide g by two. */ g >>= zeros; u <<= zeros; @@ -376,7 +376,7 @@ static int32_t rustsecp256k1_v0_11_modinv32_posdivsteps_30_var(int32_t eta, uint VERIFY_CHECK(limit > 0 && limit <= 30); m = (UINT32_MAX >> (32 - limit)) & 255U; /* Find what multiple of f must be added to g to cancel its bottom min(limit, 8) bits. */ - w = (g * rustsecp256k1_v0_11_modinv32_inv256[(f >> 1) & 127]) & m; + w = (g * secp256k1_modinv32_inv256[(f >> 1) & 127]) & m; /* Do so. */ g += f * w; q += u * w; @@ -405,16 +405,16 @@ static int32_t rustsecp256k1_v0_11_modinv32_posdivsteps_30_var(int32_t eta, uint * * This implements the update_de function from the explanation. */ -static void rustsecp256k1_v0_11_modinv32_update_de_30(rustsecp256k1_v0_11_modinv32_signed30 *d, rustsecp256k1_v0_11_modinv32_signed30 *e, const rustsecp256k1_v0_11_modinv32_trans2x2 *t, const rustsecp256k1_v0_11_modinv32_modinfo* modinfo) { +static void secp256k1_modinv32_update_de_30(secp256k1_modinv32_signed30 *d, secp256k1_modinv32_signed30 *e, const secp256k1_modinv32_trans2x2 *t, const secp256k1_modinv32_modinfo* modinfo) { const int32_t M30 = (int32_t)(UINT32_MAX >> 2); const int32_t u = t->u, v = t->v, q = t->q, r = t->r; int32_t di, ei, md, me, sd, se; int64_t cd, ce; int i; - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, -2) > 0); /* d > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, -2) > 0); /* d > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */ VERIFY_CHECK(labs(u) <= (M30 + 1 - labs(v))); /* |u|+|v| <= 2^30 */ VERIFY_CHECK(labs(q) <= (M30 + 1 - labs(r))); /* |q|+|r| <= 2^30 */ @@ -453,17 +453,17 @@ static void rustsecp256k1_v0_11_modinv32_update_de_30(rustsecp256k1_v0_11_modinv d->v[8] = (int32_t)cd; e->v[8] = (int32_t)ce; - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, -2) > 0); /* d > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, -2) > 0); /* d > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(d, 9, &modinfo->modulus, 1) < 0); /* d < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(e, 9, &modinfo->modulus, 1) < 0); /* e < modulus */ } /* Compute (t/2^30) * [f, g], where t is a transition matrix for 30 divsteps. * * This implements the update_fg function from the explanation. */ -static void rustsecp256k1_v0_11_modinv32_update_fg_30(rustsecp256k1_v0_11_modinv32_signed30 *f, rustsecp256k1_v0_11_modinv32_signed30 *g, const rustsecp256k1_v0_11_modinv32_trans2x2 *t) { +static void secp256k1_modinv32_update_fg_30(secp256k1_modinv32_signed30 *f, secp256k1_modinv32_signed30 *g, const secp256k1_modinv32_trans2x2 *t) { const int32_t M30 = (int32_t)(UINT32_MAX >> 2); const int32_t u = t->u, v = t->v, q = t->q, r = t->r; int32_t fi, gi; @@ -498,7 +498,7 @@ static void rustsecp256k1_v0_11_modinv32_update_fg_30(rustsecp256k1_v0_11_modinv * * This implements the update_fg function from the explanation in modinv64_impl.h. */ -static void rustsecp256k1_v0_11_modinv32_update_fg_30_var(int len, rustsecp256k1_v0_11_modinv32_signed30 *f, rustsecp256k1_v0_11_modinv32_signed30 *g, const rustsecp256k1_v0_11_modinv32_trans2x2 *t) { +static void secp256k1_modinv32_update_fg_30_var(int len, secp256k1_modinv32_signed30 *f, secp256k1_modinv32_signed30 *g, const secp256k1_modinv32_trans2x2 *t) { const int32_t M30 = (int32_t)(UINT32_MAX >> 2); const int32_t u = t->u, v = t->v, q = t->q, r = t->r; int32_t fi, gi; @@ -529,34 +529,34 @@ static void rustsecp256k1_v0_11_modinv32_update_fg_30_var(int len, rustsecp256k1 } /* Compute the inverse of x modulo modinfo->modulus, and replace x with it (constant time in x). */ -static void rustsecp256k1_v0_11_modinv32(rustsecp256k1_v0_11_modinv32_signed30 *x, const rustsecp256k1_v0_11_modinv32_modinfo *modinfo) { +static void secp256k1_modinv32(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo) { /* Start with d=0, e=1, f=modulus, g=x, zeta=-1. */ - rustsecp256k1_v0_11_modinv32_signed30 d = {{0}}; - rustsecp256k1_v0_11_modinv32_signed30 e = {{1}}; - rustsecp256k1_v0_11_modinv32_signed30 f = modinfo->modulus; - rustsecp256k1_v0_11_modinv32_signed30 g = *x; + secp256k1_modinv32_signed30 d = {{0}}; + secp256k1_modinv32_signed30 e = {{1}}; + secp256k1_modinv32_signed30 f = modinfo->modulus; + secp256k1_modinv32_signed30 g = *x; int i; int32_t zeta = -1; /* zeta = -(delta+1/2); delta is initially 1/2. */ /* Do 20 iterations of 30 divsteps each = 600 divsteps. 590 suffices for 256-bit inputs. */ for (i = 0; i < 20; ++i) { /* Compute transition matrix and new zeta after 30 divsteps. */ - rustsecp256k1_v0_11_modinv32_trans2x2 t; - zeta = rustsecp256k1_v0_11_modinv32_divsteps_30(zeta, f.v[0], g.v[0], &t); + secp256k1_modinv32_trans2x2 t; + zeta = secp256k1_modinv32_divsteps_30(zeta, f.v[0], g.v[0], &t); /* Update d,e using that transition matrix. */ - rustsecp256k1_v0_11_modinv32_update_de_30(&d, &e, &t, modinfo); + secp256k1_modinv32_update_de_30(&d, &e, &t, modinfo); /* Update f,g using that transition matrix. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) > 0); /* f > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, -1) > 0); /* g > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) > 0); /* f > -modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, -1) > 0); /* g > -modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, 1) < 0); /* g < modulus */ - rustsecp256k1_v0_11_modinv32_update_fg_30(&f, &g, &t); + secp256k1_modinv32_update_fg_30(&f, &g, &t); - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) > 0); /* f > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, -1) > 0); /* g > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, -1) > 0); /* f > -modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, -1) > 0); /* g > -modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &modinfo->modulus, 1) < 0); /* g < modulus */ } /* At this point sufficient iterations have been performed that g must have reached 0 @@ -564,26 +564,26 @@ static void rustsecp256k1_v0_11_modinv32(rustsecp256k1_v0_11_modinv32_signed30 * * values i.e. +/- 1, and d now contains +/- the modular inverse. */ /* g == 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, 9, &SECP256K1_SIGNED30_ONE, 0) == 0); + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, 9, &SECP256K1_SIGNED30_ONE, 0) == 0); /* |f| == 1, or (x == 0 and d == 0 and f == modulus) */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, -1) == 0 || - rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, 1) == 0 || - (rustsecp256k1_v0_11_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 && - rustsecp256k1_v0_11_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 && - rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) == 0)); + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, -1) == 0 || + secp256k1_modinv32_mul_cmp_30(&f, 9, &SECP256K1_SIGNED30_ONE, 1) == 0 || + (secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 && + secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 && + secp256k1_modinv32_mul_cmp_30(&f, 9, &modinfo->modulus, 1) == 0)); /* Optionally negate d, normalize to [0,modulus), and return it. */ - rustsecp256k1_v0_11_modinv32_normalize_30(&d, f.v[8], modinfo); + secp256k1_modinv32_normalize_30(&d, f.v[8], modinfo); *x = d; } /* Compute the inverse of x modulo modinfo->modulus, and replace x with it (variable time). */ -static void rustsecp256k1_v0_11_modinv32_var(rustsecp256k1_v0_11_modinv32_signed30 *x, const rustsecp256k1_v0_11_modinv32_modinfo *modinfo) { +static void secp256k1_modinv32_var(secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo) { /* Start with d=0, e=1, f=modulus, g=x, eta=-1. */ - rustsecp256k1_v0_11_modinv32_signed30 d = {{0, 0, 0, 0, 0, 0, 0, 0, 0}}; - rustsecp256k1_v0_11_modinv32_signed30 e = {{1, 0, 0, 0, 0, 0, 0, 0, 0}}; - rustsecp256k1_v0_11_modinv32_signed30 f = modinfo->modulus; - rustsecp256k1_v0_11_modinv32_signed30 g = *x; + secp256k1_modinv32_signed30 d = {{0, 0, 0, 0, 0, 0, 0, 0, 0}}; + secp256k1_modinv32_signed30 e = {{1, 0, 0, 0, 0, 0, 0, 0, 0}}; + secp256k1_modinv32_signed30 f = modinfo->modulus; + secp256k1_modinv32_signed30 g = *x; #ifdef VERIFY int i = 0; #endif @@ -594,18 +594,18 @@ static void rustsecp256k1_v0_11_modinv32_var(rustsecp256k1_v0_11_modinv32_signed /* Do iterations of 30 divsteps each until g=0. */ while (1) { /* Compute transition matrix and new eta after 30 divsteps. */ - rustsecp256k1_v0_11_modinv32_trans2x2 t; - eta = rustsecp256k1_v0_11_modinv32_divsteps_30_var(eta, f.v[0], g.v[0], &t); + secp256k1_modinv32_trans2x2 t; + eta = secp256k1_modinv32_divsteps_30_var(eta, f.v[0], g.v[0], &t); /* Update d,e using that transition matrix. */ - rustsecp256k1_v0_11_modinv32_update_de_30(&d, &e, &t, modinfo); + secp256k1_modinv32_update_de_30(&d, &e, &t, modinfo); /* Update f,g using that transition matrix. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ - rustsecp256k1_v0_11_modinv32_update_fg_30_var(len, &f, &g, &t); + secp256k1_modinv32_update_fg_30_var(len, &f, &g, &t); /* If the bottom limb of g is 0, there is a chance g=0. */ if (g.v[0] == 0) { cond = 0; @@ -631,26 +631,26 @@ static void rustsecp256k1_v0_11_modinv32_var(rustsecp256k1_v0_11_modinv32_signed } VERIFY_CHECK(++i < 25); /* We should never need more than 25*30 = 750 divsteps */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ } /* At this point g is 0 and (if g was not originally 0) f must now equal +/- GCD of * the initial f, g values i.e. +/- 1, and d now contains +/- the modular inverse. */ /* g == 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &SECP256K1_SIGNED30_ONE, 0) == 0); + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &SECP256K1_SIGNED30_ONE, 0) == 0); /* |f| == 1, or (x == 0 and d == 0 and f == modulus) */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, -1) == 0 || - rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, 1) == 0 || - (rustsecp256k1_v0_11_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 && - rustsecp256k1_v0_11_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 && - rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) == 0)); + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, -1) == 0 || + secp256k1_modinv32_mul_cmp_30(&f, len, &SECP256K1_SIGNED30_ONE, 1) == 0 || + (secp256k1_modinv32_mul_cmp_30(x, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 && + secp256k1_modinv32_mul_cmp_30(&d, 9, &SECP256K1_SIGNED30_ONE, 0) == 0 && + secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) == 0)); /* Optionally negate d, normalize to [0,modulus), and return it. */ - rustsecp256k1_v0_11_modinv32_normalize_30(&d, f.v[len - 1], modinfo); + secp256k1_modinv32_normalize_30(&d, f.v[len - 1], modinfo); *x = d; } @@ -663,10 +663,10 @@ static void rustsecp256k1_v0_11_modinv32_var(rustsecp256k1_v0_11_modinv32_signed #endif /* Compute the Jacobi symbol of x modulo modinfo->modulus (variable time). gcd(x,modulus) must be 1. */ -static int rustsecp256k1_v0_11_jacobi32_maybe_var(const rustsecp256k1_v0_11_modinv32_signed30 *x, const rustsecp256k1_v0_11_modinv32_modinfo *modinfo) { +static int secp256k1_jacobi32_maybe_var(const secp256k1_modinv32_signed30 *x, const secp256k1_modinv32_modinfo *modinfo) { /* Start with f=modulus, g=x, eta=-1. */ - rustsecp256k1_v0_11_modinv32_signed30 f = modinfo->modulus; - rustsecp256k1_v0_11_modinv32_signed30 g = *x; + secp256k1_modinv32_signed30 f = modinfo->modulus; + secp256k1_modinv32_signed30 g = *x; int j, len = 9; int32_t eta = -1; /* eta = -delta; delta is initially 1 */ int32_t cond, fn, gn; @@ -683,15 +683,15 @@ static int rustsecp256k1_v0_11_jacobi32_maybe_var(const rustsecp256k1_v0_11_modi for (count = 0; count < JACOBI32_ITERATIONS; ++count) { /* Compute transition matrix and new eta after 30 posdivsteps. */ - rustsecp256k1_v0_11_modinv32_trans2x2 t; - eta = rustsecp256k1_v0_11_modinv32_posdivsteps_30_var(eta, f.v[0] | ((uint32_t)f.v[1] << 30), g.v[0] | ((uint32_t)g.v[1] << 30), &t, &jac); + secp256k1_modinv32_trans2x2 t; + eta = secp256k1_modinv32_posdivsteps_30_var(eta, f.v[0] | ((uint32_t)f.v[1] << 30), g.v[0] | ((uint32_t)g.v[1] << 30), &t, &jac); /* Update f,g using that transition matrix. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 0) > 0); /* f > 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 0) > 0); /* g > 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 0) > 0); /* f > 0 */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 0) > 0); /* g > 0 */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ - rustsecp256k1_v0_11_modinv32_update_fg_30_var(len, &f, &g, &t); + secp256k1_modinv32_update_fg_30_var(len, &f, &g, &t); /* If the bottom limb of f is 1, there is a chance that f=1. */ if (f.v[0] == 1) { cond = 0; @@ -712,10 +712,10 @@ static int rustsecp256k1_v0_11_jacobi32_maybe_var(const rustsecp256k1_v0_11_modi /* If so, reduce length. */ if (cond == 0) --len; - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 0) > 0); /* f > 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 0) > 0); /* g > 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 0) > 0); /* f > 0 */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 0) > 0); /* g > 0 */ + VERIFY_CHECK(secp256k1_modinv32_mul_cmp_30(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ } /* The loop failed to converge to f=g after 1500 iterations. Return 0, indicating unknown result. */ diff --git a/secp256k1-sys/depend/secp256k1/src/modinv64.h b/secp256k1-sys/depend/secp256k1/src/modinv64.h index 8ecb3835f..f4208e6c2 100644 --- a/secp256k1-sys/depend/secp256k1/src/modinv64.h +++ b/secp256k1-sys/depend/secp256k1/src/modinv64.h @@ -18,15 +18,15 @@ * Its value is sum(v[i] * 2^(62*i), i=0..4). */ typedef struct { int64_t v[5]; -} rustsecp256k1_v0_11_modinv64_signed62; +} secp256k1_modinv64_signed62; typedef struct { /* The modulus in signed62 notation, must be odd and in [3, 2^256]. */ - rustsecp256k1_v0_11_modinv64_signed62 modulus; + secp256k1_modinv64_signed62 modulus; /* modulus^{-1} mod 2^62 */ uint64_t modulus_inv62; -} rustsecp256k1_v0_11_modinv64_modinfo; +} secp256k1_modinv64_modinfo; /* Replace x with its modular inverse mod modinfo->modulus. x must be in range [0, modulus). * If x is zero, the result will be zero as well. If not, the inverse must exist (i.e., the gcd of @@ -34,14 +34,14 @@ typedef struct { * * On output, all of x's limbs will be in [0, 2^62). */ -static void rustsecp256k1_v0_11_modinv64_var(rustsecp256k1_v0_11_modinv64_signed62 *x, const rustsecp256k1_v0_11_modinv64_modinfo *modinfo); +static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo); -/* Same as rustsecp256k1_v0_11_modinv64_var, but constant time in x (not in the modulus). */ -static void rustsecp256k1_v0_11_modinv64(rustsecp256k1_v0_11_modinv64_signed62 *x, const rustsecp256k1_v0_11_modinv64_modinfo *modinfo); +/* Same as secp256k1_modinv64_var, but constant time in x (not in the modulus). */ +static void secp256k1_modinv64(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo); /* Compute the Jacobi symbol for (x | modinfo->modulus). x must be coprime with modulus (and thus * cannot be 0, as modulus >= 3). All limbs of x must be non-negative. Returns 0 if the result * cannot be computed. */ -static int rustsecp256k1_v0_11_jacobi64_maybe_var(const rustsecp256k1_v0_11_modinv64_signed62 *x, const rustsecp256k1_v0_11_modinv64_modinfo *modinfo); +static int secp256k1_jacobi64_maybe_var(const secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo); #endif /* SECP256K1_MODINV64_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/modinv64_impl.h b/secp256k1-sys/depend/secp256k1/src/modinv64_impl.h index 723cbc497..548787bed 100644 --- a/secp256k1-sys/depend/secp256k1/src/modinv64_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modinv64_impl.h @@ -24,41 +24,41 @@ */ typedef struct { int64_t u, v, q, r; -} rustsecp256k1_v0_11_modinv64_trans2x2; +} secp256k1_modinv64_trans2x2; #ifdef VERIFY /* Helper function to compute the absolute value of an int64_t. * (we don't use abs/labs/llabs as it depends on the int sizes). */ -static int64_t rustsecp256k1_v0_11_modinv64_abs(int64_t v) { +static int64_t secp256k1_modinv64_abs(int64_t v) { VERIFY_CHECK(v > INT64_MIN); if (v < 0) return -v; return v; } -static const rustsecp256k1_v0_11_modinv64_signed62 SECP256K1_SIGNED62_ONE = {{1}}; +static const secp256k1_modinv64_signed62 SECP256K1_SIGNED62_ONE = {{1}}; /* Compute a*factor and put it in r. All but the top limb in r will be in range [0,2^62). */ -static void rustsecp256k1_v0_11_modinv64_mul_62(rustsecp256k1_v0_11_modinv64_signed62 *r, const rustsecp256k1_v0_11_modinv64_signed62 *a, int alen, int64_t factor) { +static void secp256k1_modinv64_mul_62(secp256k1_modinv64_signed62 *r, const secp256k1_modinv64_signed62 *a, int alen, int64_t factor) { const uint64_t M62 = UINT64_MAX >> 2; - rustsecp256k1_v0_11_int128 c, d; + secp256k1_int128 c, d; int i; - rustsecp256k1_v0_11_i128_from_i64(&c, 0); + secp256k1_i128_from_i64(&c, 0); for (i = 0; i < 4; ++i) { - if (i < alen) rustsecp256k1_v0_11_i128_accum_mul(&c, a->v[i], factor); - r->v[i] = rustsecp256k1_v0_11_i128_to_u64(&c) & M62; rustsecp256k1_v0_11_i128_rshift(&c, 62); + if (i < alen) secp256k1_i128_accum_mul(&c, a->v[i], factor); + r->v[i] = secp256k1_i128_to_u64(&c) & M62; secp256k1_i128_rshift(&c, 62); } - if (4 < alen) rustsecp256k1_v0_11_i128_accum_mul(&c, a->v[4], factor); - rustsecp256k1_v0_11_i128_from_i64(&d, rustsecp256k1_v0_11_i128_to_i64(&c)); - VERIFY_CHECK(rustsecp256k1_v0_11_i128_eq_var(&c, &d)); - r->v[4] = rustsecp256k1_v0_11_i128_to_i64(&c); + if (4 < alen) secp256k1_i128_accum_mul(&c, a->v[4], factor); + secp256k1_i128_from_i64(&d, secp256k1_i128_to_i64(&c)); + VERIFY_CHECK(secp256k1_i128_eq_var(&c, &d)); + r->v[4] = secp256k1_i128_to_i64(&c); } /* Return -1 for ab*factor. A has alen limbs; b has 5. */ -static int rustsecp256k1_v0_11_modinv64_mul_cmp_62(const rustsecp256k1_v0_11_modinv64_signed62 *a, int alen, const rustsecp256k1_v0_11_modinv64_signed62 *b, int64_t factor) { +static int secp256k1_modinv64_mul_cmp_62(const secp256k1_modinv64_signed62 *a, int alen, const secp256k1_modinv64_signed62 *b, int64_t factor) { int i; - rustsecp256k1_v0_11_modinv64_signed62 am, bm; - rustsecp256k1_v0_11_modinv64_mul_62(&am, a, alen, 1); /* Normalize all but the top limb of a. */ - rustsecp256k1_v0_11_modinv64_mul_62(&bm, b, 5, factor); + secp256k1_modinv64_signed62 am, bm; + secp256k1_modinv64_mul_62(&am, a, alen, 1); /* Normalize all but the top limb of a. */ + secp256k1_modinv64_mul_62(&bm, b, 5, factor); for (i = 0; i < 4; ++i) { /* Verify that all but the top limb of a and b are normalized. */ VERIFY_CHECK(am.v[i] >> 62 == 0); @@ -72,11 +72,11 @@ static int rustsecp256k1_v0_11_modinv64_mul_cmp_62(const rustsecp256k1_v0_11_mod } /* Check if the determinant of t is equal to 1 << n. If abs, check if |det t| == 1 << n. */ -static int rustsecp256k1_v0_11_modinv64_det_check_pow2(const rustsecp256k1_v0_11_modinv64_trans2x2 *t, unsigned int n, int abs) { - rustsecp256k1_v0_11_int128 a; - rustsecp256k1_v0_11_i128_det(&a, t->u, t->v, t->q, t->r); - if (rustsecp256k1_v0_11_i128_check_pow2(&a, n, 1)) return 1; - if (abs && rustsecp256k1_v0_11_i128_check_pow2(&a, n, -1)) return 1; +static int secp256k1_modinv64_det_check_pow2(const secp256k1_modinv64_trans2x2 *t, unsigned int n, int abs) { + secp256k1_int128 a; + secp256k1_i128_det(&a, t->u, t->v, t->q, t->r); + if (secp256k1_i128_check_pow2(&a, n, 1)) return 1; + if (abs && secp256k1_i128_check_pow2(&a, n, -1)) return 1; return 0; } #endif @@ -85,7 +85,7 @@ static int rustsecp256k1_v0_11_modinv64_det_check_pow2(const rustsecp256k1_v0_11 * to it to bring it to range [0,modulus). If sign < 0, the input will also be negated in the * process. The input must have limbs in range (-2^62,2^62). The output will have limbs in range * [0,2^62). */ -static void rustsecp256k1_v0_11_modinv64_normalize_62(rustsecp256k1_v0_11_modinv64_signed62 *r, int64_t sign, const rustsecp256k1_v0_11_modinv64_modinfo *modinfo) { +static void secp256k1_modinv64_normalize_62(secp256k1_modinv64_signed62 *r, int64_t sign, const secp256k1_modinv64_modinfo *modinfo) { const int64_t M62 = (int64_t)(UINT64_MAX >> 2); int64_t r0 = r->v[0], r1 = r->v[1], r2 = r->v[2], r3 = r->v[3], r4 = r->v[4]; volatile int64_t cond_add, cond_negate; @@ -97,8 +97,8 @@ static void rustsecp256k1_v0_11_modinv64_normalize_62(rustsecp256k1_v0_11_modinv VERIFY_CHECK(r->v[i] >= -M62); VERIFY_CHECK(r->v[i] <= M62); } - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(r, 5, &modinfo->modulus, -2) > 0); /* r > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(r, 5, &modinfo->modulus, 1) < 0); /* r < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(r, 5, &modinfo->modulus, -2) > 0); /* r > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(r, 5, &modinfo->modulus, 1) < 0); /* r < modulus */ #endif /* In a first step, add the modulus if the input is negative, and then negate if requested. @@ -149,8 +149,8 @@ static void rustsecp256k1_v0_11_modinv64_normalize_62(rustsecp256k1_v0_11_modinv VERIFY_CHECK(r2 >> 62 == 0); VERIFY_CHECK(r3 >> 62 == 0); VERIFY_CHECK(r4 >> 62 == 0); - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(r, 5, &modinfo->modulus, 0) >= 0); /* r >= 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(r, 5, &modinfo->modulus, 1) < 0); /* r < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(r, 5, &modinfo->modulus, 0) >= 0); /* r >= 0 */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(r, 5, &modinfo->modulus, 1) < 0); /* r < modulus */ } /* Compute the transition matrix and eta for 59 divsteps (where zeta=-(delta+1/2)). @@ -164,7 +164,7 @@ static void rustsecp256k1_v0_11_modinv64_normalize_62(rustsecp256k1_v0_11_modinv * * Implements the divsteps_n_matrix function from the explanation. */ -static int64_t rustsecp256k1_v0_11_modinv64_divsteps_59(int64_t zeta, uint64_t f0, uint64_t g0, rustsecp256k1_v0_11_modinv64_trans2x2 *t) { +static int64_t secp256k1_modinv64_divsteps_59(int64_t zeta, uint64_t f0, uint64_t g0, secp256k1_modinv64_trans2x2 *t) { /* u,v,q,r are the elements of the transformation matrix being built up, * starting with the identity matrix times 8 (because the caller expects * a result scaled by 2^62). Semantically they are signed integers @@ -221,7 +221,7 @@ static int64_t rustsecp256k1_v0_11_modinv64_divsteps_59(int64_t zeta, uint64_t f * aggregate of 59 of them will have determinant 2^59. Multiplying with the initial * 8*identity (which has determinant 2^6) means the overall outputs has determinant * 2^65. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_det_check_pow2(t, 65, 0)); + VERIFY_CHECK(secp256k1_modinv64_det_check_pow2(t, 65, 0)); return zeta; } @@ -236,8 +236,8 @@ static int64_t rustsecp256k1_v0_11_modinv64_divsteps_59(int64_t zeta, uint64_t f * * Implements the divsteps_n_matrix_var function from the explanation. */ -static int64_t rustsecp256k1_v0_11_modinv64_divsteps_62_var(int64_t eta, uint64_t f0, uint64_t g0, rustsecp256k1_v0_11_modinv64_trans2x2 *t) { - /* Transformation matrix; see comments in rustsecp256k1_v0_11_modinv64_divsteps_62. */ +static int64_t secp256k1_modinv64_divsteps_62_var(int64_t eta, uint64_t f0, uint64_t g0, secp256k1_modinv64_trans2x2 *t) { + /* Transformation matrix; see comments in secp256k1_modinv64_divsteps_62. */ uint64_t u = 1, v = 0, q = 0, r = 1; uint64_t f = f0, g = g0, m; uint32_t w; @@ -245,7 +245,7 @@ static int64_t rustsecp256k1_v0_11_modinv64_divsteps_62_var(int64_t eta, uint64_ for (;;) { /* Use a sentinel bit to count zeros only up to i. */ - zeros = rustsecp256k1_v0_11_ctz64_var(g | (UINT64_MAX << i)); + zeros = secp256k1_ctz64_var(g | (UINT64_MAX << i)); /* Perform zeros divsteps at once; they all just divide g by two. */ g >>= zeros; u <<= zeros; @@ -304,7 +304,7 @@ static int64_t rustsecp256k1_v0_11_modinv64_divsteps_62_var(int64_t eta, uint64_ * does not change the gcd of f and g, apart from adding a power-of-2 factor to it (which * will be divided out again). As each divstep's individual matrix has determinant 2, the * aggregate of 62 of them will have determinant 2^62. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_det_check_pow2(t, 62, 0)); + VERIFY_CHECK(secp256k1_modinv64_det_check_pow2(t, 62, 0)); return eta; } @@ -322,8 +322,8 @@ static int64_t rustsecp256k1_v0_11_modinv64_divsteps_62_var(int64_t eta, uint64_ * change, but are meaningless. * Return: final eta */ -static int64_t rustsecp256k1_v0_11_modinv64_posdivsteps_62_var(int64_t eta, uint64_t f0, uint64_t g0, rustsecp256k1_v0_11_modinv64_trans2x2 *t, int *jacp) { - /* Transformation matrix; see comments in rustsecp256k1_v0_11_modinv64_divsteps_62. */ +static int64_t secp256k1_modinv64_posdivsteps_62_var(int64_t eta, uint64_t f0, uint64_t g0, secp256k1_modinv64_trans2x2 *t, int *jacp) { + /* Transformation matrix; see comments in secp256k1_modinv64_divsteps_62. */ uint64_t u = 1, v = 0, q = 0, r = 1; uint64_t f = f0, g = g0, m; uint32_t w; @@ -332,7 +332,7 @@ static int64_t rustsecp256k1_v0_11_modinv64_posdivsteps_62_var(int64_t eta, uint for (;;) { /* Use a sentinel bit to count zeros only up to i. */ - zeros = rustsecp256k1_v0_11_ctz64_var(g | (UINT64_MAX << i)); + zeros = secp256k1_ctz64_var(g | (UINT64_MAX << i)); /* Perform zeros divsteps at once; they all just divide g by two. */ g >>= zeros; u <<= zeros; @@ -395,7 +395,7 @@ static int64_t rustsecp256k1_v0_11_modinv64_posdivsteps_62_var(int64_t eta, uint * does not change the gcd of f and g, apart from adding a power-of-2 factor to it (which * will be divided out again). As each divstep's individual matrix has determinant 2 or -2, * the aggregate of 62 of them will have determinant 2^62 or -2^62. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_det_check_pow2(t, 62, 1)); + VERIFY_CHECK(secp256k1_modinv64_det_check_pow2(t, 62, 1)); *jacp = jac; return eta; @@ -408,19 +408,19 @@ static int64_t rustsecp256k1_v0_11_modinv64_posdivsteps_62_var(int64_t eta, uint * * This implements the update_de function from the explanation. */ -static void rustsecp256k1_v0_11_modinv64_update_de_62(rustsecp256k1_v0_11_modinv64_signed62 *d, rustsecp256k1_v0_11_modinv64_signed62 *e, const rustsecp256k1_v0_11_modinv64_trans2x2 *t, const rustsecp256k1_v0_11_modinv64_modinfo* modinfo) { +static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp256k1_modinv64_signed62 *e, const secp256k1_modinv64_trans2x2 *t, const secp256k1_modinv64_modinfo* modinfo) { const uint64_t M62 = UINT64_MAX >> 2; const int64_t d0 = d->v[0], d1 = d->v[1], d2 = d->v[2], d3 = d->v[3], d4 = d->v[4]; const int64_t e0 = e->v[0], e1 = e->v[1], e2 = e->v[2], e3 = e->v[3], e4 = e->v[4]; const int64_t u = t->u, v = t->v, q = t->q, r = t->r; int64_t md, me, sd, se; - rustsecp256k1_v0_11_int128 cd, ce; - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(d, 5, &modinfo->modulus, -2) > 0); /* d > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(d, 5, &modinfo->modulus, 1) < 0); /* d < modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, 1) < 0); /* e < modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_abs(u) <= (((int64_t)1 << 62) - rustsecp256k1_v0_11_modinv64_abs(v))); /* |u|+|v| <= 2^62 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_abs(q) <= (((int64_t)1 << 62) - rustsecp256k1_v0_11_modinv64_abs(r))); /* |q|+|r| <= 2^62 */ + secp256k1_int128 cd, ce; + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(d, 5, &modinfo->modulus, -2) > 0); /* d > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(d, 5, &modinfo->modulus, 1) < 0); /* d < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, 1) < 0); /* e < modulus */ + VERIFY_CHECK(secp256k1_modinv64_abs(u) <= (((int64_t)1 << 62) - secp256k1_modinv64_abs(v))); /* |u|+|v| <= 2^62 */ + VERIFY_CHECK(secp256k1_modinv64_abs(q) <= (((int64_t)1 << 62) - secp256k1_modinv64_abs(r))); /* |q|+|r| <= 2^62 */ /* [md,me] start as zero; plus [u,q] if d is negative; plus [v,r] if e is negative. */ sd = d4 >> 63; @@ -428,120 +428,120 @@ static void rustsecp256k1_v0_11_modinv64_update_de_62(rustsecp256k1_v0_11_modinv md = (u & sd) + (v & se); me = (q & sd) + (r & se); /* Begin computing t*[d,e]. */ - rustsecp256k1_v0_11_i128_mul(&cd, u, d0); - rustsecp256k1_v0_11_i128_accum_mul(&cd, v, e0); - rustsecp256k1_v0_11_i128_mul(&ce, q, d0); - rustsecp256k1_v0_11_i128_accum_mul(&ce, r, e0); + secp256k1_i128_mul(&cd, u, d0); + secp256k1_i128_accum_mul(&cd, v, e0); + secp256k1_i128_mul(&ce, q, d0); + secp256k1_i128_accum_mul(&ce, r, e0); /* Correct md,me so that t*[d,e]+modulus*[md,me] has 62 zero bottom bits. */ - md -= (modinfo->modulus_inv62 * rustsecp256k1_v0_11_i128_to_u64(&cd) + md) & M62; - me -= (modinfo->modulus_inv62 * rustsecp256k1_v0_11_i128_to_u64(&ce) + me) & M62; + md -= (modinfo->modulus_inv62 * secp256k1_i128_to_u64(&cd) + md) & M62; + me -= (modinfo->modulus_inv62 * secp256k1_i128_to_u64(&ce) + me) & M62; /* Update the beginning of computation for t*[d,e]+modulus*[md,me] now md,me are known. */ - rustsecp256k1_v0_11_i128_accum_mul(&cd, modinfo->modulus.v[0], md); - rustsecp256k1_v0_11_i128_accum_mul(&ce, modinfo->modulus.v[0], me); + secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[0], md); + secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[0], me); /* Verify that the low 62 bits of the computation are indeed zero, and then throw them away. */ - VERIFY_CHECK((rustsecp256k1_v0_11_i128_to_u64(&cd) & M62) == 0); rustsecp256k1_v0_11_i128_rshift(&cd, 62); - VERIFY_CHECK((rustsecp256k1_v0_11_i128_to_u64(&ce) & M62) == 0); rustsecp256k1_v0_11_i128_rshift(&ce, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cd) & M62) == 0); secp256k1_i128_rshift(&cd, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&ce) & M62) == 0); secp256k1_i128_rshift(&ce, 62); /* Compute limb 1 of t*[d,e]+modulus*[md,me], and store it as output limb 0 (= down shift). */ - rustsecp256k1_v0_11_i128_accum_mul(&cd, u, d1); - rustsecp256k1_v0_11_i128_accum_mul(&cd, v, e1); - rustsecp256k1_v0_11_i128_accum_mul(&ce, q, d1); - rustsecp256k1_v0_11_i128_accum_mul(&ce, r, e1); + secp256k1_i128_accum_mul(&cd, u, d1); + secp256k1_i128_accum_mul(&cd, v, e1); + secp256k1_i128_accum_mul(&ce, q, d1); + secp256k1_i128_accum_mul(&ce, r, e1); if (modinfo->modulus.v[1]) { /* Optimize for the case where limb of modulus is zero. */ - rustsecp256k1_v0_11_i128_accum_mul(&cd, modinfo->modulus.v[1], md); - rustsecp256k1_v0_11_i128_accum_mul(&ce, modinfo->modulus.v[1], me); + secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[1], md); + secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[1], me); } - d->v[0] = rustsecp256k1_v0_11_i128_to_u64(&cd) & M62; rustsecp256k1_v0_11_i128_rshift(&cd, 62); - e->v[0] = rustsecp256k1_v0_11_i128_to_u64(&ce) & M62; rustsecp256k1_v0_11_i128_rshift(&ce, 62); + d->v[0] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); + e->v[0] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); /* Compute limb 2 of t*[d,e]+modulus*[md,me], and store it as output limb 1. */ - rustsecp256k1_v0_11_i128_accum_mul(&cd, u, d2); - rustsecp256k1_v0_11_i128_accum_mul(&cd, v, e2); - rustsecp256k1_v0_11_i128_accum_mul(&ce, q, d2); - rustsecp256k1_v0_11_i128_accum_mul(&ce, r, e2); + secp256k1_i128_accum_mul(&cd, u, d2); + secp256k1_i128_accum_mul(&cd, v, e2); + secp256k1_i128_accum_mul(&ce, q, d2); + secp256k1_i128_accum_mul(&ce, r, e2); if (modinfo->modulus.v[2]) { /* Optimize for the case where limb of modulus is zero. */ - rustsecp256k1_v0_11_i128_accum_mul(&cd, modinfo->modulus.v[2], md); - rustsecp256k1_v0_11_i128_accum_mul(&ce, modinfo->modulus.v[2], me); + secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[2], md); + secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[2], me); } - d->v[1] = rustsecp256k1_v0_11_i128_to_u64(&cd) & M62; rustsecp256k1_v0_11_i128_rshift(&cd, 62); - e->v[1] = rustsecp256k1_v0_11_i128_to_u64(&ce) & M62; rustsecp256k1_v0_11_i128_rshift(&ce, 62); + d->v[1] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); + e->v[1] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); /* Compute limb 3 of t*[d,e]+modulus*[md,me], and store it as output limb 2. */ - rustsecp256k1_v0_11_i128_accum_mul(&cd, u, d3); - rustsecp256k1_v0_11_i128_accum_mul(&cd, v, e3); - rustsecp256k1_v0_11_i128_accum_mul(&ce, q, d3); - rustsecp256k1_v0_11_i128_accum_mul(&ce, r, e3); + secp256k1_i128_accum_mul(&cd, u, d3); + secp256k1_i128_accum_mul(&cd, v, e3); + secp256k1_i128_accum_mul(&ce, q, d3); + secp256k1_i128_accum_mul(&ce, r, e3); if (modinfo->modulus.v[3]) { /* Optimize for the case where limb of modulus is zero. */ - rustsecp256k1_v0_11_i128_accum_mul(&cd, modinfo->modulus.v[3], md); - rustsecp256k1_v0_11_i128_accum_mul(&ce, modinfo->modulus.v[3], me); + secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[3], md); + secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[3], me); } - d->v[2] = rustsecp256k1_v0_11_i128_to_u64(&cd) & M62; rustsecp256k1_v0_11_i128_rshift(&cd, 62); - e->v[2] = rustsecp256k1_v0_11_i128_to_u64(&ce) & M62; rustsecp256k1_v0_11_i128_rshift(&ce, 62); + d->v[2] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); + e->v[2] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); /* Compute limb 4 of t*[d,e]+modulus*[md,me], and store it as output limb 3. */ - rustsecp256k1_v0_11_i128_accum_mul(&cd, u, d4); - rustsecp256k1_v0_11_i128_accum_mul(&cd, v, e4); - rustsecp256k1_v0_11_i128_accum_mul(&ce, q, d4); - rustsecp256k1_v0_11_i128_accum_mul(&ce, r, e4); - rustsecp256k1_v0_11_i128_accum_mul(&cd, modinfo->modulus.v[4], md); - rustsecp256k1_v0_11_i128_accum_mul(&ce, modinfo->modulus.v[4], me); - d->v[3] = rustsecp256k1_v0_11_i128_to_u64(&cd) & M62; rustsecp256k1_v0_11_i128_rshift(&cd, 62); - e->v[3] = rustsecp256k1_v0_11_i128_to_u64(&ce) & M62; rustsecp256k1_v0_11_i128_rshift(&ce, 62); + secp256k1_i128_accum_mul(&cd, u, d4); + secp256k1_i128_accum_mul(&cd, v, e4); + secp256k1_i128_accum_mul(&ce, q, d4); + secp256k1_i128_accum_mul(&ce, r, e4); + secp256k1_i128_accum_mul(&cd, modinfo->modulus.v[4], md); + secp256k1_i128_accum_mul(&ce, modinfo->modulus.v[4], me); + d->v[3] = secp256k1_i128_to_u64(&cd) & M62; secp256k1_i128_rshift(&cd, 62); + e->v[3] = secp256k1_i128_to_u64(&ce) & M62; secp256k1_i128_rshift(&ce, 62); /* What remains is limb 5 of t*[d,e]+modulus*[md,me]; store it as output limb 4. */ - d->v[4] = rustsecp256k1_v0_11_i128_to_i64(&cd); - e->v[4] = rustsecp256k1_v0_11_i128_to_i64(&ce); + d->v[4] = secp256k1_i128_to_i64(&cd); + e->v[4] = secp256k1_i128_to_i64(&ce); - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(d, 5, &modinfo->modulus, -2) > 0); /* d > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(d, 5, &modinfo->modulus, 1) < 0); /* d < modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, 1) < 0); /* e < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(d, 5, &modinfo->modulus, -2) > 0); /* d > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(d, 5, &modinfo->modulus, 1) < 0); /* d < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, -2) > 0); /* e > -2*modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(e, 5, &modinfo->modulus, 1) < 0); /* e < modulus */ } /* Compute (t/2^62) * [f, g], where t is a transition matrix scaled by 2^62. * * This implements the update_fg function from the explanation. */ -static void rustsecp256k1_v0_11_modinv64_update_fg_62(rustsecp256k1_v0_11_modinv64_signed62 *f, rustsecp256k1_v0_11_modinv64_signed62 *g, const rustsecp256k1_v0_11_modinv64_trans2x2 *t) { +static void secp256k1_modinv64_update_fg_62(secp256k1_modinv64_signed62 *f, secp256k1_modinv64_signed62 *g, const secp256k1_modinv64_trans2x2 *t) { const uint64_t M62 = UINT64_MAX >> 2; const int64_t f0 = f->v[0], f1 = f->v[1], f2 = f->v[2], f3 = f->v[3], f4 = f->v[4]; const int64_t g0 = g->v[0], g1 = g->v[1], g2 = g->v[2], g3 = g->v[3], g4 = g->v[4]; const int64_t u = t->u, v = t->v, q = t->q, r = t->r; - rustsecp256k1_v0_11_int128 cf, cg; + secp256k1_int128 cf, cg; /* Start computing t*[f,g]. */ - rustsecp256k1_v0_11_i128_mul(&cf, u, f0); - rustsecp256k1_v0_11_i128_accum_mul(&cf, v, g0); - rustsecp256k1_v0_11_i128_mul(&cg, q, f0); - rustsecp256k1_v0_11_i128_accum_mul(&cg, r, g0); + secp256k1_i128_mul(&cf, u, f0); + secp256k1_i128_accum_mul(&cf, v, g0); + secp256k1_i128_mul(&cg, q, f0); + secp256k1_i128_accum_mul(&cg, r, g0); /* Verify that the bottom 62 bits of the result are zero, and then throw them away. */ - VERIFY_CHECK((rustsecp256k1_v0_11_i128_to_u64(&cf) & M62) == 0); rustsecp256k1_v0_11_i128_rshift(&cf, 62); - VERIFY_CHECK((rustsecp256k1_v0_11_i128_to_u64(&cg) & M62) == 0); rustsecp256k1_v0_11_i128_rshift(&cg, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); /* Compute limb 1 of t*[f,g], and store it as output limb 0 (= down shift). */ - rustsecp256k1_v0_11_i128_accum_mul(&cf, u, f1); - rustsecp256k1_v0_11_i128_accum_mul(&cf, v, g1); - rustsecp256k1_v0_11_i128_accum_mul(&cg, q, f1); - rustsecp256k1_v0_11_i128_accum_mul(&cg, r, g1); - f->v[0] = rustsecp256k1_v0_11_i128_to_u64(&cf) & M62; rustsecp256k1_v0_11_i128_rshift(&cf, 62); - g->v[0] = rustsecp256k1_v0_11_i128_to_u64(&cg) & M62; rustsecp256k1_v0_11_i128_rshift(&cg, 62); + secp256k1_i128_accum_mul(&cf, u, f1); + secp256k1_i128_accum_mul(&cf, v, g1); + secp256k1_i128_accum_mul(&cg, q, f1); + secp256k1_i128_accum_mul(&cg, r, g1); + f->v[0] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[0] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); /* Compute limb 2 of t*[f,g], and store it as output limb 1. */ - rustsecp256k1_v0_11_i128_accum_mul(&cf, u, f2); - rustsecp256k1_v0_11_i128_accum_mul(&cf, v, g2); - rustsecp256k1_v0_11_i128_accum_mul(&cg, q, f2); - rustsecp256k1_v0_11_i128_accum_mul(&cg, r, g2); - f->v[1] = rustsecp256k1_v0_11_i128_to_u64(&cf) & M62; rustsecp256k1_v0_11_i128_rshift(&cf, 62); - g->v[1] = rustsecp256k1_v0_11_i128_to_u64(&cg) & M62; rustsecp256k1_v0_11_i128_rshift(&cg, 62); + secp256k1_i128_accum_mul(&cf, u, f2); + secp256k1_i128_accum_mul(&cf, v, g2); + secp256k1_i128_accum_mul(&cg, q, f2); + secp256k1_i128_accum_mul(&cg, r, g2); + f->v[1] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[1] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); /* Compute limb 3 of t*[f,g], and store it as output limb 2. */ - rustsecp256k1_v0_11_i128_accum_mul(&cf, u, f3); - rustsecp256k1_v0_11_i128_accum_mul(&cf, v, g3); - rustsecp256k1_v0_11_i128_accum_mul(&cg, q, f3); - rustsecp256k1_v0_11_i128_accum_mul(&cg, r, g3); - f->v[2] = rustsecp256k1_v0_11_i128_to_u64(&cf) & M62; rustsecp256k1_v0_11_i128_rshift(&cf, 62); - g->v[2] = rustsecp256k1_v0_11_i128_to_u64(&cg) & M62; rustsecp256k1_v0_11_i128_rshift(&cg, 62); + secp256k1_i128_accum_mul(&cf, u, f3); + secp256k1_i128_accum_mul(&cf, v, g3); + secp256k1_i128_accum_mul(&cg, q, f3); + secp256k1_i128_accum_mul(&cg, r, g3); + f->v[2] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[2] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); /* Compute limb 4 of t*[f,g], and store it as output limb 3. */ - rustsecp256k1_v0_11_i128_accum_mul(&cf, u, f4); - rustsecp256k1_v0_11_i128_accum_mul(&cf, v, g4); - rustsecp256k1_v0_11_i128_accum_mul(&cg, q, f4); - rustsecp256k1_v0_11_i128_accum_mul(&cg, r, g4); - f->v[3] = rustsecp256k1_v0_11_i128_to_u64(&cf) & M62; rustsecp256k1_v0_11_i128_rshift(&cf, 62); - g->v[3] = rustsecp256k1_v0_11_i128_to_u64(&cg) & M62; rustsecp256k1_v0_11_i128_rshift(&cg, 62); + secp256k1_i128_accum_mul(&cf, u, f4); + secp256k1_i128_accum_mul(&cf, v, g4); + secp256k1_i128_accum_mul(&cg, q, f4); + secp256k1_i128_accum_mul(&cg, r, g4); + f->v[3] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[3] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); /* What remains is limb 5 of t*[f,g]; store it as output limb 4. */ - f->v[4] = rustsecp256k1_v0_11_i128_to_i64(&cf); - g->v[4] = rustsecp256k1_v0_11_i128_to_i64(&cg); + f->v[4] = secp256k1_i128_to_i64(&cf); + g->v[4] = secp256k1_i128_to_i64(&cg); } /* Compute (t/2^62) * [f, g], where t is a transition matrix for 62 divsteps. @@ -550,69 +550,69 @@ static void rustsecp256k1_v0_11_modinv64_update_fg_62(rustsecp256k1_v0_11_modinv * * This implements the update_fg function from the explanation. */ -static void rustsecp256k1_v0_11_modinv64_update_fg_62_var(int len, rustsecp256k1_v0_11_modinv64_signed62 *f, rustsecp256k1_v0_11_modinv64_signed62 *g, const rustsecp256k1_v0_11_modinv64_trans2x2 *t) { +static void secp256k1_modinv64_update_fg_62_var(int len, secp256k1_modinv64_signed62 *f, secp256k1_modinv64_signed62 *g, const secp256k1_modinv64_trans2x2 *t) { const uint64_t M62 = UINT64_MAX >> 2; const int64_t u = t->u, v = t->v, q = t->q, r = t->r; int64_t fi, gi; - rustsecp256k1_v0_11_int128 cf, cg; + secp256k1_int128 cf, cg; int i; VERIFY_CHECK(len > 0); /* Start computing t*[f,g]. */ fi = f->v[0]; gi = g->v[0]; - rustsecp256k1_v0_11_i128_mul(&cf, u, fi); - rustsecp256k1_v0_11_i128_accum_mul(&cf, v, gi); - rustsecp256k1_v0_11_i128_mul(&cg, q, fi); - rustsecp256k1_v0_11_i128_accum_mul(&cg, r, gi); + secp256k1_i128_mul(&cf, u, fi); + secp256k1_i128_accum_mul(&cf, v, gi); + secp256k1_i128_mul(&cg, q, fi); + secp256k1_i128_accum_mul(&cg, r, gi); /* Verify that the bottom 62 bits of the result are zero, and then throw them away. */ - VERIFY_CHECK((rustsecp256k1_v0_11_i128_to_u64(&cf) & M62) == 0); rustsecp256k1_v0_11_i128_rshift(&cf, 62); - VERIFY_CHECK((rustsecp256k1_v0_11_i128_to_u64(&cg) & M62) == 0); rustsecp256k1_v0_11_i128_rshift(&cg, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cf) & M62) == 0); secp256k1_i128_rshift(&cf, 62); + VERIFY_CHECK((secp256k1_i128_to_u64(&cg) & M62) == 0); secp256k1_i128_rshift(&cg, 62); /* Now iteratively compute limb i=1..len of t*[f,g], and store them in output limb i-1 (shifting * down by 62 bits). */ for (i = 1; i < len; ++i) { fi = f->v[i]; gi = g->v[i]; - rustsecp256k1_v0_11_i128_accum_mul(&cf, u, fi); - rustsecp256k1_v0_11_i128_accum_mul(&cf, v, gi); - rustsecp256k1_v0_11_i128_accum_mul(&cg, q, fi); - rustsecp256k1_v0_11_i128_accum_mul(&cg, r, gi); - f->v[i - 1] = rustsecp256k1_v0_11_i128_to_u64(&cf) & M62; rustsecp256k1_v0_11_i128_rshift(&cf, 62); - g->v[i - 1] = rustsecp256k1_v0_11_i128_to_u64(&cg) & M62; rustsecp256k1_v0_11_i128_rshift(&cg, 62); + secp256k1_i128_accum_mul(&cf, u, fi); + secp256k1_i128_accum_mul(&cf, v, gi); + secp256k1_i128_accum_mul(&cg, q, fi); + secp256k1_i128_accum_mul(&cg, r, gi); + f->v[i - 1] = secp256k1_i128_to_u64(&cf) & M62; secp256k1_i128_rshift(&cf, 62); + g->v[i - 1] = secp256k1_i128_to_u64(&cg) & M62; secp256k1_i128_rshift(&cg, 62); } /* What remains is limb (len) of t*[f,g]; store it as output limb (len-1). */ - f->v[len - 1] = rustsecp256k1_v0_11_i128_to_i64(&cf); - g->v[len - 1] = rustsecp256k1_v0_11_i128_to_i64(&cg); + f->v[len - 1] = secp256k1_i128_to_i64(&cf); + g->v[len - 1] = secp256k1_i128_to_i64(&cg); } /* Compute the inverse of x modulo modinfo->modulus, and replace x with it (constant time in x). */ -static void rustsecp256k1_v0_11_modinv64(rustsecp256k1_v0_11_modinv64_signed62 *x, const rustsecp256k1_v0_11_modinv64_modinfo *modinfo) { +static void secp256k1_modinv64(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo) { /* Start with d=0, e=1, f=modulus, g=x, zeta=-1. */ - rustsecp256k1_v0_11_modinv64_signed62 d = {{0, 0, 0, 0, 0}}; - rustsecp256k1_v0_11_modinv64_signed62 e = {{1, 0, 0, 0, 0}}; - rustsecp256k1_v0_11_modinv64_signed62 f = modinfo->modulus; - rustsecp256k1_v0_11_modinv64_signed62 g = *x; + secp256k1_modinv64_signed62 d = {{0, 0, 0, 0, 0}}; + secp256k1_modinv64_signed62 e = {{1, 0, 0, 0, 0}}; + secp256k1_modinv64_signed62 f = modinfo->modulus; + secp256k1_modinv64_signed62 g = *x; int i; int64_t zeta = -1; /* zeta = -(delta+1/2); delta starts at 1/2. */ /* Do 10 iterations of 59 divsteps each = 590 divsteps. This suffices for 256-bit inputs. */ for (i = 0; i < 10; ++i) { /* Compute transition matrix and new zeta after 59 divsteps. */ - rustsecp256k1_v0_11_modinv64_trans2x2 t; - zeta = rustsecp256k1_v0_11_modinv64_divsteps_59(zeta, f.v[0], g.v[0], &t); + secp256k1_modinv64_trans2x2 t; + zeta = secp256k1_modinv64_divsteps_59(zeta, f.v[0], g.v[0], &t); /* Update d,e using that transition matrix. */ - rustsecp256k1_v0_11_modinv64_update_de_62(&d, &e, &t, modinfo); + secp256k1_modinv64_update_de_62(&d, &e, &t, modinfo); /* Update f,g using that transition matrix. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, -1) > 0); /* f > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, 5, &modinfo->modulus, -1) > 0); /* g > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, 5, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, -1) > 0); /* f > -modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, 5, &modinfo->modulus, -1) > 0); /* g > -modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, 5, &modinfo->modulus, 1) < 0); /* g < modulus */ - rustsecp256k1_v0_11_modinv64_update_fg_62(&f, &g, &t); + secp256k1_modinv64_update_fg_62(&f, &g, &t); - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, -1) > 0); /* f > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, 5, &modinfo->modulus, -1) > 0); /* g > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, 5, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, -1) > 0); /* f > -modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, 5, &modinfo->modulus, -1) > 0); /* g > -modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, 5, &modinfo->modulus, 1) < 0); /* g < modulus */ } /* At this point sufficient iterations have been performed that g must have reached 0 @@ -620,26 +620,26 @@ static void rustsecp256k1_v0_11_modinv64(rustsecp256k1_v0_11_modinv64_signed62 * * values i.e. +/- 1, and d now contains +/- the modular inverse. */ /* g == 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, 5, &SECP256K1_SIGNED62_ONE, 0) == 0); + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, 5, &SECP256K1_SIGNED62_ONE, 0) == 0); /* |f| == 1, or (x == 0 and d == 0 and f == modulus) */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, 5, &SECP256K1_SIGNED62_ONE, -1) == 0 || - rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, 5, &SECP256K1_SIGNED62_ONE, 1) == 0 || - (rustsecp256k1_v0_11_modinv64_mul_cmp_62(x, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 && - rustsecp256k1_v0_11_modinv64_mul_cmp_62(&d, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 && - rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, 1) == 0)); + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, 5, &SECP256K1_SIGNED62_ONE, -1) == 0 || + secp256k1_modinv64_mul_cmp_62(&f, 5, &SECP256K1_SIGNED62_ONE, 1) == 0 || + (secp256k1_modinv64_mul_cmp_62(x, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 && + secp256k1_modinv64_mul_cmp_62(&d, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 && + secp256k1_modinv64_mul_cmp_62(&f, 5, &modinfo->modulus, 1) == 0)); /* Optionally negate d, normalize to [0,modulus), and return it. */ - rustsecp256k1_v0_11_modinv64_normalize_62(&d, f.v[4], modinfo); + secp256k1_modinv64_normalize_62(&d, f.v[4], modinfo); *x = d; } /* Compute the inverse of x modulo modinfo->modulus, and replace x with it (variable time). */ -static void rustsecp256k1_v0_11_modinv64_var(rustsecp256k1_v0_11_modinv64_signed62 *x, const rustsecp256k1_v0_11_modinv64_modinfo *modinfo) { +static void secp256k1_modinv64_var(secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo) { /* Start with d=0, e=1, f=modulus, g=x, eta=-1. */ - rustsecp256k1_v0_11_modinv64_signed62 d = {{0, 0, 0, 0, 0}}; - rustsecp256k1_v0_11_modinv64_signed62 e = {{1, 0, 0, 0, 0}}; - rustsecp256k1_v0_11_modinv64_signed62 f = modinfo->modulus; - rustsecp256k1_v0_11_modinv64_signed62 g = *x; + secp256k1_modinv64_signed62 d = {{0, 0, 0, 0, 0}}; + secp256k1_modinv64_signed62 e = {{1, 0, 0, 0, 0}}; + secp256k1_modinv64_signed62 f = modinfo->modulus; + secp256k1_modinv64_signed62 g = *x; #ifdef VERIFY int i = 0; #endif @@ -650,17 +650,17 @@ static void rustsecp256k1_v0_11_modinv64_var(rustsecp256k1_v0_11_modinv64_signed /* Do iterations of 62 divsteps each until g=0. */ while (1) { /* Compute transition matrix and new eta after 62 divsteps. */ - rustsecp256k1_v0_11_modinv64_trans2x2 t; - eta = rustsecp256k1_v0_11_modinv64_divsteps_62_var(eta, f.v[0], g.v[0], &t); + secp256k1_modinv64_trans2x2 t; + eta = secp256k1_modinv64_divsteps_62_var(eta, f.v[0], g.v[0], &t); /* Update d,e using that transition matrix. */ - rustsecp256k1_v0_11_modinv64_update_de_62(&d, &e, &t, modinfo); + secp256k1_modinv64_update_de_62(&d, &e, &t, modinfo); /* Update f,g using that transition matrix. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ - rustsecp256k1_v0_11_modinv64_update_fg_62_var(len, &f, &g, &t); + secp256k1_modinv64_update_fg_62_var(len, &f, &g, &t); /* If the bottom limb of g is zero, there is a chance that g=0. */ if (g.v[0] == 0) { cond = 0; @@ -686,26 +686,26 @@ static void rustsecp256k1_v0_11_modinv64_var(rustsecp256k1_v0_11_modinv64_signed } VERIFY_CHECK(++i < 12); /* We should never need more than 12*62 = 744 divsteps */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, -1) > 0); /* f > -modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, -1) > 0); /* g > -modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ } /* At this point g is 0 and (if g was not originally 0) f must now equal +/- GCD of * the initial f, g values i.e. +/- 1, and d now contains +/- the modular inverse. */ /* g == 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &SECP256K1_SIGNED62_ONE, 0) == 0); + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &SECP256K1_SIGNED62_ONE, 0) == 0); /* |f| == 1, or (x == 0 and d == 0 and f == modulus) */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &SECP256K1_SIGNED62_ONE, -1) == 0 || - rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &SECP256K1_SIGNED62_ONE, 1) == 0 || - (rustsecp256k1_v0_11_modinv64_mul_cmp_62(x, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 && - rustsecp256k1_v0_11_modinv64_mul_cmp_62(&d, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 && - rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) == 0)); + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &SECP256K1_SIGNED62_ONE, -1) == 0 || + secp256k1_modinv64_mul_cmp_62(&f, len, &SECP256K1_SIGNED62_ONE, 1) == 0 || + (secp256k1_modinv64_mul_cmp_62(x, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 && + secp256k1_modinv64_mul_cmp_62(&d, 5, &SECP256K1_SIGNED62_ONE, 0) == 0 && + secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) == 0)); /* Optionally negate d, normalize to [0,modulus), and return it. */ - rustsecp256k1_v0_11_modinv64_normalize_62(&d, f.v[len - 1], modinfo); + secp256k1_modinv64_normalize_62(&d, f.v[len - 1], modinfo); *x = d; } @@ -718,10 +718,10 @@ static void rustsecp256k1_v0_11_modinv64_var(rustsecp256k1_v0_11_modinv64_signed #endif /* Compute the Jacobi symbol of x modulo modinfo->modulus (variable time). gcd(x,modulus) must be 1. */ -static int rustsecp256k1_v0_11_jacobi64_maybe_var(const rustsecp256k1_v0_11_modinv64_signed62 *x, const rustsecp256k1_v0_11_modinv64_modinfo *modinfo) { +static int secp256k1_jacobi64_maybe_var(const secp256k1_modinv64_signed62 *x, const secp256k1_modinv64_modinfo *modinfo) { /* Start with f=modulus, g=x, eta=-1. */ - rustsecp256k1_v0_11_modinv64_signed62 f = modinfo->modulus; - rustsecp256k1_v0_11_modinv64_signed62 g = *x; + secp256k1_modinv64_signed62 f = modinfo->modulus; + secp256k1_modinv64_signed62 g = *x; int j, len = 5; int64_t eta = -1; /* eta = -delta; delta is initially 1 */ int64_t cond, fn, gn; @@ -738,15 +738,15 @@ static int rustsecp256k1_v0_11_jacobi64_maybe_var(const rustsecp256k1_v0_11_modi for (count = 0; count < JACOBI64_ITERATIONS; ++count) { /* Compute transition matrix and new eta after 62 posdivsteps. */ - rustsecp256k1_v0_11_modinv64_trans2x2 t; - eta = rustsecp256k1_v0_11_modinv64_posdivsteps_62_var(eta, f.v[0] | ((uint64_t)f.v[1] << 62), g.v[0] | ((uint64_t)g.v[1] << 62), &t, &jac); + secp256k1_modinv64_trans2x2 t; + eta = secp256k1_modinv64_posdivsteps_62_var(eta, f.v[0] | ((uint64_t)f.v[1] << 62), g.v[0] | ((uint64_t)g.v[1] << 62), &t, &jac); /* Update f,g using that transition matrix. */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 0) > 0); /* f > 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 0) > 0); /* g > 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 0) > 0); /* f > 0 */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 0) > 0); /* g > 0 */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ - rustsecp256k1_v0_11_modinv64_update_fg_62_var(len, &f, &g, &t); + secp256k1_modinv64_update_fg_62_var(len, &f, &g, &t); /* If the bottom limb of f is 1, there is a chance that f=1. */ if (f.v[0] == 1) { cond = 0; @@ -767,10 +767,10 @@ static int rustsecp256k1_v0_11_jacobi64_maybe_var(const rustsecp256k1_v0_11_modi /* If so, reduce length. */ if (cond == 0) --len; - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 0) > 0); /* f > 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 0) > 0); /* g > 0 */ - VERIFY_CHECK(rustsecp256k1_v0_11_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 0) > 0); /* f > 0 */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&f, len, &modinfo->modulus, 1) <= 0); /* f <= modulus */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 0) > 0); /* g > 0 */ + VERIFY_CHECK(secp256k1_modinv64_mul_cmp_62(&g, len, &modinfo->modulus, 1) < 0); /* g < modulus */ } /* The loop failed to converge to f=g after 1550 iterations. Return 0, indicating unknown result. */ diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/Makefile.am.include index 1477c19c5..186605352 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/Makefile.am.include @@ -1,4 +1,5 @@ -include_HEADERS += include/rustsecp256k1_v0_11_ecdh.h +include_HEADERS += include/secp256k1_ecdh.h noinst_HEADERS += src/modules/ecdh/main_impl.h noinst_HEADERS += src/modules/ecdh/tests_impl.h noinst_HEADERS += src/modules/ecdh/bench_impl.h +noinst_HEADERS += src/wycheproof/ecdh_secp256k1_test.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/bench_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/bench_impl.h index 82d5a8b0d..8924e1fab 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/bench_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/bench_impl.h @@ -10,8 +10,8 @@ #include "../../../include/secp256k1_ecdh.h" typedef struct { - rustsecp256k1_v0_11_context *ctx; - rustsecp256k1_v0_11_pubkey point; + const secp256k1_context *ctx; + secp256k1_pubkey point; unsigned char scalar[32]; } bench_ecdh_data; @@ -29,7 +29,7 @@ static void bench_ecdh_setup(void* arg) { for (i = 0; i < 32; i++) { data->scalar[i] = i + 1; } - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(data->ctx, &data->point, point, sizeof(point)) == 1); + CHECK(secp256k1_ec_pubkey_parse(data->ctx, &data->point, point, sizeof(point)) == 1); } static void bench_ecdh(void* arg, int iters) { @@ -38,7 +38,7 @@ static void bench_ecdh(void* arg, int iters) { bench_ecdh_data *data = (bench_ecdh_data*)arg; for (i = 0; i < iters; i++) { - CHECK(rustsecp256k1_v0_11_ecdh(data->ctx, res, &data->point, data->scalar, NULL, NULL) == 1); + CHECK(secp256k1_ecdh(data->ctx, res, &data->point, data->scalar, NULL, NULL) == 1); } } @@ -46,12 +46,9 @@ static void run_ecdh_bench(int iters, int argc, char** argv) { bench_ecdh_data data; int d = argc == 1; - /* create a context with no capabilities */ - data.ctx = rustsecp256k1_v0_11_context_create(SECP256K1_FLAGS_TYPE_CONTEXT); + data.ctx = secp256k1_context_static; if (d || have_flag(argc, argv, "ecdh")) run_benchmark("ecdh", bench_ecdh, bench_ecdh_setup, NULL, &data, 10, iters); - - rustsecp256k1_v0_11_context_destroy(data.ctx); } #endif /* SECP256K1_MODULE_ECDH_BENCH_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/main_impl.h index fe055a2a0..9f2dfdd56 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/main_impl.h @@ -12,27 +12,27 @@ static int ecdh_hash_function_sha256(unsigned char *output, const unsigned char *x32, const unsigned char *y32, void *data) { unsigned char version = (y32[31] & 0x01) | 0x02; - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; (void)data; - rustsecp256k1_v0_11_sha256_initialize(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, &version, 1); - rustsecp256k1_v0_11_sha256_write(&sha, x32, 32); - rustsecp256k1_v0_11_sha256_finalize(&sha, output); - rustsecp256k1_v0_11_sha256_clear(&sha); + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, &version, 1); + secp256k1_sha256_write(&sha, x32, 32); + secp256k1_sha256_finalize(&sha, output); + secp256k1_sha256_clear(&sha); return 1; } -const rustsecp256k1_v0_11_ecdh_hash_function rustsecp256k1_v0_11_ecdh_hash_function_sha256 = ecdh_hash_function_sha256; -const rustsecp256k1_v0_11_ecdh_hash_function rustsecp256k1_v0_11_ecdh_hash_function_default = ecdh_hash_function_sha256; +const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_sha256 = ecdh_hash_function_sha256; +const secp256k1_ecdh_hash_function secp256k1_ecdh_hash_function_default = ecdh_hash_function_sha256; -int rustsecp256k1_v0_11_ecdh(const rustsecp256k1_v0_11_context* ctx, unsigned char *output, const rustsecp256k1_v0_11_pubkey *point, const unsigned char *scalar, rustsecp256k1_v0_11_ecdh_hash_function hashfp, void *data) { +int secp256k1_ecdh(const secp256k1_context* ctx, unsigned char *output, const secp256k1_pubkey *point, const unsigned char *scalar, secp256k1_ecdh_hash_function hashfp, void *data) { int ret = 0; int overflow = 0; - rustsecp256k1_v0_11_gej res; - rustsecp256k1_v0_11_ge pt; - rustsecp256k1_v0_11_scalar s; + secp256k1_gej res; + secp256k1_ge pt; + secp256k1_scalar s; unsigned char x[32]; unsigned char y[32]; @@ -42,31 +42,31 @@ int rustsecp256k1_v0_11_ecdh(const rustsecp256k1_v0_11_context* ctx, unsigned ch ARG_CHECK(scalar != NULL); if (hashfp == NULL) { - hashfp = rustsecp256k1_v0_11_ecdh_hash_function_default; + hashfp = secp256k1_ecdh_hash_function_default; } - rustsecp256k1_v0_11_pubkey_load(ctx, &pt, point); - rustsecp256k1_v0_11_scalar_set_b32(&s, scalar, &overflow); + secp256k1_pubkey_load(ctx, &pt, point); + secp256k1_scalar_set_b32(&s, scalar, &overflow); - overflow |= rustsecp256k1_v0_11_scalar_is_zero(&s); - rustsecp256k1_v0_11_scalar_cmov(&s, &rustsecp256k1_v0_11_scalar_one, overflow); + overflow |= secp256k1_scalar_is_zero(&s); + secp256k1_scalar_cmov(&s, &secp256k1_scalar_one, overflow); - rustsecp256k1_v0_11_ecmult_const(&res, &pt, &s); - rustsecp256k1_v0_11_ge_set_gej(&pt, &res); + secp256k1_ecmult_const(&res, &pt, &s); + secp256k1_ge_set_gej(&pt, &res); /* Compute a hash of the point */ - rustsecp256k1_v0_11_fe_normalize(&pt.x); - rustsecp256k1_v0_11_fe_normalize(&pt.y); - rustsecp256k1_v0_11_fe_get_b32(x, &pt.x); - rustsecp256k1_v0_11_fe_get_b32(y, &pt.y); + secp256k1_fe_normalize(&pt.x); + secp256k1_fe_normalize(&pt.y); + secp256k1_fe_get_b32(x, &pt.x); + secp256k1_fe_get_b32(y, &pt.y); ret = hashfp(output, x, y, data); - rustsecp256k1_v0_11_memclear(x, sizeof(x)); - rustsecp256k1_v0_11_memclear(y, sizeof(y)); - rustsecp256k1_v0_11_scalar_clear(&s); - rustsecp256k1_v0_11_ge_clear(&pt); - rustsecp256k1_v0_11_gej_clear(&res); + secp256k1_memclear_explicit(x, sizeof(x)); + secp256k1_memclear_explicit(y, sizeof(y)); + secp256k1_scalar_clear(&s); + secp256k1_ge_clear(&pt); + secp256k1_gej_clear(&res); return !!ret & !overflow; } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/tests_impl.h index 8d2200d94..826513110 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ecdh/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ecdh/tests_impl.h @@ -7,6 +7,13 @@ #ifndef SECP256K1_MODULE_ECDH_TESTS_H #define SECP256K1_MODULE_ECDH_TESTS_H +static int ecdh_hash_function_test_xpassthru(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { + (void)y; + (void)data; + memcpy(output, x, 32); + return 1; +} + static int ecdh_hash_function_test_fail(unsigned char *output, const unsigned char *x, const unsigned char *y, void *data) { (void)output; (void)x; @@ -25,95 +32,91 @@ static int ecdh_hash_function_custom(unsigned char *output, const unsigned char } static void test_ecdh_api(void) { - rustsecp256k1_v0_11_pubkey point; + secp256k1_pubkey point; unsigned char res[32]; unsigned char s_one[32] = { 0 }; s_one[31] = 1; - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &point, s_one) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_one) == 1); /* Check all NULLs are detected */ - CHECK(rustsecp256k1_v0_11_ecdh(CTX, res, &point, s_one, NULL, NULL) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdh(CTX, NULL, &point, s_one, NULL, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdh(CTX, res, NULL, s_one, NULL, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdh(CTX, res, &point, NULL, NULL, NULL)); - CHECK(rustsecp256k1_v0_11_ecdh(CTX, res, &point, s_one, NULL, NULL) == 1); + CHECK(secp256k1_ecdh(CTX, res, &point, s_one, NULL, NULL) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdh(CTX, NULL, &point, s_one, NULL, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ecdh(CTX, res, NULL, s_one, NULL, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ecdh(CTX, res, &point, NULL, NULL, NULL)); + CHECK(secp256k1_ecdh(CTX, res, &point, s_one, NULL, NULL) == 1); } static void test_ecdh_generator_basepoint(void) { unsigned char s_one[32] = { 0 }; - rustsecp256k1_v0_11_pubkey point[2]; + secp256k1_pubkey point[2]; int i; s_one[31] = 1; /* Check against pubkey creation when the basepoint is the generator */ for (i = 0; i < 2 * COUNT; ++i) { - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; unsigned char s_b32[32]; unsigned char output_ecdh[65]; unsigned char output_ser[32]; unsigned char point_ser[65]; size_t point_ser_len = sizeof(point_ser); - rustsecp256k1_v0_11_scalar s; + secp256k1_scalar s; testutil_random_scalar_order(&s); - rustsecp256k1_v0_11_scalar_get_b32(s_b32, &s); + secp256k1_scalar_get_b32(s_b32, &s); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &point[0], s_one) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &point[1], s_b32) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point[0], s_one) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point[1], s_b32) == 1); /* compute using ECDH function with custom hash function */ - CHECK(rustsecp256k1_v0_11_ecdh(CTX, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); + CHECK(secp256k1_ecdh(CTX, output_ecdh, &point[0], s_b32, ecdh_hash_function_custom, NULL) == 1); /* compute "explicitly" */ - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, point_ser, &point_ser_len, &point[1], SECP256K1_EC_UNCOMPRESSED) == 1); /* compare */ - CHECK(rustsecp256k1_v0_11_memcmp_var(output_ecdh, point_ser, 65) == 0); + CHECK(secp256k1_memcmp_var(output_ecdh, point_ser, 65) == 0); /* compute using ECDH function with default hash function */ - CHECK(rustsecp256k1_v0_11_ecdh(CTX, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); + CHECK(secp256k1_ecdh(CTX, output_ecdh, &point[0], s_b32, NULL, NULL) == 1); /* compute "explicitly" */ - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); - rustsecp256k1_v0_11_sha256_initialize(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, point_ser, point_ser_len); - rustsecp256k1_v0_11_sha256_finalize(&sha, output_ser); + CHECK(secp256k1_ec_pubkey_serialize(CTX, point_ser, &point_ser_len, &point[1], SECP256K1_EC_COMPRESSED) == 1); + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, point_ser, point_ser_len); + secp256k1_sha256_finalize(&sha, output_ser); /* compare */ - CHECK(rustsecp256k1_v0_11_memcmp_var(output_ecdh, output_ser, 32) == 0); + CHECK(secp256k1_memcmp_var(output_ecdh, output_ser, 32) == 0); } } static void test_bad_scalar(void) { unsigned char s_zero[32] = { 0 }; - unsigned char s_overflow[32] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 - }; + unsigned char s_overflow[32] = { 0 }; unsigned char s_rand[32] = { 0 }; unsigned char output[32]; - rustsecp256k1_v0_11_scalar rand; - rustsecp256k1_v0_11_pubkey point; + secp256k1_scalar rand; + secp256k1_pubkey point; /* Create random point */ testutil_random_scalar_order(&rand); - rustsecp256k1_v0_11_scalar_get_b32(s_rand, &rand); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &point, s_rand) == 1); + secp256k1_scalar_get_b32(s_rand, &rand); + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_rand) == 1); /* Try to multiply it by bad values */ - CHECK(rustsecp256k1_v0_11_ecdh(CTX, output, &point, s_zero, NULL, NULL) == 0); - CHECK(rustsecp256k1_v0_11_ecdh(CTX, output, &point, s_overflow, NULL, NULL) == 0); + memcpy(s_overflow, secp256k1_group_order_bytes, 32); + CHECK(secp256k1_ecdh(CTX, output, &point, s_zero, NULL, NULL) == 0); + CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, NULL, NULL) == 0); /* ...and a good one */ s_overflow[31] -= 1; - CHECK(rustsecp256k1_v0_11_ecdh(CTX, output, &point, s_overflow, NULL, NULL) == 1); + CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, NULL, NULL) == 1); /* Hash function failure results in ecdh failure */ - CHECK(rustsecp256k1_v0_11_ecdh(CTX, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); + CHECK(secp256k1_ecdh(CTX, output, &point, s_overflow, ecdh_hash_function_test_fail, NULL) == 0); } /** Test that ECDH(sG, 1/s) == ECDH((1/s)G, s) == ECDH(G, 1) for a few random s. */ static void test_result_basepoint(void) { - rustsecp256k1_v0_11_pubkey point; - rustsecp256k1_v0_11_scalar rand; + secp256k1_pubkey point; + secp256k1_scalar rand; unsigned char s[32]; unsigned char s_inv[32]; unsigned char out[32]; @@ -123,22 +126,55 @@ static void test_result_basepoint(void) { unsigned char s_one[32] = { 0 }; s_one[31] = 1; - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &point, s_one) == 1); - CHECK(rustsecp256k1_v0_11_ecdh(CTX, out_base, &point, s_one, NULL, NULL) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_one) == 1); + CHECK(secp256k1_ecdh(CTX, out_base, &point, s_one, NULL, NULL) == 1); for (i = 0; i < 2 * COUNT; i++) { testutil_random_scalar_order(&rand); - rustsecp256k1_v0_11_scalar_get_b32(s, &rand); - rustsecp256k1_v0_11_scalar_inverse(&rand, &rand); - rustsecp256k1_v0_11_scalar_get_b32(s_inv, &rand); + secp256k1_scalar_get_b32(s, &rand); + secp256k1_scalar_inverse(&rand, &rand); + secp256k1_scalar_get_b32(s_inv, &rand); + + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s) == 1); + CHECK(secp256k1_ecdh(CTX, out, &point, s_inv, NULL, NULL) == 1); + CHECK(secp256k1_memcmp_var(out, out_base, 32) == 0); + + CHECK(secp256k1_ec_pubkey_create(CTX, &point, s_inv) == 1); + CHECK(secp256k1_ecdh(CTX, out_inv, &point, s, NULL, NULL) == 1); + CHECK(secp256k1_memcmp_var(out_inv, out_base, 32) == 0); + } +} + +static void test_ecdh_wycheproof(void) { +#include "../../wycheproof/ecdh_secp256k1_test.h" + int t; + for (t = 0; t < SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS; t++) { + int parsed_ok; + secp256k1_pubkey point; + const unsigned char *pk; + const unsigned char *sk; + const unsigned char *expected_shared_secret; + unsigned char output_ecdh[65] = { 0 }; + + int expected_result; + + memset(&point, 0, sizeof(point)); + pk = &wycheproof_ecdh_public_keys[testvectors[t].pk_offset]; + parsed_ok = secp256k1_ec_pubkey_parse(CTX, &point, pk, testvectors[t].pk_len); + + expected_result = testvectors[t].expected_result; + CHECK(parsed_ok == expected_result); + if (!parsed_ok) { + continue; + } + + sk = &wycheproof_ecdh_private_keys[testvectors[t].sk_offset]; + CHECK(testvectors[t].sk_len == 32); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &point, s) == 1); - CHECK(rustsecp256k1_v0_11_ecdh(CTX, out, &point, s_inv, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, out_base, 32) == 0); + CHECK(secp256k1_ecdh(CTX, output_ecdh, &point, sk, ecdh_hash_function_test_xpassthru, NULL) == 1); + expected_shared_secret = &wycheproof_ecdh_shared_secrets[testvectors[t].shared_offset]; - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &point, s_inv) == 1); - CHECK(rustsecp256k1_v0_11_ecdh(CTX, out_inv, &point, s, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(out_inv, out_base, 32) == 0); + CHECK(secp256k1_memcmp_var(output_ecdh, expected_shared_secret, testvectors[t].shared_len) == 0); } } @@ -147,6 +183,7 @@ static void run_ecdh_tests(void) { test_ecdh_generator_basepoint(); test_bad_scalar(); test_result_basepoint(); + test_ecdh_wycheproof(); } #endif /* SECP256K1_MODULE_ECDH_TESTS_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/Makefile.am.include index 9e77d0693..8251231ea 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_11_ellswift.h +include_HEADERS += include/secp256k1_ellswift.h noinst_HEADERS += src/modules/ellswift/bench_impl.h noinst_HEADERS += src/modules/ellswift/main_impl.h noinst_HEADERS += src/modules/ellswift/tests_impl.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/bench_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/bench_impl.h index 59f4e52d0..b16a3a368 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/bench_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/bench_impl.h @@ -9,8 +9,8 @@ #include "../../../include/secp256k1_ellswift.h" typedef struct { - rustsecp256k1_v0_11_context *ctx; - rustsecp256k1_v0_11_pubkey point[256]; + secp256k1_context *ctx; + secp256k1_pubkey point[256]; unsigned char rnd64[64]; } bench_ellswift_data; @@ -30,12 +30,12 @@ static void bench_ellswift_setup(void *arg) { memcpy(data->rnd64, init, 64); for (i = 0; i < 256; ++i) { int j; - CHECK(rustsecp256k1_v0_11_ellswift_decode(data->ctx, &data->point[i], data->rnd64)); + CHECK(secp256k1_ellswift_decode(data->ctx, &data->point[i], data->rnd64)); for (j = 0; j < 64; ++j) { data->rnd64[j] += 1; } } - CHECK(rustsecp256k1_v0_11_ellswift_encode(data->ctx, data->rnd64, &data->point[255], init + 16)); + CHECK(secp256k1_ellswift_encode(data->ctx, data->rnd64, &data->point[255], init + 16)); } static void bench_ellswift_encode(void *arg, int iters) { @@ -43,7 +43,7 @@ static void bench_ellswift_encode(void *arg, int iters) { bench_ellswift_data *data = (bench_ellswift_data*)arg; for (i = 0; i < iters; i++) { - CHECK(rustsecp256k1_v0_11_ellswift_encode(data->ctx, data->rnd64, &data->point[i & 255], data->rnd64 + 16)); + CHECK(secp256k1_ellswift_encode(data->ctx, data->rnd64, &data->point[i & 255], data->rnd64 + 16)); } } @@ -53,21 +53,21 @@ static void bench_ellswift_create(void *arg, int iters) { for (i = 0; i < iters; i++) { unsigned char buf[64]; - CHECK(rustsecp256k1_v0_11_ellswift_create(data->ctx, buf, data->rnd64, data->rnd64 + 32)); + CHECK(secp256k1_ellswift_create(data->ctx, buf, data->rnd64, data->rnd64 + 32)); memcpy(data->rnd64, buf, 64); } } static void bench_ellswift_decode(void *arg, int iters) { int i; - rustsecp256k1_v0_11_pubkey out; + secp256k1_pubkey out; size_t len; bench_ellswift_data *data = (bench_ellswift_data*)arg; for (i = 0; i < iters; i++) { - CHECK(rustsecp256k1_v0_11_ellswift_decode(data->ctx, &out, data->rnd64) == 1); + CHECK(secp256k1_ellswift_decode(data->ctx, &out, data->rnd64) == 1); len = 33; - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(data->ctx, data->rnd64 + (i % 32), &len, &out, SECP256K1_EC_COMPRESSED)); + CHECK(secp256k1_ec_pubkey_serialize(data->ctx, data->rnd64 + (i % 32), &len, &out, SECP256K1_EC_COMPRESSED)); } } @@ -77,13 +77,13 @@ static void bench_ellswift_xdh(void *arg, int iters) { for (i = 0; i < iters; i++) { int party = i & 1; - CHECK(rustsecp256k1_v0_11_ellswift_xdh(data->ctx, + CHECK(secp256k1_ellswift_xdh(data->ctx, data->rnd64 + (i % 33), data->rnd64, data->rnd64, data->rnd64 + ((i + 16) % 33), party, - rustsecp256k1_v0_11_ellswift_xdh_hash_function_bip324, + secp256k1_ellswift_xdh_hash_function_bip324, NULL) == 1); } } @@ -93,14 +93,14 @@ void run_ellswift_bench(int iters, int argc, char **argv) { int d = argc == 1; /* create a context with signing capabilities */ - data.ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); if (d || have_flag(argc, argv, "ellswift") || have_flag(argc, argv, "encode") || have_flag(argc, argv, "ellswift_encode")) run_benchmark("ellswift_encode", bench_ellswift_encode, bench_ellswift_setup, NULL, &data, 10, iters); if (d || have_flag(argc, argv, "ellswift") || have_flag(argc, argv, "decode") || have_flag(argc, argv, "ellswift_decode")) run_benchmark("ellswift_decode", bench_ellswift_decode, bench_ellswift_setup, NULL, &data, 10, iters); if (d || have_flag(argc, argv, "ellswift") || have_flag(argc, argv, "keygen") || have_flag(argc, argv, "ellswift_keygen")) run_benchmark("ellswift_keygen", bench_ellswift_create, bench_ellswift_setup, NULL, &data, 10, iters); if (d || have_flag(argc, argv, "ellswift") || have_flag(argc, argv, "ecdh") || have_flag(argc, argv, "ellswift_ecdh")) run_benchmark("ellswift_ecdh", bench_ellswift_xdh, bench_ellswift_setup, NULL, &data, 10, iters); - rustsecp256k1_v0_11_context_destroy(data.ctx); + secp256k1_context_destroy(data.ctx); } #endif diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/main_impl.h index b778ecdff..0d13f7342 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/main_impl.h @@ -12,16 +12,16 @@ #include "../../hash.h" /** c1 = (sqrt(-3)-1)/2 */ -static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_ellswift_c1 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa40); +static const secp256k1_fe secp256k1_ellswift_c1 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa40); /** c2 = (-sqrt(-3)-1)/2 = -(c1+1) */ -static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_ellswift_c2 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ee); +static const secp256k1_fe secp256k1_ellswift_c2 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ee); /** c3 = (-sqrt(-3)+1)/2 = -c1 = c2+1 */ -static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_ellswift_c3 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ef); +static const secp256k1_fe secp256k1_ellswift_c3 = SECP256K1_FE_CONST(0x7ae96a2b, 0x657c0710, 0x6e64479e, 0xac3434e9, 0x9cf04975, 0x12f58995, 0xc1396c28, 0x719501ef); /** c4 = (sqrt(-3)+1)/2 = -c2 = c1+1 */ -static const rustsecp256k1_v0_11_fe rustsecp256k1_v0_11_ellswift_c4 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa41); +static const secp256k1_fe secp256k1_ellswift_c4 = SECP256K1_FE_CONST(0x851695d4, 0x9a83f8ef, 0x919bb861, 0x53cbcb16, 0x630fb68a, 0xed0a766a, 0x3ec693d6, 0x8e6afa41); /** Decode ElligatorSwift encoding (u, t) to a fraction xn/xd representing a curve X coordinate. */ -static void rustsecp256k1_v0_11_ellswift_xswiftec_frac_var(rustsecp256k1_v0_11_fe *xn, rustsecp256k1_v0_11_fe *xd, const rustsecp256k1_v0_11_fe *u, const rustsecp256k1_v0_11_fe *t) { +static void secp256k1_ellswift_xswiftec_frac_var(secp256k1_fe *xn, secp256k1_fe *xd, const secp256k1_fe *u, const secp256k1_fe *t) { /* The implemented algorithm is the following (all operations in GF(p)): * * - Let c0 = sqrt(-3) = 0xa2d2ba93507f1df233770c2a797962cc61f6d15da14ecd47d8d27ae1cd5f852. @@ -83,67 +83,67 @@ static void rustsecp256k1_v0_11_ellswift_xswiftec_frac_var(rustsecp256k1_v0_11_f * - If x2 = u*(c1*s+c2*g)/(g+s) is a valid x coordinate, return it. * - Return x1 = -(x2+u). */ - rustsecp256k1_v0_11_fe u1, s, g, p, d, n, l; + secp256k1_fe u1, s, g, p, d, n, l; u1 = *u; - if (EXPECT(rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&u1), 0)) u1 = rustsecp256k1_v0_11_fe_one; - rustsecp256k1_v0_11_fe_sqr(&s, t); - if (EXPECT(rustsecp256k1_v0_11_fe_normalizes_to_zero_var(t), 0)) s = rustsecp256k1_v0_11_fe_one; - rustsecp256k1_v0_11_fe_sqr(&l, &u1); /* l = u^2 */ - rustsecp256k1_v0_11_fe_mul(&g, &l, &u1); /* g = u^3 */ - rustsecp256k1_v0_11_fe_add_int(&g, SECP256K1_B); /* g = u^3 + 7 */ + if (EXPECT(secp256k1_fe_normalizes_to_zero_var(&u1), 0)) u1 = secp256k1_fe_one; + secp256k1_fe_sqr(&s, t); + if (EXPECT(secp256k1_fe_normalizes_to_zero_var(t), 0)) s = secp256k1_fe_one; + secp256k1_fe_sqr(&l, &u1); /* l = u^2 */ + secp256k1_fe_mul(&g, &l, &u1); /* g = u^3 */ + secp256k1_fe_add_int(&g, SECP256K1_B); /* g = u^3 + 7 */ p = g; /* p = g */ - rustsecp256k1_v0_11_fe_add(&p, &s); /* p = g+s */ - if (EXPECT(rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&p), 0)) { - rustsecp256k1_v0_11_fe_mul_int(&s, 4); + secp256k1_fe_add(&p, &s); /* p = g+s */ + if (EXPECT(secp256k1_fe_normalizes_to_zero_var(&p), 0)) { + secp256k1_fe_mul_int(&s, 4); /* Recompute p = g+s */ p = g; /* p = g */ - rustsecp256k1_v0_11_fe_add(&p, &s); /* p = g+s */ + secp256k1_fe_add(&p, &s); /* p = g+s */ } - rustsecp256k1_v0_11_fe_mul(&d, &s, &l); /* d = s*u^2 */ - rustsecp256k1_v0_11_fe_mul_int(&d, 3); /* d = 3*s*u^2 */ - rustsecp256k1_v0_11_fe_sqr(&l, &p); /* l = (g+s)^2 */ - rustsecp256k1_v0_11_fe_negate(&l, &l, 1); /* l = -(g+s)^2 */ - rustsecp256k1_v0_11_fe_mul(&n, &d, &u1); /* n = 3*s*u^3 */ - rustsecp256k1_v0_11_fe_add(&n, &l); /* n = 3*s*u^3-(g+s)^2 */ - if (rustsecp256k1_v0_11_ge_x_frac_on_curve_var(&n, &d)) { + secp256k1_fe_mul(&d, &s, &l); /* d = s*u^2 */ + secp256k1_fe_mul_int(&d, 3); /* d = 3*s*u^2 */ + secp256k1_fe_sqr(&l, &p); /* l = (g+s)^2 */ + secp256k1_fe_negate(&l, &l, 1); /* l = -(g+s)^2 */ + secp256k1_fe_mul(&n, &d, &u1); /* n = 3*s*u^3 */ + secp256k1_fe_add(&n, &l); /* n = 3*s*u^3-(g+s)^2 */ + if (secp256k1_ge_x_frac_on_curve_var(&n, &d)) { /* Return x3 = n/d = (3*s*u^3-(g+s)^2)/(3*s*u^2) */ *xn = n; *xd = d; return; } *xd = p; - rustsecp256k1_v0_11_fe_mul(&l, &rustsecp256k1_v0_11_ellswift_c1, &s); /* l = c1*s */ - rustsecp256k1_v0_11_fe_mul(&n, &rustsecp256k1_v0_11_ellswift_c2, &g); /* n = c2*g */ - rustsecp256k1_v0_11_fe_add(&n, &l); /* n = c1*s+c2*g */ - rustsecp256k1_v0_11_fe_mul(&n, &n, &u1); /* n = u*(c1*s+c2*g) */ + secp256k1_fe_mul(&l, &secp256k1_ellswift_c1, &s); /* l = c1*s */ + secp256k1_fe_mul(&n, &secp256k1_ellswift_c2, &g); /* n = c2*g */ + secp256k1_fe_add(&n, &l); /* n = c1*s+c2*g */ + secp256k1_fe_mul(&n, &n, &u1); /* n = u*(c1*s+c2*g) */ /* Possible optimization: in the invocation below, p^2 = (g+s)^2 is computed, * which we already have computed above. This could be deduplicated. */ - if (rustsecp256k1_v0_11_ge_x_frac_on_curve_var(&n, &p)) { + if (secp256k1_ge_x_frac_on_curve_var(&n, &p)) { /* Return x2 = n/p = u*(c1*s+c2*g)/(g+s) */ *xn = n; return; } - rustsecp256k1_v0_11_fe_mul(&l, &p, &u1); /* l = u*(g+s) */ - rustsecp256k1_v0_11_fe_add(&n, &l); /* n = u*(c1*s+c2*g)+u*(g+s) */ - rustsecp256k1_v0_11_fe_negate(xn, &n, 2); /* n = -u*(c1*s+c2*g)-u*(g+s) */ + secp256k1_fe_mul(&l, &p, &u1); /* l = u*(g+s) */ + secp256k1_fe_add(&n, &l); /* n = u*(c1*s+c2*g)+u*(g+s) */ + secp256k1_fe_negate(xn, &n, 2); /* n = -u*(c1*s+c2*g)-u*(g+s) */ - VERIFY_CHECK(rustsecp256k1_v0_11_ge_x_frac_on_curve_var(xn, &p)); + VERIFY_CHECK(secp256k1_ge_x_frac_on_curve_var(xn, &p)); /* Return x3 = n/p = -(u*(c1*s+c2*g)/(g+s)+u) */ } /** Decode ElligatorSwift encoding (u, t) to X coordinate. */ -static void rustsecp256k1_v0_11_ellswift_xswiftec_var(rustsecp256k1_v0_11_fe *x, const rustsecp256k1_v0_11_fe *u, const rustsecp256k1_v0_11_fe *t) { - rustsecp256k1_v0_11_fe xn, xd; - rustsecp256k1_v0_11_ellswift_xswiftec_frac_var(&xn, &xd, u, t); - rustsecp256k1_v0_11_fe_inv_var(&xd, &xd); - rustsecp256k1_v0_11_fe_mul(x, &xn, &xd); +static void secp256k1_ellswift_xswiftec_var(secp256k1_fe *x, const secp256k1_fe *u, const secp256k1_fe *t) { + secp256k1_fe xn, xd; + secp256k1_ellswift_xswiftec_frac_var(&xn, &xd, u, t); + secp256k1_fe_inv_var(&xd, &xd); + secp256k1_fe_mul(x, &xn, &xd); } /** Decode ElligatorSwift encoding (u, t) to point P. */ -static void rustsecp256k1_v0_11_ellswift_swiftec_var(rustsecp256k1_v0_11_ge *p, const rustsecp256k1_v0_11_fe *u, const rustsecp256k1_v0_11_fe *t) { - rustsecp256k1_v0_11_fe x; - rustsecp256k1_v0_11_ellswift_xswiftec_var(&x, u, t); - rustsecp256k1_v0_11_ge_set_xo_var(p, &x, rustsecp256k1_v0_11_fe_is_odd(t)); +static void secp256k1_ellswift_swiftec_var(secp256k1_ge *p, const secp256k1_fe *u, const secp256k1_fe *t) { + secp256k1_fe x; + secp256k1_ellswift_xswiftec_var(&x, u, t); + secp256k1_ge_set_xo_var(p, &x, secp256k1_fe_is_odd(t)); } /* Try to complete an ElligatorSwift encoding (u, t) for X coordinate x, given u and x. @@ -153,7 +153,7 @@ static void rustsecp256k1_v0_11_ellswift_swiftec_var(rustsecp256k1_v0_11_ge *p, * distinct input argument c (in range 0-7), and some or all of these may return failure. * The following guarantees exist: * - Given (x, u), no two distinct c values give the same successful result t. - * - Every successful result maps back to x through rustsecp256k1_v0_11_ellswift_xswiftec_var. + * - Every successful result maps back to x through secp256k1_ellswift_xswiftec_var. * - Given (x, u), all t values that map back to x can be reached by combining the * successful results from this function over all c values, with the exception of: * - this function cannot be called with u=0 @@ -165,7 +165,7 @@ static void rustsecp256k1_v0_11_ellswift_swiftec_var(rustsecp256k1_v0_11_ge *p, * encoding more closely: c=0 through c=3 match branches 1..4 in the paper, while c=4 through * c=7 are copies of those with an additional negation of sqrt(w). */ -static int rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(rustsecp256k1_v0_11_fe *t, const rustsecp256k1_v0_11_fe *x_in, const rustsecp256k1_v0_11_fe *u_in, int c) { +static int secp256k1_ellswift_xswiftec_inv_var(secp256k1_fe *t, const secp256k1_fe *x_in, const secp256k1_fe *u_in, int c) { /* The implemented algorithm is this (all arithmetic, except involving c, is mod p): * * - If (c & 2) = 0: @@ -186,14 +186,14 @@ static int rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(rustsecp256k1_v0_11_fe * - If (c & 5) = 4: return w*(c3*u + v). * - If (c & 5) = 5: return -w*(c4*u + v). */ - rustsecp256k1_v0_11_fe x = *x_in, u = *u_in, g, v, s, m, r, q; + secp256k1_fe x = *x_in, u = *u_in, g, v, s, m, r, q; int ret; - rustsecp256k1_v0_11_fe_normalize_weak(&x); - rustsecp256k1_v0_11_fe_normalize_weak(&u); + secp256k1_fe_normalize_weak(&x); + secp256k1_fe_normalize_weak(&u); VERIFY_CHECK(c >= 0 && c < 8); - VERIFY_CHECK(rustsecp256k1_v0_11_ge_x_on_curve_var(&x)); + VERIFY_CHECK(secp256k1_ge_x_on_curve_var(&x)); if (!(c & 2)) { /* c is in {0, 1, 4, 5}. In this case we look for an inverse under the x1 (if c=0 or @@ -203,16 +203,16 @@ static int rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(rustsecp256k1_v0_11_fe * back under the x3 formula instead (which has priority over x1 and x2, so the decoding * would not match x). */ m = x; /* m = x */ - rustsecp256k1_v0_11_fe_add(&m, &u); /* m = u+x */ - rustsecp256k1_v0_11_fe_negate(&m, &m, 2); /* m = -u-x */ + secp256k1_fe_add(&m, &u); /* m = u+x */ + secp256k1_fe_negate(&m, &m, 2); /* m = -u-x */ /* Test if (-u-x) is a valid X coordinate. If so, fail. */ - if (rustsecp256k1_v0_11_ge_x_on_curve_var(&m)) return 0; + if (secp256k1_ge_x_on_curve_var(&m)) return 0; /* Let s = -(u^3 + 7)/(u^2 + u*x + x^2) [first part] */ - rustsecp256k1_v0_11_fe_sqr(&s, &m); /* s = (u+x)^2 */ - rustsecp256k1_v0_11_fe_negate(&s, &s, 1); /* s = -(u+x)^2 */ - rustsecp256k1_v0_11_fe_mul(&m, &u, &x); /* m = u*x */ - rustsecp256k1_v0_11_fe_add(&s, &m); /* s = -(u^2 + u*x + x^2) */ + secp256k1_fe_sqr(&s, &m); /* s = (u+x)^2 */ + secp256k1_fe_negate(&s, &s, 1); /* s = -(u+x)^2 */ + secp256k1_fe_mul(&m, &u, &x); /* m = u*x */ + secp256k1_fe_add(&s, &m); /* s = -(u^2 + u*x + x^2) */ /* Note that at this point, s = 0 is impossible. If it were the case: * s = -(u^2 + u*x + x^2) = 0 @@ -224,23 +224,23 @@ static int rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(rustsecp256k1_v0_11_fe * => x^3 + B = (-u - x)^3 + B * * However, we know x^3 + B is square (because x is on the curve) and - * that (-u-x)^3 + B is not square (the rustsecp256k1_v0_11_ge_x_on_curve_var(&m) + * that (-u-x)^3 + B is not square (the secp256k1_ge_x_on_curve_var(&m) * test above would have failed). This is a contradiction, and thus the * assumption s=0 is false. */ - VERIFY_CHECK(!rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&s)); + VERIFY_CHECK(!secp256k1_fe_normalizes_to_zero_var(&s)); /* If s is not square, fail. We have not fully computed s yet, but s is square iff * -(u^3+7)*(u^2+u*x+x^2) is square (because a/b is square iff a*b is square and b is * nonzero). */ - rustsecp256k1_v0_11_fe_sqr(&g, &u); /* g = u^2 */ - rustsecp256k1_v0_11_fe_mul(&g, &g, &u); /* g = u^3 */ - rustsecp256k1_v0_11_fe_add_int(&g, SECP256K1_B); /* g = u^3+7 */ - rustsecp256k1_v0_11_fe_mul(&m, &s, &g); /* m = -(u^3 + 7)*(u^2 + u*x + x^2) */ - if (!rustsecp256k1_v0_11_fe_is_square_var(&m)) return 0; + secp256k1_fe_sqr(&g, &u); /* g = u^2 */ + secp256k1_fe_mul(&g, &g, &u); /* g = u^3 */ + secp256k1_fe_add_int(&g, SECP256K1_B); /* g = u^3+7 */ + secp256k1_fe_mul(&m, &s, &g); /* m = -(u^3 + 7)*(u^2 + u*x + x^2) */ + if (!secp256k1_fe_is_square_var(&m)) return 0; /* Let s = -(u^3 + 7)/(u^2 + u*x + x^2) [second part] */ - rustsecp256k1_v0_11_fe_inv_var(&s, &s); /* s = -1/(u^2 + u*x + x^2) [no div by 0] */ - rustsecp256k1_v0_11_fe_mul(&s, &s, &g); /* s = -(u^3 + 7)/(u^2 + u*x + x^2) */ + secp256k1_fe_inv_var(&s, &s); /* s = -1/(u^2 + u*x + x^2) [no div by 0] */ + secp256k1_fe_mul(&s, &s, &g); /* s = -(u^3 + 7)/(u^2 + u*x + x^2) */ /* Let v = x. */ v = x; @@ -248,25 +248,25 @@ static int rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(rustsecp256k1_v0_11_fe /* c is in {2, 3, 6, 7}. In this case we look for an inverse under the x3 formula. */ /* Let s = x-u. */ - rustsecp256k1_v0_11_fe_negate(&m, &u, 1); /* m = -u */ + secp256k1_fe_negate(&m, &u, 1); /* m = -u */ s = m; /* s = -u */ - rustsecp256k1_v0_11_fe_add(&s, &x); /* s = x-u */ + secp256k1_fe_add(&s, &x); /* s = x-u */ /* If s is not square, fail. */ - if (!rustsecp256k1_v0_11_fe_is_square_var(&s)) return 0; + if (!secp256k1_fe_is_square_var(&s)) return 0; /* Let r = sqrt(-s*(4*(u^3+7)+3*u^2*s)); fail if it doesn't exist. */ - rustsecp256k1_v0_11_fe_sqr(&g, &u); /* g = u^2 */ - rustsecp256k1_v0_11_fe_mul(&q, &s, &g); /* q = s*u^2 */ - rustsecp256k1_v0_11_fe_mul_int(&q, 3); /* q = 3*s*u^2 */ - rustsecp256k1_v0_11_fe_mul(&g, &g, &u); /* g = u^3 */ - rustsecp256k1_v0_11_fe_mul_int(&g, 4); /* g = 4*u^3 */ - rustsecp256k1_v0_11_fe_add_int(&g, 4 * SECP256K1_B); /* g = 4*(u^3+7) */ - rustsecp256k1_v0_11_fe_add(&q, &g); /* q = 4*(u^3+7)+3*s*u^2 */ - rustsecp256k1_v0_11_fe_mul(&q, &q, &s); /* q = s*(4*(u^3+7)+3*u^2*s) */ - rustsecp256k1_v0_11_fe_negate(&q, &q, 1); /* q = -s*(4*(u^3+7)+3*u^2*s) */ - if (!rustsecp256k1_v0_11_fe_is_square_var(&q)) return 0; - ret = rustsecp256k1_v0_11_fe_sqrt(&r, &q); /* r = sqrt(-s*(4*(u^3+7)+3*u^2*s)) */ + secp256k1_fe_sqr(&g, &u); /* g = u^2 */ + secp256k1_fe_mul(&q, &s, &g); /* q = s*u^2 */ + secp256k1_fe_mul_int(&q, 3); /* q = 3*s*u^2 */ + secp256k1_fe_mul(&g, &g, &u); /* g = u^3 */ + secp256k1_fe_mul_int(&g, 4); /* g = 4*u^3 */ + secp256k1_fe_add_int(&g, 4 * SECP256K1_B); /* g = 4*(u^3+7) */ + secp256k1_fe_add(&q, &g); /* q = 4*(u^3+7)+3*s*u^2 */ + secp256k1_fe_mul(&q, &q, &s); /* q = s*(4*(u^3+7)+3*u^2*s) */ + secp256k1_fe_negate(&q, &q, 1); /* q = -s*(4*(u^3+7)+3*u^2*s) */ + if (!secp256k1_fe_is_square_var(&q)) return 0; + ret = secp256k1_fe_sqrt(&r, &q); /* r = sqrt(-s*(4*(u^3+7)+3*u^2*s)) */ #ifdef VERIFY VERIFY_CHECK(ret); #else @@ -274,31 +274,31 @@ static int rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(rustsecp256k1_v0_11_fe #endif /* If (c & 1) = 1 and r = 0, fail. */ - if (EXPECT((c & 1) && rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&r), 0)) return 0; + if (EXPECT((c & 1) && secp256k1_fe_normalizes_to_zero_var(&r), 0)) return 0; /* If s = 0, fail. */ - if (EXPECT(rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&s), 0)) return 0; + if (EXPECT(secp256k1_fe_normalizes_to_zero_var(&s), 0)) return 0; /* Let v = (r/s-u)/2. */ - rustsecp256k1_v0_11_fe_inv_var(&v, &s); /* v = 1/s [no div by 0] */ - rustsecp256k1_v0_11_fe_mul(&v, &v, &r); /* v = r/s */ - rustsecp256k1_v0_11_fe_add(&v, &m); /* v = r/s-u */ - rustsecp256k1_v0_11_fe_half(&v); /* v = (r/s-u)/2 */ + secp256k1_fe_inv_var(&v, &s); /* v = 1/s [no div by 0] */ + secp256k1_fe_mul(&v, &v, &r); /* v = r/s */ + secp256k1_fe_add(&v, &m); /* v = r/s-u */ + secp256k1_fe_half(&v); /* v = (r/s-u)/2 */ } /* Let w = sqrt(s). */ - ret = rustsecp256k1_v0_11_fe_sqrt(&m, &s); /* m = sqrt(s) = w */ + ret = secp256k1_fe_sqrt(&m, &s); /* m = sqrt(s) = w */ VERIFY_CHECK(ret); /* Return logic. */ if ((c & 5) == 0 || (c & 5) == 5) { - rustsecp256k1_v0_11_fe_negate(&m, &m, 1); /* m = -w */ + secp256k1_fe_negate(&m, &m, 1); /* m = -w */ } /* Now m = {-w if c&5=0 or c&5=5; w otherwise}. */ - rustsecp256k1_v0_11_fe_mul(&u, &u, c&1 ? &rustsecp256k1_v0_11_ellswift_c4 : &rustsecp256k1_v0_11_ellswift_c3); + secp256k1_fe_mul(&u, &u, c&1 ? &secp256k1_ellswift_c4 : &secp256k1_ellswift_c3); /* u = {c4 if c&1=1; c3 otherwise}*u */ - rustsecp256k1_v0_11_fe_add(&u, &v); /* u = {c4 if c&1=1; c3 otherwise}*u + v */ - rustsecp256k1_v0_11_fe_mul(t, &m, &u); + secp256k1_fe_add(&u, &v); /* u = {c4 if c&1=1; c3 otherwise}*u + v */ + secp256k1_fe_mul(t, &m, &u); return 1; } @@ -307,8 +307,8 @@ static int rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(rustsecp256k1_v0_11_fe * hasher is a SHA256 object to which an incrementing 4-byte counter is written to generate randomness. * Writing 13 bytes (4 bytes for counter, plus 9 bytes for the SHA256 padding) cannot cross a * 64-byte block size boundary (to make sure it only triggers a single SHA256 compression). */ -static void rustsecp256k1_v0_11_ellswift_prng(unsigned char* out32, const rustsecp256k1_v0_11_sha256 *hasher, uint32_t cnt) { - rustsecp256k1_v0_11_sha256 hash = *hasher; +static void secp256k1_ellswift_prng(unsigned char* out32, const secp256k1_sha256 *hasher, uint32_t cnt) { + secp256k1_sha256 hash = *hasher; unsigned char buf4[4]; #ifdef VERIFY size_t blocks = hash.bytes >> 6; @@ -317,8 +317,8 @@ static void rustsecp256k1_v0_11_ellswift_prng(unsigned char* out32, const rustse buf4[1] = cnt >> 8; buf4[2] = cnt >> 16; buf4[3] = cnt >> 24; - rustsecp256k1_v0_11_sha256_write(&hash, buf4, 4); - rustsecp256k1_v0_11_sha256_finalize(&hash, out32); + secp256k1_sha256_write(&hash, buf4, 4); + secp256k1_sha256_finalize(&hash, out32); /* Writing and finalizing together should trigger exactly one SHA256 compression. */ VERIFY_CHECK(((hash.bytes) >> 6) == (blocks + 1)); @@ -329,8 +329,8 @@ static void rustsecp256k1_v0_11_ellswift_prng(unsigned char* out32, const rustse * u32 is the 32-byte big endian encoding of u; t is the output field element t that still * needs encoding. * - * hasher is a hasher in the rustsecp256k1_v0_11_ellswift_prng sense, with the same restrictions. */ -static void rustsecp256k1_v0_11_ellswift_xelligatorswift_var(unsigned char *u32, rustsecp256k1_v0_11_fe *t, const rustsecp256k1_v0_11_fe *x, const rustsecp256k1_v0_11_sha256 *hasher) { + * hasher is a hasher in the secp256k1_ellswift_prng sense, with the same restrictions. */ +static void secp256k1_ellswift_xelligatorswift_var(unsigned char *u32, secp256k1_fe *t, const secp256k1_fe *x, const secp256k1_sha256 *hasher) { /* Pool of 3-bit branch values. */ unsigned char branch_hash[32]; /* Number of 3-bit values in branch_hash left. */ @@ -343,47 +343,47 @@ static void rustsecp256k1_v0_11_ellswift_xelligatorswift_var(unsigned char *u32, uint32_t cnt = 0; while (1) { int branch; - rustsecp256k1_v0_11_fe u; + secp256k1_fe u; /* If the pool of branch values is empty, populate it. */ if (branches_left == 0) { - rustsecp256k1_v0_11_ellswift_prng(branch_hash, hasher, cnt++); + secp256k1_ellswift_prng(branch_hash, hasher, cnt++); branches_left = 64; } /* Take a 3-bit branch value from the branch pool (top bit is discarded). */ --branches_left; branch = (branch_hash[branches_left >> 1] >> ((branches_left & 1) << 2)) & 7; /* Compute a new u value by hashing. */ - rustsecp256k1_v0_11_ellswift_prng(u32, hasher, cnt++); + secp256k1_ellswift_prng(u32, hasher, cnt++); /* overflow is not a problem (we prefer uniform u32 over uniform u). */ - rustsecp256k1_v0_11_fe_set_b32_mod(&u, u32); + secp256k1_fe_set_b32_mod(&u, u32); /* Since u is the output of a hash, it should practically never be 0. We could apply the * u=0 to u=1 correction here too to deal with that case still, but it's such a low * probability event that we do not bother. */ - VERIFY_CHECK(!rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&u)); + VERIFY_CHECK(!secp256k1_fe_normalizes_to_zero_var(&u)); /* Find a remainder t, and return it if found. */ - if (EXPECT(rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(t, x, &u, branch), 0)) break; + if (EXPECT(secp256k1_ellswift_xswiftec_inv_var(t, x, &u, branch), 0)) break; } } /** Find an ElligatorSwift encoding (u, t) for point P. * - * This is similar rustsecp256k1_v0_11_ellswift_xelligatorswift_var, except it takes a full group element p + * This is similar secp256k1_ellswift_xelligatorswift_var, except it takes a full group element p * as input, and returns an encoding that matches the provided Y coordinate rather than a random * one. */ -static void rustsecp256k1_v0_11_ellswift_elligatorswift_var(unsigned char *u32, rustsecp256k1_v0_11_fe *t, const rustsecp256k1_v0_11_ge *p, const rustsecp256k1_v0_11_sha256 *hasher) { - rustsecp256k1_v0_11_ellswift_xelligatorswift_var(u32, t, &p->x, hasher); - rustsecp256k1_v0_11_fe_normalize_var(t); - if (rustsecp256k1_v0_11_fe_is_odd(t) != rustsecp256k1_v0_11_fe_is_odd(&p->y)) { - rustsecp256k1_v0_11_fe_negate(t, t, 1); - rustsecp256k1_v0_11_fe_normalize_var(t); +static void secp256k1_ellswift_elligatorswift_var(unsigned char *u32, secp256k1_fe *t, const secp256k1_ge *p, const secp256k1_sha256 *hasher) { + secp256k1_ellswift_xelligatorswift_var(u32, t, &p->x, hasher); + secp256k1_fe_normalize_var(t); + if (secp256k1_fe_is_odd(t) != secp256k1_fe_is_odd(&p->y)) { + secp256k1_fe_negate(t, t, 1); + secp256k1_fe_normalize_var(t); } } -/** Set hash state to the BIP340 tagged hash midstate for "rustsecp256k1_v0_11_ellswift_encode". */ -static void rustsecp256k1_v0_11_ellswift_sha256_init_encode(rustsecp256k1_v0_11_sha256* hash) { - rustsecp256k1_v0_11_sha256_initialize(hash); +/** Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_encode". */ +static void secp256k1_ellswift_sha256_init_encode(secp256k1_sha256* hash) { + secp256k1_sha256_initialize(hash); hash->s[0] = 0xd1a6524bul; hash->s[1] = 0x028594b3ul; hash->s[2] = 0x96e42f4eul; @@ -396,35 +396,35 @@ static void rustsecp256k1_v0_11_ellswift_sha256_init_encode(rustsecp256k1_v0_11_ hash->bytes = 64; } -int rustsecp256k1_v0_11_ellswift_encode(const rustsecp256k1_v0_11_context *ctx, unsigned char *ell64, const rustsecp256k1_v0_11_pubkey *pubkey, const unsigned char *rnd32) { - rustsecp256k1_v0_11_ge p; +int secp256k1_ellswift_encode(const secp256k1_context *ctx, unsigned char *ell64, const secp256k1_pubkey *pubkey, const unsigned char *rnd32) { + secp256k1_ge p; VERIFY_CHECK(ctx != NULL); ARG_CHECK(ell64 != NULL); ARG_CHECK(pubkey != NULL); ARG_CHECK(rnd32 != NULL); - if (rustsecp256k1_v0_11_pubkey_load(ctx, &p, pubkey)) { - rustsecp256k1_v0_11_fe t; + if (secp256k1_pubkey_load(ctx, &p, pubkey)) { + secp256k1_fe t; unsigned char p64[64] = {0}; size_t ser_size; int ser_ret; - rustsecp256k1_v0_11_sha256 hash; + secp256k1_sha256 hash; /* Set up hasher state; the used RNG is H(pubkey || "\x00"*31 || rnd32 || cnt++), using - * BIP340 tagged hash with tag "rustsecp256k1_v0_11_ellswift_encode". */ - rustsecp256k1_v0_11_ellswift_sha256_init_encode(&hash); - ser_ret = rustsecp256k1_v0_11_eckey_pubkey_serialize(&p, p64, &ser_size, 1); + * BIP340 tagged hash with tag "secp256k1_ellswift_encode". */ + secp256k1_ellswift_sha256_init_encode(&hash); + ser_ret = secp256k1_eckey_pubkey_serialize(&p, p64, &ser_size, 1); #ifdef VERIFY VERIFY_CHECK(ser_ret && ser_size == 33); #else (void)ser_ret; #endif - rustsecp256k1_v0_11_sha256_write(&hash, p64, sizeof(p64)); - rustsecp256k1_v0_11_sha256_write(&hash, rnd32, 32); + secp256k1_sha256_write(&hash, p64, sizeof(p64)); + secp256k1_sha256_write(&hash, rnd32, 32); /* Compute ElligatorSwift encoding and construct output. */ - rustsecp256k1_v0_11_ellswift_elligatorswift_var(ell64, &t, &p, &hash); /* puts u in ell64[0..32] */ - rustsecp256k1_v0_11_fe_get_b32(ell64 + 32, &t); /* puts t in ell64[32..64] */ + secp256k1_ellswift_elligatorswift_var(ell64, &t, &p, &hash); /* puts u in ell64[0..32] */ + secp256k1_fe_get_b32(ell64 + 32, &t); /* puts t in ell64[32..64] */ return 1; } /* Only reached in case the provided pubkey is invalid. */ @@ -432,9 +432,9 @@ int rustsecp256k1_v0_11_ellswift_encode(const rustsecp256k1_v0_11_context *ctx, return 0; } -/** Set hash state to the BIP340 tagged hash midstate for "rustsecp256k1_v0_11_ellswift_create". */ -static void rustsecp256k1_v0_11_ellswift_sha256_init_create(rustsecp256k1_v0_11_sha256* hash) { - rustsecp256k1_v0_11_sha256_initialize(hash); +/** Set hash state to the BIP340 tagged hash midstate for "secp256k1_ellswift_create". */ +static void secp256k1_ellswift_sha256_init_create(secp256k1_sha256* hash) { + secp256k1_sha256_initialize(hash); hash->s[0] = 0xd29e1bf5ul; hash->s[1] = 0xf7025f42ul; hash->s[2] = 0x9b024773ul; @@ -447,11 +447,11 @@ static void rustsecp256k1_v0_11_ellswift_sha256_init_create(rustsecp256k1_v0_11_ hash->bytes = 64; } -int rustsecp256k1_v0_11_ellswift_create(const rustsecp256k1_v0_11_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32) { - rustsecp256k1_v0_11_ge p; - rustsecp256k1_v0_11_fe t; - rustsecp256k1_v0_11_sha256 hash; - rustsecp256k1_v0_11_scalar seckey_scalar; +int secp256k1_ellswift_create(const secp256k1_context *ctx, unsigned char *ell64, const unsigned char *seckey32, const unsigned char *auxrnd32) { + secp256k1_ge p; + secp256k1_fe t; + secp256k1_sha256 hash; + secp256k1_scalar seckey_scalar; int ret; static const unsigned char zero32[32] = {0}; @@ -459,65 +459,65 @@ int rustsecp256k1_v0_11_ellswift_create(const rustsecp256k1_v0_11_context *ctx, VERIFY_CHECK(ctx != NULL); ARG_CHECK(ell64 != NULL); memset(ell64, 0, 64); - ARG_CHECK(rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(seckey32 != NULL); /* Compute (affine) public key */ - ret = rustsecp256k1_v0_11_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey32); - rustsecp256k1_v0_11_declassify(ctx, &p, sizeof(p)); /* not constant time in produced pubkey */ - rustsecp256k1_v0_11_fe_normalize_var(&p.x); - rustsecp256k1_v0_11_fe_normalize_var(&p.y); + ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey32); + secp256k1_declassify(ctx, &p, sizeof(p)); /* not constant time in produced pubkey */ + secp256k1_fe_normalize_var(&p.x); + secp256k1_fe_normalize_var(&p.y); /* Set up hasher state. The used RNG is H(privkey || "\x00"*32 [|| auxrnd32] || cnt++), - * using BIP340 tagged hash with tag "rustsecp256k1_v0_11_ellswift_create". */ - rustsecp256k1_v0_11_ellswift_sha256_init_create(&hash); - rustsecp256k1_v0_11_sha256_write(&hash, seckey32, 32); - rustsecp256k1_v0_11_sha256_write(&hash, zero32, sizeof(zero32)); - rustsecp256k1_v0_11_declassify(ctx, &hash, sizeof(hash)); /* private key is hashed now */ - if (auxrnd32) rustsecp256k1_v0_11_sha256_write(&hash, auxrnd32, 32); + * using BIP340 tagged hash with tag "secp256k1_ellswift_create". */ + secp256k1_ellswift_sha256_init_create(&hash); + secp256k1_sha256_write(&hash, seckey32, 32); + secp256k1_sha256_write(&hash, zero32, sizeof(zero32)); + secp256k1_declassify(ctx, &hash, sizeof(hash)); /* private key is hashed now */ + if (auxrnd32) secp256k1_sha256_write(&hash, auxrnd32, 32); /* Compute ElligatorSwift encoding and construct output. */ - rustsecp256k1_v0_11_ellswift_elligatorswift_var(ell64, &t, &p, &hash); /* puts u in ell64[0..32] */ - rustsecp256k1_v0_11_fe_get_b32(ell64 + 32, &t); /* puts t in ell64[32..64] */ + secp256k1_ellswift_elligatorswift_var(ell64, &t, &p, &hash); /* puts u in ell64[0..32] */ + secp256k1_fe_get_b32(ell64 + 32, &t); /* puts t in ell64[32..64] */ - rustsecp256k1_v0_11_memczero(ell64, 64, !ret); - rustsecp256k1_v0_11_scalar_clear(&seckey_scalar); + secp256k1_memczero(ell64, 64, !ret); + secp256k1_scalar_clear(&seckey_scalar); return ret; } -int rustsecp256k1_v0_11_ellswift_decode(const rustsecp256k1_v0_11_context *ctx, rustsecp256k1_v0_11_pubkey *pubkey, const unsigned char *ell64) { - rustsecp256k1_v0_11_fe u, t; - rustsecp256k1_v0_11_ge p; +int secp256k1_ellswift_decode(const secp256k1_context *ctx, secp256k1_pubkey *pubkey, const unsigned char *ell64) { + secp256k1_fe u, t; + secp256k1_ge p; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); ARG_CHECK(ell64 != NULL); - rustsecp256k1_v0_11_fe_set_b32_mod(&u, ell64); - rustsecp256k1_v0_11_fe_set_b32_mod(&t, ell64 + 32); - rustsecp256k1_v0_11_fe_normalize_var(&t); - rustsecp256k1_v0_11_ellswift_swiftec_var(&p, &u, &t); - rustsecp256k1_v0_11_pubkey_save(pubkey, &p); + secp256k1_fe_set_b32_mod(&u, ell64); + secp256k1_fe_set_b32_mod(&t, ell64 + 32); + secp256k1_fe_normalize_var(&t); + secp256k1_ellswift_swiftec_var(&p, &u, &t); + secp256k1_pubkey_save(pubkey, &p); return 1; } static int ellswift_xdh_hash_function_prefix(unsigned char *output, const unsigned char *x32, const unsigned char *ell_a64, const unsigned char *ell_b64, void *data) { - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; - rustsecp256k1_v0_11_sha256_initialize(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, data, 64); - rustsecp256k1_v0_11_sha256_write(&sha, ell_a64, 64); - rustsecp256k1_v0_11_sha256_write(&sha, ell_b64, 64); - rustsecp256k1_v0_11_sha256_write(&sha, x32, 32); - rustsecp256k1_v0_11_sha256_finalize(&sha, output); - rustsecp256k1_v0_11_sha256_clear(&sha); + secp256k1_sha256_initialize(&sha); + secp256k1_sha256_write(&sha, data, 64); + secp256k1_sha256_write(&sha, ell_a64, 64); + secp256k1_sha256_write(&sha, ell_b64, 64); + secp256k1_sha256_write(&sha, x32, 32); + secp256k1_sha256_finalize(&sha, output); + secp256k1_sha256_clear(&sha); return 1; } /** Set hash state to the BIP340 tagged hash midstate for "bip324_ellswift_xonly_ecdh". */ -static void rustsecp256k1_v0_11_ellswift_sha256_init_bip324(rustsecp256k1_v0_11_sha256* hash) { - rustsecp256k1_v0_11_sha256_initialize(hash); +static void secp256k1_ellswift_sha256_init_bip324(secp256k1_sha256* hash) { + secp256k1_sha256_initialize(hash); hash->s[0] = 0x8c12d730ul; hash->s[1] = 0x827bd392ul; hash->s[2] = 0x9e4fb2eeul; @@ -531,28 +531,28 @@ static void rustsecp256k1_v0_11_ellswift_sha256_init_bip324(rustsecp256k1_v0_11_ } static int ellswift_xdh_hash_function_bip324(unsigned char* output, const unsigned char *x32, const unsigned char *ell_a64, const unsigned char *ell_b64, void *data) { - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; (void)data; - rustsecp256k1_v0_11_ellswift_sha256_init_bip324(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, ell_a64, 64); - rustsecp256k1_v0_11_sha256_write(&sha, ell_b64, 64); - rustsecp256k1_v0_11_sha256_write(&sha, x32, 32); - rustsecp256k1_v0_11_sha256_finalize(&sha, output); - rustsecp256k1_v0_11_sha256_clear(&sha); + secp256k1_ellswift_sha256_init_bip324(&sha); + secp256k1_sha256_write(&sha, ell_a64, 64); + secp256k1_sha256_write(&sha, ell_b64, 64); + secp256k1_sha256_write(&sha, x32, 32); + secp256k1_sha256_finalize(&sha, output); + secp256k1_sha256_clear(&sha); return 1; } -const rustsecp256k1_v0_11_ellswift_xdh_hash_function rustsecp256k1_v0_11_ellswift_xdh_hash_function_prefix = ellswift_xdh_hash_function_prefix; -const rustsecp256k1_v0_11_ellswift_xdh_hash_function rustsecp256k1_v0_11_ellswift_xdh_hash_function_bip324 = ellswift_xdh_hash_function_bip324; +const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_prefix = ellswift_xdh_hash_function_prefix; +const secp256k1_ellswift_xdh_hash_function secp256k1_ellswift_xdh_hash_function_bip324 = ellswift_xdh_hash_function_bip324; -int rustsecp256k1_v0_11_ellswift_xdh(const rustsecp256k1_v0_11_context *ctx, unsigned char *output, const unsigned char *ell_a64, const unsigned char *ell_b64, const unsigned char *seckey32, int party, rustsecp256k1_v0_11_ellswift_xdh_hash_function hashfp, void *data) { +int secp256k1_ellswift_xdh(const secp256k1_context *ctx, unsigned char *output, const unsigned char *ell_a64, const unsigned char *ell_b64, const unsigned char *seckey32, int party, secp256k1_ellswift_xdh_hash_function hashfp, void *data) { int ret = 0; int overflow; - rustsecp256k1_v0_11_scalar s; - rustsecp256k1_v0_11_fe xn, xd, px, u, t; + secp256k1_scalar s; + secp256k1_fe xn, xd, px, u, t; unsigned char sx[32]; const unsigned char* theirs64; @@ -565,26 +565,26 @@ int rustsecp256k1_v0_11_ellswift_xdh(const rustsecp256k1_v0_11_context *ctx, uns /* Load remote public key (as fraction). */ theirs64 = party ? ell_a64 : ell_b64; - rustsecp256k1_v0_11_fe_set_b32_mod(&u, theirs64); - rustsecp256k1_v0_11_fe_set_b32_mod(&t, theirs64 + 32); - rustsecp256k1_v0_11_ellswift_xswiftec_frac_var(&xn, &xd, &u, &t); + secp256k1_fe_set_b32_mod(&u, theirs64); + secp256k1_fe_set_b32_mod(&t, theirs64 + 32); + secp256k1_ellswift_xswiftec_frac_var(&xn, &xd, &u, &t); /* Load private key (using one if invalid). */ - rustsecp256k1_v0_11_scalar_set_b32(&s, seckey32, &overflow); - overflow = rustsecp256k1_v0_11_scalar_is_zero(&s); - rustsecp256k1_v0_11_scalar_cmov(&s, &rustsecp256k1_v0_11_scalar_one, overflow); + secp256k1_scalar_set_b32(&s, seckey32, &overflow); + overflow = secp256k1_scalar_is_zero(&s); + secp256k1_scalar_cmov(&s, &secp256k1_scalar_one, overflow); /* Compute shared X coordinate. */ - rustsecp256k1_v0_11_ecmult_const_xonly(&px, &xn, &xd, &s, 1); - rustsecp256k1_v0_11_fe_normalize(&px); - rustsecp256k1_v0_11_fe_get_b32(sx, &px); + secp256k1_ecmult_const_xonly(&px, &xn, &xd, &s, 1); + secp256k1_fe_normalize(&px); + secp256k1_fe_get_b32(sx, &px); /* Invoke hasher */ ret = hashfp(output, sx, ell_a64, ell_b64, data); - rustsecp256k1_v0_11_memclear(sx, sizeof(sx)); - rustsecp256k1_v0_11_fe_clear(&px); - rustsecp256k1_v0_11_scalar_clear(&s); + secp256k1_memclear_explicit(sx, sizeof(sx)); + secp256k1_fe_clear(&px); + secp256k1_scalar_clear(&s); return !!ret & !overflow; } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/tests_exhaustive_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/tests_exhaustive_impl.h index 1c6e5e4e7..839c24aee 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/tests_exhaustive_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/tests_exhaustive_impl.h @@ -9,7 +9,7 @@ #include "../../../include/secp256k1_ellswift.h" #include "main_impl.h" -static void test_exhaustive_ellswift(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_ge *group) { +static void test_exhaustive_ellswift(const secp256k1_context *ctx, const secp256k1_ge *group) { int i; /* Note that SwiftEC/ElligatorSwift are inherently curve operations, not @@ -18,21 +18,21 @@ static void test_exhaustive_ellswift(const rustsecp256k1_v0_11_context *ctx, con * it doesn't (and for computational reasons obviously cannot) test the * entire domain ellswift operates under. */ for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_11_scalar scalar_i; + secp256k1_scalar scalar_i; unsigned char sec32[32]; unsigned char ell64[64]; - rustsecp256k1_v0_11_pubkey pub_decoded; - rustsecp256k1_v0_11_ge ge_decoded; + secp256k1_pubkey pub_decoded; + secp256k1_ge ge_decoded; /* Construct ellswift pubkey from exhaustive loop scalar i. */ - rustsecp256k1_v0_11_scalar_set_int(&scalar_i, i); - rustsecp256k1_v0_11_scalar_get_b32(sec32, &scalar_i); - CHECK(rustsecp256k1_v0_11_ellswift_create(ctx, ell64, sec32, NULL)); + secp256k1_scalar_set_int(&scalar_i, i); + secp256k1_scalar_get_b32(sec32, &scalar_i); + CHECK(secp256k1_ellswift_create(ctx, ell64, sec32, NULL)); /* Decode ellswift pubkey and check that it matches the precomputed group element. */ - rustsecp256k1_v0_11_ellswift_decode(ctx, &pub_decoded, ell64); - rustsecp256k1_v0_11_pubkey_load(ctx, &ge_decoded, &pub_decoded); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&ge_decoded, &group[i])); + secp256k1_ellswift_decode(ctx, &pub_decoded, ell64); + secp256k1_pubkey_load(ctx, &ge_decoded, &pub_decoded); + CHECK(secp256k1_ge_eq_var(&ge_decoded, &group[i])); } } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/tests_impl.h index 67b590970..b90fd0ab8 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/ellswift/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/ellswift/tests_impl.h @@ -10,14 +10,14 @@ struct ellswift_xswiftec_inv_test { int enc_bitmap; - rustsecp256k1_v0_11_fe u; - rustsecp256k1_v0_11_fe x; - rustsecp256k1_v0_11_fe encs[8]; + secp256k1_fe u; + secp256k1_fe x; + secp256k1_fe encs[8]; }; struct ellswift_decode_test { unsigned char enc[64]; - rustsecp256k1_v0_11_fe x; + secp256k1_fe x; int odd_y; }; @@ -183,28 +183,28 @@ void run_ellswift_tests(void) { const struct ellswift_xswiftec_inv_test *testcase = &ellswift_xswiftec_inv_tests[i]; int c; for (c = 0; c < 8; ++c) { - rustsecp256k1_v0_11_fe t; - int ret = rustsecp256k1_v0_11_ellswift_xswiftec_inv_var(&t, &testcase->x, &testcase->u, c); + secp256k1_fe t; + int ret = secp256k1_ellswift_xswiftec_inv_var(&t, &testcase->x, &testcase->u, c); CHECK(ret == ((testcase->enc_bitmap >> c) & 1)); if (ret) { - rustsecp256k1_v0_11_fe x2; + secp256k1_fe x2; CHECK(fe_equal(&t, &testcase->encs[c])); - rustsecp256k1_v0_11_ellswift_xswiftec_var(&x2, &testcase->u, &testcase->encs[c]); + secp256k1_ellswift_xswiftec_var(&x2, &testcase->u, &testcase->encs[c]); CHECK(fe_equal(&testcase->x, &x2)); } } } for (i = 0; (unsigned)i < sizeof(ellswift_decode_tests) / sizeof(ellswift_decode_tests[0]); ++i) { const struct ellswift_decode_test *testcase = &ellswift_decode_tests[i]; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_ge ge; + secp256k1_pubkey pubkey; + secp256k1_ge ge; int ret; - ret = rustsecp256k1_v0_11_ellswift_decode(CTX, &pubkey, testcase->enc); + ret = secp256k1_ellswift_decode(CTX, &pubkey, testcase->enc); CHECK(ret); - ret = rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey); + ret = secp256k1_pubkey_load(CTX, &ge, &pubkey); CHECK(ret); CHECK(fe_equal(&testcase->x, &ge.x)); - CHECK(rustsecp256k1_v0_11_fe_is_odd(&ge.y) == testcase->odd_y); + CHECK(secp256k1_fe_is_odd(&ge.y) == testcase->odd_y); } for (i = 0; (unsigned)i < sizeof(ellswift_xdh_tests_bip324) / sizeof(ellswift_xdh_tests_bip324[0]); ++i) { const struct ellswift_xdh_test *test = &ellswift_xdh_tests_bip324[i]; @@ -213,94 +213,94 @@ void run_ellswift_tests(void) { int party = !test->initiating; const unsigned char* ell_a64 = party ? test->ellswift_theirs : test->ellswift_ours; const unsigned char* ell_b64 = party ? test->ellswift_ours : test->ellswift_theirs; - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, shared_secret, + ret = secp256k1_ellswift_xdh(CTX, shared_secret, ell_a64, ell_b64, test->priv_ours, party, - rustsecp256k1_v0_11_ellswift_xdh_hash_function_bip324, + secp256k1_ellswift_xdh_hash_function_bip324, NULL); CHECK(ret); - CHECK(rustsecp256k1_v0_11_memcmp_var(shared_secret, test->shared_secret, 32) == 0); + CHECK(secp256k1_memcmp_var(shared_secret, test->shared_secret, 32) == 0); } - /* Verify that rustsecp256k1_v0_11_ellswift_encode + decode roundtrips. */ + /* Verify that secp256k1_ellswift_encode + decode roundtrips. */ for (i = 0; i < 1000 * COUNT; i++) { unsigned char rnd32[32]; unsigned char ell64[64]; - rustsecp256k1_v0_11_ge g, g2; - rustsecp256k1_v0_11_pubkey pubkey, pubkey2; + secp256k1_ge g, g2; + secp256k1_pubkey pubkey, pubkey2; /* Generate random public key and random randomizer. */ testutil_random_ge_test(&g); - rustsecp256k1_v0_11_pubkey_save(&pubkey, &g); + secp256k1_pubkey_save(&pubkey, &g); testrand256(rnd32); /* Convert the public key to ElligatorSwift and back. */ - rustsecp256k1_v0_11_ellswift_encode(CTX, ell64, &pubkey, rnd32); - rustsecp256k1_v0_11_ellswift_decode(CTX, &pubkey2, ell64); - rustsecp256k1_v0_11_pubkey_load(CTX, &g2, &pubkey2); + secp256k1_ellswift_encode(CTX, ell64, &pubkey, rnd32); + secp256k1_ellswift_decode(CTX, &pubkey2, ell64); + secp256k1_pubkey_load(CTX, &g2, &pubkey2); /* Compare with original. */ - CHECK(rustsecp256k1_v0_11_ge_eq_var(&g, &g2)); + CHECK(secp256k1_ge_eq_var(&g, &g2)); } - /* Verify the behavior of rustsecp256k1_v0_11_ellswift_create */ + /* Verify the behavior of secp256k1_ellswift_create */ for (i = 0; i < 400 * COUNT; i++) { unsigned char auxrnd32[32], sec32[32]; - rustsecp256k1_v0_11_scalar sec; - rustsecp256k1_v0_11_gej res; - rustsecp256k1_v0_11_ge dec; - rustsecp256k1_v0_11_pubkey pub; + secp256k1_scalar sec; + secp256k1_gej res; + secp256k1_ge dec; + secp256k1_pubkey pub; unsigned char ell64[64]; int ret; /* Generate random secret key and random randomizer. */ if (i & 1) testrand256_test(auxrnd32); testutil_random_scalar_order_test(&sec); - rustsecp256k1_v0_11_scalar_get_b32(sec32, &sec); + secp256k1_scalar_get_b32(sec32, &sec); /* Construct ElligatorSwift-encoded public keys for that key. */ - ret = rustsecp256k1_v0_11_ellswift_create(CTX, ell64, sec32, (i & 1) ? auxrnd32 : NULL); + ret = secp256k1_ellswift_create(CTX, ell64, sec32, (i & 1) ? auxrnd32 : NULL); CHECK(ret); /* Decode it, and compare with traditionally-computed public key. */ - rustsecp256k1_v0_11_ellswift_decode(CTX, &pub, ell64); - rustsecp256k1_v0_11_pubkey_load(CTX, &dec, &pub); - rustsecp256k1_v0_11_ecmult(&res, NULL, &rustsecp256k1_v0_11_scalar_zero, &sec); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&res, &dec)); + secp256k1_ellswift_decode(CTX, &pub, ell64); + secp256k1_pubkey_load(CTX, &dec, &pub); + secp256k1_ecmult(&res, NULL, &secp256k1_scalar_zero, &sec); + CHECK(secp256k1_gej_eq_ge_var(&res, &dec)); } - /* Verify that rustsecp256k1_v0_11_ellswift_xdh computes the right shared X coordinate. */ + /* Verify that secp256k1_ellswift_xdh computes the right shared X coordinate. */ for (i = 0; i < 800 * COUNT; i++) { unsigned char ell64[64], sec32[32], share32[32]; - rustsecp256k1_v0_11_scalar sec; - rustsecp256k1_v0_11_ge dec, res; - rustsecp256k1_v0_11_fe share_x; - rustsecp256k1_v0_11_gej decj, resj; - rustsecp256k1_v0_11_pubkey pub; + secp256k1_scalar sec; + secp256k1_ge dec, res; + secp256k1_fe share_x; + secp256k1_gej decj, resj; + secp256k1_pubkey pub; int ret; /* Generate random secret key. */ testutil_random_scalar_order_test(&sec); - rustsecp256k1_v0_11_scalar_get_b32(sec32, &sec); + secp256k1_scalar_get_b32(sec32, &sec); /* Generate random ElligatorSwift encoding for the remote key and decode it. */ testrand256_test(ell64); testrand256_test(ell64 + 32); - rustsecp256k1_v0_11_ellswift_decode(CTX, &pub, ell64); - rustsecp256k1_v0_11_pubkey_load(CTX, &dec, &pub); - rustsecp256k1_v0_11_gej_set_ge(&decj, &dec); + secp256k1_ellswift_decode(CTX, &pub, ell64); + secp256k1_pubkey_load(CTX, &dec, &pub); + secp256k1_gej_set_ge(&decj, &dec); /* Compute the X coordinate of seckey*pubkey using ellswift_xdh. Note that we * pass ell64 as claimed (but incorrect) encoding for sec32 here; this works * because the "hasher" function we use here ignores the ell64 arguments. */ - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32, ell64, ell64, sec32, i & 1, &ellswift_xdh_hash_x32, NULL); + ret = secp256k1_ellswift_xdh(CTX, share32, ell64, ell64, sec32, i & 1, &ellswift_xdh_hash_x32, NULL); CHECK(ret); - (void)rustsecp256k1_v0_11_fe_set_b32_limit(&share_x, share32); /* no overflow is possible */ + (void)secp256k1_fe_set_b32_limit(&share_x, share32); /* no overflow is possible */ SECP256K1_FE_VERIFY(&share_x); /* Compute seckey*pubkey directly. */ - rustsecp256k1_v0_11_ecmult(&resj, &decj, &sec, NULL); - rustsecp256k1_v0_11_ge_set_gej(&res, &resj); + secp256k1_ecmult(&resj, &decj, &sec, NULL); + secp256k1_ge_set_gej(&res, &resj); /* Compare. */ CHECK(fe_equal(&res.x, &share_x)); } - /* Verify the joint behavior of rustsecp256k1_v0_11_ellswift_xdh */ + /* Verify the joint behavior of secp256k1_ellswift_xdh */ for (i = 0; i < 200 * COUNT; i++) { unsigned char auxrnd32a[32], auxrnd32b[32], auxrnd32a_bad[32], auxrnd32b_bad[32]; unsigned char sec32a[32], sec32b[32], sec32a_bad[32], sec32b_bad[32]; - rustsecp256k1_v0_11_scalar seca, secb; + secp256k1_scalar seca, secb; unsigned char ell64a[64], ell64b[64], ell64a_bad[64], ell64b_bad[64]; unsigned char share32a[32], share32b[32], share32_bad[32]; unsigned char prefix64[64]; - rustsecp256k1_v0_11_ellswift_xdh_hash_function hash_function; + secp256k1_ellswift_xdh_hash_function hash_function; void* data; int ret; @@ -309,10 +309,10 @@ void run_ellswift_tests(void) { hash_function = ellswift_xdh_hash_x32; data = NULL; } else if ((i % 3) == 1) { - hash_function = rustsecp256k1_v0_11_ellswift_xdh_hash_function_bip324; + hash_function = secp256k1_ellswift_xdh_hash_function_bip324; data = NULL; } else { - hash_function = rustsecp256k1_v0_11_ellswift_xdh_hash_function_prefix; + hash_function = secp256k1_ellswift_xdh_hash_function_prefix; testrand256_test(prefix64); testrand256_test(prefix64 + 32); data = prefix64; @@ -325,111 +325,111 @@ void run_ellswift_tests(void) { /* Draw secb uniformly at random to make sure that the secret keys * differ */ testutil_random_scalar_order(&secb); - rustsecp256k1_v0_11_scalar_get_b32(sec32a, &seca); - rustsecp256k1_v0_11_scalar_get_b32(sec32b, &secb); + secp256k1_scalar_get_b32(sec32a, &seca); + secp256k1_scalar_get_b32(sec32b, &secb); /* Construct ElligatorSwift-encoded public keys for those keys. */ /* For A: */ - ret = rustsecp256k1_v0_11_ellswift_create(CTX, ell64a, sec32a, auxrnd32a); + ret = secp256k1_ellswift_create(CTX, ell64a, sec32a, auxrnd32a); CHECK(ret); /* For B: */ - ret = rustsecp256k1_v0_11_ellswift_create(CTX, ell64b, sec32b, auxrnd32b); + ret = secp256k1_ellswift_create(CTX, ell64b, sec32b, auxrnd32b); CHECK(ret); /* Compute the shared secret both ways and compare with each other. */ /* For A: */ - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32a, ell64a, ell64b, sec32a, 0, hash_function, data); + ret = secp256k1_ellswift_xdh(CTX, share32a, ell64a, ell64b, sec32a, 0, hash_function, data); CHECK(ret); /* For B: */ - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32b, ell64a, ell64b, sec32b, 1, hash_function, data); + ret = secp256k1_ellswift_xdh(CTX, share32b, ell64a, ell64b, sec32b, 1, hash_function, data); CHECK(ret); /* And compare: */ - CHECK(rustsecp256k1_v0_11_memcmp_var(share32a, share32b, 32) == 0); + CHECK(secp256k1_memcmp_var(share32a, share32b, 32) == 0); /* Verify that the shared secret doesn't match if other side's public key is incorrect. */ /* For A (using a bad public key for B): */ memcpy(ell64b_bad, ell64b, sizeof(ell64a_bad)); testrand_flip(ell64b_bad, sizeof(ell64b_bad)); - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32_bad, ell64a, ell64b_bad, sec32a, 0, hash_function, data); - CHECK(ret); /* Mismatching encodings don't get detected by rustsecp256k1_v0_11_ellswift_xdh. */ - CHECK(rustsecp256k1_v0_11_memcmp_var(share32_bad, share32a, 32) != 0); + ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b_bad, sec32a, 0, hash_function, data); + CHECK(ret); /* Mismatching encodings don't get detected by secp256k1_ellswift_xdh. */ + CHECK(secp256k1_memcmp_var(share32_bad, share32a, 32) != 0); /* For B (using a bad public key for A): */ memcpy(ell64a_bad, ell64a, sizeof(ell64a_bad)); testrand_flip(ell64a_bad, sizeof(ell64a_bad)); - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32_bad, ell64a_bad, ell64b, sec32b, 1, hash_function, data); + ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a_bad, ell64b, sec32b, 1, hash_function, data); CHECK(ret); - CHECK(rustsecp256k1_v0_11_memcmp_var(share32_bad, share32b, 32) != 0); + CHECK(secp256k1_memcmp_var(share32_bad, share32b, 32) != 0); /* Verify that the shared secret doesn't match if the private key is incorrect. */ /* For A: */ memcpy(sec32a_bad, sec32a, sizeof(sec32a_bad)); testrand_flip(sec32a_bad, sizeof(sec32a_bad)); - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32a_bad, 0, hash_function, data); - CHECK(!ret || rustsecp256k1_v0_11_memcmp_var(share32_bad, share32a, 32) != 0); + ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32a_bad, 0, hash_function, data); + CHECK(!ret || secp256k1_memcmp_var(share32_bad, share32a, 32) != 0); /* For B: */ memcpy(sec32b_bad, sec32b, sizeof(sec32b_bad)); testrand_flip(sec32b_bad, sizeof(sec32b_bad)); - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32b_bad, 1, hash_function, data); - CHECK(!ret || rustsecp256k1_v0_11_memcmp_var(share32_bad, share32b, 32) != 0); + ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32b_bad, 1, hash_function, data); + CHECK(!ret || secp256k1_memcmp_var(share32_bad, share32b, 32) != 0); if (hash_function != ellswift_xdh_hash_x32) { /* Verify that the shared secret doesn't match when a different encoding of the same public key is used. */ /* For A (changing B's public key): */ memcpy(auxrnd32b_bad, auxrnd32b, sizeof(auxrnd32b_bad)); testrand_flip(auxrnd32b_bad, sizeof(auxrnd32b_bad)); - ret = rustsecp256k1_v0_11_ellswift_create(CTX, ell64b_bad, sec32b, auxrnd32b_bad); + ret = secp256k1_ellswift_create(CTX, ell64b_bad, sec32b, auxrnd32b_bad); CHECK(ret); - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32_bad, ell64a, ell64b_bad, sec32a, 0, hash_function, data); + ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b_bad, sec32a, 0, hash_function, data); CHECK(ret); - CHECK(rustsecp256k1_v0_11_memcmp_var(share32_bad, share32a, 32) != 0); + CHECK(secp256k1_memcmp_var(share32_bad, share32a, 32) != 0); /* For B (changing A's public key): */ memcpy(auxrnd32a_bad, auxrnd32a, sizeof(auxrnd32a_bad)); testrand_flip(auxrnd32a_bad, sizeof(auxrnd32a_bad)); - ret = rustsecp256k1_v0_11_ellswift_create(CTX, ell64a_bad, sec32a, auxrnd32a_bad); + ret = secp256k1_ellswift_create(CTX, ell64a_bad, sec32a, auxrnd32a_bad); CHECK(ret); - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32_bad, ell64a_bad, ell64b, sec32b, 1, hash_function, data); + ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a_bad, ell64b, sec32b, 1, hash_function, data); CHECK(ret); - CHECK(rustsecp256k1_v0_11_memcmp_var(share32_bad, share32b, 32) != 0); + CHECK(secp256k1_memcmp_var(share32_bad, share32b, 32) != 0); /* Verify that swapping sides changes the shared secret. */ /* For A (claiming to be B): */ - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32a, 1, hash_function, data); + ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32a, 1, hash_function, data); CHECK(ret); - CHECK(rustsecp256k1_v0_11_memcmp_var(share32_bad, share32a, 32) != 0); + CHECK(secp256k1_memcmp_var(share32_bad, share32a, 32) != 0); /* For B (claiming to be A): */ - ret = rustsecp256k1_v0_11_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32b, 0, hash_function, data); + ret = secp256k1_ellswift_xdh(CTX, share32_bad, ell64a, ell64b, sec32b, 0, hash_function, data); CHECK(ret); - CHECK(rustsecp256k1_v0_11_memcmp_var(share32_bad, share32b, 32) != 0); + CHECK(secp256k1_memcmp_var(share32_bad, share32b, 32) != 0); } } /* Test hash initializers. */ { - rustsecp256k1_v0_11_sha256 sha, sha_optimized; + secp256k1_sha256 sha_optimized; + /* "secp256k1_ellswift_encode" */ static const unsigned char encode_tag[] = {'s', 'e', 'c', 'p', '2', '5', '6', 'k', '1', '_', 'e', 'l', 'l', 's', 'w', 'i', 'f', 't', '_', 'e', 'n', 'c', 'o', 'd', 'e'}; + /* "secp256k1_ellswift_create" */ static const unsigned char create_tag[] = {'s', 'e', 'c', 'p', '2', '5', '6', 'k', '1', '_', 'e', 'l', 'l', 's', 'w', 'i', 'f', 't', '_', 'c', 'r', 'e', 'a', 't', 'e'}; + /* "bip324_ellswift_xonly_ecdh" */ static const unsigned char bip324_tag[] = {'b', 'i', 'p', '3', '2', '4', '_', 'e', 'l', 'l', 's', 'w', 'i', 'f', 't', '_', 'x', 'o', 'n', 'l', 'y', '_', 'e', 'c', 'd', 'h'}; /* Check that hash initialized by - * rustsecp256k1_v0_11_ellswift_sha256_init_encode has the expected + * secp256k1_ellswift_sha256_init_encode has the expected * state. */ - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, encode_tag, sizeof(encode_tag)); - rustsecp256k1_v0_11_ellswift_sha256_init_encode(&sha_optimized); - test_sha256_eq(&sha, &sha_optimized); + secp256k1_ellswift_sha256_init_encode(&sha_optimized); + test_sha256_tag_midstate(&sha_optimized, encode_tag, sizeof(encode_tag)); /* Check that hash initialized by - * rustsecp256k1_v0_11_ellswift_sha256_init_create has the expected + * secp256k1_ellswift_sha256_init_create has the expected * state. */ - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, create_tag, sizeof(create_tag)); - rustsecp256k1_v0_11_ellswift_sha256_init_create(&sha_optimized); - test_sha256_eq(&sha, &sha_optimized); + secp256k1_ellswift_sha256_init_create(&sha_optimized); + test_sha256_tag_midstate(&sha_optimized, create_tag, sizeof(create_tag)); /* Check that hash initialized by - * rustsecp256k1_v0_11_ellswift_sha256_init_bip324 has the expected + * secp256k1_ellswift_sha256_init_bip324 has the expected * state. */ - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, bip324_tag, sizeof(bip324_tag)); - rustsecp256k1_v0_11_ellswift_sha256_init_bip324(&sha_optimized); - test_sha256_eq(&sha, &sha_optimized); + secp256k1_ellswift_sha256_init_bip324(&sha_optimized); + test_sha256_tag_midstate(&sha_optimized, bip324_tag, sizeof(bip324_tag)); } } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/Makefile.am.include index dcfade508..0d901ec1f 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_11_extrakeys.h +include_HEADERS += include/secp256k1_extrakeys.h noinst_HEADERS += src/modules/extrakeys/tests_impl.h noinst_HEADERS += src/modules/extrakeys/tests_exhaustive_impl.h noinst_HEADERS += src/modules/extrakeys/main_impl.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/main_impl.h index 3b18ca1f7..0c7e26677 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/main_impl.h @@ -11,54 +11,54 @@ #include "../../../include/secp256k1_extrakeys.h" #include "../../util.h" -static SECP256K1_INLINE int rustsecp256k1_v0_11_xonly_pubkey_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ge *ge, const rustsecp256k1_v0_11_xonly_pubkey *pubkey) { - return rustsecp256k1_v0_11_pubkey_load(ctx, ge, (const rustsecp256k1_v0_11_pubkey *) pubkey); +static SECP256K1_INLINE int secp256k1_xonly_pubkey_load(const secp256k1_context* ctx, secp256k1_ge *ge, const secp256k1_xonly_pubkey *pubkey) { + return secp256k1_pubkey_load(ctx, ge, (const secp256k1_pubkey *) pubkey); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_xonly_pubkey_save(rustsecp256k1_v0_11_xonly_pubkey *pubkey, rustsecp256k1_v0_11_ge *ge) { - rustsecp256k1_v0_11_pubkey_save((rustsecp256k1_v0_11_pubkey *) pubkey, ge); +static SECP256K1_INLINE void secp256k1_xonly_pubkey_save(secp256k1_xonly_pubkey *pubkey, secp256k1_ge *ge) { + secp256k1_pubkey_save((secp256k1_pubkey *) pubkey, ge); } -int rustsecp256k1_v0_11_xonly_pubkey_parse(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_xonly_pubkey *pubkey, const unsigned char *input32) { - rustsecp256k1_v0_11_ge pk; - rustsecp256k1_v0_11_fe x; +int secp256k1_xonly_pubkey_parse(const secp256k1_context* ctx, secp256k1_xonly_pubkey *pubkey, const unsigned char *input32) { + secp256k1_ge pk; + secp256k1_fe x; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); ARG_CHECK(input32 != NULL); - if (!rustsecp256k1_v0_11_fe_set_b32_limit(&x, input32)) { + if (!secp256k1_fe_set_b32_limit(&x, input32)) { return 0; } - if (!rustsecp256k1_v0_11_ge_set_xo_var(&pk, &x, 0)) { + if (!secp256k1_ge_set_xo_var(&pk, &x, 0)) { return 0; } - if (!rustsecp256k1_v0_11_ge_is_in_correct_subgroup(&pk)) { + if (!secp256k1_ge_is_in_correct_subgroup(&pk)) { return 0; } - rustsecp256k1_v0_11_xonly_pubkey_save(pubkey, &pk); + secp256k1_xonly_pubkey_save(pubkey, &pk); return 1; } -int rustsecp256k1_v0_11_xonly_pubkey_serialize(const rustsecp256k1_v0_11_context* ctx, unsigned char *output32, const rustsecp256k1_v0_11_xonly_pubkey *pubkey) { - rustsecp256k1_v0_11_ge pk; +int secp256k1_xonly_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output32, const secp256k1_xonly_pubkey *pubkey) { + secp256k1_ge pk; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output32 != NULL); memset(output32, 0, 32); ARG_CHECK(pubkey != NULL); - if (!rustsecp256k1_v0_11_xonly_pubkey_load(ctx, &pk, pubkey)) { + if (!secp256k1_xonly_pubkey_load(ctx, &pk, pubkey)) { return 0; } - rustsecp256k1_v0_11_fe_get_b32(output32, &pk.x); + secp256k1_fe_get_b32(output32, &pk.x); return 1; } -int rustsecp256k1_v0_11_xonly_pubkey_cmp(const rustsecp256k1_v0_11_context* ctx, const rustsecp256k1_v0_11_xonly_pubkey* pk0, const rustsecp256k1_v0_11_xonly_pubkey* pk1) { +int secp256k1_xonly_pubkey_cmp(const secp256k1_context* ctx, const secp256k1_xonly_pubkey* pk0, const secp256k1_xonly_pubkey* pk1) { unsigned char out[2][32]; - const rustsecp256k1_v0_11_xonly_pubkey* pk[2]; + const secp256k1_xonly_pubkey* pk[2]; int i; VERIFY_CHECK(ctx != NULL); @@ -71,7 +71,7 @@ int rustsecp256k1_v0_11_xonly_pubkey_cmp(const rustsecp256k1_v0_11_context* ctx, * pubkeys are involved and prevents edge cases such as sorting * algorithms that use this function and do not terminate as a * result. */ - if (!rustsecp256k1_v0_11_xonly_pubkey_serialize(ctx, out[i], pk[i])) { + if (!secp256k1_xonly_pubkey_serialize(ctx, out[i], pk[i])) { /* Note that xonly_pubkey_serialize should already set the output to * zero in that case, but it's not guaranteed by the API, we can't * test it and writing a VERIFY_CHECK is more complex than @@ -79,44 +79,44 @@ int rustsecp256k1_v0_11_xonly_pubkey_cmp(const rustsecp256k1_v0_11_context* ctx, memset(out[i], 0, sizeof(out[i])); } } - return rustsecp256k1_v0_11_memcmp_var(out[0], out[1], sizeof(out[1])); + return secp256k1_memcmp_var(out[0], out[1], sizeof(out[1])); } /** Keeps a group element as is if it has an even Y and otherwise negates it. * y_parity is set to 0 in the former case and to 1 in the latter case. * Requires that the coordinates of r are normalized. */ -static int rustsecp256k1_v0_11_extrakeys_ge_even_y(rustsecp256k1_v0_11_ge *r) { +static int secp256k1_extrakeys_ge_even_y(secp256k1_ge *r) { int y_parity = 0; - VERIFY_CHECK(!rustsecp256k1_v0_11_ge_is_infinity(r)); + VERIFY_CHECK(!secp256k1_ge_is_infinity(r)); - if (rustsecp256k1_v0_11_fe_is_odd(&r->y)) { - rustsecp256k1_v0_11_fe_negate(&r->y, &r->y, 1); + if (secp256k1_fe_is_odd(&r->y)) { + secp256k1_fe_negate(&r->y, &r->y, 1); y_parity = 1; } return y_parity; } -int rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_xonly_pubkey *xonly_pubkey, int *pk_parity, const rustsecp256k1_v0_11_pubkey *pubkey) { - rustsecp256k1_v0_11_ge pk; +int secp256k1_xonly_pubkey_from_pubkey(const secp256k1_context* ctx, secp256k1_xonly_pubkey *xonly_pubkey, int *pk_parity, const secp256k1_pubkey *pubkey) { + secp256k1_ge pk; int tmp; VERIFY_CHECK(ctx != NULL); ARG_CHECK(xonly_pubkey != NULL); ARG_CHECK(pubkey != NULL); - if (!rustsecp256k1_v0_11_pubkey_load(ctx, &pk, pubkey)) { + if (!secp256k1_pubkey_load(ctx, &pk, pubkey)) { return 0; } - tmp = rustsecp256k1_v0_11_extrakeys_ge_even_y(&pk); + tmp = secp256k1_extrakeys_ge_even_y(&pk); if (pk_parity != NULL) { *pk_parity = tmp; } - rustsecp256k1_v0_11_xonly_pubkey_save(xonly_pubkey, &pk); + secp256k1_xonly_pubkey_save(xonly_pubkey, &pk); return 1; } -int rustsecp256k1_v0_11_xonly_pubkey_tweak_add(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *output_pubkey, const rustsecp256k1_v0_11_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) { - rustsecp256k1_v0_11_ge pk; +int secp256k1_xonly_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *output_pubkey, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) { + secp256k1_ge pk; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output_pubkey != NULL); @@ -124,16 +124,16 @@ int rustsecp256k1_v0_11_xonly_pubkey_tweak_add(const rustsecp256k1_v0_11_context ARG_CHECK(internal_pubkey != NULL); ARG_CHECK(tweak32 != NULL); - if (!rustsecp256k1_v0_11_xonly_pubkey_load(ctx, &pk, internal_pubkey) - || !rustsecp256k1_v0_11_ec_pubkey_tweak_add_helper(&pk, tweak32)) { + if (!secp256k1_xonly_pubkey_load(ctx, &pk, internal_pubkey) + || !secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32)) { return 0; } - rustsecp256k1_v0_11_pubkey_save(output_pubkey, &pk); + secp256k1_pubkey_save(output_pubkey, &pk); return 1; } -int rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(const rustsecp256k1_v0_11_context* ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const rustsecp256k1_v0_11_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) { - rustsecp256k1_v0_11_ge pk; +int secp256k1_xonly_pubkey_tweak_add_check(const secp256k1_context* ctx, const unsigned char *tweaked_pubkey32, int tweaked_pk_parity, const secp256k1_xonly_pubkey *internal_pubkey, const unsigned char *tweak32) { + secp256k1_ge pk; unsigned char pk_expected32[32]; VERIFY_CHECK(ctx != NULL); @@ -141,31 +141,31 @@ int rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(const rustsecp256k1_v0_11_c ARG_CHECK(tweaked_pubkey32 != NULL); ARG_CHECK(tweak32 != NULL); - if (!rustsecp256k1_v0_11_xonly_pubkey_load(ctx, &pk, internal_pubkey) - || !rustsecp256k1_v0_11_ec_pubkey_tweak_add_helper(&pk, tweak32)) { + if (!secp256k1_xonly_pubkey_load(ctx, &pk, internal_pubkey) + || !secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32)) { return 0; } - rustsecp256k1_v0_11_fe_normalize_var(&pk.x); - rustsecp256k1_v0_11_fe_normalize_var(&pk.y); - rustsecp256k1_v0_11_fe_get_b32(pk_expected32, &pk.x); + secp256k1_fe_normalize_var(&pk.x); + secp256k1_fe_normalize_var(&pk.y); + secp256k1_fe_get_b32(pk_expected32, &pk.x); - return rustsecp256k1_v0_11_memcmp_var(&pk_expected32, tweaked_pubkey32, 32) == 0 - && rustsecp256k1_v0_11_fe_is_odd(&pk.y) == tweaked_pk_parity; + return secp256k1_memcmp_var(&pk_expected32, tweaked_pubkey32, 32) == 0 + && secp256k1_fe_is_odd(&pk.y) == tweaked_pk_parity; } -static void rustsecp256k1_v0_11_keypair_save(rustsecp256k1_v0_11_keypair *keypair, const rustsecp256k1_v0_11_scalar *sk, rustsecp256k1_v0_11_ge *pk) { - rustsecp256k1_v0_11_scalar_get_b32(&keypair->data[0], sk); - rustsecp256k1_v0_11_pubkey_save((rustsecp256k1_v0_11_pubkey *)&keypair->data[32], pk); +static void secp256k1_keypair_save(secp256k1_keypair *keypair, const secp256k1_scalar *sk, secp256k1_ge *pk) { + secp256k1_scalar_get_b32(&keypair->data[0], sk); + secp256k1_pubkey_save((secp256k1_pubkey *)&keypair->data[32], pk); } -static int rustsecp256k1_v0_11_keypair_seckey_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_scalar *sk, const rustsecp256k1_v0_11_keypair *keypair) { +static int secp256k1_keypair_seckey_load(const secp256k1_context* ctx, secp256k1_scalar *sk, const secp256k1_keypair *keypair) { int ret; - ret = rustsecp256k1_v0_11_scalar_set_b32_seckey(sk, &keypair->data[0]); + ret = secp256k1_scalar_set_b32_seckey(sk, &keypair->data[0]); /* We can declassify ret here because sk is only zero if a keypair function * failed (which zeroes the keypair) and its return value is ignored. */ - rustsecp256k1_v0_11_declassify(ctx, &ret, sizeof(ret)); + secp256k1_declassify(ctx, &ret, sizeof(ret)); ARG_CHECK(ret); return ret; } @@ -173,45 +173,45 @@ static int rustsecp256k1_v0_11_keypair_seckey_load(const rustsecp256k1_v0_11_con /* Load a keypair into pk and sk (if non-NULL). This function declassifies pk * and ARG_CHECKs that the keypair is not invalid. It always initializes sk and * pk with dummy values. */ -static int rustsecp256k1_v0_11_keypair_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_scalar *sk, rustsecp256k1_v0_11_ge *pk, const rustsecp256k1_v0_11_keypair *keypair) { +static int secp256k1_keypair_load(const secp256k1_context* ctx, secp256k1_scalar *sk, secp256k1_ge *pk, const secp256k1_keypair *keypair) { int ret; - const rustsecp256k1_v0_11_pubkey *pubkey = (const rustsecp256k1_v0_11_pubkey *)&keypair->data[32]; + const secp256k1_pubkey *pubkey = (const secp256k1_pubkey *)&keypair->data[32]; /* Need to declassify the pubkey because pubkey_load ARG_CHECKs if it's * invalid. */ - rustsecp256k1_v0_11_declassify(ctx, pubkey, sizeof(*pubkey)); - ret = rustsecp256k1_v0_11_pubkey_load(ctx, pk, pubkey); + secp256k1_declassify(ctx, pubkey, sizeof(*pubkey)); + ret = secp256k1_pubkey_load(ctx, pk, pubkey); if (sk != NULL) { - ret = ret && rustsecp256k1_v0_11_keypair_seckey_load(ctx, sk, keypair); + ret = ret && secp256k1_keypair_seckey_load(ctx, sk, keypair); } if (!ret) { - *pk = rustsecp256k1_v0_11_ge_const_g; + *pk = secp256k1_ge_const_g; if (sk != NULL) { - *sk = rustsecp256k1_v0_11_scalar_one; + *sk = secp256k1_scalar_one; } } return ret; } -int rustsecp256k1_v0_11_keypair_create(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_keypair *keypair, const unsigned char *seckey32) { - rustsecp256k1_v0_11_scalar sk; - rustsecp256k1_v0_11_ge pk; +int secp256k1_keypair_create(const secp256k1_context* ctx, secp256k1_keypair *keypair, const unsigned char *seckey32) { + secp256k1_scalar sk; + secp256k1_ge pk; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(keypair != NULL); memset(keypair, 0, sizeof(*keypair)); - ARG_CHECK(rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(seckey32 != NULL); - ret = rustsecp256k1_v0_11_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &sk, &pk, seckey32); - rustsecp256k1_v0_11_keypair_save(keypair, &sk, &pk); - rustsecp256k1_v0_11_memczero(keypair, sizeof(*keypair), !ret); + ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &sk, &pk, seckey32); + secp256k1_keypair_save(keypair, &sk, &pk); + secp256k1_memczero(keypair, sizeof(*keypair), !ret); - rustsecp256k1_v0_11_scalar_clear(&sk); + secp256k1_scalar_clear(&sk); return ret; } -int rustsecp256k1_v0_11_keypair_sec(const rustsecp256k1_v0_11_context* ctx, unsigned char *seckey, const rustsecp256k1_v0_11_keypair *keypair) { +int secp256k1_keypair_sec(const secp256k1_context* ctx, unsigned char *seckey, const secp256k1_keypair *keypair) { VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); memset(seckey, 0, 32); @@ -221,7 +221,7 @@ int rustsecp256k1_v0_11_keypair_sec(const rustsecp256k1_v0_11_context* ctx, unsi return 1; } -int rustsecp256k1_v0_11_keypair_pub(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *pubkey, const rustsecp256k1_v0_11_keypair *keypair) { +int secp256k1_keypair_pub(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_keypair *keypair) { VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); @@ -231,8 +231,8 @@ int rustsecp256k1_v0_11_keypair_pub(const rustsecp256k1_v0_11_context* ctx, rust return 1; } -int rustsecp256k1_v0_11_keypair_xonly_pub(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_xonly_pubkey *pubkey, int *pk_parity, const rustsecp256k1_v0_11_keypair *keypair) { - rustsecp256k1_v0_11_ge pk; +int secp256k1_keypair_xonly_pub(const secp256k1_context* ctx, secp256k1_xonly_pubkey *pubkey, int *pk_parity, const secp256k1_keypair *keypair) { + secp256k1_ge pk; int tmp; VERIFY_CHECK(ctx != NULL); @@ -240,21 +240,21 @@ int rustsecp256k1_v0_11_keypair_xonly_pub(const rustsecp256k1_v0_11_context* ctx memset(pubkey, 0, sizeof(*pubkey)); ARG_CHECK(keypair != NULL); - if (!rustsecp256k1_v0_11_keypair_load(ctx, NULL, &pk, keypair)) { + if (!secp256k1_keypair_load(ctx, NULL, &pk, keypair)) { return 0; } - tmp = rustsecp256k1_v0_11_extrakeys_ge_even_y(&pk); + tmp = secp256k1_extrakeys_ge_even_y(&pk); if (pk_parity != NULL) { *pk_parity = tmp; } - rustsecp256k1_v0_11_xonly_pubkey_save(pubkey, &pk); + secp256k1_xonly_pubkey_save(pubkey, &pk); return 1; } -int rustsecp256k1_v0_11_keypair_xonly_tweak_add(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_keypair *keypair, const unsigned char *tweak32) { - rustsecp256k1_v0_11_ge pk; - rustsecp256k1_v0_11_scalar sk; +int secp256k1_keypair_xonly_tweak_add(const secp256k1_context* ctx, secp256k1_keypair *keypair, const unsigned char *tweak32) { + secp256k1_ge pk; + secp256k1_scalar sk; int y_parity; int ret; @@ -262,23 +262,23 @@ int rustsecp256k1_v0_11_keypair_xonly_tweak_add(const rustsecp256k1_v0_11_contex ARG_CHECK(keypair != NULL); ARG_CHECK(tweak32 != NULL); - ret = rustsecp256k1_v0_11_keypair_load(ctx, &sk, &pk, keypair); + ret = secp256k1_keypair_load(ctx, &sk, &pk, keypair); memset(keypair, 0, sizeof(*keypair)); - y_parity = rustsecp256k1_v0_11_extrakeys_ge_even_y(&pk); + y_parity = secp256k1_extrakeys_ge_even_y(&pk); if (y_parity == 1) { - rustsecp256k1_v0_11_scalar_negate(&sk, &sk); + secp256k1_scalar_negate(&sk, &sk); } - ret &= rustsecp256k1_v0_11_ec_seckey_tweak_add_helper(&sk, tweak32); - ret &= rustsecp256k1_v0_11_ec_pubkey_tweak_add_helper(&pk, tweak32); + ret &= secp256k1_ec_seckey_tweak_add_helper(&sk, tweak32); + ret &= secp256k1_ec_pubkey_tweak_add_helper(&pk, tweak32); - rustsecp256k1_v0_11_declassify(ctx, &ret, sizeof(ret)); + secp256k1_declassify(ctx, &ret, sizeof(ret)); if (ret) { - rustsecp256k1_v0_11_keypair_save(keypair, &sk, &pk); + secp256k1_keypair_save(keypair, &sk, &pk); } - rustsecp256k1_v0_11_scalar_clear(&sk); + secp256k1_scalar_clear(&sk); return ret; } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_exhaustive_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_exhaustive_impl.h index 54dccce70..645bae2d4 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_exhaustive_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_exhaustive_impl.h @@ -10,54 +10,54 @@ #include "../../../include/secp256k1_extrakeys.h" #include "main_impl.h" -static void test_exhaustive_extrakeys(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_ge* group) { - rustsecp256k1_v0_11_keypair keypair[EXHAUSTIVE_TEST_ORDER - 1]; - rustsecp256k1_v0_11_pubkey pubkey[EXHAUSTIVE_TEST_ORDER - 1]; - rustsecp256k1_v0_11_xonly_pubkey xonly_pubkey[EXHAUSTIVE_TEST_ORDER - 1]; +static void test_exhaustive_extrakeys(const secp256k1_context *ctx, const secp256k1_ge* group) { + secp256k1_keypair keypair[EXHAUSTIVE_TEST_ORDER - 1]; + secp256k1_pubkey pubkey[EXHAUSTIVE_TEST_ORDER - 1]; + secp256k1_xonly_pubkey xonly_pubkey[EXHAUSTIVE_TEST_ORDER - 1]; int parities[EXHAUSTIVE_TEST_ORDER - 1]; unsigned char xonly_pubkey_bytes[EXHAUSTIVE_TEST_ORDER - 1][32]; int i; for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_11_fe fe; - rustsecp256k1_v0_11_scalar scalar_i; + secp256k1_fe fe; + secp256k1_scalar scalar_i; unsigned char buf[33]; int parity; - rustsecp256k1_v0_11_scalar_set_int(&scalar_i, i); - rustsecp256k1_v0_11_scalar_get_b32(buf, &scalar_i); + secp256k1_scalar_set_int(&scalar_i, i); + secp256k1_scalar_get_b32(buf, &scalar_i); /* Construct pubkey and keypair. */ - CHECK(rustsecp256k1_v0_11_keypair_create(ctx, &keypair[i - 1], buf)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(ctx, &pubkey[i - 1], buf)); + CHECK(secp256k1_keypair_create(ctx, &keypair[i - 1], buf)); + CHECK(secp256k1_ec_pubkey_create(ctx, &pubkey[i - 1], buf)); /* Construct serialized xonly_pubkey from keypair. */ - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(ctx, &xonly_pubkey[i - 1], &parities[i - 1], &keypair[i - 1])); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(ctx, xonly_pubkey_bytes[i - 1], &xonly_pubkey[i - 1])); + CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pubkey[i - 1], &parities[i - 1], &keypair[i - 1])); + CHECK(secp256k1_xonly_pubkey_serialize(ctx, xonly_pubkey_bytes[i - 1], &xonly_pubkey[i - 1])); /* Parse the xonly_pubkey back and verify it matches the previously serialized value. */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(ctx, &xonly_pubkey[i - 1], xonly_pubkey_bytes[i - 1])); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(ctx, buf, &xonly_pubkey[i - 1])); - CHECK(rustsecp256k1_v0_11_memcmp_var(xonly_pubkey_bytes[i - 1], buf, 32) == 0); + CHECK(secp256k1_xonly_pubkey_parse(ctx, &xonly_pubkey[i - 1], xonly_pubkey_bytes[i - 1])); + CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf, &xonly_pubkey[i - 1])); + CHECK(secp256k1_memcmp_var(xonly_pubkey_bytes[i - 1], buf, 32) == 0); /* Construct the xonly_pubkey from the pubkey, and verify it matches the same. */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(ctx, &xonly_pubkey[i - 1], &parity, &pubkey[i - 1])); + CHECK(secp256k1_xonly_pubkey_from_pubkey(ctx, &xonly_pubkey[i - 1], &parity, &pubkey[i - 1])); CHECK(parity == parities[i - 1]); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(ctx, buf, &xonly_pubkey[i - 1])); - CHECK(rustsecp256k1_v0_11_memcmp_var(xonly_pubkey_bytes[i - 1], buf, 32) == 0); + CHECK(secp256k1_xonly_pubkey_serialize(ctx, buf, &xonly_pubkey[i - 1])); + CHECK(secp256k1_memcmp_var(xonly_pubkey_bytes[i - 1], buf, 32) == 0); /* Compare the xonly_pubkey bytes against the precomputed group. */ - rustsecp256k1_v0_11_fe_set_b32_mod(&fe, xonly_pubkey_bytes[i - 1]); - CHECK(rustsecp256k1_v0_11_fe_equal(&fe, &group[i].x)); + secp256k1_fe_set_b32_mod(&fe, xonly_pubkey_bytes[i - 1]); + CHECK(secp256k1_fe_equal(&fe, &group[i].x)); /* Check the parity against the precomputed group. */ fe = group[i].y; - rustsecp256k1_v0_11_fe_normalize_var(&fe); - CHECK(rustsecp256k1_v0_11_fe_is_odd(&fe) == parities[i - 1]); + secp256k1_fe_normalize_var(&fe); + CHECK(secp256k1_fe_is_odd(&fe) == parities[i - 1]); /* Verify that the higher half is identical to the lower half mirrored. */ if (i > EXHAUSTIVE_TEST_ORDER / 2) { - CHECK(rustsecp256k1_v0_11_memcmp_var(xonly_pubkey_bytes[i - 1], xonly_pubkey_bytes[EXHAUSTIVE_TEST_ORDER - i - 1], 32) == 0); + CHECK(secp256k1_memcmp_var(xonly_pubkey_bytes[i - 1], xonly_pubkey_bytes[EXHAUSTIVE_TEST_ORDER - i - 1], 32) == 0); CHECK(parities[i - 1] == 1 - parities[EXHAUSTIVE_TEST_ORDER - i - 1]); } } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_impl.h index 544ce31b9..ab4ef4a74 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/extrakeys/tests_impl.h @@ -10,11 +10,11 @@ #include "../../../include/secp256k1_extrakeys.h" static void test_xonly_pubkey(void) { - rustsecp256k1_v0_11_pubkey pk; - rustsecp256k1_v0_11_xonly_pubkey xonly_pk, xonly_pk_tmp; - rustsecp256k1_v0_11_ge pk1; - rustsecp256k1_v0_11_ge pk2; - rustsecp256k1_v0_11_fe y; + secp256k1_pubkey pk; + secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp; + secp256k1_ge pk1; + secp256k1_ge pk2; + secp256k1_fe y; unsigned char sk[32]; unsigned char xy_sk[32]; unsigned char buf32[32]; @@ -26,70 +26,70 @@ static void test_xonly_pubkey(void) { testrand256(sk); memset(ones32, 0xFF, 32); testrand256(xy_sk); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); /* Test xonly_pubkey_from_pubkey */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, NULL, &pk_parity, &pk)); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, NULL)); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_from_pubkey(CTX, NULL, &pk_parity, &pk)); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, NULL)); memset(&pk, 0, sizeof(pk)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk)); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk)); /* Choose a secret key such that the resulting pubkey and xonly_pubkey match. */ memset(sk, 0, sizeof(sk)); sk[0] = 1; - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pk, &xonly_pk, sizeof(pk)) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_memcmp_var(&pk, &xonly_pk, sizeof(pk)) == 0); CHECK(pk_parity == 0); /* Choose a secret key such that pubkey and xonly_pubkey are each others * negation. */ sk[0] = 2; - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&xonly_pk, &pk, sizeof(xonly_pk)) != 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_memcmp_var(&xonly_pk, &pk, sizeof(xonly_pk)) != 0); CHECK(pk_parity == 1); - rustsecp256k1_v0_11_pubkey_load(CTX, &pk1, &pk); - rustsecp256k1_v0_11_pubkey_load(CTX, &pk2, (rustsecp256k1_v0_11_pubkey *) &xonly_pk); - CHECK(rustsecp256k1_v0_11_fe_equal(&pk1.x, &pk2.x) == 1); - rustsecp256k1_v0_11_fe_negate(&y, &pk2.y, 1); - CHECK(rustsecp256k1_v0_11_fe_equal(&pk1.y, &y) == 1); + secp256k1_pubkey_load(CTX, &pk1, &pk); + secp256k1_pubkey_load(CTX, &pk2, (secp256k1_pubkey *) &xonly_pk); + CHECK(secp256k1_fe_equal(&pk1.x, &pk2.x) == 1); + secp256k1_fe_negate(&y, &pk2.y, 1); + CHECK(secp256k1_fe_equal(&pk1.y, &y) == 1); /* Test xonly_pubkey_serialize and xonly_pubkey_parse */ - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, NULL, &xonly_pk)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, buf32, NULL)); - CHECK(rustsecp256k1_v0_11_memcmp_var(buf32, zeros64, 32) == 0); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_serialize(CTX, NULL, &xonly_pk)); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_serialize(CTX, buf32, NULL)); + CHECK(secp256k1_memcmp_var(buf32, zeros64, 32) == 0); { /* A pubkey filled with 0s will fail to serialize due to pubkey_load * special casing. */ - rustsecp256k1_v0_11_xonly_pubkey pk_tmp; + secp256k1_xonly_pubkey pk_tmp; memset(&pk_tmp, 0, sizeof(pk_tmp)); /* pubkey_load calls illegal callback */ - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, buf32, &pk_tmp)); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_serialize(CTX, buf32, &pk_tmp)); } - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, NULL, buf32)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &xonly_pk, NULL)); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_parse(CTX, NULL, buf32)); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, NULL)); /* Serialization and parse roundtrip */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &xonly_pk_tmp, buf32) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(xonly_pk)) == 0); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk_tmp, buf32) == 1); + CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(xonly_pk)) == 0); /* Test parsing invalid field elements */ memset(&xonly_pk, 1, sizeof(xonly_pk)); /* Overflowing field element */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &xonly_pk, ones32) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, ones32) == 0); + CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); memset(&xonly_pk, 1, sizeof(xonly_pk)); /* There's no point with x-coordinate 0 on secp256k1 */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &xonly_pk, zeros64) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, zeros64) == 0); + CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); /* If a random 32-byte string can not be parsed with ec_pubkey_parse * (because interpreted as X coordinate it does not correspond to a point on * the curve) then xonly_pubkey_parse should fail as well. */ @@ -97,12 +97,12 @@ static void test_xonly_pubkey(void) { unsigned char rand33[33]; testrand256(&rand33[1]); rand33[0] = SECP256K1_TAG_PUBKEY_EVEN; - if (!rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pk, rand33, 33)) { + if (!secp256k1_ec_pubkey_parse(CTX, &pk, rand33, 33)) { memset(&xonly_pk, 1, sizeof(xonly_pk)); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 0); + CHECK(secp256k1_memcmp_var(&xonly_pk, zeros64, sizeof(xonly_pk)) == 0); } else { - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &xonly_pk, &rand33[1]) == 1); } } } @@ -116,37 +116,37 @@ static void test_xonly_pubkey_comparison(void) { 0xde, 0x36, 0x0e, 0x87, 0x59, 0x8f, 0x3c, 0x01, 0x36, 0x2a, 0x2a, 0xb8, 0xc6, 0xf4, 0x5e, 0x4d, 0xb2, 0xc2, 0xd5, 0x03, 0xa7, 0xf9, 0xf1, 0x4f, 0xa8, 0xfa, 0x95, 0xa8, 0xe9, 0x69, 0x76, 0x1c }; - rustsecp256k1_v0_11_xonly_pubkey pk1; - rustsecp256k1_v0_11_xonly_pubkey pk2; - - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &pk1, pk1_ser) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &pk2, pk2_ser) == 1); - - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, NULL, &pk2) < 0)); - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, &pk1, NULL) > 0)); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, &pk2, &pk2) == 0); + secp256k1_xonly_pubkey pk1; + secp256k1_xonly_pubkey pk2; + + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk1, pk1_ser) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk2, pk2_ser) == 1); + + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_xonly_pubkey_cmp(CTX, NULL, &pk2) < 0)); + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, NULL) > 0)); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk2) == 0); memset(&pk1, 0, sizeof(pk1)); /* illegal pubkey */ - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0)); + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk2) < 0)); { int32_t ecount = 0; - rustsecp256k1_v0_11_context_set_illegal_callback(CTX, counting_callback_fn, &ecount); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0); + secp256k1_context_set_illegal_callback(CTX, counting_callback_fn, &ecount); + CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk1, &pk1) == 0); CHECK(ecount == 2); - rustsecp256k1_v0_11_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); } - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0)); + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_xonly_pubkey_cmp(CTX, &pk2, &pk1) > 0)); } static void test_xonly_pubkey_tweak(void) { unsigned char zeros64[64] = { 0 }; unsigned char overflows[32]; unsigned char sk[32]; - rustsecp256k1_v0_11_pubkey internal_pk; - rustsecp256k1_v0_11_xonly_pubkey internal_xonly_pk; - rustsecp256k1_v0_11_pubkey output_pk; + secp256k1_pubkey internal_pk; + secp256k1_xonly_pubkey internal_xonly_pk; + secp256k1_pubkey output_pk; int pk_parity; unsigned char tweak[32]; int i; @@ -154,55 +154,55 @@ static void test_xonly_pubkey_tweak(void) { memset(overflows, 0xff, sizeof(overflows)); testrand256(tweak); testrand256(sk); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &internal_pk, sk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); - - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, NULL, &internal_xonly_pk, tweak)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, NULL, tweak)); + CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); + + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, NULL, &internal_xonly_pk, tweak)); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, NULL, tweak)); /* NULL internal_xonly_pk zeroes the output_pk */ - CHECK(rustsecp256k1_v0_11_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, NULL)); + CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, NULL)); /* NULL tweak zeroes the output_pk */ - CHECK(rustsecp256k1_v0_11_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); /* Invalid tweak zeroes the output_pk */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0); + CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); /* A zero tweak is fine */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, zeros64) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, zeros64) == 1); /* Fails if the resulting key was infinity */ for (i = 0; i < COUNT; i++) { - rustsecp256k1_v0_11_scalar scalar_tweak; + secp256k1_scalar scalar_tweak; /* Because sk may be negated before adding, we need to try with tweak = * sk as well as tweak = -sk. */ - rustsecp256k1_v0_11_scalar_set_b32(&scalar_tweak, sk, NULL); - rustsecp256k1_v0_11_scalar_negate(&scalar_tweak, &scalar_tweak); - rustsecp256k1_v0_11_scalar_get_b32(tweak, &scalar_tweak); - CHECK((rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, sk) == 0) - || (rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 0)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); + secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL); + secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak); + secp256k1_scalar_get_b32(tweak, &scalar_tweak); + CHECK((secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, sk) == 0) + || (secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 0)); + CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); } /* Invalid pk with a valid tweak */ memset(&internal_xonly_pk, 0, sizeof(internal_xonly_pk)); testrand256(tweak); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak)); + CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); } static void test_xonly_pubkey_tweak_check(void) { unsigned char zeros64[64] = { 0 }; unsigned char overflows[32]; unsigned char sk[32]; - rustsecp256k1_v0_11_pubkey internal_pk; - rustsecp256k1_v0_11_xonly_pubkey internal_xonly_pk; - rustsecp256k1_v0_11_pubkey output_pk; - rustsecp256k1_v0_11_xonly_pubkey output_xonly_pk; + secp256k1_pubkey internal_pk; + secp256k1_xonly_pubkey internal_xonly_pk; + secp256k1_pubkey output_pk; + secp256k1_xonly_pubkey output_xonly_pk; unsigned char output_pk32[32]; unsigned char buf32[32]; int pk_parity; @@ -211,38 +211,38 @@ static void test_xonly_pubkey_tweak_check(void) { memset(overflows, 0xff, sizeof(overflows)); testrand256(tweak); testrand256(sk); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &internal_pk, sk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); - - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, buf32, &output_xonly_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, NULL, pk_parity, &internal_xonly_pk, tweak)); + CHECK(secp256k1_ec_pubkey_create(CTX, &internal_pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, &pk_parity, &internal_pk) == 1); + + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &output_xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add_check(CTX, NULL, pk_parity, &internal_xonly_pk, tweak)); /* invalid pk_parity value */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, buf32, 2, &internal_xonly_pk, tweak) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, NULL, tweak)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, NULL)); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, 2, &internal_xonly_pk, tweak) == 0); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, NULL, tweak)); + CHECK_ILLEGAL(CTX, secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, NULL)); memset(tweak, 1, sizeof(tweak)); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, NULL, &internal_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, output_pk32, &output_xonly_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &internal_xonly_pk, NULL, &internal_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &output_xonly_pk, &pk_parity, &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_pk32, &output_xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, tweak) == 1); /* Wrong pk_parity */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, !pk_parity, &internal_xonly_pk, tweak) == 0); /* Wrong public key */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, buf32, &internal_xonly_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, buf32, &internal_xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, buf32, pk_parity, &internal_xonly_pk, tweak) == 0); /* Overflowing tweak not allowed */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk32, pk_parity, &internal_xonly_pk, overflows) == 0); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk, &internal_xonly_pk, overflows) == 0); + CHECK(secp256k1_memcmp_var(&output_pk, zeros64, sizeof(output_pk)) == 0); } /* Starts with an initial pubkey and recursively creates N_PUBKEYS - 1 @@ -251,29 +251,29 @@ static void test_xonly_pubkey_tweak_check(void) { #define N_PUBKEYS 32 static void test_xonly_pubkey_tweak_recursive(void) { unsigned char sk[32]; - rustsecp256k1_v0_11_pubkey pk[N_PUBKEYS]; + secp256k1_pubkey pk[N_PUBKEYS]; unsigned char pk_serialized[32]; unsigned char tweak[N_PUBKEYS - 1][32]; int i; testrand256(sk); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pk[0], sk) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk[0], sk) == 1); /* Add tweaks */ for (i = 0; i < N_PUBKEYS - 1; i++) { - rustsecp256k1_v0_11_xonly_pubkey xonly_pk; + secp256k1_xonly_pubkey xonly_pk; memset(tweak[i], i + 1, sizeof(tweak[i])); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk[i]) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &pk[i + 1], &xonly_pk, tweak[i]) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk[i]) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &pk[i + 1], &xonly_pk, tweak[i]) == 1); } /* Verify tweaks */ for (i = N_PUBKEYS - 1; i > 0; i--) { - rustsecp256k1_v0_11_xonly_pubkey xonly_pk; + secp256k1_xonly_pubkey xonly_pk; int pk_parity; - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk[i]) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, pk_serialized, &xonly_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk[i - 1]) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk[i]) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, pk_serialized, &xonly_pk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, NULL, &pk[i - 1]) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, pk_serialized, pk_parity, &xonly_pk, tweak[i - 1]) == 1); } } #undef N_PUBKEYS @@ -283,9 +283,9 @@ static void test_keypair(void) { unsigned char sk_tmp[32]; unsigned char zeros96[96] = { 0 }; unsigned char overflows[32]; - rustsecp256k1_v0_11_keypair keypair; - rustsecp256k1_v0_11_pubkey pk, pk_tmp; - rustsecp256k1_v0_11_xonly_pubkey xonly_pk, xonly_pk_tmp; + secp256k1_keypair keypair; + secp256k1_pubkey pk, pk_tmp; + secp256k1_xonly_pubkey xonly_pk, xonly_pk_tmp; int pk_parity, pk_parity_tmp; CHECK(sizeof(zeros96) == sizeof(keypair)); @@ -293,88 +293,88 @@ static void test_keypair(void) { /* Test keypair_create */ testrand256(sk); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_create(CTX, NULL, sk)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_create(CTX, &keypair, NULL)); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_keypair_create(STATIC_CTX, &keypair, sk)); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) != 0); + CHECK_ILLEGAL(CTX, secp256k1_keypair_create(CTX, NULL, sk)); + CHECK_ILLEGAL(CTX, secp256k1_keypair_create(CTX, &keypair, NULL)); + CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_keypair_create(STATIC_CTX, &keypair, sk)); + CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); /* Invalid secret key */ - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, zeros96) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, overflows) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, zeros96) == 0); + CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, overflows) == 0); + CHECK(secp256k1_memcmp_var(zeros96, &keypair, sizeof(keypair)) == 0); /* Test keypair_pub */ testrand256(sk); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_pub(CTX, &pk, &keypair) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_pub(CTX, NULL, &keypair)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_pub(CTX, &pk, NULL)); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1); + CHECK_ILLEGAL(CTX, secp256k1_keypair_pub(CTX, NULL, &keypair)); + CHECK_ILLEGAL(CTX, secp256k1_keypair_pub(CTX, &pk, NULL)); + CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); /* Using an invalid keypair is fine for keypair_pub */ memset(&keypair, 0, sizeof(keypair)); - CHECK(rustsecp256k1_v0_11_keypair_pub(CTX, &pk, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); + CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair) == 1); + CHECK(secp256k1_memcmp_var(zeros96, &pk, sizeof(pk)) == 0); /* keypair holds the same pubkey as pubkey_create */ - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_pub(CTX, &pk_tmp, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_pub(CTX, &pk_tmp, &keypair) == 1); + CHECK(secp256k1_memcmp_var(&pk, &pk_tmp, sizeof(pk)) == 0); /** Test keypair_xonly_pub **/ testrand256(sk); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_xonly_pub(CTX, NULL, &pk_parity, &keypair)); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &xonly_pk, NULL, &keypair) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, NULL)); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1); + CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_pub(CTX, NULL, &pk_parity, &keypair)); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, NULL, &keypair) == 1); + CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, NULL)); + CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); /* Using an invalid keypair will set the xonly_pk to 0 (first reset * xonly_pk). */ - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair) == 1); memset(&keypair, 0, sizeof(keypair)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair)); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); + CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_pub(CTX, &xonly_pk, &pk_parity, &keypair)); + CHECK(secp256k1_memcmp_var(zeros96, &xonly_pk, sizeof(xonly_pk)) == 0); /** keypair holds the same xonly pubkey as pubkey_create **/ - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pk, sk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pk, sk) == 1); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &xonly_pk, &pk_parity, &pk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &xonly_pk_tmp, &pk_parity_tmp, &keypair) == 1); + CHECK(secp256k1_memcmp_var(&xonly_pk, &xonly_pk_tmp, sizeof(pk)) == 0); CHECK(pk_parity == pk_parity_tmp); /* Test keypair_seckey */ testrand256(sk); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_sec(CTX, sk_tmp, &keypair) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_sec(CTX, NULL, &keypair)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_sec(CTX, sk_tmp, NULL)); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); + CHECK_ILLEGAL(CTX, secp256k1_keypair_sec(CTX, NULL, &keypair)); + CHECK_ILLEGAL(CTX, secp256k1_keypair_sec(CTX, sk_tmp, NULL)); + CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); /* keypair returns the same seckey it got */ - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_sec(CTX, sk_tmp, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(sk, sk_tmp, sizeof(sk_tmp)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); + CHECK(secp256k1_memcmp_var(sk, sk_tmp, sizeof(sk_tmp)) == 0); /* Using an invalid keypair is fine for keypair_seckey */ memset(&keypair, 0, sizeof(keypair)); - CHECK(rustsecp256k1_v0_11_keypair_sec(CTX, sk_tmp, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); + CHECK(secp256k1_keypair_sec(CTX, sk_tmp, &keypair) == 1); + CHECK(secp256k1_memcmp_var(zeros96, sk_tmp, sizeof(sk_tmp)) == 0); } static void test_keypair_add(void) { unsigned char sk[32]; - rustsecp256k1_v0_11_keypair keypair; + secp256k1_keypair keypair; unsigned char overflows[32]; unsigned char zeros96[96] = { 0 }; unsigned char tweak[32]; @@ -384,86 +384,86 @@ static void test_keypair_add(void) { testrand256(sk); testrand256(tweak); memset(overflows, 0xFF, 32); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, NULL, tweak)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, NULL)); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); + CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, NULL, tweak)); + CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, NULL)); /* This does not set the keypair to zeroes */ - CHECK(rustsecp256k1_v0_11_memcmp_var(&keypair, zeros96, sizeof(keypair)) != 0); + CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) != 0); /* Invalid tweak zeroes the keypair */ - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, overflows) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, overflows) == 0); + CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0); /* A zero tweak is fine */ - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, zeros96) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, zeros96) == 1); /* Fails if the resulting keypair was (sk=0, pk=infinity) */ for (i = 0; i < COUNT; i++) { - rustsecp256k1_v0_11_scalar scalar_tweak; - rustsecp256k1_v0_11_keypair keypair_tmp; + secp256k1_scalar scalar_tweak; + secp256k1_keypair keypair_tmp; testrand256(sk); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); memcpy(&keypair_tmp, &keypair, sizeof(keypair)); /* Because sk may be negated before adding, we need to try with tweak = * sk as well as tweak = -sk. */ - rustsecp256k1_v0_11_scalar_set_b32(&scalar_tweak, sk, NULL); - rustsecp256k1_v0_11_scalar_negate(&scalar_tweak, &scalar_tweak); - rustsecp256k1_v0_11_scalar_get_b32(tweak, &scalar_tweak); - CHECK((rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, sk) == 0) - || (rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair_tmp, tweak) == 0)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0 - || rustsecp256k1_v0_11_memcmp_var(&keypair_tmp, zeros96, sizeof(keypair_tmp)) == 0); + secp256k1_scalar_set_b32(&scalar_tweak, sk, NULL); + secp256k1_scalar_negate(&scalar_tweak, &scalar_tweak); + secp256k1_scalar_get_b32(tweak, &scalar_tweak); + CHECK((secp256k1_keypair_xonly_tweak_add(CTX, &keypair, sk) == 0) + || (secp256k1_keypair_xonly_tweak_add(CTX, &keypair_tmp, tweak) == 0)); + CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0 + || secp256k1_memcmp_var(&keypair_tmp, zeros96, sizeof(keypair_tmp)) == 0); } /* Invalid keypair with a valid tweak */ memset(&keypair, 0, sizeof(keypair)); testrand256(tweak); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, tweak)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0); + CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak)); + CHECK(secp256k1_memcmp_var(&keypair, zeros96, sizeof(keypair)) == 0); /* Only seckey part of keypair invalid */ - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); memset(&keypair, 0, 32); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, tweak)); + CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak)); /* Only pubkey part of keypair invalid */ - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); memset(&keypair.data[32], 0, 64); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, tweak)); + CHECK_ILLEGAL(CTX, secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak)); /* Check that the keypair_tweak_add implementation is correct */ - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); for (i = 0; i < COUNT; i++) { - rustsecp256k1_v0_11_xonly_pubkey internal_pk; - rustsecp256k1_v0_11_xonly_pubkey output_pk; - rustsecp256k1_v0_11_pubkey output_pk_xy; - rustsecp256k1_v0_11_pubkey output_pk_expected; + secp256k1_xonly_pubkey internal_pk; + secp256k1_xonly_pubkey output_pk; + secp256k1_pubkey output_pk_xy; + secp256k1_pubkey output_pk_expected; unsigned char pk32[32]; unsigned char sk32[32]; int pk_parity; testrand256(tweak); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1); /* Check that it passes xonly_pubkey_tweak_add_check */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, pk32, &output_pk) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, pk32, pk_parity, &internal_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, pk32, &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, pk32, pk_parity, &internal_pk, tweak) == 1); /* Check that the resulting pubkey matches xonly_pubkey_tweak_add */ - CHECK(rustsecp256k1_v0_11_keypair_pub(CTX, &output_pk_xy, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add(CTX, &output_pk_expected, &internal_pk, tweak) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); + CHECK(secp256k1_keypair_pub(CTX, &output_pk_xy, &keypair) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add(CTX, &output_pk_expected, &internal_pk, tweak) == 1); + CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); /* Check that the secret key in the keypair is tweaked correctly */ - CHECK(rustsecp256k1_v0_11_keypair_sec(CTX, sk32, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &output_pk_expected, sk32) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); + CHECK(secp256k1_keypair_sec(CTX, sk32, &keypair) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &output_pk_expected, sk32) == 1); + CHECK(secp256k1_memcmp_var(&output_pk_xy, &output_pk_expected, sizeof(output_pk_xy)) == 0); } } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/musig/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/musig/Makefile.am.include index d478ec751..796443c93 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/musig/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/musig/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_11_musig.h +include_HEADERS += include/secp256k1_musig.h noinst_HEADERS += src/modules/musig/main_impl.h noinst_HEADERS += src/modules/musig/keyagg.h noinst_HEADERS += src/modules/musig/keyagg_impl.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/musig/keyagg.h b/secp256k1-sys/depend/secp256k1/src/modules/musig/keyagg.h index bee2a322d..a0b37252f 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/musig/keyagg.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/musig/keyagg.h @@ -13,20 +13,20 @@ #include "../../scalar.h" typedef struct { - rustsecp256k1_v0_11_ge pk; + secp256k1_ge pk; /* If there is no "second" public key, second_pk is set to the point at * infinity */ - rustsecp256k1_v0_11_ge second_pk; + secp256k1_ge second_pk; unsigned char pks_hash[32]; /* tweak is identical to value tacc[v] in the specification. */ - rustsecp256k1_v0_11_scalar tweak; + secp256k1_scalar tweak; /* parity_acc corresponds to (1 - gacc[v])/2 in the spec. So if gacc[v] is * -1, parity_acc is 1. Otherwise, parity_acc is 0. */ int parity_acc; -} rustsecp256k1_v0_11_keyagg_cache_internal; +} secp256k1_keyagg_cache_internal; -static int rustsecp256k1_v0_11_keyagg_cache_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_keyagg_cache_internal *cache_i, const rustsecp256k1_v0_11_musig_keyagg_cache *cache); +static int secp256k1_keyagg_cache_load(const secp256k1_context* ctx, secp256k1_keyagg_cache_internal *cache_i, const secp256k1_musig_keyagg_cache *cache); -static void rustsecp256k1_v0_11_musig_keyaggcoef(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_keyagg_cache_internal *cache_i, rustsecp256k1_v0_11_ge *pk); +static void secp256k1_musig_keyaggcoef(secp256k1_scalar *r, const secp256k1_keyagg_cache_internal *cache_i, secp256k1_ge *pk); #endif diff --git a/secp256k1-sys/depend/secp256k1/src/modules/musig/keyagg_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/musig/keyagg_impl.h index c21b45d89..0db4fce85 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/musig/keyagg_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/musig/keyagg_impl.h @@ -16,7 +16,7 @@ #include "../../hash.h" #include "../../util.h" -static const unsigned char rustsecp256k1_v0_11_musig_keyagg_cache_magic[4] = { 0xf4, 0xad, 0xbb, 0xdf }; +static const unsigned char secp256k1_musig_keyagg_cache_magic[4] = { 0xf4, 0xad, 0xbb, 0xdf }; /* A keyagg cache consists of * - 4 byte magic set during initialization to allow detecting an uninitialized @@ -28,41 +28,41 @@ static const unsigned char rustsecp256k1_v0_11_musig_keyagg_cache_magic[4] = { 0 * - 32 byte tweak */ /* Requires that cache_i->pk is not infinity. */ -static void rustsecp256k1_v0_11_keyagg_cache_save(rustsecp256k1_v0_11_musig_keyagg_cache *cache, const rustsecp256k1_v0_11_keyagg_cache_internal *cache_i) { +static void secp256k1_keyagg_cache_save(secp256k1_musig_keyagg_cache *cache, const secp256k1_keyagg_cache_internal *cache_i) { unsigned char *ptr = cache->data; - memcpy(ptr, rustsecp256k1_v0_11_musig_keyagg_cache_magic, 4); + memcpy(ptr, secp256k1_musig_keyagg_cache_magic, 4); ptr += 4; - rustsecp256k1_v0_11_ge_to_bytes(ptr, &cache_i->pk); + secp256k1_ge_to_bytes(ptr, &cache_i->pk); ptr += 64; - rustsecp256k1_v0_11_ge_to_bytes_ext(ptr, &cache_i->second_pk); + secp256k1_ge_to_bytes_ext(ptr, &cache_i->second_pk); ptr += 64; memcpy(ptr, cache_i->pks_hash, 32); ptr += 32; *ptr = cache_i->parity_acc; ptr += 1; - rustsecp256k1_v0_11_scalar_get_b32(ptr, &cache_i->tweak); + secp256k1_scalar_get_b32(ptr, &cache_i->tweak); } -static int rustsecp256k1_v0_11_keyagg_cache_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_keyagg_cache_internal *cache_i, const rustsecp256k1_v0_11_musig_keyagg_cache *cache) { +static int secp256k1_keyagg_cache_load(const secp256k1_context* ctx, secp256k1_keyagg_cache_internal *cache_i, const secp256k1_musig_keyagg_cache *cache) { const unsigned char *ptr = cache->data; - ARG_CHECK(rustsecp256k1_v0_11_memcmp_var(ptr, rustsecp256k1_v0_11_musig_keyagg_cache_magic, 4) == 0); + ARG_CHECK(secp256k1_memcmp_var(ptr, secp256k1_musig_keyagg_cache_magic, 4) == 0); ptr += 4; - rustsecp256k1_v0_11_ge_from_bytes(&cache_i->pk, ptr); + secp256k1_ge_from_bytes(&cache_i->pk, ptr); ptr += 64; - rustsecp256k1_v0_11_ge_from_bytes_ext(&cache_i->second_pk, ptr); + secp256k1_ge_from_bytes_ext(&cache_i->second_pk, ptr); ptr += 64; memcpy(cache_i->pks_hash, ptr, 32); ptr += 32; cache_i->parity_acc = *ptr & 1; ptr += 1; - rustsecp256k1_v0_11_scalar_set_b32(&cache_i->tweak, ptr, NULL); + secp256k1_scalar_set_b32(&cache_i->tweak, ptr, NULL); return 1; } /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("KeyAgg list")||SHA256("KeyAgg list"). */ -static void rustsecp256k1_v0_11_musig_keyagglist_sha256(rustsecp256k1_v0_11_sha256 *sha) { - rustsecp256k1_v0_11_sha256_initialize(sha); +static void secp256k1_musig_keyagglist_sha256(secp256k1_sha256 *sha) { + secp256k1_sha256_initialize(sha); sha->s[0] = 0xb399d5e0ul; sha->s[1] = 0xc8fff302ul; @@ -76,28 +76,28 @@ static void rustsecp256k1_v0_11_musig_keyagglist_sha256(rustsecp256k1_v0_11_sha2 } /* Computes pks_hash = tagged_hash(pk[0], ..., pk[np-1]) */ -static int rustsecp256k1_v0_11_musig_compute_pks_hash(const rustsecp256k1_v0_11_context *ctx, unsigned char *pks_hash, const rustsecp256k1_v0_11_pubkey * const* pks, size_t np) { - rustsecp256k1_v0_11_sha256 sha; +static int secp256k1_musig_compute_pks_hash(const secp256k1_context *ctx, unsigned char *pks_hash, const secp256k1_pubkey * const* pks, size_t np) { + secp256k1_sha256 sha; size_t i; - rustsecp256k1_v0_11_musig_keyagglist_sha256(&sha); + secp256k1_musig_keyagglist_sha256(&sha); for (i = 0; i < np; i++) { unsigned char ser[33]; size_t ser_len = sizeof(ser); - if (!rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, ser, &ser_len, pks[i], SECP256K1_EC_COMPRESSED)) { + if (!secp256k1_ec_pubkey_serialize(ctx, ser, &ser_len, pks[i], SECP256K1_EC_COMPRESSED)) { return 0; } VERIFY_CHECK(ser_len == sizeof(ser)); - rustsecp256k1_v0_11_sha256_write(&sha, ser, sizeof(ser)); + secp256k1_sha256_write(&sha, ser, sizeof(ser)); } - rustsecp256k1_v0_11_sha256_finalize(&sha, pks_hash); + secp256k1_sha256_finalize(&sha, pks_hash); return 1; } /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("KeyAgg coefficient")||SHA256("KeyAgg coefficient"). */ -static void rustsecp256k1_v0_11_musig_keyaggcoef_sha256(rustsecp256k1_v0_11_sha256 *sha) { - rustsecp256k1_v0_11_sha256_initialize(sha); +static void secp256k1_musig_keyaggcoef_sha256(secp256k1_sha256 *sha) { + secp256k1_sha256_initialize(sha); sha->s[0] = 0x6ef02c5aul; sha->s[1] = 0x06a480deul; @@ -115,20 +115,20 @@ static void rustsecp256k1_v0_11_musig_keyaggcoef_sha256(rustsecp256k1_v0_11_sha2 * second_pk is the point at infinity in case there is no second_pk. Assumes * that pk is not the point at infinity and that the Y-coordinates of pk and * second_pk are normalized. */ -static void rustsecp256k1_v0_11_musig_keyaggcoef_internal(rustsecp256k1_v0_11_scalar *r, const unsigned char *pks_hash, rustsecp256k1_v0_11_ge *pk, const rustsecp256k1_v0_11_ge *second_pk) { - VERIFY_CHECK(!rustsecp256k1_v0_11_ge_is_infinity(pk)); +static void secp256k1_musig_keyaggcoef_internal(secp256k1_scalar *r, const unsigned char *pks_hash, secp256k1_ge *pk, const secp256k1_ge *second_pk) { + VERIFY_CHECK(!secp256k1_ge_is_infinity(pk)); - if (!rustsecp256k1_v0_11_ge_is_infinity(second_pk) - && rustsecp256k1_v0_11_ge_eq_var(pk, second_pk)) { - rustsecp256k1_v0_11_scalar_set_int(r, 1); + if (!secp256k1_ge_is_infinity(second_pk) + && secp256k1_ge_eq_var(pk, second_pk)) { + secp256k1_scalar_set_int(r, 1); } else { - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; unsigned char buf[33]; size_t buflen = sizeof(buf); int ret; - rustsecp256k1_v0_11_musig_keyaggcoef_sha256(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, pks_hash, 32); - ret = rustsecp256k1_v0_11_eckey_pubkey_serialize(pk, buf, &buflen, 1); + secp256k1_musig_keyaggcoef_sha256(&sha); + secp256k1_sha256_write(&sha, pks_hash, 32); + ret = secp256k1_eckey_pubkey_serialize(pk, buf, &buflen, 1); #ifdef VERIFY /* Serialization does not fail since the pk is not the point at infinity * (according to this function's precondition). */ @@ -136,31 +136,31 @@ static void rustsecp256k1_v0_11_musig_keyaggcoef_internal(rustsecp256k1_v0_11_sc #else (void) ret; #endif - rustsecp256k1_v0_11_sha256_write(&sha, buf, sizeof(buf)); - rustsecp256k1_v0_11_sha256_finalize(&sha, buf); - rustsecp256k1_v0_11_scalar_set_b32(r, buf, NULL); + secp256k1_sha256_write(&sha, buf, sizeof(buf)); + secp256k1_sha256_finalize(&sha, buf); + secp256k1_scalar_set_b32(r, buf, NULL); } } /* Assumes that pk is not the point at infinity and that the Y-coordinates of pk * and cache_i->second_pk are normalized. */ -static void rustsecp256k1_v0_11_musig_keyaggcoef(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_keyagg_cache_internal *cache_i, rustsecp256k1_v0_11_ge *pk) { - rustsecp256k1_v0_11_musig_keyaggcoef_internal(r, cache_i->pks_hash, pk, &cache_i->second_pk); +static void secp256k1_musig_keyaggcoef(secp256k1_scalar *r, const secp256k1_keyagg_cache_internal *cache_i, secp256k1_ge *pk) { + secp256k1_musig_keyaggcoef_internal(r, cache_i->pks_hash, pk, &cache_i->second_pk); } typedef struct { - const rustsecp256k1_v0_11_context *ctx; + const secp256k1_context *ctx; /* pks_hash is the hash of the public keys */ unsigned char pks_hash[32]; - const rustsecp256k1_v0_11_pubkey * const* pks; - rustsecp256k1_v0_11_ge second_pk; -} rustsecp256k1_v0_11_musig_pubkey_agg_ecmult_data; + const secp256k1_pubkey * const* pks; + secp256k1_ge second_pk; +} secp256k1_musig_pubkey_agg_ecmult_data; /* Callback for batch EC multiplication to compute keyaggcoef_0*P0 + keyaggcoef_1*P1 + ... */ -static int rustsecp256k1_v0_11_musig_pubkey_agg_callback(rustsecp256k1_v0_11_scalar *sc, rustsecp256k1_v0_11_ge *pt, size_t idx, void *data) { - rustsecp256k1_v0_11_musig_pubkey_agg_ecmult_data *ctx = (rustsecp256k1_v0_11_musig_pubkey_agg_ecmult_data *) data; +static int secp256k1_musig_pubkey_agg_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *data) { + secp256k1_musig_pubkey_agg_ecmult_data *ctx = (secp256k1_musig_pubkey_agg_ecmult_data *) data; int ret; - ret = rustsecp256k1_v0_11_pubkey_load(ctx->ctx, pt, ctx->pks[idx]); + ret = secp256k1_pubkey_load(ctx->ctx, pt, ctx->pks[idx]); #ifdef VERIFY /* pubkey_load can't fail because the same pks have already been loaded in * `musig_compute_pks_hash` (and we test this). */ @@ -168,14 +168,14 @@ static int rustsecp256k1_v0_11_musig_pubkey_agg_callback(rustsecp256k1_v0_11_sca #else (void) ret; #endif - rustsecp256k1_v0_11_musig_keyaggcoef_internal(sc, ctx->pks_hash, pt, &ctx->second_pk); + secp256k1_musig_keyaggcoef_internal(sc, ctx->pks_hash, pt, &ctx->second_pk); return 1; } -int rustsecp256k1_v0_11_musig_pubkey_agg(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_xonly_pubkey *agg_pk, rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const rustsecp256k1_v0_11_pubkey * const* pubkeys, size_t n_pubkeys) { - rustsecp256k1_v0_11_musig_pubkey_agg_ecmult_data ecmult_data; - rustsecp256k1_v0_11_gej pkj; - rustsecp256k1_v0_11_ge pkp; +int secp256k1_musig_pubkey_agg(const secp256k1_context* ctx, secp256k1_xonly_pubkey *agg_pk, secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_pubkey * const* pubkeys, size_t n_pubkeys) { + secp256k1_musig_pubkey_agg_ecmult_data ecmult_data; + secp256k1_gej pkj; + secp256k1_ge pkp; size_t i; VERIFY_CHECK(ctx != NULL); @@ -188,11 +188,11 @@ int rustsecp256k1_v0_11_musig_pubkey_agg(const rustsecp256k1_v0_11_context* ctx, ecmult_data.ctx = ctx; ecmult_data.pks = pubkeys; - rustsecp256k1_v0_11_ge_set_infinity(&ecmult_data.second_pk); + secp256k1_ge_set_infinity(&ecmult_data.second_pk); for (i = 1; i < n_pubkeys; i++) { - if (rustsecp256k1_v0_11_memcmp_var(pubkeys[0], pubkeys[i], sizeof(*pubkeys[0])) != 0) { - rustsecp256k1_v0_11_ge pk; - if (!rustsecp256k1_v0_11_pubkey_load(ctx, &pk, pubkeys[i])) { + if (secp256k1_memcmp_var(pubkeys[0], pubkeys[i], sizeof(*pubkeys[0])) != 0) { + secp256k1_ge pk; + if (!secp256k1_pubkey_load(ctx, &pk, pubkeys[i])) { return 0; } ecmult_data.second_pk = pk; @@ -200,54 +200,54 @@ int rustsecp256k1_v0_11_musig_pubkey_agg(const rustsecp256k1_v0_11_context* ctx, } } - if (!rustsecp256k1_v0_11_musig_compute_pks_hash(ctx, ecmult_data.pks_hash, pubkeys, n_pubkeys)) { + if (!secp256k1_musig_compute_pks_hash(ctx, ecmult_data.pks_hash, pubkeys, n_pubkeys)) { return 0; } /* TODO: actually use optimized ecmult_multi algorithms by providing a * scratch space */ - if (!rustsecp256k1_v0_11_ecmult_multi_var(&ctx->error_callback, NULL, &pkj, NULL, rustsecp256k1_v0_11_musig_pubkey_agg_callback, (void *) &ecmult_data, n_pubkeys)) { + if (!secp256k1_ecmult_multi_var(&ctx->error_callback, NULL, &pkj, NULL, secp256k1_musig_pubkey_agg_callback, (void *) &ecmult_data, n_pubkeys)) { /* In order to reach this line with the current implementation of * ecmult_multi_var one would need to provide a callback that can * fail. */ return 0; } - rustsecp256k1_v0_11_ge_set_gej(&pkp, &pkj); - rustsecp256k1_v0_11_fe_normalize_var(&pkp.y); + secp256k1_ge_set_gej(&pkp, &pkj); + secp256k1_fe_normalize_var(&pkp.y); /* The resulting public key is infinity with negligible probability */ - VERIFY_CHECK(!rustsecp256k1_v0_11_ge_is_infinity(&pkp)); + VERIFY_CHECK(!secp256k1_ge_is_infinity(&pkp)); if (keyagg_cache != NULL) { - rustsecp256k1_v0_11_keyagg_cache_internal cache_i = { 0 }; + secp256k1_keyagg_cache_internal cache_i = { 0 }; cache_i.pk = pkp; cache_i.second_pk = ecmult_data.second_pk; memcpy(cache_i.pks_hash, ecmult_data.pks_hash, sizeof(cache_i.pks_hash)); - rustsecp256k1_v0_11_keyagg_cache_save(keyagg_cache, &cache_i); + secp256k1_keyagg_cache_save(keyagg_cache, &cache_i); } if (agg_pk != NULL) { - rustsecp256k1_v0_11_extrakeys_ge_even_y(&pkp); - rustsecp256k1_v0_11_xonly_pubkey_save(agg_pk, &pkp); + secp256k1_extrakeys_ge_even_y(&pkp); + secp256k1_xonly_pubkey_save(agg_pk, &pkp); } return 1; } -int rustsecp256k1_v0_11_musig_pubkey_get(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *agg_pk, const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache) { - rustsecp256k1_v0_11_keyagg_cache_internal cache_i; +int secp256k1_musig_pubkey_get(const secp256k1_context* ctx, secp256k1_pubkey *agg_pk, const secp256k1_musig_keyagg_cache *keyagg_cache) { + secp256k1_keyagg_cache_internal cache_i; VERIFY_CHECK(ctx != NULL); ARG_CHECK(agg_pk != NULL); memset(agg_pk, 0, sizeof(*agg_pk)); ARG_CHECK(keyagg_cache != NULL); - if (!rustsecp256k1_v0_11_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { + if (!secp256k1_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { return 0; } - rustsecp256k1_v0_11_pubkey_save(agg_pk, &cache_i.pk); + secp256k1_pubkey_save(agg_pk, &cache_i.pk); return 1; } -static int rustsecp256k1_v0_11_musig_pubkey_tweak_add_internal(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *output_pubkey, rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32, int xonly) { - rustsecp256k1_v0_11_keyagg_cache_internal cache_i; +static int secp256k1_musig_pubkey_tweak_add_internal(const secp256k1_context* ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32, int xonly) { + secp256k1_keyagg_cache_internal cache_i; int overflow = 0; - rustsecp256k1_v0_11_scalar tweak; + secp256k1_scalar tweak; VERIFY_CHECK(ctx != NULL); if (output_pubkey != NULL) { @@ -256,36 +256,36 @@ static int rustsecp256k1_v0_11_musig_pubkey_tweak_add_internal(const rustsecp256 ARG_CHECK(keyagg_cache != NULL); ARG_CHECK(tweak32 != NULL); - if (!rustsecp256k1_v0_11_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { + if (!secp256k1_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { return 0; } - rustsecp256k1_v0_11_scalar_set_b32(&tweak, tweak32, &overflow); + secp256k1_scalar_set_b32(&tweak, tweak32, &overflow); if (overflow) { return 0; } - if (xonly && rustsecp256k1_v0_11_extrakeys_ge_even_y(&cache_i.pk)) { + if (xonly && secp256k1_extrakeys_ge_even_y(&cache_i.pk)) { cache_i.parity_acc ^= 1; - rustsecp256k1_v0_11_scalar_negate(&cache_i.tweak, &cache_i.tweak); + secp256k1_scalar_negate(&cache_i.tweak, &cache_i.tweak); } - rustsecp256k1_v0_11_scalar_add(&cache_i.tweak, &cache_i.tweak, &tweak); - if (!rustsecp256k1_v0_11_eckey_pubkey_tweak_add(&cache_i.pk, &tweak)) { + secp256k1_scalar_add(&cache_i.tweak, &cache_i.tweak, &tweak); + if (!secp256k1_eckey_pubkey_tweak_add(&cache_i.pk, &tweak)) { return 0; } /* eckey_pubkey_tweak_add fails if cache_i.pk is infinity */ - VERIFY_CHECK(!rustsecp256k1_v0_11_ge_is_infinity(&cache_i.pk)); - rustsecp256k1_v0_11_keyagg_cache_save(keyagg_cache, &cache_i); + VERIFY_CHECK(!secp256k1_ge_is_infinity(&cache_i.pk)); + secp256k1_keyagg_cache_save(keyagg_cache, &cache_i); if (output_pubkey != NULL) { - rustsecp256k1_v0_11_pubkey_save(output_pubkey, &cache_i.pk); + secp256k1_pubkey_save(output_pubkey, &cache_i.pk); } return 1; } -int rustsecp256k1_v0_11_musig_pubkey_ec_tweak_add(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *output_pubkey, rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) { - return rustsecp256k1_v0_11_musig_pubkey_tweak_add_internal(ctx, output_pubkey, keyagg_cache, tweak32, 0); +int secp256k1_musig_pubkey_ec_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) { + return secp256k1_musig_pubkey_tweak_add_internal(ctx, output_pubkey, keyagg_cache, tweak32, 0); } -int rustsecp256k1_v0_11_musig_pubkey_xonly_tweak_add(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *output_pubkey, rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) { - return rustsecp256k1_v0_11_musig_pubkey_tweak_add_internal(ctx, output_pubkey, keyagg_cache, tweak32, 1); +int secp256k1_musig_pubkey_xonly_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32) { + return secp256k1_musig_pubkey_tweak_add_internal(ctx, output_pubkey, keyagg_cache, tweak32, 1); } #endif diff --git a/secp256k1-sys/depend/secp256k1/src/modules/musig/session.h b/secp256k1-sys/depend/secp256k1/src/modules/musig/session.h index d010a9b86..d6d76bc6c 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/musig/session.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/musig/session.h @@ -14,11 +14,11 @@ typedef struct { int fin_nonce_parity; unsigned char fin_nonce[32]; - rustsecp256k1_v0_11_scalar noncecoef; - rustsecp256k1_v0_11_scalar challenge; - rustsecp256k1_v0_11_scalar s_part; -} rustsecp256k1_v0_11_musig_session_internal; + secp256k1_scalar noncecoef; + secp256k1_scalar challenge; + secp256k1_scalar s_part; +} secp256k1_musig_session_internal; -static int rustsecp256k1_v0_11_musig_session_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_session_internal *session_i, const rustsecp256k1_v0_11_musig_session *session); +static int secp256k1_musig_session_load(const secp256k1_context* ctx, secp256k1_musig_session_internal *session_i, const secp256k1_musig_session *session); #endif diff --git a/secp256k1-sys/depend/secp256k1/src/modules/musig/session_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/musig/session_impl.h index 418910240..2c8778b3c 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/musig/session_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/musig/session_impl.h @@ -21,13 +21,13 @@ /* Outputs 33 zero bytes if the given group element is the point at infinity and * otherwise outputs the compressed serialization */ -static void rustsecp256k1_v0_11_musig_ge_serialize_ext(unsigned char *out33, rustsecp256k1_v0_11_ge* ge) { - if (rustsecp256k1_v0_11_ge_is_infinity(ge)) { +static void secp256k1_musig_ge_serialize_ext(unsigned char *out33, secp256k1_ge* ge) { + if (secp256k1_ge_is_infinity(ge)) { memset(out33, 0, 33); } else { int ret; size_t size = 33; - ret = rustsecp256k1_v0_11_eckey_pubkey_serialize(ge, out33, &size, 1); + ret = secp256k1_eckey_pubkey_serialize(ge, out33, &size, 1); #ifdef VERIFY /* Serialize must succeed because the point is not at infinity */ VERIFY_CHECK(ret && size == 33); @@ -39,99 +39,99 @@ static void rustsecp256k1_v0_11_musig_ge_serialize_ext(unsigned char *out33, rus /* Outputs the point at infinity if the given byte array is all zero, otherwise * attempts to parse compressed point serialization. */ -static int rustsecp256k1_v0_11_musig_ge_parse_ext(rustsecp256k1_v0_11_ge* ge, const unsigned char *in33) { +static int secp256k1_musig_ge_parse_ext(secp256k1_ge* ge, const unsigned char *in33) { unsigned char zeros[33] = { 0 }; - if (rustsecp256k1_v0_11_memcmp_var(in33, zeros, sizeof(zeros)) == 0) { - rustsecp256k1_v0_11_ge_set_infinity(ge); + if (secp256k1_memcmp_var(in33, zeros, sizeof(zeros)) == 0) { + secp256k1_ge_set_infinity(ge); return 1; } - if (!rustsecp256k1_v0_11_eckey_pubkey_parse(ge, in33, 33)) { + if (!secp256k1_eckey_pubkey_parse(ge, in33, 33)) { return 0; } - return rustsecp256k1_v0_11_ge_is_in_correct_subgroup(ge); + return secp256k1_ge_is_in_correct_subgroup(ge); } -static const unsigned char rustsecp256k1_v0_11_musig_secnonce_magic[4] = { 0x22, 0x0e, 0xdc, 0xf1 }; +static const unsigned char secp256k1_musig_secnonce_magic[4] = { 0x22, 0x0e, 0xdc, 0xf1 }; -static void rustsecp256k1_v0_11_musig_secnonce_save(rustsecp256k1_v0_11_musig_secnonce *secnonce, const rustsecp256k1_v0_11_scalar *k, const rustsecp256k1_v0_11_ge *pk) { - memcpy(&secnonce->data[0], rustsecp256k1_v0_11_musig_secnonce_magic, 4); - rustsecp256k1_v0_11_scalar_get_b32(&secnonce->data[4], &k[0]); - rustsecp256k1_v0_11_scalar_get_b32(&secnonce->data[36], &k[1]); - rustsecp256k1_v0_11_ge_to_bytes(&secnonce->data[68], pk); +static void secp256k1_musig_secnonce_save(secp256k1_musig_secnonce *secnonce, const secp256k1_scalar *k, const secp256k1_ge *pk) { + memcpy(&secnonce->data[0], secp256k1_musig_secnonce_magic, 4); + secp256k1_scalar_get_b32(&secnonce->data[4], &k[0]); + secp256k1_scalar_get_b32(&secnonce->data[36], &k[1]); + secp256k1_ge_to_bytes(&secnonce->data[68], pk); } -static int rustsecp256k1_v0_11_musig_secnonce_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_scalar *k, rustsecp256k1_v0_11_ge *pk, const rustsecp256k1_v0_11_musig_secnonce *secnonce) { +static int secp256k1_musig_secnonce_load(const secp256k1_context* ctx, secp256k1_scalar *k, secp256k1_ge *pk, const secp256k1_musig_secnonce *secnonce) { int is_zero; - ARG_CHECK(rustsecp256k1_v0_11_memcmp_var(&secnonce->data[0], rustsecp256k1_v0_11_musig_secnonce_magic, 4) == 0); + ARG_CHECK(secp256k1_memcmp_var(&secnonce->data[0], secp256k1_musig_secnonce_magic, 4) == 0); /* We make very sure that the nonce isn't invalidated by checking the values * in addition to the magic. */ - is_zero = rustsecp256k1_v0_11_is_zero_array(&secnonce->data[4], 2 * 32); - rustsecp256k1_v0_11_declassify(ctx, &is_zero, sizeof(is_zero)); + is_zero = secp256k1_is_zero_array(&secnonce->data[4], 2 * 32); + secp256k1_declassify(ctx, &is_zero, sizeof(is_zero)); ARG_CHECK(!is_zero); - rustsecp256k1_v0_11_scalar_set_b32(&k[0], &secnonce->data[4], NULL); - rustsecp256k1_v0_11_scalar_set_b32(&k[1], &secnonce->data[36], NULL); - rustsecp256k1_v0_11_ge_from_bytes(pk, &secnonce->data[68]); + secp256k1_scalar_set_b32(&k[0], &secnonce->data[4], NULL); + secp256k1_scalar_set_b32(&k[1], &secnonce->data[36], NULL); + secp256k1_ge_from_bytes(pk, &secnonce->data[68]); return 1; } /* If flag is true, invalidate the secnonce; otherwise leave it. Constant-time. */ -static void rustsecp256k1_v0_11_musig_secnonce_invalidate(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_secnonce *secnonce, int flag) { - rustsecp256k1_v0_11_memczero(secnonce->data, sizeof(secnonce->data), flag); +static void secp256k1_musig_secnonce_invalidate(const secp256k1_context* ctx, secp256k1_musig_secnonce *secnonce, int flag) { + secp256k1_memczero(secnonce->data, sizeof(secnonce->data), flag); /* The flag argument is usually classified. So, the line above makes the * magic and public key classified. However, we need both to be * declassified. Note that we don't declassify the entire object, because if * flag is 0, then k[0] and k[1] have not been zeroed. */ - rustsecp256k1_v0_11_declassify(ctx, secnonce->data, sizeof(rustsecp256k1_v0_11_musig_secnonce_magic)); - rustsecp256k1_v0_11_declassify(ctx, &secnonce->data[68], 64); + secp256k1_declassify(ctx, secnonce->data, sizeof(secp256k1_musig_secnonce_magic)); + secp256k1_declassify(ctx, &secnonce->data[68], 64); } -static const unsigned char rustsecp256k1_v0_11_musig_pubnonce_magic[4] = { 0xf5, 0x7a, 0x3d, 0xa0 }; +static const unsigned char secp256k1_musig_pubnonce_magic[4] = { 0xf5, 0x7a, 0x3d, 0xa0 }; /* Saves two group elements into a pubnonce. Requires that none of the provided * group elements is infinity. */ -static void rustsecp256k1_v0_11_musig_pubnonce_save(rustsecp256k1_v0_11_musig_pubnonce* nonce, const rustsecp256k1_v0_11_ge* ges) { +static void secp256k1_musig_pubnonce_save(secp256k1_musig_pubnonce* nonce, const secp256k1_ge* ges) { int i; - memcpy(&nonce->data[0], rustsecp256k1_v0_11_musig_pubnonce_magic, 4); + memcpy(&nonce->data[0], secp256k1_musig_pubnonce_magic, 4); for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_ge_to_bytes(nonce->data + 4+64*i, &ges[i]); + secp256k1_ge_to_bytes(nonce->data + 4+64*i, &ges[i]); } } /* Loads two group elements from a pubnonce. Returns 1 unless the nonce wasn't * properly initialized */ -static int rustsecp256k1_v0_11_musig_pubnonce_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ge* ges, const rustsecp256k1_v0_11_musig_pubnonce* nonce) { +static int secp256k1_musig_pubnonce_load(const secp256k1_context* ctx, secp256k1_ge* ges, const secp256k1_musig_pubnonce* nonce) { int i; - ARG_CHECK(rustsecp256k1_v0_11_memcmp_var(&nonce->data[0], rustsecp256k1_v0_11_musig_pubnonce_magic, 4) == 0); + ARG_CHECK(secp256k1_memcmp_var(&nonce->data[0], secp256k1_musig_pubnonce_magic, 4) == 0); for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_ge_from_bytes(&ges[i], nonce->data + 4 + 64*i); + secp256k1_ge_from_bytes(&ges[i], nonce->data + 4 + 64*i); } return 1; } -static const unsigned char rustsecp256k1_v0_11_musig_aggnonce_magic[4] = { 0xa8, 0xb7, 0xe4, 0x67 }; +static const unsigned char secp256k1_musig_aggnonce_magic[4] = { 0xa8, 0xb7, 0xe4, 0x67 }; -static void rustsecp256k1_v0_11_musig_aggnonce_save(rustsecp256k1_v0_11_musig_aggnonce* nonce, const rustsecp256k1_v0_11_ge* ges) { +static void secp256k1_musig_aggnonce_save(secp256k1_musig_aggnonce* nonce, const secp256k1_ge* ges) { int i; - memcpy(&nonce->data[0], rustsecp256k1_v0_11_musig_aggnonce_magic, 4); + memcpy(&nonce->data[0], secp256k1_musig_aggnonce_magic, 4); for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_ge_to_bytes_ext(&nonce->data[4 + 64*i], &ges[i]); + secp256k1_ge_to_bytes_ext(&nonce->data[4 + 64*i], &ges[i]); } } -static int rustsecp256k1_v0_11_musig_aggnonce_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ge* ges, const rustsecp256k1_v0_11_musig_aggnonce* nonce) { +static int secp256k1_musig_aggnonce_load(const secp256k1_context* ctx, secp256k1_ge* ges, const secp256k1_musig_aggnonce* nonce) { int i; - ARG_CHECK(rustsecp256k1_v0_11_memcmp_var(&nonce->data[0], rustsecp256k1_v0_11_musig_aggnonce_magic, 4) == 0); + ARG_CHECK(secp256k1_memcmp_var(&nonce->data[0], secp256k1_musig_aggnonce_magic, 4) == 0); for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_ge_from_bytes_ext(&ges[i], &nonce->data[4 + 64*i]); + secp256k1_ge_from_bytes_ext(&ges[i], &nonce->data[4 + 64*i]); } return 1; } -static const unsigned char rustsecp256k1_v0_11_musig_session_cache_magic[4] = { 0x9d, 0xed, 0xe9, 0x17 }; +static const unsigned char secp256k1_musig_session_cache_magic[4] = { 0x9d, 0xed, 0xe9, 0x17 }; /* A session consists of * - 4 byte session cache magic @@ -141,58 +141,58 @@ static const unsigned char rustsecp256k1_v0_11_musig_session_cache_magic[4] = { * - 32 byte signature challenge hash e * - 32 byte scalar s that is added to the partial signatures of the signers */ -static void rustsecp256k1_v0_11_musig_session_save(rustsecp256k1_v0_11_musig_session *session, const rustsecp256k1_v0_11_musig_session_internal *session_i) { +static void secp256k1_musig_session_save(secp256k1_musig_session *session, const secp256k1_musig_session_internal *session_i) { unsigned char *ptr = session->data; - memcpy(ptr, rustsecp256k1_v0_11_musig_session_cache_magic, 4); + memcpy(ptr, secp256k1_musig_session_cache_magic, 4); ptr += 4; *ptr = session_i->fin_nonce_parity; ptr += 1; memcpy(ptr, session_i->fin_nonce, 32); ptr += 32; - rustsecp256k1_v0_11_scalar_get_b32(ptr, &session_i->noncecoef); + secp256k1_scalar_get_b32(ptr, &session_i->noncecoef); ptr += 32; - rustsecp256k1_v0_11_scalar_get_b32(ptr, &session_i->challenge); + secp256k1_scalar_get_b32(ptr, &session_i->challenge); ptr += 32; - rustsecp256k1_v0_11_scalar_get_b32(ptr, &session_i->s_part); + secp256k1_scalar_get_b32(ptr, &session_i->s_part); } -static int rustsecp256k1_v0_11_musig_session_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_session_internal *session_i, const rustsecp256k1_v0_11_musig_session *session) { +static int secp256k1_musig_session_load(const secp256k1_context* ctx, secp256k1_musig_session_internal *session_i, const secp256k1_musig_session *session) { const unsigned char *ptr = session->data; - ARG_CHECK(rustsecp256k1_v0_11_memcmp_var(ptr, rustsecp256k1_v0_11_musig_session_cache_magic, 4) == 0); + ARG_CHECK(secp256k1_memcmp_var(ptr, secp256k1_musig_session_cache_magic, 4) == 0); ptr += 4; session_i->fin_nonce_parity = *ptr; ptr += 1; memcpy(session_i->fin_nonce, ptr, 32); ptr += 32; - rustsecp256k1_v0_11_scalar_set_b32(&session_i->noncecoef, ptr, NULL); + secp256k1_scalar_set_b32(&session_i->noncecoef, ptr, NULL); ptr += 32; - rustsecp256k1_v0_11_scalar_set_b32(&session_i->challenge, ptr, NULL); + secp256k1_scalar_set_b32(&session_i->challenge, ptr, NULL); ptr += 32; - rustsecp256k1_v0_11_scalar_set_b32(&session_i->s_part, ptr, NULL); + secp256k1_scalar_set_b32(&session_i->s_part, ptr, NULL); return 1; } -static const unsigned char rustsecp256k1_v0_11_musig_partial_sig_magic[4] = { 0xeb, 0xfb, 0x1a, 0x32 }; +static const unsigned char secp256k1_musig_partial_sig_magic[4] = { 0xeb, 0xfb, 0x1a, 0x32 }; -static void rustsecp256k1_v0_11_musig_partial_sig_save(rustsecp256k1_v0_11_musig_partial_sig* sig, rustsecp256k1_v0_11_scalar *s) { - memcpy(&sig->data[0], rustsecp256k1_v0_11_musig_partial_sig_magic, 4); - rustsecp256k1_v0_11_scalar_get_b32(&sig->data[4], s); +static void secp256k1_musig_partial_sig_save(secp256k1_musig_partial_sig* sig, secp256k1_scalar *s) { + memcpy(&sig->data[0], secp256k1_musig_partial_sig_magic, 4); + secp256k1_scalar_get_b32(&sig->data[4], s); } -static int rustsecp256k1_v0_11_musig_partial_sig_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_scalar *s, const rustsecp256k1_v0_11_musig_partial_sig* sig) { +static int secp256k1_musig_partial_sig_load(const secp256k1_context* ctx, secp256k1_scalar *s, const secp256k1_musig_partial_sig* sig) { int overflow; - ARG_CHECK(rustsecp256k1_v0_11_memcmp_var(&sig->data[0], rustsecp256k1_v0_11_musig_partial_sig_magic, 4) == 0); - rustsecp256k1_v0_11_scalar_set_b32(s, &sig->data[4], &overflow); + ARG_CHECK(secp256k1_memcmp_var(&sig->data[0], secp256k1_musig_partial_sig_magic, 4) == 0); + secp256k1_scalar_set_b32(s, &sig->data[4], &overflow); /* Parsed signatures can not overflow */ VERIFY_CHECK(!overflow); return 1; } -int rustsecp256k1_v0_11_musig_pubnonce_parse(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_pubnonce* nonce, const unsigned char *in66) { - rustsecp256k1_v0_11_ge ges[2]; +int secp256k1_musig_pubnonce_parse(const secp256k1_context* ctx, secp256k1_musig_pubnonce* nonce, const unsigned char *in66) { + secp256k1_ge ges[2]; int i; VERIFY_CHECK(ctx != NULL); @@ -200,19 +200,19 @@ int rustsecp256k1_v0_11_musig_pubnonce_parse(const rustsecp256k1_v0_11_context* ARG_CHECK(in66 != NULL); for (i = 0; i < 2; i++) { - if (!rustsecp256k1_v0_11_eckey_pubkey_parse(&ges[i], &in66[33*i], 33)) { + if (!secp256k1_eckey_pubkey_parse(&ges[i], &in66[33*i], 33)) { return 0; } - if (!rustsecp256k1_v0_11_ge_is_in_correct_subgroup(&ges[i])) { + if (!secp256k1_ge_is_in_correct_subgroup(&ges[i])) { return 0; } } - rustsecp256k1_v0_11_musig_pubnonce_save(nonce, ges); + secp256k1_musig_pubnonce_save(nonce, ges); return 1; } -int rustsecp256k1_v0_11_musig_pubnonce_serialize(const rustsecp256k1_v0_11_context* ctx, unsigned char *out66, const rustsecp256k1_v0_11_musig_pubnonce* nonce) { - rustsecp256k1_v0_11_ge ges[2]; +int secp256k1_musig_pubnonce_serialize(const secp256k1_context* ctx, unsigned char *out66, const secp256k1_musig_pubnonce* nonce) { + secp256k1_ge ges[2]; int i; VERIFY_CHECK(ctx != NULL); @@ -220,13 +220,13 @@ int rustsecp256k1_v0_11_musig_pubnonce_serialize(const rustsecp256k1_v0_11_conte memset(out66, 0, 66); ARG_CHECK(nonce != NULL); - if (!rustsecp256k1_v0_11_musig_pubnonce_load(ctx, ges, nonce)) { + if (!secp256k1_musig_pubnonce_load(ctx, ges, nonce)) { return 0; } for (i = 0; i < 2; i++) { int ret; size_t size = 33; - ret = rustsecp256k1_v0_11_eckey_pubkey_serialize(&ges[i], &out66[33*i], &size, 1); + ret = secp256k1_eckey_pubkey_serialize(&ges[i], &out66[33*i], &size, 1); #ifdef VERIFY /* serialize must succeed because the point was just loaded */ VERIFY_CHECK(ret && size == 33); @@ -237,8 +237,8 @@ int rustsecp256k1_v0_11_musig_pubnonce_serialize(const rustsecp256k1_v0_11_conte return 1; } -int rustsecp256k1_v0_11_musig_aggnonce_parse(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_aggnonce* nonce, const unsigned char *in66) { - rustsecp256k1_v0_11_ge ges[2]; +int secp256k1_musig_aggnonce_parse(const secp256k1_context* ctx, secp256k1_musig_aggnonce* nonce, const unsigned char *in66) { + secp256k1_ge ges[2]; int i; VERIFY_CHECK(ctx != NULL); @@ -246,16 +246,16 @@ int rustsecp256k1_v0_11_musig_aggnonce_parse(const rustsecp256k1_v0_11_context* ARG_CHECK(in66 != NULL); for (i = 0; i < 2; i++) { - if (!rustsecp256k1_v0_11_musig_ge_parse_ext(&ges[i], &in66[33*i])) { + if (!secp256k1_musig_ge_parse_ext(&ges[i], &in66[33*i])) { return 0; } } - rustsecp256k1_v0_11_musig_aggnonce_save(nonce, ges); + secp256k1_musig_aggnonce_save(nonce, ges); return 1; } -int rustsecp256k1_v0_11_musig_aggnonce_serialize(const rustsecp256k1_v0_11_context* ctx, unsigned char *out66, const rustsecp256k1_v0_11_musig_aggnonce* nonce) { - rustsecp256k1_v0_11_ge ges[2]; +int secp256k1_musig_aggnonce_serialize(const secp256k1_context* ctx, unsigned char *out66, const secp256k1_musig_aggnonce* nonce) { + secp256k1_ge ges[2]; int i; VERIFY_CHECK(ctx != NULL); @@ -263,17 +263,17 @@ int rustsecp256k1_v0_11_musig_aggnonce_serialize(const rustsecp256k1_v0_11_conte memset(out66, 0, 66); ARG_CHECK(nonce != NULL); - if (!rustsecp256k1_v0_11_musig_aggnonce_load(ctx, ges, nonce)) { + if (!secp256k1_musig_aggnonce_load(ctx, ges, nonce)) { return 0; } for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_musig_ge_serialize_ext(&out66[33*i], &ges[i]); + secp256k1_musig_ge_serialize_ext(&out66[33*i], &ges[i]); } return 1; } -int rustsecp256k1_v0_11_musig_partial_sig_parse(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_partial_sig* sig, const unsigned char *in32) { - rustsecp256k1_v0_11_scalar tmp; +int secp256k1_musig_partial_sig_parse(const secp256k1_context* ctx, secp256k1_musig_partial_sig* sig, const unsigned char *in32) { + secp256k1_scalar tmp; int overflow; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sig != NULL); @@ -283,46 +283,46 @@ int rustsecp256k1_v0_11_musig_partial_sig_parse(const rustsecp256k1_v0_11_contex * doesn't check the return value). */ memset(sig, 0, sizeof(*sig)); - rustsecp256k1_v0_11_scalar_set_b32(&tmp, in32, &overflow); + secp256k1_scalar_set_b32(&tmp, in32, &overflow); if (overflow) { return 0; } - rustsecp256k1_v0_11_musig_partial_sig_save(sig, &tmp); + secp256k1_musig_partial_sig_save(sig, &tmp); return 1; } -int rustsecp256k1_v0_11_musig_partial_sig_serialize(const rustsecp256k1_v0_11_context* ctx, unsigned char *out32, const rustsecp256k1_v0_11_musig_partial_sig* sig) { +int secp256k1_musig_partial_sig_serialize(const secp256k1_context* ctx, unsigned char *out32, const secp256k1_musig_partial_sig* sig) { VERIFY_CHECK(ctx != NULL); ARG_CHECK(out32 != NULL); ARG_CHECK(sig != NULL); - ARG_CHECK(rustsecp256k1_v0_11_memcmp_var(&sig->data[0], rustsecp256k1_v0_11_musig_partial_sig_magic, 4) == 0); + ARG_CHECK(secp256k1_memcmp_var(&sig->data[0], secp256k1_musig_partial_sig_magic, 4) == 0); memcpy(out32, &sig->data[4], 32); return 1; } /* Write optional inputs into the hash */ -static void rustsecp256k1_v0_11_nonce_function_musig_helper(rustsecp256k1_v0_11_sha256 *sha, unsigned int prefix_size, const unsigned char *data, unsigned char len) { +static void secp256k1_nonce_function_musig_helper(secp256k1_sha256 *sha, unsigned int prefix_size, const unsigned char *data, unsigned char len) { unsigned char zero[7] = { 0 }; /* The spec requires length prefixes to be between 1 and 8 bytes * (inclusive) */ VERIFY_CHECK(prefix_size >= 1 && prefix_size <= 8); /* Since the length of all input data fits in a byte, we can always pad the * length prefix with prefix_size - 1 zero bytes. */ - rustsecp256k1_v0_11_sha256_write(sha, zero, prefix_size - 1); + secp256k1_sha256_write(sha, zero, prefix_size - 1); if (data != NULL) { - rustsecp256k1_v0_11_sha256_write(sha, &len, 1); - rustsecp256k1_v0_11_sha256_write(sha, data, len); + secp256k1_sha256_write(sha, &len, 1); + secp256k1_sha256_write(sha, data, len); } else { len = 0; - rustsecp256k1_v0_11_sha256_write(sha, &len, 1); + secp256k1_sha256_write(sha, &len, 1); } } /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("MuSig/aux")||SHA256("MuSig/aux"). */ -static void rustsecp256k1_v0_11_nonce_function_musig_sha256_tagged_aux(rustsecp256k1_v0_11_sha256 *sha) { - rustsecp256k1_v0_11_sha256_initialize(sha); +static void secp256k1_nonce_function_musig_sha256_tagged_aux(secp256k1_sha256 *sha) { + secp256k1_sha256_initialize(sha); sha->s[0] = 0xa19e884bul; sha->s[1] = 0xf463fe7eul; sha->s[2] = 0x2f18f9a2ul; @@ -336,8 +336,8 @@ static void rustsecp256k1_v0_11_nonce_function_musig_sha256_tagged_aux(rustsecp2 /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("MuSig/nonce")||SHA256("MuSig/nonce"). */ -static void rustsecp256k1_v0_11_nonce_function_musig_sha256_tagged(rustsecp256k1_v0_11_sha256 *sha) { - rustsecp256k1_v0_11_sha256_initialize(sha); +static void secp256k1_nonce_function_musig_sha256_tagged(secp256k1_sha256 *sha) { + secp256k1_sha256_initialize(sha); sha->s[0] = 0x07101b64ul; sha->s[1] = 0x18003414ul; sha->s[2] = 0x0391bc43ul; @@ -349,16 +349,16 @@ static void rustsecp256k1_v0_11_nonce_function_musig_sha256_tagged(rustsecp256k1 sha->bytes = 64; } -static void rustsecp256k1_v0_11_nonce_function_musig(rustsecp256k1_v0_11_scalar *k, const unsigned char *session_secrand, const unsigned char *msg32, const unsigned char *seckey32, const unsigned char *pk33, const unsigned char *agg_pk32, const unsigned char *extra_input32) { - rustsecp256k1_v0_11_sha256 sha; +static void secp256k1_nonce_function_musig(secp256k1_scalar *k, const unsigned char *session_secrand, const unsigned char *msg32, const unsigned char *seckey32, const unsigned char *pk33, const unsigned char *agg_pk32, const unsigned char *extra_input32) { + secp256k1_sha256 sha; unsigned char rand[32]; unsigned char i; unsigned char msg_present; if (seckey32 != NULL) { - rustsecp256k1_v0_11_nonce_function_musig_sha256_tagged_aux(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, session_secrand, 32); - rustsecp256k1_v0_11_sha256_finalize(&sha, rand); + secp256k1_nonce_function_musig_sha256_tagged_aux(&sha); + secp256k1_sha256_write(&sha, session_secrand, 32); + secp256k1_sha256_finalize(&sha, rand); for (i = 0; i < 32; i++) { rand[i] ^= seckey32[i]; } @@ -366,69 +366,70 @@ static void rustsecp256k1_v0_11_nonce_function_musig(rustsecp256k1_v0_11_scalar memcpy(rand, session_secrand, sizeof(rand)); } - rustsecp256k1_v0_11_nonce_function_musig_sha256_tagged(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, rand, sizeof(rand)); - rustsecp256k1_v0_11_nonce_function_musig_helper(&sha, 1, pk33, 33); - rustsecp256k1_v0_11_nonce_function_musig_helper(&sha, 1, agg_pk32, 32); + secp256k1_nonce_function_musig_sha256_tagged(&sha); + secp256k1_sha256_write(&sha, rand, sizeof(rand)); + secp256k1_nonce_function_musig_helper(&sha, 1, pk33, 33); + secp256k1_nonce_function_musig_helper(&sha, 1, agg_pk32, 32); msg_present = msg32 != NULL; - rustsecp256k1_v0_11_sha256_write(&sha, &msg_present, 1); + secp256k1_sha256_write(&sha, &msg_present, 1); if (msg_present) { - rustsecp256k1_v0_11_nonce_function_musig_helper(&sha, 8, msg32, 32); + secp256k1_nonce_function_musig_helper(&sha, 8, msg32, 32); } - rustsecp256k1_v0_11_nonce_function_musig_helper(&sha, 4, extra_input32, 32); + secp256k1_nonce_function_musig_helper(&sha, 4, extra_input32, 32); for (i = 0; i < 2; i++) { unsigned char buf[32]; - rustsecp256k1_v0_11_sha256 sha_tmp = sha; - rustsecp256k1_v0_11_sha256_write(&sha_tmp, &i, 1); - rustsecp256k1_v0_11_sha256_finalize(&sha_tmp, buf); - rustsecp256k1_v0_11_scalar_set_b32(&k[i], buf, NULL); + secp256k1_sha256 sha_tmp = sha; + secp256k1_sha256_write(&sha_tmp, &i, 1); + secp256k1_sha256_finalize(&sha_tmp, buf); + secp256k1_scalar_set_b32(&k[i], buf, NULL); /* Attempt to erase secret data */ - rustsecp256k1_v0_11_memclear(buf, sizeof(buf)); - rustsecp256k1_v0_11_sha256_clear(&sha_tmp); + secp256k1_memclear_explicit(buf, sizeof(buf)); + secp256k1_sha256_clear(&sha_tmp); } - rustsecp256k1_v0_11_memclear(rand, sizeof(rand)); - rustsecp256k1_v0_11_sha256_clear(&sha); + secp256k1_memclear_explicit(rand, sizeof(rand)); + secp256k1_sha256_clear(&sha); } -static int rustsecp256k1_v0_11_musig_nonce_gen_internal(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_secnonce *secnonce, rustsecp256k1_v0_11_musig_pubnonce *pubnonce, const unsigned char *input_nonce, const unsigned char *seckey, const rustsecp256k1_v0_11_pubkey *pubkey, const unsigned char *msg32, const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) { - rustsecp256k1_v0_11_scalar k[2]; - rustsecp256k1_v0_11_ge nonce_pts[2]; +static int secp256k1_musig_nonce_gen_internal(const secp256k1_context* ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, const unsigned char *input_nonce, const unsigned char *seckey, const secp256k1_pubkey *pubkey, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) { + secp256k1_scalar k[2]; + secp256k1_ge nonce_pts[2]; + secp256k1_gej nonce_ptj[2]; int i; unsigned char pk_ser[33]; size_t pk_ser_len = sizeof(pk_ser); unsigned char aggpk_ser[32]; unsigned char *aggpk_ser_ptr = NULL; - rustsecp256k1_v0_11_ge pk; + secp256k1_ge pk; int pk_serialize_success; int ret = 1; ARG_CHECK(pubnonce != NULL); memset(pubnonce, 0, sizeof(*pubnonce)); ARG_CHECK(pubkey != NULL); - ARG_CHECK(rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); /* Check that the seckey is valid to be able to sign for it later. */ if (seckey != NULL) { - rustsecp256k1_v0_11_scalar sk; - ret &= rustsecp256k1_v0_11_scalar_set_b32_seckey(&sk, seckey); - rustsecp256k1_v0_11_scalar_clear(&sk); + secp256k1_scalar sk; + ret &= secp256k1_scalar_set_b32_seckey(&sk, seckey); + secp256k1_scalar_clear(&sk); } if (keyagg_cache != NULL) { - rustsecp256k1_v0_11_keyagg_cache_internal cache_i; - if (!rustsecp256k1_v0_11_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { + secp256k1_keyagg_cache_internal cache_i; + if (!secp256k1_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { return 0; } /* The loaded point cache_i.pk can not be the point at infinity. */ - rustsecp256k1_v0_11_fe_get_b32(aggpk_ser, &cache_i.pk.x); + secp256k1_fe_get_b32(aggpk_ser, &cache_i.pk.x); aggpk_ser_ptr = aggpk_ser; } - if (!rustsecp256k1_v0_11_pubkey_load(ctx, &pk, pubkey)) { + if (!secp256k1_pubkey_load(ctx, &pk, pubkey)) { return 0; } - pk_serialize_success = rustsecp256k1_v0_11_eckey_pubkey_serialize(&pk, pk_ser, &pk_ser_len, 1); + pk_serialize_success = secp256k1_eckey_pubkey_serialize(&pk, pk_ser, &pk_ser_len, 1); #ifdef VERIFY /* A pubkey cannot be the point at infinity */ @@ -438,27 +439,34 @@ static int rustsecp256k1_v0_11_musig_nonce_gen_internal(const rustsecp256k1_v0_1 (void) pk_serialize_success; #endif - rustsecp256k1_v0_11_nonce_function_musig(k, input_nonce, msg32, seckey, pk_ser, aggpk_ser_ptr, extra_input32); - VERIFY_CHECK(!rustsecp256k1_v0_11_scalar_is_zero(&k[0])); - VERIFY_CHECK(!rustsecp256k1_v0_11_scalar_is_zero(&k[1])); - rustsecp256k1_v0_11_musig_secnonce_save(secnonce, k, &pk); - rustsecp256k1_v0_11_musig_secnonce_invalidate(ctx, secnonce, !ret); + secp256k1_nonce_function_musig(k, input_nonce, msg32, seckey, pk_ser, aggpk_ser_ptr, extra_input32); + VERIFY_CHECK(!secp256k1_scalar_is_zero(&k[0])); + VERIFY_CHECK(!secp256k1_scalar_is_zero(&k[1])); + secp256k1_musig_secnonce_save(secnonce, k, &pk); + secp256k1_musig_secnonce_invalidate(ctx, secnonce, !ret); + /* Compute pubnonce as two gejs */ for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_gej nonce_ptj; - rustsecp256k1_v0_11_ecmult_gen(&ctx->ecmult_gen_ctx, &nonce_ptj, &k[i]); - rustsecp256k1_v0_11_ge_set_gej(&nonce_pts[i], &nonce_ptj); - rustsecp256k1_v0_11_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts[i])); - rustsecp256k1_v0_11_scalar_clear(&k[i]); - rustsecp256k1_v0_11_gej_clear(&nonce_ptj); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &nonce_ptj[i], &k[i]); + secp256k1_scalar_clear(&k[i]); + } + + /* Batch convert to two public ges */ + secp256k1_ge_set_all_gej(nonce_pts, nonce_ptj, 2); + for (i = 0; i < 2; i++) { + secp256k1_gej_clear(&nonce_ptj[i]); + } + + for (i = 0; i < 2; i++) { + secp256k1_declassify(ctx, &nonce_pts[i], sizeof(nonce_pts[i])); } /* None of the nonce_pts will be infinity because k != 0 with overwhelming * probability */ - rustsecp256k1_v0_11_musig_pubnonce_save(pubnonce, nonce_pts); + secp256k1_musig_pubnonce_save(pubnonce, nonce_pts); return ret; } -int rustsecp256k1_v0_11_musig_nonce_gen(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_secnonce *secnonce, rustsecp256k1_v0_11_musig_pubnonce *pubnonce, unsigned char *session_secrand32, const unsigned char *seckey, const rustsecp256k1_v0_11_pubkey *pubkey, const unsigned char *msg32, const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) { +int secp256k1_musig_nonce_gen(const secp256k1_context* ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, unsigned char *session_secrand32, const unsigned char *seckey, const secp256k1_pubkey *pubkey, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) { int ret = 1; VERIFY_CHECK(ctx != NULL); @@ -468,28 +476,28 @@ int rustsecp256k1_v0_11_musig_nonce_gen(const rustsecp256k1_v0_11_context* ctx, /* Check in constant time that the session_secrand32 is not 0 as a * defense-in-depth measure that may protect against a faulty RNG. */ - ret &= !rustsecp256k1_v0_11_is_zero_array(session_secrand32, 32); + ret &= !secp256k1_is_zero_array(session_secrand32, 32); /* We can declassify because branching on ret is only relevant when this * function called with an invalid session_secrand32 argument */ - rustsecp256k1_v0_11_declassify(ctx, &ret, sizeof(ret)); + secp256k1_declassify(ctx, &ret, sizeof(ret)); if (ret == 0) { - rustsecp256k1_v0_11_musig_secnonce_invalidate(ctx, secnonce, 1); + secp256k1_musig_secnonce_invalidate(ctx, secnonce, 1); return 0; } - ret &= rustsecp256k1_v0_11_musig_nonce_gen_internal(ctx, secnonce, pubnonce, session_secrand32, seckey, pubkey, msg32, keyagg_cache, extra_input32); + ret &= secp256k1_musig_nonce_gen_internal(ctx, secnonce, pubnonce, session_secrand32, seckey, pubkey, msg32, keyagg_cache, extra_input32); /* Set the session_secrand32 buffer to zero to prevent the caller from using * nonce_gen multiple times with the same buffer. */ - rustsecp256k1_v0_11_memczero(session_secrand32, 32, ret); + secp256k1_memczero(session_secrand32, 32, ret); return ret; } -int rustsecp256k1_v0_11_musig_nonce_gen_counter(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_secnonce *secnonce, rustsecp256k1_v0_11_musig_pubnonce *pubnonce, uint64_t nonrepeating_cnt, const rustsecp256k1_v0_11_keypair *keypair, const unsigned char *msg32, const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) { +int secp256k1_musig_nonce_gen_counter(const secp256k1_context* ctx, secp256k1_musig_secnonce *secnonce, secp256k1_musig_pubnonce *pubnonce, uint64_t nonrepeating_cnt, const secp256k1_keypair *keypair, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *extra_input32) { unsigned char buf[32] = { 0 }; unsigned char seckey[32]; - rustsecp256k1_v0_11_pubkey pubkey; + secp256k1_pubkey pubkey; int ret; VERIFY_CHECK(ctx != NULL); @@ -497,62 +505,62 @@ int rustsecp256k1_v0_11_musig_nonce_gen_counter(const rustsecp256k1_v0_11_contex memset(secnonce, 0, sizeof(*secnonce)); ARG_CHECK(keypair != NULL); - rustsecp256k1_v0_11_write_be64(buf, nonrepeating_cnt); + secp256k1_write_be64(buf, nonrepeating_cnt); /* keypair_sec and keypair_pub do not fail if the arguments are not NULL */ - ret = rustsecp256k1_v0_11_keypair_sec(ctx, seckey, keypair); + ret = secp256k1_keypair_sec(ctx, seckey, keypair); VERIFY_CHECK(ret); - ret = rustsecp256k1_v0_11_keypair_pub(ctx, &pubkey, keypair); + ret = secp256k1_keypair_pub(ctx, &pubkey, keypair); VERIFY_CHECK(ret); #ifndef VERIFY (void) ret; #endif - if (!rustsecp256k1_v0_11_musig_nonce_gen_internal(ctx, secnonce, pubnonce, buf, seckey, &pubkey, msg32, keyagg_cache, extra_input32)) { + if (!secp256k1_musig_nonce_gen_internal(ctx, secnonce, pubnonce, buf, seckey, &pubkey, msg32, keyagg_cache, extra_input32)) { return 0; } - rustsecp256k1_v0_11_memclear(seckey, sizeof(seckey)); + secp256k1_memclear_explicit(seckey, sizeof(seckey)); return 1; } -static int rustsecp256k1_v0_11_musig_sum_pubnonces(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_gej *summed_pubnonces, const rustsecp256k1_v0_11_musig_pubnonce * const* pubnonces, size_t n_pubnonces) { +static int secp256k1_musig_sum_pubnonces(const secp256k1_context* ctx, secp256k1_gej *summed_pubnonces, const secp256k1_musig_pubnonce * const* pubnonces, size_t n_pubnonces) { size_t i; int j; - rustsecp256k1_v0_11_gej_set_infinity(&summed_pubnonces[0]); - rustsecp256k1_v0_11_gej_set_infinity(&summed_pubnonces[1]); + secp256k1_gej_set_infinity(&summed_pubnonces[0]); + secp256k1_gej_set_infinity(&summed_pubnonces[1]); for (i = 0; i < n_pubnonces; i++) { - rustsecp256k1_v0_11_ge nonce_pts[2]; - if (!rustsecp256k1_v0_11_musig_pubnonce_load(ctx, nonce_pts, pubnonces[i])) { + secp256k1_ge nonce_pts[2]; + if (!secp256k1_musig_pubnonce_load(ctx, nonce_pts, pubnonces[i])) { return 0; } for (j = 0; j < 2; j++) { - rustsecp256k1_v0_11_gej_add_ge_var(&summed_pubnonces[j], &summed_pubnonces[j], &nonce_pts[j], NULL); + secp256k1_gej_add_ge_var(&summed_pubnonces[j], &summed_pubnonces[j], &nonce_pts[j], NULL); } } return 1; } -int rustsecp256k1_v0_11_musig_nonce_agg(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_aggnonce *aggnonce, const rustsecp256k1_v0_11_musig_pubnonce * const* pubnonces, size_t n_pubnonces) { - rustsecp256k1_v0_11_gej aggnonce_ptsj[2]; - rustsecp256k1_v0_11_ge aggnonce_pts[2]; +int secp256k1_musig_nonce_agg(const secp256k1_context* ctx, secp256k1_musig_aggnonce *aggnonce, const secp256k1_musig_pubnonce * const* pubnonces, size_t n_pubnonces) { + secp256k1_gej aggnonce_ptsj[2]; + secp256k1_ge aggnonce_pts[2]; VERIFY_CHECK(ctx != NULL); ARG_CHECK(aggnonce != NULL); ARG_CHECK(pubnonces != NULL); ARG_CHECK(n_pubnonces > 0); - if (!rustsecp256k1_v0_11_musig_sum_pubnonces(ctx, aggnonce_ptsj, pubnonces, n_pubnonces)) { + if (!secp256k1_musig_sum_pubnonces(ctx, aggnonce_ptsj, pubnonces, n_pubnonces)) { return 0; } - rustsecp256k1_v0_11_ge_set_all_gej_var(aggnonce_pts, aggnonce_ptsj, 2); - rustsecp256k1_v0_11_musig_aggnonce_save(aggnonce, aggnonce_pts); + secp256k1_ge_set_all_gej_var(aggnonce_pts, aggnonce_ptsj, 2); + secp256k1_musig_aggnonce_save(aggnonce, aggnonce_pts); return 1; } /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("MuSig/noncecoef")||SHA256("MuSig/noncecoef"). */ -static void rustsecp256k1_v0_11_musig_compute_noncehash_sha256_tagged(rustsecp256k1_v0_11_sha256 *sha) { - rustsecp256k1_v0_11_sha256_initialize(sha); +static void secp256k1_musig_compute_noncehash_sha256_tagged(secp256k1_sha256 *sha) { + secp256k1_sha256_initialize(sha); sha->s[0] = 0x2c7d5a45ul; sha->s[1] = 0x06bf7e53ul; sha->s[2] = 0x89be68a6ul; @@ -565,55 +573,55 @@ static void rustsecp256k1_v0_11_musig_compute_noncehash_sha256_tagged(rustsecp25 } /* tagged_hash(aggnonce[0], aggnonce[1], agg_pk, msg) */ -static void rustsecp256k1_v0_11_musig_compute_noncehash(unsigned char *noncehash, rustsecp256k1_v0_11_ge *aggnonce, const unsigned char *agg_pk32, const unsigned char *msg) { +static void secp256k1_musig_compute_noncehash(unsigned char *noncehash, secp256k1_ge *aggnonce, const unsigned char *agg_pk32, const unsigned char *msg) { unsigned char buf[33]; - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; int i; - rustsecp256k1_v0_11_musig_compute_noncehash_sha256_tagged(&sha); + secp256k1_musig_compute_noncehash_sha256_tagged(&sha); for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_musig_ge_serialize_ext(buf, &aggnonce[i]); - rustsecp256k1_v0_11_sha256_write(&sha, buf, sizeof(buf)); + secp256k1_musig_ge_serialize_ext(buf, &aggnonce[i]); + secp256k1_sha256_write(&sha, buf, sizeof(buf)); } - rustsecp256k1_v0_11_sha256_write(&sha, agg_pk32, 32); - rustsecp256k1_v0_11_sha256_write(&sha, msg, 32); - rustsecp256k1_v0_11_sha256_finalize(&sha, noncehash); + secp256k1_sha256_write(&sha, agg_pk32, 32); + secp256k1_sha256_write(&sha, msg, 32); + secp256k1_sha256_finalize(&sha, noncehash); } /* out_nonce = nonce_pts[0] + b*nonce_pts[1] */ -static void rustsecp256k1_v0_11_effective_nonce(rustsecp256k1_v0_11_gej *out_nonce, const rustsecp256k1_v0_11_ge *nonce_pts, const rustsecp256k1_v0_11_scalar *b) { - rustsecp256k1_v0_11_gej tmp; +static void secp256k1_effective_nonce(secp256k1_gej *out_nonce, const secp256k1_ge *nonce_pts, const secp256k1_scalar *b) { + secp256k1_gej tmp; - rustsecp256k1_v0_11_gej_set_ge(&tmp, &nonce_pts[1]); - rustsecp256k1_v0_11_ecmult(out_nonce, &tmp, b, NULL); - rustsecp256k1_v0_11_gej_add_ge_var(out_nonce, out_nonce, &nonce_pts[0], NULL); + secp256k1_gej_set_ge(&tmp, &nonce_pts[1]); + secp256k1_ecmult(out_nonce, &tmp, b, NULL); + secp256k1_gej_add_ge_var(out_nonce, out_nonce, &nonce_pts[0], NULL); } -static void rustsecp256k1_v0_11_musig_nonce_process_internal(int *fin_nonce_parity, unsigned char *fin_nonce, rustsecp256k1_v0_11_scalar *b, rustsecp256k1_v0_11_ge *aggnonce_pts, const unsigned char *agg_pk32, const unsigned char *msg) { +static void secp256k1_musig_nonce_process_internal(int *fin_nonce_parity, unsigned char *fin_nonce, secp256k1_scalar *b, secp256k1_ge *aggnonce_pts, const unsigned char *agg_pk32, const unsigned char *msg) { unsigned char noncehash[32]; - rustsecp256k1_v0_11_ge fin_nonce_pt; - rustsecp256k1_v0_11_gej fin_nonce_ptj; + secp256k1_ge fin_nonce_pt; + secp256k1_gej fin_nonce_ptj; - rustsecp256k1_v0_11_musig_compute_noncehash(noncehash, aggnonce_pts, agg_pk32, msg); - rustsecp256k1_v0_11_scalar_set_b32(b, noncehash, NULL); + secp256k1_musig_compute_noncehash(noncehash, aggnonce_pts, agg_pk32, msg); + secp256k1_scalar_set_b32(b, noncehash, NULL); /* fin_nonce = aggnonce_pts[0] + b*aggnonce_pts[1] */ - rustsecp256k1_v0_11_effective_nonce(&fin_nonce_ptj, aggnonce_pts, b); - rustsecp256k1_v0_11_ge_set_gej(&fin_nonce_pt, &fin_nonce_ptj); - if (rustsecp256k1_v0_11_ge_is_infinity(&fin_nonce_pt)) { - fin_nonce_pt = rustsecp256k1_v0_11_ge_const_g; + secp256k1_effective_nonce(&fin_nonce_ptj, aggnonce_pts, b); + secp256k1_ge_set_gej(&fin_nonce_pt, &fin_nonce_ptj); + if (secp256k1_ge_is_infinity(&fin_nonce_pt)) { + fin_nonce_pt = secp256k1_ge_const_g; } /* fin_nonce_pt is not the point at infinity */ - rustsecp256k1_v0_11_fe_normalize_var(&fin_nonce_pt.x); - rustsecp256k1_v0_11_fe_get_b32(fin_nonce, &fin_nonce_pt.x); - rustsecp256k1_v0_11_fe_normalize_var(&fin_nonce_pt.y); - *fin_nonce_parity = rustsecp256k1_v0_11_fe_is_odd(&fin_nonce_pt.y); + secp256k1_fe_normalize_var(&fin_nonce_pt.x); + secp256k1_fe_get_b32(fin_nonce, &fin_nonce_pt.x); + secp256k1_fe_normalize_var(&fin_nonce_pt.y); + *fin_nonce_parity = secp256k1_fe_is_odd(&fin_nonce_pt.y); } -int rustsecp256k1_v0_11_musig_nonce_process(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_session *session, const rustsecp256k1_v0_11_musig_aggnonce *aggnonce, const unsigned char *msg32, const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache) { - rustsecp256k1_v0_11_keyagg_cache_internal cache_i; - rustsecp256k1_v0_11_ge aggnonce_pts[2]; +int secp256k1_musig_nonce_process(const secp256k1_context* ctx, secp256k1_musig_session *session, const secp256k1_musig_aggnonce *aggnonce, const unsigned char *msg32, const secp256k1_musig_keyagg_cache *keyagg_cache) { + secp256k1_keyagg_cache_internal cache_i; + secp256k1_ge aggnonce_pts[2]; unsigned char fin_nonce[32]; - rustsecp256k1_v0_11_musig_session_internal session_i; + secp256k1_musig_session_internal session_i; unsigned char agg_pk32[32]; VERIFY_CHECK(ctx != NULL); @@ -622,58 +630,58 @@ int rustsecp256k1_v0_11_musig_nonce_process(const rustsecp256k1_v0_11_context* c ARG_CHECK(msg32 != NULL); ARG_CHECK(keyagg_cache != NULL); - if (!rustsecp256k1_v0_11_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { + if (!secp256k1_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { return 0; } - rustsecp256k1_v0_11_fe_get_b32(agg_pk32, &cache_i.pk.x); + secp256k1_fe_get_b32(agg_pk32, &cache_i.pk.x); - if (!rustsecp256k1_v0_11_musig_aggnonce_load(ctx, aggnonce_pts, aggnonce)) { + if (!secp256k1_musig_aggnonce_load(ctx, aggnonce_pts, aggnonce)) { return 0; } - rustsecp256k1_v0_11_musig_nonce_process_internal(&session_i.fin_nonce_parity, fin_nonce, &session_i.noncecoef, aggnonce_pts, agg_pk32, msg32); - rustsecp256k1_v0_11_schnorrsig_challenge(&session_i.challenge, fin_nonce, msg32, 32, agg_pk32); + secp256k1_musig_nonce_process_internal(&session_i.fin_nonce_parity, fin_nonce, &session_i.noncecoef, aggnonce_pts, agg_pk32, msg32); + secp256k1_schnorrsig_challenge(&session_i.challenge, fin_nonce, msg32, 32, agg_pk32); /* If there is a tweak then set `challenge` times `tweak` to the `s`-part.*/ - rustsecp256k1_v0_11_scalar_set_int(&session_i.s_part, 0); - if (!rustsecp256k1_v0_11_scalar_is_zero(&cache_i.tweak)) { - rustsecp256k1_v0_11_scalar e_tmp; - rustsecp256k1_v0_11_scalar_mul(&e_tmp, &session_i.challenge, &cache_i.tweak); - if (rustsecp256k1_v0_11_fe_is_odd(&cache_i.pk.y)) { - rustsecp256k1_v0_11_scalar_negate(&e_tmp, &e_tmp); + secp256k1_scalar_set_int(&session_i.s_part, 0); + if (!secp256k1_scalar_is_zero(&cache_i.tweak)) { + secp256k1_scalar e_tmp; + secp256k1_scalar_mul(&e_tmp, &session_i.challenge, &cache_i.tweak); + if (secp256k1_fe_is_odd(&cache_i.pk.y)) { + secp256k1_scalar_negate(&e_tmp, &e_tmp); } session_i.s_part = e_tmp; } memcpy(session_i.fin_nonce, fin_nonce, sizeof(session_i.fin_nonce)); - rustsecp256k1_v0_11_musig_session_save(session, &session_i); + secp256k1_musig_session_save(session, &session_i); return 1; } -static void rustsecp256k1_v0_11_musig_partial_sign_clear(rustsecp256k1_v0_11_scalar *sk, rustsecp256k1_v0_11_scalar *k) { - rustsecp256k1_v0_11_scalar_clear(sk); - rustsecp256k1_v0_11_scalar_clear(&k[0]); - rustsecp256k1_v0_11_scalar_clear(&k[1]); +static void secp256k1_musig_partial_sign_clear(secp256k1_scalar *sk, secp256k1_scalar *k) { + secp256k1_scalar_clear(sk); + secp256k1_scalar_clear(&k[0]); + secp256k1_scalar_clear(&k[1]); } -int rustsecp256k1_v0_11_musig_partial_sign(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_musig_partial_sig *partial_sig, rustsecp256k1_v0_11_musig_secnonce *secnonce, const rustsecp256k1_v0_11_keypair *keypair, const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const rustsecp256k1_v0_11_musig_session *session) { - rustsecp256k1_v0_11_scalar sk; - rustsecp256k1_v0_11_ge pk, keypair_pk; - rustsecp256k1_v0_11_scalar k[2]; - rustsecp256k1_v0_11_scalar mu, s; - rustsecp256k1_v0_11_keyagg_cache_internal cache_i; - rustsecp256k1_v0_11_musig_session_internal session_i; +int secp256k1_musig_partial_sign(const secp256k1_context* ctx, secp256k1_musig_partial_sig *partial_sig, secp256k1_musig_secnonce *secnonce, const secp256k1_keypair *keypair, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) { + secp256k1_scalar sk; + secp256k1_ge pk, keypair_pk; + secp256k1_scalar k[2]; + secp256k1_scalar mu, s; + secp256k1_keyagg_cache_internal cache_i; + secp256k1_musig_session_internal session_i; int ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(secnonce != NULL); /* Fails if the magic doesn't match */ - ret = rustsecp256k1_v0_11_musig_secnonce_load(ctx, k, &pk, secnonce); + ret = secp256k1_musig_secnonce_load(ctx, k, &pk, secnonce); /* Set nonce to zero to avoid nonce reuse. This will cause subsequent calls * of this function to fail */ - memset(secnonce, 0, sizeof(*secnonce)); + secp256k1_memzero_explicit(secnonce, sizeof(*secnonce)); if (!ret) { - rustsecp256k1_v0_11_musig_partial_sign_clear(&sk, k); + secp256k1_musig_partial_sign_clear(&sk, k); return 0; } @@ -682,58 +690,58 @@ int rustsecp256k1_v0_11_musig_partial_sign(const rustsecp256k1_v0_11_context* ct ARG_CHECK(keyagg_cache != NULL); ARG_CHECK(session != NULL); - if (!rustsecp256k1_v0_11_keypair_load(ctx, &sk, &keypair_pk, keypair)) { - rustsecp256k1_v0_11_musig_partial_sign_clear(&sk, k); + if (!secp256k1_keypair_load(ctx, &sk, &keypair_pk, keypair)) { + secp256k1_musig_partial_sign_clear(&sk, k); return 0; } - ARG_CHECK(rustsecp256k1_v0_11_fe_equal(&pk.x, &keypair_pk.x) - && rustsecp256k1_v0_11_fe_equal(&pk.y, &keypair_pk.y)); - if (!rustsecp256k1_v0_11_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { - rustsecp256k1_v0_11_musig_partial_sign_clear(&sk, k); + ARG_CHECK(secp256k1_fe_equal(&pk.x, &keypair_pk.x) + && secp256k1_fe_equal(&pk.y, &keypair_pk.y)); + if (!secp256k1_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { + secp256k1_musig_partial_sign_clear(&sk, k); return 0; } - /* Negate sk if rustsecp256k1_v0_11_fe_is_odd(&cache_i.pk.y)) XOR cache_i.parity_acc. + /* Negate sk if secp256k1_fe_is_odd(&cache_i.pk.y)) XOR cache_i.parity_acc. * This corresponds to the line "Let d = g⋅gacc⋅d' mod n" in the * specification. */ - if ((rustsecp256k1_v0_11_fe_is_odd(&cache_i.pk.y) + if ((secp256k1_fe_is_odd(&cache_i.pk.y) != cache_i.parity_acc)) { - rustsecp256k1_v0_11_scalar_negate(&sk, &sk); + secp256k1_scalar_negate(&sk, &sk); } /* Multiply KeyAgg coefficient */ - rustsecp256k1_v0_11_musig_keyaggcoef(&mu, &cache_i, &pk); - rustsecp256k1_v0_11_scalar_mul(&sk, &sk, &mu); + secp256k1_musig_keyaggcoef(&mu, &cache_i, &pk); + secp256k1_scalar_mul(&sk, &sk, &mu); - if (!rustsecp256k1_v0_11_musig_session_load(ctx, &session_i, session)) { - rustsecp256k1_v0_11_musig_partial_sign_clear(&sk, k); + if (!secp256k1_musig_session_load(ctx, &session_i, session)) { + secp256k1_musig_partial_sign_clear(&sk, k); return 0; } if (session_i.fin_nonce_parity) { - rustsecp256k1_v0_11_scalar_negate(&k[0], &k[0]); - rustsecp256k1_v0_11_scalar_negate(&k[1], &k[1]); + secp256k1_scalar_negate(&k[0], &k[0]); + secp256k1_scalar_negate(&k[1], &k[1]); } /* Sign */ - rustsecp256k1_v0_11_scalar_mul(&s, &session_i.challenge, &sk); - rustsecp256k1_v0_11_scalar_mul(&k[1], &session_i.noncecoef, &k[1]); - rustsecp256k1_v0_11_scalar_add(&k[0], &k[0], &k[1]); - rustsecp256k1_v0_11_scalar_add(&s, &s, &k[0]); - rustsecp256k1_v0_11_musig_partial_sig_save(partial_sig, &s); - rustsecp256k1_v0_11_musig_partial_sign_clear(&sk, k); + secp256k1_scalar_mul(&s, &session_i.challenge, &sk); + secp256k1_scalar_mul(&k[1], &session_i.noncecoef, &k[1]); + secp256k1_scalar_add(&k[0], &k[0], &k[1]); + secp256k1_scalar_add(&s, &s, &k[0]); + secp256k1_musig_partial_sig_save(partial_sig, &s); + secp256k1_musig_partial_sign_clear(&sk, k); return 1; } -int rustsecp256k1_v0_11_musig_partial_sig_verify(const rustsecp256k1_v0_11_context* ctx, const rustsecp256k1_v0_11_musig_partial_sig *partial_sig, const rustsecp256k1_v0_11_musig_pubnonce *pubnonce, const rustsecp256k1_v0_11_pubkey *pubkey, const rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const rustsecp256k1_v0_11_musig_session *session) { - rustsecp256k1_v0_11_keyagg_cache_internal cache_i; - rustsecp256k1_v0_11_musig_session_internal session_i; - rustsecp256k1_v0_11_scalar mu, e, s; - rustsecp256k1_v0_11_gej pkj; - rustsecp256k1_v0_11_ge nonce_pts[2]; - rustsecp256k1_v0_11_gej rj; - rustsecp256k1_v0_11_gej tmp; - rustsecp256k1_v0_11_ge pkp; +int secp256k1_musig_partial_sig_verify(const secp256k1_context* ctx, const secp256k1_musig_partial_sig *partial_sig, const secp256k1_musig_pubnonce *pubnonce, const secp256k1_pubkey *pubkey, const secp256k1_musig_keyagg_cache *keyagg_cache, const secp256k1_musig_session *session) { + secp256k1_keyagg_cache_internal cache_i; + secp256k1_musig_session_internal session_i; + secp256k1_scalar mu, e, s; + secp256k1_gej pkj; + secp256k1_ge nonce_pts[2]; + secp256k1_gej rj; + secp256k1_gej tmp; + secp256k1_ge pkp; VERIFY_CHECK(ctx != NULL); ARG_CHECK(partial_sig != NULL); @@ -742,55 +750,55 @@ int rustsecp256k1_v0_11_musig_partial_sig_verify(const rustsecp256k1_v0_11_conte ARG_CHECK(keyagg_cache != NULL); ARG_CHECK(session != NULL); - if (!rustsecp256k1_v0_11_musig_session_load(ctx, &session_i, session)) { + if (!secp256k1_musig_session_load(ctx, &session_i, session)) { return 0; } - if (!rustsecp256k1_v0_11_musig_pubnonce_load(ctx, nonce_pts, pubnonce)) { + if (!secp256k1_musig_pubnonce_load(ctx, nonce_pts, pubnonce)) { return 0; } /* Compute "effective" nonce rj = nonce_pts[0] + b*nonce_pts[1] */ /* TODO: use multiexp to compute -s*G + e*mu*pubkey + nonce_pts[0] + b*nonce_pts[1] */ - rustsecp256k1_v0_11_effective_nonce(&rj, nonce_pts, &session_i.noncecoef); + secp256k1_effective_nonce(&rj, nonce_pts, &session_i.noncecoef); - if (!rustsecp256k1_v0_11_pubkey_load(ctx, &pkp, pubkey)) { + if (!secp256k1_pubkey_load(ctx, &pkp, pubkey)) { return 0; } - if (!rustsecp256k1_v0_11_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { + if (!secp256k1_keyagg_cache_load(ctx, &cache_i, keyagg_cache)) { return 0; } /* Multiplying the challenge by the KeyAgg coefficient is equivalent * to multiplying the signer's public key by the coefficient, except * much easier to do. */ - rustsecp256k1_v0_11_musig_keyaggcoef(&mu, &cache_i, &pkp); - rustsecp256k1_v0_11_scalar_mul(&e, &session_i.challenge, &mu); + secp256k1_musig_keyaggcoef(&mu, &cache_i, &pkp); + secp256k1_scalar_mul(&e, &session_i.challenge, &mu); - /* Negate e if rustsecp256k1_v0_11_fe_is_odd(&cache_i.pk.y)) XOR cache_i.parity_acc. + /* Negate e if secp256k1_fe_is_odd(&cache_i.pk.y)) XOR cache_i.parity_acc. * This corresponds to the line "Let g' = g⋅gacc mod n" and the multiplication "g'⋅e" * in the specification. */ - if (rustsecp256k1_v0_11_fe_is_odd(&cache_i.pk.y) + if (secp256k1_fe_is_odd(&cache_i.pk.y) != cache_i.parity_acc) { - rustsecp256k1_v0_11_scalar_negate(&e, &e); + secp256k1_scalar_negate(&e, &e); } - if (!rustsecp256k1_v0_11_musig_partial_sig_load(ctx, &s, partial_sig)) { + if (!secp256k1_musig_partial_sig_load(ctx, &s, partial_sig)) { return 0; } /* Compute -s*G + e*pkj + rj (e already includes the keyagg coefficient mu) */ - rustsecp256k1_v0_11_scalar_negate(&s, &s); - rustsecp256k1_v0_11_gej_set_ge(&pkj, &pkp); - rustsecp256k1_v0_11_ecmult(&tmp, &pkj, &e, &s); + secp256k1_scalar_negate(&s, &s); + secp256k1_gej_set_ge(&pkj, &pkp); + secp256k1_ecmult(&tmp, &pkj, &e, &s); if (session_i.fin_nonce_parity) { - rustsecp256k1_v0_11_gej_neg(&rj, &rj); + secp256k1_gej_neg(&rj, &rj); } - rustsecp256k1_v0_11_gej_add_var(&tmp, &tmp, &rj, NULL); + secp256k1_gej_add_var(&tmp, &tmp, &rj, NULL); - return rustsecp256k1_v0_11_gej_is_infinity(&tmp); + return secp256k1_gej_is_infinity(&tmp); } -int rustsecp256k1_v0_11_musig_partial_sig_agg(const rustsecp256k1_v0_11_context* ctx, unsigned char *sig64, const rustsecp256k1_v0_11_musig_session *session, const rustsecp256k1_v0_11_musig_partial_sig * const* partial_sigs, size_t n_sigs) { +int secp256k1_musig_partial_sig_agg(const secp256k1_context* ctx, unsigned char *sig64, const secp256k1_musig_session *session, const secp256k1_musig_partial_sig * const* partial_sigs, size_t n_sigs) { size_t i; - rustsecp256k1_v0_11_musig_session_internal session_i; + secp256k1_musig_session_internal session_i; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sig64 != NULL); @@ -798,17 +806,17 @@ int rustsecp256k1_v0_11_musig_partial_sig_agg(const rustsecp256k1_v0_11_context* ARG_CHECK(partial_sigs != NULL); ARG_CHECK(n_sigs > 0); - if (!rustsecp256k1_v0_11_musig_session_load(ctx, &session_i, session)) { + if (!secp256k1_musig_session_load(ctx, &session_i, session)) { return 0; } for (i = 0; i < n_sigs; i++) { - rustsecp256k1_v0_11_scalar term; - if (!rustsecp256k1_v0_11_musig_partial_sig_load(ctx, &term, partial_sigs[i])) { + secp256k1_scalar term; + if (!secp256k1_musig_partial_sig_load(ctx, &term, partial_sigs[i])) { return 0; } - rustsecp256k1_v0_11_scalar_add(&session_i.s_part, &session_i.s_part, &term); + secp256k1_scalar_add(&session_i.s_part, &session_i.s_part, &term); } - rustsecp256k1_v0_11_scalar_get_b32(&sig64[32], &session_i.s_part); + secp256k1_scalar_get_b32(&sig64[32], &session_i.s_part); memcpy(&sig64[0], session_i.fin_nonce, 32); return 1; } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/musig/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/musig/tests_impl.h index 853011ba7..b57b26264 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/musig/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/musig/tests_impl.h @@ -23,11 +23,11 @@ #include "vectors.h" -static int create_keypair_and_pk(rustsecp256k1_v0_11_keypair *keypair, rustsecp256k1_v0_11_pubkey *pk, const unsigned char *sk) { +static int create_keypair_and_pk(secp256k1_keypair *keypair, secp256k1_pubkey *pk, const unsigned char *sk) { int ret; - rustsecp256k1_v0_11_keypair keypair_tmp; - ret = rustsecp256k1_v0_11_keypair_create(CTX, &keypair_tmp, sk); - ret &= rustsecp256k1_v0_11_keypair_pub(CTX, pk, &keypair_tmp); + secp256k1_keypair keypair_tmp; + ret = secp256k1_keypair_create(CTX, &keypair_tmp, sk); + ret &= secp256k1_keypair_pub(CTX, pk, &keypair_tmp); if (keypair != NULL) { *keypair = keypair_tmp; } @@ -38,21 +38,21 @@ static int create_keypair_and_pk(rustsecp256k1_v0_11_keypair *keypair, rustsecp2 * test. */ static void musig_simple_test(void) { unsigned char sk[2][32]; - rustsecp256k1_v0_11_keypair keypair[2]; - rustsecp256k1_v0_11_musig_pubnonce pubnonce[2]; - const rustsecp256k1_v0_11_musig_pubnonce *pubnonce_ptr[2]; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; + secp256k1_keypair keypair[2]; + secp256k1_musig_pubnonce pubnonce[2]; + const secp256k1_musig_pubnonce *pubnonce_ptr[2]; + secp256k1_musig_aggnonce aggnonce; unsigned char msg[32]; - rustsecp256k1_v0_11_xonly_pubkey agg_pk; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; + secp256k1_xonly_pubkey agg_pk; + secp256k1_musig_keyagg_cache keyagg_cache; unsigned char session_secrand[2][32]; - rustsecp256k1_v0_11_musig_secnonce secnonce[2]; - rustsecp256k1_v0_11_pubkey pk[2]; - const rustsecp256k1_v0_11_pubkey *pk_ptr[2]; - rustsecp256k1_v0_11_musig_partial_sig partial_sig[2]; - const rustsecp256k1_v0_11_musig_partial_sig *partial_sig_ptr[2]; + secp256k1_musig_secnonce secnonce[2]; + secp256k1_pubkey pk[2]; + const secp256k1_pubkey *pk_ptr[2]; + secp256k1_musig_partial_sig partial_sig[2]; + const secp256k1_musig_partial_sig *partial_sig_ptr[2]; unsigned char final_sig[64]; - rustsecp256k1_v0_11_musig_session session; + secp256k1_musig_session session; int i; testrand256(msg); @@ -65,53 +65,53 @@ static void musig_simple_test(void) { CHECK(create_keypair_and_pk(&keypair[i], &pk[i], sk[i])); if (i == 0) { testrand256(session_secrand[i]); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[i], &pubnonce[i], session_secrand[i], sk[i], &pk[i], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[i], &pubnonce[i], session_secrand[i], sk[i], &pk[i], NULL, NULL, NULL) == 1); } else { uint64_t nonrepeating_cnt = 0; - CHECK(rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[i], &pubnonce[i], nonrepeating_cnt, &keypair[i], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen_counter(CTX, &secnonce[i], &pubnonce[i], nonrepeating_cnt, &keypair[i], NULL, NULL, NULL) == 1); } } - CHECK(rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache) == 1); for (i = 0; i < 2; i++) { - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[i], &secnonce[i], &keypair[i], &keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[i], &pubnonce[i], &pk[i], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[i], &secnonce[i], &keypair[i], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[i], &pubnonce[i], &pk[i], &keyagg_cache, &session) == 1); } - CHECK(rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, 2) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, final_sig, msg, sizeof(msg), &agg_pk) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, 2) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig, msg, sizeof(msg), &agg_pk) == 1); } /* Generate two pubnonces such that both group elements of their sum (calculated - * with rustsecp256k1_v0_11_musig_sum_pubnonces) are infinity. */ -static void pubnonce_summing_to_inf(rustsecp256k1_v0_11_musig_pubnonce *pubnonce) { - rustsecp256k1_v0_11_ge ge[2]; + * with secp256k1_musig_sum_pubnonces) are infinity. */ +static void pubnonce_summing_to_inf(secp256k1_musig_pubnonce *pubnonce) { + secp256k1_ge ge[2]; int i; - rustsecp256k1_v0_11_gej summed_pubnonces[2]; - const rustsecp256k1_v0_11_musig_pubnonce *pubnonce_ptr[2]; + secp256k1_gej summed_pubnonces[2]; + const secp256k1_musig_pubnonce *pubnonce_ptr[2]; testutil_random_ge_test(&ge[0]); testutil_random_ge_test(&ge[1]); for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_musig_pubnonce_save(&pubnonce[i], ge); + secp256k1_musig_pubnonce_save(&pubnonce[i], ge); pubnonce_ptr[i] = &pubnonce[i]; - rustsecp256k1_v0_11_ge_neg(&ge[0], &ge[0]); - rustsecp256k1_v0_11_ge_neg(&ge[1], &ge[1]); + secp256k1_ge_neg(&ge[0], &ge[0]); + secp256k1_ge_neg(&ge[1], &ge[1]); } - rustsecp256k1_v0_11_musig_sum_pubnonces(CTX, summed_pubnonces, pubnonce_ptr, 2); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&summed_pubnonces[0])); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&summed_pubnonces[1])); + secp256k1_musig_sum_pubnonces(CTX, summed_pubnonces, pubnonce_ptr, 2); + CHECK(secp256k1_gej_is_infinity(&summed_pubnonces[0])); + CHECK(secp256k1_gej_is_infinity(&summed_pubnonces[1])); } int memcmp_and_randomize(unsigned char *value, const unsigned char *expected, size_t len) { int ret; size_t i; - ret = rustsecp256k1_v0_11_memcmp_var(value, expected, len); + ret = secp256k1_memcmp_var(value, expected, len); for (i = 0; i < len; i++) { value[i] = testrand_bits(8); } @@ -119,43 +119,43 @@ int memcmp_and_randomize(unsigned char *value, const unsigned char *expected, si } static void musig_api_tests(void) { - rustsecp256k1_v0_11_musig_partial_sig partial_sig[2]; - const rustsecp256k1_v0_11_musig_partial_sig *partial_sig_ptr[2]; - rustsecp256k1_v0_11_musig_partial_sig invalid_partial_sig; - const rustsecp256k1_v0_11_musig_partial_sig *invalid_partial_sig_ptr[2]; + secp256k1_musig_partial_sig partial_sig[2]; + const secp256k1_musig_partial_sig *partial_sig_ptr[2]; + secp256k1_musig_partial_sig invalid_partial_sig; + const secp256k1_musig_partial_sig *invalid_partial_sig_ptr[2]; unsigned char pre_sig[64]; unsigned char buf[32]; unsigned char sk[2][32]; - rustsecp256k1_v0_11_keypair keypair[2]; - rustsecp256k1_v0_11_keypair invalid_keypair; + secp256k1_keypair keypair[2]; + secp256k1_keypair invalid_keypair; unsigned char max64[64]; unsigned char zeros132[132] = { 0 }; unsigned char session_secrand[2][32]; unsigned char nonrepeating_cnt = 0; - rustsecp256k1_v0_11_musig_secnonce secnonce[2]; - rustsecp256k1_v0_11_musig_secnonce secnonce_tmp; - rustsecp256k1_v0_11_musig_secnonce invalid_secnonce; - rustsecp256k1_v0_11_musig_pubnonce pubnonce[2]; - const rustsecp256k1_v0_11_musig_pubnonce *pubnonce_ptr[2]; + secp256k1_musig_secnonce secnonce[2]; + secp256k1_musig_secnonce secnonce_tmp; + secp256k1_musig_secnonce invalid_secnonce; + secp256k1_musig_pubnonce pubnonce[2]; + const secp256k1_musig_pubnonce *pubnonce_ptr[2]; unsigned char pubnonce_ser[66]; - rustsecp256k1_v0_11_musig_pubnonce inf_pubnonce[2]; - const rustsecp256k1_v0_11_musig_pubnonce *inf_pubnonce_ptr[2]; - rustsecp256k1_v0_11_musig_pubnonce invalid_pubnonce; - const rustsecp256k1_v0_11_musig_pubnonce *invalid_pubnonce_ptr[1]; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; + secp256k1_musig_pubnonce inf_pubnonce[2]; + const secp256k1_musig_pubnonce *inf_pubnonce_ptr[2]; + secp256k1_musig_pubnonce invalid_pubnonce; + const secp256k1_musig_pubnonce *invalid_pubnonce_ptr[1]; + secp256k1_musig_aggnonce aggnonce; unsigned char aggnonce_ser[66]; unsigned char msg[32]; - rustsecp256k1_v0_11_xonly_pubkey agg_pk; - rustsecp256k1_v0_11_pubkey full_agg_pk; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; - rustsecp256k1_v0_11_musig_keyagg_cache invalid_keyagg_cache; - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_session invalid_session; - rustsecp256k1_v0_11_pubkey pk[2]; - const rustsecp256k1_v0_11_pubkey *pk_ptr[2]; - rustsecp256k1_v0_11_pubkey invalid_pk; - const rustsecp256k1_v0_11_pubkey *invalid_pk_ptr2[2]; - const rustsecp256k1_v0_11_pubkey *invalid_pk_ptr3[3]; + secp256k1_xonly_pubkey agg_pk; + secp256k1_pubkey full_agg_pk; + secp256k1_musig_keyagg_cache keyagg_cache; + secp256k1_musig_keyagg_cache invalid_keyagg_cache; + secp256k1_musig_session session; + secp256k1_musig_session invalid_session; + secp256k1_pubkey pk[2]; + const secp256k1_pubkey *pk_ptr[2]; + secp256k1_pubkey invalid_pk; + const secp256k1_pubkey *invalid_pk_ptr2[2]; + const secp256k1_pubkey *invalid_pk_ptr3[3]; unsigned char tweak[32]; int i; @@ -197,36 +197,36 @@ static void musig_api_tests(void) { /** main test body **/ /** Key aggregation **/ - CHECK(rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); - CHECK(rustsecp256k1_v0_11_musig_pubkey_agg(CTX, NULL, &keyagg_cache, pk_ptr, 2) == 1); - CHECK(rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, NULL, pk_ptr, 2) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, NULL, 2)); + CHECK(secp256k1_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, NULL, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, &agg_pk, NULL, pk_ptr, 2) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, NULL, 2)); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, invalid_pk_ptr2, 2)); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, invalid_pk_ptr2, 2)); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, invalid_pk_ptr3, 3)); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, invalid_pk_ptr3, 3)); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, pk_ptr, 0)); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, pk_ptr, 0)); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, NULL, 0)); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, NULL, 0)); CHECK(memcmp_and_randomize(agg_pk.data, zeros132, sizeof(agg_pk.data)) == 0); - CHECK(rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, &agg_pk, &keyagg_cache, pk_ptr, 2) == 1); /* pubkey_get */ - CHECK(rustsecp256k1_v0_11_musig_pubkey_get(CTX, &full_agg_pk, &keyagg_cache) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubkey_get(CTX, NULL, &keyagg_cache)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubkey_get(CTX, &full_agg_pk, NULL)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&full_agg_pk, zeros132, sizeof(full_agg_pk)) == 0); + CHECK(secp256k1_musig_pubkey_get(CTX, &full_agg_pk, &keyagg_cache) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubkey_get(CTX, NULL, &keyagg_cache)); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubkey_get(CTX, &full_agg_pk, NULL)); + CHECK(secp256k1_memcmp_var(&full_agg_pk, zeros132, sizeof(full_agg_pk)) == 0); /** Tweaking **/ { - int (*tweak_func[2]) (const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *output_pubkey, rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32); - tweak_func[0] = rustsecp256k1_v0_11_musig_pubkey_ec_tweak_add; - tweak_func[1] = rustsecp256k1_v0_11_musig_pubkey_xonly_tweak_add; + int (*tweak_func[2]) (const secp256k1_context* ctx, secp256k1_pubkey *output_pubkey, secp256k1_musig_keyagg_cache *keyagg_cache, const unsigned char *tweak32); + tweak_func[0] = secp256k1_musig_pubkey_ec_tweak_add; + tweak_func[1] = secp256k1_musig_pubkey_xonly_tweak_add; for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_pubkey tmp_output_pk; - rustsecp256k1_v0_11_musig_keyagg_cache tmp_keyagg_cache = keyagg_cache; + secp256k1_pubkey tmp_output_pk; + secp256k1_musig_keyagg_cache tmp_keyagg_cache = keyagg_cache; CHECK((*tweak_func[i])(CTX, &tmp_output_pk, &tmp_keyagg_cache, tweak) == 1); /* Reset keyagg_cache */ tmp_keyagg_cache = keyagg_cache; @@ -248,249 +248,249 @@ static void musig_api_tests(void) { } /** Session creation with nonce_gen **/ - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, max64) == 1); /* nonce_gen, if successful, sets session_secrand to the zero array, which * makes subsequent nonce_gen calls with the same session_secrand fail. So * check that session_secrand is indeed the zero array and fill it with * random values again. */ CHECK(memcmp_and_randomize(session_secrand[0], zeros132, sizeof(session_secrand[0])) == 0); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_musig_nonce_gen(STATIC_CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_musig_nonce_gen(STATIC_CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen(CTX, NULL, &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen(CTX, NULL, &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, max64)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], NULL, session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen(CTX, &secnonce[0], NULL, session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], NULL, sk[0], &pk[0], msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], NULL, sk[0], &pk[0], msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); /* session_secrand = 0 is disallowed because it indicates a faulty RNG */ memcpy(&session_secrand[0], zeros132, sizeof(session_secrand[0])); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], zeros132, sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], zeros132, sk[0], &pk[0], msg, &keyagg_cache, max64) == 0); CHECK(memcmp_and_randomize(session_secrand[0], zeros132, sizeof(session_secrand[0])) == 0); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], NULL, &pk[0], msg, &keyagg_cache, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], NULL, &pk[0], msg, &keyagg_cache, max64) == 1); CHECK(memcmp_and_randomize(session_secrand[0], zeros132, sizeof(session_secrand[0])) == 0); /* invalid seckey */ - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], max64, &pk[0], msg, &keyagg_cache, max64) == 0); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], max64, &pk[0], msg, &keyagg_cache, max64) == 0); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], NULL, msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], NULL, msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &invalid_pk, msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &invalid_pk, msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], NULL, &keyagg_cache, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], NULL, &keyagg_cache, max64) == 1); CHECK(memcmp_and_randomize(session_secrand[0], zeros132, sizeof(session_secrand[0])) == 0); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, NULL, max64) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, NULL, max64) == 1); CHECK(memcmp_and_randomize(session_secrand[0], zeros132, sizeof(session_secrand[0])) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &invalid_keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &invalid_keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk[0], &pk[0], msg, &keyagg_cache, NULL) == 1); CHECK(memcmp_and_randomize(session_secrand[0], zeros132, sizeof(session_secrand[0])) == 0); /* Every in-argument except session_secrand and pubkey can be NULL */ - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], NULL, &pk[0], NULL, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[1], &pubnonce[1], session_secrand[1], sk[1], &pk[1], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], NULL, &pk[0], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[1], &pubnonce[1], session_secrand[1], sk[1], &pk[1], NULL, NULL, NULL) == 1); /** Session creation with nonce_gen_counter **/ - CHECK(rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, &keyagg_cache, max64) == 1); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_musig_nonce_gen_counter(STATIC_CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, &keyagg_cache, max64)); + CHECK(secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, &keyagg_cache, max64) == 1); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_musig_nonce_gen_counter(STATIC_CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, NULL, &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, &keyagg_cache, max64)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], NULL, nonrepeating_cnt, &keypair[0], msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen_counter(CTX, NULL, &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], NULL, nonrepeating_cnt, &keypair[0], msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); /* using nonce_gen_counter requires keypair */ - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, NULL, msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, NULL, msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); /* invalid keypair */ - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &invalid_keypair, msg, &keyagg_cache, max64)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &invalid_keypair, msg, &keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], NULL, &keyagg_cache, max64) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, NULL, max64) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, &invalid_keyagg_cache, max64)); + CHECK(secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], NULL, &keyagg_cache, max64) == 1); + CHECK(secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, NULL, max64) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], msg, &invalid_keyagg_cache, max64)); CHECK(memcmp_and_randomize(secnonce[0].data, zeros132, sizeof(secnonce[0].data)) == 0); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt,&keypair[0], msg, &keyagg_cache, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt,&keypair[0], msg, &keyagg_cache, NULL) == 1); /* Every in-argument except nonrepeating_cnt and keypair can be NULL */ - CHECK(rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], NULL, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce[1], &pubnonce[1], nonrepeating_cnt, &keypair[1], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen_counter(CTX, &secnonce[0], &pubnonce[0], nonrepeating_cnt, &keypair[0], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen_counter(CTX, &secnonce[1], &pubnonce[1], nonrepeating_cnt, &keypair[1], NULL, NULL, NULL) == 1); /** Serialize and parse public nonces **/ - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubnonce_serialize(CTX, NULL, &pubnonce[0])); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubnonce_serialize(CTX, pubnonce_ser, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubnonce_serialize(CTX, NULL, &pubnonce[0])); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubnonce_serialize(CTX, pubnonce_ser, NULL)); CHECK(memcmp_and_randomize(pubnonce_ser, zeros132, sizeof(pubnonce_ser)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubnonce_serialize(CTX, pubnonce_ser, &invalid_pubnonce)); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubnonce_serialize(CTX, pubnonce_ser, &invalid_pubnonce)); CHECK(memcmp_and_randomize(pubnonce_ser, zeros132, sizeof(pubnonce_ser)) == 0); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_serialize(CTX, pubnonce_ser, &pubnonce[0]) == 1); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce_ser, &pubnonce[0]) == 1); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce[0], pubnonce_ser) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, NULL, pubnonce_ser)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce[0], NULL)); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce[0], zeros132) == 0); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce[0], pubnonce_ser) == 1); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[0], pubnonce_ser) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubnonce_parse(CTX, NULL, pubnonce_ser)); + CHECK_ILLEGAL(CTX, secp256k1_musig_pubnonce_parse(CTX, &pubnonce[0], NULL)); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[0], zeros132) == 0); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[0], pubnonce_ser) == 1); { /* Check that serialize and parse results in the same value */ - rustsecp256k1_v0_11_musig_pubnonce tmp; - CHECK(rustsecp256k1_v0_11_musig_pubnonce_serialize(CTX, pubnonce_ser, &pubnonce[0]) == 1); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &tmp, pubnonce_ser) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&tmp, &pubnonce[0], sizeof(tmp)) == 0); + secp256k1_musig_pubnonce tmp; + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce_ser, &pubnonce[0]) == 1); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &tmp, pubnonce_ser) == 1); + CHECK(secp256k1_memcmp_var(&tmp, &pubnonce[0], sizeof(tmp)) == 0); } /** Receive nonces and aggregate **/ - CHECK(rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_agg(CTX, NULL, pubnonce_ptr, 2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, NULL, 2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 0)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, invalid_pubnonce_ptr, 1)); - CHECK(rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, inf_pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_agg(CTX, NULL, pubnonce_ptr, 2)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_agg(CTX, &aggnonce, NULL, 2)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 0)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_agg(CTX, &aggnonce, invalid_pubnonce_ptr, 1)); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, inf_pubnonce_ptr, 2) == 1); { /* Check that the aggnonce encodes two points at infinity */ - rustsecp256k1_v0_11_ge aggnonce_pt[2]; - rustsecp256k1_v0_11_musig_aggnonce_load(CTX, aggnonce_pt, &aggnonce); + secp256k1_ge aggnonce_pt[2]; + secp256k1_musig_aggnonce_load(CTX, aggnonce_pt, &aggnonce); for (i = 0; i < 2; i++) { - rustsecp256k1_v0_11_ge_is_infinity(&aggnonce_pt[i]); + secp256k1_ge_is_infinity(&aggnonce_pt[i]); } } - CHECK(rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); /** Serialize and parse aggregate nonces **/ - CHECK(rustsecp256k1_v0_11_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_aggnonce_serialize(CTX, NULL, &aggnonce)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_aggnonce_serialize(CTX, aggnonce_ser, NULL)); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_aggnonce_serialize(CTX, NULL, &aggnonce)); + CHECK_ILLEGAL(CTX, secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, NULL)); CHECK(memcmp_and_randomize(aggnonce_ser, zeros132, sizeof(aggnonce_ser)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_aggnonce_serialize(CTX, aggnonce_ser, (rustsecp256k1_v0_11_musig_aggnonce*) &invalid_pubnonce)); + CHECK_ILLEGAL(CTX, secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, (secp256k1_musig_aggnonce*) &invalid_pubnonce)); CHECK(memcmp_and_randomize(aggnonce_ser, zeros132, sizeof(aggnonce_ser)) == 0); - CHECK(rustsecp256k1_v0_11_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); - CHECK(rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &aggnonce, aggnonce_ser) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, NULL, aggnonce_ser)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &aggnonce, NULL)); - CHECK(rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &aggnonce, zeros132) == 1); - CHECK(rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &aggnonce, aggnonce_ser) == 1); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, aggnonce_ser) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_aggnonce_parse(CTX, NULL, aggnonce_ser)); + CHECK_ILLEGAL(CTX, secp256k1_musig_aggnonce_parse(CTX, &aggnonce, NULL)); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, zeros132) == 1); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, aggnonce_ser) == 1); { /* Check that serialize and parse results in the same value */ - rustsecp256k1_v0_11_musig_aggnonce tmp; - CHECK(rustsecp256k1_v0_11_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); - CHECK(rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &tmp, aggnonce_ser) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&tmp, &aggnonce, sizeof(tmp)) == 0); + secp256k1_musig_aggnonce tmp; + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce_ser, &aggnonce) == 1); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &tmp, aggnonce_ser) == 1); + CHECK(secp256k1_memcmp_var(&tmp, &aggnonce, sizeof(tmp)) == 0); } /** Process nonces **/ - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_process(CTX, NULL, &aggnonce, msg, &keyagg_cache)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, NULL, msg, &keyagg_cache)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, (rustsecp256k1_v0_11_musig_aggnonce*) &invalid_pubnonce, msg, &keyagg_cache)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, NULL, &keyagg_cache)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, msg, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, msg, &invalid_keyagg_cache)); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_process(CTX, NULL, &aggnonce, msg, &keyagg_cache)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_process(CTX, &session, NULL, msg, &keyagg_cache)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_process(CTX, &session, (secp256k1_musig_aggnonce*) &invalid_pubnonce, msg, &keyagg_cache)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_process(CTX, &session, &aggnonce, NULL, &keyagg_cache)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &invalid_keyagg_cache)); - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, &keyagg_cache) == 1); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &session) == 1); /* The secnonce is set to 0 and subsequent signing attempts fail */ - CHECK(rustsecp256k1_v0_11_memcmp_var(&secnonce_tmp, zeros132, sizeof(secnonce_tmp)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &session)); + CHECK(secp256k1_memcmp_var(&secnonce_tmp, zeros132, sizeof(secnonce_tmp)) == 0); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &session)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, NULL, &secnonce_tmp, &keypair[0], &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, NULL, &secnonce_tmp, &keypair[0], &keyagg_cache, &session)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], NULL, &keypair[0], &keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &invalid_secnonce, &keypair[0], &keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, NULL, &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], NULL, &keypair[0], &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &invalid_secnonce, &keypair[0], &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, NULL, &keyagg_cache, &session)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &invalid_keypair, &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &invalid_keypair, &keyagg_cache, &session)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); { unsigned char sk_tmp[32]; - rustsecp256k1_v0_11_keypair keypair_tmp; + secp256k1_keypair keypair_tmp; testrand256(sk_tmp); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair_tmp, sk_tmp)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair_tmp, &keyagg_cache, &session)); + CHECK(secp256k1_keypair_create(CTX, &keypair_tmp, sk_tmp)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair_tmp, &keyagg_cache, &session)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); } - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], NULL, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], NULL, &session)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &invalid_keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &invalid_keyagg_cache, &session)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, NULL)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &invalid_session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce_tmp, &keypair[0], &keyagg_cache, &invalid_session)); memcpy(&secnonce_tmp, &secnonce[0], sizeof(secnonce_tmp)); - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce[0], &keypair[0], &keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[1], &secnonce[1], &keypair[1], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce[0], &keypair[0], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[1], &secnonce[1], &keypair[1], &keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_serialize(CTX, buf, &partial_sig[0]) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_serialize(CTX, NULL, &partial_sig[0])); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_serialize(CTX, buf, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_serialize(CTX, buf, &invalid_partial_sig)); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_parse(CTX, &partial_sig[0], buf) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_parse(CTX, NULL, buf)); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, buf, &partial_sig[0]) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_serialize(CTX, NULL, &partial_sig[0])); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_serialize(CTX, buf, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_serialize(CTX, buf, &invalid_partial_sig)); + CHECK(secp256k1_musig_partial_sig_parse(CTX, &partial_sig[0], buf) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_parse(CTX, NULL, buf)); { /* Check that parsing failure results in an invalid sig */ - rustsecp256k1_v0_11_musig_partial_sig tmp; - CHECK(rustsecp256k1_v0_11_musig_partial_sig_parse(CTX, &tmp, max64) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&tmp, zeros132, sizeof(partial_sig[0])) == 0); + secp256k1_musig_partial_sig tmp; + CHECK(secp256k1_musig_partial_sig_parse(CTX, &tmp, max64) == 0); + CHECK(secp256k1_memcmp_var(&tmp, zeros132, sizeof(partial_sig[0])) == 0); } - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_parse(CTX, &partial_sig[0], NULL)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_parse(CTX, &partial_sig[0], NULL)); { /* Check that serialize and parse results in the same value */ - rustsecp256k1_v0_11_musig_partial_sig tmp; - CHECK(rustsecp256k1_v0_11_musig_partial_sig_serialize(CTX, buf, &partial_sig[0]) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_parse(CTX, &tmp, buf) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&tmp, &partial_sig[0], sizeof(tmp)) == 0); + secp256k1_musig_partial_sig tmp; + CHECK(secp256k1_musig_partial_sig_serialize(CTX, buf, &partial_sig[0]) == 1); + CHECK(secp256k1_musig_partial_sig_parse(CTX, &tmp, buf) == 1); + CHECK(secp256k1_memcmp_var(&tmp, &partial_sig[0], sizeof(tmp)) == 0); } /** Partial signature verification */ - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, NULL, &pubnonce[0], &pk[0], &keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &invalid_partial_sig, &pubnonce[0], &pk[0], &keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], NULL, &pk[0], &keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &invalid_pubnonce, &pk[0], &keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], NULL, &keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &invalid_pk, &keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], NULL, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &invalid_keyagg_cache, &session)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &invalid_session)); - - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[1], &pk[1], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 0); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, NULL, &pubnonce[0], &pk[0], &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &invalid_partial_sig, &pubnonce[0], &pk[0], &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], NULL, &pk[0], &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &invalid_pubnonce, &pk[0], &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], NULL, &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &invalid_pk, &keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], NULL, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &invalid_keyagg_cache, &session)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &invalid_session)); + + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], &keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[1], &pk[1], &keyagg_cache, &session) == 1); /** Signature aggregation and verification */ - CHECK(rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 2) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, NULL, &session, partial_sig_ptr, 2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, pre_sig, NULL, partial_sig_ptr, 2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, pre_sig, &invalid_session, partial_sig_ptr, 2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, pre_sig, &session, NULL, 2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, pre_sig, &session, invalid_partial_sig_ptr, 2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 0)); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 1) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 2) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 2) == 1); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_agg(CTX, NULL, &session, partial_sig_ptr, 2)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_agg(CTX, pre_sig, NULL, partial_sig_ptr, 2)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_agg(CTX, pre_sig, &invalid_session, partial_sig_ptr, 2)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, NULL, 2)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, invalid_partial_sig_ptr, 2)); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 0)); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 1) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, pre_sig, &session, partial_sig_ptr, 2) == 1); } static void musig_nonce_bitflip(unsigned char **args, size_t n_flip, size_t n_bytes) { - rustsecp256k1_v0_11_scalar k1[2], k2[2]; + secp256k1_scalar k1[2], k2[2]; - rustsecp256k1_v0_11_nonce_function_musig(k1, args[0], args[1], args[2], args[3], args[4], args[5]); + secp256k1_nonce_function_musig(k1, args[0], args[1], args[2], args[3], args[4], args[5]); testrand_flip(args[n_flip], n_bytes); - rustsecp256k1_v0_11_nonce_function_musig(k2, args[0], args[1], args[2], args[3], args[4], args[5]); - CHECK(rustsecp256k1_v0_11_scalar_eq(&k1[0], &k2[0]) == 0); - CHECK(rustsecp256k1_v0_11_scalar_eq(&k1[1], &k2[1]) == 0); + secp256k1_nonce_function_musig(k2, args[0], args[1], args[2], args[3], args[4], args[5]); + CHECK(secp256k1_scalar_eq(&k1[0], &k2[0]) == 0); + CHECK(secp256k1_scalar_eq(&k1[1], &k2[1]) == 0); } static void musig_nonce_test(void) { @@ -502,7 +502,7 @@ static void musig_nonce_test(void) { unsigned char agg_pk[32]; unsigned char extra_input[32]; int i, j; - rustsecp256k1_v0_11_scalar k[6][2]; + secp256k1_scalar k[6][2]; testrand_bytes_test(session_secrand, sizeof(session_secrand)); testrand_bytes_test(sk, sizeof(sk)); @@ -533,72 +533,71 @@ static void musig_nonce_test(void) { memcpy(pk, session_secrand, sizeof(session_secrand)); memcpy(agg_pk, session_secrand, sizeof(agg_pk)); memcpy(extra_input, session_secrand, sizeof(extra_input)); - rustsecp256k1_v0_11_nonce_function_musig(k[0], args[0], args[1], args[2], args[3], args[4], args[5]); - rustsecp256k1_v0_11_nonce_function_musig(k[1], args[0], NULL, args[2], args[3], args[4], args[5]); - rustsecp256k1_v0_11_nonce_function_musig(k[2], args[0], args[1], NULL, args[3], args[4], args[5]); - rustsecp256k1_v0_11_nonce_function_musig(k[3], args[0], args[1], args[2], NULL, args[4], args[5]); - rustsecp256k1_v0_11_nonce_function_musig(k[4], args[0], args[1], args[2], args[3], NULL, args[5]); - rustsecp256k1_v0_11_nonce_function_musig(k[5], args[0], args[1], args[2], args[3], args[4], NULL); + secp256k1_nonce_function_musig(k[0], args[0], args[1], args[2], args[3], args[4], args[5]); + secp256k1_nonce_function_musig(k[1], args[0], NULL, args[2], args[3], args[4], args[5]); + secp256k1_nonce_function_musig(k[2], args[0], args[1], NULL, args[3], args[4], args[5]); + secp256k1_nonce_function_musig(k[3], args[0], args[1], args[2], NULL, args[4], args[5]); + secp256k1_nonce_function_musig(k[4], args[0], args[1], args[2], args[3], NULL, args[5]); + secp256k1_nonce_function_musig(k[5], args[0], args[1], args[2], args[3], args[4], NULL); for (i = 0; i < 6; i++) { - CHECK(!rustsecp256k1_v0_11_scalar_eq(&k[i][0], &k[i][1])); + CHECK(!secp256k1_scalar_eq(&k[i][0], &k[i][1])); for (j = i+1; j < 6; j++) { - CHECK(!rustsecp256k1_v0_11_scalar_eq(&k[i][0], &k[j][0])); - CHECK(!rustsecp256k1_v0_11_scalar_eq(&k[i][1], &k[j][1])); + CHECK(!secp256k1_scalar_eq(&k[i][0], &k[j][0])); + CHECK(!secp256k1_scalar_eq(&k[i][1], &k[j][1])); } } } -static void sha256_tag_test_internal(rustsecp256k1_v0_11_sha256 *sha_tagged, unsigned char *tag, size_t taglen) { - rustsecp256k1_v0_11_sha256 sha; - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, tag, taglen); - test_sha256_eq(&sha, sha_tagged); -} - /* Checks that the initialized tagged hashes have the expected * state. */ static void sha256_tag_test(void) { - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; { - char tag[] = "KeyAgg list"; - rustsecp256k1_v0_11_musig_keyagglist_sha256(&sha); - sha256_tag_test_internal(&sha, (unsigned char*)tag, sizeof(tag) - 1); + /* "KeyAgg list" */ + static const unsigned char tag[] = {'K', 'e', 'y', 'A', 'g', 'g', ' ', 'l', 'i', 's', 't'}; + secp256k1_musig_keyagglist_sha256(&sha); + test_sha256_tag_midstate(&sha, tag, sizeof(tag)); } { - char tag[] = "KeyAgg coefficient"; - rustsecp256k1_v0_11_musig_keyaggcoef_sha256(&sha); - sha256_tag_test_internal(&sha, (unsigned char*)tag, sizeof(tag) - 1); + /* "KeyAgg coefficient" */ + static const unsigned char tag[] = {'K', 'e', 'y', 'A', 'g', 'g', ' ', 'c', 'o', 'e', 'f', 'f', 'i', 'c', 'i', 'e', 'n', 't'}; + secp256k1_musig_keyaggcoef_sha256(&sha); + test_sha256_tag_midstate(&sha, tag, sizeof(tag)); } { - unsigned char tag[] = "MuSig/aux"; - rustsecp256k1_v0_11_nonce_function_musig_sha256_tagged_aux(&sha); - sha256_tag_test_internal(&sha, (unsigned char*)tag, sizeof(tag) - 1); + /* "MuSig/aux" */ + static const unsigned char tag[] = { 'M', 'u', 'S', 'i', 'g', '/', 'a', 'u', 'x' }; + secp256k1_nonce_function_musig_sha256_tagged_aux(&sha); + test_sha256_tag_midstate(&sha, tag, sizeof(tag)); } { - unsigned char tag[] = "MuSig/nonce"; - rustsecp256k1_v0_11_nonce_function_musig_sha256_tagged(&sha); - sha256_tag_test_internal(&sha, (unsigned char*)tag, sizeof(tag) - 1); + /* "MuSig/nonce" */ + static const unsigned char tag[] = { 'M', 'u', 'S', 'i', 'g', '/', 'n', 'o', 'n', 'c', 'e' }; + secp256k1_nonce_function_musig_sha256_tagged(&sha); + test_sha256_tag_midstate(&sha, tag, sizeof(tag)); } { - unsigned char tag[] = "MuSig/noncecoef"; - rustsecp256k1_v0_11_musig_compute_noncehash_sha256_tagged(&sha); - sha256_tag_test_internal(&sha, (unsigned char*)tag, sizeof(tag) - 1); + /* "MuSig/noncecoef" */ + static const unsigned char tag[] = { 'M', 'u', 'S', 'i', 'g', '/', 'n', 'o', 'n', 'c', 'e', 'c', 'o', 'e', 'f' }; + secp256k1_musig_compute_noncehash_sha256_tagged(&sha); + test_sha256_tag_midstate(&sha, tag, sizeof(tag)); } } /* Attempts to create a signature for the aggregate public key using given secret * keys and keyagg_cache. */ -static void musig_tweak_test_helper(const rustsecp256k1_v0_11_xonly_pubkey* agg_pk, const unsigned char *sk0, const unsigned char *sk1, rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache) { - rustsecp256k1_v0_11_pubkey pk[2]; +static void musig_tweak_test_helper(const secp256k1_xonly_pubkey* agg_pk, const unsigned char *sk0, const unsigned char *sk1, secp256k1_musig_keyagg_cache *keyagg_cache) { + secp256k1_pubkey pk[2]; unsigned char session_secrand[2][32]; unsigned char msg[32]; - rustsecp256k1_v0_11_musig_secnonce secnonce[2]; - rustsecp256k1_v0_11_musig_pubnonce pubnonce[2]; - const rustsecp256k1_v0_11_musig_pubnonce *pubnonce_ptr[2]; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; - rustsecp256k1_v0_11_keypair keypair[2]; - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_partial_sig partial_sig[2]; - const rustsecp256k1_v0_11_musig_partial_sig *partial_sig_ptr[2]; + secp256k1_musig_secnonce secnonce[2]; + secp256k1_musig_pubnonce pubnonce[2]; + const secp256k1_musig_pubnonce *pubnonce_ptr[2]; + secp256k1_musig_aggnonce aggnonce; + secp256k1_keypair keypair[2]; + secp256k1_musig_session session; + secp256k1_musig_partial_sig partial_sig[2]; + const secp256k1_musig_partial_sig *partial_sig_ptr[2]; unsigned char final_sig[64]; int i; @@ -612,32 +611,32 @@ static void musig_tweak_test_helper(const rustsecp256k1_v0_11_xonly_pubkey* agg_ CHECK(create_keypair_and_pk(&keypair[1], &pk[1], sk1) == 1); testrand256(msg); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk0, &pk[0], NULL, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce[1], &pubnonce[1], session_secrand[1], sk1, &pk[1], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[0], &pubnonce[0], session_secrand[0], sk0, &pk[0], NULL, NULL, NULL) == 1); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce[1], &pubnonce[1], session_secrand[1], sk1, &pk[1], NULL, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, msg, keyagg_cache) == 1); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, msg, keyagg_cache) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[0], &secnonce[0], &keypair[0], keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig[1], &secnonce[1], &keypair[1], keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[0], &secnonce[0], &keypair[0], keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig[1], &secnonce[1], &keypair[1], keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[1], &pk[1], keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[0], &pubnonce[0], &pk[0], keyagg_cache, &session) == 1); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig[1], &pubnonce[1], &pk[1], keyagg_cache, &session) == 1); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, 2) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, final_sig, msg, sizeof(msg), agg_pk) == 1); + CHECK(secp256k1_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, 2) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig, msg, sizeof(msg), agg_pk) == 1); } /* Create aggregate public key P[0], tweak multiple times (using xonly and * plain tweaking) and test signing. */ static void musig_tweak_test(void) { unsigned char sk[2][32]; - rustsecp256k1_v0_11_pubkey pk[2]; - const rustsecp256k1_v0_11_pubkey *pk_ptr[2]; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; + secp256k1_pubkey pk[2]; + const secp256k1_pubkey *pk_ptr[2]; + secp256k1_musig_keyagg_cache keyagg_cache; enum { N_TWEAKS = 8 }; - rustsecp256k1_v0_11_pubkey P[N_TWEAKS + 1]; - rustsecp256k1_v0_11_xonly_pubkey P_xonly[N_TWEAKS + 1]; + secp256k1_pubkey P[N_TWEAKS + 1]; + secp256k1_xonly_pubkey P_xonly[N_TWEAKS + 1]; int i; /* Key Setup */ @@ -647,9 +646,9 @@ static void musig_tweak_test(void) { CHECK(create_keypair_and_pk(NULL, &pk[i], sk[i]) == 1); } /* Compute P0 = keyagg(pk0, pk1) and test signing for it */ - CHECK(rustsecp256k1_v0_11_musig_pubkey_agg(CTX, &P_xonly[0], &keyagg_cache, pk_ptr, 2) == 1); + CHECK(secp256k1_musig_pubkey_agg(CTX, &P_xonly[0], &keyagg_cache, pk_ptr, 2) == 1); musig_tweak_test_helper(&P_xonly[0], sk[0], sk[1], &keyagg_cache); - CHECK(rustsecp256k1_v0_11_musig_pubkey_get(CTX, &P[0], &keyagg_cache)); + CHECK(secp256k1_musig_pubkey_get(CTX, &P[0], &keyagg_cache)); /* Compute Pi = f(Pj) + tweaki*G where where j = i-1 and try signing for * that key. If xonly is set to true, the function f normalizes the input @@ -662,21 +661,21 @@ static void musig_tweak_test(void) { testrand256(tweak); if (xonly) { - CHECK(rustsecp256k1_v0_11_musig_pubkey_xonly_tweak_add(CTX, &P[i], &keyagg_cache, tweak) == 1); + CHECK(secp256k1_musig_pubkey_xonly_tweak_add(CTX, &P[i], &keyagg_cache, tweak) == 1); } else { - CHECK(rustsecp256k1_v0_11_musig_pubkey_ec_tweak_add(CTX, &P[i], &keyagg_cache, tweak) == 1); + CHECK(secp256k1_musig_pubkey_ec_tweak_add(CTX, &P[i], &keyagg_cache, tweak) == 1); } - CHECK(rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &P_xonly[i], &P_parity, &P[i])); + CHECK(secp256k1_xonly_pubkey_from_pubkey(CTX, &P_xonly[i], &P_parity, &P[i])); /* Check that musig_pubkey_tweak_add produces same result as * xonly_pubkey_tweak_add or ec_pubkey_tweak_add. */ if (xonly) { unsigned char P_serialized[32]; - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, P_serialized, &P_xonly[i])); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, P_serialized, P_parity, &P_xonly[i-1], tweak) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, P_serialized, &P_xonly[i])); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, P_serialized, P_parity, &P_xonly[i-1], tweak) == 1); } else { - rustsecp256k1_v0_11_pubkey tmp_key = P[i-1]; - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &tmp_key, tweak)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&tmp_key, &P[i], sizeof(tmp_key)) == 0); + secp256k1_pubkey tmp_key = P[i-1]; + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &tmp_key, tweak)); + CHECK(secp256k1_memcmp_var(&tmp_key, &P[i], sizeof(tmp_key)) == 0); } /* Test signing for P[i] */ musig_tweak_test_helper(&P_xonly[i], sk[0], sk[1], &keyagg_cache); @@ -684,7 +683,7 @@ static void musig_tweak_test(void) { } int musig_vectors_keyagg_and_tweak(enum MUSIG_ERROR *error, - rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache, + secp256k1_musig_keyagg_cache *keyagg_cache, unsigned char *agg_pk_ser, const unsigned char pubkeys33[][33], const unsigned char tweaks32[][32], @@ -693,49 +692,49 @@ int musig_vectors_keyagg_and_tweak(enum MUSIG_ERROR *error, size_t tweak_indices_len, const size_t *tweak_indices, const int *is_xonly) { - rustsecp256k1_v0_11_pubkey pubkeys[MUSIG_VECTORS_MAX_PUBKEYS]; - const rustsecp256k1_v0_11_pubkey *pk_ptr[MUSIG_VECTORS_MAX_PUBKEYS]; + secp256k1_pubkey pubkeys[MUSIG_VECTORS_MAX_PUBKEYS]; + const secp256k1_pubkey *pk_ptr[MUSIG_VECTORS_MAX_PUBKEYS]; int i; - rustsecp256k1_v0_11_pubkey agg_pk; - rustsecp256k1_v0_11_xonly_pubkey agg_pk_xonly; + secp256k1_pubkey agg_pk; + secp256k1_xonly_pubkey agg_pk_xonly; for (i = 0; i < (int)key_indices_len; i++) { - if (!rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkeys[i], pubkeys33[key_indices[i]], 33)) { + if (!secp256k1_ec_pubkey_parse(CTX, &pubkeys[i], pubkeys33[key_indices[i]], 33)) { *error = MUSIG_PUBKEY; return 0; } pk_ptr[i] = &pubkeys[i]; } - if (!rustsecp256k1_v0_11_musig_pubkey_agg(CTX, NULL, keyagg_cache, pk_ptr, key_indices_len)) { + if (!secp256k1_musig_pubkey_agg(CTX, NULL, keyagg_cache, pk_ptr, key_indices_len)) { *error = MUSIG_OTHER; return 0; } for (i = 0; i < (int)tweak_indices_len; i++) { if (is_xonly[i]) { - if (!rustsecp256k1_v0_11_musig_pubkey_xonly_tweak_add(CTX, NULL, keyagg_cache, tweaks32[tweak_indices[i]])) { + if (!secp256k1_musig_pubkey_xonly_tweak_add(CTX, NULL, keyagg_cache, tweaks32[tweak_indices[i]])) { *error = MUSIG_TWEAK; return 0; } } else { - if (!rustsecp256k1_v0_11_musig_pubkey_ec_tweak_add(CTX, NULL, keyagg_cache, tweaks32[tweak_indices[i]])) { + if (!secp256k1_musig_pubkey_ec_tweak_add(CTX, NULL, keyagg_cache, tweaks32[tweak_indices[i]])) { *error = MUSIG_TWEAK; return 0; } } } - if (!rustsecp256k1_v0_11_musig_pubkey_get(CTX, &agg_pk, keyagg_cache)) { + if (!secp256k1_musig_pubkey_get(CTX, &agg_pk, keyagg_cache)) { *error = MUSIG_OTHER; return 0; } - if (!rustsecp256k1_v0_11_xonly_pubkey_from_pubkey(CTX, &agg_pk_xonly, NULL, &agg_pk)) { + if (!secp256k1_xonly_pubkey_from_pubkey(CTX, &agg_pk_xonly, NULL, &agg_pk)) { *error = MUSIG_OTHER; return 0; } if (agg_pk_ser != NULL) { - if (!rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, agg_pk_ser, &agg_pk_xonly)) { + if (!secp256k1_xonly_pubkey_serialize(CTX, agg_pk_ser, &agg_pk_xonly)) { *error = MUSIG_OTHER; return 0; } @@ -751,17 +750,17 @@ static void musig_test_vectors_keyagg(void) { for (i = 0; i < sizeof(vector->valid_case)/sizeof(vector->valid_case[0]); i++) { const struct musig_key_agg_valid_test_case *c = &vector->valid_case[i]; enum MUSIG_ERROR error; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; + secp256k1_musig_keyagg_cache keyagg_cache; unsigned char agg_pk[32]; CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, agg_pk, vector->pubkeys, vector->tweaks, c->key_indices_len, c->key_indices, 0, NULL, NULL)); - CHECK(rustsecp256k1_v0_11_memcmp_var(agg_pk, c->expected, sizeof(agg_pk)) == 0); + CHECK(secp256k1_memcmp_var(agg_pk, c->expected, sizeof(agg_pk)) == 0); } for (i = 0; i < sizeof(vector->error_case)/sizeof(vector->error_case[0]); i++) { const struct musig_key_agg_error_test_case *c = &vector->error_case[i]; enum MUSIG_ERROR error; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; + secp256k1_musig_keyagg_cache keyagg_cache; CHECK(!musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, vector->tweaks, c->key_indices_len, c->key_indices, c->tweak_indices_len, c->tweak_indices, c->is_xonly)); CHECK(c->error == error); @@ -774,15 +773,15 @@ static void musig_test_vectors_noncegen(void) { for (i = 0; i < sizeof(vector->test_case)/sizeof(vector->test_case[0]); i++) { const struct musig_nonce_gen_test_case *c = &vector->test_case[i]; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; - rustsecp256k1_v0_11_musig_keyagg_cache *keyagg_cache_ptr = NULL; + secp256k1_musig_keyagg_cache keyagg_cache; + secp256k1_musig_keyagg_cache *keyagg_cache_ptr = NULL; unsigned char session_secrand32[32]; - rustsecp256k1_v0_11_musig_secnonce secnonce; - rustsecp256k1_v0_11_musig_pubnonce pubnonce; + secp256k1_musig_secnonce secnonce; + secp256k1_musig_pubnonce pubnonce; const unsigned char *sk = NULL; const unsigned char *msg = NULL; const unsigned char *extra_in = NULL; - rustsecp256k1_v0_11_pubkey pk; + secp256k1_pubkey pk; unsigned char pubnonce66[66]; memcpy(session_secrand32, c->rand_, 32); @@ -791,12 +790,12 @@ static void musig_test_vectors_noncegen(void) { } if (c->has_aggpk) { /* Create keyagg_cache from aggpk */ - rustsecp256k1_v0_11_keyagg_cache_internal cache_i; - rustsecp256k1_v0_11_xonly_pubkey aggpk; + secp256k1_keyagg_cache_internal cache_i; + secp256k1_xonly_pubkey aggpk; memset(&cache_i, 0, sizeof(cache_i)); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &aggpk, c->aggpk)); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_load(CTX, &cache_i.pk, &aggpk)); - rustsecp256k1_v0_11_keyagg_cache_save(&keyagg_cache, &cache_i); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &aggpk, c->aggpk)); + CHECK(secp256k1_xonly_pubkey_load(CTX, &cache_i.pk, &aggpk)); + secp256k1_keyagg_cache_save(&keyagg_cache, &cache_i); keyagg_cache_ptr = &keyagg_cache; } if (c->has_msg) { @@ -806,17 +805,17 @@ static void musig_test_vectors_noncegen(void) { extra_in = c->extra_in; } - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pk, c->pk, sizeof(c->pk))); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen(CTX, &secnonce, &pubnonce, session_secrand32, sk, &pk, msg, keyagg_cache_ptr, extra_in) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&secnonce.data[4], c->expected_secnonce, 2*32) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk, c->pk, sizeof(c->pk))); + CHECK(secp256k1_musig_nonce_gen(CTX, &secnonce, &pubnonce, session_secrand32, sk, &pk, msg, keyagg_cache_ptr, extra_in) == 1); + CHECK(secp256k1_memcmp_var(&secnonce.data[4], c->expected_secnonce, 2*32) == 0); /* The last element of the secnonce is the public key (uncompressed in - * rustsecp256k1_v0_11_musig_secnonce, compressed in the test vector secnonce). */ - CHECK(rustsecp256k1_v0_11_memcmp_var(&secnonce.data[4+2*32], &pk, sizeof(pk)) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&c->expected_secnonce[2*32], c->pk, sizeof(c->pk)) == 0); + * secp256k1_musig_secnonce, compressed in the test vector secnonce). */ + CHECK(secp256k1_memcmp_var(&secnonce.data[4+2*32], &pk, sizeof(pk)) == 0); + CHECK(secp256k1_memcmp_var(&c->expected_secnonce[2*32], c->pk, sizeof(c->pk)) == 0); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_serialize(CTX, pubnonce66, &pubnonce) == 1); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce66, &pubnonce) == 1); CHECK(sizeof(c->expected_pubnonce) == sizeof(pubnonce66)); - CHECK(rustsecp256k1_v0_11_memcmp_var(pubnonce66, c->expected_pubnonce, sizeof(pubnonce66)) == 0); + CHECK(secp256k1_memcmp_var(pubnonce66, c->expected_pubnonce, sizeof(pubnonce66)) == 0); } } @@ -828,37 +827,37 @@ static void musig_test_vectors_nonceagg(void) { for (i = 0; i < sizeof(vector->valid_case)/sizeof(vector->valid_case[0]); i++) { const struct musig_nonce_agg_test_case *c = &vector->valid_case[i]; - rustsecp256k1_v0_11_musig_pubnonce pubnonce[2]; - const rustsecp256k1_v0_11_musig_pubnonce *pubnonce_ptr[2]; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; + secp256k1_musig_pubnonce pubnonce[2]; + const secp256k1_musig_pubnonce *pubnonce_ptr[2]; + secp256k1_musig_aggnonce aggnonce; unsigned char aggnonce66[66]; for (j = 0; j < 2; j++) { - CHECK(rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pnonces[c->pnonce_indices[j]]) == 1); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pnonces[c->pnonce_indices[j]]) == 1); pubnonce_ptr[j] = &pubnonce[j]; } - CHECK(rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2)); - CHECK(rustsecp256k1_v0_11_musig_aggnonce_serialize(CTX, aggnonce66, &aggnonce)); - CHECK(rustsecp256k1_v0_11_memcmp_var(aggnonce66, c->expected, 33) == 0); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, 2)); + CHECK(secp256k1_musig_aggnonce_serialize(CTX, aggnonce66, &aggnonce)); + CHECK(secp256k1_memcmp_var(aggnonce66, c->expected, 33) == 0); } for (i = 0; i < sizeof(vector->error_case)/sizeof(vector->error_case[0]); i++) { const struct musig_nonce_agg_test_case *c = &vector->error_case[i]; - rustsecp256k1_v0_11_musig_pubnonce pubnonce[2]; + secp256k1_musig_pubnonce pubnonce[2]; for (j = 0; j < 2; j++) { int expected = c->invalid_nonce_idx != j; - CHECK(expected == rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pnonces[c->pnonce_indices[j]])); + CHECK(expected == secp256k1_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pnonces[c->pnonce_indices[j]])); } } } -static void musig_test_set_secnonce(rustsecp256k1_v0_11_musig_secnonce *secnonce, const unsigned char *secnonce64, const rustsecp256k1_v0_11_pubkey *pubkey) { - rustsecp256k1_v0_11_ge pk; - rustsecp256k1_v0_11_scalar k[2]; +static void musig_test_set_secnonce(secp256k1_musig_secnonce *secnonce, const unsigned char *secnonce64, const secp256k1_pubkey *pubkey) { + secp256k1_ge pk; + secp256k1_scalar k[2]; - rustsecp256k1_v0_11_scalar_set_b32(&k[0], &secnonce64[0], NULL); - rustsecp256k1_v0_11_scalar_set_b32(&k[1], &secnonce64[32], NULL); - CHECK(rustsecp256k1_v0_11_pubkey_load(CTX, &pk, pubkey)); - rustsecp256k1_v0_11_musig_secnonce_save(secnonce, k, &pk); + secp256k1_scalar_set_b32(&k[0], &secnonce64[0], NULL); + secp256k1_scalar_set_b32(&k[1], &secnonce64[32], NULL); + CHECK(secp256k1_pubkey_load(CTX, &pk, pubkey)); + secp256k1_musig_secnonce_save(secnonce, k, &pk); } static void musig_test_vectors_signverify(void) { @@ -868,41 +867,41 @@ static void musig_test_vectors_signverify(void) { for (i = 0; i < sizeof(vector->valid_case)/sizeof(vector->valid_case[0]); i++) { const struct musig_valid_case *c = &vector->valid_case[i]; enum MUSIG_ERROR error; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_musig_pubnonce pubnonce; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_partial_sig partial_sig; - rustsecp256k1_v0_11_musig_secnonce secnonce; - rustsecp256k1_v0_11_keypair keypair; + secp256k1_musig_keyagg_cache keyagg_cache; + secp256k1_pubkey pubkey; + secp256k1_musig_pubnonce pubnonce; + secp256k1_musig_aggnonce aggnonce; + secp256k1_musig_session session; + secp256k1_musig_partial_sig partial_sig; + secp256k1_musig_secnonce secnonce; + secp256k1_keypair keypair; unsigned char partial_sig32[32]; - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, vector->sk)); + CHECK(secp256k1_keypair_create(CTX, &keypair, vector->sk)); CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, NULL, c->key_indices_len, c->key_indices, 0, NULL, NULL)); - CHECK(rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonces[c->aggnonce_index])); - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache)); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonces[c->aggnonce_index])); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); musig_test_set_secnonce(&secnonce, vector->secnonces[0], &pubkey); - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_serialize(CTX, partial_sig32, &partial_sig)); - CHECK(rustsecp256k1_v0_11_memcmp_var(partial_sig32, c->expected, sizeof(partial_sig32)) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, partial_sig32, &partial_sig)); + CHECK(secp256k1_memcmp_var(partial_sig32, c->expected, sizeof(partial_sig32)) == 0); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[0])); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig, &pubnonce, &pubkey, &keyagg_cache, &session)); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[0])); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig, &pubnonce, &pubkey, &keyagg_cache, &session)); } for (i = 0; i < sizeof(vector->sign_error_case)/sizeof(vector->sign_error_case[0]); i++) { const struct musig_sign_error_case *c = &vector->sign_error_case[i]; enum MUSIG_ERROR error; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_partial_sig partial_sig; - rustsecp256k1_v0_11_musig_secnonce secnonce; - rustsecp256k1_v0_11_keypair keypair; + secp256k1_musig_keyagg_cache keyagg_cache; + secp256k1_pubkey pubkey; + secp256k1_musig_aggnonce aggnonce; + secp256k1_musig_session session; + secp256k1_musig_partial_sig partial_sig; + secp256k1_musig_secnonce secnonce; + secp256k1_keypair keypair; int expected; if (i == 0) { @@ -910,68 +909,67 @@ static void musig_test_vectors_signverify(void) { * the signing key does not belong to any pubkey. */ continue; } + expected = c->error != MUSIG_PUBKEY; CHECK(expected == musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, NULL, c->key_indices_len, c->key_indices, 0, NULL, NULL)); CHECK(expected || c->error == error); if (!expected) { continue; } + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_keypair_create(CTX, &keypair, vector->sk)); expected = c->error != MUSIG_AGGNONCE; - CHECK(expected == rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonces[c->aggnonce_index])); + CHECK(expected == secp256k1_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonces[c->aggnonce_index])); if (!expected) { continue; } - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache)); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); - musig_test_set_secnonce(&secnonce, vector->secnonces[c->secnonce_index], &pubkey); expected = c->error != MUSIG_SECNONCE; - if (expected) { - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); - } else { - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); - } + CHECK(!expected); + musig_test_set_secnonce(&secnonce, vector->secnonces[c->secnonce_index], &pubkey); + CHECK_ILLEGAL(CTX, secp256k1_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); } for (i = 0; i < sizeof(vector->verify_fail_case)/sizeof(vector->verify_fail_case[0]); i++) { const struct musig_verify_fail_error_case *c = &vector->verify_fail_case[i]; enum MUSIG_ERROR error; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_partial_sig partial_sig; + secp256k1_musig_keyagg_cache keyagg_cache; + secp256k1_musig_aggnonce aggnonce; + secp256k1_musig_session session; + secp256k1_musig_partial_sig partial_sig; enum { NUM_PUBNONCES = 3 }; - rustsecp256k1_v0_11_musig_pubnonce pubnonce[NUM_PUBNONCES]; - const rustsecp256k1_v0_11_musig_pubnonce *pubnonce_ptr[NUM_PUBNONCES]; - rustsecp256k1_v0_11_pubkey pubkey; + secp256k1_musig_pubnonce pubnonce[NUM_PUBNONCES]; + const secp256k1_musig_pubnonce *pubnonce_ptr[NUM_PUBNONCES]; + secp256k1_pubkey pubkey; int expected; size_t j; CHECK(NUM_PUBNONCES <= c->nonce_indices_len); for (j = 0; j < c->nonce_indices_len; j++) { - CHECK(rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pubnonces[c->nonce_indices[j]])); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce[j], vector->pubnonces[c->nonce_indices[j]])); pubnonce_ptr[j] = &pubnonce[j]; } CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, NULL, c->key_indices_len, c->key_indices, 0, NULL, NULL)); - CHECK(rustsecp256k1_v0_11_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, c->nonce_indices_len) == 1); - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache)); + CHECK(secp256k1_musig_nonce_agg(CTX, &aggnonce, pubnonce_ptr, c->nonce_indices_len) == 1); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msgs[c->msg_index], &keyagg_cache)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[c->signer_index], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[c->signer_index], sizeof(vector->pubkeys[0]))); expected = c->error != MUSIG_SIG; - CHECK(expected == rustsecp256k1_v0_11_musig_partial_sig_parse(CTX, &partial_sig, c->sig)); + CHECK(expected == secp256k1_musig_partial_sig_parse(CTX, &partial_sig, c->sig)); if (!expected) { continue; } expected = c->error != MUSIG_SIG_VERIFY; - CHECK(expected == rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig, pubnonce, &pubkey, &keyagg_cache, &session)); + CHECK(expected == secp256k1_musig_partial_sig_verify(CTX, &partial_sig, pubnonce, &pubkey, &keyagg_cache, &session)); } for (i = 0; i < sizeof(vector->verify_error_case)/sizeof(vector->verify_error_case[0]); i++) { const struct musig_verify_fail_error_case *c = &vector->verify_error_case[i]; enum MUSIG_ERROR error; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; - rustsecp256k1_v0_11_musig_pubnonce pubnonce; + secp256k1_musig_keyagg_cache keyagg_cache; + secp256k1_musig_pubnonce pubnonce; int expected; expected = c->error != MUSIG_PUBKEY; @@ -981,48 +979,48 @@ static void musig_test_vectors_signverify(void) { continue; } expected = c->error != MUSIG_PUBNONCE; - CHECK(expected == rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[c->nonce_indices[c->signer_index]])); + CHECK(expected == secp256k1_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[c->nonce_indices[c->signer_index]])); } } static void musig_test_vectors_tweak(void) { size_t i; const struct musig_tweak_vector *vector = &musig_tweak_vector; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; - rustsecp256k1_v0_11_musig_secnonce secnonce; + secp256k1_pubkey pubkey; + secp256k1_musig_aggnonce aggnonce; + secp256k1_musig_secnonce secnonce; - CHECK(rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonce)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, vector->aggnonce)); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, vector->pubkeys[0], sizeof(vector->pubkeys[0]))); for (i = 0; i < sizeof(vector->valid_case)/sizeof(vector->valid_case[0]); i++) { const struct musig_tweak_case *c = &vector->valid_case[i]; enum MUSIG_ERROR error; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; - rustsecp256k1_v0_11_musig_pubnonce pubnonce; - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_partial_sig partial_sig; - rustsecp256k1_v0_11_keypair keypair; + secp256k1_musig_keyagg_cache keyagg_cache; + secp256k1_musig_pubnonce pubnonce; + secp256k1_musig_session session; + secp256k1_musig_partial_sig partial_sig; + secp256k1_keypair keypair; unsigned char partial_sig32[32]; musig_test_set_secnonce(&secnonce, vector->secnonce, &pubkey); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, vector->sk)); + CHECK(secp256k1_keypair_create(CTX, &keypair, vector->sk)); CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, vector->tweaks, c->key_indices_len, c->key_indices, c->tweak_indices_len, c->tweak_indices, c->is_xonly)); - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, vector->msg, &keyagg_cache)); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msg, &keyagg_cache)); - CHECK(rustsecp256k1_v0_11_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_serialize(CTX, partial_sig32, &partial_sig)); - CHECK(rustsecp256k1_v0_11_memcmp_var(partial_sig32, c->expected, sizeof(partial_sig32)) == 0); + CHECK(secp256k1_musig_partial_sign(CTX, &partial_sig, &secnonce, &keypair, &keyagg_cache, &session)); + CHECK(secp256k1_musig_partial_sig_serialize(CTX, partial_sig32, &partial_sig)); + CHECK(secp256k1_memcmp_var(partial_sig32, c->expected, sizeof(partial_sig32)) == 0); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[c->nonce_indices[c->signer_index]])); - CHECK(rustsecp256k1_v0_11_musig_partial_sig_verify(CTX, &partial_sig, &pubnonce, &pubkey, &keyagg_cache, &session)); + CHECK(secp256k1_musig_pubnonce_parse(CTX, &pubnonce, vector->pubnonces[c->nonce_indices[c->signer_index]])); + CHECK(secp256k1_musig_partial_sig_verify(CTX, &partial_sig, &pubnonce, &pubkey, &keyagg_cache, &session)); } for (i = 0; i < sizeof(vector->error_case)/sizeof(vector->error_case[0]); i++) { const struct musig_tweak_case *c = &vector->error_case[i]; enum MUSIG_ERROR error; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; + secp256k1_musig_keyagg_cache keyagg_cache; CHECK(!musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, NULL, vector->pubkeys, vector->tweaks, c->key_indices_len, c->key_indices, c->tweak_indices_len, c->tweak_indices, c->is_xonly)); CHECK(error == MUSIG_TWEAK); } @@ -1036,34 +1034,34 @@ static void musig_test_vectors_sigagg(void) { const struct musig_sig_agg_case *c = &vector->valid_case[i]; enum MUSIG_ERROR error; unsigned char final_sig[64]; - rustsecp256k1_v0_11_musig_keyagg_cache keyagg_cache; + secp256k1_musig_keyagg_cache keyagg_cache; unsigned char agg_pk32[32]; - rustsecp256k1_v0_11_xonly_pubkey agg_pk; - rustsecp256k1_v0_11_musig_aggnonce aggnonce; - rustsecp256k1_v0_11_musig_session session; - rustsecp256k1_v0_11_musig_partial_sig partial_sig[(sizeof(vector->psigs)/sizeof(vector->psigs[0]))]; - const rustsecp256k1_v0_11_musig_partial_sig *partial_sig_ptr[(sizeof(vector->psigs)/sizeof(vector->psigs[0]))]; + secp256k1_xonly_pubkey agg_pk; + secp256k1_musig_aggnonce aggnonce; + secp256k1_musig_session session; + secp256k1_musig_partial_sig partial_sig[(sizeof(vector->psigs)/sizeof(vector->psigs[0]))]; + const secp256k1_musig_partial_sig *partial_sig_ptr[(sizeof(vector->psigs)/sizeof(vector->psigs[0]))]; CHECK(musig_vectors_keyagg_and_tweak(&error, &keyagg_cache, agg_pk32, vector->pubkeys, vector->tweaks, c->key_indices_len, c->key_indices, c->tweak_indices_len, c->tweak_indices, c->is_xonly)); - CHECK(rustsecp256k1_v0_11_musig_aggnonce_parse(CTX, &aggnonce, c->aggnonce)); - CHECK(rustsecp256k1_v0_11_musig_nonce_process(CTX, &session, &aggnonce, vector->msg, &keyagg_cache)); + CHECK(secp256k1_musig_aggnonce_parse(CTX, &aggnonce, c->aggnonce)); + CHECK(secp256k1_musig_nonce_process(CTX, &session, &aggnonce, vector->msg, &keyagg_cache)); for (j = 0; j < c->psig_indices_len; j++) { - CHECK(rustsecp256k1_v0_11_musig_partial_sig_parse(CTX, &partial_sig[j], vector->psigs[c->psig_indices[j]])); + CHECK(secp256k1_musig_partial_sig_parse(CTX, &partial_sig[j], vector->psigs[c->psig_indices[j]])); partial_sig_ptr[j] = &partial_sig[j]; } - CHECK(rustsecp256k1_v0_11_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, c->psig_indices_len) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(final_sig, c->expected, sizeof(final_sig)) == 0); + CHECK(secp256k1_musig_partial_sig_agg(CTX, final_sig, &session, partial_sig_ptr, c->psig_indices_len) == 1); + CHECK(secp256k1_memcmp_var(final_sig, c->expected, sizeof(final_sig)) == 0); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &agg_pk, agg_pk32)); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, final_sig, vector->msg, sizeof(vector->msg), &agg_pk) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &agg_pk, agg_pk32)); + CHECK(secp256k1_schnorrsig_verify(CTX, final_sig, vector->msg, sizeof(vector->msg), &agg_pk) == 1); } for (i = 0; i < sizeof(vector->error_case)/sizeof(vector->error_case[0]); i++) { const struct musig_sig_agg_case *c = &vector->error_case[i]; - rustsecp256k1_v0_11_musig_partial_sig partial_sig[(sizeof(vector->psigs)/sizeof(vector->psigs[0]))]; + secp256k1_musig_partial_sig partial_sig[(sizeof(vector->psigs)/sizeof(vector->psigs[0]))]; for (j = 0; j < c->psig_indices_len; j++) { int expected = c->invalid_sig_idx != (int)j; - CHECK(expected == rustsecp256k1_v0_11_musig_partial_sig_parse(CTX, &partial_sig[j], vector->psigs[c->psig_indices[j]])); + CHECK(expected == secp256k1_musig_partial_sig_parse(CTX, &partial_sig[j], vector->psigs[c->psig_indices[j]])); } } } @@ -1071,11 +1069,11 @@ static void musig_test_vectors_sigagg(void) { /* Since the BIP doesn't provide static test vectors for nonce_gen_counter, we * define a static test here */ static void musig_test_static_nonce_gen_counter(void) { - rustsecp256k1_v0_11_musig_secnonce secnonce; - rustsecp256k1_v0_11_musig_pubnonce pubnonce; + secp256k1_musig_secnonce secnonce; + secp256k1_musig_pubnonce pubnonce; unsigned char pubnonce66[66]; - rustsecp256k1_v0_11_pubkey pk; - rustsecp256k1_v0_11_keypair keypair; + secp256k1_pubkey pk; + secp256k1_keypair keypair; uint64_t nonrepeating_cnt = 0; unsigned char sk[32] = { 0xEE, 0xC1, 0xCB, 0x7D, 0x1B, 0x72, 0x54, 0xC5, @@ -1105,15 +1103,15 @@ static void musig_test_static_nonce_gen_counter(void) { 0xEC, 0x64, }; - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk)); - CHECK(rustsecp256k1_v0_11_keypair_pub(CTX, &pk, &keypair)); - CHECK(rustsecp256k1_v0_11_musig_nonce_gen_counter(CTX, &secnonce, &pubnonce, nonrepeating_cnt, &keypair, NULL, NULL, NULL) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); + CHECK(secp256k1_keypair_pub(CTX, &pk, &keypair)); + CHECK(secp256k1_musig_nonce_gen_counter(CTX, &secnonce, &pubnonce, nonrepeating_cnt, &keypair, NULL, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&secnonce.data[4], expected_secnonce, 2*32) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&secnonce.data[4+2*32], &pk, sizeof(pk)) == 0); + CHECK(secp256k1_memcmp_var(&secnonce.data[4], expected_secnonce, 2*32) == 0); + CHECK(secp256k1_memcmp_var(&secnonce.data[4+2*32], &pk, sizeof(pk)) == 0); - CHECK(rustsecp256k1_v0_11_musig_pubnonce_serialize(CTX, pubnonce66, &pubnonce) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(pubnonce66, expected_pubnonce, sizeof(pubnonce66)) == 0); + CHECK(secp256k1_musig_pubnonce_serialize(CTX, pubnonce66, &pubnonce) == 1); + CHECK(secp256k1_memcmp_var(pubnonce66, expected_pubnonce, sizeof(pubnonce66)) == 0); } static void run_musig_tests(void) { diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/recovery/Makefile.am.include index 4ea04f800..156ea690f 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_11_recovery.h +include_HEADERS += include/secp256k1_recovery.h noinst_HEADERS += src/modules/recovery/main_impl.h noinst_HEADERS += src/modules/recovery/tests_impl.h noinst_HEADERS += src/modules/recovery/tests_exhaustive_impl.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/bench_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/recovery/bench_impl.h index defd82f6e..57108d452 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/bench_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/bench_impl.h @@ -10,7 +10,7 @@ #include "../../../include/secp256k1_recovery.h" typedef struct { - rustsecp256k1_v0_11_context *ctx; + secp256k1_context *ctx; unsigned char msg[32]; unsigned char sig[64]; } bench_recover_data; @@ -18,16 +18,16 @@ typedef struct { static void bench_recover(void* arg, int iters) { int i; bench_recover_data *data = (bench_recover_data*)arg; - rustsecp256k1_v0_11_pubkey pubkey; + secp256k1_pubkey pubkey; unsigned char pubkeyc[33]; for (i = 0; i < iters; i++) { int j; size_t pubkeylen = 33; - rustsecp256k1_v0_11_ecdsa_recoverable_signature sig; - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2)); - CHECK(rustsecp256k1_v0_11_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED)); + secp256k1_ecdsa_recoverable_signature sig; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(data->ctx, &sig, data->sig, i % 2)); + CHECK(secp256k1_ecdsa_recover(data->ctx, &pubkey, &sig, data->msg)); + CHECK(secp256k1_ec_pubkey_serialize(data->ctx, pubkeyc, &pubkeylen, &pubkey, SECP256K1_EC_COMPRESSED)); for (j = 0; j < 32; j++) { data->sig[j + 32] = data->msg[j]; /* Move former message to S. */ data->msg[j] = data->sig[j]; /* Move former R to message. */ @@ -52,11 +52,11 @@ static void run_recovery_bench(int iters, int argc, char** argv) { bench_recover_data data; int d = argc == 1; - data.ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); if (d || have_flag(argc, argv, "ecdsa") || have_flag(argc, argv, "recover") || have_flag(argc, argv, "ecdsa_recover")) run_benchmark("ecdsa_recover", bench_recover, bench_recover_setup, NULL, &data, 10, iters); - rustsecp256k1_v0_11_context_destroy(data.ctx); + secp256k1_context_destroy(data.ctx); } #endif /* SECP256K1_MODULE_RECOVERY_BENCH_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/recovery/main_impl.h index 32f182a3c..76a005e01 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/main_impl.h @@ -9,34 +9,34 @@ #include "../../../include/secp256k1_recovery.h" -static void rustsecp256k1_v0_11_ecdsa_recoverable_signature_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_scalar* r, rustsecp256k1_v0_11_scalar* s, int* recid, const rustsecp256k1_v0_11_ecdsa_recoverable_signature* sig) { +static void secp256k1_ecdsa_recoverable_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const secp256k1_ecdsa_recoverable_signature* sig) { (void)ctx; - if (sizeof(rustsecp256k1_v0_11_scalar) == 32) { - /* When the rustsecp256k1_v0_11_scalar type is exactly 32 byte, use its - * representation inside rustsecp256k1_v0_11_ecdsa_signature, as conversion is very fast. - * Note that rustsecp256k1_v0_11_ecdsa_signature_save must use the same representation. */ + if (sizeof(secp256k1_scalar) == 32) { + /* When the secp256k1_scalar type is exactly 32 byte, use its + * representation inside secp256k1_ecdsa_signature, as conversion is very fast. + * Note that secp256k1_ecdsa_signature_save must use the same representation. */ memcpy(r, &sig->data[0], 32); memcpy(s, &sig->data[32], 32); } else { - rustsecp256k1_v0_11_scalar_set_b32(r, &sig->data[0], NULL); - rustsecp256k1_v0_11_scalar_set_b32(s, &sig->data[32], NULL); + secp256k1_scalar_set_b32(r, &sig->data[0], NULL); + secp256k1_scalar_set_b32(s, &sig->data[32], NULL); } *recid = sig->data[64]; } -static void rustsecp256k1_v0_11_ecdsa_recoverable_signature_save(rustsecp256k1_v0_11_ecdsa_recoverable_signature* sig, const rustsecp256k1_v0_11_scalar* r, const rustsecp256k1_v0_11_scalar* s, int recid) { - if (sizeof(rustsecp256k1_v0_11_scalar) == 32) { +static void secp256k1_ecdsa_recoverable_signature_save(secp256k1_ecdsa_recoverable_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s, int recid) { + if (sizeof(secp256k1_scalar) == 32) { memcpy(&sig->data[0], r, 32); memcpy(&sig->data[32], s, 32); } else { - rustsecp256k1_v0_11_scalar_get_b32(&sig->data[0], r); - rustsecp256k1_v0_11_scalar_get_b32(&sig->data[32], s); + secp256k1_scalar_get_b32(&sig->data[0], r); + secp256k1_scalar_get_b32(&sig->data[32], s); } sig->data[64] = recid; } -int rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_recoverable_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature* sig, const unsigned char *input64, int recid) { + secp256k1_scalar r, s; int ret = 1; int overflow = 0; @@ -45,110 +45,110 @@ int rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(const rustsecp ARG_CHECK(input64 != NULL); ARG_CHECK(recid >= 0 && recid <= 3); - rustsecp256k1_v0_11_scalar_set_b32(&r, &input64[0], &overflow); + secp256k1_scalar_set_b32(&r, &input64[0], &overflow); ret &= !overflow; - rustsecp256k1_v0_11_scalar_set_b32(&s, &input64[32], &overflow); + secp256k1_scalar_set_b32(&s, &input64[32], &overflow); ret &= !overflow; if (ret) { - rustsecp256k1_v0_11_ecdsa_recoverable_signature_save(sig, &r, &s, recid); + secp256k1_ecdsa_recoverable_signature_save(sig, &r, &s, recid); } else { memset(sig, 0, sizeof(*sig)); } return ret; } -int rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact(const rustsecp256k1_v0_11_context* ctx, unsigned char *output64, int *recid, const rustsecp256k1_v0_11_ecdsa_recoverable_signature* sig) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_recoverable_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, int *recid, const secp256k1_ecdsa_recoverable_signature* sig) { + secp256k1_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output64 != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(recid != NULL); - rustsecp256k1_v0_11_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig); - rustsecp256k1_v0_11_scalar_get_b32(&output64[0], &r); - rustsecp256k1_v0_11_scalar_get_b32(&output64[32], &s); + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, recid, sig); + secp256k1_scalar_get_b32(&output64[0], &r); + secp256k1_scalar_get_b32(&output64[32], &s); return 1; } -int rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_signature* sig, const rustsecp256k1_v0_11_ecdsa_recoverable_signature* sigin) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_recoverable_signature_convert(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const secp256k1_ecdsa_recoverable_signature* sigin) { + secp256k1_scalar r, s; int recid; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(sigin != NULL); - rustsecp256k1_v0_11_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin); - rustsecp256k1_v0_11_ecdsa_signature_save(sig, &r, &s); + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, sigin); + secp256k1_ecdsa_signature_save(sig, &r, &s); return 1; } -static int rustsecp256k1_v0_11_ecdsa_sig_recover(const rustsecp256k1_v0_11_scalar *sigr, const rustsecp256k1_v0_11_scalar* sigs, rustsecp256k1_v0_11_ge *pubkey, const rustsecp256k1_v0_11_scalar *message, int recid) { +static int secp256k1_ecdsa_sig_recover(const secp256k1_scalar *sigr, const secp256k1_scalar* sigs, secp256k1_ge *pubkey, const secp256k1_scalar *message, int recid) { unsigned char brx[32]; - rustsecp256k1_v0_11_fe fx; - rustsecp256k1_v0_11_ge x; - rustsecp256k1_v0_11_gej xj; - rustsecp256k1_v0_11_scalar rn, u1, u2; - rustsecp256k1_v0_11_gej qj; + secp256k1_fe fx; + secp256k1_ge x; + secp256k1_gej xj; + secp256k1_scalar rn, u1, u2; + secp256k1_gej qj; int r; - if (rustsecp256k1_v0_11_scalar_is_zero(sigr) || rustsecp256k1_v0_11_scalar_is_zero(sigs)) { + if (secp256k1_scalar_is_zero(sigr) || secp256k1_scalar_is_zero(sigs)) { return 0; } - rustsecp256k1_v0_11_scalar_get_b32(brx, sigr); - r = rustsecp256k1_v0_11_fe_set_b32_limit(&fx, brx); + secp256k1_scalar_get_b32(brx, sigr); + r = secp256k1_fe_set_b32_limit(&fx, brx); (void)r; VERIFY_CHECK(r); /* brx comes from a scalar, so is less than the order; certainly less than p */ if (recid & 2) { - if (rustsecp256k1_v0_11_fe_cmp_var(&fx, &rustsecp256k1_v0_11_ecdsa_const_p_minus_order) >= 0) { + if (secp256k1_fe_cmp_var(&fx, &secp256k1_ecdsa_const_p_minus_order) >= 0) { return 0; } - rustsecp256k1_v0_11_fe_add(&fx, &rustsecp256k1_v0_11_ecdsa_const_order_as_fe); + secp256k1_fe_add(&fx, &secp256k1_ecdsa_const_order_as_fe); } - if (!rustsecp256k1_v0_11_ge_set_xo_var(&x, &fx, recid & 1)) { + if (!secp256k1_ge_set_xo_var(&x, &fx, recid & 1)) { return 0; } - rustsecp256k1_v0_11_gej_set_ge(&xj, &x); - rustsecp256k1_v0_11_scalar_inverse_var(&rn, sigr); - rustsecp256k1_v0_11_scalar_mul(&u1, &rn, message); - rustsecp256k1_v0_11_scalar_negate(&u1, &u1); - rustsecp256k1_v0_11_scalar_mul(&u2, &rn, sigs); - rustsecp256k1_v0_11_ecmult(&qj, &xj, &u2, &u1); - rustsecp256k1_v0_11_ge_set_gej_var(pubkey, &qj); - return !rustsecp256k1_v0_11_gej_is_infinity(&qj); + secp256k1_gej_set_ge(&xj, &x); + secp256k1_scalar_inverse_var(&rn, sigr); + secp256k1_scalar_mul(&u1, &rn, message); + secp256k1_scalar_negate(&u1, &u1); + secp256k1_scalar_mul(&u2, &rn, sigs); + secp256k1_ecmult(&qj, &xj, &u2, &u1); + secp256k1_ge_set_gej_var(pubkey, &qj); + return !secp256k1_gej_is_infinity(&qj); } -int rustsecp256k1_v0_11_ecdsa_sign_recoverable(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_recoverable_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, rustsecp256k1_v0_11_nonce_function noncefp, const void* noncedata) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_sign_recoverable(const secp256k1_context* ctx, secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { + secp256k1_scalar r, s; int ret, recid; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(msghash32 != NULL); ARG_CHECK(signature != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_11_ecdsa_sign_inner(ctx, &r, &s, &recid, msghash32, seckey, noncefp, noncedata); - rustsecp256k1_v0_11_ecdsa_recoverable_signature_save(signature, &r, &s, recid); + ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, &recid, msghash32, seckey, noncefp, noncedata); + secp256k1_ecdsa_recoverable_signature_save(signature, &r, &s, recid); return ret; } -int rustsecp256k1_v0_11_ecdsa_recover(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *pubkey, const rustsecp256k1_v0_11_ecdsa_recoverable_signature *signature, const unsigned char *msghash32) { - rustsecp256k1_v0_11_ge q; - rustsecp256k1_v0_11_scalar r, s; - rustsecp256k1_v0_11_scalar m; +int secp256k1_ecdsa_recover(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const secp256k1_ecdsa_recoverable_signature *signature, const unsigned char *msghash32) { + secp256k1_ge q; + secp256k1_scalar r, s; + secp256k1_scalar m; int recid; VERIFY_CHECK(ctx != NULL); ARG_CHECK(msghash32 != NULL); ARG_CHECK(signature != NULL); ARG_CHECK(pubkey != NULL); - rustsecp256k1_v0_11_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature); + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, signature); VERIFY_CHECK(recid >= 0 && recid < 4); /* should have been caught in parse_compact */ - rustsecp256k1_v0_11_scalar_set_b32(&m, msghash32, NULL); - if (rustsecp256k1_v0_11_ecdsa_sig_recover(&r, &s, &q, &m, recid)) { - rustsecp256k1_v0_11_pubkey_save(pubkey, &q); + secp256k1_scalar_set_b32(&m, msghash32, NULL); + if (secp256k1_ecdsa_sig_recover(&r, &s, &q, &m, recid)) { + secp256k1_pubkey_save(pubkey, &q); return 1; } else { memset(pubkey, 0, sizeof(*pubkey)); diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_exhaustive_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_exhaustive_impl.h index 30876a008..6bbc02b9a 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_exhaustive_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_exhaustive_impl.h @@ -10,7 +10,7 @@ #include "main_impl.h" #include "../../../include/secp256k1_recovery.h" -static void test_exhaustive_recovery_sign(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_ge *group) { +static void test_exhaustive_recovery_sign(const secp256k1_context *ctx, const secp256k1_ge *group) { int i, j, k; uint64_t iter = 0; @@ -20,23 +20,23 @@ static void test_exhaustive_recovery_sign(const rustsecp256k1_v0_11_context *ctx if (skip_section(&iter)) continue; for (k = 1; k < EXHAUSTIVE_TEST_ORDER; k++) { /* nonce */ const int starting_k = k; - rustsecp256k1_v0_11_fe r_dot_y_normalized; - rustsecp256k1_v0_11_ecdsa_recoverable_signature rsig; - rustsecp256k1_v0_11_ecdsa_signature sig; - rustsecp256k1_v0_11_scalar sk, msg, r, s, expected_r; + secp256k1_fe r_dot_y_normalized; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; + secp256k1_scalar sk, msg, r, s, expected_r; unsigned char sk32[32], msg32[32]; int expected_recid; int recid; int overflow; - rustsecp256k1_v0_11_scalar_set_int(&msg, i); - rustsecp256k1_v0_11_scalar_set_int(&sk, j); - rustsecp256k1_v0_11_scalar_get_b32(sk32, &sk); - rustsecp256k1_v0_11_scalar_get_b32(msg32, &msg); + secp256k1_scalar_set_int(&msg, i); + secp256k1_scalar_set_int(&sk, j); + secp256k1_scalar_get_b32(sk32, &sk); + secp256k1_scalar_get_b32(msg32, &msg); - rustsecp256k1_v0_11_ecdsa_sign_recoverable(ctx, &rsig, msg32, sk32, rustsecp256k1_v0_11_nonce_function_smallint, &k); + secp256k1_ecdsa_sign_recoverable(ctx, &rsig, msg32, sk32, secp256k1_nonce_function_smallint, &k); /* Check directly */ - rustsecp256k1_v0_11_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); + secp256k1_ecdsa_recoverable_signature_load(ctx, &r, &s, &recid, &rsig); r_from_k(&expected_r, group, k, &overflow); CHECK(r == expected_r); CHECK((k * s) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER || @@ -49,18 +49,18 @@ static void test_exhaustive_recovery_sign(const rustsecp256k1_v0_11_context *ctx * in the real group. */ expected_recid = overflow ? 2 : 0; r_dot_y_normalized = group[k].y; - rustsecp256k1_v0_11_fe_normalize(&r_dot_y_normalized); + secp256k1_fe_normalize(&r_dot_y_normalized); /* Also the recovery id is flipped depending if we hit the low-s branch */ if ((k * s) % EXHAUSTIVE_TEST_ORDER == (i + r * j) % EXHAUSTIVE_TEST_ORDER) { - expected_recid |= rustsecp256k1_v0_11_fe_is_odd(&r_dot_y_normalized); + expected_recid |= secp256k1_fe_is_odd(&r_dot_y_normalized); } else { - expected_recid |= !rustsecp256k1_v0_11_fe_is_odd(&r_dot_y_normalized); + expected_recid |= !secp256k1_fe_is_odd(&r_dot_y_normalized); } CHECK(recid == expected_recid); /* Convert to a standard sig then check */ - rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); - rustsecp256k1_v0_11_ecdsa_signature_load(ctx, &r, &s, &sig); + secp256k1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); + secp256k1_ecdsa_signature_load(ctx, &r, &s, &sig); /* Note that we compute expected_r *after* signing -- this is important * because our nonce-computing function function might change k during * signing. */ @@ -78,7 +78,7 @@ static void test_exhaustive_recovery_sign(const rustsecp256k1_v0_11_context *ctx } } -static void test_exhaustive_recovery_verify(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_ge *group) { +static void test_exhaustive_recovery_verify(const secp256k1_context *ctx, const secp256k1_ge *group) { /* This is essentially a copy of test_exhaustive_verify, with recovery added */ int s, r, msg, key; uint64_t iter = 0; @@ -86,41 +86,41 @@ static void test_exhaustive_recovery_verify(const rustsecp256k1_v0_11_context *c for (r = 1; r < EXHAUSTIVE_TEST_ORDER; r++) { for (msg = 1; msg < EXHAUSTIVE_TEST_ORDER; msg++) { for (key = 1; key < EXHAUSTIVE_TEST_ORDER; key++) { - rustsecp256k1_v0_11_ge nonconst_ge; - rustsecp256k1_v0_11_ecdsa_recoverable_signature rsig; - rustsecp256k1_v0_11_ecdsa_signature sig; - rustsecp256k1_v0_11_pubkey pk; - rustsecp256k1_v0_11_scalar sk_s, msg_s, r_s, s_s; - rustsecp256k1_v0_11_scalar s_times_k_s, msg_plus_r_times_sk_s; + secp256k1_ge nonconst_ge; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; + secp256k1_pubkey pk; + secp256k1_scalar sk_s, msg_s, r_s, s_s; + secp256k1_scalar s_times_k_s, msg_plus_r_times_sk_s; int recid = 0; int k, should_verify; unsigned char msg32[32]; if (skip_section(&iter)) continue; - rustsecp256k1_v0_11_scalar_set_int(&s_s, s); - rustsecp256k1_v0_11_scalar_set_int(&r_s, r); - rustsecp256k1_v0_11_scalar_set_int(&msg_s, msg); - rustsecp256k1_v0_11_scalar_set_int(&sk_s, key); - rustsecp256k1_v0_11_scalar_get_b32(msg32, &msg_s); + secp256k1_scalar_set_int(&s_s, s); + secp256k1_scalar_set_int(&r_s, r); + secp256k1_scalar_set_int(&msg_s, msg); + secp256k1_scalar_set_int(&sk_s, key); + secp256k1_scalar_get_b32(msg32, &msg_s); /* Verify by hand */ /* Run through every k value that gives us this r and check that *one* works. * Note there could be none, there could be multiple, ECDSA is weird. */ should_verify = 0; for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { - rustsecp256k1_v0_11_scalar check_x_s; + secp256k1_scalar check_x_s; r_from_k(&check_x_s, group, k, NULL); if (r_s == check_x_s) { - rustsecp256k1_v0_11_scalar_set_int(&s_times_k_s, k); - rustsecp256k1_v0_11_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); - rustsecp256k1_v0_11_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); - rustsecp256k1_v0_11_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); - should_verify |= rustsecp256k1_v0_11_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); + secp256k1_scalar_set_int(&s_times_k_s, k); + secp256k1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); + secp256k1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); + secp256k1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); + should_verify |= secp256k1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); } } /* nb we have a "high s" rule */ - should_verify &= !rustsecp256k1_v0_11_scalar_is_high(&s_s); + should_verify &= !secp256k1_scalar_is_high(&s_s); /* We would like to try recovering the pubkey and checking that it matches, * but pubkey recovery is impossible in the exhaustive tests (the reason @@ -128,19 +128,19 @@ static void test_exhaustive_recovery_verify(const rustsecp256k1_v0_11_context *c * overlap between the sets, so there are no valid signatures). */ /* Verify by converting to a standard signature and calling verify */ - rustsecp256k1_v0_11_ecdsa_recoverable_signature_save(&rsig, &r_s, &s_s, recid); - rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); + secp256k1_ecdsa_recoverable_signature_save(&rsig, &r_s, &s_s, recid); + secp256k1_ecdsa_recoverable_signature_convert(ctx, &sig, &rsig); memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); - rustsecp256k1_v0_11_pubkey_save(&pk, &nonconst_ge); + secp256k1_pubkey_save(&pk, &nonconst_ge); CHECK(should_verify == - rustsecp256k1_v0_11_ecdsa_verify(ctx, &sig, msg32, &pk)); + secp256k1_ecdsa_verify(ctx, &sig, msg32, &pk)); } } } } } -static void test_exhaustive_recovery(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_ge *group) { +static void test_exhaustive_recovery(const secp256k1_context *ctx, const secp256k1_ge *group) { test_exhaustive_recovery_sign(ctx, group); test_exhaustive_recovery_verify(ctx, group); } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_impl.h index 96a2a1cca..7a28a3ce6 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/recovery/tests_impl.h @@ -30,10 +30,10 @@ static int recovery_test_nonce_function(unsigned char *nonce32, const unsigned c static void test_ecdsa_recovery_api(void) { /* Setup contexts that just count errors */ - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_pubkey recpubkey; - rustsecp256k1_v0_11_ecdsa_signature normal_sig; - rustsecp256k1_v0_11_ecdsa_recoverable_signature recsig; + secp256k1_pubkey pubkey; + secp256k1_pubkey recpubkey; + secp256k1_ecdsa_signature normal_sig; + secp256k1_ecdsa_recoverable_signature recsig; unsigned char privkey[32] = { 1 }; unsigned char message[32] = { 2 }; int recid = 0; @@ -45,109 +45,109 @@ static void test_ecdsa_recovery_api(void) { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; /* Construct and verify corresponding public key. */ - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, privkey) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, privkey) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); /* Check bad contexts and NULLs for signing */ - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, NULL, message, privkey, NULL, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &recsig, NULL, privkey, NULL, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &recsig, message, NULL, NULL, NULL)); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_ecdsa_sign_recoverable(STATIC_CTX, &recsig, message, privkey, NULL, NULL)); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, NULL, message, privkey, NULL, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, &recsig, NULL, privkey, NULL, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, NULL, NULL, NULL)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_ecdsa_sign_recoverable(STATIC_CTX, &recsig, message, privkey, NULL, NULL)); /* This will fail or succeed randomly, and in either case will not ARG_CHECK failure */ - rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, recovery_test_nonce_function, NULL); + secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, recovery_test_nonce_function, NULL); /* These will all fail, but not in ARG_CHECK way */ - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &recsig, message, zero_privkey, NULL, NULL) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &recsig, message, over_privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, zero_privkey, NULL, NULL) == 0); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, over_privkey, NULL, NULL) == 0); /* This one will succeed. */ - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); /* Check signing with a goofy nonce function */ /* Check bad contexts and NULLs for recovery */ - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &recpubkey, &recsig, message) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recover(CTX, NULL, &recsig, message)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recover(CTX, &recpubkey, NULL, message)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recover(CTX, &recpubkey, &recsig, NULL)); + CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, message) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, NULL, &recsig, message)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, &recpubkey, NULL, message)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recover(CTX, &recpubkey, &recsig, NULL)); /* Check NULLs for conversion */ - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &normal_sig, message, privkey, NULL, NULL) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(CTX, NULL, &recsig)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(CTX, &normal_sig, NULL)); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(CTX, &normal_sig, &recsig) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &normal_sig, message, privkey, NULL, NULL) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_convert(CTX, NULL, &recsig)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, NULL)); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &normal_sig, &recsig) == 1); /* Check NULLs for de/serialization */ - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact(CTX, NULL, &recid, &recsig)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact(CTX, sig, NULL, &recsig)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, NULL)); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &recsig) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &recsig, message, privkey, NULL, NULL) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, NULL, &recid, &recsig)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, NULL, &recsig)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, NULL)); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &recsig) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, NULL, sig, recid)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, NULL, recid)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, -1)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, 5)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, NULL, sig, recid)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, NULL, recid)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, -1)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, 5)); /* overflow in signature will not result in calling illegal_callback */ memcpy(sig, over_privkey, 32); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, recid) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &recsig, sig, recid) == 0); } static void test_ecdsa_recovery_end_to_end(void) { unsigned char extra[32] = {0x00}; unsigned char privkey[32]; unsigned char message[32]; - rustsecp256k1_v0_11_ecdsa_signature signature[5]; - rustsecp256k1_v0_11_ecdsa_recoverable_signature rsignature[5]; + secp256k1_ecdsa_signature signature[5]; + secp256k1_ecdsa_recoverable_signature rsignature[5]; unsigned char sig[74]; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_pubkey recpubkey; + secp256k1_pubkey pubkey; + secp256k1_pubkey recpubkey; int recid = 0; /* Generate a random key and message. */ { - rustsecp256k1_v0_11_scalar msg, key; + secp256k1_scalar msg, key; testutil_random_scalar_order_test(&msg); testutil_random_scalar_order_test(&key); - rustsecp256k1_v0_11_scalar_get_b32(privkey, &key); - rustsecp256k1_v0_11_scalar_get_b32(message, &msg); + secp256k1_scalar_get_b32(privkey, &key); + secp256k1_scalar_get_b32(message, &msg); } /* Construct and verify corresponding public key. */ - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, privkey) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, privkey) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); /* Serialize/parse compact and verify/recover. */ extra[0] = 0; - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &rsignature[0], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &signature[0], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &rsignature[4], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &rsignature[1], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[4], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[1], message, privkey, NULL, extra) == 1); extra[31] = 1; - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &rsignature[2], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[2], message, privkey, NULL, extra) == 1); extra[31] = 0; extra[0] = 1; - CHECK(rustsecp256k1_v0_11_ecdsa_sign_recoverable(CTX, &rsignature[3], message, privkey, NULL, extra) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[4], &signature[0], 64) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_sign_recoverable(CTX, &rsignature[3], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_memcmp_var(&signature[4], &signature[0], 64) == 0); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1); memset(&rsignature[4], 0, sizeof(rsignature[4])); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 1); /* Parse compact (with recovery id) and recover. */ - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 1); + CHECK(secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) == 0); /* Serialize/destroy/parse signature and verify again. */ - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_serialize_compact(CTX, sig, &recid, &rsignature[4]) == 1); sig[testrand_bits(6)] += 1 + testrand_int(255); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsignature[4], sig, recid) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_convert(CTX, &signature[4], &rsignature[4]) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[4], message, &pubkey) == 0); /* Recover again */ - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 0 || - rustsecp256k1_v0_11_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0); + CHECK(secp256k1_ecdsa_recover(CTX, &recpubkey, &rsignature[4], message) == 0 || + secp256k1_memcmp_var(&pubkey, &recpubkey, sizeof(pubkey)) != 0); } /* Tests several edge cases. */ @@ -170,7 +170,7 @@ static void test_ecdsa_recovery_edge_cases(void) { 0x7D, 0xD7, 0x3E, 0x38, 0x7E, 0xE4, 0xFC, 0x86, 0x6E, 0x1B, 0xE8, 0xEC, 0xC7, 0xDD, 0x95, 0x57 }; - rustsecp256k1_v0_11_pubkey pubkey; + secp256k1_pubkey pubkey; /* signature (r,s) = (4,4), which can be recovered with all 4 recids. */ const unsigned char sigb64[64] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -182,19 +182,19 @@ static void test_ecdsa_recovery_edge_cases(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, }; - rustsecp256k1_v0_11_pubkey pubkeyb; - rustsecp256k1_v0_11_ecdsa_recoverable_signature rsig; - rustsecp256k1_v0_11_ecdsa_signature sig; + secp256k1_pubkey pubkeyb; + secp256k1_ecdsa_recoverable_signature rsig; + secp256k1_ecdsa_signature sig; int recid; - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 0)); - CHECK(!rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 1)); - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 2)); - CHECK(!rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 3)); - CHECK(!rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 0)); + CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 1)); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 2)); + CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sig64, 3)); + CHECK(!secp256k1_ecdsa_recover(CTX, &pubkey, &rsig, msg32)); for (recid = 0; recid < 4; recid++) { int i; @@ -239,40 +239,40 @@ static void test_ecdsa_recovery_edge_cases(void) { 0xE6, 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x45, 0x02, 0x01, 0x04 }; - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 1); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 1); for (recid2 = 0; recid2 < 4; recid2++) { - rustsecp256k1_v0_11_pubkey pubkey2b; - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid2) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkey2b, &rsig, msg32) == 1); + secp256k1_pubkey pubkey2b; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigb64, recid2) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkey2b, &rsig, msg32) == 1); /* Verifying with (order + r,4) should always fail. */ - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbderlong, sizeof(sigbderlong)) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderlong, sizeof(sigbderlong)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); } /* DER parsing tests. */ /* Zero length r/s. */ - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder_zr, sizeof(sigcder_zr)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder_zs, sizeof(sigcder_zs)) == 0); /* Leading zeros. */ - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt1, sizeof(sigbderalt1)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt2, sizeof(sigbderalt2)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 0); sigbderalt3[4] = 1; - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt3, sizeof(sigbderalt3)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); sigbderalt4[7] = 1; - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbderalt4, sizeof(sigbderalt4)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); /* Damage signature. */ sigbder[7]++; - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); sigbder[7]--; - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbder, 6) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder) - 1) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, 6) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder) - 1) == 0); for(i = 0; i < 8; i++) { int c; unsigned char orig = sigbder[i]; @@ -282,7 +282,7 @@ static void test_ecdsa_recovery_edge_cases(void) { continue; } sigbder[i] = c; - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 0 || rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigbder, sizeof(sigbder)) == 0 || secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyb) == 0); } sigbder[i] = orig; } @@ -302,25 +302,25 @@ static void test_ecdsa_recovery_edge_cases(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, }; - rustsecp256k1_v0_11_pubkey pubkeyc; - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkeyc, &rsig, msg32) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 1); + secp256k1_pubkey pubkeyc; + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyc, &rsig, msg32) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 1); sigcder[4] = 0; sigc64[31] = 0; - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0); sigcder[4] = 1; sigcder[7] = 0; sigc64[31] = 1; sigc64[63] = 0; - CHECK(rustsecp256k1_v0_11_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0); + CHECK(secp256k1_ecdsa_recoverable_signature_parse_compact(CTX, &rsig, sigc64, 0) == 1); + CHECK(secp256k1_ecdsa_recover(CTX, &pubkeyb, &rsig, msg32) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, sigcder, sizeof(sigcder)) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg32, &pubkeyc) == 0); } } diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/Makefile.am.include b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/Makefile.am.include index 829ccdf69..654fa2e5a 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/Makefile.am.include +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/Makefile.am.include @@ -1,4 +1,4 @@ -include_HEADERS += include/rustsecp256k1_v0_11_schnorrsig.h +include_HEADERS += include/secp256k1_schnorrsig.h noinst_HEADERS += src/modules/schnorrsig/main_impl.h noinst_HEADERS += src/modules/schnorrsig/tests_impl.h noinst_HEADERS += src/modules/schnorrsig/tests_exhaustive_impl.h diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/bench_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/bench_impl.h index f37e24bc4..93a878ede 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/bench_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/bench_impl.h @@ -12,10 +12,10 @@ #define MSGLEN 32 typedef struct { - rustsecp256k1_v0_11_context *ctx; + secp256k1_context *ctx; int n; - const rustsecp256k1_v0_11_keypair **keypairs; + const secp256k1_keypair **keypairs; const unsigned char **pk; const unsigned char **sigs; const unsigned char **msgs; @@ -30,7 +30,7 @@ static void bench_schnorrsig_sign(void* arg, int iters) { for (i = 0; i < iters; i++) { msg[0] = i; msg[1] = i >> 8; - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(data->ctx, sig, msg, MSGLEN, data->keypairs[i], NULL)); + CHECK(secp256k1_schnorrsig_sign_custom(data->ctx, sig, msg, MSGLEN, data->keypairs[i], NULL)); } } @@ -39,9 +39,9 @@ static void bench_schnorrsig_verify(void* arg, int iters) { int i; for (i = 0; i < iters; i++) { - rustsecp256k1_v0_11_xonly_pubkey pk; - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(data->ctx, &pk, data->pk[i]) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(data->ctx, data->sigs[i], data->msgs[i], MSGLEN, &pk)); + secp256k1_xonly_pubkey pk; + CHECK(secp256k1_xonly_pubkey_parse(data->ctx, &pk, data->pk[i]) == 1); + CHECK(secp256k1_schnorrsig_verify(data->ctx, data->sigs[i], data->msgs[i], MSGLEN, &pk)); } } @@ -50,8 +50,8 @@ static void run_schnorrsig_bench(int iters, int argc, char** argv) { bench_schnorrsig_data data; int d = argc == 1; - data.ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); - data.keypairs = (const rustsecp256k1_v0_11_keypair **)malloc(iters * sizeof(rustsecp256k1_v0_11_keypair *)); + data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); + data.keypairs = (const secp256k1_keypair **)malloc(iters * sizeof(secp256k1_keypair *)); data.pk = (const unsigned char **)malloc(iters * sizeof(unsigned char *)); data.msgs = (const unsigned char **)malloc(iters * sizeof(unsigned char *)); data.sigs = (const unsigned char **)malloc(iters * sizeof(unsigned char *)); @@ -61,9 +61,9 @@ static void run_schnorrsig_bench(int iters, int argc, char** argv) { unsigned char sk[32]; unsigned char *msg = (unsigned char *)malloc(MSGLEN); unsigned char *sig = (unsigned char *)malloc(64); - rustsecp256k1_v0_11_keypair *keypair = (rustsecp256k1_v0_11_keypair *)malloc(sizeof(*keypair)); + secp256k1_keypair *keypair = (secp256k1_keypair *)malloc(sizeof(*keypair)); unsigned char *pk_char = (unsigned char *)malloc(32); - rustsecp256k1_v0_11_xonly_pubkey pk; + secp256k1_xonly_pubkey pk; msg[0] = sk[0] = i; msg[1] = sk[1] = i >> 8; msg[2] = sk[2] = i >> 16; @@ -76,10 +76,10 @@ static void run_schnorrsig_bench(int iters, int argc, char** argv) { data.msgs[i] = msg; data.sigs[i] = sig; - CHECK(rustsecp256k1_v0_11_keypair_create(data.ctx, keypair, sk)); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(data.ctx, sig, msg, MSGLEN, keypair, NULL)); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(data.ctx, &pk, NULL, keypair)); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(data.ctx, pk_char, &pk) == 1); + CHECK(secp256k1_keypair_create(data.ctx, keypair, sk)); + CHECK(secp256k1_schnorrsig_sign_custom(data.ctx, sig, msg, MSGLEN, keypair, NULL)); + CHECK(secp256k1_keypair_xonly_pub(data.ctx, &pk, NULL, keypair)); + CHECK(secp256k1_xonly_pubkey_serialize(data.ctx, pk_char, &pk) == 1); } if (d || have_flag(argc, argv, "schnorrsig") || have_flag(argc, argv, "sign") || have_flag(argc, argv, "schnorrsig_sign")) run_benchmark("schnorrsig_sign", bench_schnorrsig_sign, NULL, NULL, (void *) &data, 10, iters); @@ -98,7 +98,7 @@ static void run_schnorrsig_bench(int iters, int argc, char** argv) { free((void *)data.msgs); free((void *)data.sigs); - rustsecp256k1_v0_11_context_destroy(data.ctx); + secp256k1_context_destroy(data.ctx); } #endif diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/main_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/main_impl.h index 0fee9b54d..b410b19ec 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/main_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/main_impl.h @@ -13,8 +13,8 @@ /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("BIP0340/nonce")||SHA256("BIP0340/nonce"). */ -static void rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged(rustsecp256k1_v0_11_sha256 *sha) { - rustsecp256k1_v0_11_sha256_initialize(sha); +static void secp256k1_nonce_function_bip340_sha256_tagged(secp256k1_sha256 *sha) { + secp256k1_sha256_initialize(sha); sha->s[0] = 0x46615b35ul; sha->s[1] = 0xf4bfbff7ul; sha->s[2] = 0x9f8dc671ul; @@ -29,8 +29,8 @@ static void rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged(rustsecp256k /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("BIP0340/aux")||SHA256("BIP0340/aux"). */ -static void rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged_aux(rustsecp256k1_v0_11_sha256 *sha) { - rustsecp256k1_v0_11_sha256_initialize(sha); +static void secp256k1_nonce_function_bip340_sha256_tagged_aux(secp256k1_sha256 *sha) { + secp256k1_sha256_initialize(sha); sha->s[0] = 0x24dd3219ul; sha->s[1] = 0x4eba7e70ul; sha->s[2] = 0xca0fabb9ul; @@ -50,7 +50,7 @@ static const unsigned char bip340_algo[] = {'B', 'I', 'P', '0', '3', '4', '0', ' static const unsigned char schnorrsig_extraparams_magic[4] = SECP256K1_SCHNORRSIG_EXTRAPARAMS_MAGIC; static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void *data) { - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; unsigned char masked_key[32]; int i; @@ -59,9 +59,9 @@ static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *ms } if (data != NULL) { - rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged_aux(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, data, 32); - rustsecp256k1_v0_11_sha256_finalize(&sha, masked_key); + secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha); + secp256k1_sha256_write(&sha, data, 32); + secp256k1_sha256_finalize(&sha, masked_key); for (i = 0; i < 32; i++) { masked_key[i] ^= key32[i]; } @@ -82,27 +82,29 @@ static int nonce_function_bip340(unsigned char *nonce32, const unsigned char *ms * algorithms. If this nonce function is used in BIP-340 signing as defined * in the spec, an optimized tagging implementation is used. */ if (algolen == sizeof(bip340_algo) - && rustsecp256k1_v0_11_memcmp_var(algo, bip340_algo, algolen) == 0) { - rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged(&sha); + && secp256k1_memcmp_var(algo, bip340_algo, algolen) == 0) { + secp256k1_nonce_function_bip340_sha256_tagged(&sha); } else { - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, algo, algolen); + secp256k1_sha256_initialize_tagged(&sha, algo, algolen); } /* Hash masked-key||pk||msg using the tagged hash as per the spec */ - rustsecp256k1_v0_11_sha256_write(&sha, masked_key, 32); - rustsecp256k1_v0_11_sha256_write(&sha, xonly_pk32, 32); - rustsecp256k1_v0_11_sha256_write(&sha, msg, msglen); - rustsecp256k1_v0_11_sha256_finalize(&sha, nonce32); - rustsecp256k1_v0_11_sha256_clear(&sha); + secp256k1_sha256_write(&sha, masked_key, 32); + secp256k1_sha256_write(&sha, xonly_pk32, 32); + secp256k1_sha256_write(&sha, msg, msglen); + secp256k1_sha256_finalize(&sha, nonce32); + secp256k1_sha256_clear(&sha); + secp256k1_memclear_explicit(masked_key, sizeof(masked_key)); + return 1; } -const rustsecp256k1_v0_11_nonce_function_hardened rustsecp256k1_v0_11_nonce_function_bip340 = nonce_function_bip340; +const secp256k1_nonce_function_hardened secp256k1_nonce_function_bip340 = nonce_function_bip340; /* Initializes SHA256 with fixed midstate. This midstate was computed by applying * SHA256 to SHA256("BIP0340/challenge")||SHA256("BIP0340/challenge"). */ -static void rustsecp256k1_v0_11_schnorrsig_sha256_tagged(rustsecp256k1_v0_11_sha256 *sha) { - rustsecp256k1_v0_11_sha256_initialize(sha); +static void secp256k1_schnorrsig_sha256_tagged(secp256k1_sha256 *sha) { + secp256k1_sha256_initialize(sha); sha->s[0] = 0x9cecba11ul; sha->s[1] = 0x23925381ul; sha->s[2] = 0x11679112ul; @@ -114,118 +116,119 @@ static void rustsecp256k1_v0_11_schnorrsig_sha256_tagged(rustsecp256k1_v0_11_sha sha->bytes = 64; } -static void rustsecp256k1_v0_11_schnorrsig_challenge(rustsecp256k1_v0_11_scalar* e, const unsigned char *r32, const unsigned char *msg, size_t msglen, const unsigned char *pubkey32) +static void secp256k1_schnorrsig_challenge(secp256k1_scalar* e, const unsigned char *r32, const unsigned char *msg, size_t msglen, const unsigned char *pubkey32) { unsigned char buf[32]; - rustsecp256k1_v0_11_sha256 sha; + secp256k1_sha256 sha; /* tagged hash(r.x, pk.x, msg) */ - rustsecp256k1_v0_11_schnorrsig_sha256_tagged(&sha); - rustsecp256k1_v0_11_sha256_write(&sha, r32, 32); - rustsecp256k1_v0_11_sha256_write(&sha, pubkey32, 32); - rustsecp256k1_v0_11_sha256_write(&sha, msg, msglen); - rustsecp256k1_v0_11_sha256_finalize(&sha, buf); + secp256k1_schnorrsig_sha256_tagged(&sha); + secp256k1_sha256_write(&sha, r32, 32); + secp256k1_sha256_write(&sha, pubkey32, 32); + secp256k1_sha256_write(&sha, msg, msglen); + secp256k1_sha256_finalize(&sha, buf); /* Set scalar e to the challenge hash modulo the curve order as per * BIP340. */ - rustsecp256k1_v0_11_scalar_set_b32(e, buf, NULL); + secp256k1_scalar_set_b32(e, buf, NULL); } -static int rustsecp256k1_v0_11_schnorrsig_sign_internal(const rustsecp256k1_v0_11_context* ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const rustsecp256k1_v0_11_keypair *keypair, rustsecp256k1_v0_11_nonce_function_hardened noncefp, void *ndata) { - rustsecp256k1_v0_11_scalar sk; - rustsecp256k1_v0_11_scalar e; - rustsecp256k1_v0_11_scalar k; - rustsecp256k1_v0_11_gej rj; - rustsecp256k1_v0_11_ge pk; - rustsecp256k1_v0_11_ge r; - unsigned char buf[32] = { 0 }; +static int secp256k1_schnorrsig_sign_internal(const secp256k1_context* ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_nonce_function_hardened noncefp, void *ndata) { + secp256k1_scalar sk; + secp256k1_scalar e; + secp256k1_scalar k; + secp256k1_gej rj; + secp256k1_ge pk; + secp256k1_ge r; + unsigned char nonce32[32] = { 0 }; unsigned char pk_buf[32]; unsigned char seckey[32]; int ret = 1; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(sig64 != NULL); ARG_CHECK(msg != NULL || msglen == 0); ARG_CHECK(keypair != NULL); if (noncefp == NULL) { - noncefp = rustsecp256k1_v0_11_nonce_function_bip340; + noncefp = secp256k1_nonce_function_bip340; } - ret &= rustsecp256k1_v0_11_keypair_load(ctx, &sk, &pk, keypair); + ret &= secp256k1_keypair_load(ctx, &sk, &pk, keypair); /* Because we are signing for a x-only pubkey, the secret key is negated * before signing if the point corresponding to the secret key does not * have an even Y. */ - if (rustsecp256k1_v0_11_fe_is_odd(&pk.y)) { - rustsecp256k1_v0_11_scalar_negate(&sk, &sk); + if (secp256k1_fe_is_odd(&pk.y)) { + secp256k1_scalar_negate(&sk, &sk); } - rustsecp256k1_v0_11_scalar_get_b32(seckey, &sk); - rustsecp256k1_v0_11_fe_get_b32(pk_buf, &pk.x); - ret &= !!noncefp(buf, msg, msglen, seckey, pk_buf, bip340_algo, sizeof(bip340_algo), ndata); - rustsecp256k1_v0_11_scalar_set_b32(&k, buf, NULL); - ret &= !rustsecp256k1_v0_11_scalar_is_zero(&k); - rustsecp256k1_v0_11_scalar_cmov(&k, &rustsecp256k1_v0_11_scalar_one, !ret); + secp256k1_scalar_get_b32(seckey, &sk); + secp256k1_fe_get_b32(pk_buf, &pk.x); + ret &= !!noncefp(nonce32, msg, msglen, seckey, pk_buf, bip340_algo, sizeof(bip340_algo), ndata); + secp256k1_scalar_set_b32(&k, nonce32, NULL); + ret &= !secp256k1_scalar_is_zero(&k); + secp256k1_scalar_cmov(&k, &secp256k1_scalar_one, !ret); - rustsecp256k1_v0_11_ecmult_gen(&ctx->ecmult_gen_ctx, &rj, &k); - rustsecp256k1_v0_11_ge_set_gej(&r, &rj); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &rj, &k); + secp256k1_ge_set_gej(&r, &rj); /* We declassify r to allow using it as a branch point. This is fine * because r is not a secret. */ - rustsecp256k1_v0_11_declassify(ctx, &r, sizeof(r)); - rustsecp256k1_v0_11_fe_normalize_var(&r.y); - if (rustsecp256k1_v0_11_fe_is_odd(&r.y)) { - rustsecp256k1_v0_11_scalar_negate(&k, &k); + secp256k1_declassify(ctx, &r, sizeof(r)); + secp256k1_fe_normalize_var(&r.y); + if (secp256k1_fe_is_odd(&r.y)) { + secp256k1_scalar_negate(&k, &k); } - rustsecp256k1_v0_11_fe_normalize_var(&r.x); - rustsecp256k1_v0_11_fe_get_b32(&sig64[0], &r.x); + secp256k1_fe_normalize_var(&r.x); + secp256k1_fe_get_b32(&sig64[0], &r.x); - rustsecp256k1_v0_11_schnorrsig_challenge(&e, &sig64[0], msg, msglen, pk_buf); - rustsecp256k1_v0_11_scalar_mul(&e, &e, &sk); - rustsecp256k1_v0_11_scalar_add(&e, &e, &k); - rustsecp256k1_v0_11_scalar_get_b32(&sig64[32], &e); + secp256k1_schnorrsig_challenge(&e, &sig64[0], msg, msglen, pk_buf); + secp256k1_scalar_mul(&e, &e, &sk); + secp256k1_scalar_add(&e, &e, &k); + secp256k1_scalar_get_b32(&sig64[32], &e); - rustsecp256k1_v0_11_memczero(sig64, 64, !ret); - rustsecp256k1_v0_11_scalar_clear(&k); - rustsecp256k1_v0_11_scalar_clear(&sk); - rustsecp256k1_v0_11_memclear(seckey, sizeof(seckey)); - rustsecp256k1_v0_11_gej_clear(&rj); + secp256k1_memczero(sig64, 64, !ret); + secp256k1_scalar_clear(&k); + secp256k1_scalar_clear(&sk); + secp256k1_memclear_explicit(seckey, sizeof(seckey)); + secp256k1_memclear_explicit(nonce32, sizeof(nonce32)); + secp256k1_gej_clear(&rj); return ret; } -int rustsecp256k1_v0_11_schnorrsig_sign32(const rustsecp256k1_v0_11_context* ctx, unsigned char *sig64, const unsigned char *msg32, const rustsecp256k1_v0_11_keypair *keypair, const unsigned char *aux_rand32) { +int secp256k1_schnorrsig_sign32(const secp256k1_context* ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32) { /* We cast away const from the passed aux_rand32 argument since we know the default nonce function does not modify it. */ - return rustsecp256k1_v0_11_schnorrsig_sign_internal(ctx, sig64, msg32, 32, keypair, rustsecp256k1_v0_11_nonce_function_bip340, (unsigned char*)aux_rand32); + return secp256k1_schnorrsig_sign_internal(ctx, sig64, msg32, 32, keypair, secp256k1_nonce_function_bip340, (unsigned char*)aux_rand32); } -int rustsecp256k1_v0_11_schnorrsig_sign(const rustsecp256k1_v0_11_context* ctx, unsigned char *sig64, const unsigned char *msg32, const rustsecp256k1_v0_11_keypair *keypair, const unsigned char *aux_rand32) { - return rustsecp256k1_v0_11_schnorrsig_sign32(ctx, sig64, msg32, keypair, aux_rand32); +int secp256k1_schnorrsig_sign(const secp256k1_context* ctx, unsigned char *sig64, const unsigned char *msg32, const secp256k1_keypair *keypair, const unsigned char *aux_rand32) { + return secp256k1_schnorrsig_sign32(ctx, sig64, msg32, keypair, aux_rand32); } -int rustsecp256k1_v0_11_schnorrsig_sign_custom(const rustsecp256k1_v0_11_context* ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const rustsecp256k1_v0_11_keypair *keypair, rustsecp256k1_v0_11_schnorrsig_extraparams *extraparams) { - rustsecp256k1_v0_11_nonce_function_hardened noncefp = NULL; +int secp256k1_schnorrsig_sign_custom(const secp256k1_context* ctx, unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_keypair *keypair, secp256k1_schnorrsig_extraparams *extraparams) { + secp256k1_nonce_function_hardened noncefp = NULL; void *ndata = NULL; VERIFY_CHECK(ctx != NULL); if (extraparams != NULL) { - ARG_CHECK(rustsecp256k1_v0_11_memcmp_var(extraparams->magic, + ARG_CHECK(secp256k1_memcmp_var(extraparams->magic, schnorrsig_extraparams_magic, sizeof(extraparams->magic)) == 0); noncefp = extraparams->noncefp; ndata = extraparams->ndata; } - return rustsecp256k1_v0_11_schnorrsig_sign_internal(ctx, sig64, msg, msglen, keypair, noncefp, ndata); + return secp256k1_schnorrsig_sign_internal(ctx, sig64, msg, msglen, keypair, noncefp, ndata); } -int rustsecp256k1_v0_11_schnorrsig_verify(const rustsecp256k1_v0_11_context* ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const rustsecp256k1_v0_11_xonly_pubkey *pubkey) { - rustsecp256k1_v0_11_scalar s; - rustsecp256k1_v0_11_scalar e; - rustsecp256k1_v0_11_gej rj; - rustsecp256k1_v0_11_ge pk; - rustsecp256k1_v0_11_gej pkj; - rustsecp256k1_v0_11_fe rx; - rustsecp256k1_v0_11_ge r; +int secp256k1_schnorrsig_verify(const secp256k1_context* ctx, const unsigned char *sig64, const unsigned char *msg, size_t msglen, const secp256k1_xonly_pubkey *pubkey) { + secp256k1_scalar s; + secp256k1_scalar e; + secp256k1_gej rj; + secp256k1_ge pk; + secp256k1_gej pkj; + secp256k1_fe rx; + secp256k1_ge r; unsigned char buf[32]; int overflow; @@ -234,36 +237,36 @@ int rustsecp256k1_v0_11_schnorrsig_verify(const rustsecp256k1_v0_11_context* ctx ARG_CHECK(msg != NULL || msglen == 0); ARG_CHECK(pubkey != NULL); - if (!rustsecp256k1_v0_11_fe_set_b32_limit(&rx, &sig64[0])) { + if (!secp256k1_fe_set_b32_limit(&rx, &sig64[0])) { return 0; } - rustsecp256k1_v0_11_scalar_set_b32(&s, &sig64[32], &overflow); + secp256k1_scalar_set_b32(&s, &sig64[32], &overflow); if (overflow) { return 0; } - if (!rustsecp256k1_v0_11_xonly_pubkey_load(ctx, &pk, pubkey)) { + if (!secp256k1_xonly_pubkey_load(ctx, &pk, pubkey)) { return 0; } /* Compute e. */ - rustsecp256k1_v0_11_fe_get_b32(buf, &pk.x); - rustsecp256k1_v0_11_schnorrsig_challenge(&e, &sig64[0], msg, msglen, buf); + secp256k1_fe_get_b32(buf, &pk.x); + secp256k1_schnorrsig_challenge(&e, &sig64[0], msg, msglen, buf); /* Compute rj = s*G + (-e)*pkj */ - rustsecp256k1_v0_11_scalar_negate(&e, &e); - rustsecp256k1_v0_11_gej_set_ge(&pkj, &pk); - rustsecp256k1_v0_11_ecmult(&rj, &pkj, &e, &s); + secp256k1_scalar_negate(&e, &e); + secp256k1_gej_set_ge(&pkj, &pk); + secp256k1_ecmult(&rj, &pkj, &e, &s); - rustsecp256k1_v0_11_ge_set_gej_var(&r, &rj); - if (rustsecp256k1_v0_11_ge_is_infinity(&r)) { + secp256k1_ge_set_gej_var(&r, &rj); + if (secp256k1_ge_is_infinity(&r)) { return 0; } - rustsecp256k1_v0_11_fe_normalize_var(&r.y); - return !rustsecp256k1_v0_11_fe_is_odd(&r.y) && - rustsecp256k1_v0_11_fe_equal(&rx, &r.x); + secp256k1_fe_normalize_var(&r.y); + return !secp256k1_fe_is_odd(&r.y) && + secp256k1_fe_equal(&rx, &r.x); } #endif diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h index b8a4a90e7..601b54975 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_exhaustive_impl.h @@ -58,12 +58,12 @@ static const unsigned char invalid_pubkey_bytes[][32] = { #define NUM_INVALID_KEYS (sizeof(invalid_pubkey_bytes) / sizeof(invalid_pubkey_bytes[0])) -static int rustsecp256k1_v0_11_hardened_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg, +static int secp256k1_hardened_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg, size_t msglen, const unsigned char *key32, const unsigned char *xonly_pk32, const unsigned char *algo, size_t algolen, void* data) { - rustsecp256k1_v0_11_scalar s; + secp256k1_scalar s; int *idata = data; (void)msg; (void)msglen; @@ -71,12 +71,12 @@ static int rustsecp256k1_v0_11_hardened_nonce_function_smallint(unsigned char *n (void)xonly_pk32; (void)algo; (void)algolen; - rustsecp256k1_v0_11_scalar_set_int(&s, *idata); - rustsecp256k1_v0_11_scalar_get_b32(nonce32, &s); + secp256k1_scalar_set_int(&s, *idata); + secp256k1_scalar_get_b32(nonce32, &s); return 1; } -static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_xonly_pubkey* pubkeys, unsigned char (*xonly_pubkey_bytes)[32], const int* parities) { +static void test_exhaustive_schnorrsig_verify(const secp256k1_context *ctx, const secp256k1_xonly_pubkey* pubkeys, unsigned char (*xonly_pubkey_bytes)[32], const int* parities) { int d; uint64_t iter = 0; /* Iterate over the possible public keys to verify against (through their corresponding DL d). */ @@ -102,10 +102,10 @@ static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_11_context } /* Randomly generate messages until all challenges have been hit. */ while (e_count_done < EXHAUSTIVE_TEST_ORDER) { - rustsecp256k1_v0_11_scalar e; + secp256k1_scalar e; unsigned char msg32[32]; testrand256(msg32); - rustsecp256k1_v0_11_schnorrsig_challenge(&e, sig64, msg32, sizeof(msg32), pk32); + secp256k1_schnorrsig_challenge(&e, sig64, msg32, sizeof(msg32), pk32); /* Only do work if we hit a challenge we haven't tried before. */ if (!e_done[e]) { /* Iterate over the possible valid last 32 bytes in the signature. @@ -116,14 +116,14 @@ static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_11_context int expect_valid, valid; if (s <= EXHAUSTIVE_TEST_ORDER) { memset(sig64 + 32, 0, 32); - rustsecp256k1_v0_11_write_be32(sig64 + 60, s); + secp256k1_write_be32(sig64 + 60, s); expect_valid = actual_k != -1 && s != EXHAUSTIVE_TEST_ORDER && (s == (actual_k + actual_d * e) % EXHAUSTIVE_TEST_ORDER); } else { testrand256(sig64 + 32); expect_valid = 0; } - valid = rustsecp256k1_v0_11_schnorrsig_verify(ctx, sig64, msg32, sizeof(msg32), &pubkeys[d - 1]); + valid = secp256k1_schnorrsig_verify(ctx, sig64, msg32, sizeof(msg32), &pubkeys[d - 1]); CHECK(valid == expect_valid); count_valid += valid; } @@ -138,10 +138,10 @@ static void test_exhaustive_schnorrsig_verify(const rustsecp256k1_v0_11_context } } -static void test_exhaustive_schnorrsig_sign(const rustsecp256k1_v0_11_context *ctx, unsigned char (*xonly_pubkey_bytes)[32], const rustsecp256k1_v0_11_keypair* keypairs, const int* parities) { +static void test_exhaustive_schnorrsig_sign(const secp256k1_context *ctx, unsigned char (*xonly_pubkey_bytes)[32], const secp256k1_keypair* keypairs, const int* parities) { int d, k; uint64_t iter = 0; - rustsecp256k1_v0_11_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; + secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; /* Loop over keys. */ for (d = 1; d < EXHAUSTIVE_TEST_ORDER; ++d) { @@ -155,25 +155,25 @@ static void test_exhaustive_schnorrsig_sign(const rustsecp256k1_v0_11_context *c unsigned char sig64[64]; int actual_k = k; if (skip_section(&iter)) continue; - extraparams.noncefp = rustsecp256k1_v0_11_hardened_nonce_function_smallint; + extraparams.noncefp = secp256k1_hardened_nonce_function_smallint; extraparams.ndata = &k; if (parities[k - 1]) actual_k = EXHAUSTIVE_TEST_ORDER - k; /* Generate random messages until all challenges have been tried. */ while (e_count_done < EXHAUSTIVE_TEST_ORDER) { - rustsecp256k1_v0_11_scalar e; + secp256k1_scalar e; testrand256(msg32); - rustsecp256k1_v0_11_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, sizeof(msg32), xonly_pubkey_bytes[d - 1]); + secp256k1_schnorrsig_challenge(&e, xonly_pubkey_bytes[k - 1], msg32, sizeof(msg32), xonly_pubkey_bytes[d - 1]); /* Only do work if we hit a challenge we haven't tried before. */ if (!e_done[e]) { - rustsecp256k1_v0_11_scalar expected_s = (actual_k + e * actual_d) % EXHAUSTIVE_TEST_ORDER; + secp256k1_scalar expected_s = (actual_k + e * actual_d) % EXHAUSTIVE_TEST_ORDER; unsigned char expected_s_bytes[32]; - rustsecp256k1_v0_11_scalar_get_b32(expected_s_bytes, &expected_s); + secp256k1_scalar_get_b32(expected_s_bytes, &expected_s); /* Invoke the real function to construct a signature. */ - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(ctx, sig64, msg32, sizeof(msg32), &keypairs[d - 1], &extraparams)); + CHECK(secp256k1_schnorrsig_sign_custom(ctx, sig64, msg32, sizeof(msg32), &keypairs[d - 1], &extraparams)); /* The first 32 bytes must match the xonly pubkey for the specified k. */ - CHECK(rustsecp256k1_v0_11_memcmp_var(sig64, xonly_pubkey_bytes[k - 1], 32) == 0); + CHECK(secp256k1_memcmp_var(sig64, xonly_pubkey_bytes[k - 1], 32) == 0); /* The last 32 bytes must match the expected s value. */ - CHECK(rustsecp256k1_v0_11_memcmp_var(sig64 + 32, expected_s_bytes, 32) == 0); + CHECK(secp256k1_memcmp_var(sig64 + 32, expected_s_bytes, 32) == 0); /* Don't retry other messages that result in the same challenge. */ e_done[e] = 1; ++e_count_done; @@ -183,28 +183,28 @@ static void test_exhaustive_schnorrsig_sign(const rustsecp256k1_v0_11_context *c } } -static void test_exhaustive_schnorrsig(const rustsecp256k1_v0_11_context *ctx) { - rustsecp256k1_v0_11_keypair keypair[EXHAUSTIVE_TEST_ORDER - 1]; - rustsecp256k1_v0_11_xonly_pubkey xonly_pubkey[EXHAUSTIVE_TEST_ORDER - 1]; +static void test_exhaustive_schnorrsig(const secp256k1_context *ctx) { + secp256k1_keypair keypair[EXHAUSTIVE_TEST_ORDER - 1]; + secp256k1_xonly_pubkey xonly_pubkey[EXHAUSTIVE_TEST_ORDER - 1]; int parity[EXHAUSTIVE_TEST_ORDER - 1]; unsigned char xonly_pubkey_bytes[EXHAUSTIVE_TEST_ORDER - 1][32]; unsigned i; /* Verify that all invalid_pubkey_bytes are actually invalid. */ for (i = 0; i < NUM_INVALID_KEYS; ++i) { - rustsecp256k1_v0_11_xonly_pubkey pk; - CHECK(!rustsecp256k1_v0_11_xonly_pubkey_parse(ctx, &pk, invalid_pubkey_bytes[i])); + secp256k1_xonly_pubkey pk; + CHECK(!secp256k1_xonly_pubkey_parse(ctx, &pk, invalid_pubkey_bytes[i])); } /* Construct keypairs and xonly-pubkeys for the entire group. */ for (i = 1; i < EXHAUSTIVE_TEST_ORDER; ++i) { - rustsecp256k1_v0_11_scalar scalar_i; + secp256k1_scalar scalar_i; unsigned char buf[32]; - rustsecp256k1_v0_11_scalar_set_int(&scalar_i, i); - rustsecp256k1_v0_11_scalar_get_b32(buf, &scalar_i); - CHECK(rustsecp256k1_v0_11_keypair_create(ctx, &keypair[i - 1], buf)); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(ctx, &xonly_pubkey[i - 1], &parity[i - 1], &keypair[i - 1])); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(ctx, xonly_pubkey_bytes[i - 1], &xonly_pubkey[i - 1])); + secp256k1_scalar_set_int(&scalar_i, i); + secp256k1_scalar_get_b32(buf, &scalar_i); + CHECK(secp256k1_keypair_create(ctx, &keypair[i - 1], buf)); + CHECK(secp256k1_keypair_xonly_pub(ctx, &xonly_pubkey[i - 1], &parity[i - 1], &keypair[i - 1])); + CHECK(secp256k1_xonly_pubkey_serialize(ctx, xonly_pubkey_bytes[i - 1], &xonly_pubkey[i - 1])); } test_exhaustive_schnorrsig_sign(ctx, xonly_pubkey_bytes, keypair, parity); diff --git a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_impl.h b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_impl.h index ff40eff5f..5abbeefe0 100644 --- a/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/modules/schnorrsig/tests_impl.h @@ -17,16 +17,17 @@ static void nonce_function_bip340_bitflip(unsigned char **args, size_t n_flip, s CHECK(nonce_function_bip340(nonces[0], args[0], msglen, args[1], args[2], args[3], algolen, args[4]) == 1); testrand_flip(args[n_flip], n_bytes); CHECK(nonce_function_bip340(nonces[1], args[0], msglen, args[1], args[2], args[3], algolen, args[4]) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonces[0], nonces[1], 32) != 0); + CHECK(secp256k1_memcmp_var(nonces[0], nonces[1], 32) != 0); } static void run_nonce_function_bip340_tests(void) { - unsigned char tag[] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'n', 'o', 'n', 'c', 'e'}; - unsigned char aux_tag[] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'a', 'u', 'x'}; + /* "BIP0340/nonce" */ + static const unsigned char tag[] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'n', 'o', 'n', 'c', 'e'}; + /* "BIP0340/aux" */ + static const unsigned char aux_tag[] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'a', 'u', 'x'}; unsigned char algo[] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'n', 'o', 'n', 'c', 'e'}; size_t algolen = sizeof(algo); - rustsecp256k1_v0_11_sha256 sha; - rustsecp256k1_v0_11_sha256 sha_optimized; + secp256k1_sha256 sha_optimized; unsigned char nonce[32], nonce_z[32]; unsigned char msg[32]; size_t msglen = sizeof(msg); @@ -37,18 +38,17 @@ static void run_nonce_function_bip340_tests(void) { int i; /* Check that hash initialized by - * rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged has the expected + * secp256k1_nonce_function_bip340_sha256_tagged has the expected * state. */ - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, tag, sizeof(tag)); - rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged(&sha_optimized); - test_sha256_eq(&sha, &sha_optimized); + secp256k1_nonce_function_bip340_sha256_tagged(&sha_optimized); + test_sha256_tag_midstate(&sha_optimized, tag, sizeof(tag)); + /* Check that hash initialized by - * rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged_aux has the expected + * secp256k1_nonce_function_bip340_sha256_tagged_aux has the expected * state. */ - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, aux_tag, sizeof(aux_tag)); - rustsecp256k1_v0_11_nonce_function_bip340_sha256_tagged_aux(&sha_optimized); - test_sha256_eq(&sha, &sha_optimized); + secp256k1_nonce_function_bip340_sha256_tagged_aux(&sha_optimized); + test_sha256_tag_midstate(&sha_optimized, aux_tag, sizeof(aux_tag)); testrand256(msg); testrand256(key); @@ -87,20 +87,20 @@ static void run_nonce_function_bip340_tests(void) { /* Different msglen gives different nonce */ CHECK(nonce_function_bip340(nonce2, msg, msglen_tmp, key, pk, algo, algolen, NULL) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce, nonce2, 32) != 0); + CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0); /* Different algolen gives different nonce */ offset = testrand_int(algolen - 1); algolen_tmp = (algolen + offset) % algolen; CHECK(nonce_function_bip340(nonce2, msg, msglen, key, pk, algo, algolen_tmp, NULL) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce, nonce2, 32) != 0); + CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0); } /* NULL aux_rand argument is allowed, and identical to passing all zero aux_rand. */ memset(aux_rand, 0, 32); CHECK(nonce_function_bip340(nonce_z, msg, msglen, key, pk, algo, algolen, &aux_rand) == 1); CHECK(nonce_function_bip340(nonce, msg, msglen, key, pk, algo, algolen, NULL) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce_z, nonce, 32) == 0); + CHECK(secp256k1_memcmp_var(nonce_z, nonce, 32) == 0); } static void test_schnorrsig_api(void) { @@ -108,62 +108,62 @@ static void test_schnorrsig_api(void) { unsigned char sk2[32]; unsigned char sk3[32]; unsigned char msg[32]; - rustsecp256k1_v0_11_keypair keypairs[3]; - rustsecp256k1_v0_11_keypair invalid_keypair = {{ 0 }}; - rustsecp256k1_v0_11_xonly_pubkey pk[3]; - rustsecp256k1_v0_11_xonly_pubkey zero_pk; + secp256k1_keypair keypairs[3]; + secp256k1_keypair invalid_keypair = {{ 0 }}; + secp256k1_xonly_pubkey pk[3]; + secp256k1_xonly_pubkey zero_pk; unsigned char sig[64]; - rustsecp256k1_v0_11_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; - rustsecp256k1_v0_11_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL}; + secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; + secp256k1_schnorrsig_extraparams invalid_extraparams = {{ 0 }, NULL, NULL}; testrand256(sk1); testrand256(sk2); testrand256(sk3); testrand256(msg); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypairs[0], sk1) == 1); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypairs[1], sk2) == 1); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypairs[2], sk3) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &pk[0], NULL, &keypairs[0]) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &pk[1], NULL, &keypairs[1]) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &pk[2], NULL, &keypairs[2]) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypairs[0], sk1) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypairs[1], sk2) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypairs[2], sk3) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[0], NULL, &keypairs[0]) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[1], NULL, &keypairs[1]) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk[2], NULL, &keypairs[2]) == 1); memset(&zero_pk, 0, sizeof(zero_pk)); /** main test body **/ - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign32(CTX, NULL, msg, &keypairs[0], NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig, NULL, &keypairs[0], NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig, msg, NULL, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig, msg, &invalid_keypair, NULL)); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_schnorrsig_sign32(STATIC_CTX, sig, msg, &keypairs[0], NULL)); - - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, NULL, msg, sizeof(msg), &keypairs[0], &extraparams)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, NULL, sizeof(msg), &keypairs[0], &extraparams)); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, NULL, 0, &keypairs[0], &extraparams) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), NULL, &extraparams)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &invalid_keypair, &extraparams)); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams)); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_schnorrsig_sign_custom(STATIC_CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams)); - - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk[0]) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_verify(CTX, NULL, msg, sizeof(msg), &pk[0])); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, NULL, sizeof(msg), &pk[0])); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, NULL, 0, &pk[0]) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, sizeof(msg), NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &zero_pk)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign32(CTX, NULL, msg, &keypairs[0], NULL)); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign32(CTX, sig, NULL, &keypairs[0], NULL)); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign32(CTX, sig, msg, NULL, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign32(CTX, sig, msg, &invalid_keypair, NULL)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_schnorrsig_sign32(STATIC_CTX, sig, msg, &keypairs[0], NULL)); + + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams) == 1); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, NULL, msg, sizeof(msg), &keypairs[0], &extraparams)); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, sizeof(msg), &keypairs[0], &extraparams)); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, NULL, 0, &keypairs[0], &extraparams) == 1); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), NULL, &extraparams)); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &invalid_keypair, &extraparams)); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], NULL) == 1); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypairs[0], &invalid_extraparams)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_schnorrsig_sign_custom(STATIC_CTX, sig, msg, sizeof(msg), &keypairs[0], &extraparams)); + + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypairs[0], NULL) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk[0]) == 1); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_verify(CTX, NULL, msg, sizeof(msg), &pk[0])); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_verify(CTX, sig, NULL, sizeof(msg), &pk[0])); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, NULL, 0, &pk[0]) == 0); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), NULL)); + CHECK_ILLEGAL(CTX, secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &zero_pk)); } -/* Checks that hash initialized by rustsecp256k1_v0_11_schnorrsig_sha256_tagged has the +/* Checks that hash initialized by secp256k1_schnorrsig_sha256_tagged has the * expected state. */ static void test_schnorrsig_sha256_tagged(void) { unsigned char tag[] = {'B', 'I', 'P', '0', '3', '4', '0', '/', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e'}; - rustsecp256k1_v0_11_sha256 sha; - rustsecp256k1_v0_11_sha256 sha_optimized; + secp256k1_sha256 sha; + secp256k1_sha256 sha_optimized; - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, (unsigned char *) tag, sizeof(tag)); - rustsecp256k1_v0_11_schnorrsig_sha256_tagged(&sha_optimized); + secp256k1_sha256_initialize_tagged(&sha, (unsigned char *) tag, sizeof(tag)); + secp256k1_schnorrsig_sha256_tagged(&sha_optimized); test_sha256_eq(&sha, &sha_optimized); } @@ -171,34 +171,34 @@ static void test_schnorrsig_sha256_tagged(void) { * Signs the message and checks that it's the same as expected_sig. */ static void test_schnorrsig_bip_vectors_check_signing(const unsigned char *sk, const unsigned char *pk_serialized, const unsigned char *aux_rand, const unsigned char *msg, size_t msglen, const unsigned char *expected_sig) { unsigned char sig[64]; - rustsecp256k1_v0_11_keypair keypair; - rustsecp256k1_v0_11_xonly_pubkey pk, pk_expected; + secp256k1_keypair keypair; + secp256k1_xonly_pubkey pk, pk_expected; - rustsecp256k1_v0_11_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; + secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; extraparams.ndata = (unsigned char*)aux_rand; - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk)); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, msglen, &keypair, &extraparams)); - CHECK(rustsecp256k1_v0_11_memcmp_var(sig, expected_sig, 64) == 0); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, msglen, &keypair, &extraparams)); + CHECK(secp256k1_memcmp_var(sig, expected_sig, 64) == 0); if (msglen == 32) { memset(sig, 0, 64); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig, msg, &keypair, aux_rand)); - CHECK(rustsecp256k1_v0_11_memcmp_var(sig, expected_sig, 64) == 0); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, aux_rand)); + CHECK(secp256k1_memcmp_var(sig, expected_sig, 64) == 0); } - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &pk_expected, pk_serialized)); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pk, &pk_expected, sizeof(pk)) == 0); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, msglen, &pk)); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk_expected, pk_serialized)); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); + CHECK(secp256k1_memcmp_var(&pk, &pk_expected, sizeof(pk)) == 0); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, msglen, &pk)); } /* Helper function for schnorrsig_bip_vectors * Checks that both verify and verify_batch (TODO) return the same value as expected. */ static void test_schnorrsig_bip_vectors_check_verify(const unsigned char *pk_serialized, const unsigned char *msg, size_t msglen, const unsigned char *sig, int expected) { - rustsecp256k1_v0_11_xonly_pubkey pk; + secp256k1_xonly_pubkey pk; - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &pk, pk_serialized)); - CHECK(expected == rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, msglen, &pk)); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &pk, pk_serialized)); + CHECK(expected == secp256k1_schnorrsig_verify(CTX, sig, msg, msglen, &pk)); } /* Test vectors according to BIP-340 ("Schnorr Signatures for secp256k1"). See @@ -394,9 +394,9 @@ static void test_schnorrsig_bip_vectors(void) { 0xEB, 0x98, 0x98, 0xAE, 0x79, 0xB9, 0x76, 0x87, 0x66, 0xE4, 0xFA, 0xA0, 0x4A, 0x2D, 0x4A, 0x34 }; - rustsecp256k1_v0_11_xonly_pubkey pk_parsed; + secp256k1_xonly_pubkey pk_parsed; /* No need to check the signature of the test vector as parsing the pubkey already fails */ - CHECK(!rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &pk_parsed, pk)); + CHECK(!secp256k1_xonly_pubkey_parse(CTX, &pk_parsed, pk)); } { /* Test vector 6 */ @@ -614,9 +614,9 @@ static void test_schnorrsig_bip_vectors(void) { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x30 }; - rustsecp256k1_v0_11_xonly_pubkey pk_parsed; + secp256k1_xonly_pubkey pk_parsed; /* No need to check the signature of the test vector as parsing the pubkey already fails */ - CHECK(!rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &pk_parsed, pk)); + CHECK(!secp256k1_xonly_pubkey_parse(CTX, &pk_parsed, pk)); } { /* Test vector 15 */ @@ -804,48 +804,48 @@ static int nonce_function_overflowing(unsigned char *nonce32, const unsigned cha static void test_schnorrsig_sign(void) { unsigned char sk[32]; - rustsecp256k1_v0_11_xonly_pubkey pk; - rustsecp256k1_v0_11_keypair keypair; + secp256k1_xonly_pubkey pk; + secp256k1_keypair keypair; const unsigned char msg[] = {'t', 'h', 'i', 's', ' ', 'i', 's', ' ', 'a', ' ', 'm', 's', 'g', ' ', 'f', 'o', 'r', ' ', 'a', ' ', 's', 'c', 'h', 'n', 'o', 'r', 'r', 's', 'i', 'g', '.', '.'}; unsigned char sig[64]; unsigned char sig2[64]; unsigned char zeros64[64] = { 0 }; - rustsecp256k1_v0_11_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; + secp256k1_schnorrsig_extraparams extraparams = SECP256K1_SCHNORRSIG_EXTRAPARAMS_INIT; unsigned char aux_rand[32]; testrand256(sk); testrand256(aux_rand); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk)); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); /* Check that deprecated alias gives the same result */ - CHECK(rustsecp256k1_v0_11_schnorrsig_sign(CTX, sig2, msg, &keypair, NULL) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(sig, sig2, sizeof(sig)) == 0); + CHECK(secp256k1_schnorrsig_sign(CTX, sig2, msg, &keypair, NULL) == 1); + CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0); /* Test different nonce functions */ - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); memset(sig, 1, sizeof(sig)); extraparams.noncefp = nonce_function_failing; - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(sig, zeros64, sizeof(sig)) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); + CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0); memset(&sig, 1, sizeof(sig)); extraparams.noncefp = nonce_function_0; - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(sig, zeros64, sizeof(sig)) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 0); + CHECK(secp256k1_memcmp_var(sig, zeros64, sizeof(sig)) == 0); memset(&sig, 1, sizeof(sig)); extraparams.noncefp = nonce_function_overflowing; - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &pk)); /* When using the default nonce function, schnorrsig_sign_custom produces * the same result as schnorrsig_sign with aux_rand = extraparams.ndata */ extraparams.noncefp = NULL; extraparams.ndata = aux_rand; - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig2, msg, &keypair, extraparams.ndata) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(sig, sig2, sizeof(sig)) == 0); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig, msg, sizeof(msg), &keypair, &extraparams) == 1); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig2, msg, &keypair, extraparams.ndata) == 1); + CHECK(secp256k1_memcmp_var(sig, sig2, sizeof(sig)) == 0); } #define N_SIGS 3 @@ -857,18 +857,18 @@ static void test_schnorrsig_sign_verify(void) { unsigned char msg[N_SIGS][32]; unsigned char sig[N_SIGS][64]; size_t i; - rustsecp256k1_v0_11_keypair keypair; - rustsecp256k1_v0_11_xonly_pubkey pk; - rustsecp256k1_v0_11_scalar s; + secp256k1_keypair keypair; + secp256k1_xonly_pubkey pk; + secp256k1_scalar s; testrand256(sk); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk)); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk)); + CHECK(secp256k1_keypair_xonly_pub(CTX, &pk, NULL, &keypair)); for (i = 0; i < N_SIGS; i++) { testrand256(msg[i]); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig[i], msg[i], &keypair, NULL)); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[i], msg[i], sizeof(msg[i]), &pk)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[i], msg[i], &keypair, NULL)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[i], msg[i], sizeof(msg[i]), &pk)); } { @@ -878,40 +878,40 @@ static void test_schnorrsig_sign_verify(void) { size_t byte_idx = testrand_bits(5); unsigned char xorbyte = testrand_int(254)+1; sig[sig_idx][byte_idx] ^= xorbyte; - CHECK(!rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); sig[sig_idx][byte_idx] ^= xorbyte; byte_idx = testrand_bits(5); sig[sig_idx][32+byte_idx] ^= xorbyte; - CHECK(!rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); sig[sig_idx][32+byte_idx] ^= xorbyte; byte_idx = testrand_bits(5); msg[sig_idx][byte_idx] ^= xorbyte; - CHECK(!rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); msg[sig_idx][byte_idx] ^= xorbyte; /* Check that above bitflips have been reversed correctly */ - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[sig_idx], msg[sig_idx], sizeof(msg[sig_idx]), &pk)); } /* Test overflowing s */ - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); memset(&sig[0][32], 0xFF, 32); - CHECK(!rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); /* Test negative s */ - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); - rustsecp256k1_v0_11_scalar_set_b32(&s, &sig[0][32], NULL); - rustsecp256k1_v0_11_scalar_negate(&s, &s); - rustsecp256k1_v0_11_scalar_get_b32(&sig[0][32], &s); - CHECK(!rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig[0], msg[0], &keypair, NULL)); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); + secp256k1_scalar_set_b32(&s, &sig[0][32], NULL); + secp256k1_scalar_negate(&s, &s); + secp256k1_scalar_get_b32(&sig[0][32], &s); + CHECK(!secp256k1_schnorrsig_verify(CTX, sig[0], msg[0], sizeof(msg[0]), &pk)); /* The empty message can be signed & verified */ - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig[0], NULL, 0, &keypair, NULL) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[0], NULL, 0, &pk) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], NULL, 0, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], NULL, 0, &pk) == 1); { /* Test varying message lengths */ @@ -920,21 +920,21 @@ static void test_schnorrsig_sign_verify(void) { for (i = 0; i < sizeof(msg_large); i += 32) { testrand256(&msg_large[i]); } - CHECK(rustsecp256k1_v0_11_schnorrsig_sign_custom(CTX, sig[0], msg_large, msglen, &keypair, NULL) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 1); + CHECK(secp256k1_schnorrsig_sign_custom(CTX, sig[0], msg_large, msglen, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 1); /* Verification for a random wrong message length fails */ msglen = (msglen + (sizeof(msg_large) - 1)) % sizeof(msg_large); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 0); + CHECK(secp256k1_schnorrsig_verify(CTX, sig[0], msg_large, msglen, &pk) == 0); } } #undef N_SIGS static void test_schnorrsig_taproot(void) { unsigned char sk[32]; - rustsecp256k1_v0_11_keypair keypair; - rustsecp256k1_v0_11_xonly_pubkey internal_pk; + secp256k1_keypair keypair; + secp256k1_xonly_pubkey internal_pk; unsigned char internal_pk_bytes[32]; - rustsecp256k1_v0_11_xonly_pubkey output_pk; + secp256k1_xonly_pubkey output_pk; unsigned char output_pk_bytes[32]; unsigned char tweak[32]; int pk_parity; @@ -943,26 +943,26 @@ static void test_schnorrsig_taproot(void) { /* Create output key */ testrand256(sk); - CHECK(rustsecp256k1_v0_11_keypair_create(CTX, &keypair, sk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1); + CHECK(secp256k1_keypair_create(CTX, &keypair, sk) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &internal_pk, NULL, &keypair) == 1); /* In actual taproot the tweak would be hash of internal_pk */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, tweak, &internal_pk) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); - CHECK(rustsecp256k1_v0_11_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, output_pk_bytes, &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, tweak, &internal_pk) == 1); + CHECK(secp256k1_keypair_xonly_tweak_add(CTX, &keypair, tweak) == 1); + CHECK(secp256k1_keypair_xonly_pub(CTX, &output_pk, &pk_parity, &keypair) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, output_pk_bytes, &output_pk) == 1); /* Key spend */ testrand256(msg); - CHECK(rustsecp256k1_v0_11_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1); + CHECK(secp256k1_schnorrsig_sign32(CTX, sig, msg, &keypair, NULL) == 1); /* Verify key spend */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &output_pk, output_pk_bytes) == 1); - CHECK(rustsecp256k1_v0_11_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &output_pk) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &output_pk, output_pk_bytes) == 1); + CHECK(secp256k1_schnorrsig_verify(CTX, sig, msg, sizeof(msg), &output_pk) == 1); /* Script spend */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_serialize(CTX, internal_pk_bytes, &internal_pk) == 1); + CHECK(secp256k1_xonly_pubkey_serialize(CTX, internal_pk_bytes, &internal_pk) == 1); /* Verify script spend */ - CHECK(rustsecp256k1_v0_11_xonly_pubkey_parse(CTX, &internal_pk, internal_pk_bytes) == 1); - CHECK(rustsecp256k1_v0_11_xonly_pubkey_tweak_add_check(CTX, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1); + CHECK(secp256k1_xonly_pubkey_parse(CTX, &internal_pk, internal_pk_bytes) == 1); + CHECK(secp256k1_xonly_pubkey_tweak_add_check(CTX, output_pk_bytes, pk_parity, &internal_pk, tweak) == 1); } static void run_schnorrsig_tests(void) { diff --git a/secp256k1-sys/depend/secp256k1/src/precompute_ecmult.c b/secp256k1-sys/depend/secp256k1/src/precompute_ecmult.c index b4370e2c4..021fe3940 100644 --- a/secp256k1-sys/depend/secp256k1/src/precompute_ecmult.c +++ b/secp256k1-sys/depend/secp256k1/src/precompute_ecmult.c @@ -6,6 +6,7 @@ #include #include +#include #include "../include/secp256k1.h" @@ -18,11 +19,11 @@ #include "ecmult.h" #include "ecmult_compute_table_impl.h" -static void print_table(FILE *fp, const char *name, int window_g, const rustsecp256k1_v0_11_ge_storage* table) { +static void print_table(FILE *fp, const char *name, int window_g, const secp256k1_ge_storage* table) { int j; int i; - fprintf(fp, "const rustsecp256k1_v0_11_ge_storage %s[ECMULT_TABLE_SIZE(WINDOW_G)] = {\n", name); + fprintf(fp, "const secp256k1_ge_storage %s[ECMULT_TABLE_SIZE(WINDOW_G)] = {\n", name); fprintf(fp, " S(%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32 ",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32",%"PRIx32")\n", SECP256K1_GE_STORAGE_CONST_GET(table[0])); @@ -41,13 +42,13 @@ static void print_table(FILE *fp, const char *name, int window_g, const rustsecp } static void print_two_tables(FILE *fp, int window_g) { - rustsecp256k1_v0_11_ge_storage* table = malloc(ECMULT_TABLE_SIZE(window_g) * sizeof(rustsecp256k1_v0_11_ge_storage)); - rustsecp256k1_v0_11_ge_storage* table_128 = malloc(ECMULT_TABLE_SIZE(window_g) * sizeof(rustsecp256k1_v0_11_ge_storage)); + secp256k1_ge_storage* table = malloc(ECMULT_TABLE_SIZE(window_g) * sizeof(secp256k1_ge_storage)); + secp256k1_ge_storage* table_128 = malloc(ECMULT_TABLE_SIZE(window_g) * sizeof(secp256k1_ge_storage)); - rustsecp256k1_v0_11_ecmult_compute_two_tables(table, table_128, window_g, &rustsecp256k1_v0_11_ge_const_g); + secp256k1_ecmult_compute_two_tables(table, table_128, window_g, &secp256k1_ge_const_g); - print_table(fp, "rustsecp256k1_v0_11_pre_g", window_g, table); - print_table(fp, "rustsecp256k1_v0_11_pre_g_128", window_g, table_128); + print_table(fp, "secp256k1_pre_g", window_g, table); + print_table(fp, "secp256k1_pre_g_128", window_g, table_128); free(table); free(table_128); @@ -62,12 +63,12 @@ int main(void) { fp = fopen(outfile, "w"); if (fp == NULL) { fprintf(stderr, "Could not open %s for writing!\n", outfile); - return -1; + return EXIT_FAILURE; } fprintf(fp, "/* This file was automatically generated by precompute_ecmult. */\n"); - fprintf(fp, "/* This file contains an array rustsecp256k1_v0_11_pre_g with odd multiples of the base point G and\n"); - fprintf(fp, " * an array rustsecp256k1_v0_11_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G.\n"); + fprintf(fp, "/* This file contains an array secp256k1_pre_g with odd multiples of the base point G and\n"); + fprintf(fp, " * an array secp256k1_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G.\n"); fprintf(fp, " */\n"); fprintf(fp, "#include \"group.h\"\n"); fprintf(fp, "#include \"ecmult.h\"\n"); @@ -86,5 +87,5 @@ int main(void) { fprintf(fp, "#undef S\n"); fclose(fp); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/src/precompute_ecmult_gen.c b/secp256k1-sys/depend/secp256k1/src/precompute_ecmult_gen.c index 467c61b59..cd0fe70fc 100644 --- a/secp256k1-sys/depend/secp256k1/src/precompute_ecmult_gen.c +++ b/secp256k1-sys/depend/secp256k1/src/precompute_ecmult_gen.c @@ -6,6 +6,7 @@ #include #include +#include #include "../include/secp256k1.h" @@ -29,8 +30,8 @@ static void print_table(FILE* fp, int blocks, int teeth) { int outer; size_t inner; - rustsecp256k1_v0_11_ge_storage* table = checked_malloc(&default_error_callback, blocks * points * sizeof(rustsecp256k1_v0_11_ge_storage)); - rustsecp256k1_v0_11_ecmult_gen_compute_table(table, &rustsecp256k1_v0_11_ge_const_g, blocks, teeth, spacing); + secp256k1_ge_storage* table = checked_malloc(&default_error_callback, blocks * points * sizeof(secp256k1_ge_storage)); + secp256k1_ecmult_gen_compute_table(table, &secp256k1_ge_const_g, blocks, teeth, spacing); fprintf(fp, "#elif (COMB_BLOCKS == %d) && (COMB_TEETH == %d) && (COMB_SPACING == %d)\n", blocks, teeth, spacing); for (outer = 0; outer != blocks; outer++) { @@ -64,7 +65,7 @@ int main(int argc, char **argv) { fp = fopen(outfile, "w"); if (fp == NULL) { fprintf(stderr, "Could not open %s for writing!\n", outfile); - return -1; + return EXIT_FAILURE; } fprintf(fp, "/* This file was automatically generated by precompute_ecmult_gen. */\n"); @@ -77,7 +78,7 @@ int main(int argc, char **argv) { fprintf(fp, "#endif /* EXHAUSTIVE_TEST_ORDER */\n"); fprintf(fp, "#define S(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p) SECP256K1_GE_STORAGE_CONST(0x##a##u,0x##b##u,0x##c##u,0x##d##u,0x##e##u,0x##f##u,0x##g##u,0x##h##u,0x##i##u,0x##j##u,0x##k##u,0x##l##u,0x##m##u,0x##n##u,0x##o##u,0x##p##u)\n"); - fprintf(fp, "const rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_ecmult_gen_prec_table[COMB_BLOCKS][COMB_POINTS] = {\n"); + fprintf(fp, "const secp256k1_ge_storage secp256k1_ecmult_gen_prec_table[COMB_BLOCKS][COMB_POINTS] = {\n"); fprintf(fp, "#if 0\n"); for (config = 0; config < sizeof(CONFIGS) / sizeof(*CONFIGS); ++config) { print_table(fp, CONFIGS[config][0], CONFIGS[config][1]); @@ -96,5 +97,5 @@ int main(int argc, char **argv) { fprintf(fp, "#undef S\n"); fclose(fp); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult.c b/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult.c index 68b7ebffb..cbd030ce5 100644 --- a/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult.c +++ b/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult.c @@ -1,6 +1,6 @@ /* This file was automatically generated by precompute_ecmult. */ -/* This file contains an array rustsecp256k1_v0_11_pre_g with odd multiples of the base point G and - * an array rustsecp256k1_v0_11_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G. +/* This file contains an array secp256k1_pre_g with odd multiples of the base point G and + * an array secp256k1_pre_g_128 with odd multiples of 2^128*G for accelerating the computation of a*P + b*G. */ #include "group.h" #include "ecmult.h" @@ -13,7 +13,7 @@ # error Cannot compile precomputed_ecmult.c in exhaustive test mode #endif /* EXHAUSTIVE_TEST_ORDER */ #define WINDOW_G ECMULT_WINDOW_SIZE -const rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_pre_g[ECMULT_TABLE_SIZE(WINDOW_G)] = { +const secp256k1_ge_storage secp256k1_pre_g[ECMULT_TABLE_SIZE(WINDOW_G)] = { S(79be667e,f9dcbbac,55a06295,ce870b07,29bfcdb,2dce28d9,59f2815b,16f81798,483ada77,26a3c465,5da4fbfc,e1108a8,fd17b448,a6855419,9c47d08f,fb10d4b8) #if WINDOW_G > 2 ,S(f9308a01,9258c310,49344f85,f89d5229,b531c845,836f99b0,8601f113,bce036f9,388f7b0f,632de814,fe337e6,2a37f356,6500a999,34c2231b,6cb9fd75,84b8e672) @@ -8233,7 +8233,7 @@ const rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_pre_g[ECMULT_TABLE_SIZE ,S(1e70619c,381a6adc,e5d925e0,c9c74f97,3c02ff64,ff2662d7,34efc485,d2bce895,c923f771,f543ffed,42935c28,8474aaaf,80a46ad4,3c579ce0,bb5e663d,668b24b3) #endif }; -const rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_pre_g_128[ECMULT_TABLE_SIZE(WINDOW_G)] = { +const secp256k1_ge_storage secp256k1_pre_g_128[ECMULT_TABLE_SIZE(WINDOW_G)] = { S(8f68b9d2,f63b5f33,9239c1ad,981f162e,e88c5678,723ea335,1b7b444c,9ec4c0da,662a9f2d,ba063986,de1d90c2,b6be215d,bbea2cfe,95510bfd,f23cbf79,501fff82) #if WINDOW_G > 2 ,S(38381dbe,2e509f22,8ba93363,f2451f08,fd845cb3,51d954be,18e2b8ed,d23809fa,e4a32d0a,fb917dc,b09405a5,520eb1cc,3681fccb,32d8f24d,bd707518,331fed52) diff --git a/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult.h b/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult.h index 6b6ded95b..e5a85f684 100644 --- a/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult.h +++ b/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult.h @@ -13,6 +13,8 @@ extern "C" { #include "ecmult.h" #include "group.h" +#include "util_local_visibility.h" + #if defined(EXHAUSTIVE_TEST_ORDER) # if EXHAUSTIVE_TEST_ORDER == 7 # define WINDOW_G 3 @@ -23,12 +25,12 @@ extern "C" { # else # error No known generator for the specified exhaustive test group order. # endif -static rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_pre_g[ECMULT_TABLE_SIZE(WINDOW_G)]; -static rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_pre_g_128[ECMULT_TABLE_SIZE(WINDOW_G)]; +static secp256k1_ge_storage secp256k1_pre_g[ECMULT_TABLE_SIZE(WINDOW_G)]; +static secp256k1_ge_storage secp256k1_pre_g_128[ECMULT_TABLE_SIZE(WINDOW_G)]; #else /* !defined(EXHAUSTIVE_TEST_ORDER) */ # define WINDOW_G ECMULT_WINDOW_SIZE -extern const rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_pre_g[ECMULT_TABLE_SIZE(WINDOW_G)]; -extern const rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_pre_g_128[ECMULT_TABLE_SIZE(WINDOW_G)]; +SECP256K1_LOCAL_VAR const secp256k1_ge_storage secp256k1_pre_g[ECMULT_TABLE_SIZE(WINDOW_G)]; +SECP256K1_LOCAL_VAR const secp256k1_ge_storage secp256k1_pre_g_128[ECMULT_TABLE_SIZE(WINDOW_G)]; #endif /* defined(EXHAUSTIVE_TEST_ORDER) */ #ifdef __cplusplus diff --git a/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult_gen.c b/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult_gen.c index 2d8fabc90..248fb077e 100644 --- a/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult_gen.c +++ b/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult_gen.c @@ -7,7 +7,7 @@ # error Cannot compile precomputed_ecmult_gen.c in exhaustive test mode #endif /* EXHAUSTIVE_TEST_ORDER */ #define S(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p) SECP256K1_GE_STORAGE_CONST(0x##a##u,0x##b##u,0x##c##u,0x##d##u,0x##e##u,0x##f##u,0x##g##u,0x##h##u,0x##i##u,0x##j##u,0x##k##u,0x##l##u,0x##m##u,0x##n##u,0x##o##u,0x##p##u) -const rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_ecmult_gen_prec_table[COMB_BLOCKS][COMB_POINTS] = { +const secp256k1_ge_storage secp256k1_ecmult_gen_prec_table[COMB_BLOCKS][COMB_POINTS] = { #if 0 #elif (COMB_BLOCKS == 2) && (COMB_TEETH == 5) && (COMB_SPACING == 26) {S(7081b567,8cb87d01,99c9c76e,d1e0a5e0,1d784be9,27f6b135,161e0fd0,3f39b473,ad5222ac,f062cb39,21b234a7,15b626ae,f780b307,9b5122d1,53210f42,d9369242), diff --git a/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult_gen.h b/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult_gen.h index a548cdce1..00ddce108 100644 --- a/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult_gen.h +++ b/secp256k1-sys/depend/secp256k1/src/precomputed_ecmult_gen.h @@ -13,10 +13,12 @@ extern "C" { #include "group.h" #include "ecmult_gen.h" +#include "util_local_visibility.h" + #ifdef EXHAUSTIVE_TEST_ORDER -static rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_ecmult_gen_prec_table[COMB_BLOCKS][COMB_POINTS]; +static secp256k1_ge_storage secp256k1_ecmult_gen_prec_table[COMB_BLOCKS][COMB_POINTS]; #else -extern const rustsecp256k1_v0_11_ge_storage rustsecp256k1_v0_11_ecmult_gen_prec_table[COMB_BLOCKS][COMB_POINTS]; +SECP256K1_LOCAL_VAR const secp256k1_ge_storage secp256k1_ecmult_gen_prec_table[COMB_BLOCKS][COMB_POINTS]; #endif /* defined(EXHAUSTIVE_TEST_ORDER) */ #ifdef __cplusplus diff --git a/secp256k1-sys/depend/secp256k1/src/scalar.h b/secp256k1-sys/depend/secp256k1/src/scalar.h index a1347d843..70f49b1cf 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar.h @@ -20,86 +20,86 @@ #endif /** Clear a scalar to prevent the leak of sensitive data. */ -static void rustsecp256k1_v0_11_scalar_clear(rustsecp256k1_v0_11_scalar *r); +static void secp256k1_scalar_clear(secp256k1_scalar *r); /** Access bits (1 < count <= 32) from a scalar. All requested bits must belong to the same 32-bit limb. */ -static uint32_t rustsecp256k1_v0_11_scalar_get_bits_limb32(const rustsecp256k1_v0_11_scalar *a, unsigned int offset, unsigned int count); +static uint32_t secp256k1_scalar_get_bits_limb32(const secp256k1_scalar *a, unsigned int offset, unsigned int count); /** Access bits (1 < count <= 32) from a scalar. offset + count must be < 256. Not constant time in offset and count. */ -static uint32_t rustsecp256k1_v0_11_scalar_get_bits_var(const rustsecp256k1_v0_11_scalar *a, unsigned int offset, unsigned int count); +static uint32_t secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count); /** Set a scalar from a big endian byte array. The scalar will be reduced modulo group order `n`. * In: bin: pointer to a 32-byte array. * Out: r: scalar to be set. * overflow: non-zero if the scalar was bigger or equal to `n` before reduction, zero otherwise (can be NULL). */ -static void rustsecp256k1_v0_11_scalar_set_b32(rustsecp256k1_v0_11_scalar *r, const unsigned char *bin, int *overflow); +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow); /** Set a scalar from a big endian byte array and returns 1 if it is a valid * seckey and 0 otherwise. */ -static int rustsecp256k1_v0_11_scalar_set_b32_seckey(rustsecp256k1_v0_11_scalar *r, const unsigned char *bin); +static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin); /** Set a scalar to an unsigned integer. */ -static void rustsecp256k1_v0_11_scalar_set_int(rustsecp256k1_v0_11_scalar *r, unsigned int v); +static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v); /** Convert a scalar to a byte array. */ -static void rustsecp256k1_v0_11_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_11_scalar* a); +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a); /** Add two scalars together (modulo the group order). Returns whether it overflowed. */ -static int rustsecp256k1_v0_11_scalar_add(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b); +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b); /** Conditionally add a power of two to a scalar. The result is not allowed to overflow. */ -static void rustsecp256k1_v0_11_scalar_cadd_bit(rustsecp256k1_v0_11_scalar *r, unsigned int bit, int flag); +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag); /** Multiply two scalars (modulo the group order). */ -static void rustsecp256k1_v0_11_scalar_mul(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b); +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b); /** Compute the inverse of a scalar (modulo the group order). */ -static void rustsecp256k1_v0_11_scalar_inverse(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a); +static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a); /** Compute the inverse of a scalar (modulo the group order), without constant-time guarantee. */ -static void rustsecp256k1_v0_11_scalar_inverse_var(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a); +static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a); /** Compute the complement of a scalar (modulo the group order). */ -static void rustsecp256k1_v0_11_scalar_negate(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a); +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a); /** Multiply a scalar with the multiplicative inverse of 2. */ -static void rustsecp256k1_v0_11_scalar_half(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a); +static void secp256k1_scalar_half(secp256k1_scalar *r, const secp256k1_scalar *a); /** Check whether a scalar equals zero. */ -static int rustsecp256k1_v0_11_scalar_is_zero(const rustsecp256k1_v0_11_scalar *a); +static int secp256k1_scalar_is_zero(const secp256k1_scalar *a); /** Check whether a scalar equals one. */ -static int rustsecp256k1_v0_11_scalar_is_one(const rustsecp256k1_v0_11_scalar *a); +static int secp256k1_scalar_is_one(const secp256k1_scalar *a); /** Check whether a scalar, considered as an nonnegative integer, is even. */ -static int rustsecp256k1_v0_11_scalar_is_even(const rustsecp256k1_v0_11_scalar *a); +static int secp256k1_scalar_is_even(const secp256k1_scalar *a); /** Check whether a scalar is higher than the group order divided by 2. */ -static int rustsecp256k1_v0_11_scalar_is_high(const rustsecp256k1_v0_11_scalar *a); +static int secp256k1_scalar_is_high(const secp256k1_scalar *a); /** Conditionally negate a number, in constant time. * Returns -1 if the number was negated, 1 otherwise */ -static int rustsecp256k1_v0_11_scalar_cond_negate(rustsecp256k1_v0_11_scalar *a, int flag); +static int secp256k1_scalar_cond_negate(secp256k1_scalar *a, int flag); /** Compare two scalars. */ -static int rustsecp256k1_v0_11_scalar_eq(const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b); +static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b); /** Find r1 and r2 such that r1+r2*2^128 = k. */ -static void rustsecp256k1_v0_11_scalar_split_128(rustsecp256k1_v0_11_scalar *r1, rustsecp256k1_v0_11_scalar *r2, const rustsecp256k1_v0_11_scalar *k); +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k); /** Find r1 and r2 such that r1+r2*lambda = k, where r1 and r2 or their - * negations are maximum 128 bits long (see rustsecp256k1_v0_11_ge_mul_lambda). It is + * negations are maximum 128 bits long (see secp256k1_ge_mul_lambda). It is * required that r1, r2, and k all point to different objects. */ -static void rustsecp256k1_v0_11_scalar_split_lambda(rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT r1, rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT r2, const rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT k); +static void secp256k1_scalar_split_lambda(secp256k1_scalar * SECP256K1_RESTRICT r1, secp256k1_scalar * SECP256K1_RESTRICT r2, const secp256k1_scalar * SECP256K1_RESTRICT k); /** Multiply a and b (without taking the modulus!), divide by 2**shift, and round to the nearest integer. Shift must be at least 256. */ -static void rustsecp256k1_v0_11_scalar_mul_shift_var(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b, unsigned int shift); +static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift); /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized.*/ -static void rustsecp256k1_v0_11_scalar_cmov(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, int flag); +static void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag); /** Check invariants on a scalar (no-op unless VERIFY is enabled). */ -static void rustsecp256k1_v0_11_scalar_verify(const rustsecp256k1_v0_11_scalar *r); -#define SECP256K1_SCALAR_VERIFY(r) rustsecp256k1_v0_11_scalar_verify(r) +static void secp256k1_scalar_verify(const secp256k1_scalar *r); +#define SECP256K1_SCALAR_VERIFY(r) secp256k1_scalar_verify(r) #endif /* SECP256K1_SCALAR_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_4x64.h b/secp256k1-sys/depend/secp256k1/src/scalar_4x64.h index 5be54acd0..700964291 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_4x64.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_4x64.h @@ -12,7 +12,7 @@ /** A scalar modulo the group order of the secp256k1 curve. */ typedef struct { uint64_t d[4]; -} rustsecp256k1_v0_11_scalar; +} secp256k1_scalar; #define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{((uint64_t)(d1)) << 32 | (d0), ((uint64_t)(d3)) << 32 | (d2), ((uint64_t)(d5)) << 32 | (d4), ((uint64_t)(d7)) << 32 | (d6)}} diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_4x64_impl.h b/secp256k1-sys/depend/secp256k1/src/scalar_4x64_impl.h index 4a147c6ae..807b9b70a 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_4x64_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_4x64_impl.h @@ -29,7 +29,7 @@ #define SECP256K1_N_H_2 ((uint64_t)0xFFFFFFFFFFFFFFFFULL) #define SECP256K1_N_H_3 ((uint64_t)0x7FFFFFFFFFFFFFFFULL) -SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_set_int(rustsecp256k1_v0_11_scalar *r, unsigned int v) { +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { r->d[0] = v; r->d[1] = 0; r->d[2] = 0; @@ -38,7 +38,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_set_int(rustsecp256k1_v0 SECP256K1_SCALAR_VERIFY(r); } -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_limb32(const rustsecp256k1_v0_11_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static uint32_t secp256k1_scalar_get_bits_limb32(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { SECP256K1_SCALAR_VERIFY(a); VERIFY_CHECK(count > 0 && count <= 32); VERIFY_CHECK((offset + count - 1) >> 6 == offset >> 6); @@ -46,20 +46,20 @@ SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_limb32(cons return (a->d[offset >> 6] >> (offset & 0x3F)) & (0xFFFFFFFF >> (32 - count)); } -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_var(const rustsecp256k1_v0_11_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static uint32_t secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { SECP256K1_SCALAR_VERIFY(a); VERIFY_CHECK(count > 0 && count <= 32); VERIFY_CHECK(offset + count <= 256); if ((offset + count - 1) >> 6 == offset >> 6) { - return rustsecp256k1_v0_11_scalar_get_bits_limb32(a, offset, count); + return secp256k1_scalar_get_bits_limb32(a, offset, count); } else { VERIFY_CHECK((offset >> 6) + 1 < 4); return ((a->d[offset >> 6] >> (offset & 0x3F)) | (a->d[(offset >> 6) + 1] << (64 - (offset & 0x3F)))) & (0xFFFFFFFF >> (32 - count)); } } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_check_overflow(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { int yes = 0; int no = 0; no |= (a->d[3] < SECP256K1_N_3); /* No need for a > check. */ @@ -71,83 +71,83 @@ SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_check_overflow(const rust return yes; } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_reduce(rustsecp256k1_v0_11_scalar *r, unsigned int overflow) { - rustsecp256k1_v0_11_uint128 t; +SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, unsigned int overflow) { + secp256k1_uint128 t; VERIFY_CHECK(overflow <= 1); - rustsecp256k1_v0_11_u128_from_u64(&t, r->d[0]); - rustsecp256k1_v0_11_u128_accum_u64(&t, overflow * SECP256K1_N_C_0); - r->d[0] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[1]); - rustsecp256k1_v0_11_u128_accum_u64(&t, overflow * SECP256K1_N_C_1); - r->d[1] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[2]); - rustsecp256k1_v0_11_u128_accum_u64(&t, overflow * SECP256K1_N_C_2); - r->d[2] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[3]); - r->d[3] = rustsecp256k1_v0_11_u128_to_u64(&t); + secp256k1_u128_from_u64(&t, r->d[0]); + secp256k1_u128_accum_u64(&t, overflow * SECP256K1_N_C_0); + r->d[0] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[1]); + secp256k1_u128_accum_u64(&t, overflow * SECP256K1_N_C_1); + r->d[1] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[2]); + secp256k1_u128_accum_u64(&t, overflow * SECP256K1_N_C_2); + r->d[2] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[3]); + r->d[3] = secp256k1_u128_to_u64(&t); SECP256K1_SCALAR_VERIFY(r); return overflow; } -static int rustsecp256k1_v0_11_scalar_add(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { int overflow; - rustsecp256k1_v0_11_uint128 t; + secp256k1_uint128 t; SECP256K1_SCALAR_VERIFY(a); SECP256K1_SCALAR_VERIFY(b); - rustsecp256k1_v0_11_u128_from_u64(&t, a->d[0]); - rustsecp256k1_v0_11_u128_accum_u64(&t, b->d[0]); - r->d[0] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, a->d[1]); - rustsecp256k1_v0_11_u128_accum_u64(&t, b->d[1]); - r->d[1] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, a->d[2]); - rustsecp256k1_v0_11_u128_accum_u64(&t, b->d[2]); - r->d[2] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, a->d[3]); - rustsecp256k1_v0_11_u128_accum_u64(&t, b->d[3]); - r->d[3] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - overflow = rustsecp256k1_v0_11_u128_to_u64(&t) + rustsecp256k1_v0_11_scalar_check_overflow(r); + secp256k1_u128_from_u64(&t, a->d[0]); + secp256k1_u128_accum_u64(&t, b->d[0]); + r->d[0] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, a->d[1]); + secp256k1_u128_accum_u64(&t, b->d[1]); + r->d[1] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, a->d[2]); + secp256k1_u128_accum_u64(&t, b->d[2]); + r->d[2] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, a->d[3]); + secp256k1_u128_accum_u64(&t, b->d[3]); + r->d[3] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + overflow = secp256k1_u128_to_u64(&t) + secp256k1_scalar_check_overflow(r); VERIFY_CHECK(overflow == 0 || overflow == 1); - rustsecp256k1_v0_11_scalar_reduce(r, overflow); + secp256k1_scalar_reduce(r, overflow); SECP256K1_SCALAR_VERIFY(r); return overflow; } -static void rustsecp256k1_v0_11_scalar_cadd_bit(rustsecp256k1_v0_11_scalar *r, unsigned int bit, int flag) { - rustsecp256k1_v0_11_uint128 t; +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { + secp256k1_uint128 t; volatile int vflag = flag; SECP256K1_SCALAR_VERIFY(r); VERIFY_CHECK(bit < 256); bit += ((uint32_t) vflag - 1) & 0x100; /* forcing (bit >> 6) > 3 makes this a noop */ - rustsecp256k1_v0_11_u128_from_u64(&t, r->d[0]); - rustsecp256k1_v0_11_u128_accum_u64(&t, ((uint64_t)((bit >> 6) == 0)) << (bit & 0x3F)); - r->d[0] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[1]); - rustsecp256k1_v0_11_u128_accum_u64(&t, ((uint64_t)((bit >> 6) == 1)) << (bit & 0x3F)); - r->d[1] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[2]); - rustsecp256k1_v0_11_u128_accum_u64(&t, ((uint64_t)((bit >> 6) == 2)) << (bit & 0x3F)); - r->d[2] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[3]); - rustsecp256k1_v0_11_u128_accum_u64(&t, ((uint64_t)((bit >> 6) == 3)) << (bit & 0x3F)); - r->d[3] = rustsecp256k1_v0_11_u128_to_u64(&t); + secp256k1_u128_from_u64(&t, r->d[0]); + secp256k1_u128_accum_u64(&t, ((uint64_t)((bit >> 6) == 0)) << (bit & 0x3F)); + r->d[0] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[1]); + secp256k1_u128_accum_u64(&t, ((uint64_t)((bit >> 6) == 1)) << (bit & 0x3F)); + r->d[1] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[2]); + secp256k1_u128_accum_u64(&t, ((uint64_t)((bit >> 6) == 2)) << (bit & 0x3F)); + r->d[2] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[3]); + secp256k1_u128_accum_u64(&t, ((uint64_t)((bit >> 6) == 3)) << (bit & 0x3F)); + r->d[3] = secp256k1_u128_to_u64(&t); SECP256K1_SCALAR_VERIFY(r); - VERIFY_CHECK(rustsecp256k1_v0_11_u128_hi_u64(&t) == 0); + VERIFY_CHECK(secp256k1_u128_hi_u64(&t) == 0); } -static void rustsecp256k1_v0_11_scalar_set_b32(rustsecp256k1_v0_11_scalar *r, const unsigned char *b32, int *overflow) { +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { int over; - r->d[0] = rustsecp256k1_v0_11_read_be64(&b32[24]); - r->d[1] = rustsecp256k1_v0_11_read_be64(&b32[16]); - r->d[2] = rustsecp256k1_v0_11_read_be64(&b32[8]); - r->d[3] = rustsecp256k1_v0_11_read_be64(&b32[0]); - over = rustsecp256k1_v0_11_scalar_reduce(r, rustsecp256k1_v0_11_scalar_check_overflow(r)); + r->d[0] = secp256k1_read_be64(&b32[24]); + r->d[1] = secp256k1_read_be64(&b32[16]); + r->d[2] = secp256k1_read_be64(&b32[8]); + r->d[3] = secp256k1_read_be64(&b32[0]); + over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r)); if (overflow) { *overflow = over; } @@ -155,43 +155,43 @@ static void rustsecp256k1_v0_11_scalar_set_b32(rustsecp256k1_v0_11_scalar *r, co SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_11_scalar* a) { +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { SECP256K1_SCALAR_VERIFY(a); - rustsecp256k1_v0_11_write_be64(&bin[0], a->d[3]); - rustsecp256k1_v0_11_write_be64(&bin[8], a->d[2]); - rustsecp256k1_v0_11_write_be64(&bin[16], a->d[1]); - rustsecp256k1_v0_11_write_be64(&bin[24], a->d[0]); + secp256k1_write_be64(&bin[0], a->d[3]); + secp256k1_write_be64(&bin[8], a->d[2]); + secp256k1_write_be64(&bin[16], a->d[1]); + secp256k1_write_be64(&bin[24], a->d[0]); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_zero(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return (a->d[0] | a->d[1] | a->d[2] | a->d[3]) == 0; } -static void rustsecp256k1_v0_11_scalar_negate(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a) { - uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (rustsecp256k1_v0_11_scalar_is_zero(a) == 0); - rustsecp256k1_v0_11_uint128 t; +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint64_t nonzero = 0xFFFFFFFFFFFFFFFFULL * (secp256k1_scalar_is_zero(a) == 0); + secp256k1_uint128 t; SECP256K1_SCALAR_VERIFY(a); - rustsecp256k1_v0_11_u128_from_u64(&t, ~a->d[0]); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_0 + 1); - r->d[0] = rustsecp256k1_v0_11_u128_to_u64(&t) & nonzero; rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, ~a->d[1]); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_1); - r->d[1] = rustsecp256k1_v0_11_u128_to_u64(&t) & nonzero; rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, ~a->d[2]); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_2); - r->d[2] = rustsecp256k1_v0_11_u128_to_u64(&t) & nonzero; rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, ~a->d[3]); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_3); - r->d[3] = rustsecp256k1_v0_11_u128_to_u64(&t) & nonzero; + secp256k1_u128_from_u64(&t, ~a->d[0]); + secp256k1_u128_accum_u64(&t, SECP256K1_N_0 + 1); + r->d[0] = secp256k1_u128_to_u64(&t) & nonzero; secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, ~a->d[1]); + secp256k1_u128_accum_u64(&t, SECP256K1_N_1); + r->d[1] = secp256k1_u128_to_u64(&t) & nonzero; secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, ~a->d[2]); + secp256k1_u128_accum_u64(&t, SECP256K1_N_2); + r->d[2] = secp256k1_u128_to_u64(&t) & nonzero; secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, ~a->d[3]); + secp256k1_u128_accum_u64(&t, SECP256K1_N_3); + r->d[3] = secp256k1_u128_to_u64(&t) & nonzero; SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_half(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a) { +static void secp256k1_scalar_half(secp256k1_scalar *r, const secp256k1_scalar *a) { /* Writing `/` for field division and `//` for integer division, we compute * * a/2 = (a - (a&1))/2 + (a&1)/2 @@ -207,38 +207,38 @@ static void rustsecp256k1_v0_11_scalar_half(rustsecp256k1_v0_11_scalar *r, const * Together they sum to (n-3)//2 + (n+1)//2 = (2n-2)//2 = n - 1, which is less than n. */ uint64_t mask = -(uint64_t)(a->d[0] & 1U); - rustsecp256k1_v0_11_uint128 t; + secp256k1_uint128 t; SECP256K1_SCALAR_VERIFY(a); - rustsecp256k1_v0_11_u128_from_u64(&t, (a->d[0] >> 1) | (a->d[1] << 63)); - rustsecp256k1_v0_11_u128_accum_u64(&t, (SECP256K1_N_H_0 + 1U) & mask); - r->d[0] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, (a->d[1] >> 1) | (a->d[2] << 63)); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_H_1 & mask); - r->d[1] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, (a->d[2] >> 1) | (a->d[3] << 63)); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_H_2 & mask); - r->d[2] = rustsecp256k1_v0_11_u128_to_u64(&t); rustsecp256k1_v0_11_u128_rshift(&t, 64); - r->d[3] = rustsecp256k1_v0_11_u128_to_u64(&t) + (a->d[3] >> 1) + (SECP256K1_N_H_3 & mask); + secp256k1_u128_from_u64(&t, (a->d[0] >> 1) | (a->d[1] << 63)); + secp256k1_u128_accum_u64(&t, (SECP256K1_N_H_0 + 1U) & mask); + r->d[0] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, (a->d[1] >> 1) | (a->d[2] << 63)); + secp256k1_u128_accum_u64(&t, SECP256K1_N_H_1 & mask); + r->d[1] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, (a->d[2] >> 1) | (a->d[3] << 63)); + secp256k1_u128_accum_u64(&t, SECP256K1_N_H_2 & mask); + r->d[2] = secp256k1_u128_to_u64(&t); secp256k1_u128_rshift(&t, 64); + r->d[3] = secp256k1_u128_to_u64(&t) + (a->d[3] >> 1) + (SECP256K1_N_H_3 & mask); #ifdef VERIFY /* The line above only computed the bottom 64 bits of r->d[3]; redo the computation * in full 128 bits to make sure the top 64 bits are indeed zero. */ - rustsecp256k1_v0_11_u128_accum_u64(&t, a->d[3] >> 1); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_H_3 & mask); - rustsecp256k1_v0_11_u128_rshift(&t, 64); - VERIFY_CHECK(rustsecp256k1_v0_11_u128_to_u64(&t) == 0); + secp256k1_u128_accum_u64(&t, a->d[3] >> 1); + secp256k1_u128_accum_u64(&t, SECP256K1_N_H_3 & mask); + secp256k1_u128_rshift(&t, 64); + VERIFY_CHECK(secp256k1_u128_to_u64(&t) == 0); SECP256K1_SCALAR_VERIFY(r); #endif } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_one(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3]) == 0; } -static int rustsecp256k1_v0_11_scalar_is_high(const rustsecp256k1_v0_11_scalar *a) { +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { int yes = 0; int no = 0; SECP256K1_SCALAR_VERIFY(a); @@ -252,27 +252,27 @@ static int rustsecp256k1_v0_11_scalar_is_high(const rustsecp256k1_v0_11_scalar * return yes; } -static int rustsecp256k1_v0_11_scalar_cond_negate(rustsecp256k1_v0_11_scalar *r, int flag) { +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { /* If we are flag = 0, mask = 00...00 and this is a no-op; - * if we are flag = 1, mask = 11...11 and this is identical to rustsecp256k1_v0_11_scalar_negate */ + * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ volatile int vflag = flag; uint64_t mask = -vflag; - uint64_t nonzero = (rustsecp256k1_v0_11_scalar_is_zero(r) != 0) - 1; - rustsecp256k1_v0_11_uint128 t; + uint64_t nonzero = (secp256k1_scalar_is_zero(r) != 0) - 1; + secp256k1_uint128 t; SECP256K1_SCALAR_VERIFY(r); - rustsecp256k1_v0_11_u128_from_u64(&t, r->d[0] ^ mask); - rustsecp256k1_v0_11_u128_accum_u64(&t, (SECP256K1_N_0 + 1) & mask); - r->d[0] = rustsecp256k1_v0_11_u128_to_u64(&t) & nonzero; rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[1] ^ mask); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_1 & mask); - r->d[1] = rustsecp256k1_v0_11_u128_to_u64(&t) & nonzero; rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[2] ^ mask); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_2 & mask); - r->d[2] = rustsecp256k1_v0_11_u128_to_u64(&t) & nonzero; rustsecp256k1_v0_11_u128_rshift(&t, 64); - rustsecp256k1_v0_11_u128_accum_u64(&t, r->d[3] ^ mask); - rustsecp256k1_v0_11_u128_accum_u64(&t, SECP256K1_N_3 & mask); - r->d[3] = rustsecp256k1_v0_11_u128_to_u64(&t) & nonzero; + secp256k1_u128_from_u64(&t, r->d[0] ^ mask); + secp256k1_u128_accum_u64(&t, (SECP256K1_N_0 + 1) & mask); + r->d[0] = secp256k1_u128_to_u64(&t) & nonzero; secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[1] ^ mask); + secp256k1_u128_accum_u64(&t, SECP256K1_N_1 & mask); + r->d[1] = secp256k1_u128_to_u64(&t) & nonzero; secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[2] ^ mask); + secp256k1_u128_accum_u64(&t, SECP256K1_N_2 & mask); + r->d[2] = secp256k1_u128_to_u64(&t) & nonzero; secp256k1_u128_rshift(&t, 64); + secp256k1_u128_accum_u64(&t, r->d[3] ^ mask); + secp256k1_u128_accum_u64(&t, SECP256K1_N_3 & mask); + r->d[3] = secp256k1_u128_to_u64(&t) & nonzero; SECP256K1_SCALAR_VERIFY(r); return 2 * (mask == 0) - 1; @@ -284,10 +284,10 @@ static int rustsecp256k1_v0_11_scalar_cond_negate(rustsecp256k1_v0_11_scalar *r, #define muladd(a,b) { \ uint64_t tl, th; \ { \ - rustsecp256k1_v0_11_uint128 t; \ - rustsecp256k1_v0_11_u128_mul(&t, a, b); \ - th = rustsecp256k1_v0_11_u128_hi_u64(&t); /* at most 0xFFFFFFFFFFFFFFFE */ \ - tl = rustsecp256k1_v0_11_u128_to_u64(&t); \ + secp256k1_uint128 t; \ + secp256k1_u128_mul(&t, a, b); \ + th = secp256k1_u128_hi_u64(&t); /* at most 0xFFFFFFFFFFFFFFFE */ \ + tl = secp256k1_u128_to_u64(&t); \ } \ c0 += tl; /* overflow is handled on the next line */ \ th += (c0 < tl); /* at most 0xFFFFFFFFFFFFFFFF */ \ @@ -300,10 +300,10 @@ static int rustsecp256k1_v0_11_scalar_cond_negate(rustsecp256k1_v0_11_scalar *r, #define muladd_fast(a,b) { \ uint64_t tl, th; \ { \ - rustsecp256k1_v0_11_uint128 t; \ - rustsecp256k1_v0_11_u128_mul(&t, a, b); \ - th = rustsecp256k1_v0_11_u128_hi_u64(&t); /* at most 0xFFFFFFFFFFFFFFFE */ \ - tl = rustsecp256k1_v0_11_u128_to_u64(&t); \ + secp256k1_uint128 t; \ + secp256k1_u128_mul(&t, a, b); \ + th = secp256k1_u128_hi_u64(&t); /* at most 0xFFFFFFFFFFFFFFFE */ \ + tl = secp256k1_u128_to_u64(&t); \ } \ c0 += tl; /* overflow is handled on the next line */ \ th += (c0 < tl); /* at most 0xFFFFFFFFFFFFFFFF */ \ @@ -344,7 +344,7 @@ static int rustsecp256k1_v0_11_scalar_cond_negate(rustsecp256k1_v0_11_scalar *r, VERIFY_CHECK(c2 == 0); \ } -static void rustsecp256k1_v0_11_scalar_reduce_512(rustsecp256k1_v0_11_scalar *r, const uint64_t *l) { +static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint64_t *l) { #ifdef USE_ASM_X86_64 /* Reduce 512 bits into 385. */ uint64_t m0, m1, m2, m3, m4, m5, m6; @@ -599,7 +599,7 @@ static void rustsecp256k1_v0_11_scalar_reduce_512(rustsecp256k1_v0_11_scalar *r, SECP256K1_CHECKMEM_MSAN_DEFINE(&c, sizeof(c)); #else - rustsecp256k1_v0_11_uint128 c128; + secp256k1_uint128 c128; uint64_t c, c0, c1, c2; uint64_t n0 = l[4], n1 = l[5], n2 = l[6], n3 = l[7]; uint64_t m0, m1, m2, m3, m4, m5; @@ -657,25 +657,25 @@ static void rustsecp256k1_v0_11_scalar_reduce_512(rustsecp256k1_v0_11_scalar *r, /* Reduce 258 bits into 256. */ /* r[0..3] = p[0..3] + p[4] * SECP256K1_N_C. */ - rustsecp256k1_v0_11_u128_from_u64(&c128, p0); - rustsecp256k1_v0_11_u128_accum_mul(&c128, SECP256K1_N_C_0, p4); - r->d[0] = rustsecp256k1_v0_11_u128_to_u64(&c128); rustsecp256k1_v0_11_u128_rshift(&c128, 64); - rustsecp256k1_v0_11_u128_accum_u64(&c128, p1); - rustsecp256k1_v0_11_u128_accum_mul(&c128, SECP256K1_N_C_1, p4); - r->d[1] = rustsecp256k1_v0_11_u128_to_u64(&c128); rustsecp256k1_v0_11_u128_rshift(&c128, 64); - rustsecp256k1_v0_11_u128_accum_u64(&c128, p2); - rustsecp256k1_v0_11_u128_accum_u64(&c128, p4); - r->d[2] = rustsecp256k1_v0_11_u128_to_u64(&c128); rustsecp256k1_v0_11_u128_rshift(&c128, 64); - rustsecp256k1_v0_11_u128_accum_u64(&c128, p3); - r->d[3] = rustsecp256k1_v0_11_u128_to_u64(&c128); - c = rustsecp256k1_v0_11_u128_hi_u64(&c128); + secp256k1_u128_from_u64(&c128, p0); + secp256k1_u128_accum_mul(&c128, SECP256K1_N_C_0, p4); + r->d[0] = secp256k1_u128_to_u64(&c128); secp256k1_u128_rshift(&c128, 64); + secp256k1_u128_accum_u64(&c128, p1); + secp256k1_u128_accum_mul(&c128, SECP256K1_N_C_1, p4); + r->d[1] = secp256k1_u128_to_u64(&c128); secp256k1_u128_rshift(&c128, 64); + secp256k1_u128_accum_u64(&c128, p2); + secp256k1_u128_accum_u64(&c128, p4); + r->d[2] = secp256k1_u128_to_u64(&c128); secp256k1_u128_rshift(&c128, 64); + secp256k1_u128_accum_u64(&c128, p3); + r->d[3] = secp256k1_u128_to_u64(&c128); + c = secp256k1_u128_hi_u64(&c128); #endif /* Final reduction of r. */ - rustsecp256k1_v0_11_scalar_reduce(r, c + rustsecp256k1_v0_11_scalar_check_overflow(r)); + secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); } -static void rustsecp256k1_v0_11_scalar_mul_512(uint64_t *l8, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +static void secp256k1_scalar_mul_512(uint64_t *l8, const secp256k1_scalar *a, const secp256k1_scalar *b) { #ifdef USE_ASM_X86_64 const uint64_t *pb = b->d; __asm__ __volatile__( @@ -852,18 +852,18 @@ static void rustsecp256k1_v0_11_scalar_mul_512(uint64_t *l8, const rustsecp256k1 #undef extract #undef extract_fast -static void rustsecp256k1_v0_11_scalar_mul(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { uint64_t l[8]; SECP256K1_SCALAR_VERIFY(a); SECP256K1_SCALAR_VERIFY(b); - rustsecp256k1_v0_11_scalar_mul_512(l, a, b); - rustsecp256k1_v0_11_scalar_reduce_512(r, l); + secp256k1_scalar_mul_512(l, a, b); + secp256k1_scalar_reduce_512(r, l); SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_split_128(rustsecp256k1_v0_11_scalar *r1, rustsecp256k1_v0_11_scalar *r2, const rustsecp256k1_v0_11_scalar *k) { +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k) { SECP256K1_SCALAR_VERIFY(k); r1->d[0] = k->d[0]; @@ -879,14 +879,14 @@ static void rustsecp256k1_v0_11_scalar_split_128(rustsecp256k1_v0_11_scalar *r1, SECP256K1_SCALAR_VERIFY(r2); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_eq(const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { SECP256K1_SCALAR_VERIFY(a); SECP256K1_SCALAR_VERIFY(b); return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3])) == 0; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_mul_shift_var(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b, unsigned int shift) { +SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift) { uint64_t l[8]; unsigned int shiftlimbs; unsigned int shiftlow; @@ -895,7 +895,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_mul_shift_var(rustsecp25 SECP256K1_SCALAR_VERIFY(b); VERIFY_CHECK(shift >= 256); - rustsecp256k1_v0_11_scalar_mul_512(l, a, b); + secp256k1_scalar_mul_512(l, a, b); shiftlimbs = shift >> 6; shiftlow = shift & 0x3F; shifthigh = 64 - shiftlow; @@ -903,12 +903,12 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_mul_shift_var(rustsecp25 r->d[1] = shift < 448 ? (l[1 + shiftlimbs] >> shiftlow | (shift < 384 && shiftlow ? (l[2 + shiftlimbs] << shifthigh) : 0)) : 0; r->d[2] = shift < 384 ? (l[2 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[3 + shiftlimbs] << shifthigh) : 0)) : 0; r->d[3] = shift < 320 ? (l[3 + shiftlimbs] >> shiftlow) : 0; - rustsecp256k1_v0_11_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 6] >> ((shift - 1) & 0x3f)) & 1); + secp256k1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 6] >> ((shift - 1) & 0x3f)) & 1); SECP256K1_SCALAR_VERIFY(r); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_scalar_cmov(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, int flag) { +static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag) { uint64_t mask0, mask1; volatile int vflag = flag; SECP256K1_SCALAR_VERIFY(a); @@ -924,10 +924,10 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_scalar_cmov(rustsecp256k1_v0_11 SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_from_signed62(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_modinv64_signed62 *a) { +static void secp256k1_scalar_from_signed62(secp256k1_scalar *r, const secp256k1_modinv64_signed62 *a) { const uint64_t a0 = a->v[0], a1 = a->v[1], a2 = a->v[2], a3 = a->v[3], a4 = a->v[4]; - /* The output from rustsecp256k1_v0_11_modinv64{_var} should be normalized to range [0,modulus), and + /* The output from secp256k1_modinv64{_var} should be normalized to range [0,modulus), and * have limbs in [0,2^62). The modulus is < 2^256, so the top limb must be below 2^(256-62*4). */ VERIFY_CHECK(a0 >> 62 == 0); @@ -944,7 +944,7 @@ static void rustsecp256k1_v0_11_scalar_from_signed62(rustsecp256k1_v0_11_scalar SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_to_signed62(rustsecp256k1_v0_11_modinv64_signed62 *r, const rustsecp256k1_v0_11_scalar *a) { +static void secp256k1_scalar_to_signed62(secp256k1_modinv64_signed62 *r, const secp256k1_scalar *a) { const uint64_t M62 = UINT64_MAX >> 2; const uint64_t a0 = a->d[0], a1 = a->d[1], a2 = a->d[2], a3 = a->d[3]; SECP256K1_SCALAR_VERIFY(a); @@ -956,42 +956,42 @@ static void rustsecp256k1_v0_11_scalar_to_signed62(rustsecp256k1_v0_11_modinv64_ r->v[4] = a3 >> 56; } -static const rustsecp256k1_v0_11_modinv64_modinfo rustsecp256k1_v0_11_const_modinfo_scalar = { +static const secp256k1_modinv64_modinfo secp256k1_const_modinfo_scalar = { {{0x3FD25E8CD0364141LL, 0x2ABB739ABD2280EELL, -0x15LL, 0, 256}}, 0x34F20099AA774EC1LL }; -static void rustsecp256k1_v0_11_scalar_inverse(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *x) { - rustsecp256k1_v0_11_modinv64_signed62 s; +static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x) { + secp256k1_modinv64_signed62 s; #ifdef VERIFY - int zero_in = rustsecp256k1_v0_11_scalar_is_zero(x); + int zero_in = secp256k1_scalar_is_zero(x); #endif SECP256K1_SCALAR_VERIFY(x); - rustsecp256k1_v0_11_scalar_to_signed62(&s, x); - rustsecp256k1_v0_11_modinv64(&s, &rustsecp256k1_v0_11_const_modinfo_scalar); - rustsecp256k1_v0_11_scalar_from_signed62(r, &s); + secp256k1_scalar_to_signed62(&s, x); + secp256k1_modinv64(&s, &secp256k1_const_modinfo_scalar); + secp256k1_scalar_from_signed62(r, &s); SECP256K1_SCALAR_VERIFY(r); - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_is_zero(r) == zero_in); + VERIFY_CHECK(secp256k1_scalar_is_zero(r) == zero_in); } -static void rustsecp256k1_v0_11_scalar_inverse_var(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *x) { - rustsecp256k1_v0_11_modinv64_signed62 s; +static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x) { + secp256k1_modinv64_signed62 s; #ifdef VERIFY - int zero_in = rustsecp256k1_v0_11_scalar_is_zero(x); + int zero_in = secp256k1_scalar_is_zero(x); #endif SECP256K1_SCALAR_VERIFY(x); - rustsecp256k1_v0_11_scalar_to_signed62(&s, x); - rustsecp256k1_v0_11_modinv64_var(&s, &rustsecp256k1_v0_11_const_modinfo_scalar); - rustsecp256k1_v0_11_scalar_from_signed62(r, &s); + secp256k1_scalar_to_signed62(&s, x); + secp256k1_modinv64_var(&s, &secp256k1_const_modinfo_scalar); + secp256k1_scalar_from_signed62(r, &s); SECP256K1_SCALAR_VERIFY(r); - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_is_zero(r) == zero_in); + VERIFY_CHECK(secp256k1_scalar_is_zero(r) == zero_in); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_even(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return !(a->d[0] & 1); diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_8x32.h b/secp256k1-sys/depend/secp256k1/src/scalar_8x32.h index 8946c40cf..17863ef93 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_8x32.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_8x32.h @@ -12,7 +12,7 @@ /** A scalar modulo the group order of the secp256k1 curve. */ typedef struct { uint32_t d[8]; -} rustsecp256k1_v0_11_scalar; +} secp256k1_scalar; #define SECP256K1_SCALAR_CONST(d7, d6, d5, d4, d3, d2, d1, d0) {{(d0), (d1), (d2), (d3), (d4), (d5), (d6), (d7)}} diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_8x32_impl.h b/secp256k1-sys/depend/secp256k1/src/scalar_8x32_impl.h index ccb4b22b2..261049605 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_8x32_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_8x32_impl.h @@ -38,7 +38,7 @@ #define SECP256K1_N_H_6 ((uint32_t)0xFFFFFFFFUL) #define SECP256K1_N_H_7 ((uint32_t)0x7FFFFFFFUL) -SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_set_int(rustsecp256k1_v0_11_scalar *r, unsigned int v) { +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { r->d[0] = v; r->d[1] = 0; r->d[2] = 0; @@ -51,7 +51,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_set_int(rustsecp256k1_v0 SECP256K1_SCALAR_VERIFY(r); } -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_limb32(const rustsecp256k1_v0_11_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static uint32_t secp256k1_scalar_get_bits_limb32(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { SECP256K1_SCALAR_VERIFY(a); VERIFY_CHECK(count > 0 && count <= 32); VERIFY_CHECK((offset + count - 1) >> 5 == offset >> 5); @@ -59,20 +59,20 @@ SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_limb32(cons return (a->d[offset >> 5] >> (offset & 0x1F)) & (0xFFFFFFFF >> (32 - count)); } -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_var(const rustsecp256k1_v0_11_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static uint32_t secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { SECP256K1_SCALAR_VERIFY(a); VERIFY_CHECK(count > 0 && count <= 32); VERIFY_CHECK(offset + count <= 256); if ((offset + count - 1) >> 5 == offset >> 5) { - return rustsecp256k1_v0_11_scalar_get_bits_limb32(a, offset, count); + return secp256k1_scalar_get_bits_limb32(a, offset, count); } else { VERIFY_CHECK((offset >> 5) + 1 < 8); return ((a->d[offset >> 5] >> (offset & 0x1F)) | (a->d[(offset >> 5) + 1] << (32 - (offset & 0x1F)))) & (0xFFFFFFFF >> (32 - count)); } } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_check_overflow(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { int yes = 0; int no = 0; no |= (a->d[7] < SECP256K1_N_7); /* No need for a > check. */ @@ -90,7 +90,7 @@ SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_check_overflow(const rust return yes; } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_reduce(rustsecp256k1_v0_11_scalar *r, uint32_t overflow) { +SECP256K1_INLINE static int secp256k1_scalar_reduce(secp256k1_scalar *r, uint32_t overflow) { uint64_t t; VERIFY_CHECK(overflow <= 1); @@ -115,7 +115,7 @@ SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_reduce(rustsecp256k1_v0_1 return overflow; } -static int rustsecp256k1_v0_11_scalar_add(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { int overflow; uint64_t t = (uint64_t)a->d[0] + b->d[0]; SECP256K1_SCALAR_VERIFY(a); @@ -136,15 +136,15 @@ static int rustsecp256k1_v0_11_scalar_add(rustsecp256k1_v0_11_scalar *r, const r r->d[6] = t & 0xFFFFFFFFULL; t >>= 32; t += (uint64_t)a->d[7] + b->d[7]; r->d[7] = t & 0xFFFFFFFFULL; t >>= 32; - overflow = t + rustsecp256k1_v0_11_scalar_check_overflow(r); + overflow = t + secp256k1_scalar_check_overflow(r); VERIFY_CHECK(overflow == 0 || overflow == 1); - rustsecp256k1_v0_11_scalar_reduce(r, overflow); + secp256k1_scalar_reduce(r, overflow); SECP256K1_SCALAR_VERIFY(r); return overflow; } -static void rustsecp256k1_v0_11_scalar_cadd_bit(rustsecp256k1_v0_11_scalar *r, unsigned int bit, int flag) { +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { uint64_t t; volatile int vflag = flag; SECP256K1_SCALAR_VERIFY(r); @@ -172,17 +172,17 @@ static void rustsecp256k1_v0_11_scalar_cadd_bit(rustsecp256k1_v0_11_scalar *r, u VERIFY_CHECK((t >> 32) == 0); } -static void rustsecp256k1_v0_11_scalar_set_b32(rustsecp256k1_v0_11_scalar *r, const unsigned char *b32, int *overflow) { +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { int over; - r->d[0] = rustsecp256k1_v0_11_read_be32(&b32[28]); - r->d[1] = rustsecp256k1_v0_11_read_be32(&b32[24]); - r->d[2] = rustsecp256k1_v0_11_read_be32(&b32[20]); - r->d[3] = rustsecp256k1_v0_11_read_be32(&b32[16]); - r->d[4] = rustsecp256k1_v0_11_read_be32(&b32[12]); - r->d[5] = rustsecp256k1_v0_11_read_be32(&b32[8]); - r->d[6] = rustsecp256k1_v0_11_read_be32(&b32[4]); - r->d[7] = rustsecp256k1_v0_11_read_be32(&b32[0]); - over = rustsecp256k1_v0_11_scalar_reduce(r, rustsecp256k1_v0_11_scalar_check_overflow(r)); + r->d[0] = secp256k1_read_be32(&b32[28]); + r->d[1] = secp256k1_read_be32(&b32[24]); + r->d[2] = secp256k1_read_be32(&b32[20]); + r->d[3] = secp256k1_read_be32(&b32[16]); + r->d[4] = secp256k1_read_be32(&b32[12]); + r->d[5] = secp256k1_read_be32(&b32[8]); + r->d[6] = secp256k1_read_be32(&b32[4]); + r->d[7] = secp256k1_read_be32(&b32[0]); + over = secp256k1_scalar_reduce(r, secp256k1_scalar_check_overflow(r)); if (overflow) { *overflow = over; } @@ -190,27 +190,27 @@ static void rustsecp256k1_v0_11_scalar_set_b32(rustsecp256k1_v0_11_scalar *r, co SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_11_scalar* a) { +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { SECP256K1_SCALAR_VERIFY(a); - rustsecp256k1_v0_11_write_be32(&bin[0], a->d[7]); - rustsecp256k1_v0_11_write_be32(&bin[4], a->d[6]); - rustsecp256k1_v0_11_write_be32(&bin[8], a->d[5]); - rustsecp256k1_v0_11_write_be32(&bin[12], a->d[4]); - rustsecp256k1_v0_11_write_be32(&bin[16], a->d[3]); - rustsecp256k1_v0_11_write_be32(&bin[20], a->d[2]); - rustsecp256k1_v0_11_write_be32(&bin[24], a->d[1]); - rustsecp256k1_v0_11_write_be32(&bin[28], a->d[0]); + secp256k1_write_be32(&bin[0], a->d[7]); + secp256k1_write_be32(&bin[4], a->d[6]); + secp256k1_write_be32(&bin[8], a->d[5]); + secp256k1_write_be32(&bin[12], a->d[4]); + secp256k1_write_be32(&bin[16], a->d[3]); + secp256k1_write_be32(&bin[20], a->d[2]); + secp256k1_write_be32(&bin[24], a->d[1]); + secp256k1_write_be32(&bin[28], a->d[0]); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_zero(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return (a->d[0] | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; } -static void rustsecp256k1_v0_11_scalar_negate(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a) { - uint32_t nonzero = 0xFFFFFFFFUL * (rustsecp256k1_v0_11_scalar_is_zero(a) == 0); +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { + uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(a) == 0); uint64_t t = (uint64_t)(~a->d[0]) + SECP256K1_N_0 + 1; SECP256K1_SCALAR_VERIFY(a); @@ -233,7 +233,7 @@ static void rustsecp256k1_v0_11_scalar_negate(rustsecp256k1_v0_11_scalar *r, con SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_half(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a) { +static void secp256k1_scalar_half(secp256k1_scalar *r, const secp256k1_scalar *a) { /* Writing `/` for field division and `//` for integer division, we compute * * a/2 = (a - (a&1))/2 + (a&1)/2 @@ -281,13 +281,13 @@ static void rustsecp256k1_v0_11_scalar_half(rustsecp256k1_v0_11_scalar *r, const SECP256K1_SCALAR_VERIFY(r); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_one(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return ((a->d[0] ^ 1) | a->d[1] | a->d[2] | a->d[3] | a->d[4] | a->d[5] | a->d[6] | a->d[7]) == 0; } -static int rustsecp256k1_v0_11_scalar_is_high(const rustsecp256k1_v0_11_scalar *a) { +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { int yes = 0; int no = 0; SECP256K1_SCALAR_VERIFY(a); @@ -307,12 +307,12 @@ static int rustsecp256k1_v0_11_scalar_is_high(const rustsecp256k1_v0_11_scalar * return yes; } -static int rustsecp256k1_v0_11_scalar_cond_negate(rustsecp256k1_v0_11_scalar *r, int flag) { +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { /* If we are flag = 0, mask = 00...00 and this is a no-op; - * if we are flag = 1, mask = 11...11 and this is identical to rustsecp256k1_v0_11_scalar_negate */ + * if we are flag = 1, mask = 11...11 and this is identical to secp256k1_scalar_negate */ volatile int vflag = flag; uint32_t mask = -vflag; - uint32_t nonzero = 0xFFFFFFFFUL * (rustsecp256k1_v0_11_scalar_is_zero(r) == 0); + uint32_t nonzero = 0xFFFFFFFFUL * (secp256k1_scalar_is_zero(r) == 0); uint64_t t = (uint64_t)(r->d[0] ^ mask) + ((SECP256K1_N_0 + 1) & mask); SECP256K1_SCALAR_VERIFY(r); @@ -401,7 +401,7 @@ static int rustsecp256k1_v0_11_scalar_cond_negate(rustsecp256k1_v0_11_scalar *r, VERIFY_CHECK(c2 == 0); \ } -static void rustsecp256k1_v0_11_scalar_reduce_512(rustsecp256k1_v0_11_scalar *r, const uint32_t *l) { +static void secp256k1_scalar_reduce_512(secp256k1_scalar *r, const uint32_t *l) { uint64_t c; uint32_t n0 = l[8], n1 = l[9], n2 = l[10], n3 = l[11], n4 = l[12], n5 = l[13], n6 = l[14], n7 = l[15]; uint32_t m0, m1, m2, m3, m4, m5, m6, m7, m8, m9, m10, m11, m12; @@ -540,10 +540,10 @@ static void rustsecp256k1_v0_11_scalar_reduce_512(rustsecp256k1_v0_11_scalar *r, r->d[7] = c & 0xFFFFFFFFUL; c >>= 32; /* Final reduction of r. */ - rustsecp256k1_v0_11_scalar_reduce(r, c + rustsecp256k1_v0_11_scalar_check_overflow(r)); + secp256k1_scalar_reduce(r, c + secp256k1_scalar_check_overflow(r)); } -static void rustsecp256k1_v0_11_scalar_mul_512(uint32_t *l, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +static void secp256k1_scalar_mul_512(uint32_t *l, const secp256k1_scalar *a, const secp256k1_scalar *b) { /* 96 bit accumulator. */ uint32_t c0 = 0, c1 = 0, c2 = 0; @@ -638,18 +638,18 @@ static void rustsecp256k1_v0_11_scalar_mul_512(uint32_t *l, const rustsecp256k1_ #undef extract #undef extract_fast -static void rustsecp256k1_v0_11_scalar_mul(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { uint32_t l[16]; SECP256K1_SCALAR_VERIFY(a); SECP256K1_SCALAR_VERIFY(b); - rustsecp256k1_v0_11_scalar_mul_512(l, a, b); - rustsecp256k1_v0_11_scalar_reduce_512(r, l); + secp256k1_scalar_mul_512(l, a, b); + secp256k1_scalar_reduce_512(r, l); SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_split_128(rustsecp256k1_v0_11_scalar *r1, rustsecp256k1_v0_11_scalar *r2, const rustsecp256k1_v0_11_scalar *k) { +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k) { SECP256K1_SCALAR_VERIFY(k); r1->d[0] = k->d[0]; @@ -673,14 +673,14 @@ static void rustsecp256k1_v0_11_scalar_split_128(rustsecp256k1_v0_11_scalar *r1, SECP256K1_SCALAR_VERIFY(r2); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_eq(const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { SECP256K1_SCALAR_VERIFY(a); SECP256K1_SCALAR_VERIFY(b); return ((a->d[0] ^ b->d[0]) | (a->d[1] ^ b->d[1]) | (a->d[2] ^ b->d[2]) | (a->d[3] ^ b->d[3]) | (a->d[4] ^ b->d[4]) | (a->d[5] ^ b->d[5]) | (a->d[6] ^ b->d[6]) | (a->d[7] ^ b->d[7])) == 0; } -SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_mul_shift_var(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b, unsigned int shift) { +SECP256K1_INLINE static void secp256k1_scalar_mul_shift_var(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b, unsigned int shift) { uint32_t l[16]; unsigned int shiftlimbs; unsigned int shiftlow; @@ -689,7 +689,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_mul_shift_var(rustsecp25 SECP256K1_SCALAR_VERIFY(b); VERIFY_CHECK(shift >= 256); - rustsecp256k1_v0_11_scalar_mul_512(l, a, b); + secp256k1_scalar_mul_512(l, a, b); shiftlimbs = shift >> 5; shiftlow = shift & 0x1F; shifthigh = 32 - shiftlow; @@ -701,12 +701,12 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_mul_shift_var(rustsecp25 r->d[5] = shift < 352 ? (l[5 + shiftlimbs] >> shiftlow | (shift < 320 && shiftlow ? (l[6 + shiftlimbs] << shifthigh) : 0)) : 0; r->d[6] = shift < 320 ? (l[6 + shiftlimbs] >> shiftlow | (shift < 288 && shiftlow ? (l[7 + shiftlimbs] << shifthigh) : 0)) : 0; r->d[7] = shift < 288 ? (l[7 + shiftlimbs] >> shiftlow) : 0; - rustsecp256k1_v0_11_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 5] >> ((shift - 1) & 0x1f)) & 1); + secp256k1_scalar_cadd_bit(r, 0, (l[(shift - 1) >> 5] >> ((shift - 1) & 0x1f)) & 1); SECP256K1_SCALAR_VERIFY(r); } -static SECP256K1_INLINE void rustsecp256k1_v0_11_scalar_cmov(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, int flag) { +static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag) { uint32_t mask0, mask1; volatile int vflag = flag; SECP256K1_SCALAR_VERIFY(a); @@ -726,11 +726,11 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_scalar_cmov(rustsecp256k1_v0_11 SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_from_signed30(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_modinv32_signed30 *a) { +static void secp256k1_scalar_from_signed30(secp256k1_scalar *r, const secp256k1_modinv32_signed30 *a) { const uint32_t a0 = a->v[0], a1 = a->v[1], a2 = a->v[2], a3 = a->v[3], a4 = a->v[4], a5 = a->v[5], a6 = a->v[6], a7 = a->v[7], a8 = a->v[8]; - /* The output from rustsecp256k1_v0_11_modinv32{_var} should be normalized to range [0,modulus), and + /* The output from secp256k1_modinv32{_var} should be normalized to range [0,modulus), and * have limbs in [0,2^30). The modulus is < 2^256, so the top limb must be below 2^(256-30*8). */ VERIFY_CHECK(a0 >> 30 == 0); @@ -755,7 +755,7 @@ static void rustsecp256k1_v0_11_scalar_from_signed30(rustsecp256k1_v0_11_scalar SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_to_signed30(rustsecp256k1_v0_11_modinv32_signed30 *r, const rustsecp256k1_v0_11_scalar *a) { +static void secp256k1_scalar_to_signed30(secp256k1_modinv32_signed30 *r, const secp256k1_scalar *a) { const uint32_t M30 = UINT32_MAX >> 2; const uint32_t a0 = a->d[0], a1 = a->d[1], a2 = a->d[2], a3 = a->d[3], a4 = a->d[4], a5 = a->d[5], a6 = a->d[6], a7 = a->d[7]; @@ -772,42 +772,42 @@ static void rustsecp256k1_v0_11_scalar_to_signed30(rustsecp256k1_v0_11_modinv32_ r->v[8] = a7 >> 16; } -static const rustsecp256k1_v0_11_modinv32_modinfo rustsecp256k1_v0_11_const_modinfo_scalar = { +static const secp256k1_modinv32_modinfo secp256k1_const_modinfo_scalar = { {{0x10364141L, 0x3F497A33L, 0x348A03BBL, 0x2BB739ABL, -0x146L, 0, 0, 0, 65536}}, 0x2A774EC1L }; -static void rustsecp256k1_v0_11_scalar_inverse(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *x) { - rustsecp256k1_v0_11_modinv32_signed30 s; +static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x) { + secp256k1_modinv32_signed30 s; #ifdef VERIFY - int zero_in = rustsecp256k1_v0_11_scalar_is_zero(x); + int zero_in = secp256k1_scalar_is_zero(x); #endif SECP256K1_SCALAR_VERIFY(x); - rustsecp256k1_v0_11_scalar_to_signed30(&s, x); - rustsecp256k1_v0_11_modinv32(&s, &rustsecp256k1_v0_11_const_modinfo_scalar); - rustsecp256k1_v0_11_scalar_from_signed30(r, &s); + secp256k1_scalar_to_signed30(&s, x); + secp256k1_modinv32(&s, &secp256k1_const_modinfo_scalar); + secp256k1_scalar_from_signed30(r, &s); SECP256K1_SCALAR_VERIFY(r); - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_is_zero(r) == zero_in); + VERIFY_CHECK(secp256k1_scalar_is_zero(r) == zero_in); } -static void rustsecp256k1_v0_11_scalar_inverse_var(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *x) { - rustsecp256k1_v0_11_modinv32_signed30 s; +static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x) { + secp256k1_modinv32_signed30 s; #ifdef VERIFY - int zero_in = rustsecp256k1_v0_11_scalar_is_zero(x); + int zero_in = secp256k1_scalar_is_zero(x); #endif SECP256K1_SCALAR_VERIFY(x); - rustsecp256k1_v0_11_scalar_to_signed30(&s, x); - rustsecp256k1_v0_11_modinv32_var(&s, &rustsecp256k1_v0_11_const_modinfo_scalar); - rustsecp256k1_v0_11_scalar_from_signed30(r, &s); + secp256k1_scalar_to_signed30(&s, x); + secp256k1_modinv32_var(&s, &secp256k1_const_modinfo_scalar); + secp256k1_scalar_from_signed30(r, &s); SECP256K1_SCALAR_VERIFY(r); - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_is_zero(r) == zero_in); + VERIFY_CHECK(secp256k1_scalar_is_zero(r) == zero_in); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_even(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return !(a->d[0] & 1); diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_impl.h b/secp256k1-sys/depend/secp256k1/src/scalar_impl.h index 6bf4178a9..9965c2bab 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_impl.h @@ -24,23 +24,23 @@ #error "Please select wide multiplication implementation" #endif -static const rustsecp256k1_v0_11_scalar rustsecp256k1_v0_11_scalar_one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); -static const rustsecp256k1_v0_11_scalar rustsecp256k1_v0_11_scalar_zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); +static const secp256k1_scalar secp256k1_scalar_one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1); +static const secp256k1_scalar secp256k1_scalar_zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0); -SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_clear(rustsecp256k1_v0_11_scalar *r) { - rustsecp256k1_v0_11_memclear(r, sizeof(rustsecp256k1_v0_11_scalar)); +SECP256K1_INLINE static void secp256k1_scalar_clear(secp256k1_scalar *r) { + secp256k1_memclear_explicit(r, sizeof(secp256k1_scalar)); } -static int rustsecp256k1_v0_11_scalar_set_b32_seckey(rustsecp256k1_v0_11_scalar *r, const unsigned char *bin) { +static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin) { int overflow; - rustsecp256k1_v0_11_scalar_set_b32(r, bin, &overflow); + secp256k1_scalar_set_b32(r, bin, &overflow); SECP256K1_SCALAR_VERIFY(r); - return (!overflow) & (!rustsecp256k1_v0_11_scalar_is_zero(r)); + return (!overflow) & (!secp256k1_scalar_is_zero(r)); } -static void rustsecp256k1_v0_11_scalar_verify(const rustsecp256k1_v0_11_scalar *r) { - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_check_overflow(r) == 0); +static void secp256k1_scalar_verify(const secp256k1_scalar *r) { + VERIFY_CHECK(secp256k1_scalar_check_overflow(r) == 0); (void)r; } @@ -64,7 +64,7 @@ static void rustsecp256k1_v0_11_scalar_verify(const rustsecp256k1_v0_11_scalar * * nontrivial to get full test coverage for the exhaustive tests. We therefore * (arbitrarily) set r2 = k + 5 (mod n) and r1 = k - r2 * lambda (mod n). */ -static void rustsecp256k1_v0_11_scalar_split_lambda(rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT r1, rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT r2, const rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT k) { +static void secp256k1_scalar_split_lambda(secp256k1_scalar * SECP256K1_RESTRICT r1, secp256k1_scalar * SECP256K1_RESTRICT r2, const secp256k1_scalar * SECP256K1_RESTRICT k) { SECP256K1_SCALAR_VERIFY(k); VERIFY_CHECK(r1 != k); VERIFY_CHECK(r2 != k); @@ -80,21 +80,21 @@ static void rustsecp256k1_v0_11_scalar_split_lambda(rustsecp256k1_v0_11_scalar * /** * The Secp256k1 curve has an endomorphism, where lambda * (x, y) = (beta * x, y), where * lambda is: */ -static const rustsecp256k1_v0_11_scalar rustsecp256k1_v0_11_const_lambda = SECP256K1_SCALAR_CONST( +static const secp256k1_scalar secp256k1_const_lambda = SECP256K1_SCALAR_CONST( 0x5363AD4CUL, 0xC05C30E0UL, 0xA5261C02UL, 0x8812645AUL, 0x122E22EAUL, 0x20816678UL, 0xDF02967CUL, 0x1B23BD72UL ); #ifdef VERIFY -static void rustsecp256k1_v0_11_scalar_split_lambda_verify(const rustsecp256k1_v0_11_scalar *r1, const rustsecp256k1_v0_11_scalar *r2, const rustsecp256k1_v0_11_scalar *k); +static void secp256k1_scalar_split_lambda_verify(const secp256k1_scalar *r1, const secp256k1_scalar *r2, const secp256k1_scalar *k); #endif /* - * Both lambda and beta are primitive cube roots of unity. That is lamba^3 == 1 mod n and + * Both lambda and beta are primitive cube roots of unity. That is lambda^3 == 1 mod n and * beta^3 == 1 mod p, where n is the curve order and p is the field order. * * Furthermore, because (X^3 - 1) = (X - 1)(X^2 + X + 1), the primitive cube roots of unity are - * roots of X^2 + X + 1. Therefore lambda^2 + lamba == -1 mod n and beta^2 + beta == -1 mod p. + * roots of X^2 + X + 1. Therefore lambda^2 + lambda == -1 mod n and beta^2 + beta == -1 mod p. * (The other primitive cube roots of unity are lambda^2 and beta^2 respectively.) * * Let l = -1/2 + i*sqrt(3)/2, the complex root of X^2 + X + 1. We can define a ring @@ -139,21 +139,21 @@ static void rustsecp256k1_v0_11_scalar_split_lambda_verify(const rustsecp256k1_v * * See proof below. */ -static void rustsecp256k1_v0_11_scalar_split_lambda(rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT r1, rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT r2, const rustsecp256k1_v0_11_scalar * SECP256K1_RESTRICT k) { - rustsecp256k1_v0_11_scalar c1, c2; - static const rustsecp256k1_v0_11_scalar minus_b1 = SECP256K1_SCALAR_CONST( +static void secp256k1_scalar_split_lambda(secp256k1_scalar * SECP256K1_RESTRICT r1, secp256k1_scalar * SECP256K1_RESTRICT r2, const secp256k1_scalar * SECP256K1_RESTRICT k) { + secp256k1_scalar c1, c2; + static const secp256k1_scalar minus_b1 = SECP256K1_SCALAR_CONST( 0x00000000UL, 0x00000000UL, 0x00000000UL, 0x00000000UL, 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C3UL ); - static const rustsecp256k1_v0_11_scalar minus_b2 = SECP256K1_SCALAR_CONST( + static const secp256k1_scalar minus_b2 = SECP256K1_SCALAR_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0x8A280AC5UL, 0x0774346DUL, 0xD765CDA8UL, 0x3DB1562CUL ); - static const rustsecp256k1_v0_11_scalar g1 = SECP256K1_SCALAR_CONST( + static const secp256k1_scalar g1 = SECP256K1_SCALAR_CONST( 0x3086D221UL, 0xA7D46BCDUL, 0xE86C90E4UL, 0x9284EB15UL, 0x3DAA8A14UL, 0x71E8CA7FUL, 0xE893209AUL, 0x45DBB031UL ); - static const rustsecp256k1_v0_11_scalar g2 = SECP256K1_SCALAR_CONST( + static const secp256k1_scalar g2 = SECP256K1_SCALAR_CONST( 0xE4437ED6UL, 0x010E8828UL, 0x6F547FA9UL, 0x0ABFE4C4UL, 0x221208ACUL, 0x9DF506C6UL, 0x1571B4AEUL, 0x8AC47F71UL ); @@ -163,25 +163,25 @@ static void rustsecp256k1_v0_11_scalar_split_lambda(rustsecp256k1_v0_11_scalar * VERIFY_CHECK(r1 != r2); /* these _var calls are constant time since the shift amount is constant */ - rustsecp256k1_v0_11_scalar_mul_shift_var(&c1, k, &g1, 384); - rustsecp256k1_v0_11_scalar_mul_shift_var(&c2, k, &g2, 384); - rustsecp256k1_v0_11_scalar_mul(&c1, &c1, &minus_b1); - rustsecp256k1_v0_11_scalar_mul(&c2, &c2, &minus_b2); - rustsecp256k1_v0_11_scalar_add(r2, &c1, &c2); - rustsecp256k1_v0_11_scalar_mul(r1, r2, &rustsecp256k1_v0_11_const_lambda); - rustsecp256k1_v0_11_scalar_negate(r1, r1); - rustsecp256k1_v0_11_scalar_add(r1, r1, k); + secp256k1_scalar_mul_shift_var(&c1, k, &g1, 384); + secp256k1_scalar_mul_shift_var(&c2, k, &g2, 384); + secp256k1_scalar_mul(&c1, &c1, &minus_b1); + secp256k1_scalar_mul(&c2, &c2, &minus_b2); + secp256k1_scalar_add(r2, &c1, &c2); + secp256k1_scalar_mul(r1, r2, &secp256k1_const_lambda); + secp256k1_scalar_negate(r1, r1); + secp256k1_scalar_add(r1, r1, k); SECP256K1_SCALAR_VERIFY(r1); SECP256K1_SCALAR_VERIFY(r2); #ifdef VERIFY - rustsecp256k1_v0_11_scalar_split_lambda_verify(r1, r2, k); + secp256k1_scalar_split_lambda_verify(r1, r2, k); #endif } #ifdef VERIFY /* - * Proof for rustsecp256k1_v0_11_scalar_split_lambda's bounds. + * Proof for secp256k1_scalar_split_lambda's bounds. * * Let * - epsilon1 = 2^256 * |g1/2^384 - b2/d| @@ -284,8 +284,8 @@ static void rustsecp256k1_v0_11_scalar_split_lambda(rustsecp256k1_v0_11_scalar * * * Q.E.D. */ -static void rustsecp256k1_v0_11_scalar_split_lambda_verify(const rustsecp256k1_v0_11_scalar *r1, const rustsecp256k1_v0_11_scalar *r2, const rustsecp256k1_v0_11_scalar *k) { - rustsecp256k1_v0_11_scalar s; +static void secp256k1_scalar_split_lambda_verify(const secp256k1_scalar *r1, const secp256k1_scalar *r2, const secp256k1_scalar *k) { + secp256k1_scalar s; unsigned char buf1[32]; unsigned char buf2[32]; @@ -301,19 +301,19 @@ static void rustsecp256k1_v0_11_scalar_split_lambda_verify(const rustsecp256k1_v 0x8a, 0x65, 0x28, 0x7b, 0xd4, 0x71, 0x79, 0xfb, 0x2b, 0xe0, 0x88, 0x46, 0xce, 0xa2, 0x67, 0xed }; - rustsecp256k1_v0_11_scalar_mul(&s, &rustsecp256k1_v0_11_const_lambda, r2); - rustsecp256k1_v0_11_scalar_add(&s, &s, r1); - VERIFY_CHECK(rustsecp256k1_v0_11_scalar_eq(&s, k)); + secp256k1_scalar_mul(&s, &secp256k1_const_lambda, r2); + secp256k1_scalar_add(&s, &s, r1); + VERIFY_CHECK(secp256k1_scalar_eq(&s, k)); - rustsecp256k1_v0_11_scalar_negate(&s, r1); - rustsecp256k1_v0_11_scalar_get_b32(buf1, r1); - rustsecp256k1_v0_11_scalar_get_b32(buf2, &s); - VERIFY_CHECK(rustsecp256k1_v0_11_memcmp_var(buf1, k1_bound, 32) < 0 || rustsecp256k1_v0_11_memcmp_var(buf2, k1_bound, 32) < 0); + secp256k1_scalar_negate(&s, r1); + secp256k1_scalar_get_b32(buf1, r1); + secp256k1_scalar_get_b32(buf2, &s); + VERIFY_CHECK(secp256k1_memcmp_var(buf1, k1_bound, 32) < 0 || secp256k1_memcmp_var(buf2, k1_bound, 32) < 0); - rustsecp256k1_v0_11_scalar_negate(&s, r2); - rustsecp256k1_v0_11_scalar_get_b32(buf1, r2); - rustsecp256k1_v0_11_scalar_get_b32(buf2, &s); - VERIFY_CHECK(rustsecp256k1_v0_11_memcmp_var(buf1, k2_bound, 32) < 0 || rustsecp256k1_v0_11_memcmp_var(buf2, k2_bound, 32) < 0); + secp256k1_scalar_negate(&s, r2); + secp256k1_scalar_get_b32(buf1, r2); + secp256k1_scalar_get_b32(buf2, &s); + VERIFY_CHECK(secp256k1_memcmp_var(buf1, k2_bound, 32) < 0 || secp256k1_memcmp_var(buf2, k2_bound, 32) < 0); } #endif /* VERIFY */ #endif /* !defined(EXHAUSTIVE_TEST_ORDER) */ diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_low.h b/secp256k1-sys/depend/secp256k1/src/scalar_low.h index 1995c1468..2711eb932 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_low.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_low.h @@ -10,7 +10,7 @@ #include /** A scalar modulo the group order of the secp256k1 curve. */ -typedef uint32_t rustsecp256k1_v0_11_scalar; +typedef uint32_t secp256k1_scalar; /* A compile-time constant equal to 2^32 (modulo order). */ #define SCALAR_2P32 ((0xffffffffUL % EXHAUSTIVE_TEST_ORDER) + 1U) diff --git a/secp256k1-sys/depend/secp256k1/src/scalar_low_impl.h b/secp256k1-sys/depend/secp256k1/src/scalar_low_impl.h index b0fb66f12..84e1a380a 100644 --- a/secp256k1-sys/depend/secp256k1/src/scalar_low_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scalar_low_impl.h @@ -13,19 +13,19 @@ #include -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_even(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_even(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return !(*a & 1); } -SECP256K1_INLINE static void rustsecp256k1_v0_11_scalar_set_int(rustsecp256k1_v0_11_scalar *r, unsigned int v) { +SECP256K1_INLINE static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v) { *r = v % EXHAUSTIVE_TEST_ORDER; SECP256K1_SCALAR_VERIFY(r); } -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_limb32(const rustsecp256k1_v0_11_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static uint32_t secp256k1_scalar_get_bits_limb32(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { SECP256K1_SCALAR_VERIFY(a); VERIFY_CHECK(count > 0 && count <= 32); @@ -36,15 +36,15 @@ SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_limb32(cons } } -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_scalar_get_bits_var(const rustsecp256k1_v0_11_scalar *a, unsigned int offset, unsigned int count) { +SECP256K1_INLINE static uint32_t secp256k1_scalar_get_bits_var(const secp256k1_scalar *a, unsigned int offset, unsigned int count) { SECP256K1_SCALAR_VERIFY(a); - return rustsecp256k1_v0_11_scalar_get_bits_limb32(a, offset, count); + return secp256k1_scalar_get_bits_limb32(a, offset, count); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_check_overflow(const rustsecp256k1_v0_11_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; } +SECP256K1_INLINE static int secp256k1_scalar_check_overflow(const secp256k1_scalar *a) { return *a >= EXHAUSTIVE_TEST_ORDER; } -static int rustsecp256k1_v0_11_scalar_add(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { SECP256K1_SCALAR_VERIFY(a); SECP256K1_SCALAR_VERIFY(b); @@ -54,7 +54,7 @@ static int rustsecp256k1_v0_11_scalar_add(rustsecp256k1_v0_11_scalar *r, const r return *r < *b; } -static void rustsecp256k1_v0_11_scalar_cadd_bit(rustsecp256k1_v0_11_scalar *r, unsigned int bit, int flag) { +static void secp256k1_scalar_cadd_bit(secp256k1_scalar *r, unsigned int bit, int flag) { SECP256K1_SCALAR_VERIFY(r); if (flag && bit < 32) @@ -66,7 +66,7 @@ static void rustsecp256k1_v0_11_scalar_cadd_bit(rustsecp256k1_v0_11_scalar *r, u VERIFY_CHECK(((uint32_t)1 << bit) - 1 <= UINT32_MAX - EXHAUSTIVE_TEST_ORDER); } -static void rustsecp256k1_v0_11_scalar_set_b32(rustsecp256k1_v0_11_scalar *r, const unsigned char *b32, int *overflow) { +static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *b32, int *overflow) { int i; int over = 0; *r = 0; @@ -82,20 +82,20 @@ static void rustsecp256k1_v0_11_scalar_set_b32(rustsecp256k1_v0_11_scalar *r, co SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_get_b32(unsigned char *bin, const rustsecp256k1_v0_11_scalar* a) { +static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a) { SECP256K1_SCALAR_VERIFY(a); memset(bin, 0, 32); bin[28] = *a >> 24; bin[29] = *a >> 16; bin[30] = *a >> 8; bin[31] = *a; } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_zero(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_zero(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return *a == 0; } -static void rustsecp256k1_v0_11_scalar_negate(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a) { +static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); if (*a == 0) { @@ -107,28 +107,28 @@ static void rustsecp256k1_v0_11_scalar_negate(rustsecp256k1_v0_11_scalar *r, con SECP256K1_SCALAR_VERIFY(r); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_is_one(const rustsecp256k1_v0_11_scalar *a) { +SECP256K1_INLINE static int secp256k1_scalar_is_one(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return *a == 1; } -static int rustsecp256k1_v0_11_scalar_is_high(const rustsecp256k1_v0_11_scalar *a) { +static int secp256k1_scalar_is_high(const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); return *a > EXHAUSTIVE_TEST_ORDER / 2; } -static int rustsecp256k1_v0_11_scalar_cond_negate(rustsecp256k1_v0_11_scalar *r, int flag) { +static int secp256k1_scalar_cond_negate(secp256k1_scalar *r, int flag) { SECP256K1_SCALAR_VERIFY(r); - if (flag) rustsecp256k1_v0_11_scalar_negate(r, r); + if (flag) secp256k1_scalar_negate(r, r); SECP256K1_SCALAR_VERIFY(r); return flag ? -1 : 1; } -static void rustsecp256k1_v0_11_scalar_mul(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b) { SECP256K1_SCALAR_VERIFY(a); SECP256K1_SCALAR_VERIFY(b); @@ -137,7 +137,7 @@ static void rustsecp256k1_v0_11_scalar_mul(rustsecp256k1_v0_11_scalar *r, const SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_split_128(rustsecp256k1_v0_11_scalar *r1, rustsecp256k1_v0_11_scalar *r2, const rustsecp256k1_v0_11_scalar *a) { +static void secp256k1_scalar_split_128(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); *r1 = *a; @@ -147,14 +147,14 @@ static void rustsecp256k1_v0_11_scalar_split_128(rustsecp256k1_v0_11_scalar *r1, SECP256K1_SCALAR_VERIFY(r2); } -SECP256K1_INLINE static int rustsecp256k1_v0_11_scalar_eq(const rustsecp256k1_v0_11_scalar *a, const rustsecp256k1_v0_11_scalar *b) { +SECP256K1_INLINE static int secp256k1_scalar_eq(const secp256k1_scalar *a, const secp256k1_scalar *b) { SECP256K1_SCALAR_VERIFY(a); SECP256K1_SCALAR_VERIFY(b); return *a == *b; } -static SECP256K1_INLINE void rustsecp256k1_v0_11_scalar_cmov(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a, int flag) { +static SECP256K1_INLINE void secp256k1_scalar_cmov(secp256k1_scalar *r, const secp256k1_scalar *a, int flag) { uint32_t mask0, mask1; volatile int vflag = flag; SECP256K1_SCALAR_VERIFY(a); @@ -167,7 +167,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_scalar_cmov(rustsecp256k1_v0_11 SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_inverse(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *x) { +static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *x) { int i; uint32_t res = 0; SECP256K1_SCALAR_VERIFY(x); @@ -187,15 +187,15 @@ static void rustsecp256k1_v0_11_scalar_inverse(rustsecp256k1_v0_11_scalar *r, co SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_inverse_var(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *x) { +static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *x) { SECP256K1_SCALAR_VERIFY(x); - rustsecp256k1_v0_11_scalar_inverse(r, x); + secp256k1_scalar_inverse(r, x); SECP256K1_SCALAR_VERIFY(r); } -static void rustsecp256k1_v0_11_scalar_half(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_scalar *a) { +static void secp256k1_scalar_half(secp256k1_scalar *r, const secp256k1_scalar *a) { SECP256K1_SCALAR_VERIFY(a); *r = (*a + ((-(uint32_t)(*a & 1)) & EXHAUSTIVE_TEST_ORDER)) >> 1; diff --git a/secp256k1-sys/depend/secp256k1/src/scratch.h b/secp256k1-sys/depend/secp256k1/src/scratch.h index 9a9cffa32..6164330b3 100644 --- a/secp256k1-sys/depend/secp256k1/src/scratch.h +++ b/secp256k1-sys/depend/secp256k1/src/scratch.h @@ -9,7 +9,7 @@ /* The typedef is used internally; the struct name is used in the public API * (where it is exposed as a different typedef) */ -typedef struct rustsecp256k1_v0_11_scratch_space_struct { +typedef struct secp256k1_scratch_space_struct { /** guard against interpreting this object as other types */ unsigned char magic[8]; /** actual allocated data */ @@ -19,22 +19,26 @@ typedef struct rustsecp256k1_v0_11_scratch_space_struct { size_t alloc_size; /** maximum size available to allocate */ size_t max_size; -} rustsecp256k1_v0_11_scratch; +} secp256k1_scratch; -typedef struct rustsecp256k1_v0_11_scratch_space_struct rustsecp256k1_v0_11_scratch_space; +typedef struct secp256k1_scratch_space_struct secp256k1_scratch_space; + +static secp256k1_scratch* secp256k1_scratch_create(const secp256k1_callback* error_callback, size_t max_size); + +static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch); /** Returns an opaque object used to "checkpoint" a scratch space. Used - * with `rustsecp256k1_v0_11_scratch_apply_checkpoint` to undo allocations. */ -static size_t rustsecp256k1_v0_11_scratch_checkpoint(const rustsecp256k1_v0_11_callback* error_callback, const rustsecp256k1_v0_11_scratch* scratch); + * with `secp256k1_scratch_apply_checkpoint` to undo allocations. */ +static size_t secp256k1_scratch_checkpoint(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch); -/** Applies a check point received from `rustsecp256k1_v0_11_scratch_checkpoint`, +/** Applies a check point received from `secp256k1_scratch_checkpoint`, * undoing all allocations since that point. */ -static void rustsecp256k1_v0_11_scratch_apply_checkpoint(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch* scratch, size_t checkpoint); +static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t checkpoint); /** Returns the maximum allocation the scratch space will allow */ -static size_t rustsecp256k1_v0_11_scratch_max_allocation(const rustsecp256k1_v0_11_callback* error_callback, const rustsecp256k1_v0_11_scratch* scratch, size_t n_objects); +static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch, size_t n_objects); /** Returns a pointer into the most recently allocated frame, or NULL if there is insufficient available space */ -static void *rustsecp256k1_v0_11_scratch_alloc(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch* scratch, size_t n); +static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t n); #endif diff --git a/secp256k1-sys/depend/secp256k1/src/scratch_impl.h b/secp256k1-sys/depend/secp256k1/src/scratch_impl.h index 98677ddb4..f71a20b96 100644 --- a/secp256k1-sys/depend/secp256k1/src/scratch_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/scratch_impl.h @@ -10,29 +10,54 @@ #include "util.h" #include "scratch.h" -static size_t rustsecp256k1_v0_11_scratch_checkpoint(const rustsecp256k1_v0_11_callback* error_callback, const rustsecp256k1_v0_11_scratch* scratch) { - if (rustsecp256k1_v0_11_memcmp_var(scratch->magic, "scratch", 8) != 0) { - rustsecp256k1_v0_11_callback_call(error_callback, "invalid scratch space"); +static secp256k1_scratch* secp256k1_scratch_create(const secp256k1_callback* error_callback, size_t size) { + const size_t base_alloc = ROUND_TO_ALIGN(sizeof(secp256k1_scratch)); + void *alloc = checked_malloc(error_callback, base_alloc + size); + secp256k1_scratch* ret = (secp256k1_scratch *)alloc; + if (ret != NULL) { + memset(ret, 0, sizeof(*ret)); + memcpy(ret->magic, "scratch", 8); + ret->data = (void *) ((char *) alloc + base_alloc); + ret->max_size = size; + } + return ret; +} + +static void secp256k1_scratch_destroy(const secp256k1_callback* error_callback, secp256k1_scratch* scratch) { + if (scratch != NULL) { + if (secp256k1_memcmp_var(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); + return; + } + VERIFY_CHECK(scratch->alloc_size == 0); /* all checkpoints should be applied */ + memset(scratch->magic, 0, sizeof(scratch->magic)); + free(scratch); + } +} + +static size_t secp256k1_scratch_checkpoint(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch) { + if (secp256k1_memcmp_var(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); return 0; } return scratch->alloc_size; } -static void rustsecp256k1_v0_11_scratch_apply_checkpoint(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch* scratch, size_t checkpoint) { - if (rustsecp256k1_v0_11_memcmp_var(scratch->magic, "scratch", 8) != 0) { - rustsecp256k1_v0_11_callback_call(error_callback, "invalid scratch space"); +static void secp256k1_scratch_apply_checkpoint(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t checkpoint) { + if (secp256k1_memcmp_var(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); return; } if (checkpoint > scratch->alloc_size) { - rustsecp256k1_v0_11_callback_call(error_callback, "invalid checkpoint"); + secp256k1_callback_call(error_callback, "invalid checkpoint"); return; } scratch->alloc_size = checkpoint; } -static size_t rustsecp256k1_v0_11_scratch_max_allocation(const rustsecp256k1_v0_11_callback* error_callback, const rustsecp256k1_v0_11_scratch* scratch, size_t objects) { - if (rustsecp256k1_v0_11_memcmp_var(scratch->magic, "scratch", 8) != 0) { - rustsecp256k1_v0_11_callback_call(error_callback, "invalid scratch space"); +static size_t secp256k1_scratch_max_allocation(const secp256k1_callback* error_callback, const secp256k1_scratch* scratch, size_t objects) { + if (secp256k1_memcmp_var(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); return 0; } /* Ensure that multiplication will not wrap around */ @@ -45,7 +70,7 @@ static size_t rustsecp256k1_v0_11_scratch_max_allocation(const rustsecp256k1_v0_ return scratch->max_size - scratch->alloc_size - objects * (ALIGNMENT - 1); } -static void *rustsecp256k1_v0_11_scratch_alloc(const rustsecp256k1_v0_11_callback* error_callback, rustsecp256k1_v0_11_scratch* scratch, size_t size) { +static void *secp256k1_scratch_alloc(const secp256k1_callback* error_callback, secp256k1_scratch* scratch, size_t size) { void *ret; size_t rounded_size; @@ -56,8 +81,8 @@ static void *rustsecp256k1_v0_11_scratch_alloc(const rustsecp256k1_v0_11_callbac } size = rounded_size; - if (rustsecp256k1_v0_11_memcmp_var(scratch->magic, "scratch", 8) != 0) { - rustsecp256k1_v0_11_callback_call(error_callback, "invalid scratch space"); + if (secp256k1_memcmp_var(scratch->magic, "scratch", 8) != 0) { + secp256k1_callback_call(error_callback, "invalid scratch space"); return NULL; } diff --git a/secp256k1-sys/depend/secp256k1/src/secp256k1.c b/secp256k1-sys/depend/secp256k1/src/secp256k1.c index 565641936..26336a45c 100644 --- a/secp256k1-sys/depend/secp256k1/src/secp256k1.c +++ b/secp256k1-sys/depend/secp256k1/src/secp256k1.c @@ -44,64 +44,64 @@ #define ARG_CHECK(cond) do { \ if (EXPECT(!(cond), 0)) { \ - rustsecp256k1_v0_11_callback_call(&ctx->illegal_callback, #cond); \ + secp256k1_callback_call(&ctx->illegal_callback, #cond); \ return 0; \ } \ } while(0) #define ARG_CHECK_VOID(cond) do { \ if (EXPECT(!(cond), 0)) { \ - rustsecp256k1_v0_11_callback_call(&ctx->illegal_callback, #cond); \ + secp256k1_callback_call(&ctx->illegal_callback, #cond); \ return; \ } \ } while(0) /* Note that whenever you change the context struct, you must also change the * context_eq function. */ -struct rustsecp256k1_v0_11_context_struct { - rustsecp256k1_v0_11_ecmult_gen_context ecmult_gen_ctx; - rustsecp256k1_v0_11_callback illegal_callback; - rustsecp256k1_v0_11_callback error_callback; +struct secp256k1_context_struct { + secp256k1_ecmult_gen_context ecmult_gen_ctx; + secp256k1_callback illegal_callback; + secp256k1_callback error_callback; int declassify; }; -static const rustsecp256k1_v0_11_context rustsecp256k1_v0_11_context_static_ = { +static const secp256k1_context secp256k1_context_static_ = { { 0 }, - { rustsecp256k1_v0_11_default_illegal_callback_fn, 0 }, - { rustsecp256k1_v0_11_default_error_callback_fn, 0 }, + { secp256k1_default_illegal_callback_fn, 0 }, + { secp256k1_default_error_callback_fn, 0 }, 0 }; -const rustsecp256k1_v0_11_context *rustsecp256k1_v0_11_context_static = &rustsecp256k1_v0_11_context_static_; -const rustsecp256k1_v0_11_context *rustsecp256k1_v0_11_context_no_precomp = &rustsecp256k1_v0_11_context_static_; +const secp256k1_context * const secp256k1_context_static = &secp256k1_context_static_; +const secp256k1_context * const secp256k1_context_no_precomp = &secp256k1_context_static_; /* Helper function that determines if a context is proper, i.e., is not the static context or a copy thereof. * - * This is intended for "context" functions such as rustsecp256k1_v0_11_context_clone. Functions that need specific + * This is intended for "context" functions such as secp256k1_context_clone. Functions that need specific * features of a context should still check for these features directly. For example, a function that needs * ecmult_gen should directly check for the existence of the ecmult_gen context. */ -static int rustsecp256k1_v0_11_context_is_proper(const rustsecp256k1_v0_11_context* ctx) { - return rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx); +static int secp256k1_context_is_proper(const secp256k1_context* ctx) { + return secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx); } -void rustsecp256k1_v0_11_selftest(void) { - if (!rustsecp256k1_v0_11_selftest_passes()) { - rustsecp256k1_v0_11_callback_call(&default_error_callback, "self test failed"); +void secp256k1_selftest(void) { + if (!secp256k1_selftest_passes()) { + secp256k1_callback_call(&default_error_callback, "self test failed"); } } -size_t rustsecp256k1_v0_11_context_preallocated_size(unsigned int flags) { - size_t ret = sizeof(rustsecp256k1_v0_11_context); +size_t secp256k1_context_preallocated_size(unsigned int flags) { + size_t ret = sizeof(secp256k1_context); /* A return value of 0 is reserved as an indicator for errors when we call this function internally. */ VERIFY_CHECK(ret != 0); if (EXPECT((flags & SECP256K1_FLAGS_TYPE_MASK) != SECP256K1_FLAGS_TYPE_CONTEXT, 0)) { - rustsecp256k1_v0_11_callback_call(&default_illegal_callback, + secp256k1_callback_call(&default_illegal_callback, "Invalid flags"); return 0; } if (EXPECT(!SECP256K1_CHECKMEM_RUNNING() && (flags & SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY), 0)) { - rustsecp256k1_v0_11_callback_call(&default_illegal_callback, + secp256k1_callback_call(&default_illegal_callback, "Declassify flag requires running with memory checking"); return 0; } @@ -109,118 +109,164 @@ size_t rustsecp256k1_v0_11_context_preallocated_size(unsigned int flags) { return ret; } -size_t rustsecp256k1_v0_11_context_preallocated_clone_size(const rustsecp256k1_v0_11_context* ctx) { +size_t secp256k1_context_preallocated_clone_size(const secp256k1_context* ctx) { VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_11_context_is_proper(ctx)); - return sizeof(rustsecp256k1_v0_11_context); + ARG_CHECK(secp256k1_context_is_proper(ctx)); + return sizeof(secp256k1_context); } -rustsecp256k1_v0_11_context* rustsecp256k1_v0_11_context_preallocated_create(void* prealloc, unsigned int flags) { +secp256k1_context* secp256k1_context_preallocated_create(void* prealloc, unsigned int flags) { size_t prealloc_size; - rustsecp256k1_v0_11_context* ret; + secp256k1_context* ret; - rustsecp256k1_v0_11_selftest(); + secp256k1_selftest(); - prealloc_size = rustsecp256k1_v0_11_context_preallocated_size(flags); + prealloc_size = secp256k1_context_preallocated_size(flags); if (prealloc_size == 0) { return NULL; } VERIFY_CHECK(prealloc != NULL); - ret = (rustsecp256k1_v0_11_context*)prealloc; + ret = (secp256k1_context*)prealloc; ret->illegal_callback = default_illegal_callback; ret->error_callback = default_error_callback; - /* Flags have been checked by rustsecp256k1_v0_11_context_preallocated_size. */ + /* Flags have been checked by secp256k1_context_preallocated_size. */ VERIFY_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_CONTEXT); - rustsecp256k1_v0_11_ecmult_gen_context_build(&ret->ecmult_gen_ctx); + secp256k1_ecmult_gen_context_build(&ret->ecmult_gen_ctx); ret->declassify = !!(flags & SECP256K1_FLAGS_BIT_CONTEXT_DECLASSIFY); return ret; } -rustsecp256k1_v0_11_context* rustsecp256k1_v0_11_context_preallocated_clone(const rustsecp256k1_v0_11_context* ctx, void* prealloc) { - rustsecp256k1_v0_11_context* ret; +secp256k1_context* secp256k1_context_create(unsigned int flags) { + size_t const prealloc_size = secp256k1_context_preallocated_size(flags); + secp256k1_context* ctx = (secp256k1_context*)checked_malloc(&default_error_callback, prealloc_size); + if (EXPECT(secp256k1_context_preallocated_create(ctx, flags) == NULL, 0)) { + free(ctx); + return NULL; + } + + return ctx; +} + +secp256k1_context* secp256k1_context_preallocated_clone(const secp256k1_context* ctx, void* prealloc) { + secp256k1_context* ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(prealloc != NULL); - ARG_CHECK(rustsecp256k1_v0_11_context_is_proper(ctx)); + ARG_CHECK(secp256k1_context_is_proper(ctx)); - ret = (rustsecp256k1_v0_11_context*)prealloc; + ret = (secp256k1_context*)prealloc; *ret = *ctx; return ret; } -void rustsecp256k1_v0_11_context_preallocated_destroy(rustsecp256k1_v0_11_context* ctx) { - ARG_CHECK_VOID(ctx == NULL || rustsecp256k1_v0_11_context_is_proper(ctx)); +secp256k1_context* secp256k1_context_clone(const secp256k1_context* ctx) { + secp256k1_context* ret; + size_t prealloc_size; + + VERIFY_CHECK(ctx != NULL); + ARG_CHECK(secp256k1_context_is_proper(ctx)); + + prealloc_size = secp256k1_context_preallocated_clone_size(ctx); + ret = (secp256k1_context*)checked_malloc(&ctx->error_callback, prealloc_size); + ret = secp256k1_context_preallocated_clone(ctx, ret); + return ret; +} + +void secp256k1_context_preallocated_destroy(secp256k1_context* ctx) { + ARG_CHECK_VOID(ctx == NULL || secp256k1_context_is_proper(ctx)); + + /* Defined as noop */ + if (ctx == NULL) { + return; + } + + secp256k1_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); +} + +void secp256k1_context_destroy(secp256k1_context* ctx) { + ARG_CHECK_VOID(ctx == NULL || secp256k1_context_is_proper(ctx)); /* Defined as noop */ if (ctx == NULL) { return; } - rustsecp256k1_v0_11_ecmult_gen_context_clear(&ctx->ecmult_gen_ctx); + secp256k1_context_preallocated_destroy(ctx); + free(ctx); } -void rustsecp256k1_v0_11_context_set_illegal_callback(rustsecp256k1_v0_11_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - /* We compare pointers instead of checking rustsecp256k1_v0_11_context_is_proper() here +void secp256k1_context_set_illegal_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + /* We compare pointers instead of checking secp256k1_context_is_proper() here because setting callbacks is allowed on *copies* of the static context: it's harmless and makes testing easier. */ - ARG_CHECK_VOID(ctx != rustsecp256k1_v0_11_context_static); + ARG_CHECK_VOID(ctx != secp256k1_context_static); if (fun == NULL) { - fun = rustsecp256k1_v0_11_default_illegal_callback_fn; + fun = secp256k1_default_illegal_callback_fn; } ctx->illegal_callback.fn = fun; ctx->illegal_callback.data = data; } -void rustsecp256k1_v0_11_context_set_error_callback(rustsecp256k1_v0_11_context* ctx, void (*fun)(const char* message, void* data), const void* data) { - /* We compare pointers instead of checking rustsecp256k1_v0_11_context_is_proper() here +void secp256k1_context_set_error_callback(secp256k1_context* ctx, void (*fun)(const char* message, void* data), const void* data) { + /* We compare pointers instead of checking secp256k1_context_is_proper() here because setting callbacks is allowed on *copies* of the static context: it's harmless and makes testing easier. */ - ARG_CHECK_VOID(ctx != rustsecp256k1_v0_11_context_static); + ARG_CHECK_VOID(ctx != secp256k1_context_static); if (fun == NULL) { - fun = rustsecp256k1_v0_11_default_error_callback_fn; + fun = secp256k1_default_error_callback_fn; } ctx->error_callback.fn = fun; ctx->error_callback.data = data; } +static secp256k1_scratch_space* secp256k1_scratch_space_create(const secp256k1_context* ctx, size_t max_size) { + VERIFY_CHECK(ctx != NULL); + return secp256k1_scratch_create(&ctx->error_callback, max_size); +} + +static void secp256k1_scratch_space_destroy(const secp256k1_context *ctx, secp256k1_scratch_space* scratch) { + VERIFY_CHECK(ctx != NULL); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); +} + /* Mark memory as no-longer-secret for the purpose of analysing constant-time behaviour * of the software. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_declassify(const rustsecp256k1_v0_11_context* ctx, const void *p, size_t len) { +static SECP256K1_INLINE void secp256k1_declassify(const secp256k1_context* ctx, const void *p, size_t len) { if (EXPECT(ctx->declassify, 0)) SECP256K1_CHECKMEM_DEFINE(p, len); } -static int rustsecp256k1_v0_11_pubkey_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ge* ge, const rustsecp256k1_v0_11_pubkey* pubkey) { - rustsecp256k1_v0_11_ge_from_bytes(ge, pubkey->data); - ARG_CHECK(!rustsecp256k1_v0_11_fe_is_zero(&ge->x)); +static int secp256k1_pubkey_load(const secp256k1_context* ctx, secp256k1_ge* ge, const secp256k1_pubkey* pubkey) { + secp256k1_ge_from_bytes(ge, pubkey->data); + ARG_CHECK(!secp256k1_fe_is_zero(&ge->x)); return 1; } -static void rustsecp256k1_v0_11_pubkey_save(rustsecp256k1_v0_11_pubkey* pubkey, rustsecp256k1_v0_11_ge* ge) { - rustsecp256k1_v0_11_ge_to_bytes(pubkey->data, ge); +static void secp256k1_pubkey_save(secp256k1_pubkey* pubkey, secp256k1_ge* ge) { + secp256k1_ge_to_bytes(pubkey->data, ge); } -int rustsecp256k1_v0_11_ec_pubkey_parse(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey* pubkey, const unsigned char *input, size_t inputlen) { - rustsecp256k1_v0_11_ge Q; +int secp256k1_ec_pubkey_parse(const secp256k1_context* ctx, secp256k1_pubkey* pubkey, const unsigned char *input, size_t inputlen) { + secp256k1_ge Q; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); ARG_CHECK(input != NULL); - if (!rustsecp256k1_v0_11_eckey_pubkey_parse(&Q, input, inputlen)) { + if (!secp256k1_eckey_pubkey_parse(&Q, input, inputlen)) { return 0; } - if (!rustsecp256k1_v0_11_ge_is_in_correct_subgroup(&Q)) { + if (!secp256k1_ge_is_in_correct_subgroup(&Q)) { return 0; } - rustsecp256k1_v0_11_pubkey_save(pubkey, &Q); - rustsecp256k1_v0_11_ge_clear(&Q); + secp256k1_pubkey_save(pubkey, &Q); + secp256k1_ge_clear(&Q); return 1; } -int rustsecp256k1_v0_11_ec_pubkey_serialize(const rustsecp256k1_v0_11_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_11_pubkey* pubkey, unsigned int flags) { - rustsecp256k1_v0_11_ge Q; +int secp256k1_ec_pubkey_serialize(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_pubkey* pubkey, unsigned int flags) { + secp256k1_ge Q; size_t len; int ret = 0; @@ -233,8 +279,8 @@ int rustsecp256k1_v0_11_ec_pubkey_serialize(const rustsecp256k1_v0_11_context* c memset(output, 0, len); ARG_CHECK(pubkey != NULL); ARG_CHECK((flags & SECP256K1_FLAGS_TYPE_MASK) == SECP256K1_FLAGS_TYPE_COMPRESSION); - if (rustsecp256k1_v0_11_pubkey_load(ctx, &Q, pubkey)) { - ret = rustsecp256k1_v0_11_eckey_pubkey_serialize(&Q, output, &len, flags & SECP256K1_FLAGS_BIT_COMPRESSION); + if (secp256k1_pubkey_load(ctx, &Q, pubkey)) { + ret = secp256k1_eckey_pubkey_serialize(&Q, output, &len, !!(flags & SECP256K1_FLAGS_BIT_COMPRESSION)); if (ret) { *outputlen = len; } @@ -242,9 +288,9 @@ int rustsecp256k1_v0_11_ec_pubkey_serialize(const rustsecp256k1_v0_11_context* c return ret; } -int rustsecp256k1_v0_11_ec_pubkey_cmp(const rustsecp256k1_v0_11_context* ctx, const rustsecp256k1_v0_11_pubkey* pubkey0, const rustsecp256k1_v0_11_pubkey* pubkey1) { +int secp256k1_ec_pubkey_cmp(const secp256k1_context* ctx, const secp256k1_pubkey* pubkey0, const secp256k1_pubkey* pubkey1) { unsigned char out[2][33]; - const rustsecp256k1_v0_11_pubkey* pk[2]; + const secp256k1_pubkey* pk[2]; int i; VERIFY_CHECK(ctx != NULL); @@ -257,7 +303,7 @@ int rustsecp256k1_v0_11_ec_pubkey_cmp(const rustsecp256k1_v0_11_context* ctx, co * results in consistent comparisons even if NULL or invalid pubkeys are * involved and prevents edge cases such as sorting algorithms that use * this function and do not terminate as a result. */ - if (!rustsecp256k1_v0_11_ec_pubkey_serialize(ctx, out[i], &out_size, pk[i], SECP256K1_EC_COMPRESSED)) { + if (!secp256k1_ec_pubkey_serialize(ctx, out[i], &out_size, pk[i], SECP256K1_EC_COMPRESSED)) { /* Note that ec_pubkey_serialize should already set the output to * zero in that case, but it's not guaranteed by the API, we can't * test it and writing a VERIFY_CHECK is more complex than @@ -265,16 +311,16 @@ int rustsecp256k1_v0_11_ec_pubkey_cmp(const rustsecp256k1_v0_11_context* ctx, co memset(out[i], 0, sizeof(out[i])); } } - return rustsecp256k1_v0_11_memcmp_var(out[0], out[1], sizeof(out[0])); + return secp256k1_memcmp_var(out[0], out[1], sizeof(out[0])); } -static int rustsecp256k1_v0_11_ec_pubkey_sort_cmp(const void* pk1, const void* pk2, void *ctx) { - return rustsecp256k1_v0_11_ec_pubkey_cmp((rustsecp256k1_v0_11_context *)ctx, - *(rustsecp256k1_v0_11_pubkey **)pk1, - *(rustsecp256k1_v0_11_pubkey **)pk2); +static int secp256k1_ec_pubkey_sort_cmp(const void* pk1, const void* pk2, void *ctx) { + return secp256k1_ec_pubkey_cmp((secp256k1_context *)ctx, + *(secp256k1_pubkey **)pk1, + *(secp256k1_pubkey **)pk2); } -int rustsecp256k1_v0_11_ec_pubkey_sort(const rustsecp256k1_v0_11_context* ctx, const rustsecp256k1_v0_11_pubkey **pubkeys, size_t n_pubkeys) { +int secp256k1_ec_pubkey_sort(const secp256k1_context* ctx, const secp256k1_pubkey **pubkeys, size_t n_pubkeys) { VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkeys != NULL); @@ -284,10 +330,10 @@ int rustsecp256k1_v0_11_ec_pubkey_sort(const rustsecp256k1_v0_11_context* ctx, c #pragma warning(disable: 4090) #endif - /* Casting away const is fine because neither rustsecp256k1_v0_11_hsort nor - * rustsecp256k1_v0_11_ec_pubkey_sort_cmp modify the data pointed to by the cmp_data + /* Casting away const is fine because neither secp256k1_hsort nor + * secp256k1_ec_pubkey_sort_cmp modify the data pointed to by the cmp_data * argument. */ - rustsecp256k1_v0_11_hsort(pubkeys, n_pubkeys, sizeof(*pubkeys), rustsecp256k1_v0_11_ec_pubkey_sort_cmp, (void *)ctx); + secp256k1_hsort(pubkeys, n_pubkeys, sizeof(*pubkeys), secp256k1_ec_pubkey_sort_cmp, (void *)ctx); #if defined(_MSC_VER) && (_MSC_VER < 1933) #pragma warning(pop) @@ -296,39 +342,39 @@ int rustsecp256k1_v0_11_ec_pubkey_sort(const rustsecp256k1_v0_11_context* ctx, c return 1; } -static void rustsecp256k1_v0_11_ecdsa_signature_load(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_scalar* r, rustsecp256k1_v0_11_scalar* s, const rustsecp256k1_v0_11_ecdsa_signature* sig) { +static void secp256k1_ecdsa_signature_load(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, const secp256k1_ecdsa_signature* sig) { (void)ctx; - if (sizeof(rustsecp256k1_v0_11_scalar) == 32) { - /* When the rustsecp256k1_v0_11_scalar type is exactly 32 byte, use its - * representation inside rustsecp256k1_v0_11_ecdsa_signature, as conversion is very fast. - * Note that rustsecp256k1_v0_11_ecdsa_signature_save must use the same representation. */ + if (sizeof(secp256k1_scalar) == 32) { + /* When the secp256k1_scalar type is exactly 32 byte, use its + * representation inside secp256k1_ecdsa_signature, as conversion is very fast. + * Note that secp256k1_ecdsa_signature_save must use the same representation. */ memcpy(r, &sig->data[0], 32); memcpy(s, &sig->data[32], 32); } else { - rustsecp256k1_v0_11_scalar_set_b32(r, &sig->data[0], NULL); - rustsecp256k1_v0_11_scalar_set_b32(s, &sig->data[32], NULL); + secp256k1_scalar_set_b32(r, &sig->data[0], NULL); + secp256k1_scalar_set_b32(s, &sig->data[32], NULL); } } -static void rustsecp256k1_v0_11_ecdsa_signature_save(rustsecp256k1_v0_11_ecdsa_signature* sig, const rustsecp256k1_v0_11_scalar* r, const rustsecp256k1_v0_11_scalar* s) { - if (sizeof(rustsecp256k1_v0_11_scalar) == 32) { +static void secp256k1_ecdsa_signature_save(secp256k1_ecdsa_signature* sig, const secp256k1_scalar* r, const secp256k1_scalar* s) { + if (sizeof(secp256k1_scalar) == 32) { memcpy(&sig->data[0], r, 32); memcpy(&sig->data[32], s, 32); } else { - rustsecp256k1_v0_11_scalar_get_b32(&sig->data[0], r); - rustsecp256k1_v0_11_scalar_get_b32(&sig->data[32], s); + secp256k1_scalar_get_b32(&sig->data[0], r); + secp256k1_scalar_get_b32(&sig->data[32], s); } } -int rustsecp256k1_v0_11_ecdsa_signature_parse_der(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_signature_parse_der(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input, size_t inputlen) { + secp256k1_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(input != NULL); - if (rustsecp256k1_v0_11_ecdsa_sig_parse(&r, &s, input, inputlen)) { - rustsecp256k1_v0_11_ecdsa_signature_save(sig, &r, &s); + if (secp256k1_ecdsa_sig_parse(&r, &s, input, inputlen)) { + secp256k1_ecdsa_signature_save(sig, &r, &s); return 1; } else { memset(sig, 0, sizeof(*sig)); @@ -336,8 +382,8 @@ int rustsecp256k1_v0_11_ecdsa_signature_parse_der(const rustsecp256k1_v0_11_cont } } -int rustsecp256k1_v0_11_ecdsa_signature_parse_compact(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_signature* sig, const unsigned char *input64) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_signature_parse_compact(const secp256k1_context* ctx, secp256k1_ecdsa_signature* sig, const unsigned char *input64) { + secp256k1_scalar r, s; int ret = 1; int overflow = 0; @@ -345,76 +391,76 @@ int rustsecp256k1_v0_11_ecdsa_signature_parse_compact(const rustsecp256k1_v0_11_ ARG_CHECK(sig != NULL); ARG_CHECK(input64 != NULL); - rustsecp256k1_v0_11_scalar_set_b32(&r, &input64[0], &overflow); + secp256k1_scalar_set_b32(&r, &input64[0], &overflow); ret &= !overflow; - rustsecp256k1_v0_11_scalar_set_b32(&s, &input64[32], &overflow); + secp256k1_scalar_set_b32(&s, &input64[32], &overflow); ret &= !overflow; if (ret) { - rustsecp256k1_v0_11_ecdsa_signature_save(sig, &r, &s); + secp256k1_ecdsa_signature_save(sig, &r, &s); } else { memset(sig, 0, sizeof(*sig)); } return ret; } -int rustsecp256k1_v0_11_ecdsa_signature_serialize_der(const rustsecp256k1_v0_11_context* ctx, unsigned char *output, size_t *outputlen, const rustsecp256k1_v0_11_ecdsa_signature* sig) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_signature_serialize_der(const secp256k1_context* ctx, unsigned char *output, size_t *outputlen, const secp256k1_ecdsa_signature* sig) { + secp256k1_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output != NULL); ARG_CHECK(outputlen != NULL); ARG_CHECK(sig != NULL); - rustsecp256k1_v0_11_ecdsa_signature_load(ctx, &r, &s, sig); - return rustsecp256k1_v0_11_ecdsa_sig_serialize(output, outputlen, &r, &s); + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + return secp256k1_ecdsa_sig_serialize(output, outputlen, &r, &s); } -int rustsecp256k1_v0_11_ecdsa_signature_serialize_compact(const rustsecp256k1_v0_11_context* ctx, unsigned char *output64, const rustsecp256k1_v0_11_ecdsa_signature* sig) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_signature_serialize_compact(const secp256k1_context* ctx, unsigned char *output64, const secp256k1_ecdsa_signature* sig) { + secp256k1_scalar r, s; VERIFY_CHECK(ctx != NULL); ARG_CHECK(output64 != NULL); ARG_CHECK(sig != NULL); - rustsecp256k1_v0_11_ecdsa_signature_load(ctx, &r, &s, sig); - rustsecp256k1_v0_11_scalar_get_b32(&output64[0], &r); - rustsecp256k1_v0_11_scalar_get_b32(&output64[32], &s); + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + secp256k1_scalar_get_b32(&output64[0], &r); + secp256k1_scalar_get_b32(&output64[32], &s); return 1; } -int rustsecp256k1_v0_11_ecdsa_signature_normalize(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_signature *sigout, const rustsecp256k1_v0_11_ecdsa_signature *sigin) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_signature_normalize(const secp256k1_context* ctx, secp256k1_ecdsa_signature *sigout, const secp256k1_ecdsa_signature *sigin) { + secp256k1_scalar r, s; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(sigin != NULL); - rustsecp256k1_v0_11_ecdsa_signature_load(ctx, &r, &s, sigin); - ret = rustsecp256k1_v0_11_scalar_is_high(&s); + secp256k1_ecdsa_signature_load(ctx, &r, &s, sigin); + ret = secp256k1_scalar_is_high(&s); if (sigout != NULL) { if (ret) { - rustsecp256k1_v0_11_scalar_negate(&s, &s); + secp256k1_scalar_negate(&s, &s); } - rustsecp256k1_v0_11_ecdsa_signature_save(sigout, &r, &s); + secp256k1_ecdsa_signature_save(sigout, &r, &s); } return ret; } -int rustsecp256k1_v0_11_ecdsa_verify(const rustsecp256k1_v0_11_context* ctx, const rustsecp256k1_v0_11_ecdsa_signature *sig, const unsigned char *msghash32, const rustsecp256k1_v0_11_pubkey *pubkey) { - rustsecp256k1_v0_11_ge q; - rustsecp256k1_v0_11_scalar r, s; - rustsecp256k1_v0_11_scalar m; +int secp256k1_ecdsa_verify(const secp256k1_context* ctx, const secp256k1_ecdsa_signature *sig, const unsigned char *msghash32, const secp256k1_pubkey *pubkey) { + secp256k1_ge q; + secp256k1_scalar r, s; + secp256k1_scalar m; VERIFY_CHECK(ctx != NULL); ARG_CHECK(msghash32 != NULL); ARG_CHECK(sig != NULL); ARG_CHECK(pubkey != NULL); - rustsecp256k1_v0_11_scalar_set_b32(&m, msghash32, NULL); - rustsecp256k1_v0_11_ecdsa_signature_load(ctx, &r, &s, sig); - return (!rustsecp256k1_v0_11_scalar_is_high(&s) && - rustsecp256k1_v0_11_pubkey_load(ctx, &q, pubkey) && - rustsecp256k1_v0_11_ecdsa_sig_verify(&r, &s, &q, &m)); + secp256k1_scalar_set_b32(&m, msghash32, NULL); + secp256k1_ecdsa_signature_load(ctx, &r, &s, sig); + return (!secp256k1_scalar_is_high(&s) && + secp256k1_pubkey_load(ctx, &q, pubkey) && + secp256k1_ecdsa_sig_verify(&r, &s, &q, &m)); } static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *offset, const void *data, unsigned int len) { @@ -425,12 +471,12 @@ static SECP256K1_INLINE void buffer_append(unsigned char *buf, unsigned int *off static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int counter) { unsigned char keydata[112]; unsigned int offset = 0; - rustsecp256k1_v0_11_rfc6979_hmac_sha256 rng; + secp256k1_rfc6979_hmac_sha256 rng; unsigned int i; - rustsecp256k1_v0_11_scalar msg; + secp256k1_scalar msg; unsigned char msgmod32[32]; - rustsecp256k1_v0_11_scalar_set_b32(&msg, msg32, NULL); - rustsecp256k1_v0_11_scalar_get_b32(msgmod32, &msg); + secp256k1_scalar_set_b32(&msg, msg32, NULL); + secp256k1_scalar_get_b32(msgmod32, &msg); /* We feed a byte array to the PRNG as input, consisting of: * - the private key (32 bytes) and reduced message (32 bytes), see RFC 6979 3.2d. * - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data. @@ -447,53 +493,53 @@ static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *m if (algo16 != NULL) { buffer_append(keydata, &offset, algo16, 16); } - rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); + secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, offset); for (i = 0; i <= counter; i++) { - rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); + secp256k1_rfc6979_hmac_sha256_generate(&rng, nonce32, 32); } - rustsecp256k1_v0_11_rfc6979_hmac_sha256_finalize(&rng); + secp256k1_rfc6979_hmac_sha256_finalize(&rng); - rustsecp256k1_v0_11_memclear(keydata, sizeof(keydata)); - rustsecp256k1_v0_11_rfc6979_hmac_sha256_clear(&rng); + secp256k1_memclear_explicit(keydata, sizeof(keydata)); + secp256k1_rfc6979_hmac_sha256_clear(&rng); return 1; } -const rustsecp256k1_v0_11_nonce_function rustsecp256k1_v0_11_nonce_function_rfc6979 = nonce_function_rfc6979; -const rustsecp256k1_v0_11_nonce_function rustsecp256k1_v0_11_nonce_function_default = nonce_function_rfc6979; +const secp256k1_nonce_function secp256k1_nonce_function_rfc6979 = nonce_function_rfc6979; +const secp256k1_nonce_function secp256k1_nonce_function_default = nonce_function_rfc6979; -static int rustsecp256k1_v0_11_ecdsa_sign_inner(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_scalar* r, rustsecp256k1_v0_11_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, rustsecp256k1_v0_11_nonce_function noncefp, const void* noncedata) { - rustsecp256k1_v0_11_scalar sec, non, msg; +static int secp256k1_ecdsa_sign_inner(const secp256k1_context* ctx, secp256k1_scalar* r, secp256k1_scalar* s, int* recid, const unsigned char *msg32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { + secp256k1_scalar sec, non, msg; int ret = 0; int is_sec_valid; unsigned char nonce32[32]; unsigned int count = 0; /* Default initialization here is important so we won't pass uninit values to the cmov in the end */ - *r = rustsecp256k1_v0_11_scalar_zero; - *s = rustsecp256k1_v0_11_scalar_zero; + *r = secp256k1_scalar_zero; + *s = secp256k1_scalar_zero; if (recid) { *recid = 0; } if (noncefp == NULL) { - noncefp = rustsecp256k1_v0_11_nonce_function_default; + noncefp = secp256k1_nonce_function_default; } /* Fail if the secret key is invalid. */ - is_sec_valid = rustsecp256k1_v0_11_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_11_scalar_cmov(&sec, &rustsecp256k1_v0_11_scalar_one, !is_sec_valid); - rustsecp256k1_v0_11_scalar_set_b32(&msg, msg32, NULL); + is_sec_valid = secp256k1_scalar_set_b32_seckey(&sec, seckey); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_one, !is_sec_valid); + secp256k1_scalar_set_b32(&msg, msg32, NULL); while (1) { int is_nonce_valid; ret = !!noncefp(nonce32, msg32, seckey, NULL, (void*)noncedata, count); if (!ret) { break; } - is_nonce_valid = rustsecp256k1_v0_11_scalar_set_b32_seckey(&non, nonce32); + is_nonce_valid = secp256k1_scalar_set_b32_seckey(&non, nonce32); /* The nonce is still secret here, but it being invalid is less likely than 1:2^255. */ - rustsecp256k1_v0_11_declassify(ctx, &is_nonce_valid, sizeof(is_nonce_valid)); + secp256k1_declassify(ctx, &is_nonce_valid, sizeof(is_nonce_valid)); if (is_nonce_valid) { - ret = rustsecp256k1_v0_11_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, r, s, &sec, &msg, &non, recid); + ret = secp256k1_ecdsa_sig_sign(&ctx->ecmult_gen_ctx, r, s, &sec, &msg, &non, recid); /* The final signature is no longer a secret, nor is the fact that we were successful or not. */ - rustsecp256k1_v0_11_declassify(ctx, &ret, sizeof(ret)); + secp256k1_declassify(ctx, &ret, sizeof(ret)); if (ret) { break; } @@ -504,204 +550,192 @@ static int rustsecp256k1_v0_11_ecdsa_sign_inner(const rustsecp256k1_v0_11_contex * seckey. As a result is_sec_valid is included in ret only after ret was * used as a branching variable. */ ret &= is_sec_valid; - rustsecp256k1_v0_11_memclear(nonce32, sizeof(nonce32)); - rustsecp256k1_v0_11_scalar_clear(&msg); - rustsecp256k1_v0_11_scalar_clear(&non); - rustsecp256k1_v0_11_scalar_clear(&sec); - rustsecp256k1_v0_11_scalar_cmov(r, &rustsecp256k1_v0_11_scalar_zero, !ret); - rustsecp256k1_v0_11_scalar_cmov(s, &rustsecp256k1_v0_11_scalar_zero, !ret); + secp256k1_memclear_explicit(nonce32, sizeof(nonce32)); + secp256k1_scalar_clear(&msg); + secp256k1_scalar_clear(&non); + secp256k1_scalar_clear(&sec); + secp256k1_scalar_cmov(r, &secp256k1_scalar_zero, !ret); + secp256k1_scalar_cmov(s, &secp256k1_scalar_zero, !ret); if (recid) { const int zero = 0; - rustsecp256k1_v0_11_int_cmov(recid, &zero, !ret); + secp256k1_int_cmov(recid, &zero, !ret); } return ret; } -int rustsecp256k1_v0_11_ecdsa_sign(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_ecdsa_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, rustsecp256k1_v0_11_nonce_function noncefp, const void* noncedata) { - rustsecp256k1_v0_11_scalar r, s; +int secp256k1_ecdsa_sign(const secp256k1_context* ctx, secp256k1_ecdsa_signature *signature, const unsigned char *msghash32, const unsigned char *seckey, secp256k1_nonce_function noncefp, const void* noncedata) { + secp256k1_scalar r, s; int ret; VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(msghash32 != NULL); ARG_CHECK(signature != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_11_ecdsa_sign_inner(ctx, &r, &s, NULL, msghash32, seckey, noncefp, noncedata); - rustsecp256k1_v0_11_ecdsa_signature_save(signature, &r, &s); + ret = secp256k1_ecdsa_sign_inner(ctx, &r, &s, NULL, msghash32, seckey, noncefp, noncedata); + secp256k1_ecdsa_signature_save(signature, &r, &s); return ret; } -int rustsecp256k1_v0_11_ec_seckey_verify(const rustsecp256k1_v0_11_context* ctx, const unsigned char *seckey) { - rustsecp256k1_v0_11_scalar sec; +int secp256k1_ec_seckey_verify(const secp256k1_context* ctx, const unsigned char *seckey) { + secp256k1_scalar sec; int ret; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_11_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_11_scalar_clear(&sec); + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + secp256k1_scalar_clear(&sec); return ret; } -static int rustsecp256k1_v0_11_ec_pubkey_create_helper(const rustsecp256k1_v0_11_ecmult_gen_context *ecmult_gen_ctx, rustsecp256k1_v0_11_scalar *seckey_scalar, rustsecp256k1_v0_11_ge *p, const unsigned char *seckey) { - rustsecp256k1_v0_11_gej pj; +static int secp256k1_ec_pubkey_create_helper(const secp256k1_ecmult_gen_context *ecmult_gen_ctx, secp256k1_scalar *seckey_scalar, secp256k1_ge *p, const unsigned char *seckey) { + secp256k1_gej pj; int ret; - ret = rustsecp256k1_v0_11_scalar_set_b32_seckey(seckey_scalar, seckey); - rustsecp256k1_v0_11_scalar_cmov(seckey_scalar, &rustsecp256k1_v0_11_scalar_one, !ret); + ret = secp256k1_scalar_set_b32_seckey(seckey_scalar, seckey); + secp256k1_scalar_cmov(seckey_scalar, &secp256k1_scalar_one, !ret); - rustsecp256k1_v0_11_ecmult_gen(ecmult_gen_ctx, &pj, seckey_scalar); - rustsecp256k1_v0_11_ge_set_gej(p, &pj); - rustsecp256k1_v0_11_gej_clear(&pj); + secp256k1_ecmult_gen(ecmult_gen_ctx, &pj, seckey_scalar); + secp256k1_ge_set_gej(p, &pj); + secp256k1_gej_clear(&pj); return ret; } -int rustsecp256k1_v0_11_ec_pubkey_create(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *pubkey, const unsigned char *seckey) { - rustsecp256k1_v0_11_ge p; - rustsecp256k1_v0_11_scalar seckey_scalar; +int secp256k1_ec_pubkey_create(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *seckey) { + secp256k1_ge p; + secp256k1_scalar seckey_scalar; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); memset(pubkey, 0, sizeof(*pubkey)); - ARG_CHECK(rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); + ARG_CHECK(secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_11_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey); - rustsecp256k1_v0_11_pubkey_save(pubkey, &p); - rustsecp256k1_v0_11_memczero(pubkey, sizeof(*pubkey), !ret); + ret = secp256k1_ec_pubkey_create_helper(&ctx->ecmult_gen_ctx, &seckey_scalar, &p, seckey); + secp256k1_pubkey_save(pubkey, &p); + secp256k1_memczero(pubkey, sizeof(*pubkey), !ret); - rustsecp256k1_v0_11_scalar_clear(&seckey_scalar); + secp256k1_scalar_clear(&seckey_scalar); return ret; } -int rustsecp256k1_v0_11_ec_seckey_negate(const rustsecp256k1_v0_11_context* ctx, unsigned char *seckey) { - rustsecp256k1_v0_11_scalar sec; +int secp256k1_ec_seckey_negate(const secp256k1_context* ctx, unsigned char *seckey) { + secp256k1_scalar sec; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); - ret = rustsecp256k1_v0_11_scalar_set_b32_seckey(&sec, seckey); - rustsecp256k1_v0_11_scalar_cmov(&sec, &rustsecp256k1_v0_11_scalar_zero, !ret); - rustsecp256k1_v0_11_scalar_negate(&sec, &sec); - rustsecp256k1_v0_11_scalar_get_b32(seckey, &sec); + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); + secp256k1_scalar_negate(&sec, &sec); + secp256k1_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_11_scalar_clear(&sec); + secp256k1_scalar_clear(&sec); return ret; } -int rustsecp256k1_v0_11_ec_privkey_negate(const rustsecp256k1_v0_11_context* ctx, unsigned char *seckey) { - return rustsecp256k1_v0_11_ec_seckey_negate(ctx, seckey); -} - -int rustsecp256k1_v0_11_ec_pubkey_negate(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *pubkey) { +int secp256k1_ec_pubkey_negate(const secp256k1_context* ctx, secp256k1_pubkey *pubkey) { int ret = 0; - rustsecp256k1_v0_11_ge p; + secp256k1_ge p; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); - ret = rustsecp256k1_v0_11_pubkey_load(ctx, &p, pubkey); + ret = secp256k1_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); if (ret) { - rustsecp256k1_v0_11_ge_neg(&p, &p); - rustsecp256k1_v0_11_pubkey_save(pubkey, &p); + secp256k1_ge_neg(&p, &p); + secp256k1_pubkey_save(pubkey, &p); } return ret; } -static int rustsecp256k1_v0_11_ec_seckey_tweak_add_helper(rustsecp256k1_v0_11_scalar *sec, const unsigned char *tweak32) { - rustsecp256k1_v0_11_scalar term; +static int secp256k1_ec_seckey_tweak_add_helper(secp256k1_scalar *sec, const unsigned char *tweak32) { + secp256k1_scalar term; int overflow = 0; int ret = 0; - rustsecp256k1_v0_11_scalar_set_b32(&term, tweak32, &overflow); - ret = (!overflow) & rustsecp256k1_v0_11_eckey_privkey_tweak_add(sec, &term); - rustsecp256k1_v0_11_scalar_clear(&term); + secp256k1_scalar_set_b32(&term, tweak32, &overflow); + ret = (!overflow) & secp256k1_eckey_privkey_tweak_add(sec, &term); + secp256k1_scalar_clear(&term); return ret; } -int rustsecp256k1_v0_11_ec_seckey_tweak_add(const rustsecp256k1_v0_11_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { - rustsecp256k1_v0_11_scalar sec; +int secp256k1_ec_seckey_tweak_add(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + secp256k1_scalar sec; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); ARG_CHECK(tweak32 != NULL); - ret = rustsecp256k1_v0_11_scalar_set_b32_seckey(&sec, seckey); - ret &= rustsecp256k1_v0_11_ec_seckey_tweak_add_helper(&sec, tweak32); - rustsecp256k1_v0_11_scalar_cmov(&sec, &rustsecp256k1_v0_11_scalar_zero, !ret); - rustsecp256k1_v0_11_scalar_get_b32(seckey, &sec); + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + ret &= secp256k1_ec_seckey_tweak_add_helper(&sec, tweak32); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); + secp256k1_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_11_scalar_clear(&sec); + secp256k1_scalar_clear(&sec); return ret; } -int rustsecp256k1_v0_11_ec_privkey_tweak_add(const rustsecp256k1_v0_11_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { - return rustsecp256k1_v0_11_ec_seckey_tweak_add(ctx, seckey, tweak32); -} - -static int rustsecp256k1_v0_11_ec_pubkey_tweak_add_helper(rustsecp256k1_v0_11_ge *p, const unsigned char *tweak32) { - rustsecp256k1_v0_11_scalar term; +static int secp256k1_ec_pubkey_tweak_add_helper(secp256k1_ge *p, const unsigned char *tweak32) { + secp256k1_scalar term; int overflow = 0; - rustsecp256k1_v0_11_scalar_set_b32(&term, tweak32, &overflow); - return !overflow && rustsecp256k1_v0_11_eckey_pubkey_tweak_add(p, &term); + secp256k1_scalar_set_b32(&term, tweak32, &overflow); + return !overflow && secp256k1_eckey_pubkey_tweak_add(p, &term); } -int rustsecp256k1_v0_11_ec_pubkey_tweak_add(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *pubkey, const unsigned char *tweak32) { - rustsecp256k1_v0_11_ge p; +int secp256k1_ec_pubkey_tweak_add(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) { + secp256k1_ge p; int ret = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); ARG_CHECK(tweak32 != NULL); - ret = rustsecp256k1_v0_11_pubkey_load(ctx, &p, pubkey); + ret = secp256k1_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); - ret = ret && rustsecp256k1_v0_11_ec_pubkey_tweak_add_helper(&p, tweak32); + ret = ret && secp256k1_ec_pubkey_tweak_add_helper(&p, tweak32); if (ret) { - rustsecp256k1_v0_11_pubkey_save(pubkey, &p); + secp256k1_pubkey_save(pubkey, &p); } return ret; } -int rustsecp256k1_v0_11_ec_seckey_tweak_mul(const rustsecp256k1_v0_11_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { - rustsecp256k1_v0_11_scalar factor; - rustsecp256k1_v0_11_scalar sec; +int secp256k1_ec_seckey_tweak_mul(const secp256k1_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { + secp256k1_scalar factor; + secp256k1_scalar sec; int ret = 0; int overflow = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(seckey != NULL); ARG_CHECK(tweak32 != NULL); - rustsecp256k1_v0_11_scalar_set_b32(&factor, tweak32, &overflow); - ret = rustsecp256k1_v0_11_scalar_set_b32_seckey(&sec, seckey); - ret &= (!overflow) & rustsecp256k1_v0_11_eckey_privkey_tweak_mul(&sec, &factor); - rustsecp256k1_v0_11_scalar_cmov(&sec, &rustsecp256k1_v0_11_scalar_zero, !ret); - rustsecp256k1_v0_11_scalar_get_b32(seckey, &sec); + secp256k1_scalar_set_b32(&factor, tweak32, &overflow); + ret = secp256k1_scalar_set_b32_seckey(&sec, seckey); + ret &= (!overflow) & secp256k1_eckey_privkey_tweak_mul(&sec, &factor); + secp256k1_scalar_cmov(&sec, &secp256k1_scalar_zero, !ret); + secp256k1_scalar_get_b32(seckey, &sec); - rustsecp256k1_v0_11_scalar_clear(&sec); - rustsecp256k1_v0_11_scalar_clear(&factor); + secp256k1_scalar_clear(&sec); + secp256k1_scalar_clear(&factor); return ret; } -int rustsecp256k1_v0_11_ec_privkey_tweak_mul(const rustsecp256k1_v0_11_context* ctx, unsigned char *seckey, const unsigned char *tweak32) { - return rustsecp256k1_v0_11_ec_seckey_tweak_mul(ctx, seckey, tweak32); -} - -int rustsecp256k1_v0_11_ec_pubkey_tweak_mul(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *pubkey, const unsigned char *tweak32) { - rustsecp256k1_v0_11_ge p; - rustsecp256k1_v0_11_scalar factor; +int secp256k1_ec_pubkey_tweak_mul(const secp256k1_context* ctx, secp256k1_pubkey *pubkey, const unsigned char *tweak32) { + secp256k1_ge p; + secp256k1_scalar factor; int ret = 0; int overflow = 0; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubkey != NULL); ARG_CHECK(tweak32 != NULL); - rustsecp256k1_v0_11_scalar_set_b32(&factor, tweak32, &overflow); - ret = !overflow && rustsecp256k1_v0_11_pubkey_load(ctx, &p, pubkey); + secp256k1_scalar_set_b32(&factor, tweak32, &overflow); + ret = !overflow && secp256k1_pubkey_load(ctx, &p, pubkey); memset(pubkey, 0, sizeof(*pubkey)); if (ret) { - if (rustsecp256k1_v0_11_eckey_pubkey_tweak_mul(&p, &factor)) { - rustsecp256k1_v0_11_pubkey_save(pubkey, &p); + if (secp256k1_eckey_pubkey_tweak_mul(&p, &factor)) { + secp256k1_pubkey_save(pubkey, &p); } else { ret = 0; } @@ -710,20 +744,20 @@ int rustsecp256k1_v0_11_ec_pubkey_tweak_mul(const rustsecp256k1_v0_11_context* c return ret; } -int rustsecp256k1_v0_11_context_randomize(rustsecp256k1_v0_11_context* ctx, const unsigned char *seed32) { +int secp256k1_context_randomize(secp256k1_context* ctx, const unsigned char *seed32) { VERIFY_CHECK(ctx != NULL); - ARG_CHECK(rustsecp256k1_v0_11_context_is_proper(ctx)); + ARG_CHECK(secp256k1_context_is_proper(ctx)); - if (rustsecp256k1_v0_11_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { - rustsecp256k1_v0_11_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); + if (secp256k1_ecmult_gen_context_is_built(&ctx->ecmult_gen_ctx)) { + secp256k1_ecmult_gen_blind(&ctx->ecmult_gen_ctx, seed32); } return 1; } -int rustsecp256k1_v0_11_ec_pubkey_combine(const rustsecp256k1_v0_11_context* ctx, rustsecp256k1_v0_11_pubkey *pubnonce, const rustsecp256k1_v0_11_pubkey * const *pubnonces, size_t n) { +int secp256k1_ec_pubkey_combine(const secp256k1_context* ctx, secp256k1_pubkey *pubnonce, const secp256k1_pubkey * const *pubnonces, size_t n) { size_t i; - rustsecp256k1_v0_11_gej Qj; - rustsecp256k1_v0_11_ge Q; + secp256k1_gej Qj; + secp256k1_ge Q; VERIFY_CHECK(ctx != NULL); ARG_CHECK(pubnonce != NULL); @@ -731,32 +765,32 @@ int rustsecp256k1_v0_11_ec_pubkey_combine(const rustsecp256k1_v0_11_context* ctx ARG_CHECK(n >= 1); ARG_CHECK(pubnonces != NULL); - rustsecp256k1_v0_11_gej_set_infinity(&Qj); + secp256k1_gej_set_infinity(&Qj); for (i = 0; i < n; i++) { ARG_CHECK(pubnonces[i] != NULL); - rustsecp256k1_v0_11_pubkey_load(ctx, &Q, pubnonces[i]); - rustsecp256k1_v0_11_gej_add_ge(&Qj, &Qj, &Q); + secp256k1_pubkey_load(ctx, &Q, pubnonces[i]); + secp256k1_gej_add_ge(&Qj, &Qj, &Q); } - if (rustsecp256k1_v0_11_gej_is_infinity(&Qj)) { + if (secp256k1_gej_is_infinity(&Qj)) { return 0; } - rustsecp256k1_v0_11_ge_set_gej(&Q, &Qj); - rustsecp256k1_v0_11_pubkey_save(pubnonce, &Q); + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(pubnonce, &Q); return 1; } -int rustsecp256k1_v0_11_tagged_sha256(const rustsecp256k1_v0_11_context* ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, const unsigned char *msg, size_t msglen) { - rustsecp256k1_v0_11_sha256 sha; +int secp256k1_tagged_sha256(const secp256k1_context* ctx, unsigned char *hash32, const unsigned char *tag, size_t taglen, const unsigned char *msg, size_t msglen) { + secp256k1_sha256 sha; VERIFY_CHECK(ctx != NULL); ARG_CHECK(hash32 != NULL); ARG_CHECK(tag != NULL); ARG_CHECK(msg != NULL); - rustsecp256k1_v0_11_sha256_initialize_tagged(&sha, tag, taglen); - rustsecp256k1_v0_11_sha256_write(&sha, msg, msglen); - rustsecp256k1_v0_11_sha256_finalize(&sha, hash32); - rustsecp256k1_v0_11_sha256_clear(&sha); + secp256k1_sha256_initialize_tagged(&sha, tag, taglen); + secp256k1_sha256_write(&sha, msg, msglen); + secp256k1_sha256_finalize(&sha, hash32); + secp256k1_sha256_clear(&sha); return 1; } diff --git a/secp256k1-sys/depend/secp256k1/src/selftest.h b/secp256k1-sys/depend/secp256k1/src/selftest.h index 6675a19f4..d083ac952 100644 --- a/secp256k1-sys/depend/secp256k1/src/selftest.h +++ b/secp256k1-sys/depend/secp256k1/src/selftest.h @@ -11,22 +11,22 @@ #include -static int rustsecp256k1_v0_11_selftest_sha256(void) { +static int secp256k1_selftest_sha256(void) { static const char *input63 = "For this sample, this 63-byte string will be used as input data"; static const unsigned char output32[32] = { 0xf0, 0x8a, 0x78, 0xcb, 0xba, 0xee, 0x08, 0x2b, 0x05, 0x2a, 0xe0, 0x70, 0x8f, 0x32, 0xfa, 0x1e, 0x50, 0xc5, 0xc4, 0x21, 0xaa, 0x77, 0x2b, 0xa5, 0xdb, 0xb4, 0x06, 0xa2, 0xea, 0x6b, 0xe3, 0x42, }; unsigned char out[32]; - rustsecp256k1_v0_11_sha256 hasher; - rustsecp256k1_v0_11_sha256_initialize(&hasher); - rustsecp256k1_v0_11_sha256_write(&hasher, (const unsigned char*)input63, 63); - rustsecp256k1_v0_11_sha256_finalize(&hasher, out); - return rustsecp256k1_v0_11_memcmp_var(out, output32, 32) == 0; + secp256k1_sha256 hasher; + secp256k1_sha256_initialize(&hasher); + secp256k1_sha256_write(&hasher, (const unsigned char*)input63, 63); + secp256k1_sha256_finalize(&hasher, out); + return secp256k1_memcmp_var(out, output32, 32) == 0; } -static int rustsecp256k1_v0_11_selftest_passes(void) { - return rustsecp256k1_v0_11_selftest_sha256(); +static int secp256k1_selftest_passes(void) { + return secp256k1_selftest_sha256(); } #endif /* SECP256K1_SELFTEST_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/testrand_impl.h b/secp256k1-sys/depend/secp256k1/src/testrand_impl.h index d23155ee1..b84f5730a 100644 --- a/secp256k1-sys/depend/secp256k1/src/testrand_impl.h +++ b/secp256k1-sys/depend/secp256k1/src/testrand_impl.h @@ -15,24 +15,24 @@ #include "hash.h" #include "util.h" -static uint64_t rustsecp256k1_v0_11_test_state[4]; +static uint64_t secp256k1_test_state[4]; SECP256K1_INLINE static void testrand_seed(const unsigned char *seed16) { static const unsigned char PREFIX[] = {'s', 'e', 'c', 'p', '2', '5', '6', 'k', '1', ' ', 't', 'e', 's', 't', ' ', 'i', 'n', 'i', 't'}; unsigned char out32[32]; - rustsecp256k1_v0_11_sha256 hash; + secp256k1_sha256 hash; int i; /* Use SHA256(PREFIX || seed16) as initial state. */ - rustsecp256k1_v0_11_sha256_initialize(&hash); - rustsecp256k1_v0_11_sha256_write(&hash, PREFIX, sizeof(PREFIX)); - rustsecp256k1_v0_11_sha256_write(&hash, seed16, 16); - rustsecp256k1_v0_11_sha256_finalize(&hash, out32); + secp256k1_sha256_initialize(&hash); + secp256k1_sha256_write(&hash, PREFIX, sizeof(PREFIX)); + secp256k1_sha256_write(&hash, seed16, 16); + secp256k1_sha256_finalize(&hash, out32); for (i = 0; i < 4; ++i) { uint64_t s = 0; int j; for (j = 0; j < 8; ++j) s = (s << 8) | out32[8*i + j]; - rustsecp256k1_v0_11_test_state[i] = s; + secp256k1_test_state[i] = s; } } @@ -42,14 +42,14 @@ SECP256K1_INLINE static uint64_t rotl(const uint64_t x, int k) { SECP256K1_INLINE static uint64_t testrand64(void) { /* Test-only Xoshiro256++ RNG. See https://prng.di.unimi.it/ */ - const uint64_t result = rotl(rustsecp256k1_v0_11_test_state[0] + rustsecp256k1_v0_11_test_state[3], 23) + rustsecp256k1_v0_11_test_state[0]; - const uint64_t t = rustsecp256k1_v0_11_test_state[1] << 17; - rustsecp256k1_v0_11_test_state[2] ^= rustsecp256k1_v0_11_test_state[0]; - rustsecp256k1_v0_11_test_state[3] ^= rustsecp256k1_v0_11_test_state[1]; - rustsecp256k1_v0_11_test_state[1] ^= rustsecp256k1_v0_11_test_state[2]; - rustsecp256k1_v0_11_test_state[0] ^= rustsecp256k1_v0_11_test_state[3]; - rustsecp256k1_v0_11_test_state[2] ^= t; - rustsecp256k1_v0_11_test_state[3] = rotl(rustsecp256k1_v0_11_test_state[3], 45); + const uint64_t result = rotl(secp256k1_test_state[0] + secp256k1_test_state[3], 23) + secp256k1_test_state[0]; + const uint64_t t = secp256k1_test_state[1] << 17; + secp256k1_test_state[2] ^= secp256k1_test_state[0]; + secp256k1_test_state[3] ^= secp256k1_test_state[1]; + secp256k1_test_state[1] ^= secp256k1_test_state[2]; + secp256k1_test_state[0] ^= secp256k1_test_state[3]; + secp256k1_test_state[2] ^= t; + secp256k1_test_state[3] = rotl(secp256k1_test_state[3], 45); return result; } diff --git a/secp256k1-sys/depend/secp256k1/src/tests.c b/secp256k1-sys/depend/secp256k1/src/tests.c index 5939d8c5e..cb3b3c424 100644 --- a/secp256k1-sys/depend/secp256k1/src/tests.c +++ b/secp256k1-sys/depend/secp256k1/src/tests.c @@ -38,8 +38,8 @@ #define CONDITIONAL_TEST(cnt, nam) if (COUNT < (cnt)) { printf("Skipping %s (iteration count too low)\n", nam); } else static int COUNT = 16; -static rustsecp256k1_v0_11_context *CTX = NULL; -static rustsecp256k1_v0_11_context *STATIC_CTX = NULL; +static secp256k1_context *CTX = NULL; +static secp256k1_context *STATIC_CTX = NULL; static int all_bytes_equal(const void* s, unsigned char value, size_t n) { const unsigned char *p = s; @@ -55,7 +55,7 @@ static int all_bytes_equal(const void* s, unsigned char value, size_t n) { #define CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, callback, callback_setter) do { \ int32_t _calls_to_callback = 0; \ - rustsecp256k1_v0_11_callback _saved_callback = ctx->callback; \ + secp256k1_callback _saved_callback = ctx->callback; \ callback_setter(ctx, counting_callback_fn, &_calls_to_callback); \ { expr_or_stmt; } \ ctx->callback = _saved_callback; \ @@ -66,9 +66,9 @@ static int all_bytes_equal(const void* s, unsigned char value, size_t n) { * * Useful for checking functions that return void (e.g., API functions that use ARG_CHECK_VOID) */ #define CHECK_ERROR_VOID(ctx, expr_or_stmt) \ - CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, error_callback, rustsecp256k1_v0_11_context_set_error_callback) + CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, error_callback, secp256k1_context_set_error_callback) #define CHECK_ILLEGAL_VOID(ctx, expr_or_stmt) \ - CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, illegal_callback, rustsecp256k1_v0_11_context_set_illegal_callback) + CHECK_COUNTING_CALLBACK_VOID(ctx, expr_or_stmt, illegal_callback, secp256k1_context_set_illegal_callback) /* CHECK that * - expr calls the illegal callback of ctx exactly once and, @@ -87,21 +87,12 @@ static void counting_callback_fn(const char* str, void* data) { (*p)++; } -static void uncounting_illegal_callback_fn(const char* str, void* data) { - /* Dummy callback function that just counts (backwards). */ - int32_t *p; - (void)str; - p = data; - CHECK(*p != INT32_MIN); - (*p)--; -} - static void run_xoshiro256pp_tests(void) { { size_t i; /* Sanity check that we run before the actual seeding. */ - for (i = 0; i < sizeof(rustsecp256k1_v0_11_test_state)/sizeof(rustsecp256k1_v0_11_test_state[0]); i++) { - CHECK(rustsecp256k1_v0_11_test_state[i] == 0); + for (i = 0; i < sizeof(secp256k1_test_state)/sizeof(secp256k1_test_state[0]); i++) { + CHECK(secp256k1_test_state[i] == 0); } } { @@ -121,23 +112,23 @@ static void run_xoshiro256pp_tests(void) { for (i = 0; i < 17; i++) { testrand256(buf32); } - CHECK(rustsecp256k1_v0_11_memcmp_var(buf32, buf32_expected, sizeof(buf32)) == 0); + CHECK(secp256k1_memcmp_var(buf32, buf32_expected, sizeof(buf32)) == 0); } } static void run_selftest_tests(void) { /* Test public API */ - rustsecp256k1_v0_11_selftest(); + secp256k1_selftest(); } -static int ecmult_gen_context_eq(const rustsecp256k1_v0_11_ecmult_gen_context *a, const rustsecp256k1_v0_11_ecmult_gen_context *b) { +static int ecmult_gen_context_eq(const secp256k1_ecmult_gen_context *a, const secp256k1_ecmult_gen_context *b) { return a->built == b->built - && rustsecp256k1_v0_11_scalar_eq(&a->scalar_offset, &b->scalar_offset) - && rustsecp256k1_v0_11_ge_eq_var(&a->ge_offset, &b->ge_offset) - && rustsecp256k1_v0_11_fe_equal(&a->proj_blind, &b->proj_blind); + && secp256k1_scalar_eq(&a->scalar_offset, &b->scalar_offset) + && secp256k1_ge_eq_var(&a->ge_offset, &b->ge_offset) + && secp256k1_fe_equal(&a->proj_blind, &b->proj_blind); } -static int context_eq(const rustsecp256k1_v0_11_context *a, const rustsecp256k1_v0_11_context *b) { +static int context_eq(const secp256k1_context *a, const secp256k1_context *b) { return a->declassify == b->declassify && ecmult_gen_context_eq(&a->ecmult_gen_ctx, &b->ecmult_gen_ctx) && a->illegal_callback.fn == b->illegal_callback.fn @@ -152,22 +143,22 @@ static void run_deprecated_context_flags_test(void) { unsigned int flags[] = { SECP256K1_CONTEXT_SIGN, SECP256K1_CONTEXT_VERIFY, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY }; - rustsecp256k1_v0_11_context *none_ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + secp256k1_context *none_ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); int i; for (i = 0; i < (int)(sizeof(flags)/sizeof(flags[0])); i++) { - rustsecp256k1_v0_11_context *tmp_ctx; - CHECK(rustsecp256k1_v0_11_context_preallocated_size(SECP256K1_CONTEXT_NONE) == rustsecp256k1_v0_11_context_preallocated_size(flags[i])); - tmp_ctx = rustsecp256k1_v0_11_context_create(flags[i]); + secp256k1_context *tmp_ctx; + CHECK(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE) == secp256k1_context_preallocated_size(flags[i])); + tmp_ctx = secp256k1_context_create(flags[i]); CHECK(context_eq(none_ctx, tmp_ctx)); - rustsecp256k1_v0_11_context_destroy(tmp_ctx); + secp256k1_context_destroy(tmp_ctx); } - rustsecp256k1_v0_11_context_destroy(none_ctx); + secp256k1_context_destroy(none_ctx); } static void run_ec_illegal_argument_tests(void) { - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_pubkey zero_pubkey; - rustsecp256k1_v0_11_ecdsa_signature sig; + secp256k1_pubkey pubkey; + secp256k1_pubkey zero_pubkey; + secp256k1_ecdsa_signature sig; unsigned char ctmp[32]; /* Setup */ @@ -175,187 +166,187 @@ static void run_ec_illegal_argument_tests(void) { memset(&zero_pubkey, 0, sizeof(zero_pubkey)); /* Verify context-type checking illegal-argument errors. */ - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_ec_pubkey_create(STATIC_CTX, &pubkey, ctmp)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_ec_pubkey_create(STATIC_CTX, &pubkey, ctmp)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_ecdsa_sign(STATIC_CTX, &sig, ctmp, ctmp, NULL, NULL)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_ecdsa_sign(STATIC_CTX, &sig, ctmp, ctmp, NULL, NULL)); SECP256K1_CHECKMEM_UNDEFINE(&sig, sizeof(sig)); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, ctmp, ctmp, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, ctmp, ctmp, NULL, NULL) == 1); SECP256K1_CHECKMEM_CHECK(&sig, sizeof(sig)); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, ctmp, &pubkey) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(STATIC_CTX, &sig, ctmp, &pubkey) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, ctmp) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_add(STATIC_CTX, &pubkey, ctmp) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_mul(CTX, &pubkey, ctmp) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_negate(STATIC_CTX, &pubkey) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_negate(CTX, &pubkey) == 1); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_ec_pubkey_negate(STATIC_CTX, &zero_pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_negate(CTX, NULL)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_mul(STATIC_CTX, &pubkey, ctmp) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, ctmp, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(STATIC_CTX, &sig, ctmp, &pubkey) == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp) == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(STATIC_CTX, &pubkey, ctmp) == 1); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, ctmp) == 1); + CHECK(secp256k1_ec_pubkey_negate(STATIC_CTX, &pubkey) == 1); + CHECK(secp256k1_ec_pubkey_negate(CTX, &pubkey) == 1); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_ec_pubkey_negate(STATIC_CTX, &zero_pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_negate(CTX, NULL)); + CHECK(secp256k1_ec_pubkey_tweak_mul(STATIC_CTX, &pubkey, ctmp) == 1); } static void run_static_context_tests(int use_prealloc) { - /* Check that deprecated rustsecp256k1_v0_11_context_no_precomp is an alias to rustsecp256k1_v0_11_context_static. */ - CHECK(rustsecp256k1_v0_11_context_no_precomp == rustsecp256k1_v0_11_context_static); + /* Check that deprecated secp256k1_context_no_precomp is an alias to secp256k1_context_static. */ + CHECK(secp256k1_context_no_precomp == secp256k1_context_static); { unsigned char seed[32] = {0x17}; - /* Randomizing rustsecp256k1_v0_11_context_static is not supported. */ - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_context_randomize(STATIC_CTX, seed)); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_context_randomize(STATIC_CTX, NULL)); + /* Randomizing secp256k1_context_static is not supported. */ + CHECK_ILLEGAL(STATIC_CTX, secp256k1_context_randomize(STATIC_CTX, seed)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_context_randomize(STATIC_CTX, NULL)); - /* Destroying or cloning rustsecp256k1_v0_11_context_static is not supported. */ + /* Destroying or cloning secp256k1_context_static is not supported. */ if (use_prealloc) { - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_context_preallocated_clone_size(STATIC_CTX)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_context_preallocated_clone_size(STATIC_CTX)); { - rustsecp256k1_v0_11_context *my_static_ctx = malloc(sizeof(*STATIC_CTX)); + secp256k1_context *my_static_ctx = malloc(sizeof(*STATIC_CTX)); CHECK(my_static_ctx != NULL); memset(my_static_ctx, 0x2a, sizeof(*my_static_ctx)); - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_context_preallocated_clone(STATIC_CTX, my_static_ctx)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_context_preallocated_clone(STATIC_CTX, my_static_ctx)); CHECK(all_bytes_equal(my_static_ctx, 0x2a, sizeof(*my_static_ctx))); free(my_static_ctx); } - CHECK_ILLEGAL_VOID(STATIC_CTX, rustsecp256k1_v0_11_context_preallocated_destroy(STATIC_CTX)); + CHECK_ILLEGAL_VOID(STATIC_CTX, secp256k1_context_preallocated_destroy(STATIC_CTX)); } else { - CHECK_ILLEGAL(STATIC_CTX, rustsecp256k1_v0_11_context_clone(STATIC_CTX)); - CHECK_ILLEGAL_VOID(STATIC_CTX, rustsecp256k1_v0_11_context_destroy(STATIC_CTX)); + CHECK_ILLEGAL(STATIC_CTX, secp256k1_context_clone(STATIC_CTX)); + CHECK_ILLEGAL_VOID(STATIC_CTX, secp256k1_context_destroy(STATIC_CTX)); } } { /* Verify that setting and resetting illegal callback works */ int32_t dummy = 0; - rustsecp256k1_v0_11_context_set_illegal_callback(STATIC_CTX, counting_callback_fn, &dummy); + secp256k1_context_set_illegal_callback(STATIC_CTX, counting_callback_fn, &dummy); CHECK(STATIC_CTX->illegal_callback.fn == counting_callback_fn); CHECK(STATIC_CTX->illegal_callback.data == &dummy); - rustsecp256k1_v0_11_context_set_illegal_callback(STATIC_CTX, NULL, NULL); - CHECK(STATIC_CTX->illegal_callback.fn == rustsecp256k1_v0_11_default_illegal_callback_fn); + secp256k1_context_set_illegal_callback(STATIC_CTX, NULL, NULL); + CHECK(STATIC_CTX->illegal_callback.fn == secp256k1_default_illegal_callback_fn); CHECK(STATIC_CTX->illegal_callback.data == NULL); } } static void run_proper_context_tests(int use_prealloc) { int32_t dummy = 0; - rustsecp256k1_v0_11_context *my_ctx, *my_ctx_fresh; + secp256k1_context *my_ctx, *my_ctx_fresh; void *my_ctx_prealloc = NULL; unsigned char seed[32] = {0x17}; - rustsecp256k1_v0_11_gej pubj; - rustsecp256k1_v0_11_ge pub; - rustsecp256k1_v0_11_scalar msg, key, nonce; - rustsecp256k1_v0_11_scalar sigr, sigs; + secp256k1_gej pubj; + secp256k1_ge pub; + secp256k1_scalar msg, key, nonce; + secp256k1_scalar sigr, sigs; /* Fresh reference context for comparison */ - my_ctx_fresh = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + my_ctx_fresh = secp256k1_context_create(SECP256K1_CONTEXT_NONE); if (use_prealloc) { - my_ctx_prealloc = malloc(rustsecp256k1_v0_11_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + my_ctx_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(my_ctx_prealloc != NULL); - my_ctx = rustsecp256k1_v0_11_context_preallocated_create(my_ctx_prealloc, SECP256K1_CONTEXT_NONE); + my_ctx = secp256k1_context_preallocated_create(my_ctx_prealloc, SECP256K1_CONTEXT_NONE); } else { - my_ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + my_ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); } /* Randomize and reset randomization */ CHECK(context_eq(my_ctx, my_ctx_fresh)); - CHECK(rustsecp256k1_v0_11_context_randomize(my_ctx, seed) == 1); + CHECK(secp256k1_context_randomize(my_ctx, seed) == 1); CHECK(!context_eq(my_ctx, my_ctx_fresh)); - CHECK(rustsecp256k1_v0_11_context_randomize(my_ctx, NULL) == 1); + CHECK(secp256k1_context_randomize(my_ctx, NULL) == 1); CHECK(context_eq(my_ctx, my_ctx_fresh)); - /* set error callback (to a function that still aborts in case malloc() fails in rustsecp256k1_v0_11_context_clone() below) */ - rustsecp256k1_v0_11_context_set_error_callback(my_ctx, rustsecp256k1_v0_11_default_illegal_callback_fn, NULL); - CHECK(my_ctx->error_callback.fn != rustsecp256k1_v0_11_default_error_callback_fn); - CHECK(my_ctx->error_callback.fn == rustsecp256k1_v0_11_default_illegal_callback_fn); + /* set error callback (to a function that still aborts in case malloc() fails in secp256k1_context_clone() below) */ + secp256k1_context_set_error_callback(my_ctx, secp256k1_default_illegal_callback_fn, NULL); + CHECK(my_ctx->error_callback.fn != secp256k1_default_error_callback_fn); + CHECK(my_ctx->error_callback.fn == secp256k1_default_illegal_callback_fn); /* check if sizes for cloning are consistent */ - CHECK(rustsecp256k1_v0_11_context_preallocated_clone_size(my_ctx) == rustsecp256k1_v0_11_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + CHECK(secp256k1_context_preallocated_clone_size(my_ctx) == secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); /*** clone and destroy all of them to make sure cloning was complete ***/ { - rustsecp256k1_v0_11_context *ctx_tmp; + secp256k1_context *ctx_tmp; if (use_prealloc) { /* clone into a non-preallocated context and then again into a new preallocated one. */ ctx_tmp = my_ctx; - my_ctx = rustsecp256k1_v0_11_context_clone(my_ctx); + my_ctx = secp256k1_context_clone(my_ctx); CHECK(context_eq(ctx_tmp, my_ctx)); - rustsecp256k1_v0_11_context_preallocated_destroy(ctx_tmp); + secp256k1_context_preallocated_destroy(ctx_tmp); free(my_ctx_prealloc); - my_ctx_prealloc = malloc(rustsecp256k1_v0_11_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + my_ctx_prealloc = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(my_ctx_prealloc != NULL); ctx_tmp = my_ctx; - my_ctx = rustsecp256k1_v0_11_context_preallocated_clone(my_ctx, my_ctx_prealloc); + my_ctx = secp256k1_context_preallocated_clone(my_ctx, my_ctx_prealloc); CHECK(context_eq(ctx_tmp, my_ctx)); - rustsecp256k1_v0_11_context_destroy(ctx_tmp); + secp256k1_context_destroy(ctx_tmp); } else { /* clone into a preallocated context and then again into a new non-preallocated one. */ void *prealloc_tmp; - prealloc_tmp = malloc(rustsecp256k1_v0_11_context_preallocated_size(SECP256K1_CONTEXT_NONE)); + prealloc_tmp = malloc(secp256k1_context_preallocated_size(SECP256K1_CONTEXT_NONE)); CHECK(prealloc_tmp != NULL); ctx_tmp = my_ctx; - my_ctx = rustsecp256k1_v0_11_context_preallocated_clone(my_ctx, prealloc_tmp); + my_ctx = secp256k1_context_preallocated_clone(my_ctx, prealloc_tmp); CHECK(context_eq(ctx_tmp, my_ctx)); - rustsecp256k1_v0_11_context_destroy(ctx_tmp); + secp256k1_context_destroy(ctx_tmp); ctx_tmp = my_ctx; - my_ctx = rustsecp256k1_v0_11_context_clone(my_ctx); + my_ctx = secp256k1_context_clone(my_ctx); CHECK(context_eq(ctx_tmp, my_ctx)); - rustsecp256k1_v0_11_context_preallocated_destroy(ctx_tmp); + secp256k1_context_preallocated_destroy(ctx_tmp); free(prealloc_tmp); } } /* Verify that the error callback makes it across the clone. */ - CHECK(my_ctx->error_callback.fn != rustsecp256k1_v0_11_default_error_callback_fn); - CHECK(my_ctx->error_callback.fn == rustsecp256k1_v0_11_default_illegal_callback_fn); + CHECK(my_ctx->error_callback.fn != secp256k1_default_error_callback_fn); + CHECK(my_ctx->error_callback.fn == secp256k1_default_illegal_callback_fn); /* And that it resets back to default. */ - rustsecp256k1_v0_11_context_set_error_callback(my_ctx, NULL, NULL); - CHECK(my_ctx->error_callback.fn == rustsecp256k1_v0_11_default_error_callback_fn); + secp256k1_context_set_error_callback(my_ctx, NULL, NULL); + CHECK(my_ctx->error_callback.fn == secp256k1_default_error_callback_fn); CHECK(context_eq(my_ctx, my_ctx_fresh)); /* Verify that setting and resetting illegal callback works */ - rustsecp256k1_v0_11_context_set_illegal_callback(my_ctx, counting_callback_fn, &dummy); + secp256k1_context_set_illegal_callback(my_ctx, counting_callback_fn, &dummy); CHECK(my_ctx->illegal_callback.fn == counting_callback_fn); CHECK(my_ctx->illegal_callback.data == &dummy); - rustsecp256k1_v0_11_context_set_illegal_callback(my_ctx, NULL, NULL); - CHECK(my_ctx->illegal_callback.fn == rustsecp256k1_v0_11_default_illegal_callback_fn); + secp256k1_context_set_illegal_callback(my_ctx, NULL, NULL); + CHECK(my_ctx->illegal_callback.fn == secp256k1_default_illegal_callback_fn); CHECK(my_ctx->illegal_callback.data == NULL); CHECK(context_eq(my_ctx, my_ctx_fresh)); /*** attempt to use them ***/ testutil_random_scalar_order_test(&msg); testutil_random_scalar_order_test(&key); - rustsecp256k1_v0_11_ecmult_gen(&my_ctx->ecmult_gen_ctx, &pubj, &key); - rustsecp256k1_v0_11_ge_set_gej(&pub, &pubj); + secp256k1_ecmult_gen(&my_ctx->ecmult_gen_ctx, &pubj, &key); + secp256k1_ge_set_gej(&pub, &pubj); /* obtain a working nonce */ do { testutil_random_scalar_order_test(&nonce); - } while(!rustsecp256k1_v0_11_ecdsa_sig_sign(&my_ctx->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + } while(!secp256k1_ecdsa_sig_sign(&my_ctx->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); /* try signing */ - CHECK(rustsecp256k1_v0_11_ecdsa_sig_sign(&my_ctx->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); + CHECK(secp256k1_ecdsa_sig_sign(&my_ctx->ecmult_gen_ctx, &sigr, &sigs, &key, &msg, &nonce, NULL)); /* try verifying */ - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sigr, &sigs, &pub, &msg)); + CHECK(secp256k1_ecdsa_sig_verify(&sigr, &sigs, &pub, &msg)); /* cleanup */ if (use_prealloc) { - rustsecp256k1_v0_11_context_preallocated_destroy(my_ctx); + secp256k1_context_preallocated_destroy(my_ctx); free(my_ctx_prealloc); } else { - rustsecp256k1_v0_11_context_destroy(my_ctx); + secp256k1_context_destroy(my_ctx); } - rustsecp256k1_v0_11_context_destroy(my_ctx_fresh); + secp256k1_context_destroy(my_ctx_fresh); /* Defined as no-op. */ - rustsecp256k1_v0_11_context_destroy(NULL); - rustsecp256k1_v0_11_context_preallocated_destroy(NULL); + secp256k1_context_destroy(NULL); + secp256k1_context_preallocated_destroy(NULL); } static void run_scratch_tests(void) { @@ -363,69 +354,69 @@ static void run_scratch_tests(void) { size_t checkpoint; size_t checkpoint_2; - rustsecp256k1_v0_11_scratch_space *scratch; - rustsecp256k1_v0_11_scratch_space local_scratch; + secp256k1_scratch_space *scratch; + secp256k1_scratch_space local_scratch; /* Test public API */ - scratch = rustsecp256k1_v0_11_scratch_space_create(CTX, 1000); + scratch = secp256k1_scratch_space_create(CTX, 1000); CHECK(scratch != NULL); /* Test internal API */ - CHECK(rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000); - CHECK(rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - (ALIGNMENT - 1)); CHECK(scratch->alloc_size == 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* Allocating 500 bytes succeeds */ - checkpoint = rustsecp256k1_v0_11_scratch_checkpoint(&CTX->error_callback, scratch); - CHECK(rustsecp256k1_v0_11_scratch_alloc(&CTX->error_callback, scratch, 500) != NULL); - CHECK(rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000 - adj_alloc); - CHECK(rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + checkpoint = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 500) != NULL); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); CHECK(scratch->alloc_size != 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* Allocating another 501 bytes fails */ - CHECK(rustsecp256k1_v0_11_scratch_alloc(&CTX->error_callback, scratch, 501) == NULL); - CHECK(rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000 - adj_alloc); - CHECK(rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 501) == NULL); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000 - adj_alloc); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 1) == 1000 - adj_alloc - (ALIGNMENT - 1)); CHECK(scratch->alloc_size != 0); CHECK(scratch->alloc_size % ALIGNMENT == 0); /* ...but it succeeds once we apply the checkpoint to undo it */ - rustsecp256k1_v0_11_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); CHECK(scratch->alloc_size == 0); - CHECK(rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000); - CHECK(rustsecp256k1_v0_11_scratch_alloc(&CTX->error_callback, scratch, 500) != NULL); + CHECK(secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0) == 1000); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 500) != NULL); CHECK(scratch->alloc_size != 0); /* try to apply a bad checkpoint */ - checkpoint_2 = rustsecp256k1_v0_11_scratch_checkpoint(&CTX->error_callback, scratch); - rustsecp256k1_v0_11_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); - CHECK_ERROR_VOID(CTX, rustsecp256k1_v0_11_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint_2)); /* checkpoint_2 is after checkpoint */ - CHECK_ERROR_VOID(CTX, rustsecp256k1_v0_11_scratch_apply_checkpoint(&CTX->error_callback, scratch, (size_t) -1)); /* this is just wildly invalid */ + checkpoint_2 = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); + CHECK_ERROR_VOID(CTX, secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint_2)); /* checkpoint_2 is after checkpoint */ + CHECK_ERROR_VOID(CTX, secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, (size_t) -1)); /* this is just wildly invalid */ /* try to use badly initialized scratch space */ - rustsecp256k1_v0_11_scratch_space_destroy(CTX, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); memset(&local_scratch, 0, sizeof(local_scratch)); scratch = &local_scratch; - CHECK_ERROR(CTX, rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, 0)); - CHECK_ERROR(CTX, rustsecp256k1_v0_11_scratch_alloc(&CTX->error_callback, scratch, 500)); - CHECK_ERROR_VOID(CTX, rustsecp256k1_v0_11_scratch_space_destroy(CTX, scratch)); + CHECK_ERROR(CTX, secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, 0)); + CHECK_ERROR(CTX, secp256k1_scratch_alloc(&CTX->error_callback, scratch, 500)); + CHECK_ERROR_VOID(CTX, secp256k1_scratch_space_destroy(CTX, scratch)); /* Test that large integers do not wrap around in a bad way */ - scratch = rustsecp256k1_v0_11_scratch_space_create(CTX, 1000); + scratch = secp256k1_scratch_space_create(CTX, 1000); /* Try max allocation with a large number of objects. Only makes sense if * ALIGNMENT is greater than 1 because otherwise the objects take no extra * space. */ - CHECK(ALIGNMENT <= 1 || !rustsecp256k1_v0_11_scratch_max_allocation(&CTX->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1)); + CHECK(ALIGNMENT <= 1 || !secp256k1_scratch_max_allocation(&CTX->error_callback, scratch, (SIZE_MAX / (ALIGNMENT - 1)) + 1)); /* Try allocating SIZE_MAX to test wrap around which only happens if * ALIGNMENT > 1, otherwise it returns NULL anyway because the scratch * space is too small. */ - CHECK(rustsecp256k1_v0_11_scratch_alloc(&CTX->error_callback, scratch, SIZE_MAX) == NULL); - rustsecp256k1_v0_11_scratch_space_destroy(CTX, scratch); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, SIZE_MAX) == NULL); + secp256k1_scratch_space_destroy(CTX, scratch); /* cleanup */ - rustsecp256k1_v0_11_scratch_space_destroy(CTX, NULL); /* no-op */ + secp256k1_scratch_space_destroy(CTX, NULL); /* no-op */ } static void run_ctz_tests(void) { @@ -435,14 +426,14 @@ static void run_ctz_tests(void) { unsigned i; for (i = 0; i < sizeof(b32) / sizeof(b32[0]); ++i) { for (shift = 0; shift < 32; ++shift) { - CHECK(rustsecp256k1_v0_11_ctz32_var_debruijn(b32[i] << shift) == shift); - CHECK(rustsecp256k1_v0_11_ctz32_var(b32[i] << shift) == shift); + CHECK(secp256k1_ctz32_var_debruijn(b32[i] << shift) == shift); + CHECK(secp256k1_ctz32_var(b32[i] << shift) == shift); } } for (i = 0; i < sizeof(b64) / sizeof(b64[0]); ++i) { for (shift = 0; shift < 64; ++shift) { - CHECK(rustsecp256k1_v0_11_ctz64_var_debruijn(b64[i] << shift) == shift); - CHECK(rustsecp256k1_v0_11_ctz64_var(b64[i] << shift) == shift); + CHECK(secp256k1_ctz64_var_debruijn(b64[i] << shift) == shift); + CHECK(secp256k1_ctz64_var(b64[i] << shift) == shift); } } } @@ -479,29 +470,29 @@ static void run_sha256_known_output_tests(void) { for (i = 0; i < ninputs; i++) { unsigned char out[32]; - rustsecp256k1_v0_11_sha256 hasher; + secp256k1_sha256 hasher; unsigned int j; /* 1. Run: simply write the input bytestrings */ j = repeat[i]; - rustsecp256k1_v0_11_sha256_initialize(&hasher); + secp256k1_sha256_initialize(&hasher); while (j > 0) { - rustsecp256k1_v0_11_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); j--; } - rustsecp256k1_v0_11_sha256_finalize(&hasher, out); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, outputs[i], 32) == 0); + secp256k1_sha256_finalize(&hasher, out); + CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); /* 2. Run: split the input bytestrings randomly before writing */ if (strlen(inputs[i]) > 0) { int split = testrand_int(strlen(inputs[i])); - rustsecp256k1_v0_11_sha256_initialize(&hasher); + secp256k1_sha256_initialize(&hasher); j = repeat[i]; while (j > 0) { - rustsecp256k1_v0_11_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); - rustsecp256k1_v0_11_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); + secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); j--; } - rustsecp256k1_v0_11_sha256_finalize(&hasher, out); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, outputs[i], 32) == 0); + secp256k1_sha256_finalize(&hasher, out); + CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); } } } @@ -552,7 +543,7 @@ for x in digests: */ static void run_sha256_counter_tests(void) { static const char *input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmno"; - static const rustsecp256k1_v0_11_sha256 midstates[] = { + static const secp256k1_sha256 midstates[] = { {{0xa2b5c8bb, 0x26c88bb3, 0x2abdc3d2, 0x9def99a3, 0xdfd21a6e, 0x41fe585b, 0x7ef2c440, 0x2b79adda}, {0x00}, 0xfffc0}, {{0xa0d29445, 0x9287de66, 0x76aabd71, 0x41acd765, 0x0c7528b4, 0x84e14906, 0x942faec6, 0xcc5a7b26}, @@ -601,22 +592,29 @@ static void run_sha256_counter_tests(void) { unsigned int i; for (i = 0; i < sizeof(midstates)/sizeof(midstates[0]); i++) { unsigned char out[32]; - rustsecp256k1_v0_11_sha256 hasher = midstates[i]; - rustsecp256k1_v0_11_sha256_write(&hasher, (const unsigned char*)input, strlen(input)); - rustsecp256k1_v0_11_sha256_finalize(&hasher, out); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, outputs[i], 32) == 0); + secp256k1_sha256 hasher = midstates[i]; + secp256k1_sha256_write(&hasher, (const unsigned char*)input, strlen(input)); + secp256k1_sha256_finalize(&hasher, out); + CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); } } /* Tests for the equality of two sha256 structs. This function only produces a * correct result if an integer multiple of 64 many bytes have been written * into the hash functions. This function is used by some module tests. */ -static void test_sha256_eq(const rustsecp256k1_v0_11_sha256 *sha1, const rustsecp256k1_v0_11_sha256 *sha2) { +static void test_sha256_eq(const secp256k1_sha256 *sha1, const secp256k1_sha256 *sha2) { /* Is buffer fully consumed? */ CHECK((sha1->bytes & 0x3F) == 0); CHECK(sha1->bytes == sha2->bytes); - CHECK(rustsecp256k1_v0_11_memcmp_var(sha1->s, sha2->s, sizeof(sha1->s)) == 0); + CHECK(secp256k1_memcmp_var(sha1->s, sha2->s, sizeof(sha1->s)) == 0); +} +/* Convenience function for using test_sha256_eq to verify the correctness of a + * tagged hash midstate. This function is used by some module tests. */ +static void test_sha256_tag_midstate(secp256k1_sha256 *sha_tagged, const unsigned char *tag, size_t taglen) { + secp256k1_sha256 sha; + secp256k1_sha256_initialize_tagged(&sha, tag, taglen); + test_sha256_eq(&sha, sha_tagged); } static void run_hmac_sha256_tests(void) { @@ -646,19 +644,19 @@ static void run_hmac_sha256_tests(void) { }; int i; for (i = 0; i < 6; i++) { - rustsecp256k1_v0_11_hmac_sha256 hasher; + secp256k1_hmac_sha256 hasher; unsigned char out[32]; - rustsecp256k1_v0_11_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); - rustsecp256k1_v0_11_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hasher, out); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, outputs[i], 32) == 0); + secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i])); + secp256k1_hmac_sha256_finalize(&hasher, out); + CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); if (strlen(inputs[i]) > 0) { int split = testrand_int(strlen(inputs[i])); - rustsecp256k1_v0_11_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); - rustsecp256k1_v0_11_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); - rustsecp256k1_v0_11_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); - rustsecp256k1_v0_11_hmac_sha256_finalize(&hasher, out); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, outputs[i], 32) == 0); + secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i])); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), split); + secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split); + secp256k1_hmac_sha256_finalize(&hasher, out); + CHECK(secp256k1_memcmp_var(out, outputs[i], 32) == 0); } } } @@ -678,30 +676,30 @@ static void run_rfc6979_hmac_sha256_tests(void) { {0x75, 0x97, 0x88, 0x7c, 0xbd, 0x76, 0x32, 0x1f, 0x32, 0xe3, 0x04, 0x40, 0x67, 0x9a, 0x22, 0xcf, 0x7f, 0x8d, 0x9d, 0x2e, 0xac, 0x39, 0x0e, 0x58, 0x1f, 0xea, 0x09, 0x1c, 0xe2, 0x02, 0xba, 0x94} }; - rustsecp256k1_v0_11_rfc6979_hmac_sha256 rng; + secp256k1_rfc6979_hmac_sha256 rng; unsigned char out[32]; int i; - rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(&rng, key1, 64); + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 64); for (i = 0; i < 3; i++) { - rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, out1[i], 32) == 0); + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(secp256k1_memcmp_var(out, out1[i], 32) == 0); } - rustsecp256k1_v0_11_rfc6979_hmac_sha256_finalize(&rng); + secp256k1_rfc6979_hmac_sha256_finalize(&rng); - rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(&rng, key1, 65); + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key1, 65); for (i = 0; i < 3; i++) { - rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, out1[i], 32) != 0); + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(secp256k1_memcmp_var(out, out1[i], 32) != 0); } - rustsecp256k1_v0_11_rfc6979_hmac_sha256_finalize(&rng); + secp256k1_rfc6979_hmac_sha256_finalize(&rng); - rustsecp256k1_v0_11_rfc6979_hmac_sha256_initialize(&rng, key2, 64); + secp256k1_rfc6979_hmac_sha256_initialize(&rng, key2, 64); for (i = 0; i < 3; i++) { - rustsecp256k1_v0_11_rfc6979_hmac_sha256_generate(&rng, out, 32); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, out2[i], 32) == 0); + secp256k1_rfc6979_hmac_sha256_generate(&rng, out, 32); + CHECK(secp256k1_memcmp_var(out, out2[i], 32) == 0); } - rustsecp256k1_v0_11_rfc6979_hmac_sha256_finalize(&rng); + secp256k1_rfc6979_hmac_sha256_finalize(&rng); } static void run_tagged_sha256_tests(void) { @@ -716,16 +714,16 @@ static void run_tagged_sha256_tests(void) { }; /* API test */ - CHECK(rustsecp256k1_v0_11_tagged_sha256(CTX, hash32, tag, sizeof(tag), msg, sizeof(msg)) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_tagged_sha256(CTX, NULL, tag, sizeof(tag), msg, sizeof(msg))); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_tagged_sha256(CTX, hash32, NULL, 0, msg, sizeof(msg))); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_tagged_sha256(CTX, hash32, tag, sizeof(tag), NULL, 0)); + CHECK(secp256k1_tagged_sha256(CTX, hash32, tag, sizeof(tag), msg, sizeof(msg)) == 1); + CHECK_ILLEGAL(CTX, secp256k1_tagged_sha256(CTX, NULL, tag, sizeof(tag), msg, sizeof(msg))); + CHECK_ILLEGAL(CTX, secp256k1_tagged_sha256(CTX, hash32, NULL, 0, msg, sizeof(msg))); + CHECK_ILLEGAL(CTX, secp256k1_tagged_sha256(CTX, hash32, tag, sizeof(tag), NULL, 0)); /* Static test vector */ memcpy(tag, "tag", 3); memcpy(msg, "msg", 3); - CHECK(rustsecp256k1_v0_11_tagged_sha256(CTX, hash32, tag, 3, msg, 3) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(hash32, hash_expected, sizeof(hash32)) == 0); + CHECK(secp256k1_tagged_sha256(CTX, hash32, tag, 3, msg, 3) == 1); + CHECK(secp256k1_memcmp_var(hash32, hash_expected, sizeof(hash32)) == 0); } /***** MODINV TESTS *****/ @@ -832,7 +830,7 @@ static void mulmod256(uint16_t* out, const uint16_t* a, const uint16_t* b, const } /* Convert a 256-bit number represented as 16 uint16_t's to signed30 notation. */ -static void uint16_to_signed30(rustsecp256k1_v0_11_modinv32_signed30* out, const uint16_t* in) { +static void uint16_to_signed30(secp256k1_modinv32_signed30* out, const uint16_t* in) { int i; memset(out->v, 0, sizeof(out->v)); for (i = 0; i < 256; ++i) { @@ -841,7 +839,7 @@ static void uint16_to_signed30(rustsecp256k1_v0_11_modinv32_signed30* out, const } /* Convert a 256-bit number in signed30 notation to a representation as 16 uint16_t's. */ -static void signed30_to_uint16(uint16_t* out, const rustsecp256k1_v0_11_modinv32_signed30* in) { +static void signed30_to_uint16(uint16_t* out, const secp256k1_modinv32_signed30* in) { int i; memset(out, 0, 32); for (i = 0; i < 256; ++i) { @@ -850,7 +848,7 @@ static void signed30_to_uint16(uint16_t* out, const rustsecp256k1_v0_11_modinv32 } /* Randomly mutate the sign of limbs in signed30 representation, without changing the value. */ -static void mutate_sign_signed30(rustsecp256k1_v0_11_modinv32_signed30* x) { +static void mutate_sign_signed30(secp256k1_modinv32_signed30* x) { int i; for (i = 0; i < 16; ++i) { int pos = testrand_bits(3); @@ -864,11 +862,11 @@ static void mutate_sign_signed30(rustsecp256k1_v0_11_modinv32_signed30* x) { } } -/* Test rustsecp256k1_v0_11_modinv32{_var}, using inputs in 16-bit limb format, and returning inverse. */ +/* Test secp256k1_modinv32{_var}, using inputs in 16-bit limb format, and returning inverse. */ static void test_modinv32_uint16(uint16_t* out, const uint16_t* in, const uint16_t* mod) { uint16_t tmp[16]; - rustsecp256k1_v0_11_modinv32_signed30 x; - rustsecp256k1_v0_11_modinv32_modinfo m; + secp256k1_modinv32_signed30 x; + secp256k1_modinv32_modinfo m; int i, vartime, nonzero; uint16_to_signed30(&x, in); @@ -879,14 +877,14 @@ static void test_modinv32_uint16(uint16_t* out, const uint16_t* in, const uint16 m.modulus_inv30 = modinv2p64(m.modulus.v[0]) & 0x3fffffff; CHECK(((m.modulus_inv30 * m.modulus.v[0]) & 0x3fffffff) == 1); - /* Test rustsecp256k1_v0_11_jacobi32_maybe_var. */ + /* Test secp256k1_jacobi32_maybe_var. */ if (nonzero) { int jac; uint16_t sqr[16], negone[16]; mulmod256(sqr, in, in, mod); uint16_to_signed30(&x, sqr); /* Compute jacobi symbol of in^2, which must be 1 (or uncomputable). */ - jac = rustsecp256k1_v0_11_jacobi32_maybe_var(&x, &m); + jac = secp256k1_jacobi32_maybe_var(&x, &m); CHECK(jac == 0 || jac == 1); /* Then compute the jacobi symbol of -(in^2). x and -x have opposite * jacobi symbols if and only if (mod % 4) == 3. */ @@ -894,7 +892,7 @@ static void test_modinv32_uint16(uint16_t* out, const uint16_t* in, const uint16 for (i = 1; i < 16; ++i) negone[i] = mod[i]; mulmod256(sqr, sqr, negone, mod); uint16_to_signed30(&x, sqr); - jac = rustsecp256k1_v0_11_jacobi32_maybe_var(&x, &m); + jac = secp256k1_jacobi32_maybe_var(&x, &m); CHECK(jac == 0 || jac == 1 - (mod[0] & 2)); } @@ -902,7 +900,7 @@ static void test_modinv32_uint16(uint16_t* out, const uint16_t* in, const uint16 mutate_sign_signed30(&m.modulus); for (vartime = 0; vartime < 2; ++vartime) { /* compute inverse */ - (vartime ? rustsecp256k1_v0_11_modinv32_var : rustsecp256k1_v0_11_modinv32)(&x, &m); + (vartime ? secp256k1_modinv32_var : secp256k1_modinv32)(&x, &m); /* produce output */ signed30_to_uint16(out, &x); @@ -913,7 +911,7 @@ static void test_modinv32_uint16(uint16_t* out, const uint16_t* in, const uint16 for (i = 1; i < 16; ++i) CHECK(tmp[i] == 0); /* invert again */ - (vartime ? rustsecp256k1_v0_11_modinv32_var : rustsecp256k1_v0_11_modinv32)(&x, &m); + (vartime ? secp256k1_modinv32_var : secp256k1_modinv32)(&x, &m); /* check if the result is equal to the input */ signed30_to_uint16(tmp, &x); @@ -923,7 +921,7 @@ static void test_modinv32_uint16(uint16_t* out, const uint16_t* in, const uint16 #ifdef SECP256K1_WIDEMUL_INT128 /* Convert a 256-bit number represented as 16 uint16_t's to signed62 notation. */ -static void uint16_to_signed62(rustsecp256k1_v0_11_modinv64_signed62* out, const uint16_t* in) { +static void uint16_to_signed62(secp256k1_modinv64_signed62* out, const uint16_t* in) { int i; memset(out->v, 0, sizeof(out->v)); for (i = 0; i < 256; ++i) { @@ -932,7 +930,7 @@ static void uint16_to_signed62(rustsecp256k1_v0_11_modinv64_signed62* out, const } /* Convert a 256-bit number in signed62 notation to a representation as 16 uint16_t's. */ -static void signed62_to_uint16(uint16_t* out, const rustsecp256k1_v0_11_modinv64_signed62* in) { +static void signed62_to_uint16(uint16_t* out, const secp256k1_modinv64_signed62* in) { int i; memset(out, 0, 32); for (i = 0; i < 256; ++i) { @@ -941,7 +939,7 @@ static void signed62_to_uint16(uint16_t* out, const rustsecp256k1_v0_11_modinv64 } /* Randomly mutate the sign of limbs in signed62 representation, without changing the value. */ -static void mutate_sign_signed62(rustsecp256k1_v0_11_modinv64_signed62* x) { +static void mutate_sign_signed62(secp256k1_modinv64_signed62* x) { static const int64_t M62 = (int64_t)(UINT64_MAX >> 2); int i; for (i = 0; i < 8; ++i) { @@ -956,12 +954,12 @@ static void mutate_sign_signed62(rustsecp256k1_v0_11_modinv64_signed62* x) { } } -/* Test rustsecp256k1_v0_11_modinv64{_var}, using inputs in 16-bit limb format, and returning inverse. */ +/* Test secp256k1_modinv64{_var}, using inputs in 16-bit limb format, and returning inverse. */ static void test_modinv64_uint16(uint16_t* out, const uint16_t* in, const uint16_t* mod) { static const int64_t M62 = (int64_t)(UINT64_MAX >> 2); uint16_t tmp[16]; - rustsecp256k1_v0_11_modinv64_signed62 x; - rustsecp256k1_v0_11_modinv64_modinfo m; + secp256k1_modinv64_signed62 x; + secp256k1_modinv64_modinfo m; int i, vartime, nonzero; uint16_to_signed62(&x, in); @@ -972,14 +970,14 @@ static void test_modinv64_uint16(uint16_t* out, const uint16_t* in, const uint16 m.modulus_inv62 = modinv2p64(m.modulus.v[0]) & M62; CHECK(((m.modulus_inv62 * m.modulus.v[0]) & M62) == 1); - /* Test rustsecp256k1_v0_11_jacobi64_maybe_var. */ + /* Test secp256k1_jacobi64_maybe_var. */ if (nonzero) { int jac; uint16_t sqr[16], negone[16]; mulmod256(sqr, in, in, mod); uint16_to_signed62(&x, sqr); /* Compute jacobi symbol of in^2, which must be 1 (or uncomputable). */ - jac = rustsecp256k1_v0_11_jacobi64_maybe_var(&x, &m); + jac = secp256k1_jacobi64_maybe_var(&x, &m); CHECK(jac == 0 || jac == 1); /* Then compute the jacobi symbol of -(in^2). x and -x have opposite * jacobi symbols if and only if (mod % 4) == 3. */ @@ -987,7 +985,7 @@ static void test_modinv64_uint16(uint16_t* out, const uint16_t* in, const uint16 for (i = 1; i < 16; ++i) negone[i] = mod[i]; mulmod256(sqr, sqr, negone, mod); uint16_to_signed62(&x, sqr); - jac = rustsecp256k1_v0_11_jacobi64_maybe_var(&x, &m); + jac = secp256k1_jacobi64_maybe_var(&x, &m); CHECK(jac == 0 || jac == 1 - (mod[0] & 2)); } @@ -995,7 +993,7 @@ static void test_modinv64_uint16(uint16_t* out, const uint16_t* in, const uint16 mutate_sign_signed62(&m.modulus); for (vartime = 0; vartime < 2; ++vartime) { /* compute inverse */ - (vartime ? rustsecp256k1_v0_11_modinv64_var : rustsecp256k1_v0_11_modinv64)(&x, &m); + (vartime ? secp256k1_modinv64_var : secp256k1_modinv64)(&x, &m); /* produce output */ signed62_to_uint16(out, &x); @@ -1006,7 +1004,7 @@ static void test_modinv64_uint16(uint16_t* out, const uint16_t* in, const uint16 for (i = 1; i < 16; ++i) CHECK(tmp[i] == 0); /* invert again */ - (vartime ? rustsecp256k1_v0_11_modinv64_var : rustsecp256k1_v0_11_modinv64)(&x, &m); + (vartime ? secp256k1_modinv64_var : secp256k1_modinv64)(&x, &m); /* check if the result is equal to the input */ signed62_to_uint16(tmp, &x); @@ -1764,26 +1762,26 @@ static int int256is127(const uint16_t* v) { return all_0 || all_1; } -static void load256u128(uint16_t* out, const rustsecp256k1_v0_11_uint128* v) { - uint64_t lo = rustsecp256k1_v0_11_u128_to_u64(v), hi = rustsecp256k1_v0_11_u128_hi_u64(v); +static void load256u128(uint16_t* out, const secp256k1_uint128* v) { + uint64_t lo = secp256k1_u128_to_u64(v), hi = secp256k1_u128_hi_u64(v); load256two64(out, hi, lo, 0); } -static void load256i128(uint16_t* out, const rustsecp256k1_v0_11_int128* v) { +static void load256i128(uint16_t* out, const secp256k1_int128* v) { uint64_t lo; int64_t hi; - rustsecp256k1_v0_11_int128 c = *v; - lo = rustsecp256k1_v0_11_i128_to_u64(&c); - rustsecp256k1_v0_11_i128_rshift(&c, 64); - hi = rustsecp256k1_v0_11_i128_to_i64(&c); + secp256k1_int128 c = *v; + lo = secp256k1_i128_to_u64(&c); + secp256k1_i128_rshift(&c, 64); + hi = secp256k1_i128_to_i64(&c); load256two64(out, hi, lo, 1); } static void run_int128_test_case(void) { unsigned char buf[32]; uint64_t v[4]; - rustsecp256k1_v0_11_int128 swa, swz; - rustsecp256k1_v0_11_uint128 uwa, uwz; + secp256k1_int128 swa, swz; + secp256k1_uint128 uwa, uwz; uint64_t ub, uc; int64_t sb, sc; uint16_t rswa[16], rswz[32], rswr[32], ruwa[16], ruwz[32], ruwr[32]; @@ -1800,8 +1798,8 @@ static void run_int128_test_case(void) { v[i] = vi; } /* Convert those into a 128-bit value and two 64-bit values (signed and unsigned). */ - rustsecp256k1_v0_11_u128_load(&uwa, v[1], v[0]); - rustsecp256k1_v0_11_i128_load(&swa, v[1], v[0]); + secp256k1_u128_load(&uwa, v[1], v[0]); + secp256k1_i128_load(&swa, v[1], v[0]); ub = v[2]; sb = v[2]; uc = v[3]; @@ -1813,39 +1811,39 @@ static void run_int128_test_case(void) { load256u64(rsb, sb, 1); load256u64(ruc, uc, 0); load256u64(rsc, sc, 1); - /* test rustsecp256k1_v0_11_u128_mul */ + /* test secp256k1_u128_mul */ mulmod256(ruwr, rub, ruc, NULL); - rustsecp256k1_v0_11_u128_mul(&uwz, ub, uc); + secp256k1_u128_mul(&uwz, ub, uc); load256u128(ruwz, &uwz); - CHECK(rustsecp256k1_v0_11_memcmp_var(ruwr, ruwz, 16) == 0); - /* test rustsecp256k1_v0_11_u128_accum_mul */ + CHECK(secp256k1_memcmp_var(ruwr, ruwz, 16) == 0); + /* test secp256k1_u128_accum_mul */ mulmod256(ruwr, rub, ruc, NULL); add256(ruwr, ruwr, ruwa); uwz = uwa; - rustsecp256k1_v0_11_u128_accum_mul(&uwz, ub, uc); + secp256k1_u128_accum_mul(&uwz, ub, uc); load256u128(ruwz, &uwz); - CHECK(rustsecp256k1_v0_11_memcmp_var(ruwr, ruwz, 16) == 0); - /* test rustsecp256k1_v0_11_u128_accum_u64 */ + CHECK(secp256k1_memcmp_var(ruwr, ruwz, 16) == 0); + /* test secp256k1_u128_accum_u64 */ add256(ruwr, rub, ruwa); uwz = uwa; - rustsecp256k1_v0_11_u128_accum_u64(&uwz, ub); + secp256k1_u128_accum_u64(&uwz, ub); load256u128(ruwz, &uwz); - CHECK(rustsecp256k1_v0_11_memcmp_var(ruwr, ruwz, 16) == 0); - /* test rustsecp256k1_v0_11_u128_rshift */ + CHECK(secp256k1_memcmp_var(ruwr, ruwz, 16) == 0); + /* test secp256k1_u128_rshift */ rshift256(ruwr, ruwa, uc % 128, 0); uwz = uwa; - rustsecp256k1_v0_11_u128_rshift(&uwz, uc % 128); + secp256k1_u128_rshift(&uwz, uc % 128); load256u128(ruwz, &uwz); - CHECK(rustsecp256k1_v0_11_memcmp_var(ruwr, ruwz, 16) == 0); - /* test rustsecp256k1_v0_11_u128_to_u64 */ - CHECK(rustsecp256k1_v0_11_u128_to_u64(&uwa) == v[0]); - /* test rustsecp256k1_v0_11_u128_hi_u64 */ - CHECK(rustsecp256k1_v0_11_u128_hi_u64(&uwa) == v[1]); - /* test rustsecp256k1_v0_11_u128_from_u64 */ - rustsecp256k1_v0_11_u128_from_u64(&uwz, ub); + CHECK(secp256k1_memcmp_var(ruwr, ruwz, 16) == 0); + /* test secp256k1_u128_to_u64 */ + CHECK(secp256k1_u128_to_u64(&uwa) == v[0]); + /* test secp256k1_u128_hi_u64 */ + CHECK(secp256k1_u128_hi_u64(&uwa) == v[1]); + /* test secp256k1_u128_from_u64 */ + secp256k1_u128_from_u64(&uwz, ub); load256u128(ruwz, &uwz); - CHECK(rustsecp256k1_v0_11_memcmp_var(rub, ruwz, 16) == 0); - /* test rustsecp256k1_v0_11_u128_check_bits */ + CHECK(secp256k1_memcmp_var(rub, ruwz, 16) == 0); + /* test secp256k1_u128_check_bits */ { int uwa_bits = 0; int j; @@ -1853,24 +1851,24 @@ static void run_int128_test_case(void) { if (ruwa[j / 16] >> (j % 16)) uwa_bits = 1 + j; } for (j = 0; j < 128; ++j) { - CHECK(rustsecp256k1_v0_11_u128_check_bits(&uwa, j) == (uwa_bits <= j)); + CHECK(secp256k1_u128_check_bits(&uwa, j) == (uwa_bits <= j)); } } - /* test rustsecp256k1_v0_11_i128_mul */ + /* test secp256k1_i128_mul */ mulmod256(rswr, rsb, rsc, NULL); - rustsecp256k1_v0_11_i128_mul(&swz, sb, sc); + secp256k1_i128_mul(&swz, sb, sc); load256i128(rswz, &swz); - CHECK(rustsecp256k1_v0_11_memcmp_var(rswr, rswz, 16) == 0); - /* test rustsecp256k1_v0_11_i128_accum_mul */ + CHECK(secp256k1_memcmp_var(rswr, rswz, 16) == 0); + /* test secp256k1_i128_accum_mul */ mulmod256(rswr, rsb, rsc, NULL); add256(rswr, rswr, rswa); if (int256is127(rswr)) { swz = swa; - rustsecp256k1_v0_11_i128_accum_mul(&swz, sb, sc); + secp256k1_i128_accum_mul(&swz, sb, sc); load256i128(rswz, &swz); - CHECK(rustsecp256k1_v0_11_memcmp_var(rswr, rswz, 16) == 0); + CHECK(secp256k1_memcmp_var(rswr, rswz, 16) == 0); } - /* test rustsecp256k1_v0_11_i128_det */ + /* test secp256k1_i128_det */ { uint16_t rsd[16], rse[16], rst[32]; int64_t sd = v[0], se = v[1]; @@ -1880,25 +1878,25 @@ static void run_int128_test_case(void) { neg256(rst, rst); mulmod256(rswr, rsb, rse, NULL); add256(rswr, rswr, rst); - rustsecp256k1_v0_11_i128_det(&swz, sb, sc, sd, se); + secp256k1_i128_det(&swz, sb, sc, sd, se); load256i128(rswz, &swz); - CHECK(rustsecp256k1_v0_11_memcmp_var(rswr, rswz, 16) == 0); + CHECK(secp256k1_memcmp_var(rswr, rswz, 16) == 0); } - /* test rustsecp256k1_v0_11_i128_rshift */ + /* test secp256k1_i128_rshift */ rshift256(rswr, rswa, uc % 127, 1); swz = swa; - rustsecp256k1_v0_11_i128_rshift(&swz, uc % 127); + secp256k1_i128_rshift(&swz, uc % 127); load256i128(rswz, &swz); - CHECK(rustsecp256k1_v0_11_memcmp_var(rswr, rswz, 16) == 0); - /* test rustsecp256k1_v0_11_i128_to_u64 */ - CHECK(rustsecp256k1_v0_11_i128_to_u64(&swa) == v[0]); - /* test rustsecp256k1_v0_11_i128_from_i64 */ - rustsecp256k1_v0_11_i128_from_i64(&swz, sb); + CHECK(secp256k1_memcmp_var(rswr, rswz, 16) == 0); + /* test secp256k1_i128_to_u64 */ + CHECK(secp256k1_i128_to_u64(&swa) == v[0]); + /* test secp256k1_i128_from_i64 */ + secp256k1_i128_from_i64(&swz, sb); load256i128(rswz, &swz); - CHECK(rustsecp256k1_v0_11_memcmp_var(rsb, rswz, 16) == 0); - /* test rustsecp256k1_v0_11_i128_to_i64 */ - CHECK(rustsecp256k1_v0_11_i128_to_i64(&swz) == sb); - /* test rustsecp256k1_v0_11_i128_eq_var */ + CHECK(secp256k1_memcmp_var(rsb, rswz, 16) == 0); + /* test secp256k1_i128_to_i64 */ + CHECK(secp256k1_i128_to_i64(&swz) == sb); + /* test secp256k1_i128_eq_var */ { int expect = (uc & 1); swz = swa; @@ -1910,11 +1908,11 @@ static void run_int128_test_case(void) { } else { v0c ^= (((uint64_t)1) << (ub & 63)); } - rustsecp256k1_v0_11_i128_load(&swz, v1c, v0c); + secp256k1_i128_load(&swz, v1c, v0c); } - CHECK(rustsecp256k1_v0_11_i128_eq_var(&swa, &swz) == expect); + CHECK(secp256k1_i128_eq_var(&swa, &swz) == expect); } - /* test rustsecp256k1_v0_11_i128_check_pow2 (sign == 1) */ + /* test secp256k1_i128_check_pow2 (sign == 1) */ { int expect = (uc & 1); int pos = ub % 127; @@ -1927,7 +1925,7 @@ static void run_int128_test_case(void) { } else { lo = (((uint64_t)1) << (pos & 63)); } - rustsecp256k1_v0_11_i128_load(&swz, hi, lo); + secp256k1_i128_load(&swz, hi, lo); } else { /* If expect==0, set swz = swa, but update expect=1 if swa happens to equal 2^pos. */ if (pos >= 64) { @@ -1937,9 +1935,9 @@ static void run_int128_test_case(void) { } swz = swa; } - CHECK(rustsecp256k1_v0_11_i128_check_pow2(&swz, pos, 1) == expect); + CHECK(secp256k1_i128_check_pow2(&swz, pos, 1) == expect); } - /* test rustsecp256k1_v0_11_i128_check_pow2 (sign == -1) */ + /* test secp256k1_i128_check_pow2 (sign == -1) */ { int expect = (uc & 1); int pos = ub % 127; @@ -1953,7 +1951,7 @@ static void run_int128_test_case(void) { } else { lo <<= (pos & 63); } - rustsecp256k1_v0_11_i128_load(&swz, hi, lo); + secp256k1_i128_load(&swz, hi, lo); } else { /* If expect==0, set swz = swa, but update expect=1 if swa happens to equal -2^pos. */ if (pos >= 64) { @@ -1963,42 +1961,42 @@ static void run_int128_test_case(void) { } swz = swa; } - CHECK(rustsecp256k1_v0_11_i128_check_pow2(&swz, pos, -1) == expect); + CHECK(secp256k1_i128_check_pow2(&swz, pos, -1) == expect); } } static void run_int128_tests(void) { - { /* rustsecp256k1_v0_11_u128_accum_mul */ - rustsecp256k1_v0_11_uint128 res; - - /* Check rustsecp256k1_v0_11_u128_accum_mul overflow */ - rustsecp256k1_v0_11_u128_mul(&res, UINT64_MAX, UINT64_MAX); - rustsecp256k1_v0_11_u128_accum_mul(&res, UINT64_MAX, UINT64_MAX); - CHECK(rustsecp256k1_v0_11_u128_to_u64(&res) == 2); - CHECK(rustsecp256k1_v0_11_u128_hi_u64(&res) == 18446744073709551612U); - } - { /* rustsecp256k1_v0_11_u128_accum_mul */ - rustsecp256k1_v0_11_int128 res; - - /* Compute INT128_MAX = 2^127 - 1 with rustsecp256k1_v0_11_i128_accum_mul */ - rustsecp256k1_v0_11_i128_mul(&res, INT64_MAX, INT64_MAX); - rustsecp256k1_v0_11_i128_accum_mul(&res, INT64_MAX, INT64_MAX); - CHECK(rustsecp256k1_v0_11_i128_to_u64(&res) == 2); - rustsecp256k1_v0_11_i128_accum_mul(&res, 4, 9223372036854775807); - rustsecp256k1_v0_11_i128_accum_mul(&res, 1, 1); - CHECK(rustsecp256k1_v0_11_i128_to_u64(&res) == UINT64_MAX); - rustsecp256k1_v0_11_i128_rshift(&res, 64); - CHECK(rustsecp256k1_v0_11_i128_to_i64(&res) == INT64_MAX); - - /* Compute INT128_MIN = - 2^127 with rustsecp256k1_v0_11_i128_accum_mul */ - rustsecp256k1_v0_11_i128_mul(&res, INT64_MAX, INT64_MIN); - CHECK(rustsecp256k1_v0_11_i128_to_u64(&res) == (uint64_t)INT64_MIN); - rustsecp256k1_v0_11_i128_accum_mul(&res, INT64_MAX, INT64_MIN); - CHECK(rustsecp256k1_v0_11_i128_to_u64(&res) == 0); - rustsecp256k1_v0_11_i128_accum_mul(&res, 2, INT64_MIN); - CHECK(rustsecp256k1_v0_11_i128_to_u64(&res) == 0); - rustsecp256k1_v0_11_i128_rshift(&res, 64); - CHECK(rustsecp256k1_v0_11_i128_to_i64(&res) == INT64_MIN); + { /* secp256k1_u128_accum_mul */ + secp256k1_uint128 res; + + /* Check secp256k1_u128_accum_mul overflow */ + secp256k1_u128_mul(&res, UINT64_MAX, UINT64_MAX); + secp256k1_u128_accum_mul(&res, UINT64_MAX, UINT64_MAX); + CHECK(secp256k1_u128_to_u64(&res) == 2); + CHECK(secp256k1_u128_hi_u64(&res) == 18446744073709551612U); + } + { /* secp256k1_u128_accum_mul */ + secp256k1_int128 res; + + /* Compute INT128_MAX = 2^127 - 1 with secp256k1_i128_accum_mul */ + secp256k1_i128_mul(&res, INT64_MAX, INT64_MAX); + secp256k1_i128_accum_mul(&res, INT64_MAX, INT64_MAX); + CHECK(secp256k1_i128_to_u64(&res) == 2); + secp256k1_i128_accum_mul(&res, 4, 9223372036854775807); + secp256k1_i128_accum_mul(&res, 1, 1); + CHECK(secp256k1_i128_to_u64(&res) == UINT64_MAX); + secp256k1_i128_rshift(&res, 64); + CHECK(secp256k1_i128_to_i64(&res) == INT64_MAX); + + /* Compute INT128_MIN = - 2^127 with secp256k1_i128_accum_mul */ + secp256k1_i128_mul(&res, INT64_MAX, INT64_MIN); + CHECK(secp256k1_i128_to_u64(&res) == (uint64_t)INT64_MIN); + secp256k1_i128_accum_mul(&res, INT64_MAX, INT64_MIN); + CHECK(secp256k1_i128_to_u64(&res) == 0); + secp256k1_i128_accum_mul(&res, 2, INT64_MIN); + CHECK(secp256k1_i128_to_u64(&res) == 0); + secp256k1_i128_rshift(&res, 64); + CHECK(secp256k1_i128_to_i64(&res) == INT64_MIN); } { /* Randomized tests. */ @@ -2011,9 +2009,9 @@ static void run_int128_tests(void) { /***** SCALAR TESTS *****/ static void scalar_test(void) { - rustsecp256k1_v0_11_scalar s; - rustsecp256k1_v0_11_scalar s1; - rustsecp256k1_v0_11_scalar s2; + secp256k1_scalar s; + secp256k1_scalar s1; + secp256k1_scalar s2; unsigned char c[32]; /* Set 's' to a random scalar, with value 'snum'. */ @@ -2024,162 +2022,162 @@ static void scalar_test(void) { /* Set 's2' to a random scalar, with value 'snum2', and byte array representation 'c'. */ testutil_random_scalar_order_test(&s2); - rustsecp256k1_v0_11_scalar_get_b32(c, &s2); + secp256k1_scalar_get_b32(c, &s2); { int i; /* Test that fetching groups of 4 bits from a scalar and recursing n(i)=16*n(i-1)+p(i) reconstructs it. */ - rustsecp256k1_v0_11_scalar n; - rustsecp256k1_v0_11_scalar_set_int(&n, 0); + secp256k1_scalar n; + secp256k1_scalar_set_int(&n, 0); for (i = 0; i < 256; i += 4) { - rustsecp256k1_v0_11_scalar t; + secp256k1_scalar t; int j; - rustsecp256k1_v0_11_scalar_set_int(&t, rustsecp256k1_v0_11_scalar_get_bits_limb32(&s, 256 - 4 - i, 4)); + secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits_limb32(&s, 256 - 4 - i, 4)); for (j = 0; j < 4; j++) { - rustsecp256k1_v0_11_scalar_add(&n, &n, &n); + secp256k1_scalar_add(&n, &n, &n); } - rustsecp256k1_v0_11_scalar_add(&n, &n, &t); + secp256k1_scalar_add(&n, &n, &t); } - CHECK(rustsecp256k1_v0_11_scalar_eq(&n, &s)); + CHECK(secp256k1_scalar_eq(&n, &s)); } { /* Test that fetching groups of randomly-sized bits from a scalar and recursing n(i)=b*n(i-1)+p(i) reconstructs it. */ - rustsecp256k1_v0_11_scalar n; + secp256k1_scalar n; int i = 0; - rustsecp256k1_v0_11_scalar_set_int(&n, 0); + secp256k1_scalar_set_int(&n, 0); while (i < 256) { - rustsecp256k1_v0_11_scalar t; + secp256k1_scalar t; int j; int now = testrand_int(15) + 1; if (now + i > 256) { now = 256 - i; } - rustsecp256k1_v0_11_scalar_set_int(&t, rustsecp256k1_v0_11_scalar_get_bits_var(&s, 256 - now - i, now)); + secp256k1_scalar_set_int(&t, secp256k1_scalar_get_bits_var(&s, 256 - now - i, now)); for (j = 0; j < now; j++) { - rustsecp256k1_v0_11_scalar_add(&n, &n, &n); + secp256k1_scalar_add(&n, &n, &n); } - rustsecp256k1_v0_11_scalar_add(&n, &n, &t); + secp256k1_scalar_add(&n, &n, &t); i += now; } - CHECK(rustsecp256k1_v0_11_scalar_eq(&n, &s)); + CHECK(secp256k1_scalar_eq(&n, &s)); } { /* Test commutativity of add. */ - rustsecp256k1_v0_11_scalar r1, r2; - rustsecp256k1_v0_11_scalar_add(&r1, &s1, &s2); - rustsecp256k1_v0_11_scalar_add(&r2, &s2, &s1); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &r2)); + secp256k1_scalar r1, r2; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_add(&r2, &s2, &s1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); } { - rustsecp256k1_v0_11_scalar r1, r2; - rustsecp256k1_v0_11_scalar b; + secp256k1_scalar r1, r2; + secp256k1_scalar b; int i; /* Test add_bit. */ int bit = testrand_bits(8); - rustsecp256k1_v0_11_scalar_set_int(&b, 1); - CHECK(rustsecp256k1_v0_11_scalar_is_one(&b)); + secp256k1_scalar_set_int(&b, 1); + CHECK(secp256k1_scalar_is_one(&b)); for (i = 0; i < bit; i++) { - rustsecp256k1_v0_11_scalar_add(&b, &b, &b); + secp256k1_scalar_add(&b, &b, &b); } r1 = s1; r2 = s1; - if (!rustsecp256k1_v0_11_scalar_add(&r1, &r1, &b)) { + if (!secp256k1_scalar_add(&r1, &r1, &b)) { /* No overflow happened. */ - rustsecp256k1_v0_11_scalar_cadd_bit(&r2, bit, 1); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &r2)); + secp256k1_scalar_cadd_bit(&r2, bit, 1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); /* cadd is a noop when flag is zero */ - rustsecp256k1_v0_11_scalar_cadd_bit(&r2, bit, 0); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &r2)); + secp256k1_scalar_cadd_bit(&r2, bit, 0); + CHECK(secp256k1_scalar_eq(&r1, &r2)); } } { /* Test commutativity of mul. */ - rustsecp256k1_v0_11_scalar r1, r2; - rustsecp256k1_v0_11_scalar_mul(&r1, &s1, &s2); - rustsecp256k1_v0_11_scalar_mul(&r2, &s2, &s1); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &r2)); + secp256k1_scalar r1, r2; + secp256k1_scalar_mul(&r1, &s1, &s2); + secp256k1_scalar_mul(&r2, &s2, &s1); + CHECK(secp256k1_scalar_eq(&r1, &r2)); } { /* Test associativity of add. */ - rustsecp256k1_v0_11_scalar r1, r2; - rustsecp256k1_v0_11_scalar_add(&r1, &s1, &s2); - rustsecp256k1_v0_11_scalar_add(&r1, &r1, &s); - rustsecp256k1_v0_11_scalar_add(&r2, &s2, &s); - rustsecp256k1_v0_11_scalar_add(&r2, &s1, &r2); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &r2)); + secp256k1_scalar r1, r2; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_add(&r1, &r1, &s); + secp256k1_scalar_add(&r2, &s2, &s); + secp256k1_scalar_add(&r2, &s1, &r2); + CHECK(secp256k1_scalar_eq(&r1, &r2)); } { /* Test associativity of mul. */ - rustsecp256k1_v0_11_scalar r1, r2; - rustsecp256k1_v0_11_scalar_mul(&r1, &s1, &s2); - rustsecp256k1_v0_11_scalar_mul(&r1, &r1, &s); - rustsecp256k1_v0_11_scalar_mul(&r2, &s2, &s); - rustsecp256k1_v0_11_scalar_mul(&r2, &s1, &r2); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &r2)); + secp256k1_scalar r1, r2; + secp256k1_scalar_mul(&r1, &s1, &s2); + secp256k1_scalar_mul(&r1, &r1, &s); + secp256k1_scalar_mul(&r2, &s2, &s); + secp256k1_scalar_mul(&r2, &s1, &r2); + CHECK(secp256k1_scalar_eq(&r1, &r2)); } { /* Test distributitivity of mul over add. */ - rustsecp256k1_v0_11_scalar r1, r2, t; - rustsecp256k1_v0_11_scalar_add(&r1, &s1, &s2); - rustsecp256k1_v0_11_scalar_mul(&r1, &r1, &s); - rustsecp256k1_v0_11_scalar_mul(&r2, &s1, &s); - rustsecp256k1_v0_11_scalar_mul(&t, &s2, &s); - rustsecp256k1_v0_11_scalar_add(&r2, &r2, &t); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &r2)); + secp256k1_scalar r1, r2, t; + secp256k1_scalar_add(&r1, &s1, &s2); + secp256k1_scalar_mul(&r1, &r1, &s); + secp256k1_scalar_mul(&r2, &s1, &s); + secp256k1_scalar_mul(&t, &s2, &s); + secp256k1_scalar_add(&r2, &r2, &t); + CHECK(secp256k1_scalar_eq(&r1, &r2)); } { /* Test multiplicative identity. */ - rustsecp256k1_v0_11_scalar r1; - rustsecp256k1_v0_11_scalar_mul(&r1, &s1, &rustsecp256k1_v0_11_scalar_one); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &s1)); + secp256k1_scalar r1; + secp256k1_scalar_mul(&r1, &s1, &secp256k1_scalar_one); + CHECK(secp256k1_scalar_eq(&r1, &s1)); } { /* Test additive identity. */ - rustsecp256k1_v0_11_scalar r1; - rustsecp256k1_v0_11_scalar_add(&r1, &s1, &rustsecp256k1_v0_11_scalar_zero); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &s1)); + secp256k1_scalar r1; + secp256k1_scalar_add(&r1, &s1, &secp256k1_scalar_zero); + CHECK(secp256k1_scalar_eq(&r1, &s1)); } { /* Test zero product property. */ - rustsecp256k1_v0_11_scalar r1; - rustsecp256k1_v0_11_scalar_mul(&r1, &s1, &rustsecp256k1_v0_11_scalar_zero); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &rustsecp256k1_v0_11_scalar_zero)); + secp256k1_scalar r1; + secp256k1_scalar_mul(&r1, &s1, &secp256k1_scalar_zero); + CHECK(secp256k1_scalar_eq(&r1, &secp256k1_scalar_zero)); } { /* Test halving. */ - rustsecp256k1_v0_11_scalar r; - rustsecp256k1_v0_11_scalar_add(&r, &s, &s); - rustsecp256k1_v0_11_scalar_half(&r, &r); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r, &s)); + secp256k1_scalar r; + secp256k1_scalar_add(&r, &s, &s); + secp256k1_scalar_half(&r, &r); + CHECK(secp256k1_scalar_eq(&r, &s)); } } static void run_scalar_set_b32_seckey_tests(void) { unsigned char b32[32]; - rustsecp256k1_v0_11_scalar s1; - rustsecp256k1_v0_11_scalar s2; + secp256k1_scalar s1; + secp256k1_scalar s2; /* Usually set_b32 and set_b32_seckey give the same result */ testutil_random_scalar_order_b32(b32); - rustsecp256k1_v0_11_scalar_set_b32(&s1, b32, NULL); - CHECK(rustsecp256k1_v0_11_scalar_set_b32_seckey(&s2, b32) == 1); - CHECK(rustsecp256k1_v0_11_scalar_eq(&s1, &s2) == 1); + secp256k1_scalar_set_b32(&s1, b32, NULL); + CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 1); + CHECK(secp256k1_scalar_eq(&s1, &s2) == 1); memset(b32, 0, sizeof(b32)); - CHECK(rustsecp256k1_v0_11_scalar_set_b32_seckey(&s2, b32) == 0); + CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0); memset(b32, 0xFF, sizeof(b32)); - CHECK(rustsecp256k1_v0_11_scalar_set_b32_seckey(&s2, b32) == 0); + CHECK(secp256k1_scalar_set_b32_seckey(&s2, b32) == 0); } static void run_scalar_tests(void) { @@ -2192,32 +2190,32 @@ static void run_scalar_tests(void) { } { - /* Check that the scalar constants rustsecp256k1_v0_11_scalar_zero and - rustsecp256k1_v0_11_scalar_one contain the expected values. */ - rustsecp256k1_v0_11_scalar zero, one; + /* Check that the scalar constants secp256k1_scalar_zero and + secp256k1_scalar_one contain the expected values. */ + secp256k1_scalar zero, one; - CHECK(rustsecp256k1_v0_11_scalar_is_zero(&rustsecp256k1_v0_11_scalar_zero)); - rustsecp256k1_v0_11_scalar_set_int(&zero, 0); - CHECK(rustsecp256k1_v0_11_scalar_eq(&zero, &rustsecp256k1_v0_11_scalar_zero)); + CHECK(secp256k1_scalar_is_zero(&secp256k1_scalar_zero)); + secp256k1_scalar_set_int(&zero, 0); + CHECK(secp256k1_scalar_eq(&zero, &secp256k1_scalar_zero)); - CHECK(rustsecp256k1_v0_11_scalar_is_one(&rustsecp256k1_v0_11_scalar_one)); - rustsecp256k1_v0_11_scalar_set_int(&one, 1); - CHECK(rustsecp256k1_v0_11_scalar_eq(&one, &rustsecp256k1_v0_11_scalar_one)); + CHECK(secp256k1_scalar_is_one(&secp256k1_scalar_one)); + secp256k1_scalar_set_int(&one, 1); + CHECK(secp256k1_scalar_eq(&one, &secp256k1_scalar_one)); } { /* (-1)+1 should be zero. */ - rustsecp256k1_v0_11_scalar o; - rustsecp256k1_v0_11_scalar_negate(&o, &rustsecp256k1_v0_11_scalar_one); - rustsecp256k1_v0_11_scalar_add(&o, &o, &rustsecp256k1_v0_11_scalar_one); - CHECK(rustsecp256k1_v0_11_scalar_is_zero(&o)); - rustsecp256k1_v0_11_scalar_negate(&o, &o); - CHECK(rustsecp256k1_v0_11_scalar_is_zero(&o)); + secp256k1_scalar o; + secp256k1_scalar_negate(&o, &secp256k1_scalar_one); + secp256k1_scalar_add(&o, &o, &secp256k1_scalar_one); + CHECK(secp256k1_scalar_is_zero(&o)); + secp256k1_scalar_negate(&o, &o); + CHECK(secp256k1_scalar_is_zero(&o)); } { /* Test that halving and doubling roundtrips on some fixed values. */ - static const rustsecp256k1_v0_11_scalar HALF_TESTS[] = { + static const secp256k1_scalar HALF_TESTS[] = { /* 0 */ SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), /* 1 */ @@ -2237,23 +2235,23 @@ static void run_scalar_tests(void) { }; unsigned n; for (n = 0; n < sizeof(HALF_TESTS) / sizeof(HALF_TESTS[0]); ++n) { - rustsecp256k1_v0_11_scalar s; - rustsecp256k1_v0_11_scalar_half(&s, &HALF_TESTS[n]); - rustsecp256k1_v0_11_scalar_add(&s, &s, &s); - CHECK(rustsecp256k1_v0_11_scalar_eq(&s, &HALF_TESTS[n])); - rustsecp256k1_v0_11_scalar_add(&s, &s, &s); - rustsecp256k1_v0_11_scalar_half(&s, &s); - CHECK(rustsecp256k1_v0_11_scalar_eq(&s, &HALF_TESTS[n])); + secp256k1_scalar s; + secp256k1_scalar_half(&s, &HALF_TESTS[n]); + secp256k1_scalar_add(&s, &s, &s); + CHECK(secp256k1_scalar_eq(&s, &HALF_TESTS[n])); + secp256k1_scalar_add(&s, &s, &s); + secp256k1_scalar_half(&s, &s); + CHECK(secp256k1_scalar_eq(&s, &HALF_TESTS[n])); } } { /* Does check_overflow check catch all ones? */ - static const rustsecp256k1_v0_11_scalar overflowed = SECP256K1_SCALAR_CONST( + static const secp256k1_scalar overflowed = SECP256K1_SCALAR_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - CHECK(rustsecp256k1_v0_11_scalar_check_overflow(&overflowed)); + CHECK(secp256k1_scalar_check_overflow(&overflowed)); } { @@ -2262,13 +2260,13 @@ static void run_scalar_tests(void) { * and edge-case coverage on 32-bit and 64-bit implementations. * The responses were generated with Sage 5.9. */ - rustsecp256k1_v0_11_scalar x; - rustsecp256k1_v0_11_scalar y; - rustsecp256k1_v0_11_scalar z; - rustsecp256k1_v0_11_scalar zz; - rustsecp256k1_v0_11_scalar r1; - rustsecp256k1_v0_11_scalar r2; - rustsecp256k1_v0_11_scalar zzv; + secp256k1_scalar x; + secp256k1_scalar y; + secp256k1_scalar z; + secp256k1_scalar zz; + secp256k1_scalar r1; + secp256k1_scalar r2; + secp256k1_scalar zzv; int overflow; unsigned char chal[33][2][32] = { {{0xff, 0xff, 0x03, 0x07, 0x00, 0x00, 0x00, 0x00, @@ -2803,46 +2801,46 @@ static void run_scalar_tests(void) { 0x5c, 0x02, 0x97, 0x1b, 0x62, 0x43, 0x86, 0xf5}} }; for (i = 0; i < 33; i++) { - rustsecp256k1_v0_11_scalar_set_b32(&x, chal[i][0], &overflow); + secp256k1_scalar_set_b32(&x, chal[i][0], &overflow); CHECK(!overflow); - rustsecp256k1_v0_11_scalar_set_b32(&y, chal[i][1], &overflow); + secp256k1_scalar_set_b32(&y, chal[i][1], &overflow); CHECK(!overflow); - rustsecp256k1_v0_11_scalar_set_b32(&r1, res[i][0], &overflow); + secp256k1_scalar_set_b32(&r1, res[i][0], &overflow); CHECK(!overflow); - rustsecp256k1_v0_11_scalar_set_b32(&r2, res[i][1], &overflow); + secp256k1_scalar_set_b32(&r2, res[i][1], &overflow); CHECK(!overflow); - rustsecp256k1_v0_11_scalar_mul(&z, &x, &y); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r1, &z)); - if (!rustsecp256k1_v0_11_scalar_is_zero(&y)) { - rustsecp256k1_v0_11_scalar_inverse(&zz, &y); - rustsecp256k1_v0_11_scalar_inverse_var(&zzv, &y); - CHECK(rustsecp256k1_v0_11_scalar_eq(&zzv, &zz)); - rustsecp256k1_v0_11_scalar_mul(&z, &z, &zz); - CHECK(rustsecp256k1_v0_11_scalar_eq(&x, &z)); - rustsecp256k1_v0_11_scalar_mul(&zz, &zz, &y); - CHECK(rustsecp256k1_v0_11_scalar_eq(&rustsecp256k1_v0_11_scalar_one, &zz)); + secp256k1_scalar_mul(&z, &x, &y); + CHECK(secp256k1_scalar_eq(&r1, &z)); + if (!secp256k1_scalar_is_zero(&y)) { + secp256k1_scalar_inverse(&zz, &y); + secp256k1_scalar_inverse_var(&zzv, &y); + CHECK(secp256k1_scalar_eq(&zzv, &zz)); + secp256k1_scalar_mul(&z, &z, &zz); + CHECK(secp256k1_scalar_eq(&x, &z)); + secp256k1_scalar_mul(&zz, &zz, &y); + CHECK(secp256k1_scalar_eq(&secp256k1_scalar_one, &zz)); } - rustsecp256k1_v0_11_scalar_mul(&z, &x, &x); - CHECK(rustsecp256k1_v0_11_scalar_eq(&r2, &z)); + secp256k1_scalar_mul(&z, &x, &x); + CHECK(secp256k1_scalar_eq(&r2, &z)); } } } /***** FIELD TESTS *****/ -static void random_fe_non_square(rustsecp256k1_v0_11_fe *ns) { - rustsecp256k1_v0_11_fe r; +static void random_fe_non_square(secp256k1_fe *ns) { + secp256k1_fe r; testutil_random_fe_non_zero(ns); - if (rustsecp256k1_v0_11_fe_sqrt(&r, ns)) { - rustsecp256k1_v0_11_fe_negate(ns, ns, 1); + if (secp256k1_fe_sqrt(&r, ns)) { + secp256k1_fe_negate(ns, ns, 1); } } -static int fe_equal(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b) { - rustsecp256k1_v0_11_fe an = *a; - rustsecp256k1_v0_11_fe bn = *b; - rustsecp256k1_v0_11_fe_normalize_weak(&an); - return rustsecp256k1_v0_11_fe_equal(&an, &bn); +static int fe_equal(const secp256k1_fe *a, const secp256k1_fe *b) { + secp256k1_fe an = *a; + secp256k1_fe bn = *b; + secp256k1_fe_normalize_weak(&an); + return secp256k1_fe_equal(&an, &bn); } static void run_field_convert(void) { @@ -2852,27 +2850,27 @@ static void run_field_convert(void) { 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40 }; - static const rustsecp256k1_v0_11_fe_storage fes = SECP256K1_FE_STORAGE_CONST( + static const secp256k1_fe_storage fes = SECP256K1_FE_STORAGE_CONST( 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL ); - static const rustsecp256k1_v0_11_fe fe = SECP256K1_FE_CONST( + static const secp256k1_fe fe = SECP256K1_FE_CONST( 0x00010203UL, 0x04050607UL, 0x11121314UL, 0x15161718UL, 0x22232425UL, 0x26272829UL, 0x33343536UL, 0x37383940UL ); - rustsecp256k1_v0_11_fe fe2; + secp256k1_fe fe2; unsigned char b322[32]; - rustsecp256k1_v0_11_fe_storage fes2; + secp256k1_fe_storage fes2; /* Check conversions to fe. */ - CHECK(rustsecp256k1_v0_11_fe_set_b32_limit(&fe2, b32)); - CHECK(rustsecp256k1_v0_11_fe_equal(&fe, &fe2)); - rustsecp256k1_v0_11_fe_from_storage(&fe2, &fes); - CHECK(rustsecp256k1_v0_11_fe_equal(&fe, &fe2)); + CHECK(secp256k1_fe_set_b32_limit(&fe2, b32)); + CHECK(secp256k1_fe_equal(&fe, &fe2)); + secp256k1_fe_from_storage(&fe2, &fes); + CHECK(secp256k1_fe_equal(&fe, &fe2)); /* Check conversion from fe. */ - rustsecp256k1_v0_11_fe_get_b32(b322, &fe); - CHECK(rustsecp256k1_v0_11_memcmp_var(b322, b32, 32) == 0); - rustsecp256k1_v0_11_fe_to_storage(&fes2, &fe); - CHECK(rustsecp256k1_v0_11_memcmp_var(&fes2, &fes, sizeof(fes)) == 0); + secp256k1_fe_get_b32(b322, &fe); + CHECK(secp256k1_memcmp_var(b322, b32, 32) == 0); + secp256k1_fe_to_storage(&fes2, &fe); + CHECK(secp256k1_memcmp_var(&fes2, &fes, sizeof(fes)) == 0); } static void run_field_be32_overflow(void) { @@ -2885,14 +2883,14 @@ static void run_field_be32_overflow(void) { }; static const unsigned char zero[32] = { 0x00 }; unsigned char out[32]; - rustsecp256k1_v0_11_fe fe; - CHECK(rustsecp256k1_v0_11_fe_set_b32_limit(&fe, zero_overflow) == 0); - rustsecp256k1_v0_11_fe_set_b32_mod(&fe, zero_overflow); - CHECK(rustsecp256k1_v0_11_fe_normalizes_to_zero(&fe) == 1); - rustsecp256k1_v0_11_fe_normalize(&fe); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&fe) == 1); - rustsecp256k1_v0_11_fe_get_b32(out, &fe); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, zero, 32) == 0); + secp256k1_fe fe; + CHECK(secp256k1_fe_set_b32_limit(&fe, zero_overflow) == 0); + secp256k1_fe_set_b32_mod(&fe, zero_overflow); + CHECK(secp256k1_fe_normalizes_to_zero(&fe) == 1); + secp256k1_fe_normalize(&fe); + CHECK(secp256k1_fe_is_zero(&fe) == 1); + secp256k1_fe_get_b32(out, &fe); + CHECK(secp256k1_memcmp_var(out, zero, 32) == 0); } { static const unsigned char one_overflow[32] = { @@ -2908,13 +2906,13 @@ static void run_field_be32_overflow(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, }; unsigned char out[32]; - rustsecp256k1_v0_11_fe fe; - CHECK(rustsecp256k1_v0_11_fe_set_b32_limit(&fe, one_overflow) == 0); - rustsecp256k1_v0_11_fe_set_b32_mod(&fe, one_overflow); - rustsecp256k1_v0_11_fe_normalize(&fe); - CHECK(rustsecp256k1_v0_11_fe_cmp_var(&fe, &rustsecp256k1_v0_11_fe_one) == 0); - rustsecp256k1_v0_11_fe_get_b32(out, &fe); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, one, 32) == 0); + secp256k1_fe fe; + CHECK(secp256k1_fe_set_b32_limit(&fe, one_overflow) == 0); + secp256k1_fe_set_b32_mod(&fe, one_overflow); + secp256k1_fe_normalize(&fe); + CHECK(secp256k1_fe_cmp_var(&fe, &secp256k1_fe_one) == 0); + secp256k1_fe_get_b32(out, &fe); + CHECK(secp256k1_memcmp_var(out, one, 32) == 0); } { static const unsigned char ff_overflow[32] = { @@ -2930,84 +2928,84 @@ static void run_field_be32_overflow(void) { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x03, 0xD0, }; unsigned char out[32]; - rustsecp256k1_v0_11_fe fe; - const rustsecp256k1_v0_11_fe fe_ff = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0x01, 0x000003d0); - CHECK(rustsecp256k1_v0_11_fe_set_b32_limit(&fe, ff_overflow) == 0); - rustsecp256k1_v0_11_fe_set_b32_mod(&fe, ff_overflow); - rustsecp256k1_v0_11_fe_normalize(&fe); - CHECK(rustsecp256k1_v0_11_fe_cmp_var(&fe, &fe_ff) == 0); - rustsecp256k1_v0_11_fe_get_b32(out, &fe); - CHECK(rustsecp256k1_v0_11_memcmp_var(out, ff, 32) == 0); + secp256k1_fe fe; + const secp256k1_fe fe_ff = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0x01, 0x000003d0); + CHECK(secp256k1_fe_set_b32_limit(&fe, ff_overflow) == 0); + secp256k1_fe_set_b32_mod(&fe, ff_overflow); + secp256k1_fe_normalize(&fe); + CHECK(secp256k1_fe_cmp_var(&fe, &fe_ff) == 0); + secp256k1_fe_get_b32(out, &fe); + CHECK(secp256k1_memcmp_var(out, ff, 32) == 0); } } /* Returns true if two field elements have the same representation. */ -static int fe_identical(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *b) { +static int fe_identical(const secp256k1_fe *a, const secp256k1_fe *b) { int ret = 1; /* Compare the struct member that holds the limbs. */ - ret &= (rustsecp256k1_v0_11_memcmp_var(a->n, b->n, sizeof(a->n)) == 0); + ret &= (secp256k1_memcmp_var(a->n, b->n, sizeof(a->n)) == 0); return ret; } static void run_field_half(void) { - rustsecp256k1_v0_11_fe t, u; + secp256k1_fe t, u; int m; /* Check magnitude 0 input */ - rustsecp256k1_v0_11_fe_get_bounds(&t, 0); - rustsecp256k1_v0_11_fe_half(&t); + secp256k1_fe_get_bounds(&t, 0); + secp256k1_fe_half(&t); #ifdef VERIFY CHECK(t.magnitude == 1); CHECK(t.normalized == 0); #endif - CHECK(rustsecp256k1_v0_11_fe_normalizes_to_zero(&t)); + CHECK(secp256k1_fe_normalizes_to_zero(&t)); /* Check non-zero magnitudes in the supported range */ for (m = 1; m < 32; m++) { /* Check max-value input */ - rustsecp256k1_v0_11_fe_get_bounds(&t, m); + secp256k1_fe_get_bounds(&t, m); u = t; - rustsecp256k1_v0_11_fe_half(&u); + secp256k1_fe_half(&u); #ifdef VERIFY CHECK(u.magnitude == (m >> 1) + 1); CHECK(u.normalized == 0); #endif - rustsecp256k1_v0_11_fe_normalize_weak(&u); - rustsecp256k1_v0_11_fe_add(&u, &u); + secp256k1_fe_normalize_weak(&u); + secp256k1_fe_add(&u, &u); CHECK(fe_equal(&t, &u)); /* Check worst-case input: ensure the LSB is 1 so that P will be added, * which will also cause all carries to be 1, since all limbs that can * generate a carry are initially even and all limbs of P are odd in * every existing field implementation. */ - rustsecp256k1_v0_11_fe_get_bounds(&t, m); + secp256k1_fe_get_bounds(&t, m); CHECK(t.n[0] > 0); CHECK((t.n[0] & 1) == 0); --t.n[0]; u = t; - rustsecp256k1_v0_11_fe_half(&u); + secp256k1_fe_half(&u); #ifdef VERIFY CHECK(u.magnitude == (m >> 1) + 1); CHECK(u.normalized == 0); #endif - rustsecp256k1_v0_11_fe_normalize_weak(&u); - rustsecp256k1_v0_11_fe_add(&u, &u); + secp256k1_fe_normalize_weak(&u); + secp256k1_fe_add(&u, &u); CHECK(fe_equal(&t, &u)); } } static void run_field_misc(void) { - rustsecp256k1_v0_11_fe x; - rustsecp256k1_v0_11_fe y; - rustsecp256k1_v0_11_fe z; - rustsecp256k1_v0_11_fe q; + secp256k1_fe x; + secp256k1_fe y; + secp256k1_fe z; + secp256k1_fe q; int v; - rustsecp256k1_v0_11_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); + secp256k1_fe fe5 = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 5); int i, j; for (i = 0; i < 1000 * COUNT; i++) { - rustsecp256k1_v0_11_fe_storage xs, ys, zs; + secp256k1_fe_storage xs, ys, zs; if (i & 1) { testutil_random_fe(&x); } else { @@ -3016,30 +3014,30 @@ static void run_field_misc(void) { testutil_random_fe_non_zero(&y); v = testrand_bits(15); /* Test that fe_add_int is equivalent to fe_set_int + fe_add. */ - rustsecp256k1_v0_11_fe_set_int(&q, v); /* q = v */ + secp256k1_fe_set_int(&q, v); /* q = v */ z = x; /* z = x */ - rustsecp256k1_v0_11_fe_add(&z, &q); /* z = x+v */ + secp256k1_fe_add(&z, &q); /* z = x+v */ q = x; /* q = x */ - rustsecp256k1_v0_11_fe_add_int(&q, v); /* q = x+v */ + secp256k1_fe_add_int(&q, v); /* q = x+v */ CHECK(fe_equal(&q, &z)); /* Test the fe equality and comparison operations. */ - CHECK(rustsecp256k1_v0_11_fe_cmp_var(&x, &x) == 0); - CHECK(rustsecp256k1_v0_11_fe_equal(&x, &x)); + CHECK(secp256k1_fe_cmp_var(&x, &x) == 0); + CHECK(secp256k1_fe_equal(&x, &x)); z = x; - rustsecp256k1_v0_11_fe_add(&z,&y); + secp256k1_fe_add(&z,&y); /* Test fe conditional move; z is not normalized here. */ q = x; - rustsecp256k1_v0_11_fe_cmov(&x, &z, 0); + secp256k1_fe_cmov(&x, &z, 0); #ifdef VERIFY CHECK(!x.normalized); CHECK((x.magnitude == q.magnitude) || (x.magnitude == z.magnitude)); CHECK((x.magnitude >= q.magnitude) && (x.magnitude >= z.magnitude)); #endif x = q; - rustsecp256k1_v0_11_fe_cmov(&x, &x, 1); + secp256k1_fe_cmov(&x, &x, 1); CHECK(!fe_identical(&x, &z)); CHECK(fe_identical(&x, &q)); - rustsecp256k1_v0_11_fe_cmov(&q, &z, 1); + secp256k1_fe_cmov(&q, &z, 1); #ifdef VERIFY CHECK(!q.normalized); CHECK((q.magnitude == x.magnitude) || (q.magnitude == z.magnitude)); @@ -3047,67 +3045,67 @@ static void run_field_misc(void) { #endif CHECK(fe_identical(&q, &z)); q = z; - rustsecp256k1_v0_11_fe_normalize_var(&x); - rustsecp256k1_v0_11_fe_normalize_var(&z); - CHECK(!rustsecp256k1_v0_11_fe_equal(&x, &z)); - rustsecp256k1_v0_11_fe_normalize_var(&q); - rustsecp256k1_v0_11_fe_cmov(&q, &z, (i&1)); + secp256k1_fe_normalize_var(&x); + secp256k1_fe_normalize_var(&z); + CHECK(!secp256k1_fe_equal(&x, &z)); + secp256k1_fe_normalize_var(&q); + secp256k1_fe_cmov(&q, &z, (i&1)); #ifdef VERIFY CHECK(q.normalized && q.magnitude == 1); #endif for (j = 0; j < 6; j++) { - rustsecp256k1_v0_11_fe_negate_unchecked(&z, &z, j+1); - rustsecp256k1_v0_11_fe_normalize_var(&q); - rustsecp256k1_v0_11_fe_cmov(&q, &z, (j&1)); + secp256k1_fe_negate_unchecked(&z, &z, j+1); + secp256k1_fe_normalize_var(&q); + secp256k1_fe_cmov(&q, &z, (j&1)); #ifdef VERIFY CHECK(!q.normalized && q.magnitude == z.magnitude); #endif } - rustsecp256k1_v0_11_fe_normalize_var(&z); + secp256k1_fe_normalize_var(&z); /* Test storage conversion and conditional moves. */ - rustsecp256k1_v0_11_fe_to_storage(&xs, &x); - rustsecp256k1_v0_11_fe_to_storage(&ys, &y); - rustsecp256k1_v0_11_fe_to_storage(&zs, &z); - rustsecp256k1_v0_11_fe_storage_cmov(&zs, &xs, 0); - rustsecp256k1_v0_11_fe_storage_cmov(&zs, &zs, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&xs, &zs, sizeof(xs)) != 0); - rustsecp256k1_v0_11_fe_storage_cmov(&ys, &xs, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&xs, &ys, sizeof(xs)) == 0); - rustsecp256k1_v0_11_fe_from_storage(&x, &xs); - rustsecp256k1_v0_11_fe_from_storage(&y, &ys); - rustsecp256k1_v0_11_fe_from_storage(&z, &zs); + secp256k1_fe_to_storage(&xs, &x); + secp256k1_fe_to_storage(&ys, &y); + secp256k1_fe_to_storage(&zs, &z); + secp256k1_fe_storage_cmov(&zs, &xs, 0); + secp256k1_fe_storage_cmov(&zs, &zs, 1); + CHECK(secp256k1_memcmp_var(&xs, &zs, sizeof(xs)) != 0); + secp256k1_fe_storage_cmov(&ys, &xs, 1); + CHECK(secp256k1_memcmp_var(&xs, &ys, sizeof(xs)) == 0); + secp256k1_fe_from_storage(&x, &xs); + secp256k1_fe_from_storage(&y, &ys); + secp256k1_fe_from_storage(&z, &zs); /* Test that mul_int, mul, and add agree. */ - rustsecp256k1_v0_11_fe_add(&y, &x); - rustsecp256k1_v0_11_fe_add(&y, &x); + secp256k1_fe_add(&y, &x); + secp256k1_fe_add(&y, &x); z = x; - rustsecp256k1_v0_11_fe_mul_int(&z, 3); + secp256k1_fe_mul_int(&z, 3); CHECK(fe_equal(&y, &z)); - rustsecp256k1_v0_11_fe_add(&y, &x); - rustsecp256k1_v0_11_fe_add(&z, &x); + secp256k1_fe_add(&y, &x); + secp256k1_fe_add(&z, &x); CHECK(fe_equal(&z, &y)); z = x; - rustsecp256k1_v0_11_fe_mul_int(&z, 5); - rustsecp256k1_v0_11_fe_mul(&q, &x, &fe5); + secp256k1_fe_mul_int(&z, 5); + secp256k1_fe_mul(&q, &x, &fe5); CHECK(fe_equal(&z, &q)); - rustsecp256k1_v0_11_fe_negate(&x, &x, 1); - rustsecp256k1_v0_11_fe_add(&z, &x); - rustsecp256k1_v0_11_fe_add(&q, &x); + secp256k1_fe_negate(&x, &x, 1); + secp256k1_fe_add(&z, &x); + secp256k1_fe_add(&q, &x); CHECK(fe_equal(&y, &z)); CHECK(fe_equal(&q, &y)); - /* Check rustsecp256k1_v0_11_fe_half. */ + /* Check secp256k1_fe_half. */ z = x; - rustsecp256k1_v0_11_fe_half(&z); - rustsecp256k1_v0_11_fe_add(&z, &z); + secp256k1_fe_half(&z); + secp256k1_fe_add(&z, &z); CHECK(fe_equal(&x, &z)); - rustsecp256k1_v0_11_fe_add(&z, &z); - rustsecp256k1_v0_11_fe_half(&z); + secp256k1_fe_add(&z, &z); + secp256k1_fe_half(&z); CHECK(fe_equal(&x, &z)); } } -static void test_fe_mul(const rustsecp256k1_v0_11_fe* a, const rustsecp256k1_v0_11_fe* b, int use_sqr) +static void test_fe_mul(const secp256k1_fe* a, const secp256k1_fe* b, int use_sqr) { - rustsecp256k1_v0_11_fe c, an, bn; + secp256k1_fe c, an, bn; /* Variables in BE 32-byte format. */ unsigned char a32[32], b32[32], c32[32]; /* Variables in LE 16x uint16_t format. */ @@ -3123,20 +3121,20 @@ static void test_fe_mul(const rustsecp256k1_v0_11_fe* a, const rustsecp256k1_v0_ /* Compute C = A * B in fe format. */ c = *a; if (use_sqr) { - rustsecp256k1_v0_11_fe_sqr(&c, &c); + secp256k1_fe_sqr(&c, &c); } else { - rustsecp256k1_v0_11_fe_mul(&c, &c, b); + secp256k1_fe_mul(&c, &c, b); } /* Convert A, B, C into LE 16x uint16_t format. */ an = *a; bn = *b; - rustsecp256k1_v0_11_fe_normalize_var(&c); - rustsecp256k1_v0_11_fe_normalize_var(&an); - rustsecp256k1_v0_11_fe_normalize_var(&bn); - rustsecp256k1_v0_11_fe_get_b32(a32, &an); - rustsecp256k1_v0_11_fe_get_b32(b32, &bn); - rustsecp256k1_v0_11_fe_get_b32(c32, &c); + secp256k1_fe_normalize_var(&c); + secp256k1_fe_normalize_var(&an); + secp256k1_fe_normalize_var(&bn); + secp256k1_fe_get_b32(a32, &an); + secp256k1_fe_get_b32(b32, &bn); + secp256k1_fe_get_b32(c32, &c); for (i = 0; i < 16; ++i) { a16[i] = a32[31 - 2*i] + ((uint16_t)a32[30 - 2*i] << 8); b16[i] = b32[31 - 2*i] + ((uint16_t)b32[30 - 2*i] << 8); @@ -3145,13 +3143,13 @@ static void test_fe_mul(const rustsecp256k1_v0_11_fe* a, const rustsecp256k1_v0_ /* Compute T = A * B in LE 16x uint16_t format. */ mulmod256(t16, a16, b16, m16); /* Compare */ - CHECK(rustsecp256k1_v0_11_memcmp_var(t16, c16, 32) == 0); + CHECK(secp256k1_memcmp_var(t16, c16, 32) == 0); } static void run_fe_mul(void) { int i; for (i = 0; i < 100 * COUNT; ++i) { - rustsecp256k1_v0_11_fe a, b, c, d; + secp256k1_fe a, b, c, d; testutil_random_fe(&a); testutil_random_fe_magnitude(&a, 8); testutil_random_fe(&b); @@ -3171,62 +3169,62 @@ static void run_fe_mul(void) { static void run_sqr(void) { int i; - rustsecp256k1_v0_11_fe x, y, lhs, rhs, tmp; + secp256k1_fe x, y, lhs, rhs, tmp; - rustsecp256k1_v0_11_fe_set_int(&x, 1); - rustsecp256k1_v0_11_fe_negate(&x, &x, 1); + secp256k1_fe_set_int(&x, 1); + secp256k1_fe_negate(&x, &x, 1); for (i = 1; i <= 512; ++i) { - rustsecp256k1_v0_11_fe_mul_int(&x, 2); - rustsecp256k1_v0_11_fe_normalize(&x); + secp256k1_fe_mul_int(&x, 2); + secp256k1_fe_normalize(&x); /* Check that (x+y)*(x-y) = x^2 - y*2 for some random values y */ testutil_random_fe_test(&y); lhs = x; - rustsecp256k1_v0_11_fe_add(&lhs, &y); /* lhs = x+y */ - rustsecp256k1_v0_11_fe_negate(&tmp, &y, 1); /* tmp = -y */ - rustsecp256k1_v0_11_fe_add(&tmp, &x); /* tmp = x-y */ - rustsecp256k1_v0_11_fe_mul(&lhs, &lhs, &tmp); /* lhs = (x+y)*(x-y) */ + secp256k1_fe_add(&lhs, &y); /* lhs = x+y */ + secp256k1_fe_negate(&tmp, &y, 1); /* tmp = -y */ + secp256k1_fe_add(&tmp, &x); /* tmp = x-y */ + secp256k1_fe_mul(&lhs, &lhs, &tmp); /* lhs = (x+y)*(x-y) */ - rustsecp256k1_v0_11_fe_sqr(&rhs, &x); /* rhs = x^2 */ - rustsecp256k1_v0_11_fe_sqr(&tmp, &y); /* tmp = y^2 */ - rustsecp256k1_v0_11_fe_negate(&tmp, &tmp, 1); /* tmp = -y^2 */ - rustsecp256k1_v0_11_fe_add(&rhs, &tmp); /* rhs = x^2 - y^2 */ + secp256k1_fe_sqr(&rhs, &x); /* rhs = x^2 */ + secp256k1_fe_sqr(&tmp, &y); /* tmp = y^2 */ + secp256k1_fe_negate(&tmp, &tmp, 1); /* tmp = -y^2 */ + secp256k1_fe_add(&rhs, &tmp); /* rhs = x^2 - y^2 */ CHECK(fe_equal(&lhs, &rhs)); } } -static void test_sqrt(const rustsecp256k1_v0_11_fe *a, const rustsecp256k1_v0_11_fe *k) { - rustsecp256k1_v0_11_fe r1, r2; - int v = rustsecp256k1_v0_11_fe_sqrt(&r1, a); +static void test_sqrt(const secp256k1_fe *a, const secp256k1_fe *k) { + secp256k1_fe r1, r2; + int v = secp256k1_fe_sqrt(&r1, a); CHECK((v == 0) == (k == NULL)); if (k != NULL) { /* Check that the returned root is +/- the given known answer */ - rustsecp256k1_v0_11_fe_negate(&r2, &r1, 1); - rustsecp256k1_v0_11_fe_add(&r1, k); rustsecp256k1_v0_11_fe_add(&r2, k); - rustsecp256k1_v0_11_fe_normalize(&r1); rustsecp256k1_v0_11_fe_normalize(&r2); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&r1) || rustsecp256k1_v0_11_fe_is_zero(&r2)); + secp256k1_fe_negate(&r2, &r1, 1); + secp256k1_fe_add(&r1, k); secp256k1_fe_add(&r2, k); + secp256k1_fe_normalize(&r1); secp256k1_fe_normalize(&r2); + CHECK(secp256k1_fe_is_zero(&r1) || secp256k1_fe_is_zero(&r2)); } } static void run_sqrt(void) { - rustsecp256k1_v0_11_fe ns, x, s, t; + secp256k1_fe ns, x, s, t; int i; /* Check sqrt(0) is 0 */ - rustsecp256k1_v0_11_fe_set_int(&x, 0); - rustsecp256k1_v0_11_fe_sqr(&s, &x); + secp256k1_fe_set_int(&x, 0); + secp256k1_fe_sqr(&s, &x); test_sqrt(&s, &x); /* Check sqrt of small squares (and their negatives) */ for (i = 1; i <= 100; i++) { - rustsecp256k1_v0_11_fe_set_int(&x, i); - rustsecp256k1_v0_11_fe_sqr(&s, &x); + secp256k1_fe_set_int(&x, i); + secp256k1_fe_sqr(&s, &x); test_sqrt(&s, &x); - rustsecp256k1_v0_11_fe_negate(&t, &s, 1); + secp256k1_fe_negate(&t, &s, 1); test_sqrt(&t, NULL); } @@ -3236,13 +3234,13 @@ static void run_sqrt(void) { random_fe_non_square(&ns); for (j = 0; j < COUNT; j++) { testutil_random_fe(&x); - rustsecp256k1_v0_11_fe_sqr(&s, &x); - CHECK(rustsecp256k1_v0_11_fe_is_square_var(&s)); + secp256k1_fe_sqr(&s, &x); + CHECK(secp256k1_fe_is_square_var(&s)); test_sqrt(&s, &x); - rustsecp256k1_v0_11_fe_negate(&t, &s, 1); - CHECK(!rustsecp256k1_v0_11_fe_is_square_var(&t)); + secp256k1_fe_negate(&t, &s, 1); + CHECK(!secp256k1_fe_is_square_var(&t)); test_sqrt(&t, NULL); - rustsecp256k1_v0_11_fe_mul(&t, &s, &ns); + secp256k1_fe_mul(&t, &s, &ns); test_sqrt(&t, NULL); } } @@ -3250,12 +3248,12 @@ static void run_sqrt(void) { /***** FIELD/SCALAR INVERSE TESTS *****/ -static const rustsecp256k1_v0_11_scalar scalar_minus_one = SECP256K1_SCALAR_CONST( +static const secp256k1_scalar scalar_minus_one = SECP256K1_SCALAR_CONST( 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xBAAEDCE6, 0xAF48A03B, 0xBFD25E8C, 0xD0364140 ); -static const rustsecp256k1_v0_11_fe fe_minus_one = SECP256K1_FE_CONST( +static const secp256k1_fe fe_minus_one = SECP256K1_FE_CONST( 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFC2E ); @@ -3267,57 +3265,57 @@ static const rustsecp256k1_v0_11_fe fe_minus_one = SECP256K1_FE_CONST( * for x!=0 and x!=1: 1/(1/x - 1) + 1 == -1/(x-1) */ -static void test_inverse_scalar(rustsecp256k1_v0_11_scalar* out, const rustsecp256k1_v0_11_scalar* x, int var) +static void test_inverse_scalar(secp256k1_scalar* out, const secp256k1_scalar* x, int var) { - rustsecp256k1_v0_11_scalar l, r, t; + secp256k1_scalar l, r, t; - (var ? rustsecp256k1_v0_11_scalar_inverse_var : rustsecp256k1_v0_11_scalar_inverse)(&l, x); /* l = 1/x */ + (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse)(&l, x); /* l = 1/x */ if (out) *out = l; - if (rustsecp256k1_v0_11_scalar_is_zero(x)) { - CHECK(rustsecp256k1_v0_11_scalar_is_zero(&l)); + if (secp256k1_scalar_is_zero(x)) { + CHECK(secp256k1_scalar_is_zero(&l)); return; } - rustsecp256k1_v0_11_scalar_mul(&t, x, &l); /* t = x*(1/x) */ - CHECK(rustsecp256k1_v0_11_scalar_is_one(&t)); /* x*(1/x) == 1 */ - rustsecp256k1_v0_11_scalar_add(&r, x, &scalar_minus_one); /* r = x-1 */ - if (rustsecp256k1_v0_11_scalar_is_zero(&r)) return; - (var ? rustsecp256k1_v0_11_scalar_inverse_var : rustsecp256k1_v0_11_scalar_inverse)(&r, &r); /* r = 1/(x-1) */ - rustsecp256k1_v0_11_scalar_add(&l, &scalar_minus_one, &l); /* l = 1/x-1 */ - (var ? rustsecp256k1_v0_11_scalar_inverse_var : rustsecp256k1_v0_11_scalar_inverse)(&l, &l); /* l = 1/(1/x-1) */ - rustsecp256k1_v0_11_scalar_add(&l, &l, &rustsecp256k1_v0_11_scalar_one); /* l = 1/(1/x-1)+1 */ - rustsecp256k1_v0_11_scalar_add(&l, &r, &l); /* l = 1/(1/x-1)+1 + 1/(x-1) */ - CHECK(rustsecp256k1_v0_11_scalar_is_zero(&l)); /* l == 0 */ + secp256k1_scalar_mul(&t, x, &l); /* t = x*(1/x) */ + CHECK(secp256k1_scalar_is_one(&t)); /* x*(1/x) == 1 */ + secp256k1_scalar_add(&r, x, &scalar_minus_one); /* r = x-1 */ + if (secp256k1_scalar_is_zero(&r)) return; + (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse)(&r, &r); /* r = 1/(x-1) */ + secp256k1_scalar_add(&l, &scalar_minus_one, &l); /* l = 1/x-1 */ + (var ? secp256k1_scalar_inverse_var : secp256k1_scalar_inverse)(&l, &l); /* l = 1/(1/x-1) */ + secp256k1_scalar_add(&l, &l, &secp256k1_scalar_one); /* l = 1/(1/x-1)+1 */ + secp256k1_scalar_add(&l, &r, &l); /* l = 1/(1/x-1)+1 + 1/(x-1) */ + CHECK(secp256k1_scalar_is_zero(&l)); /* l == 0 */ } -static void test_inverse_field(rustsecp256k1_v0_11_fe* out, const rustsecp256k1_v0_11_fe* x, int var) +static void test_inverse_field(secp256k1_fe* out, const secp256k1_fe* x, int var) { - rustsecp256k1_v0_11_fe l, r, t; + secp256k1_fe l, r, t; - (var ? rustsecp256k1_v0_11_fe_inv_var : rustsecp256k1_v0_11_fe_inv)(&l, x) ; /* l = 1/x */ + (var ? secp256k1_fe_inv_var : secp256k1_fe_inv)(&l, x) ; /* l = 1/x */ if (out) *out = l; t = *x; /* t = x */ - if (rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&t)) { - CHECK(rustsecp256k1_v0_11_fe_normalizes_to_zero(&l)); + if (secp256k1_fe_normalizes_to_zero_var(&t)) { + CHECK(secp256k1_fe_normalizes_to_zero(&l)); return; } - rustsecp256k1_v0_11_fe_mul(&t, x, &l); /* t = x*(1/x) */ - rustsecp256k1_v0_11_fe_add(&t, &fe_minus_one); /* t = x*(1/x)-1 */ - CHECK(rustsecp256k1_v0_11_fe_normalizes_to_zero(&t)); /* x*(1/x)-1 == 0 */ + secp256k1_fe_mul(&t, x, &l); /* t = x*(1/x) */ + secp256k1_fe_add(&t, &fe_minus_one); /* t = x*(1/x)-1 */ + CHECK(secp256k1_fe_normalizes_to_zero(&t)); /* x*(1/x)-1 == 0 */ r = *x; /* r = x */ - rustsecp256k1_v0_11_fe_add(&r, &fe_minus_one); /* r = x-1 */ - if (rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&r)) return; - (var ? rustsecp256k1_v0_11_fe_inv_var : rustsecp256k1_v0_11_fe_inv)(&r, &r); /* r = 1/(x-1) */ - rustsecp256k1_v0_11_fe_add(&l, &fe_minus_one); /* l = 1/x-1 */ - (var ? rustsecp256k1_v0_11_fe_inv_var : rustsecp256k1_v0_11_fe_inv)(&l, &l); /* l = 1/(1/x-1) */ - rustsecp256k1_v0_11_fe_add_int(&l, 1); /* l = 1/(1/x-1)+1 */ - rustsecp256k1_v0_11_fe_add(&l, &r); /* l = 1/(1/x-1)+1 + 1/(x-1) */ - CHECK(rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&l)); /* l == 0 */ + secp256k1_fe_add(&r, &fe_minus_one); /* r = x-1 */ + if (secp256k1_fe_normalizes_to_zero_var(&r)) return; + (var ? secp256k1_fe_inv_var : secp256k1_fe_inv)(&r, &r); /* r = 1/(x-1) */ + secp256k1_fe_add(&l, &fe_minus_one); /* l = 1/x-1 */ + (var ? secp256k1_fe_inv_var : secp256k1_fe_inv)(&l, &l); /* l = 1/(1/x-1) */ + secp256k1_fe_add_int(&l, 1); /* l = 1/(1/x-1)+1 */ + secp256k1_fe_add(&l, &r); /* l = 1/(1/x-1)+1 + 1/(x-1) */ + CHECK(secp256k1_fe_normalizes_to_zero_var(&l)); /* l == 0 */ } static void run_inverse_tests(void) { /* Fixed test cases for field inverses: pairs of (x, 1/x) mod p. */ - static const rustsecp256k1_v0_11_fe fe_cases[][2] = { + static const secp256k1_fe fe_cases[][2] = { /* 0 */ {SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0)}, @@ -3422,7 +3420,7 @@ static void run_inverse_tests(void) SECP256K1_FE_CONST(0x9a94b9b5, 0x57eb71ee, 0x4c975b8b, 0xac5262a8, 0x077b0595, 0xe12a6b1f, 0xd728edef, 0x1a6bf956)} }; /* Fixed test cases for scalar inverses: pairs of (x, 1/x) mod n. */ - static const rustsecp256k1_v0_11_scalar scalar_cases[][2] = { + static const secp256k1_scalar scalar_cases[][2] = { /* 0 */ {SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0), SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0)}, @@ -3509,8 +3507,8 @@ static void run_inverse_tests(void) }; int i, var, testrand; unsigned char b32[32]; - rustsecp256k1_v0_11_fe x_fe; - rustsecp256k1_v0_11_scalar x_scalar; + secp256k1_fe x_fe; + secp256k1_scalar x_scalar; memset(b32, 0, sizeof(b32)); /* Test fixed test cases through test_inverse_{scalar,field}, both ways. */ for (i = 0; (size_t)i < sizeof(fe_cases)/sizeof(fe_cases[0]); ++i) { @@ -3524,23 +3522,23 @@ static void run_inverse_tests(void) for (i = 0; (size_t)i < sizeof(scalar_cases)/sizeof(scalar_cases[0]); ++i) { for (var = 0; var <= 1; ++var) { test_inverse_scalar(&x_scalar, &scalar_cases[i][0], var); - CHECK(rustsecp256k1_v0_11_scalar_eq(&x_scalar, &scalar_cases[i][1])); + CHECK(secp256k1_scalar_eq(&x_scalar, &scalar_cases[i][1])); test_inverse_scalar(&x_scalar, &scalar_cases[i][1], var); - CHECK(rustsecp256k1_v0_11_scalar_eq(&x_scalar, &scalar_cases[i][0])); + CHECK(secp256k1_scalar_eq(&x_scalar, &scalar_cases[i][0])); } } /* Test inputs 0..999 and their respective negations. */ for (i = 0; i < 1000; ++i) { b32[31] = i & 0xff; b32[30] = (i >> 8) & 0xff; - rustsecp256k1_v0_11_scalar_set_b32(&x_scalar, b32, NULL); - rustsecp256k1_v0_11_fe_set_b32_mod(&x_fe, b32); + secp256k1_scalar_set_b32(&x_scalar, b32, NULL); + secp256k1_fe_set_b32_mod(&x_fe, b32); for (var = 0; var <= 1; ++var) { test_inverse_scalar(NULL, &x_scalar, var); test_inverse_field(NULL, &x_fe, var); } - rustsecp256k1_v0_11_scalar_negate(&x_scalar, &x_scalar); - rustsecp256k1_v0_11_fe_negate(&x_fe, &x_fe, 1); + secp256k1_scalar_negate(&x_scalar, &x_scalar); + secp256k1_fe_negate(&x_fe, &x_fe, 1); for (var = 0; var <= 1; ++var) { test_inverse_scalar(NULL, &x_scalar, var); test_inverse_field(NULL, &x_fe, var); @@ -3550,8 +3548,8 @@ static void run_inverse_tests(void) for (testrand = 0; testrand <= 1; ++testrand) { for (i = 0; i < 64 * COUNT; ++i) { (testrand ? testrand256_test : testrand256)(b32); - rustsecp256k1_v0_11_scalar_set_b32(&x_scalar, b32, NULL); - rustsecp256k1_v0_11_fe_set_b32_mod(&x_fe, b32); + secp256k1_scalar_set_b32(&x_scalar, b32, NULL); + secp256k1_fe_set_b32_mod(&x_fe, b32); for (var = 0; var <= 1; ++var) { test_inverse_scalar(NULL, &x_scalar, var); test_inverse_field(NULL, &x_fe, var); @@ -3571,14 +3569,14 @@ static void test_heap_swap(void) { memset(e, 42, 200); memset(e + 200, 99, 200); memset(e + 400, 21, 200); - rustsecp256k1_v0_11_heap_swap(a, 0, 2, 200); - CHECK(rustsecp256k1_v0_11_memcmp_var(a, e, sizeof(a)) == 0); + secp256k1_heap_swap(a, 0, 2, 200); + CHECK(secp256k1_memcmp_var(a, e, sizeof(a)) == 0); } static void test_hsort_is_sorted(unsigned char *elements, size_t n, size_t len) { size_t i; for (i = 1; i < n; i++) { - CHECK(rustsecp256k1_v0_11_memcmp_var(&elements[(i-1) * len], &elements[i * len], len) <= 0); + CHECK(secp256k1_memcmp_var(&elements[(i-1) * len], &elements[i * len], len) <= 0); } } @@ -3591,7 +3589,7 @@ struct test_hsort_cmp_data { static int test_hsort_cmp(const void *ele1, const void *ele2, void *data) { struct test_hsort_cmp_data *d = (struct test_hsort_cmp_data *) data; d->counter += 1; - return rustsecp256k1_v0_11_memcmp_var((unsigned char *)ele1, (unsigned char *)ele2, d->element_len); + return secp256k1_memcmp_var((unsigned char *)ele1, (unsigned char *)ele2, d->element_len); } #define NUM 65 @@ -3605,11 +3603,11 @@ static void test_hsort(size_t element_len) { data.counter = 0; data.element_len = element_len; - rustsecp256k1_v0_11_hsort(elements, 0, element_len, test_hsort_cmp, &data); + secp256k1_hsort(elements, 0, element_len, test_hsort_cmp, &data); CHECK(data.counter == 0); - rustsecp256k1_v0_11_hsort(elements, 1, element_len, test_hsort_cmp, &data); + secp256k1_hsort(elements, 1, element_len, test_hsort_cmp, &data); CHECK(data.counter == 0); - rustsecp256k1_v0_11_hsort(elements, NUM, element_len, test_hsort_cmp, &data); + secp256k1_hsort(elements, NUM, element_len, test_hsort_cmp, &data); CHECK(data.counter >= NUM - 1); test_hsort_is_sorted(elements, NUM, element_len); @@ -3617,7 +3615,7 @@ static void test_hsort(size_t element_len) { for (i = 0; i < COUNT; i++) { int n = testrand_int(NUM); testrand_bytes_test(elements, n*element_len); - rustsecp256k1_v0_11_hsort(elements, n, element_len, test_hsort_cmp, &data); + secp256k1_hsort(elements, n, element_len, test_hsort_cmp, &data); test_hsort_is_sorted(elements, n, element_len); } } @@ -3635,23 +3633,23 @@ static void run_hsort_tests(void) { /***** GROUP TESTS *****/ /* This compares jacobian points including their Z, not just their geometric meaning. */ -static int gej_xyz_equals_gej(const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_gej *b) { - rustsecp256k1_v0_11_gej a2; - rustsecp256k1_v0_11_gej b2; +static int gej_xyz_equals_gej(const secp256k1_gej *a, const secp256k1_gej *b) { + secp256k1_gej a2; + secp256k1_gej b2; int ret = 1; ret &= a->infinity == b->infinity; if (ret && !a->infinity) { a2 = *a; b2 = *b; - rustsecp256k1_v0_11_fe_normalize(&a2.x); - rustsecp256k1_v0_11_fe_normalize(&a2.y); - rustsecp256k1_v0_11_fe_normalize(&a2.z); - rustsecp256k1_v0_11_fe_normalize(&b2.x); - rustsecp256k1_v0_11_fe_normalize(&b2.y); - rustsecp256k1_v0_11_fe_normalize(&b2.z); - ret &= rustsecp256k1_v0_11_fe_cmp_var(&a2.x, &b2.x) == 0; - ret &= rustsecp256k1_v0_11_fe_cmp_var(&a2.y, &b2.y) == 0; - ret &= rustsecp256k1_v0_11_fe_cmp_var(&a2.z, &b2.z) == 0; + secp256k1_fe_normalize(&a2.x); + secp256k1_fe_normalize(&a2.y); + secp256k1_fe_normalize(&a2.z); + secp256k1_fe_normalize(&b2.x); + secp256k1_fe_normalize(&b2.y); + secp256k1_fe_normalize(&b2.z); + ret &= secp256k1_fe_cmp_var(&a2.x, &b2.x) == 0; + ret &= secp256k1_fe_cmp_var(&a2.y, &b2.y) == 0; + ret &= secp256k1_fe_cmp_var(&a2.z, &b2.z) == 0; } return ret; } @@ -3665,31 +3663,31 @@ static void test_ge(void) { * negation, and then those two again but with randomized Z coordinate. * - The same is then done for lambda*p1 and lambda^2*p1. */ - rustsecp256k1_v0_11_ge *ge = (rustsecp256k1_v0_11_ge *)checked_malloc(&CTX->error_callback, sizeof(rustsecp256k1_v0_11_ge) * (1 + 4 * runs)); - rustsecp256k1_v0_11_gej *gej = (rustsecp256k1_v0_11_gej *)checked_malloc(&CTX->error_callback, sizeof(rustsecp256k1_v0_11_gej) * (1 + 4 * runs)); - rustsecp256k1_v0_11_fe zf, r; - rustsecp256k1_v0_11_fe zfi2, zfi3; + secp256k1_ge *ge = (secp256k1_ge *)checked_malloc(&CTX->error_callback, sizeof(secp256k1_ge) * (1 + 4 * runs)); + secp256k1_gej *gej = (secp256k1_gej *)checked_malloc(&CTX->error_callback, sizeof(secp256k1_gej) * (1 + 4 * runs)); + secp256k1_fe zf, r; + secp256k1_fe zfi2, zfi3; - rustsecp256k1_v0_11_gej_set_infinity(&gej[0]); - rustsecp256k1_v0_11_ge_set_infinity(&ge[0]); + secp256k1_gej_set_infinity(&gej[0]); + secp256k1_ge_set_infinity(&ge[0]); for (i = 0; i < runs; i++) { int j, k; - rustsecp256k1_v0_11_ge g; + secp256k1_ge g; testutil_random_ge_test(&g); if (i >= runs - 2) { - rustsecp256k1_v0_11_ge_mul_lambda(&g, &ge[1]); - CHECK(!rustsecp256k1_v0_11_ge_eq_var(&g, &ge[1])); + secp256k1_ge_mul_lambda(&g, &ge[1]); + CHECK(!secp256k1_ge_eq_var(&g, &ge[1])); } if (i >= runs - 1) { - rustsecp256k1_v0_11_ge_mul_lambda(&g, &g); + secp256k1_ge_mul_lambda(&g, &g); } ge[1 + 4 * i] = g; ge[2 + 4 * i] = g; - rustsecp256k1_v0_11_ge_neg(&ge[3 + 4 * i], &g); - rustsecp256k1_v0_11_ge_neg(&ge[4 + 4 * i], &g); - rustsecp256k1_v0_11_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]); + secp256k1_ge_neg(&ge[3 + 4 * i], &g); + secp256k1_ge_neg(&ge[4 + 4 * i], &g); + secp256k1_gej_set_ge(&gej[1 + 4 * i], &ge[1 + 4 * i]); testutil_random_ge_jacobian_test(&gej[2 + 4 * i], &ge[2 + 4 * i]); - rustsecp256k1_v0_11_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]); + secp256k1_gej_set_ge(&gej[3 + 4 * i], &ge[3 + 4 * i]); testutil_random_ge_jacobian_test(&gej[4 + 4 * i], &ge[4 + 4 * i]); for (j = 0; j < 4; j++) { testutil_random_ge_x_magnitude(&ge[1 + j + 4 * i]); @@ -3702,10 +3700,10 @@ static void test_ge(void) { for (j = 0; j < 4; ++j) { for (k = 0; k < 4; ++k) { int expect_equal = (j >> 1) == (k >> 1); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&ge[1 + j + 4 * i], &ge[1 + k + 4 * i]) == expect_equal); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&gej[1 + j + 4 * i], &gej[1 + k + 4 * i]) == expect_equal); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&gej[1 + j + 4 * i], &ge[1 + k + 4 * i]) == expect_equal); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&gej[1 + k + 4 * i], &ge[1 + j + 4 * i]) == expect_equal); + CHECK(secp256k1_ge_eq_var(&ge[1 + j + 4 * i], &ge[1 + k + 4 * i]) == expect_equal); + CHECK(secp256k1_gej_eq_var(&gej[1 + j + 4 * i], &gej[1 + k + 4 * i]) == expect_equal); + CHECK(secp256k1_gej_eq_ge_var(&gej[1 + j + 4 * i], &ge[1 + k + 4 * i]) == expect_equal); + CHECK(secp256k1_gej_eq_ge_var(&gej[1 + k + 4 * i], &ge[1 + j + 4 * i]) == expect_equal); } } } @@ -3713,9 +3711,9 @@ static void test_ge(void) { /* Generate random zf, and zfi2 = 1/zf^2, zfi3 = 1/zf^3 */ testutil_random_fe_non_zero_test(&zf); testutil_random_fe_magnitude(&zf, 8); - rustsecp256k1_v0_11_fe_inv_var(&zfi3, &zf); - rustsecp256k1_v0_11_fe_sqr(&zfi2, &zfi3); - rustsecp256k1_v0_11_fe_mul(&zfi3, &zfi3, &zfi2); + secp256k1_fe_inv_var(&zfi3, &zf); + secp256k1_fe_sqr(&zfi2, &zfi3); + secp256k1_fe_mul(&zfi3, &zfi3, &zfi2); /* Generate random r */ testutil_random_fe_non_zero_test(&r); @@ -3724,199 +3722,223 @@ static void test_ge(void) { int i2; for (i2 = 0; i2 < 1 + 4 * runs; i2++) { /* Compute reference result using gej + gej (var). */ - rustsecp256k1_v0_11_gej refj, resj; - rustsecp256k1_v0_11_ge ref; - rustsecp256k1_v0_11_fe zr; - rustsecp256k1_v0_11_gej_add_var(&refj, &gej[i1], &gej[i2], rustsecp256k1_v0_11_gej_is_infinity(&gej[i1]) ? NULL : &zr); + secp256k1_gej refj, resj; + secp256k1_ge ref; + secp256k1_fe zr; + secp256k1_gej_add_var(&refj, &gej[i1], &gej[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr); /* Check Z ratio. */ - if (!rustsecp256k1_v0_11_gej_is_infinity(&gej[i1]) && !rustsecp256k1_v0_11_gej_is_infinity(&refj)) { - rustsecp256k1_v0_11_fe zrz; rustsecp256k1_v0_11_fe_mul(&zrz, &zr, &gej[i1].z); - CHECK(rustsecp256k1_v0_11_fe_equal(&zrz, &refj.z)); + if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&refj)) { + secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z); + CHECK(secp256k1_fe_equal(&zrz, &refj.z)); } - rustsecp256k1_v0_11_ge_set_gej_var(&ref, &refj); + secp256k1_ge_set_gej_var(&ref, &refj); /* Test gej + ge with Z ratio result (var). */ - rustsecp256k1_v0_11_gej_add_ge_var(&resj, &gej[i1], &ge[i2], rustsecp256k1_v0_11_gej_is_infinity(&gej[i1]) ? NULL : &zr); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&resj, &ref)); - if (!rustsecp256k1_v0_11_gej_is_infinity(&gej[i1]) && !rustsecp256k1_v0_11_gej_is_infinity(&resj)) { - rustsecp256k1_v0_11_fe zrz; rustsecp256k1_v0_11_fe_mul(&zrz, &zr, &gej[i1].z); - CHECK(rustsecp256k1_v0_11_fe_equal(&zrz, &resj.z)); + secp256k1_gej_add_ge_var(&resj, &gej[i1], &ge[i2], secp256k1_gej_is_infinity(&gej[i1]) ? NULL : &zr); + CHECK(secp256k1_gej_eq_ge_var(&resj, &ref)); + if (!secp256k1_gej_is_infinity(&gej[i1]) && !secp256k1_gej_is_infinity(&resj)) { + secp256k1_fe zrz; secp256k1_fe_mul(&zrz, &zr, &gej[i1].z); + CHECK(secp256k1_fe_equal(&zrz, &resj.z)); } /* Test gej + ge (var, with additional Z factor). */ { - rustsecp256k1_v0_11_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */ - rustsecp256k1_v0_11_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2); - rustsecp256k1_v0_11_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3); + secp256k1_ge ge2_zfi = ge[i2]; /* the second term with x and y rescaled for z = 1/zf */ + secp256k1_fe_mul(&ge2_zfi.x, &ge2_zfi.x, &zfi2); + secp256k1_fe_mul(&ge2_zfi.y, &ge2_zfi.y, &zfi3); testutil_random_ge_x_magnitude(&ge2_zfi); testutil_random_ge_y_magnitude(&ge2_zfi); - rustsecp256k1_v0_11_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&resj, &ref)); + secp256k1_gej_add_zinv_var(&resj, &gej[i1], &ge2_zfi, &zf); + CHECK(secp256k1_gej_eq_ge_var(&resj, &ref)); } /* Test gej + ge (const). */ if (i2 != 0) { - /* rustsecp256k1_v0_11_gej_add_ge does not support its second argument being infinity. */ - rustsecp256k1_v0_11_gej_add_ge(&resj, &gej[i1], &ge[i2]); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&resj, &ref)); + /* secp256k1_gej_add_ge does not support its second argument being infinity. */ + secp256k1_gej_add_ge(&resj, &gej[i1], &ge[i2]); + CHECK(secp256k1_gej_eq_ge_var(&resj, &ref)); } /* Test doubling (var). */ if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 == ((i2 + 3)%4)/2)) { - rustsecp256k1_v0_11_fe zr2; + secp256k1_fe zr2; /* Normal doubling with Z ratio result. */ - rustsecp256k1_v0_11_gej_double_var(&resj, &gej[i1], &zr2); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&resj, &ref)); + secp256k1_gej_double_var(&resj, &gej[i1], &zr2); + CHECK(secp256k1_gej_eq_ge_var(&resj, &ref)); /* Check Z ratio. */ - rustsecp256k1_v0_11_fe_mul(&zr2, &zr2, &gej[i1].z); - CHECK(rustsecp256k1_v0_11_fe_equal(&zr2, &resj.z)); + secp256k1_fe_mul(&zr2, &zr2, &gej[i1].z); + CHECK(secp256k1_fe_equal(&zr2, &resj.z)); /* Normal doubling. */ - rustsecp256k1_v0_11_gej_double_var(&resj, &gej[i2], NULL); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&resj, &ref)); + secp256k1_gej_double_var(&resj, &gej[i2], NULL); + CHECK(secp256k1_gej_eq_ge_var(&resj, &ref)); /* Constant-time doubling. */ - rustsecp256k1_v0_11_gej_double(&resj, &gej[i2]); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&resj, &ref)); + secp256k1_gej_double(&resj, &gej[i2]); + CHECK(secp256k1_gej_eq_ge_var(&resj, &ref)); } /* Test adding opposites. */ if ((i1 == 0 && i2 == 0) || ((i1 + 3)/4 == (i2 + 3)/4 && ((i1 + 3)%4)/2 != ((i2 + 3)%4)/2)) { - CHECK(rustsecp256k1_v0_11_ge_is_infinity(&ref)); + CHECK(secp256k1_ge_is_infinity(&ref)); } /* Test adding infinity. */ if (i1 == 0) { - CHECK(rustsecp256k1_v0_11_ge_is_infinity(&ge[i1])); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&gej[i1])); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&gej[i2], &ref)); + CHECK(secp256k1_ge_is_infinity(&ge[i1])); + CHECK(secp256k1_gej_is_infinity(&gej[i1])); + CHECK(secp256k1_gej_eq_ge_var(&gej[i2], &ref)); } if (i2 == 0) { - CHECK(rustsecp256k1_v0_11_ge_is_infinity(&ge[i2])); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&gej[i2])); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&gej[i1], &ref)); + CHECK(secp256k1_ge_is_infinity(&ge[i2])); + CHECK(secp256k1_gej_is_infinity(&gej[i2])); + CHECK(secp256k1_gej_eq_ge_var(&gej[i1], &ref)); } } } /* Test adding all points together in random order equals infinity. */ { - rustsecp256k1_v0_11_gej sum = SECP256K1_GEJ_CONST_INFINITY; - rustsecp256k1_v0_11_gej *gej_shuffled = (rustsecp256k1_v0_11_gej *)checked_malloc(&CTX->error_callback, (4 * runs + 1) * sizeof(rustsecp256k1_v0_11_gej)); + secp256k1_gej sum = SECP256K1_GEJ_CONST_INFINITY; + secp256k1_gej *gej_shuffled = (secp256k1_gej *)checked_malloc(&CTX->error_callback, (4 * runs + 1) * sizeof(secp256k1_gej)); for (i = 0; i < 4 * runs + 1; i++) { gej_shuffled[i] = gej[i]; } for (i = 0; i < 4 * runs + 1; i++) { int swap = i + testrand_int(4 * runs + 1 - i); if (swap != i) { - rustsecp256k1_v0_11_gej t = gej_shuffled[i]; + secp256k1_gej t = gej_shuffled[i]; gej_shuffled[i] = gej_shuffled[swap]; gej_shuffled[swap] = t; } } for (i = 0; i < 4 * runs + 1; i++) { - rustsecp256k1_v0_11_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); + secp256k1_gej_add_var(&sum, &sum, &gej_shuffled[i], NULL); } - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&sum)); + CHECK(secp256k1_gej_is_infinity(&sum)); free(gej_shuffled); } /* Test batch gej -> ge conversion without known z ratios. */ { - rustsecp256k1_v0_11_ge *ge_set_all = (rustsecp256k1_v0_11_ge *)checked_malloc(&CTX->error_callback, (4 * runs + 1) * sizeof(rustsecp256k1_v0_11_ge)); - rustsecp256k1_v0_11_ge_set_all_gej_var(ge_set_all, gej, 4 * runs + 1); + secp256k1_ge *ge_set_all_var = (secp256k1_ge *)checked_malloc(&CTX->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge)); + secp256k1_ge *ge_set_all = (secp256k1_ge *)checked_malloc(&CTX->error_callback, (4 * runs + 1) * sizeof(secp256k1_ge)); + secp256k1_ge_set_all_gej_var(&ge_set_all_var[0], &gej[0], 4 * runs + 1); for (i = 0; i < 4 * runs + 1; i++) { - rustsecp256k1_v0_11_fe s; + secp256k1_fe s; + testutil_random_fe_non_zero(&s); + secp256k1_gej_rescale(&gej[i], &s); + CHECK(secp256k1_gej_eq_ge_var(&gej[i], &ge_set_all_var[i])); + } + + /* Skip infinity at &gej[0]. */ + secp256k1_ge_set_all_gej(&ge_set_all[1], &gej[1], 4 * runs); + for (i = 1; i < 4 * runs + 1; i++) { + secp256k1_fe s; testutil_random_fe_non_zero(&s); - rustsecp256k1_v0_11_gej_rescale(&gej[i], &s); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&gej[i], &ge_set_all[i])); + secp256k1_gej_rescale(&gej[i], &s); + CHECK(secp256k1_gej_eq_ge_var(&gej[i], &ge_set_all[i])); + CHECK(secp256k1_ge_eq_var(&ge_set_all_var[i], &ge_set_all[i])); } + + /* Test with an array of length 1. */ + secp256k1_ge_set_all_gej_var(ge_set_all_var, &gej[1], 1); + secp256k1_ge_set_all_gej(ge_set_all, &gej[1], 1); + CHECK(secp256k1_gej_eq_ge_var(&gej[1], &ge_set_all_var[1])); + CHECK(secp256k1_gej_eq_ge_var(&gej[1], &ge_set_all[1])); + CHECK(secp256k1_ge_eq_var(&ge_set_all_var[1], &ge_set_all[1])); + + /* Test with an array of length 0. */ + secp256k1_ge_set_all_gej_var(NULL, NULL, 0); + secp256k1_ge_set_all_gej(NULL, NULL, 0); + + free(ge_set_all_var); free(ge_set_all); } /* Test that all elements have X coordinates on the curve. */ for (i = 1; i < 4 * runs + 1; i++) { - rustsecp256k1_v0_11_fe n; - CHECK(rustsecp256k1_v0_11_ge_x_on_curve_var(&ge[i].x)); + secp256k1_fe n; + CHECK(secp256k1_ge_x_on_curve_var(&ge[i].x)); /* And the same holds after random rescaling. */ - rustsecp256k1_v0_11_fe_mul(&n, &zf, &ge[i].x); - CHECK(rustsecp256k1_v0_11_ge_x_frac_on_curve_var(&n, &zf)); + secp256k1_fe_mul(&n, &zf, &ge[i].x); + CHECK(secp256k1_ge_x_frac_on_curve_var(&n, &zf)); } - /* Test correspondence of rustsecp256k1_v0_11_ge_x{,_frac}_on_curve_var with ge_set_xo. */ + /* Test correspondence of secp256k1_ge_x{,_frac}_on_curve_var with ge_set_xo. */ { - rustsecp256k1_v0_11_fe n; - rustsecp256k1_v0_11_ge q; + secp256k1_fe n; + secp256k1_ge q; int ret_on_curve, ret_frac_on_curve, ret_set_xo; - rustsecp256k1_v0_11_fe_mul(&n, &zf, &r); - ret_on_curve = rustsecp256k1_v0_11_ge_x_on_curve_var(&r); - ret_frac_on_curve = rustsecp256k1_v0_11_ge_x_frac_on_curve_var(&n, &zf); - ret_set_xo = rustsecp256k1_v0_11_ge_set_xo_var(&q, &r, 0); + secp256k1_fe_mul(&n, &zf, &r); + ret_on_curve = secp256k1_ge_x_on_curve_var(&r); + ret_frac_on_curve = secp256k1_ge_x_frac_on_curve_var(&n, &zf); + ret_set_xo = secp256k1_ge_set_xo_var(&q, &r, 0); CHECK(ret_on_curve == ret_frac_on_curve); CHECK(ret_on_curve == ret_set_xo); - if (ret_set_xo) CHECK(rustsecp256k1_v0_11_fe_equal(&r, &q.x)); + if (ret_set_xo) CHECK(secp256k1_fe_equal(&r, &q.x)); } /* Test batch gej -> ge conversion with many infinities. */ for (i = 0; i < 4 * runs + 1; i++) { int odd; testutil_random_ge_test(&ge[i]); - odd = rustsecp256k1_v0_11_fe_is_odd(&ge[i].x); + odd = secp256k1_fe_is_odd(&ge[i].x); CHECK(odd == 0 || odd == 1); /* randomly set half the points to infinity */ if (odd == i % 2) { - rustsecp256k1_v0_11_ge_set_infinity(&ge[i]); + secp256k1_ge_set_infinity(&ge[i]); } - rustsecp256k1_v0_11_gej_set_ge(&gej[i], &ge[i]); + secp256k1_gej_set_ge(&gej[i], &ge[i]); } /* batch convert */ - rustsecp256k1_v0_11_ge_set_all_gej_var(ge, gej, 4 * runs + 1); + secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1); /* check result */ for (i = 0; i < 4 * runs + 1; i++) { - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&gej[i], &ge[i])); + CHECK(secp256k1_gej_eq_ge_var(&gej[i], &ge[i])); } /* Test batch gej -> ge conversion with all infinities. */ for (i = 0; i < 4 * runs + 1; i++) { - rustsecp256k1_v0_11_gej_set_infinity(&gej[i]); + secp256k1_gej_set_infinity(&gej[i]); } /* batch convert */ - rustsecp256k1_v0_11_ge_set_all_gej_var(ge, gej, 4 * runs + 1); + secp256k1_ge_set_all_gej_var(ge, gej, 4 * runs + 1); /* check result */ for (i = 0; i < 4 * runs + 1; i++) { - CHECK(rustsecp256k1_v0_11_ge_is_infinity(&ge[i])); + CHECK(secp256k1_ge_is_infinity(&ge[i])); } free(ge); free(gej); } -static void test_intialized_inf(void) { - rustsecp256k1_v0_11_ge p; - rustsecp256k1_v0_11_gej pj, npj, infj1, infj2, infj3; - rustsecp256k1_v0_11_fe zinv; +static void test_initialized_inf(void) { + secp256k1_ge p; + secp256k1_gej pj, npj, infj1, infj2, infj3; + secp256k1_fe zinv; /* Test that adding P+(-P) results in a fully initialized infinity*/ testutil_random_ge_test(&p); - rustsecp256k1_v0_11_gej_set_ge(&pj, &p); - rustsecp256k1_v0_11_gej_neg(&npj, &pj); + secp256k1_gej_set_ge(&pj, &p); + secp256k1_gej_neg(&npj, &pj); - rustsecp256k1_v0_11_gej_add_var(&infj1, &pj, &npj, NULL); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&infj1)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj1.x)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj1.y)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj1.z)); + secp256k1_gej_add_var(&infj1, &pj, &npj, NULL); + CHECK(secp256k1_gej_is_infinity(&infj1)); + CHECK(secp256k1_fe_is_zero(&infj1.x)); + CHECK(secp256k1_fe_is_zero(&infj1.y)); + CHECK(secp256k1_fe_is_zero(&infj1.z)); - rustsecp256k1_v0_11_gej_add_ge_var(&infj2, &npj, &p, NULL); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&infj2)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj2.x)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj2.y)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj2.z)); + secp256k1_gej_add_ge_var(&infj2, &npj, &p, NULL); + CHECK(secp256k1_gej_is_infinity(&infj2)); + CHECK(secp256k1_fe_is_zero(&infj2.x)); + CHECK(secp256k1_fe_is_zero(&infj2.y)); + CHECK(secp256k1_fe_is_zero(&infj2.z)); - rustsecp256k1_v0_11_fe_set_int(&zinv, 1); - rustsecp256k1_v0_11_gej_add_zinv_var(&infj3, &npj, &p, &zinv); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&infj3)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj3.x)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj3.y)); - CHECK(rustsecp256k1_v0_11_fe_is_zero(&infj3.z)); + secp256k1_fe_set_int(&zinv, 1); + secp256k1_gej_add_zinv_var(&infj3, &npj, &p, &zinv); + CHECK(secp256k1_gej_is_infinity(&infj3)); + CHECK(secp256k1_fe_is_zero(&infj3.x)); + CHECK(secp256k1_fe_is_zero(&infj3.y)); + CHECK(secp256k1_fe_is_zero(&infj3.z)); } @@ -3936,7 +3958,7 @@ static void test_add_neg_y_diff_x(void) { * * These points were generated in sage as * - * load("rustsecp256k1_v0_11_params.sage") + * load("secp256k1_params.sage") * * # random "bad pair" * P = C.random_element() @@ -3945,40 +3967,40 @@ static void test_add_neg_y_diff_x(void) { * print(" Q: %x %x" % Q.xy()) * print("P + Q: %x %x" % (P + Q).xy()) */ - rustsecp256k1_v0_11_gej aj = SECP256K1_GEJ_CONST( + secp256k1_gej aj = SECP256K1_GEJ_CONST( 0x8d24cd95, 0x0a355af1, 0x3c543505, 0x44238d30, 0x0643d79f, 0x05a59614, 0x2f8ec030, 0xd58977cb, 0x001e337a, 0x38093dcd, 0x6c0f386d, 0x0b1293a8, 0x4d72c879, 0xd7681924, 0x44e6d2f3, 0x9190117d ); - rustsecp256k1_v0_11_gej bj = SECP256K1_GEJ_CONST( + secp256k1_gej bj = SECP256K1_GEJ_CONST( 0xc7b74206, 0x1f788cd9, 0xabd0937d, 0x164a0d86, 0x95f6ff75, 0xf19a4ce9, 0xd013bd7b, 0xbf92d2a7, 0xffe1cc85, 0xc7f6c232, 0x93f0c792, 0xf4ed6c57, 0xb28d3786, 0x2897e6db, 0xbb192d0b, 0x6e6feab2 ); - rustsecp256k1_v0_11_gej sumj = SECP256K1_GEJ_CONST( + secp256k1_gej sumj = SECP256K1_GEJ_CONST( 0x671a63c0, 0x3efdad4c, 0x389a7798, 0x24356027, 0xb3d69010, 0x278625c3, 0x5c86d390, 0x184a8f7a, 0x5f6409c2, 0x2ce01f2b, 0x511fd375, 0x25071d08, 0xda651801, 0x70e95caf, 0x8f0d893c, 0xbed8fbbe ); - rustsecp256k1_v0_11_ge b; - rustsecp256k1_v0_11_gej resj; - rustsecp256k1_v0_11_ge res; - rustsecp256k1_v0_11_ge_set_gej(&b, &bj); + secp256k1_ge b; + secp256k1_gej resj; + secp256k1_ge res; + secp256k1_ge_set_gej(&b, &bj); - rustsecp256k1_v0_11_gej_add_var(&resj, &aj, &bj, NULL); - rustsecp256k1_v0_11_ge_set_gej(&res, &resj); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&sumj, &res)); + secp256k1_gej_add_var(&resj, &aj, &bj, NULL); + secp256k1_ge_set_gej(&res, &resj); + CHECK(secp256k1_gej_eq_ge_var(&sumj, &res)); - rustsecp256k1_v0_11_gej_add_ge(&resj, &aj, &b); - rustsecp256k1_v0_11_ge_set_gej(&res, &resj); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&sumj, &res)); + secp256k1_gej_add_ge(&resj, &aj, &b); + secp256k1_ge_set_gej(&res, &resj); + CHECK(secp256k1_gej_eq_ge_var(&sumj, &res)); - rustsecp256k1_v0_11_gej_add_ge_var(&resj, &aj, &b, NULL); - rustsecp256k1_v0_11_ge_set_gej(&res, &resj); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&sumj, &res)); + secp256k1_gej_add_ge_var(&resj, &aj, &b, NULL); + secp256k1_ge_set_gej(&res, &resj); + CHECK(secp256k1_gej_eq_ge_var(&sumj, &res)); } static void test_ge_bytes(void) { @@ -3986,26 +4008,26 @@ static void test_ge_bytes(void) { for (i = 0; i < COUNT + 1; i++) { unsigned char buf[64]; - rustsecp256k1_v0_11_ge p, q; + secp256k1_ge p, q; if (i == 0) { - rustsecp256k1_v0_11_ge_set_infinity(&p); + secp256k1_ge_set_infinity(&p); } else { testutil_random_ge_test(&p); } - if (!rustsecp256k1_v0_11_ge_is_infinity(&p)) { - rustsecp256k1_v0_11_ge_to_bytes(buf, &p); + if (!secp256k1_ge_is_infinity(&p)) { + secp256k1_ge_to_bytes(buf, &p); - rustsecp256k1_v0_11_ge_from_bytes(&q, buf); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&p, &q)); + secp256k1_ge_from_bytes(&q, buf); + CHECK(secp256k1_ge_eq_var(&p, &q)); - rustsecp256k1_v0_11_ge_from_bytes_ext(&q, buf); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&p, &q)); + secp256k1_ge_from_bytes_ext(&q, buf); + CHECK(secp256k1_ge_eq_var(&p, &q)); } - rustsecp256k1_v0_11_ge_to_bytes_ext(buf, &p); - rustsecp256k1_v0_11_ge_from_bytes_ext(&q, buf); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&p, &q)); + secp256k1_ge_to_bytes_ext(buf, &p); + secp256k1_ge_from_bytes_ext(&q, buf); + CHECK(secp256k1_ge_eq_var(&p, &q)); } } @@ -4015,26 +4037,26 @@ static void run_ge(void) { test_ge(); } test_add_neg_y_diff_x(); - test_intialized_inf(); + test_initialized_inf(); test_ge_bytes(); } -static void test_gej_cmov(const rustsecp256k1_v0_11_gej *a, const rustsecp256k1_v0_11_gej *b) { - rustsecp256k1_v0_11_gej t = *a; - rustsecp256k1_v0_11_gej_cmov(&t, b, 0); +static void test_gej_cmov(const secp256k1_gej *a, const secp256k1_gej *b) { + secp256k1_gej t = *a; + secp256k1_gej_cmov(&t, b, 0); CHECK(gej_xyz_equals_gej(&t, a)); - rustsecp256k1_v0_11_gej_cmov(&t, b, 1); + secp256k1_gej_cmov(&t, b, 1); CHECK(gej_xyz_equals_gej(&t, b)); } static void run_gej(void) { int i; - rustsecp256k1_v0_11_gej a, b; + secp256k1_gej a, b; - /* Tests for rustsecp256k1_v0_11_gej_cmov */ + /* Tests for secp256k1_gej_cmov */ for (i = 0; i < COUNT; i++) { - rustsecp256k1_v0_11_gej_set_infinity(&a); - rustsecp256k1_v0_11_gej_set_infinity(&b); + secp256k1_gej_set_infinity(&a); + secp256k1_gej_set_infinity(&b); test_gej_cmov(&a, &b); testutil_random_gej_test(&a); @@ -4049,42 +4071,42 @@ static void run_gej(void) { test_gej_cmov(&b, &a); } - /* Tests for rustsecp256k1_v0_11_gej_eq_var */ + /* Tests for secp256k1_gej_eq_var */ for (i = 0; i < COUNT; i++) { - rustsecp256k1_v0_11_fe fe; + secp256k1_fe fe; testutil_random_gej_test(&a); testutil_random_gej_test(&b); - CHECK(!rustsecp256k1_v0_11_gej_eq_var(&a, &b)); + CHECK(!secp256k1_gej_eq_var(&a, &b)); b = a; testutil_random_fe_non_zero_test(&fe); - rustsecp256k1_v0_11_gej_rescale(&a, &fe); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&a, &b)); + secp256k1_gej_rescale(&a, &fe); + CHECK(secp256k1_gej_eq_var(&a, &b)); } } static void test_ec_combine(void) { - rustsecp256k1_v0_11_scalar sum = rustsecp256k1_v0_11_scalar_zero; - rustsecp256k1_v0_11_pubkey data[6]; - const rustsecp256k1_v0_11_pubkey* d[6]; - rustsecp256k1_v0_11_pubkey sd; - rustsecp256k1_v0_11_pubkey sd2; - rustsecp256k1_v0_11_gej Qj; - rustsecp256k1_v0_11_ge Q; + secp256k1_scalar sum = secp256k1_scalar_zero; + secp256k1_pubkey data[6]; + const secp256k1_pubkey* d[6]; + secp256k1_pubkey sd; + secp256k1_pubkey sd2; + secp256k1_gej Qj; + secp256k1_ge Q; int i; for (i = 1; i <= 6; i++) { - rustsecp256k1_v0_11_scalar s; + secp256k1_scalar s; testutil_random_scalar_order_test(&s); - rustsecp256k1_v0_11_scalar_add(&sum, &sum, &s); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &Qj, &s); - rustsecp256k1_v0_11_ge_set_gej(&Q, &Qj); - rustsecp256k1_v0_11_pubkey_save(&data[i - 1], &Q); + secp256k1_scalar_add(&sum, &sum, &s); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &Qj, &s); + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(&data[i - 1], &Q); d[i - 1] = &data[i - 1]; - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &Qj, &sum); - rustsecp256k1_v0_11_ge_set_gej(&Q, &Qj); - rustsecp256k1_v0_11_pubkey_save(&sd, &Q); - CHECK(rustsecp256k1_v0_11_ec_pubkey_combine(CTX, &sd2, d, i) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&sd, &sd2, sizeof(sd)) == 0); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &Qj, &sum); + secp256k1_ge_set_gej(&Q, &Qj); + secp256k1_pubkey_save(&sd, &Q); + CHECK(secp256k1_ec_pubkey_combine(CTX, &sd2, d, i) == 1); + CHECK(secp256k1_memcmp_var(&sd, &sd2, sizeof(sd)) == 0); } } @@ -4095,45 +4117,45 @@ static void run_ec_combine(void) { } } -static void test_group_decompress(const rustsecp256k1_v0_11_fe* x) { +static void test_group_decompress(const secp256k1_fe* x) { /* The input itself, normalized. */ - rustsecp256k1_v0_11_fe fex = *x; + secp256k1_fe fex = *x; /* Results of set_xo_var(..., 0), set_xo_var(..., 1). */ - rustsecp256k1_v0_11_ge ge_even, ge_odd; + secp256k1_ge ge_even, ge_odd; /* Return values of the above calls. */ int res_even, res_odd; - rustsecp256k1_v0_11_fe_normalize_var(&fex); + secp256k1_fe_normalize_var(&fex); - res_even = rustsecp256k1_v0_11_ge_set_xo_var(&ge_even, &fex, 0); - res_odd = rustsecp256k1_v0_11_ge_set_xo_var(&ge_odd, &fex, 1); + res_even = secp256k1_ge_set_xo_var(&ge_even, &fex, 0); + res_odd = secp256k1_ge_set_xo_var(&ge_odd, &fex, 1); CHECK(res_even == res_odd); if (res_even) { - rustsecp256k1_v0_11_fe_normalize_var(&ge_odd.x); - rustsecp256k1_v0_11_fe_normalize_var(&ge_even.x); - rustsecp256k1_v0_11_fe_normalize_var(&ge_odd.y); - rustsecp256k1_v0_11_fe_normalize_var(&ge_even.y); + secp256k1_fe_normalize_var(&ge_odd.x); + secp256k1_fe_normalize_var(&ge_even.x); + secp256k1_fe_normalize_var(&ge_odd.y); + secp256k1_fe_normalize_var(&ge_even.y); /* No infinity allowed. */ CHECK(!ge_even.infinity); CHECK(!ge_odd.infinity); /* Check that the x coordinates check out. */ - CHECK(rustsecp256k1_v0_11_fe_equal(&ge_even.x, x)); - CHECK(rustsecp256k1_v0_11_fe_equal(&ge_odd.x, x)); + CHECK(secp256k1_fe_equal(&ge_even.x, x)); + CHECK(secp256k1_fe_equal(&ge_odd.x, x)); /* Check odd/even Y in ge_odd, ge_even. */ - CHECK(rustsecp256k1_v0_11_fe_is_odd(&ge_odd.y)); - CHECK(!rustsecp256k1_v0_11_fe_is_odd(&ge_even.y)); + CHECK(secp256k1_fe_is_odd(&ge_odd.y)); + CHECK(!secp256k1_fe_is_odd(&ge_even.y)); } } static void run_group_decompress(void) { int i; for (i = 0; i < COUNT * 4; i++) { - rustsecp256k1_v0_11_fe fe; + secp256k1_fe fe; testutil_random_fe_test(&fe); test_group_decompress(&fe); } @@ -4141,7 +4163,7 @@ static void run_group_decompress(void) { /***** ECMULT TESTS *****/ -static void test_pre_g_table(const rustsecp256k1_v0_11_ge_storage * pre_g, size_t n) { +static void test_pre_g_table(const secp256k1_ge_storage * pre_g, size_t n) { /* Tests the pre_g / pre_g_128 tables for consistency. * For independent verification we take a "geometric" approach to verification. * We check that every entry is on-curve. @@ -4152,168 +4174,168 @@ static void test_pre_g_table(const rustsecp256k1_v0_11_ge_storage * pre_g, size_ * * Checking the table's generators are correct is done in run_ecmult_pre_g. */ - rustsecp256k1_v0_11_gej g2; - rustsecp256k1_v0_11_ge p, q, gg; - rustsecp256k1_v0_11_fe dpx, dpy, dqx, dqy; + secp256k1_gej g2; + secp256k1_ge p, q, gg; + secp256k1_fe dpx, dpy, dqx, dqy; size_t i; CHECK(0 < n); - rustsecp256k1_v0_11_ge_from_storage(&p, &pre_g[0]); - CHECK(rustsecp256k1_v0_11_ge_is_valid_var(&p)); + secp256k1_ge_from_storage(&p, &pre_g[0]); + CHECK(secp256k1_ge_is_valid_var(&p)); - rustsecp256k1_v0_11_gej_set_ge(&g2, &p); - rustsecp256k1_v0_11_gej_double_var(&g2, &g2, NULL); - rustsecp256k1_v0_11_ge_set_gej_var(&gg, &g2); + secp256k1_gej_set_ge(&g2, &p); + secp256k1_gej_double_var(&g2, &g2, NULL); + secp256k1_ge_set_gej_var(&gg, &g2); for (i = 1; i < n; ++i) { - rustsecp256k1_v0_11_fe_negate(&dpx, &p.x, 1); rustsecp256k1_v0_11_fe_add(&dpx, &gg.x); rustsecp256k1_v0_11_fe_normalize_weak(&dpx); - rustsecp256k1_v0_11_fe_negate(&dpy, &p.y, 1); rustsecp256k1_v0_11_fe_add(&dpy, &gg.y); rustsecp256k1_v0_11_fe_normalize_weak(&dpy); + secp256k1_fe_negate(&dpx, &p.x, 1); secp256k1_fe_add(&dpx, &gg.x); secp256k1_fe_normalize_weak(&dpx); + secp256k1_fe_negate(&dpy, &p.y, 1); secp256k1_fe_add(&dpy, &gg.y); secp256k1_fe_normalize_weak(&dpy); /* Check that p is not equal to gg */ - CHECK(!rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&dpx) || !rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&dpy)); + CHECK(!secp256k1_fe_normalizes_to_zero_var(&dpx) || !secp256k1_fe_normalizes_to_zero_var(&dpy)); - rustsecp256k1_v0_11_ge_from_storage(&q, &pre_g[i]); - CHECK(rustsecp256k1_v0_11_ge_is_valid_var(&q)); + secp256k1_ge_from_storage(&q, &pre_g[i]); + CHECK(secp256k1_ge_is_valid_var(&q)); - rustsecp256k1_v0_11_fe_negate(&dqx, &q.x, 1); rustsecp256k1_v0_11_fe_add(&dqx, &gg.x); - dqy = q.y; rustsecp256k1_v0_11_fe_add(&dqy, &gg.y); + secp256k1_fe_negate(&dqx, &q.x, 1); secp256k1_fe_add(&dqx, &gg.x); + dqy = q.y; secp256k1_fe_add(&dqy, &gg.y); /* Check that -q is not equal to gg */ - CHECK(!rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&dqx) || !rustsecp256k1_v0_11_fe_normalizes_to_zero_var(&dqy)); + CHECK(!secp256k1_fe_normalizes_to_zero_var(&dqx) || !secp256k1_fe_normalizes_to_zero_var(&dqy)); /* Check that -q is not equal to p */ - CHECK(!rustsecp256k1_v0_11_fe_equal(&dpx, &dqx) || !rustsecp256k1_v0_11_fe_equal(&dpy, &dqy)); + CHECK(!secp256k1_fe_equal(&dpx, &dqx) || !secp256k1_fe_equal(&dpy, &dqy)); /* Check that p, -q and gg are colinear */ - rustsecp256k1_v0_11_fe_mul(&dpx, &dpx, &dqy); - rustsecp256k1_v0_11_fe_mul(&dpy, &dpy, &dqx); - CHECK(rustsecp256k1_v0_11_fe_equal(&dpx, &dpy)); + secp256k1_fe_mul(&dpx, &dpx, &dqy); + secp256k1_fe_mul(&dpy, &dpy, &dqx); + CHECK(secp256k1_fe_equal(&dpx, &dpy)); p = q; } } static void run_ecmult_pre_g(void) { - rustsecp256k1_v0_11_ge_storage gs; - rustsecp256k1_v0_11_gej gj; - rustsecp256k1_v0_11_ge g; + secp256k1_ge_storage gs; + secp256k1_gej gj; + secp256k1_ge g; size_t i; /* Check that the pre_g and pre_g_128 tables are consistent. */ - test_pre_g_table(rustsecp256k1_v0_11_pre_g, ECMULT_TABLE_SIZE(WINDOW_G)); - test_pre_g_table(rustsecp256k1_v0_11_pre_g_128, ECMULT_TABLE_SIZE(WINDOW_G)); + test_pre_g_table(secp256k1_pre_g, ECMULT_TABLE_SIZE(WINDOW_G)); + test_pre_g_table(secp256k1_pre_g_128, ECMULT_TABLE_SIZE(WINDOW_G)); /* Check the first entry from the pre_g table. */ - rustsecp256k1_v0_11_ge_to_storage(&gs, &rustsecp256k1_v0_11_ge_const_g); - CHECK(rustsecp256k1_v0_11_memcmp_var(&gs, &rustsecp256k1_v0_11_pre_g[0], sizeof(gs)) == 0); + secp256k1_ge_to_storage(&gs, &secp256k1_ge_const_g); + CHECK(secp256k1_memcmp_var(&gs, &secp256k1_pre_g[0], sizeof(gs)) == 0); /* Check the first entry from the pre_g_128 table. */ - rustsecp256k1_v0_11_gej_set_ge(&gj, &rustsecp256k1_v0_11_ge_const_g); + secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); for (i = 0; i < 128; ++i) { - rustsecp256k1_v0_11_gej_double_var(&gj, &gj, NULL); + secp256k1_gej_double_var(&gj, &gj, NULL); } - rustsecp256k1_v0_11_ge_set_gej(&g, &gj); - rustsecp256k1_v0_11_ge_to_storage(&gs, &g); - CHECK(rustsecp256k1_v0_11_memcmp_var(&gs, &rustsecp256k1_v0_11_pre_g_128[0], sizeof(gs)) == 0); + secp256k1_ge_set_gej(&g, &gj); + secp256k1_ge_to_storage(&gs, &g); + CHECK(secp256k1_memcmp_var(&gs, &secp256k1_pre_g_128[0], sizeof(gs)) == 0); } static void run_ecmult_chain(void) { /* random starting point A (on the curve) */ - rustsecp256k1_v0_11_gej a = SECP256K1_GEJ_CONST( + secp256k1_gej a = SECP256K1_GEJ_CONST( 0x8b30bbe9, 0xae2a9906, 0x96b22f67, 0x0709dff3, 0x727fd8bc, 0x04d3362c, 0x6c7bf458, 0xe2846004, 0xa357ae91, 0x5c4a6528, 0x1309edf2, 0x0504740f, 0x0eb33439, 0x90216b4f, 0x81063cb6, 0x5f2f7e0f ); /* two random initial factors xn and gn */ - rustsecp256k1_v0_11_scalar xn = SECP256K1_SCALAR_CONST( + secp256k1_scalar xn = SECP256K1_SCALAR_CONST( 0x84cc5452, 0xf7fde1ed, 0xb4d38a8c, 0xe9b1b84c, 0xcef31f14, 0x6e569be9, 0x705d357a, 0x42985407 ); - rustsecp256k1_v0_11_scalar gn = SECP256K1_SCALAR_CONST( + secp256k1_scalar gn = SECP256K1_SCALAR_CONST( 0xa1e58d22, 0x553dcd42, 0xb2398062, 0x5d4c57a9, 0x6e9323d4, 0x2b3152e5, 0xca2c3990, 0xedc7c9de ); /* two small multipliers to be applied to xn and gn in every iteration: */ - static const rustsecp256k1_v0_11_scalar xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337); - static const rustsecp256k1_v0_11_scalar gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113); + static const secp256k1_scalar xf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x1337); + static const secp256k1_scalar gf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0x7113); /* accumulators with the resulting coefficients to A and G */ - rustsecp256k1_v0_11_scalar ae = rustsecp256k1_v0_11_scalar_one; - rustsecp256k1_v0_11_scalar ge = rustsecp256k1_v0_11_scalar_zero; + secp256k1_scalar ae = secp256k1_scalar_one; + secp256k1_scalar ge = secp256k1_scalar_zero; /* actual points */ - rustsecp256k1_v0_11_gej x; - rustsecp256k1_v0_11_gej x2; + secp256k1_gej x; + secp256k1_gej x2; int i; /* the point being computed */ x = a; for (i = 0; i < 200*COUNT; i++) { /* in each iteration, compute X = xn*X + gn*G; */ - rustsecp256k1_v0_11_ecmult(&x, &x, &xn, &gn); + secp256k1_ecmult(&x, &x, &xn, &gn); /* also compute ae and ge: the actual accumulated factors for A and G */ /* if X was (ae*A+ge*G), xn*X + gn*G results in (xn*ae*A + (xn*ge+gn)*G) */ - rustsecp256k1_v0_11_scalar_mul(&ae, &ae, &xn); - rustsecp256k1_v0_11_scalar_mul(&ge, &ge, &xn); - rustsecp256k1_v0_11_scalar_add(&ge, &ge, &gn); + secp256k1_scalar_mul(&ae, &ae, &xn); + secp256k1_scalar_mul(&ge, &ge, &xn); + secp256k1_scalar_add(&ge, &ge, &gn); /* modify xn and gn */ - rustsecp256k1_v0_11_scalar_mul(&xn, &xn, &xf); - rustsecp256k1_v0_11_scalar_mul(&gn, &gn, &gf); + secp256k1_scalar_mul(&xn, &xn, &xf); + secp256k1_scalar_mul(&gn, &gn, &gf); /* verify */ if (i == 19999) { /* expected result after 19999 iterations */ - rustsecp256k1_v0_11_gej rp = SECP256K1_GEJ_CONST( + secp256k1_gej rp = SECP256K1_GEJ_CONST( 0xD6E96687, 0xF9B10D09, 0x2A6F3543, 0x9D86CEBE, 0xA4535D0D, 0x409F5358, 0x6440BD74, 0xB933E830, 0xB95CBCA2, 0xC77DA786, 0x539BE8FD, 0x53354D2D, 0x3B4F566A, 0xE6580454, 0x07ED6015, 0xEE1B2A88 ); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&rp, &x)); + CHECK(secp256k1_gej_eq_var(&rp, &x)); } } /* redo the computation, but directly with the resulting ae and ge coefficients: */ - rustsecp256k1_v0_11_ecmult(&x2, &a, &ae, &ge); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&x, &x2)); + secp256k1_ecmult(&x2, &a, &ae, &ge); + CHECK(secp256k1_gej_eq_var(&x, &x2)); } -static void test_point_times_order(const rustsecp256k1_v0_11_gej *point) { +static void test_point_times_order(const secp256k1_gej *point) { /* X * (point + G) + (order-X) * (pointer + G) = 0 */ - rustsecp256k1_v0_11_scalar x; - rustsecp256k1_v0_11_scalar nx; - rustsecp256k1_v0_11_gej res1, res2; - rustsecp256k1_v0_11_ge res3; + secp256k1_scalar x; + secp256k1_scalar nx; + secp256k1_gej res1, res2; + secp256k1_ge res3; unsigned char pub[65]; size_t psize = 65; testutil_random_scalar_order_test(&x); - rustsecp256k1_v0_11_scalar_negate(&nx, &x); - rustsecp256k1_v0_11_ecmult(&res1, point, &x, &x); /* calc res1 = x * point + x * G; */ - rustsecp256k1_v0_11_ecmult(&res2, point, &nx, &nx); /* calc res2 = (order - x) * point + (order - x) * G; */ - rustsecp256k1_v0_11_gej_add_var(&res1, &res1, &res2, NULL); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&res1)); - rustsecp256k1_v0_11_ge_set_gej(&res3, &res1); - CHECK(rustsecp256k1_v0_11_ge_is_infinity(&res3)); - CHECK(rustsecp256k1_v0_11_ge_is_valid_var(&res3) == 0); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_serialize(&res3, pub, &psize, 0) == 0); + secp256k1_scalar_negate(&nx, &x); + secp256k1_ecmult(&res1, point, &x, &x); /* calc res1 = x * point + x * G; */ + secp256k1_ecmult(&res2, point, &nx, &nx); /* calc res2 = (order - x) * point + (order - x) * G; */ + secp256k1_gej_add_var(&res1, &res1, &res2, NULL); + CHECK(secp256k1_gej_is_infinity(&res1)); + secp256k1_ge_set_gej(&res3, &res1); + CHECK(secp256k1_ge_is_infinity(&res3)); + CHECK(secp256k1_ge_is_valid_var(&res3) == 0); + CHECK(secp256k1_eckey_pubkey_serialize(&res3, pub, &psize, 0) == 0); psize = 65; - CHECK(rustsecp256k1_v0_11_eckey_pubkey_serialize(&res3, pub, &psize, 1) == 0); + CHECK(secp256k1_eckey_pubkey_serialize(&res3, pub, &psize, 1) == 0); /* check zero/one edge cases */ - rustsecp256k1_v0_11_ecmult(&res1, point, &rustsecp256k1_v0_11_scalar_zero, &rustsecp256k1_v0_11_scalar_zero); - rustsecp256k1_v0_11_ge_set_gej(&res3, &res1); - CHECK(rustsecp256k1_v0_11_ge_is_infinity(&res3)); - rustsecp256k1_v0_11_ecmult(&res1, point, &rustsecp256k1_v0_11_scalar_one, &rustsecp256k1_v0_11_scalar_zero); - rustsecp256k1_v0_11_ge_set_gej(&res3, &res1); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(point, &res3)); - rustsecp256k1_v0_11_ecmult(&res1, point, &rustsecp256k1_v0_11_scalar_zero, &rustsecp256k1_v0_11_scalar_one); - rustsecp256k1_v0_11_ge_set_gej(&res3, &res1); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&rustsecp256k1_v0_11_ge_const_g, &res3)); -} - -/* These scalars reach large (in absolute value) outputs when fed to rustsecp256k1_v0_11_scalar_split_lambda. + secp256k1_ecmult(&res1, point, &secp256k1_scalar_zero, &secp256k1_scalar_zero); + secp256k1_ge_set_gej(&res3, &res1); + CHECK(secp256k1_ge_is_infinity(&res3)); + secp256k1_ecmult(&res1, point, &secp256k1_scalar_one, &secp256k1_scalar_zero); + secp256k1_ge_set_gej(&res3, &res1); + CHECK(secp256k1_gej_eq_ge_var(point, &res3)); + secp256k1_ecmult(&res1, point, &secp256k1_scalar_zero, &secp256k1_scalar_one); + secp256k1_ge_set_gej(&res3, &res1); + CHECK(secp256k1_ge_eq_var(&secp256k1_ge_const_g, &res3)); +} + +/* These scalars reach large (in absolute value) outputs when fed to secp256k1_scalar_split_lambda. * * They are computed as: * - For a in [-2, -1, 0, 1, 2]: * - For b in [-3, -1, 1, 3]: * - Output (a*LAMBDA + (ORDER+b)/2) % ORDER */ -static const rustsecp256k1_v0_11_scalar scalars_near_split_bounds[20] = { +static const secp256k1_scalar scalars_near_split_bounds[20] = { SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fc), SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fd), SECP256K1_SCALAR_CONST(0xd938a566, 0x7f479e3e, 0xb5b3c7fa, 0xefdb3749, 0x3aa0585c, 0xc5ea2367, 0xe1b660db, 0x0209e6fe), @@ -4336,42 +4358,42 @@ static const rustsecp256k1_v0_11_scalar scalars_near_split_bounds[20] = { SECP256K1_SCALAR_CONST(0x26c75a99, 0x80b861c1, 0x4a4c3805, 0x1024c8b4, 0x704d760e, 0xe95e7cd3, 0xde1bfdb1, 0xce2c5a45) }; -static void test_ecmult_target(const rustsecp256k1_v0_11_scalar* target, int mode) { +static void test_ecmult_target(const secp256k1_scalar* target, int mode) { /* Mode: 0=ecmult_gen, 1=ecmult, 2=ecmult_const */ - rustsecp256k1_v0_11_scalar n1, n2; - rustsecp256k1_v0_11_ge p; - rustsecp256k1_v0_11_gej pj, p1j, p2j, ptj; + secp256k1_scalar n1, n2; + secp256k1_ge p; + secp256k1_gej pj, p1j, p2j, ptj; /* Generate random n1,n2 such that n1+n2 = -target. */ testutil_random_scalar_order_test(&n1); - rustsecp256k1_v0_11_scalar_add(&n2, &n1, target); - rustsecp256k1_v0_11_scalar_negate(&n2, &n2); + secp256k1_scalar_add(&n2, &n1, target); + secp256k1_scalar_negate(&n2, &n2); /* Generate a random input point. */ if (mode != 0) { testutil_random_ge_test(&p); - rustsecp256k1_v0_11_gej_set_ge(&pj, &p); + secp256k1_gej_set_ge(&pj, &p); } /* EC multiplications */ if (mode == 0) { - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &p1j, &n1); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &p2j, &n2); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &ptj, target); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &p1j, &n1); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &p2j, &n2); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &ptj, target); } else if (mode == 1) { - rustsecp256k1_v0_11_ecmult(&p1j, &pj, &n1, &rustsecp256k1_v0_11_scalar_zero); - rustsecp256k1_v0_11_ecmult(&p2j, &pj, &n2, &rustsecp256k1_v0_11_scalar_zero); - rustsecp256k1_v0_11_ecmult(&ptj, &pj, target, &rustsecp256k1_v0_11_scalar_zero); + secp256k1_ecmult(&p1j, &pj, &n1, &secp256k1_scalar_zero); + secp256k1_ecmult(&p2j, &pj, &n2, &secp256k1_scalar_zero); + secp256k1_ecmult(&ptj, &pj, target, &secp256k1_scalar_zero); } else { - rustsecp256k1_v0_11_ecmult_const(&p1j, &p, &n1); - rustsecp256k1_v0_11_ecmult_const(&p2j, &p, &n2); - rustsecp256k1_v0_11_ecmult_const(&ptj, &p, target); + secp256k1_ecmult_const(&p1j, &p, &n1); + secp256k1_ecmult_const(&p2j, &p, &n2); + secp256k1_ecmult_const(&ptj, &p, target); } /* Add them all up: n1*P + n2*P + target*P = (n1+n2+target)*P = (n1+n1-n1-n2)*P = 0. */ - rustsecp256k1_v0_11_gej_add_var(&ptj, &ptj, &p1j, NULL); - rustsecp256k1_v0_11_gej_add_var(&ptj, &ptj, &p2j, NULL); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&ptj)); + secp256k1_gej_add_var(&ptj, &ptj, &p1j, NULL); + secp256k1_gej_add_var(&ptj, &ptj, &p2j, NULL); + CHECK(secp256k1_gej_is_infinity(&ptj)); } static void run_ecmult_near_split_bound(void) { @@ -4388,119 +4410,119 @@ static void run_ecmult_near_split_bound(void) { static void run_point_times_order(void) { int i; - rustsecp256k1_v0_11_fe x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2); - static const rustsecp256k1_v0_11_fe xr = SECP256K1_FE_CONST( + secp256k1_fe x = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 2); + static const secp256k1_fe xr = SECP256K1_FE_CONST( 0x7603CB59, 0xB0EF6C63, 0xFE608479, 0x2A0C378C, 0xDB3233A8, 0x0F8A9A09, 0xA877DEAD, 0x31B38C45 ); for (i = 0; i < 500; i++) { - rustsecp256k1_v0_11_ge p; - if (rustsecp256k1_v0_11_ge_set_xo_var(&p, &x, 1)) { - rustsecp256k1_v0_11_gej j; - CHECK(rustsecp256k1_v0_11_ge_is_valid_var(&p)); - rustsecp256k1_v0_11_gej_set_ge(&j, &p); + secp256k1_ge p; + if (secp256k1_ge_set_xo_var(&p, &x, 1)) { + secp256k1_gej j; + CHECK(secp256k1_ge_is_valid_var(&p)); + secp256k1_gej_set_ge(&j, &p); test_point_times_order(&j); } - rustsecp256k1_v0_11_fe_sqr(&x, &x); + secp256k1_fe_sqr(&x, &x); } - rustsecp256k1_v0_11_fe_normalize_var(&x); - CHECK(rustsecp256k1_v0_11_fe_equal(&x, &xr)); + secp256k1_fe_normalize_var(&x); + CHECK(secp256k1_fe_equal(&x, &xr)); } static void ecmult_const_random_mult(void) { /* random starting point A (on the curve) */ - rustsecp256k1_v0_11_ge a = SECP256K1_GE_CONST( + secp256k1_ge a = SECP256K1_GE_CONST( 0x6d986544, 0x57ff52b8, 0xcf1b8126, 0x5b802a5b, 0xa97f9263, 0xb1e88044, 0x93351325, 0x91bc450a, 0x535c59f7, 0x325e5d2b, 0xc391fbe8, 0x3c12787c, 0x337e4a98, 0xe82a9011, 0x0123ba37, 0xdd769c7d ); /* random initial factor xn */ - rustsecp256k1_v0_11_scalar xn = SECP256K1_SCALAR_CONST( + secp256k1_scalar xn = SECP256K1_SCALAR_CONST( 0x649d4f77, 0xc4242df7, 0x7f2079c9, 0x14530327, 0xa31b876a, 0xd2d8ce2a, 0x2236d5c6, 0xd7b2029b ); /* expected xn * A (from sage) */ - rustsecp256k1_v0_11_ge expected_b = SECP256K1_GE_CONST( + secp256k1_ge expected_b = SECP256K1_GE_CONST( 0x23773684, 0x4d209dc7, 0x098a786f, 0x20d06fcd, 0x070a38bf, 0xc11ac651, 0x03004319, 0x1e2a8786, 0xed8c3b8e, 0xc06dd57b, 0xd06ea66e, 0x45492b0f, 0xb84e4e1b, 0xfb77e21f, 0x96baae2a, 0x63dec956 ); - rustsecp256k1_v0_11_gej b; - rustsecp256k1_v0_11_ecmult_const(&b, &a, &xn); + secp256k1_gej b; + secp256k1_ecmult_const(&b, &a, &xn); - CHECK(rustsecp256k1_v0_11_ge_is_valid_var(&a)); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&b, &expected_b)); + CHECK(secp256k1_ge_is_valid_var(&a)); + CHECK(secp256k1_gej_eq_ge_var(&b, &expected_b)); } static void ecmult_const_commutativity(void) { - rustsecp256k1_v0_11_scalar a; - rustsecp256k1_v0_11_scalar b; - rustsecp256k1_v0_11_gej res1; - rustsecp256k1_v0_11_gej res2; - rustsecp256k1_v0_11_ge mid1; - rustsecp256k1_v0_11_ge mid2; + secp256k1_scalar a; + secp256k1_scalar b; + secp256k1_gej res1; + secp256k1_gej res2; + secp256k1_ge mid1; + secp256k1_ge mid2; testutil_random_scalar_order_test(&a); testutil_random_scalar_order_test(&b); - rustsecp256k1_v0_11_ecmult_const(&res1, &rustsecp256k1_v0_11_ge_const_g, &a); - rustsecp256k1_v0_11_ecmult_const(&res2, &rustsecp256k1_v0_11_ge_const_g, &b); - rustsecp256k1_v0_11_ge_set_gej(&mid1, &res1); - rustsecp256k1_v0_11_ge_set_gej(&mid2, &res2); - rustsecp256k1_v0_11_ecmult_const(&res1, &mid1, &b); - rustsecp256k1_v0_11_ecmult_const(&res2, &mid2, &a); - rustsecp256k1_v0_11_ge_set_gej(&mid1, &res1); - rustsecp256k1_v0_11_ge_set_gej(&mid2, &res2); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&mid1, &mid2)); + secp256k1_ecmult_const(&res1, &secp256k1_ge_const_g, &a); + secp256k1_ecmult_const(&res2, &secp256k1_ge_const_g, &b); + secp256k1_ge_set_gej(&mid1, &res1); + secp256k1_ge_set_gej(&mid2, &res2); + secp256k1_ecmult_const(&res1, &mid1, &b); + secp256k1_ecmult_const(&res2, &mid2, &a); + secp256k1_ge_set_gej(&mid1, &res1); + secp256k1_ge_set_gej(&mid2, &res2); + CHECK(secp256k1_ge_eq_var(&mid1, &mid2)); } static void ecmult_const_mult_zero_one(void) { - rustsecp256k1_v0_11_scalar s; - rustsecp256k1_v0_11_scalar negone; - rustsecp256k1_v0_11_gej res1; - rustsecp256k1_v0_11_ge res2; - rustsecp256k1_v0_11_ge point; - rustsecp256k1_v0_11_ge inf; + secp256k1_scalar s; + secp256k1_scalar negone; + secp256k1_gej res1; + secp256k1_ge res2; + secp256k1_ge point; + secp256k1_ge inf; testutil_random_scalar_order_test(&s); - rustsecp256k1_v0_11_scalar_negate(&negone, &rustsecp256k1_v0_11_scalar_one); + secp256k1_scalar_negate(&negone, &secp256k1_scalar_one); testutil_random_ge_test(&point); - rustsecp256k1_v0_11_ge_set_infinity(&inf); + secp256k1_ge_set_infinity(&inf); /* 0*point */ - rustsecp256k1_v0_11_ecmult_const(&res1, &point, &rustsecp256k1_v0_11_scalar_zero); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&res1)); + secp256k1_ecmult_const(&res1, &point, &secp256k1_scalar_zero); + CHECK(secp256k1_gej_is_infinity(&res1)); /* s*inf */ - rustsecp256k1_v0_11_ecmult_const(&res1, &inf, &s); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&res1)); + secp256k1_ecmult_const(&res1, &inf, &s); + CHECK(secp256k1_gej_is_infinity(&res1)); /* 1*point */ - rustsecp256k1_v0_11_ecmult_const(&res1, &point, &rustsecp256k1_v0_11_scalar_one); - rustsecp256k1_v0_11_ge_set_gej(&res2, &res1); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&res2, &point)); + secp256k1_ecmult_const(&res1, &point, &secp256k1_scalar_one); + secp256k1_ge_set_gej(&res2, &res1); + CHECK(secp256k1_ge_eq_var(&res2, &point)); /* -1*point */ - rustsecp256k1_v0_11_ecmult_const(&res1, &point, &negone); - rustsecp256k1_v0_11_gej_neg(&res1, &res1); - rustsecp256k1_v0_11_ge_set_gej(&res2, &res1); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&res2, &point)); + secp256k1_ecmult_const(&res1, &point, &negone); + secp256k1_gej_neg(&res1, &res1); + secp256k1_ge_set_gej(&res2, &res1); + CHECK(secp256k1_ge_eq_var(&res2, &point)); } -static void ecmult_const_check_result(const rustsecp256k1_v0_11_ge *A, const rustsecp256k1_v0_11_scalar* q, const rustsecp256k1_v0_11_gej *res) { - rustsecp256k1_v0_11_gej pointj, res2j; - rustsecp256k1_v0_11_ge res2; - rustsecp256k1_v0_11_gej_set_ge(&pointj, A); - rustsecp256k1_v0_11_ecmult(&res2j, &pointj, q, &rustsecp256k1_v0_11_scalar_zero); - rustsecp256k1_v0_11_ge_set_gej(&res2, &res2j); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(res, &res2)); +static void ecmult_const_check_result(const secp256k1_ge *A, const secp256k1_scalar* q, const secp256k1_gej *res) { + secp256k1_gej pointj, res2j; + secp256k1_ge res2; + secp256k1_gej_set_ge(&pointj, A); + secp256k1_ecmult(&res2j, &pointj, q, &secp256k1_scalar_zero); + secp256k1_ge_set_gej(&res2, &res2j); + CHECK(secp256k1_gej_eq_ge_var(res, &res2)); } static void ecmult_const_edges(void) { - rustsecp256k1_v0_11_scalar q; - rustsecp256k1_v0_11_ge point; - rustsecp256k1_v0_11_gej res; + secp256k1_scalar q; + secp256k1_ge point; + secp256k1_gej res; size_t i; size_t cases = 1 + sizeof(scalars_near_split_bounds) / sizeof(scalars_near_split_bounds[0]); @@ -4513,13 +4535,13 @@ static void ecmult_const_edges(void) { * <=> q = 2*scalars_near_split_bounds[i] - K */ for (i = 0; i < cases; ++i) { - rustsecp256k1_v0_11_scalar_negate(&q, &rustsecp256k1_v0_11_ecmult_const_K); + secp256k1_scalar_negate(&q, &secp256k1_ecmult_const_K); if (i > 0) { - rustsecp256k1_v0_11_scalar_add(&q, &q, &scalars_near_split_bounds[i - 1]); - rustsecp256k1_v0_11_scalar_add(&q, &q, &scalars_near_split_bounds[i - 1]); + secp256k1_scalar_add(&q, &q, &scalars_near_split_bounds[i - 1]); + secp256k1_scalar_add(&q, &q, &scalars_near_split_bounds[i - 1]); } testutil_random_ge_test(&point); - rustsecp256k1_v0_11_ecmult_const(&res, &point, &q); + secp256k1_ecmult_const(&res, &point, &q); ecmult_const_check_result(&point, &q, &res); } } @@ -4527,12 +4549,12 @@ static void ecmult_const_edges(void) { static void ecmult_const_mult_xonly(void) { int i; - /* Test correspondence between rustsecp256k1_v0_11_ecmult_const and rustsecp256k1_v0_11_ecmult_const_xonly. */ + /* Test correspondence between secp256k1_ecmult_const and secp256k1_ecmult_const_xonly. */ for (i = 0; i < 2*COUNT; ++i) { - rustsecp256k1_v0_11_ge base; - rustsecp256k1_v0_11_gej basej, resj; - rustsecp256k1_v0_11_fe n, d, resx, v; - rustsecp256k1_v0_11_scalar q; + secp256k1_ge base; + secp256k1_gej basej, resj; + secp256k1_fe n, d, resx, v; + secp256k1_scalar q; int res; /* Random base point. */ testutil_random_ge_test(&base); @@ -4541,68 +4563,68 @@ static void ecmult_const_mult_xonly(void) { /* If i is odd, n=d*base.x for random non-zero d */ if (i & 1) { testutil_random_fe_non_zero_test(&d); - rustsecp256k1_v0_11_fe_mul(&n, &base.x, &d); + secp256k1_fe_mul(&n, &base.x, &d); } else { n = base.x; } /* Perform x-only multiplication. */ - res = rustsecp256k1_v0_11_ecmult_const_xonly(&resx, &n, (i & 1) ? &d : NULL, &q, i & 2); + res = secp256k1_ecmult_const_xonly(&resx, &n, (i & 1) ? &d : NULL, &q, i & 2); CHECK(res); /* Perform normal multiplication. */ - rustsecp256k1_v0_11_gej_set_ge(&basej, &base); - rustsecp256k1_v0_11_ecmult(&resj, &basej, &q, NULL); + secp256k1_gej_set_ge(&basej, &base); + secp256k1_ecmult(&resj, &basej, &q, NULL); /* Check that resj's X coordinate corresponds with resx. */ - rustsecp256k1_v0_11_fe_sqr(&v, &resj.z); - rustsecp256k1_v0_11_fe_mul(&v, &v, &resx); + secp256k1_fe_sqr(&v, &resj.z); + secp256k1_fe_mul(&v, &v, &resx); CHECK(fe_equal(&v, &resj.x)); } - /* Test that rustsecp256k1_v0_11_ecmult_const_xonly correctly rejects X coordinates not on curve. */ + /* Test that secp256k1_ecmult_const_xonly correctly rejects X coordinates not on curve. */ for (i = 0; i < 2*COUNT; ++i) { - rustsecp256k1_v0_11_fe x, n, d, r; + secp256k1_fe x, n, d, r; int res; - rustsecp256k1_v0_11_scalar q; + secp256k1_scalar q; testutil_random_scalar_order_test(&q); /* Generate random X coordinate not on the curve. */ do { testutil_random_fe_test(&x); - } while (rustsecp256k1_v0_11_ge_x_on_curve_var(&x)); + } while (secp256k1_ge_x_on_curve_var(&x)); /* If i is odd, n=d*x for random non-zero d. */ if (i & 1) { testutil_random_fe_non_zero_test(&d); - rustsecp256k1_v0_11_fe_mul(&n, &x, &d); + secp256k1_fe_mul(&n, &x, &d); } else { n = x; } - res = rustsecp256k1_v0_11_ecmult_const_xonly(&r, &n, (i & 1) ? &d : NULL, &q, 0); + res = secp256k1_ecmult_const_xonly(&r, &n, (i & 1) ? &d : NULL, &q, 0); CHECK(res == 0); } } static void ecmult_const_chain_multiply(void) { /* Check known result (randomly generated test problem from sage) */ - const rustsecp256k1_v0_11_scalar scalar = SECP256K1_SCALAR_CONST( + const secp256k1_scalar scalar = SECP256K1_SCALAR_CONST( 0x4968d524, 0x2abf9b7a, 0x466abbcf, 0x34b11b6d, 0xcd83d307, 0x827bed62, 0x05fad0ce, 0x18fae63b ); - const rustsecp256k1_v0_11_gej expected_point = SECP256K1_GEJ_CONST( + const secp256k1_gej expected_point = SECP256K1_GEJ_CONST( 0x5494c15d, 0x32099706, 0xc2395f94, 0x348745fd, 0x757ce30e, 0x4e8c90fb, 0xa2bad184, 0xf883c69f, 0x5d195d20, 0xe191bf7f, 0x1be3e55f, 0x56a80196, 0x6071ad01, 0xf1462f66, 0xc997fa94, 0xdb858435 ); - rustsecp256k1_v0_11_gej point; - rustsecp256k1_v0_11_ge res; + secp256k1_gej point; + secp256k1_ge res; int i; - rustsecp256k1_v0_11_gej_set_ge(&point, &rustsecp256k1_v0_11_ge_const_g); + secp256k1_gej_set_ge(&point, &secp256k1_ge_const_g); for (i = 0; i < 100; ++i) { - rustsecp256k1_v0_11_ge tmp; - rustsecp256k1_v0_11_ge_set_gej(&tmp, &point); - rustsecp256k1_v0_11_ecmult_const(&point, &tmp, &scalar); + secp256k1_ge tmp; + secp256k1_ge_set_gej(&tmp, &point); + secp256k1_ecmult_const(&point, &tmp, &scalar); } - rustsecp256k1_v0_11_ge_set_gej(&res, &point); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&expected_point, &res)); + secp256k1_ge_set_gej(&res, &point); + CHECK(secp256k1_gej_eq_ge_var(&expected_point, &res)); } static void run_ecmult_const_tests(void) { @@ -4615,18 +4637,18 @@ static void run_ecmult_const_tests(void) { } typedef struct { - rustsecp256k1_v0_11_scalar *sc; - rustsecp256k1_v0_11_ge *pt; + secp256k1_scalar *sc; + secp256k1_ge *pt; } ecmult_multi_data; -static int ecmult_multi_callback(rustsecp256k1_v0_11_scalar *sc, rustsecp256k1_v0_11_ge *pt, size_t idx, void *cbdata) { +static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { ecmult_multi_data *data = (ecmult_multi_data*) cbdata; *sc = data->sc[idx]; *pt = data->pt[idx]; return 1; } -static int ecmult_multi_false_callback(rustsecp256k1_v0_11_scalar *sc, rustsecp256k1_v0_11_ge *pt, size_t idx, void *cbdata) { +static int ecmult_multi_false_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { (void)sc; (void)pt; (void)idx; @@ -4634,12 +4656,12 @@ static int ecmult_multi_false_callback(rustsecp256k1_v0_11_scalar *sc, rustsecp2 return 0; } -static void test_ecmult_multi(rustsecp256k1_v0_11_scratch *scratch, rustsecp256k1_v0_11_ecmult_multi_func ecmult_multi) { +static void test_ecmult_multi(secp256k1_scratch *scratch, secp256k1_ecmult_multi_func ecmult_multi) { int ncount; - rustsecp256k1_v0_11_scalar sc[32]; - rustsecp256k1_v0_11_ge pt[32]; - rustsecp256k1_v0_11_gej r; - rustsecp256k1_v0_11_gej r2; + secp256k1_scalar sc[32]; + secp256k1_ge pt[32]; + secp256k1_gej r; + secp256k1_gej r2; ecmult_multi_data data; data.sc = sc; @@ -4650,76 +4672,76 @@ static void test_ecmult_multi(rustsecp256k1_v0_11_scratch *scratch, rustsecp256k /* Check 1- and 2-point multiplies against ecmult */ for (ncount = 0; ncount < COUNT; ncount++) { - rustsecp256k1_v0_11_ge ptg; - rustsecp256k1_v0_11_gej ptgj; + secp256k1_ge ptg; + secp256k1_gej ptgj; testutil_random_scalar_order(&sc[0]); testutil_random_scalar_order(&sc[1]); testutil_random_ge_test(&ptg); - rustsecp256k1_v0_11_gej_set_ge(&ptgj, &ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); pt[0] = ptg; - pt[1] = rustsecp256k1_v0_11_ge_const_g; + pt[1] = secp256k1_ge_const_g; /* only G scalar */ - rustsecp256k1_v0_11_ecmult(&r2, &ptgj, &rustsecp256k1_v0_11_scalar_zero, &sc[0]); + secp256k1_ecmult(&r2, &ptgj, &secp256k1_scalar_zero, &sc[0]); CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &sc[0], ecmult_multi_callback, &data, 0)); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&r, &r2)); + CHECK(secp256k1_gej_eq_var(&r, &r2)); /* 1-point */ - rustsecp256k1_v0_11_ecmult(&r2, &ptgj, &sc[0], &rustsecp256k1_v0_11_scalar_zero); - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 1)); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&r, &r2)); + secp256k1_ecmult(&r2, &ptgj, &sc[0], &secp256k1_scalar_zero); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 1)); + CHECK(secp256k1_gej_eq_var(&r, &r2)); /* Try to multiply 1 point, but callback returns false */ - CHECK(!ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_false_callback, &data, 1)); + CHECK(!ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_false_callback, &data, 1)); /* 2-point */ - rustsecp256k1_v0_11_ecmult(&r2, &ptgj, &sc[0], &sc[1]); - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 2)); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&r, &r2)); + secp256k1_ecmult(&r2, &ptgj, &sc[0], &sc[1]); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 2)); + CHECK(secp256k1_gej_eq_var(&r, &r2)); /* 2-point with G scalar */ - rustsecp256k1_v0_11_ecmult(&r2, &ptgj, &sc[0], &sc[1]); + secp256k1_ecmult(&r2, &ptgj, &sc[0], &sc[1]); CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &sc[1], ecmult_multi_callback, &data, 1)); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&r, &r2)); + CHECK(secp256k1_gej_eq_var(&r, &r2)); } /* Check infinite outputs of various forms */ for (ncount = 0; ncount < COUNT; ncount++) { - rustsecp256k1_v0_11_ge ptg; + secp256k1_ge ptg; size_t i, j; size_t sizes[] = { 2, 10, 32 }; for (j = 0; j < 3; j++) { for (i = 0; i < 32; i++) { testutil_random_scalar_order(&sc[i]); - rustsecp256k1_v0_11_ge_set_infinity(&pt[i]); + secp256k1_ge_set_infinity(&pt[i]); } - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, sizes[j])); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); } for (j = 0; j < 3; j++) { for (i = 0; i < 32; i++) { testutil_random_ge_test(&ptg); pt[i] = ptg; - rustsecp256k1_v0_11_scalar_set_int(&sc[i], 0); + secp256k1_scalar_set_int(&sc[i], 0); } - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, sizes[j])); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); } for (j = 0; j < 3; j++) { testutil_random_ge_test(&ptg); for (i = 0; i < 16; i++) { testutil_random_scalar_order(&sc[2*i]); - rustsecp256k1_v0_11_scalar_negate(&sc[2*i + 1], &sc[2*i]); + secp256k1_scalar_negate(&sc[2*i + 1], &sc[2*i]); pt[2 * i] = ptg; pt[2 * i + 1] = ptg; } - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, sizes[j])); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); testutil_random_scalar_order(&sc[0]); for (i = 0; i < 16; i++) { @@ -4728,66 +4750,66 @@ static void test_ecmult_multi(rustsecp256k1_v0_11_scratch *scratch, rustsecp256k sc[2*i] = sc[0]; sc[2*i+1] = sc[0]; pt[2 * i] = ptg; - rustsecp256k1_v0_11_ge_neg(&pt[2*i+1], &pt[2*i]); + secp256k1_ge_neg(&pt[2*i+1], &pt[2*i]); } - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, sizes[j])); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, sizes[j])); + CHECK(secp256k1_gej_is_infinity(&r)); } testutil_random_ge_test(&ptg); - rustsecp256k1_v0_11_scalar_set_int(&sc[0], 0); + secp256k1_scalar_set_int(&sc[0], 0); pt[0] = ptg; for (i = 1; i < 32; i++) { pt[i] = ptg; testutil_random_scalar_order(&sc[i]); - rustsecp256k1_v0_11_scalar_add(&sc[0], &sc[0], &sc[i]); - rustsecp256k1_v0_11_scalar_negate(&sc[i], &sc[i]); + secp256k1_scalar_add(&sc[0], &sc[0], &sc[i]); + secp256k1_scalar_negate(&sc[i], &sc[i]); } - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 32)); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 32)); + CHECK(secp256k1_gej_is_infinity(&r)); } /* Check random points, constant scalar */ for (ncount = 0; ncount < COUNT; ncount++) { size_t i; - rustsecp256k1_v0_11_gej_set_infinity(&r); + secp256k1_gej_set_infinity(&r); testutil_random_scalar_order(&sc[0]); for (i = 0; i < 20; i++) { - rustsecp256k1_v0_11_ge ptg; + secp256k1_ge ptg; sc[i] = sc[0]; testutil_random_ge_test(&ptg); pt[i] = ptg; - rustsecp256k1_v0_11_gej_add_ge_var(&r, &r, &pt[i], NULL); + secp256k1_gej_add_ge_var(&r, &r, &pt[i], NULL); } - rustsecp256k1_v0_11_ecmult(&r2, &r, &sc[0], &rustsecp256k1_v0_11_scalar_zero); - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 20)); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&r, &r2)); + secp256k1_ecmult(&r2, &r, &sc[0], &secp256k1_scalar_zero); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 20)); + CHECK(secp256k1_gej_eq_var(&r, &r2)); } /* Check random scalars, constant point */ for (ncount = 0; ncount < COUNT; ncount++) { size_t i; - rustsecp256k1_v0_11_ge ptg; - rustsecp256k1_v0_11_gej p0j; - rustsecp256k1_v0_11_scalar rs; - rustsecp256k1_v0_11_scalar_set_int(&rs, 0); + secp256k1_ge ptg; + secp256k1_gej p0j; + secp256k1_scalar rs; + secp256k1_scalar_set_int(&rs, 0); testutil_random_ge_test(&ptg); for (i = 0; i < 20; i++) { testutil_random_scalar_order(&sc[i]); pt[i] = ptg; - rustsecp256k1_v0_11_scalar_add(&rs, &rs, &sc[i]); + secp256k1_scalar_add(&rs, &rs, &sc[i]); } - rustsecp256k1_v0_11_gej_set_ge(&p0j, &pt[0]); - rustsecp256k1_v0_11_ecmult(&r2, &p0j, &rs, &rustsecp256k1_v0_11_scalar_zero); - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 20)); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&r, &r2)); + secp256k1_gej_set_ge(&p0j, &pt[0]); + secp256k1_ecmult(&r2, &p0j, &rs, &secp256k1_scalar_zero); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 20)); + CHECK(secp256k1_gej_eq_var(&r, &r2)); } /* Sanity check that zero scalars don't cause problems */ @@ -4796,60 +4818,60 @@ static void test_ecmult_multi(rustsecp256k1_v0_11_scratch *scratch, rustsecp256k testutil_random_ge_test(&pt[ncount]); } - rustsecp256k1_v0_11_scalar_set_int(&sc[0], 0); - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 20)); - rustsecp256k1_v0_11_scalar_set_int(&sc[1], 0); - rustsecp256k1_v0_11_scalar_set_int(&sc[2], 0); - rustsecp256k1_v0_11_scalar_set_int(&sc[3], 0); - rustsecp256k1_v0_11_scalar_set_int(&sc[4], 0); - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 6)); - CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 5)); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); + secp256k1_scalar_set_int(&sc[0], 0); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 20)); + secp256k1_scalar_set_int(&sc[1], 0); + secp256k1_scalar_set_int(&sc[2], 0); + secp256k1_scalar_set_int(&sc[3], 0); + secp256k1_scalar_set_int(&sc[4], 0); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 6)); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 5)); + CHECK(secp256k1_gej_is_infinity(&r)); /* Run through s0*(t0*P) + s1*(t1*P) exhaustively for many small values of s0, s1, t0, t1 */ { const size_t TOP = 8; size_t s0i, s1i; size_t t0i, t1i; - rustsecp256k1_v0_11_ge ptg; - rustsecp256k1_v0_11_gej ptgj; + secp256k1_ge ptg; + secp256k1_gej ptgj; testutil_random_ge_test(&ptg); - rustsecp256k1_v0_11_gej_set_ge(&ptgj, &ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); for(t0i = 0; t0i < TOP; t0i++) { for(t1i = 0; t1i < TOP; t1i++) { - rustsecp256k1_v0_11_gej t0p, t1p; - rustsecp256k1_v0_11_scalar t0, t1; + secp256k1_gej t0p, t1p; + secp256k1_scalar t0, t1; - rustsecp256k1_v0_11_scalar_set_int(&t0, (t0i + 1) / 2); - rustsecp256k1_v0_11_scalar_cond_negate(&t0, t0i & 1); - rustsecp256k1_v0_11_scalar_set_int(&t1, (t1i + 1) / 2); - rustsecp256k1_v0_11_scalar_cond_negate(&t1, t1i & 1); + secp256k1_scalar_set_int(&t0, (t0i + 1) / 2); + secp256k1_scalar_cond_negate(&t0, t0i & 1); + secp256k1_scalar_set_int(&t1, (t1i + 1) / 2); + secp256k1_scalar_cond_negate(&t1, t1i & 1); - rustsecp256k1_v0_11_ecmult(&t0p, &ptgj, &t0, &rustsecp256k1_v0_11_scalar_zero); - rustsecp256k1_v0_11_ecmult(&t1p, &ptgj, &t1, &rustsecp256k1_v0_11_scalar_zero); + secp256k1_ecmult(&t0p, &ptgj, &t0, &secp256k1_scalar_zero); + secp256k1_ecmult(&t1p, &ptgj, &t1, &secp256k1_scalar_zero); for(s0i = 0; s0i < TOP; s0i++) { for(s1i = 0; s1i < TOP; s1i++) { - rustsecp256k1_v0_11_scalar tmp1, tmp2; - rustsecp256k1_v0_11_gej expected, actual; + secp256k1_scalar tmp1, tmp2; + secp256k1_gej expected, actual; - rustsecp256k1_v0_11_ge_set_gej(&pt[0], &t0p); - rustsecp256k1_v0_11_ge_set_gej(&pt[1], &t1p); + secp256k1_ge_set_gej(&pt[0], &t0p); + secp256k1_ge_set_gej(&pt[1], &t1p); - rustsecp256k1_v0_11_scalar_set_int(&sc[0], (s0i + 1) / 2); - rustsecp256k1_v0_11_scalar_cond_negate(&sc[0], s0i & 1); - rustsecp256k1_v0_11_scalar_set_int(&sc[1], (s1i + 1) / 2); - rustsecp256k1_v0_11_scalar_cond_negate(&sc[1], s1i & 1); + secp256k1_scalar_set_int(&sc[0], (s0i + 1) / 2); + secp256k1_scalar_cond_negate(&sc[0], s0i & 1); + secp256k1_scalar_set_int(&sc[1], (s1i + 1) / 2); + secp256k1_scalar_cond_negate(&sc[1], s1i & 1); - rustsecp256k1_v0_11_scalar_mul(&tmp1, &t0, &sc[0]); - rustsecp256k1_v0_11_scalar_mul(&tmp2, &t1, &sc[1]); - rustsecp256k1_v0_11_scalar_add(&tmp1, &tmp1, &tmp2); + secp256k1_scalar_mul(&tmp1, &t0, &sc[0]); + secp256k1_scalar_mul(&tmp2, &t1, &sc[1]); + secp256k1_scalar_add(&tmp1, &tmp1, &tmp2); - rustsecp256k1_v0_11_ecmult(&expected, &ptgj, &tmp1, &rustsecp256k1_v0_11_scalar_zero); - CHECK(ecmult_multi(&CTX->error_callback, scratch, &actual, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 2)); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&actual, &expected)); + secp256k1_ecmult(&expected, &ptgj, &tmp1, &secp256k1_scalar_zero); + CHECK(ecmult_multi(&CTX->error_callback, scratch, &actual, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 2)); + CHECK(secp256k1_gej_eq_var(&actual, &expected)); } } } @@ -4857,7 +4879,7 @@ static void test_ecmult_multi(rustsecp256k1_v0_11_scratch *scratch, rustsecp256k } } -static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { +static int test_ecmult_multi_random(secp256k1_scratch *scratch) { /* Large random test for ecmult_multi_* functions which exercises: * - Few or many inputs (0 up to 128, roughly exponentially distributed). * - Few or many 0*P or a*INF inputs (roughly uniformly distributed). @@ -4871,24 +4893,24 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { * scalars[0..filled-1] and gejs[0..filled-1] are the scalars and points * which form its normal inputs. */ int filled = 0; - rustsecp256k1_v0_11_scalar g_scalar = rustsecp256k1_v0_11_scalar_zero; - rustsecp256k1_v0_11_scalar scalars[128]; - rustsecp256k1_v0_11_gej gejs[128]; + secp256k1_scalar g_scalar = secp256k1_scalar_zero; + secp256k1_scalar scalars[128]; + secp256k1_gej gejs[128]; /* The expected result, and the computed result. */ - rustsecp256k1_v0_11_gej expected, computed; + secp256k1_gej expected, computed; /* Temporaries. */ - rustsecp256k1_v0_11_scalar sc_tmp; - rustsecp256k1_v0_11_ge ge_tmp; + secp256k1_scalar sc_tmp; + secp256k1_ge ge_tmp; /* Variables needed for the actual input to ecmult_multi. */ - rustsecp256k1_v0_11_ge ges[128]; + secp256k1_ge ges[128]; ecmult_multi_data data; int i; /* Which multiplication function to use */ int fn = testrand_int(3); - rustsecp256k1_v0_11_ecmult_multi_func ecmult_multi = fn == 0 ? rustsecp256k1_v0_11_ecmult_multi_var : - fn == 1 ? rustsecp256k1_v0_11_ecmult_strauss_batch_single : - rustsecp256k1_v0_11_ecmult_pippenger_batch_single; + secp256k1_ecmult_multi_func ecmult_multi = fn == 0 ? secp256k1_ecmult_multi_var : + fn == 1 ? secp256k1_ecmult_strauss_batch_single : + secp256k1_ecmult_pippenger_batch_single; /* Simulate exponentially distributed num. */ int num_bits = 2 + testrand_int(6); /* Number of (scalar, point) inputs (excluding g). */ @@ -4903,16 +4925,16 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { num_nonzero == 1 && !nonzero_result ? 1 : (int)testrand_bits(1); /* Which g_scalar pointer to pass into ecmult_multi(). */ - const rustsecp256k1_v0_11_scalar* g_scalar_ptr = (g_nonzero || testrand_bits(1)) ? &g_scalar : NULL; + const secp256k1_scalar* g_scalar_ptr = (g_nonzero || testrand_bits(1)) ? &g_scalar : NULL; /* How many EC multiplications were performed in this function. */ int mults = 0; /* How many randomization steps to apply to the input list. */ int rands = (int)testrand_bits(3); if (rands > num_nonzero) rands = num_nonzero; - rustsecp256k1_v0_11_gej_set_infinity(&expected); - rustsecp256k1_v0_11_gej_set_infinity(&gejs[0]); - rustsecp256k1_v0_11_scalar_set_int(&scalars[0], 0); + secp256k1_gej_set_infinity(&expected); + secp256k1_gej_set_infinity(&gejs[0]); + secp256k1_scalar_set_int(&scalars[0], 0); if (g_nonzero) { /* If g_nonzero, set g_scalar to nonzero value r. */ @@ -4921,10 +4943,10 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { /* If expected=0 is desired, add a (a*r, -(1/a)*g) term to compensate. */ CHECK(num_nonzero > filled); testutil_random_scalar_order_test(&sc_tmp); - rustsecp256k1_v0_11_scalar_mul(&scalars[filled], &sc_tmp, &g_scalar); - rustsecp256k1_v0_11_scalar_inverse_var(&sc_tmp, &sc_tmp); - rustsecp256k1_v0_11_scalar_negate(&sc_tmp, &sc_tmp); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &gejs[filled], &sc_tmp); + secp256k1_scalar_mul(&scalars[filled], &sc_tmp, &g_scalar); + secp256k1_scalar_inverse_var(&sc_tmp, &sc_tmp); + secp256k1_scalar_negate(&sc_tmp, &sc_tmp); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &gejs[filled], &sc_tmp); ++filled; ++mults; } @@ -4934,14 +4956,14 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { /* If a nonzero result is desired, and there is space, add a random nonzero term. */ testutil_random_scalar_order_test(&scalars[filled]); testutil_random_ge_test(&ge_tmp); - rustsecp256k1_v0_11_gej_set_ge(&gejs[filled], &ge_tmp); + secp256k1_gej_set_ge(&gejs[filled], &ge_tmp); ++filled; } if (nonzero_result) { /* Compute the expected result using normal ecmult. */ CHECK(filled <= 1); - rustsecp256k1_v0_11_ecmult(&expected, &gejs[0], &scalars[0], &g_scalar); + secp256k1_ecmult(&expected, &gejs[0], &scalars[0], &g_scalar); mults += filled + g_nonzero; } @@ -4953,12 +4975,12 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { * either have scalar=0 or point=infinity, so these do not change the expected result. */ while (filled < num) { if (testrand_bits(1)) { - rustsecp256k1_v0_11_gej_set_infinity(&gejs[filled]); + secp256k1_gej_set_infinity(&gejs[filled]); testutil_random_scalar_order_test(&scalars[filled]); } else { - rustsecp256k1_v0_11_scalar_set_int(&scalars[filled], 0); + secp256k1_scalar_set_int(&scalars[filled], 0); testutil_random_ge_test(&ge_tmp); - rustsecp256k1_v0_11_gej_set_ge(&gejs[filled], &ge_tmp); + secp256k1_gej_set_ge(&gejs[filled], &ge_tmp); } ++filled; } @@ -4968,13 +4990,13 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { * convert some of them to be both non-0-scalar and non-infinity-point. */ for (i = 0; i < rands; ++i) { int j; - rustsecp256k1_v0_11_scalar v, iv; + secp256k1_scalar v, iv; /* Shuffle the entries. */ for (j = 0; j < num_nonzero; ++j) { int k = testrand_int(num_nonzero - j); if (k != 0) { - rustsecp256k1_v0_11_gej gej = gejs[j]; - rustsecp256k1_v0_11_scalar sc = scalars[j]; + secp256k1_gej gej = gejs[j]; + secp256k1_scalar sc = scalars[j]; gejs[j] = gejs[j + k]; scalars[j] = scalars[j + k]; gejs[j + k] = gej; @@ -4984,17 +5006,17 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { /* Perturb all consecutive pairs of inputs: * a*P + b*Q -> (a+b)*P + b*(Q-P). */ for (j = 0; j + 1 < num_nonzero; j += 2) { - rustsecp256k1_v0_11_gej gej; - rustsecp256k1_v0_11_scalar_add(&scalars[j], &scalars[j], &scalars[j+1]); - rustsecp256k1_v0_11_gej_neg(&gej, &gejs[j]); - rustsecp256k1_v0_11_gej_add_var(&gejs[j+1], &gejs[j+1], &gej, NULL); + secp256k1_gej gej; + secp256k1_scalar_add(&scalars[j], &scalars[j], &scalars[j+1]); + secp256k1_gej_neg(&gej, &gejs[j]); + secp256k1_gej_add_var(&gejs[j+1], &gejs[j+1], &gej, NULL); } /* Transform the last input: a*P -> (v*a) * ((1/v)*P). */ CHECK(num_nonzero >= 1); testutil_random_scalar_order_test(&v); - rustsecp256k1_v0_11_scalar_inverse(&iv, &v); - rustsecp256k1_v0_11_scalar_mul(&scalars[num_nonzero - 1], &scalars[num_nonzero - 1], &v); - rustsecp256k1_v0_11_ecmult(&gejs[num_nonzero - 1], &gejs[num_nonzero - 1], &iv, NULL); + secp256k1_scalar_inverse(&iv, &v); + secp256k1_scalar_mul(&scalars[num_nonzero - 1], &scalars[num_nonzero - 1], &v); + secp256k1_ecmult(&gejs[num_nonzero - 1], &gejs[num_nonzero - 1], &iv, NULL); ++mults; } @@ -5002,8 +5024,8 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { for (i = 0; i < num; ++i) { int j = testrand_int(num - i); if (j != 0) { - rustsecp256k1_v0_11_gej gej = gejs[i]; - rustsecp256k1_v0_11_scalar sc = scalars[i]; + secp256k1_gej gej = gejs[i]; + secp256k1_scalar sc = scalars[i]; gejs[i] = gejs[i + j]; scalars[i] = scalars[i + j]; gejs[i + j] = gej; @@ -5012,23 +5034,23 @@ static int test_ecmult_multi_random(rustsecp256k1_v0_11_scratch *scratch) { } /* Compute affine versions of all inputs. */ - rustsecp256k1_v0_11_ge_set_all_gej_var(ges, gejs, filled); + secp256k1_ge_set_all_gej_var(ges, gejs, filled); /* Invoke ecmult_multi code. */ data.sc = scalars; data.pt = ges; CHECK(ecmult_multi(&CTX->error_callback, scratch, &computed, g_scalar_ptr, ecmult_multi_callback, &data, filled)); mults += num_nonzero + g_nonzero; /* Compare with expected result. */ - CHECK(rustsecp256k1_v0_11_gej_eq_var(&computed, &expected)); + CHECK(secp256k1_gej_eq_var(&computed, &expected)); return mults; } -static void test_ecmult_multi_batch_single(rustsecp256k1_v0_11_ecmult_multi_func ecmult_multi) { - rustsecp256k1_v0_11_scalar sc; - rustsecp256k1_v0_11_ge pt; - rustsecp256k1_v0_11_gej r; +static void test_ecmult_multi_batch_single(secp256k1_ecmult_multi_func ecmult_multi) { + secp256k1_scalar sc; + secp256k1_ge pt; + secp256k1_gej r; ecmult_multi_data data; - rustsecp256k1_v0_11_scratch *scratch_empty; + secp256k1_scratch *scratch_empty; testutil_random_ge_test(&pt); testutil_random_scalar_order(&sc); @@ -5036,23 +5058,23 @@ static void test_ecmult_multi_batch_single(rustsecp256k1_v0_11_ecmult_multi_func data.pt = &pt; /* Try to multiply 1 point, but scratch space is empty.*/ - scratch_empty = rustsecp256k1_v0_11_scratch_create(&CTX->error_callback, 0); - CHECK(!ecmult_multi(&CTX->error_callback, scratch_empty, &r, &rustsecp256k1_v0_11_scalar_zero, ecmult_multi_callback, &data, 1)); - rustsecp256k1_v0_11_scratch_destroy(&CTX->error_callback, scratch_empty); + scratch_empty = secp256k1_scratch_create(&CTX->error_callback, 0); + CHECK(!ecmult_multi(&CTX->error_callback, scratch_empty, &r, &secp256k1_scalar_zero, ecmult_multi_callback, &data, 1)); + secp256k1_scratch_destroy(&CTX->error_callback, scratch_empty); } -static void test_rustsecp256k1_v0_11_pippenger_bucket_window_inv(void) { +static void test_secp256k1_pippenger_bucket_window_inv(void) { int i; - CHECK(rustsecp256k1_v0_11_pippenger_bucket_window_inv(0) == 0); + CHECK(secp256k1_pippenger_bucket_window_inv(0) == 0); for(i = 1; i <= PIPPENGER_MAX_BUCKET_WINDOW; i++) { /* Bucket_window of 8 is not used with endo */ if (i == 8) { continue; } - CHECK(rustsecp256k1_v0_11_pippenger_bucket_window(rustsecp256k1_v0_11_pippenger_bucket_window_inv(i)) == i); + CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)) == i); if (i != PIPPENGER_MAX_BUCKET_WINDOW) { - CHECK(rustsecp256k1_v0_11_pippenger_bucket_window(rustsecp256k1_v0_11_pippenger_bucket_window_inv(i)+1) > i); + CHECK(secp256k1_pippenger_bucket_window(secp256k1_pippenger_bucket_window_inv(i)+1) > i); } } } @@ -5063,8 +5085,8 @@ static void test_rustsecp256k1_v0_11_pippenger_bucket_window_inv(void) { */ static void test_ecmult_multi_pippenger_max_points(void) { size_t scratch_size = testrand_bits(8); - size_t max_size = rustsecp256k1_v0_11_pippenger_scratch_size(rustsecp256k1_v0_11_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); - rustsecp256k1_v0_11_scratch *scratch; + size_t max_size = secp256k1_pippenger_scratch_size(secp256k1_pippenger_bucket_window_inv(PIPPENGER_MAX_BUCKET_WINDOW-1)+512, 12); + secp256k1_scratch *scratch; size_t n_points_supported; int bucket_window = 0; @@ -5072,24 +5094,24 @@ static void test_ecmult_multi_pippenger_max_points(void) { size_t i; size_t total_alloc; size_t checkpoint; - scratch = rustsecp256k1_v0_11_scratch_create(&CTX->error_callback, scratch_size); + scratch = secp256k1_scratch_create(&CTX->error_callback, scratch_size); CHECK(scratch != NULL); - checkpoint = rustsecp256k1_v0_11_scratch_checkpoint(&CTX->error_callback, scratch); - n_points_supported = rustsecp256k1_v0_11_pippenger_max_points(&CTX->error_callback, scratch); + checkpoint = secp256k1_scratch_checkpoint(&CTX->error_callback, scratch); + n_points_supported = secp256k1_pippenger_max_points(&CTX->error_callback, scratch); if (n_points_supported == 0) { - rustsecp256k1_v0_11_scratch_destroy(&CTX->error_callback, scratch); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); continue; } - bucket_window = rustsecp256k1_v0_11_pippenger_bucket_window(n_points_supported); + bucket_window = secp256k1_pippenger_bucket_window(n_points_supported); /* allocate `total_alloc` bytes over `PIPPENGER_SCRATCH_OBJECTS` many allocations */ - total_alloc = rustsecp256k1_v0_11_pippenger_scratch_size(n_points_supported, bucket_window); + total_alloc = secp256k1_pippenger_scratch_size(n_points_supported, bucket_window); for (i = 0; i < PIPPENGER_SCRATCH_OBJECTS - 1; i++) { - CHECK(rustsecp256k1_v0_11_scratch_alloc(&CTX->error_callback, scratch, 1)); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, 1)); total_alloc--; } - CHECK(rustsecp256k1_v0_11_scratch_alloc(&CTX->error_callback, scratch, total_alloc)); - rustsecp256k1_v0_11_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); - rustsecp256k1_v0_11_scratch_destroy(&CTX->error_callback, scratch); + CHECK(secp256k1_scratch_alloc(&CTX->error_callback, scratch, total_alloc)); + secp256k1_scratch_apply_checkpoint(&CTX->error_callback, scratch, checkpoint); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); } CHECK(bucket_window == PIPPENGER_MAX_BUCKET_WINDOW); } @@ -5099,154 +5121,154 @@ static void test_ecmult_multi_batch_size_helper(void) { max_n_batch_points = 0; n = 1; - CHECK(rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 0); + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 0); max_n_batch_points = 1; n = 0; - CHECK(rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == 0); CHECK(n_batch_points == 0); max_n_batch_points = 2; n = 5; - CHECK(rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == 3); CHECK(n_batch_points == 2); max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH; n = ECMULT_MAX_POINTS_PER_BATCH; - CHECK(rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == 1); CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH); max_n_batch_points = ECMULT_MAX_POINTS_PER_BATCH + 1; n = ECMULT_MAX_POINTS_PER_BATCH + 1; - CHECK(rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == 2); CHECK(n_batch_points == ECMULT_MAX_POINTS_PER_BATCH/2 + 1); max_n_batch_points = 1; n = SIZE_MAX; - CHECK(rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == SIZE_MAX); CHECK(n_batch_points == 1); max_n_batch_points = 2; n = SIZE_MAX; - CHECK(rustsecp256k1_v0_11_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); + CHECK(secp256k1_ecmult_multi_batch_size_helper(&n_batches, &n_batch_points, max_n_batch_points, n) == 1); CHECK(n_batches == SIZE_MAX/2 + 1); CHECK(n_batch_points == 2); } /** - * Run rustsecp256k1_v0_11_ecmult_multi_var with num points and a scratch space restricted to + * Run secp256k1_ecmult_multi_var with num points and a scratch space restricted to * 1 <= i <= num points. */ static void test_ecmult_multi_batching(void) { static const int n_points = 2*ECMULT_PIPPENGER_THRESHOLD; - rustsecp256k1_v0_11_scalar scG; - rustsecp256k1_v0_11_scalar *sc = (rustsecp256k1_v0_11_scalar *)checked_malloc(&CTX->error_callback, sizeof(rustsecp256k1_v0_11_scalar) * n_points); - rustsecp256k1_v0_11_ge *pt = (rustsecp256k1_v0_11_ge *)checked_malloc(&CTX->error_callback, sizeof(rustsecp256k1_v0_11_ge) * n_points); - rustsecp256k1_v0_11_gej r; - rustsecp256k1_v0_11_gej r2; + secp256k1_scalar scG; + secp256k1_scalar *sc = (secp256k1_scalar *)checked_malloc(&CTX->error_callback, sizeof(secp256k1_scalar) * n_points); + secp256k1_ge *pt = (secp256k1_ge *)checked_malloc(&CTX->error_callback, sizeof(secp256k1_ge) * n_points); + secp256k1_gej r; + secp256k1_gej r2; ecmult_multi_data data; int i; - rustsecp256k1_v0_11_scratch *scratch; + secp256k1_scratch *scratch; - rustsecp256k1_v0_11_gej_set_infinity(&r2); + secp256k1_gej_set_infinity(&r2); /* Get random scalars and group elements and compute result */ testutil_random_scalar_order(&scG); - rustsecp256k1_v0_11_ecmult(&r2, &r2, &rustsecp256k1_v0_11_scalar_zero, &scG); + secp256k1_ecmult(&r2, &r2, &secp256k1_scalar_zero, &scG); for(i = 0; i < n_points; i++) { - rustsecp256k1_v0_11_ge ptg; - rustsecp256k1_v0_11_gej ptgj; + secp256k1_ge ptg; + secp256k1_gej ptgj; testutil_random_ge_test(&ptg); - rustsecp256k1_v0_11_gej_set_ge(&ptgj, &ptg); + secp256k1_gej_set_ge(&ptgj, &ptg); pt[i] = ptg; testutil_random_scalar_order(&sc[i]); - rustsecp256k1_v0_11_ecmult(&ptgj, &ptgj, &sc[i], NULL); - rustsecp256k1_v0_11_gej_add_var(&r2, &r2, &ptgj, NULL); + secp256k1_ecmult(&ptgj, &ptgj, &sc[i], NULL); + secp256k1_gej_add_var(&r2, &r2, &ptgj, NULL); } data.sc = sc; data.pt = pt; - rustsecp256k1_v0_11_gej_neg(&r2, &r2); + secp256k1_gej_neg(&r2, &r2); /* Test with empty scratch space. It should compute the correct result using * ecmult_mult_simple algorithm which doesn't require a scratch space. */ - scratch = rustsecp256k1_v0_11_scratch_create(&CTX->error_callback, 0); - CHECK(rustsecp256k1_v0_11_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - rustsecp256k1_v0_11_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); - rustsecp256k1_v0_11_scratch_destroy(&CTX->error_callback, scratch); + scratch = secp256k1_scratch_create(&CTX->error_callback, 0); + CHECK(secp256k1_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); /* Test with space for 1 point in pippenger. That's not enough because * ecmult_multi selects strauss which requires more memory. It should * therefore select the simple algorithm. */ - scratch = rustsecp256k1_v0_11_scratch_create(&CTX->error_callback, rustsecp256k1_v0_11_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); - CHECK(rustsecp256k1_v0_11_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - rustsecp256k1_v0_11_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); - rustsecp256k1_v0_11_scratch_destroy(&CTX->error_callback, scratch); + scratch = secp256k1_scratch_create(&CTX->error_callback, secp256k1_pippenger_scratch_size(1, 1) + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + CHECK(secp256k1_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); for(i = 1; i <= n_points; i++) { if (i > ECMULT_PIPPENGER_THRESHOLD) { - int bucket_window = rustsecp256k1_v0_11_pippenger_bucket_window(i); - size_t scratch_size = rustsecp256k1_v0_11_pippenger_scratch_size(i, bucket_window); - scratch = rustsecp256k1_v0_11_scratch_create(&CTX->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); + int bucket_window = secp256k1_pippenger_bucket_window(i); + size_t scratch_size = secp256k1_pippenger_scratch_size(i, bucket_window); + scratch = secp256k1_scratch_create(&CTX->error_callback, scratch_size + PIPPENGER_SCRATCH_OBJECTS*ALIGNMENT); } else { - size_t scratch_size = rustsecp256k1_v0_11_strauss_scratch_size(i); - scratch = rustsecp256k1_v0_11_scratch_create(&CTX->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + size_t scratch_size = secp256k1_strauss_scratch_size(i); + scratch = secp256k1_scratch_create(&CTX->error_callback, scratch_size + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); } - CHECK(rustsecp256k1_v0_11_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); - rustsecp256k1_v0_11_gej_add_var(&r, &r, &r2, NULL); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&r)); - rustsecp256k1_v0_11_scratch_destroy(&CTX->error_callback, scratch); + CHECK(secp256k1_ecmult_multi_var(&CTX->error_callback, scratch, &r, &scG, ecmult_multi_callback, &data, n_points)); + secp256k1_gej_add_var(&r, &r, &r2, NULL); + CHECK(secp256k1_gej_is_infinity(&r)); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); } free(sc); free(pt); } static void run_ecmult_multi_tests(void) { - rustsecp256k1_v0_11_scratch *scratch; + secp256k1_scratch *scratch; int64_t todo = (int64_t)320 * COUNT; - test_rustsecp256k1_v0_11_pippenger_bucket_window_inv(); + test_secp256k1_pippenger_bucket_window_inv(); test_ecmult_multi_pippenger_max_points(); - scratch = rustsecp256k1_v0_11_scratch_create(&CTX->error_callback, 819200); - test_ecmult_multi(scratch, rustsecp256k1_v0_11_ecmult_multi_var); - test_ecmult_multi(NULL, rustsecp256k1_v0_11_ecmult_multi_var); - test_ecmult_multi(scratch, rustsecp256k1_v0_11_ecmult_pippenger_batch_single); - test_ecmult_multi_batch_single(rustsecp256k1_v0_11_ecmult_pippenger_batch_single); - test_ecmult_multi(scratch, rustsecp256k1_v0_11_ecmult_strauss_batch_single); - test_ecmult_multi_batch_single(rustsecp256k1_v0_11_ecmult_strauss_batch_single); + scratch = secp256k1_scratch_create(&CTX->error_callback, 819200); + test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); + test_ecmult_multi(NULL, secp256k1_ecmult_multi_var); + test_ecmult_multi(scratch, secp256k1_ecmult_pippenger_batch_single); + test_ecmult_multi_batch_single(secp256k1_ecmult_pippenger_batch_single); + test_ecmult_multi(scratch, secp256k1_ecmult_strauss_batch_single); + test_ecmult_multi_batch_single(secp256k1_ecmult_strauss_batch_single); while (todo > 0) { todo -= test_ecmult_multi_random(scratch); } - rustsecp256k1_v0_11_scratch_destroy(&CTX->error_callback, scratch); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); /* Run test_ecmult_multi with space for exactly one point */ - scratch = rustsecp256k1_v0_11_scratch_create(&CTX->error_callback, rustsecp256k1_v0_11_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); - test_ecmult_multi(scratch, rustsecp256k1_v0_11_ecmult_multi_var); - rustsecp256k1_v0_11_scratch_destroy(&CTX->error_callback, scratch); + scratch = secp256k1_scratch_create(&CTX->error_callback, secp256k1_strauss_scratch_size(1) + STRAUSS_SCRATCH_OBJECTS*ALIGNMENT); + test_ecmult_multi(scratch, secp256k1_ecmult_multi_var); + secp256k1_scratch_destroy(&CTX->error_callback, scratch); test_ecmult_multi_batch_size_helper(); test_ecmult_multi_batching(); } -static void test_wnaf(const rustsecp256k1_v0_11_scalar *number, int w) { - rustsecp256k1_v0_11_scalar x, two, t; +static void test_wnaf(const secp256k1_scalar *number, int w) { + secp256k1_scalar x, two, t; int wnaf[256]; int zeroes = -1; int i; int bits; - rustsecp256k1_v0_11_scalar_set_int(&x, 0); - rustsecp256k1_v0_11_scalar_set_int(&two, 2); - bits = rustsecp256k1_v0_11_ecmult_wnaf(wnaf, 256, number, w); + secp256k1_scalar_set_int(&x, 0); + secp256k1_scalar_set_int(&two, 2); + bits = secp256k1_ecmult_wnaf(wnaf, 256, number, w); CHECK(bits <= 256); for (i = bits-1; i >= 0; i--) { int v = wnaf[i]; - rustsecp256k1_v0_11_scalar_mul(&x, &x, &two); + secp256k1_scalar_mul(&x, &x, &two); if (v) { CHECK(zeroes == -1 || zeroes >= w-1); /* check that distance between non-zero elements is at least w-1 */ zeroes=0; @@ -5258,48 +5280,48 @@ static void test_wnaf(const rustsecp256k1_v0_11_scalar *number, int w) { zeroes++; } if (v >= 0) { - rustsecp256k1_v0_11_scalar_set_int(&t, v); + secp256k1_scalar_set_int(&t, v); } else { - rustsecp256k1_v0_11_scalar_set_int(&t, -v); - rustsecp256k1_v0_11_scalar_negate(&t, &t); + secp256k1_scalar_set_int(&t, -v); + secp256k1_scalar_negate(&t, &t); } - rustsecp256k1_v0_11_scalar_add(&x, &x, &t); + secp256k1_scalar_add(&x, &x, &t); } - CHECK(rustsecp256k1_v0_11_scalar_eq(&x, number)); /* check that wnaf represents number */ + CHECK(secp256k1_scalar_eq(&x, number)); /* check that wnaf represents number */ } -static void test_fixed_wnaf(const rustsecp256k1_v0_11_scalar *number, int w) { - rustsecp256k1_v0_11_scalar x, shift; +static void test_fixed_wnaf(const secp256k1_scalar *number, int w) { + secp256k1_scalar x, shift; int wnaf[256] = {0}; int i; int skew; - rustsecp256k1_v0_11_scalar num, unused; + secp256k1_scalar num, unused; - rustsecp256k1_v0_11_scalar_set_int(&x, 0); - rustsecp256k1_v0_11_scalar_set_int(&shift, 1 << w); + secp256k1_scalar_set_int(&x, 0); + secp256k1_scalar_set_int(&shift, 1 << w); /* Make num a 128-bit scalar. */ - rustsecp256k1_v0_11_scalar_split_128(&num, &unused, number); - skew = rustsecp256k1_v0_11_wnaf_fixed(wnaf, &num, w); + secp256k1_scalar_split_128(&num, &unused, number); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); for (i = WNAF_SIZE(w)-1; i >= 0; --i) { - rustsecp256k1_v0_11_scalar t; + secp256k1_scalar t; int v = wnaf[i]; CHECK(v == 0 || v & 1); /* check parity */ CHECK(v > -(1 << w)); /* check range above */ CHECK(v < (1 << w)); /* check range below */ - rustsecp256k1_v0_11_scalar_mul(&x, &x, &shift); + secp256k1_scalar_mul(&x, &x, &shift); if (v >= 0) { - rustsecp256k1_v0_11_scalar_set_int(&t, v); + secp256k1_scalar_set_int(&t, v); } else { - rustsecp256k1_v0_11_scalar_set_int(&t, -v); - rustsecp256k1_v0_11_scalar_negate(&t, &t); + secp256k1_scalar_set_int(&t, -v); + secp256k1_scalar_negate(&t, &t); } - rustsecp256k1_v0_11_scalar_add(&x, &x, &t); + secp256k1_scalar_add(&x, &x, &t); } /* If skew is 1 then add 1 to num */ - rustsecp256k1_v0_11_scalar_cadd_bit(&num, 0, skew == 1); - CHECK(rustsecp256k1_v0_11_scalar_eq(&x, &num)); + secp256k1_scalar_cadd_bit(&num, 0, skew == 1); + CHECK(secp256k1_scalar_eq(&x, &num)); } /* Checks that the first 8 elements of wnaf are equal to wnaf_expected and the @@ -5319,18 +5341,18 @@ static void test_fixed_wnaf_small(void) { int wnaf[256] = {0}; int i; int skew; - rustsecp256k1_v0_11_scalar num; + secp256k1_scalar num; - rustsecp256k1_v0_11_scalar_set_int(&num, 0); - skew = rustsecp256k1_v0_11_wnaf_fixed(wnaf, &num, w); + secp256k1_scalar_set_int(&num, 0); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); for (i = WNAF_SIZE(w)-1; i >= 0; --i) { int v = wnaf[i]; CHECK(v == 0); } CHECK(skew == 0); - rustsecp256k1_v0_11_scalar_set_int(&num, 1); - skew = rustsecp256k1_v0_11_wnaf_fixed(wnaf, &num, w); + secp256k1_scalar_set_int(&num, 1); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); for (i = WNAF_SIZE(w)-1; i >= 1; --i) { int v = wnaf[i]; CHECK(v == 0); @@ -5340,29 +5362,29 @@ static void test_fixed_wnaf_small(void) { { int wnaf_expected[8] = { 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf, 0xf }; - rustsecp256k1_v0_11_scalar_set_int(&num, 0xffffffff); - skew = rustsecp256k1_v0_11_wnaf_fixed(wnaf, &num, w); + secp256k1_scalar_set_int(&num, 0xffffffff); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); CHECK(skew == 0); } { int wnaf_expected[8] = { -1, -1, -1, -1, -1, -1, -1, 0xf }; - rustsecp256k1_v0_11_scalar_set_int(&num, 0xeeeeeeee); - skew = rustsecp256k1_v0_11_wnaf_fixed(wnaf, &num, w); + secp256k1_scalar_set_int(&num, 0xeeeeeeee); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); CHECK(skew == 1); } { int wnaf_expected[8] = { 1, 0, 1, 0, 1, 0, 1, 0 }; - rustsecp256k1_v0_11_scalar_set_int(&num, 0x01010101); - skew = rustsecp256k1_v0_11_wnaf_fixed(wnaf, &num, w); + secp256k1_scalar_set_int(&num, 0x01010101); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); CHECK(skew == 0); } { int wnaf_expected[8] = { -0xf, 0, 0xf, -0xf, 0, 0xf, 1, 0 }; - rustsecp256k1_v0_11_scalar_set_int(&num, 0x01ef1ef1); - skew = rustsecp256k1_v0_11_wnaf_fixed(wnaf, &num, w); + secp256k1_scalar_set_int(&num, 0x01ef1ef1); + skew = secp256k1_wnaf_fixed(wnaf, &num, w); test_fixed_wnaf_small_helper(wnaf, wnaf_expected, w); CHECK(skew == 0); } @@ -5370,7 +5392,7 @@ static void test_fixed_wnaf_small(void) { static void run_wnaf(void) { int i; - rustsecp256k1_v0_11_scalar n; + secp256k1_scalar n; /* Test 0 for fixed wnaf */ test_fixed_wnaf_small(); @@ -5380,50 +5402,50 @@ static void run_wnaf(void) { test_wnaf(&n, 4+(i%10)); test_fixed_wnaf(&n, 4 + (i % 10)); } - rustsecp256k1_v0_11_scalar_set_int(&n, 0); - CHECK(rustsecp256k1_v0_11_scalar_cond_negate(&n, 1) == -1); - CHECK(rustsecp256k1_v0_11_scalar_is_zero(&n)); - CHECK(rustsecp256k1_v0_11_scalar_cond_negate(&n, 0) == 1); - CHECK(rustsecp256k1_v0_11_scalar_is_zero(&n)); + secp256k1_scalar_set_int(&n, 0); + CHECK(secp256k1_scalar_cond_negate(&n, 1) == -1); + CHECK(secp256k1_scalar_is_zero(&n)); + CHECK(secp256k1_scalar_cond_negate(&n, 0) == 1); + CHECK(secp256k1_scalar_is_zero(&n)); } -static int test_ecmult_accumulate_cb(rustsecp256k1_v0_11_scalar* sc, rustsecp256k1_v0_11_ge* pt, size_t idx, void* data) { - const rustsecp256k1_v0_11_scalar* indata = (const rustsecp256k1_v0_11_scalar*)data; +static int test_ecmult_accumulate_cb(secp256k1_scalar* sc, secp256k1_ge* pt, size_t idx, void* data) { + const secp256k1_scalar* indata = (const secp256k1_scalar*)data; *sc = *indata; - *pt = rustsecp256k1_v0_11_ge_const_g; + *pt = secp256k1_ge_const_g; CHECK(idx == 0); return 1; } -static void test_ecmult_accumulate(rustsecp256k1_v0_11_sha256* acc, const rustsecp256k1_v0_11_scalar* x, rustsecp256k1_v0_11_scratch* scratch) { +static void test_ecmult_accumulate(secp256k1_sha256* acc, const secp256k1_scalar* x, secp256k1_scratch* scratch) { /* Compute x*G in 6 different ways, serialize it uncompressed, and feed it into acc. */ - rustsecp256k1_v0_11_gej rj1, rj2, rj3, rj4, rj5, rj6, gj, infj; - rustsecp256k1_v0_11_ge r; + secp256k1_gej rj1, rj2, rj3, rj4, rj5, rj6, gj, infj; + secp256k1_ge r; unsigned char bytes[65]; size_t size = 65; - rustsecp256k1_v0_11_gej_set_ge(&gj, &rustsecp256k1_v0_11_ge_const_g); - rustsecp256k1_v0_11_gej_set_infinity(&infj); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &rj1, x); - rustsecp256k1_v0_11_ecmult(&rj2, &gj, x, &rustsecp256k1_v0_11_scalar_zero); - rustsecp256k1_v0_11_ecmult(&rj3, &infj, &rustsecp256k1_v0_11_scalar_zero, x); - CHECK(rustsecp256k1_v0_11_ecmult_multi_var(&CTX->error_callback, scratch, &rj4, x, NULL, NULL, 0)); - CHECK(rustsecp256k1_v0_11_ecmult_multi_var(&CTX->error_callback, scratch, &rj5, &rustsecp256k1_v0_11_scalar_zero, test_ecmult_accumulate_cb, (void*)x, 1)); - rustsecp256k1_v0_11_ecmult_const(&rj6, &rustsecp256k1_v0_11_ge_const_g, x); - rustsecp256k1_v0_11_ge_set_gej_var(&r, &rj1); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&rj2, &r)); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&rj3, &r)); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&rj4, &r)); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&rj5, &r)); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&rj6, &r)); - if (rustsecp256k1_v0_11_ge_is_infinity(&r)) { + secp256k1_gej_set_ge(&gj, &secp256k1_ge_const_g); + secp256k1_gej_set_infinity(&infj); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &rj1, x); + secp256k1_ecmult(&rj2, &gj, x, &secp256k1_scalar_zero); + secp256k1_ecmult(&rj3, &infj, &secp256k1_scalar_zero, x); + CHECK(secp256k1_ecmult_multi_var(&CTX->error_callback, scratch, &rj4, x, NULL, NULL, 0)); + CHECK(secp256k1_ecmult_multi_var(&CTX->error_callback, scratch, &rj5, &secp256k1_scalar_zero, test_ecmult_accumulate_cb, (void*)x, 1)); + secp256k1_ecmult_const(&rj6, &secp256k1_ge_const_g, x); + secp256k1_ge_set_gej_var(&r, &rj1); + CHECK(secp256k1_gej_eq_ge_var(&rj2, &r)); + CHECK(secp256k1_gej_eq_ge_var(&rj3, &r)); + CHECK(secp256k1_gej_eq_ge_var(&rj4, &r)); + CHECK(secp256k1_gej_eq_ge_var(&rj5, &r)); + CHECK(secp256k1_gej_eq_ge_var(&rj6, &r)); + if (secp256k1_ge_is_infinity(&r)) { /* Store infinity as 0x00 */ const unsigned char zerobyte[1] = {0}; - rustsecp256k1_v0_11_sha256_write(acc, zerobyte, 1); + secp256k1_sha256_write(acc, zerobyte, 1); } else { /* Store other points using their uncompressed serialization. */ - rustsecp256k1_v0_11_eckey_pubkey_serialize(&r, bytes, &size, 0); + secp256k1_eckey_pubkey_serialize(&r, bytes, &size, 0); CHECK(size == 65); - rustsecp256k1_v0_11_sha256_write(acc, bytes, size); + secp256k1_sha256_write(acc, bytes, size); } } @@ -5436,11 +5458,11 @@ static void test_ecmult_constants_2bit(void) { * - For j in 1..255 (only odd values): * - Key (j*2^i) mod order */ - rustsecp256k1_v0_11_scalar x; - rustsecp256k1_v0_11_sha256 acc; + secp256k1_scalar x; + secp256k1_sha256 acc; unsigned char b32[32]; int i, j; - rustsecp256k1_v0_11_scratch_space *scratch = rustsecp256k1_v0_11_scratch_space_create(CTX, 65536); + secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(CTX, 65536); /* Expected hash of all the computed points; created with an independent * implementation. */ @@ -5450,25 +5472,25 @@ static void test_ecmult_constants_2bit(void) { 0x3a, 0x75, 0x87, 0x60, 0x1a, 0xf9, 0x63, 0x60, 0xd0, 0xcb, 0x1f, 0xaa, 0x85, 0x9a, 0xb7, 0xb4 }; - rustsecp256k1_v0_11_sha256_initialize(&acc); + secp256k1_sha256_initialize(&acc); for (i = 0; i <= 36; ++i) { - rustsecp256k1_v0_11_scalar_set_int(&x, i); + secp256k1_scalar_set_int(&x, i); test_ecmult_accumulate(&acc, &x, scratch); - rustsecp256k1_v0_11_scalar_negate(&x, &x); + secp256k1_scalar_negate(&x, &x); test_ecmult_accumulate(&acc, &x, scratch); }; for (i = 0; i < 256; ++i) { for (j = 1; j < 256; j += 2) { int k; - rustsecp256k1_v0_11_scalar_set_int(&x, j); - for (k = 0; k < i; ++k) rustsecp256k1_v0_11_scalar_add(&x, &x, &x); + secp256k1_scalar_set_int(&x, j); + for (k = 0; k < i; ++k) secp256k1_scalar_add(&x, &x, &x); test_ecmult_accumulate(&acc, &x, scratch); } } - rustsecp256k1_v0_11_sha256_finalize(&acc, b32); - CHECK(rustsecp256k1_v0_11_memcmp_var(b32, expected32, 32) == 0); + secp256k1_sha256_finalize(&acc, b32); + CHECK(secp256k1_memcmp_var(b32, expected32, 32) == 0); - rustsecp256k1_v0_11_scratch_space_destroy(CTX, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); } static void test_ecmult_constants_sha(uint32_t prefix, size_t iter, const unsigned char* expected32) { @@ -5479,39 +5501,39 @@ static void test_ecmult_constants_sha(uint32_t prefix, size_t iter, const unsign * - For i in range(iter): * - Key SHA256(LE32(prefix) || LE16(i)) */ - rustsecp256k1_v0_11_scalar x; - rustsecp256k1_v0_11_sha256 acc; + secp256k1_scalar x; + secp256k1_sha256 acc; unsigned char b32[32]; unsigned char inp[6]; size_t i; - rustsecp256k1_v0_11_scratch_space *scratch = rustsecp256k1_v0_11_scratch_space_create(CTX, 65536); + secp256k1_scratch_space *scratch = secp256k1_scratch_space_create(CTX, 65536); inp[0] = prefix & 0xFF; inp[1] = (prefix >> 8) & 0xFF; inp[2] = (prefix >> 16) & 0xFF; inp[3] = (prefix >> 24) & 0xFF; - rustsecp256k1_v0_11_sha256_initialize(&acc); - rustsecp256k1_v0_11_scalar_set_int(&x, 0); + secp256k1_sha256_initialize(&acc); + secp256k1_scalar_set_int(&x, 0); test_ecmult_accumulate(&acc, &x, scratch); - rustsecp256k1_v0_11_scalar_set_int(&x, 1); + secp256k1_scalar_set_int(&x, 1); test_ecmult_accumulate(&acc, &x, scratch); - rustsecp256k1_v0_11_scalar_negate(&x, &x); + secp256k1_scalar_negate(&x, &x); test_ecmult_accumulate(&acc, &x, scratch); for (i = 0; i < iter; ++i) { - rustsecp256k1_v0_11_sha256 gen; + secp256k1_sha256 gen; inp[4] = i & 0xff; inp[5] = (i >> 8) & 0xff; - rustsecp256k1_v0_11_sha256_initialize(&gen); - rustsecp256k1_v0_11_sha256_write(&gen, inp, sizeof(inp)); - rustsecp256k1_v0_11_sha256_finalize(&gen, b32); - rustsecp256k1_v0_11_scalar_set_b32(&x, b32, NULL); + secp256k1_sha256_initialize(&gen); + secp256k1_sha256_write(&gen, inp, sizeof(inp)); + secp256k1_sha256_finalize(&gen, b32); + secp256k1_scalar_set_b32(&x, b32, NULL); test_ecmult_accumulate(&acc, &x, scratch); } - rustsecp256k1_v0_11_sha256_finalize(&acc, b32); - CHECK(rustsecp256k1_v0_11_memcmp_var(b32, expected32, 32) == 0); + secp256k1_sha256_finalize(&acc, b32); + CHECK(secp256k1_memcmp_var(b32, expected32, 32) == 0); - rustsecp256k1_v0_11_scratch_space_destroy(CTX, scratch); + secp256k1_scratch_space_destroy(CTX, scratch); } static void run_ecmult_constants(void) { @@ -5550,56 +5572,56 @@ static void run_ecmult_constants(void) { static void test_ecmult_gen_blind(void) { /* Test ecmult_gen() blinding and confirm that the blinding changes, the affine points match, and the z's don't match. */ - rustsecp256k1_v0_11_scalar key; - rustsecp256k1_v0_11_scalar b; + secp256k1_scalar key; + secp256k1_scalar b; unsigned char seed32[32]; - rustsecp256k1_v0_11_gej pgej; - rustsecp256k1_v0_11_gej pgej2; - rustsecp256k1_v0_11_ge p; - rustsecp256k1_v0_11_ge pge; + secp256k1_gej pgej; + secp256k1_gej pgej2; + secp256k1_ge p; + secp256k1_ge pge; testutil_random_scalar_order_test(&key); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &pgej, &key); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pgej, &key); testrand256(seed32); b = CTX->ecmult_gen_ctx.scalar_offset; p = CTX->ecmult_gen_ctx.ge_offset; - rustsecp256k1_v0_11_ecmult_gen_blind(&CTX->ecmult_gen_ctx, seed32); - CHECK(!rustsecp256k1_v0_11_scalar_eq(&b, &CTX->ecmult_gen_ctx.scalar_offset)); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &pgej2, &key); + secp256k1_ecmult_gen_blind(&CTX->ecmult_gen_ctx, seed32); + CHECK(!secp256k1_scalar_eq(&b, &CTX->ecmult_gen_ctx.scalar_offset)); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pgej2, &key); CHECK(!gej_xyz_equals_gej(&pgej, &pgej2)); - CHECK(!rustsecp256k1_v0_11_ge_eq_var(&p, &CTX->ecmult_gen_ctx.ge_offset)); - rustsecp256k1_v0_11_ge_set_gej(&pge, &pgej); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&pgej2, &pge)); + CHECK(!secp256k1_ge_eq_var(&p, &CTX->ecmult_gen_ctx.ge_offset)); + secp256k1_ge_set_gej(&pge, &pgej); + CHECK(secp256k1_gej_eq_ge_var(&pgej2, &pge)); } static void test_ecmult_gen_blind_reset(void) { /* Test ecmult_gen() blinding reset and confirm that the blinding is consistent. */ - rustsecp256k1_v0_11_scalar b; - rustsecp256k1_v0_11_ge p1, p2; - rustsecp256k1_v0_11_ecmult_gen_blind(&CTX->ecmult_gen_ctx, 0); + secp256k1_scalar b; + secp256k1_ge p1, p2; + secp256k1_ecmult_gen_blind(&CTX->ecmult_gen_ctx, 0); b = CTX->ecmult_gen_ctx.scalar_offset; p1 = CTX->ecmult_gen_ctx.ge_offset; - rustsecp256k1_v0_11_ecmult_gen_blind(&CTX->ecmult_gen_ctx, 0); - CHECK(rustsecp256k1_v0_11_scalar_eq(&b, &CTX->ecmult_gen_ctx.scalar_offset)); + secp256k1_ecmult_gen_blind(&CTX->ecmult_gen_ctx, 0); + CHECK(secp256k1_scalar_eq(&b, &CTX->ecmult_gen_ctx.scalar_offset)); p2 = CTX->ecmult_gen_ctx.ge_offset; - CHECK(rustsecp256k1_v0_11_ge_eq_var(&p1, &p2)); + CHECK(secp256k1_ge_eq_var(&p1, &p2)); } /* Verify that ecmult_gen for scalars gn for which gn + scalar_offset = {-1,0,1}. */ static void test_ecmult_gen_edge_cases(void) { int i; - rustsecp256k1_v0_11_gej res1, res2, res3; - rustsecp256k1_v0_11_scalar gn = rustsecp256k1_v0_11_scalar_one; /* gn = 1 */ - rustsecp256k1_v0_11_scalar_add(&gn, &gn, &CTX->ecmult_gen_ctx.scalar_offset); /* gn = 1 + scalar_offset */ - rustsecp256k1_v0_11_scalar_negate(&gn, &gn); /* gn = -1 - scalar_offset */ + secp256k1_gej res1, res2, res3; + secp256k1_scalar gn = secp256k1_scalar_one; /* gn = 1 */ + secp256k1_scalar_add(&gn, &gn, &CTX->ecmult_gen_ctx.scalar_offset); /* gn = 1 + scalar_offset */ + secp256k1_scalar_negate(&gn, &gn); /* gn = -1 - scalar_offset */ for (i = -1; i < 2; ++i) { /* Run test with gn = i - scalar_offset (so that the ecmult_gen recoded value represents i). */ - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &res1, &gn); - rustsecp256k1_v0_11_ecmult(&res2, NULL, &rustsecp256k1_v0_11_scalar_zero, &gn); - rustsecp256k1_v0_11_ecmult_const(&res3, &rustsecp256k1_v0_11_ge_const_g, &gn); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&res1, &res2)); - CHECK(rustsecp256k1_v0_11_gej_eq_var(&res1, &res3)); - rustsecp256k1_v0_11_scalar_add(&gn, &gn, &rustsecp256k1_v0_11_scalar_one); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &res1, &gn); + secp256k1_ecmult(&res2, NULL, &secp256k1_scalar_zero, &gn); + secp256k1_ecmult_const(&res3, &secp256k1_ge_const_g, &gn); + CHECK(secp256k1_gej_eq_var(&res1, &res2)); + CHECK(secp256k1_gej_eq_var(&res1, &res3)); + secp256k1_scalar_add(&gn, &gn, &secp256k1_scalar_one); } } @@ -5613,46 +5635,46 @@ static void run_ecmult_gen_blind(void) { } /***** ENDOMORPHISH TESTS *****/ -static void test_scalar_split(const rustsecp256k1_v0_11_scalar* full) { - rustsecp256k1_v0_11_scalar s, s1, slam; +static void test_scalar_split(const secp256k1_scalar* full) { + secp256k1_scalar s, s1, slam; const unsigned char zero[32] = {0}; unsigned char tmp[32]; - rustsecp256k1_v0_11_scalar_split_lambda(&s1, &slam, full); + secp256k1_scalar_split_lambda(&s1, &slam, full); /* check slam*lambda + s1 == full */ - rustsecp256k1_v0_11_scalar_mul(&s, &rustsecp256k1_v0_11_const_lambda, &slam); - rustsecp256k1_v0_11_scalar_add(&s, &s, &s1); - CHECK(rustsecp256k1_v0_11_scalar_eq(&s, full)); + secp256k1_scalar_mul(&s, &secp256k1_const_lambda, &slam); + secp256k1_scalar_add(&s, &s, &s1); + CHECK(secp256k1_scalar_eq(&s, full)); /* check that both are <= 128 bits in size */ - if (rustsecp256k1_v0_11_scalar_is_high(&s1)) { - rustsecp256k1_v0_11_scalar_negate(&s1, &s1); + if (secp256k1_scalar_is_high(&s1)) { + secp256k1_scalar_negate(&s1, &s1); } - if (rustsecp256k1_v0_11_scalar_is_high(&slam)) { - rustsecp256k1_v0_11_scalar_negate(&slam, &slam); + if (secp256k1_scalar_is_high(&slam)) { + secp256k1_scalar_negate(&slam, &slam); } - rustsecp256k1_v0_11_scalar_get_b32(tmp, &s1); - CHECK(rustsecp256k1_v0_11_memcmp_var(zero, tmp, 16) == 0); - rustsecp256k1_v0_11_scalar_get_b32(tmp, &slam); - CHECK(rustsecp256k1_v0_11_memcmp_var(zero, tmp, 16) == 0); + secp256k1_scalar_get_b32(tmp, &s1); + CHECK(secp256k1_memcmp_var(zero, tmp, 16) == 0); + secp256k1_scalar_get_b32(tmp, &slam); + CHECK(secp256k1_memcmp_var(zero, tmp, 16) == 0); } static void run_endomorphism_tests(void) { unsigned i; - static rustsecp256k1_v0_11_scalar s; - test_scalar_split(&rustsecp256k1_v0_11_scalar_zero); - test_scalar_split(&rustsecp256k1_v0_11_scalar_one); - rustsecp256k1_v0_11_scalar_negate(&s,&rustsecp256k1_v0_11_scalar_one); + static secp256k1_scalar s; + test_scalar_split(&secp256k1_scalar_zero); + test_scalar_split(&secp256k1_scalar_one); + secp256k1_scalar_negate(&s,&secp256k1_scalar_one); test_scalar_split(&s); - test_scalar_split(&rustsecp256k1_v0_11_const_lambda); - rustsecp256k1_v0_11_scalar_add(&s, &rustsecp256k1_v0_11_const_lambda, &rustsecp256k1_v0_11_scalar_one); + test_scalar_split(&secp256k1_const_lambda); + secp256k1_scalar_add(&s, &secp256k1_const_lambda, &secp256k1_scalar_one); test_scalar_split(&s); for (i = 0; i < 100U * COUNT; ++i) { - rustsecp256k1_v0_11_scalar full; + secp256k1_scalar full; testutil_random_scalar_order_test(&full); test_scalar_split(&full); } @@ -5663,8 +5685,8 @@ static void run_endomorphism_tests(void) { static void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, int yvalid) { unsigned char pubkeyc[65]; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_ge ge; + secp256k1_pubkey pubkey; + secp256k1_ge ge; size_t pubkeyclen; for (pubkeyclen = 3; pubkeyclen <= 65; pubkeyclen++) { @@ -5691,38 +5713,38 @@ static void ec_pubkey_parse_pointtest(const unsigned char *input, int xvalid, in size_t outl; memset(&pubkey, 0, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 1); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); outl = 65; SECP256K1_CHECKMEM_UNDEFINE(pubkeyo, 65); - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, pubkeyo, &outl, &pubkey, SECP256K1_EC_COMPRESSED) == 1); SECP256K1_CHECKMEM_CHECK(pubkeyo, outl); CHECK(outl == 33); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkeyo[1], &pubkeyc[1], 32) == 0); + CHECK(secp256k1_memcmp_var(&pubkeyo[1], &pubkeyc[1], 32) == 0); CHECK((pubkeyclen != 33) || (pubkeyo[0] == pubkeyc[0])); if (ypass) { /* This test isn't always done because we decode with alternative signs, so the y won't match. */ CHECK(pubkeyo[0] == ysign); - CHECK(rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey) == 1); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 1); memset(&pubkey, 0, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - rustsecp256k1_v0_11_pubkey_save(&pubkey, &ge); + secp256k1_pubkey_save(&pubkey, &ge); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); outl = 65; SECP256K1_CHECKMEM_UNDEFINE(pubkeyo, 65); - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, pubkeyo, &outl, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); SECP256K1_CHECKMEM_CHECK(pubkeyo, outl); CHECK(outl == 65); CHECK(pubkeyo[0] == 4); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkeyo[1], input, 64) == 0); + CHECK(secp256k1_memcmp_var(&pubkeyo[1], input, 64) == 0); } } else { /* These cases must fail to parse. */ memset(&pubkey, 0xfe, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey)); } } } @@ -5909,8 +5931,8 @@ static void run_ec_pubkey_parse_test(void) { }; unsigned char sout[65]; unsigned char shortkey[2] = { 0 }; - rustsecp256k1_v0_11_ge ge; - rustsecp256k1_v0_11_pubkey pubkey; + secp256k1_ge ge; + secp256k1_pubkey pubkey; size_t len; int32_t i; @@ -5920,18 +5942,18 @@ static void run_ec_pubkey_parse_test(void) { memset(&pubkey, 0xfe, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(shortkey, 2); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, shortkey, 0) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 0) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey)); /* Length one claimed, fail, zeroize, no illegal arg error. */ for (i = 0; i < 256 ; i++) { memset(&pubkey, 0xfe, sizeof(pubkey)); shortkey[0] = i; SECP256K1_CHECKMEM_UNDEFINE(&shortkey[1], 1); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, shortkey, 1) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 1) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey)); } /* Length two claimed, fail, zeroize, no illegal arg error. */ for (i = 0; i < 65536 ; i++) { @@ -5939,68 +5961,68 @@ static void run_ec_pubkey_parse_test(void) { shortkey[0] = i & 255; shortkey[1] = i >> 8; SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, shortkey, 2) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, shortkey, 2) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey)); } memset(&pubkey, 0xfe, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); /* 33 bytes claimed on otherwise valid input starting with 0x04, fail, zeroize output, no illegal arg error. */ - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 33) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 33) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey)); /* NULL pubkey, illegal arg error. Pubkey isn't rewritten before this step, since it's NULL into the parser. */ - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_parse(CTX, NULL, pubkeyc, 65)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_parse(CTX, NULL, pubkeyc, 65)); /* NULL input string. Illegal arg and zeroize output. */ memset(&pubkey, 0xfe, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, NULL, 65)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_parse(CTX, &pubkey, NULL, 65)); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey)); /* 64 bytes claimed on input starting with 0x04, fail, zeroize output, no illegal arg error. */ memset(&pubkey, 0xfe, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 64) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 64) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey)); /* 66 bytes claimed, fail, zeroize output, no illegal arg error. */ memset(&pubkey, 0xfe, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 66) == 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 66) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_pubkey_load(CTX, &ge, &pubkey)); /* Valid parse. */ memset(&pubkey, 0, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 65) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(rustsecp256k1_v0_11_context_static, &pubkey, pubkeyc, 65) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, 65) == 1); + CHECK(secp256k1_ec_pubkey_parse(secp256k1_context_static, &pubkey, pubkeyc, 65) == 1); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&ge, sizeof(ge)); - CHECK(rustsecp256k1_v0_11_pubkey_load(CTX, &ge, &pubkey) == 1); + CHECK(secp256k1_pubkey_load(CTX, &ge, &pubkey) == 1); SECP256K1_CHECKMEM_CHECK(&ge.x, sizeof(ge.x)); SECP256K1_CHECKMEM_CHECK(&ge.y, sizeof(ge.y)); SECP256K1_CHECKMEM_CHECK(&ge.infinity, sizeof(ge.infinity)); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&ge, &rustsecp256k1_v0_11_ge_const_g)); - /* rustsecp256k1_v0_11_ec_pubkey_serialize illegal args. */ + CHECK(secp256k1_ge_eq_var(&ge, &secp256k1_ge_const_g)); + /* secp256k1_ec_pubkey_serialize illegal args. */ len = 65; - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, NULL, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED)); CHECK(len == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, sout, NULL, &pubkey, SECP256K1_EC_UNCOMPRESSED)); len = 65; SECP256K1_CHECKMEM_UNDEFINE(sout, 65); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, sout, &len, NULL, SECP256K1_EC_UNCOMPRESSED)); SECP256K1_CHECKMEM_CHECK(sout, 65); CHECK(len == 0); len = 65; - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, sout, &len, &pubkey, ~0)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_serialize(CTX, sout, &len, &pubkey, ~0)); CHECK(len == 0); len = 65; SECP256K1_CHECKMEM_UNDEFINE(sout, 65); - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, sout, &len, &pubkey, SECP256K1_EC_UNCOMPRESSED) == 1); SECP256K1_CHECKMEM_CHECK(sout, 65); CHECK(len == 65); /* Multiple illegal args. Should still set arg error only once. */ - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_parse(CTX, NULL, NULL, 65)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_parse(CTX, NULL, NULL, 65)); /* Try a bunch of prefabbed points with all possible encodings. */ for (i = 0; i < SECP256K1_EC_PARSE_TEST_NVALID; i++) { ec_pubkey_parse_pointtest(valid[i], 1, 1); @@ -6014,225 +6036,220 @@ static void run_ec_pubkey_parse_test(void) { } static void run_eckey_edge_case_test(void) { - const unsigned char orderc[32] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 - }; - const unsigned char zeros[sizeof(rustsecp256k1_v0_11_pubkey)] = {0x00}; + const unsigned char *orderc = secp256k1_group_order_bytes; + const unsigned char zeros[sizeof(secp256k1_pubkey)] = {0x00}; unsigned char ctmp[33]; unsigned char ctmp2[33]; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_pubkey pubkey2; - rustsecp256k1_v0_11_pubkey pubkey_one; - rustsecp256k1_v0_11_pubkey pubkey_negone; - const rustsecp256k1_v0_11_pubkey *pubkeys[3]; + secp256k1_pubkey pubkey; + secp256k1_pubkey pubkey2; + secp256k1_pubkey pubkey_one; + secp256k1_pubkey pubkey_negone; + const secp256k1_pubkey *pubkeys[3]; size_t len; /* Group order is too large, reject. */ - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, orderc) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, orderc) == 0); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, orderc) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, orderc) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* Maximum value is too large, reject. */ memset(ctmp, 255, 32); - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, ctmp) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* Zero is too small, reject. */ memset(ctmp, 0, 32); - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, ctmp) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* One must be accepted. */ ctmp[31] = 0x01; - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, ctmp) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 1); memset(&pubkey, 0, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) > 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); pubkey_one = pubkey; /* Group order + 1 is too large, reject. */ memcpy(ctmp, orderc, 32); ctmp[31] = 0x42; - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, ctmp) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 0); memset(&pubkey, 1, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 0); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* -1 must be accepted. */ ctmp[31] = 0x40; - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, ctmp) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 1); memset(&pubkey, 0, sizeof(pubkey)); SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, ctmp) == 1); SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) > 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); pubkey_negone = pubkey; /* Tweak of zero leaves the value unchanged. */ memset(ctmp2, 0, 32); - CHECK(rustsecp256k1_v0_11_ec_seckey_tweak_add(CTX, ctmp, ctmp2) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp, ctmp2) == 1); + CHECK(secp256k1_memcmp_var(orderc, ctmp, 31) == 0 && ctmp[31] == 0x40); memcpy(&pubkey2, &pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); + CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Multiply tweak of zero zeroizes the output. */ - CHECK(rustsecp256k1_v0_11_ec_seckey_tweak_mul(CTX, ctmp, ctmp2) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros, ctmp, 32) == 0); - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_mul(CTX, &pubkey, ctmp2) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_seckey_tweak_mul(CTX, ctmp, ctmp2) == 0); + CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, ctmp2) == 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing seckey, the seckey is zeroized. */ memcpy(ctmp, orderc, 32); memset(ctmp2, 0, 32); ctmp2[31] = 0x01; - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, ctmp2) == 1); - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, ctmp) == 0); - CHECK(rustsecp256k1_v0_11_ec_seckey_tweak_add(CTX, ctmp, ctmp2) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros, ctmp, 32) == 0); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp2) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp, ctmp2) == 0); + CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); - CHECK(rustsecp256k1_v0_11_ec_seckey_tweak_mul(CTX, ctmp, ctmp2) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros, ctmp, 32) == 0); + CHECK(secp256k1_ec_seckey_tweak_mul(CTX, ctmp, ctmp2) == 0); + CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); /* If seckey_tweak_add or seckey_tweak_mul are called with an overflowing tweak, the seckey is zeroized. */ memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; - CHECK(rustsecp256k1_v0_11_ec_seckey_tweak_add(CTX, ctmp, orderc) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros, ctmp, 32) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp, orderc) == 0); + CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; - CHECK(rustsecp256k1_v0_11_ec_seckey_tweak_mul(CTX, ctmp, orderc) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros, ctmp, 32) == 0); + CHECK(secp256k1_ec_seckey_tweak_mul(CTX, ctmp, orderc) == 0); + CHECK(secp256k1_memcmp_var(zeros, ctmp, 32) == 0); memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; /* If pubkey_tweak_add or pubkey_tweak_mul are called with an overflowing tweak, the pubkey is zeroized. */ - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, orderc) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, orderc) == 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_mul(CTX, &pubkey, orderc) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, orderc) == 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); - /* If the resulting key in rustsecp256k1_v0_11_ec_seckey_tweak_add and - * rustsecp256k1_v0_11_ec_pubkey_tweak_add is 0 the functions fail and in the latter + /* If the resulting key in secp256k1_ec_seckey_tweak_add and + * secp256k1_ec_pubkey_tweak_add is 0 the functions fail and in the latter * case the pubkey is zeroized. */ memcpy(ctmp, orderc, 32); ctmp[31] = 0x40; memset(ctmp2, 0, 32); ctmp2[31] = 1; - CHECK(rustsecp256k1_v0_11_ec_seckey_tweak_add(CTX, ctmp2, ctmp) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(zeros, ctmp2, 32) == 0); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp2, ctmp) == 0); + CHECK(secp256k1_memcmp_var(zeros, ctmp2, 32) == 0); ctmp2[31] = 1; - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 0); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); /* Tweak computation wraps and results in a key of 1. */ ctmp2[31] = 2; - CHECK(rustsecp256k1_v0_11_ec_seckey_tweak_add(CTX, ctmp2, ctmp) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); + CHECK(secp256k1_ec_seckey_tweak_add(CTX, ctmp2, ctmp) == 1); + CHECK(secp256k1_memcmp_var(ctmp2, zeros, 31) == 0 && ctmp2[31] == 1); ctmp2[31] = 2; - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); ctmp2[31] = 1; - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey2, ctmp2) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey2, ctmp2) == 1); + CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Tweak mul * 2 = 1+1. */ - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); + CHECK(secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2) == 1); ctmp2[31] = 2; - CHECK(rustsecp256k1_v0_11_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2) == 1); + CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); /* Zeroize pubkey on parse error. */ memset(&pubkey, 0, 32); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, ctmp2)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(pubkey)) == 0); memcpy(&pubkey, &pubkey2, sizeof(pubkey)); memset(&pubkey2, 0, 32); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey2, zeros, sizeof(pubkey2)) == 0); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey2, ctmp2)); + CHECK(secp256k1_memcmp_var(&pubkey2, zeros, sizeof(pubkey2)) == 0); /* Plain argument errors. */ - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, ctmp) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_seckey_verify(CTX, NULL)); + CHECK(secp256k1_ec_seckey_verify(CTX, ctmp) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_verify(CTX, NULL)); memset(ctmp2, 0, 32); ctmp2[31] = 4; - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, NULL, ctmp2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_add(CTX, NULL, ctmp2)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, NULL)); memset(ctmp2, 0, 32); ctmp2[31] = 4; - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_tweak_mul(CTX, NULL, ctmp2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_tweak_mul(CTX, &pubkey, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_mul(CTX, NULL, ctmp2)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, NULL)); memset(ctmp2, 0, 32); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_seckey_tweak_add(CTX, NULL, ctmp2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_seckey_tweak_add(CTX, ctmp, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_tweak_add(CTX, NULL, ctmp2)); + CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_tweak_add(CTX, ctmp, NULL)); memset(ctmp2, 0, 32); ctmp2[31] = 1; - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_seckey_tweak_mul(CTX, NULL, ctmp2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_seckey_tweak_mul(CTX, ctmp, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_create(CTX, NULL, ctmp)); + CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_tweak_mul(CTX, NULL, ctmp2)); + CHECK_ILLEGAL(CTX, secp256k1_ec_seckey_tweak_mul(CTX, ctmp, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_create(CTX, NULL, ctmp)); memset(&pubkey, 1, sizeof(pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, NULL)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); - /* rustsecp256k1_v0_11_ec_pubkey_combine tests. */ + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_create(CTX, &pubkey, NULL)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + /* secp256k1_ec_pubkey_combine tests. */ pubkeys[0] = &pubkey_one; - SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[0], sizeof(rustsecp256k1_v0_11_pubkey *)); - SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[1], sizeof(rustsecp256k1_v0_11_pubkey *)); - SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[2], sizeof(rustsecp256k1_v0_11_pubkey *)); - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_11_pubkey)); - SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_combine(CTX, &pubkey, pubkeys, 0)); - SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_combine(CTX, NULL, pubkeys, 1)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_11_pubkey)); - SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_combine(CTX, &pubkey, NULL, 1)); - SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); + SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[0], sizeof(secp256k1_pubkey *)); + SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[1], sizeof(secp256k1_pubkey *)); + SECP256K1_CHECKMEM_UNDEFINE(&pubkeys[2], sizeof(secp256k1_pubkey *)); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 0)); + SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_combine(CTX, NULL, pubkeys, 1)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_combine(CTX, &pubkey, NULL, 1)); + SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); pubkeys[0] = &pubkey_negone; - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_11_pubkey)); - SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_combine(CTX, &pubkey, pubkeys, 1) == 1); - SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) > 0); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 1) == 1); + SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); len = 33; - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(ctmp, ctmp2, 33) == 0); + CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp2, &len, &pubkey_negone, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_memcmp_var(ctmp, ctmp2, 33) == 0); /* Result is infinity. */ pubkeys[0] = &pubkey_one; pubkeys[1] = &pubkey_negone; - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_11_pubkey)); - SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_combine(CTX, &pubkey, pubkeys, 2) == 0); - SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) == 0); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 2) == 0); + SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) == 0); /* Passes through infinity but comes out one. */ pubkeys[2] = &pubkey_one; - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_11_pubkey)); - SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_combine(CTX, &pubkey, pubkeys, 3) == 1); - SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) > 0); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 3) == 1); + SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); len = 33; - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(ctmp, ctmp2, 33) == 0); + CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp, &len, &pubkey, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_ec_pubkey_serialize(CTX, ctmp2, &len, &pubkey_one, SECP256K1_EC_COMPRESSED) == 1); + CHECK(secp256k1_memcmp_var(ctmp, ctmp2, 33) == 0); /* Adds to two. */ pubkeys[1] = &pubkey_one; - memset(&pubkey, 255, sizeof(rustsecp256k1_v0_11_pubkey)); - SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_combine(CTX, &pubkey, pubkeys, 2) == 1); - SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(rustsecp256k1_v0_11_pubkey)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, zeros, sizeof(rustsecp256k1_v0_11_pubkey)) > 0); + memset(&pubkey, 255, sizeof(secp256k1_pubkey)); + SECP256K1_CHECKMEM_UNDEFINE(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_ec_pubkey_combine(CTX, &pubkey, pubkeys, 2) == 1); + SECP256K1_CHECKMEM_CHECK(&pubkey, sizeof(secp256k1_pubkey)); + CHECK(secp256k1_memcmp_var(&pubkey, zeros, sizeof(secp256k1_pubkey)) > 0); } static void run_eckey_negate_test(void) { @@ -6243,22 +6260,17 @@ static void run_eckey_negate_test(void) { memcpy(seckey_tmp, seckey, 32); /* Verify negation changes the key and changes it back */ - CHECK(rustsecp256k1_v0_11_ec_seckey_negate(CTX, seckey) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(seckey, seckey_tmp, 32) != 0); - CHECK(rustsecp256k1_v0_11_ec_seckey_negate(CTX, seckey) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(seckey, seckey_tmp, 32) == 0); - - /* Check that privkey alias gives same result */ - CHECK(rustsecp256k1_v0_11_ec_seckey_negate(CTX, seckey) == 1); - CHECK(rustsecp256k1_v0_11_ec_privkey_negate(CTX, seckey_tmp) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(seckey, seckey_tmp, 32) == 0); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 1); + CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) != 0); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 1); + CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); /* Negating all 0s fails */ memset(seckey, 0, 32); memset(seckey_tmp, 0, 32); - CHECK(rustsecp256k1_v0_11_ec_seckey_negate(CTX, seckey) == 0); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 0); /* Check that seckey is not modified */ - CHECK(rustsecp256k1_v0_11_memcmp_var(seckey, seckey_tmp, 32) == 0); + CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); /* Negating an overflowing seckey fails and the seckey is zeroed. In this * test, the seckey has 16 random bytes to ensure that ec_seckey_negate @@ -6266,29 +6278,29 @@ static void run_eckey_negate_test(void) { testutil_random_scalar_order_b32(seckey); memset(seckey, 0xFF, 16); memset(seckey_tmp, 0, 32); - CHECK(rustsecp256k1_v0_11_ec_seckey_negate(CTX, seckey) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(seckey, seckey_tmp, 32) == 0); + CHECK(secp256k1_ec_seckey_negate(CTX, seckey) == 0); + CHECK(secp256k1_memcmp_var(seckey, seckey_tmp, 32) == 0); } -static void random_sign(rustsecp256k1_v0_11_scalar *sigr, rustsecp256k1_v0_11_scalar *sigs, const rustsecp256k1_v0_11_scalar *key, const rustsecp256k1_v0_11_scalar *msg, int *recid) { - rustsecp256k1_v0_11_scalar nonce; +static void random_sign(secp256k1_scalar *sigr, secp256k1_scalar *sigs, const secp256k1_scalar *key, const secp256k1_scalar *msg, int *recid) { + secp256k1_scalar nonce; do { testutil_random_scalar_order_test(&nonce); - } while(!rustsecp256k1_v0_11_ecdsa_sig_sign(&CTX->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); + } while(!secp256k1_ecdsa_sig_sign(&CTX->ecmult_gen_ctx, sigr, sigs, key, msg, &nonce, recid)); } static void test_ecdsa_sign_verify(void) { - rustsecp256k1_v0_11_gej pubj; - rustsecp256k1_v0_11_ge pub; - rustsecp256k1_v0_11_scalar one; - rustsecp256k1_v0_11_scalar msg, key; - rustsecp256k1_v0_11_scalar sigr, sigs; + secp256k1_gej pubj; + secp256k1_ge pub; + secp256k1_scalar one; + secp256k1_scalar msg, key; + secp256k1_scalar sigr, sigs; int getrec; int recid; testutil_random_scalar_order_test(&msg); testutil_random_scalar_order_test(&key); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &pubj, &key); - rustsecp256k1_v0_11_ge_set_gej(&pub, &pubj); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &pubj, &key); + secp256k1_ge_set_gej(&pub, &pubj); getrec = testrand_bits(1); /* The specific way in which this conditional is written sidesteps a potential bug in clang. See the commit messages of the commit that introduced this comment for details. */ @@ -6298,10 +6310,10 @@ static void test_ecdsa_sign_verify(void) { } else { random_sign(&sigr, &sigs, &key, &msg, NULL); } - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sigr, &sigs, &pub, &msg)); - rustsecp256k1_v0_11_scalar_set_int(&one, 1); - rustsecp256k1_v0_11_scalar_add(&msg, &msg, &one); - CHECK(!rustsecp256k1_v0_11_ecdsa_sig_verify(&sigr, &sigs, &pub, &msg)); + CHECK(secp256k1_ecdsa_sig_verify(&sigr, &sigs, &pub, &msg)); + secp256k1_scalar_set_int(&one, 1); + secp256k1_scalar_add(&msg, &msg, &one); + CHECK(!secp256k1_ecdsa_sig_verify(&sigr, &sigs, &pub, &msg)); } static void run_ecdsa_sign_verify(void) { @@ -6338,13 +6350,7 @@ static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char return 1; } if (counter < 5) { - static const unsigned char order[] = { - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE, - 0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B, - 0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41 - }; - memcpy(nonce32, order, 32); + memcpy(nonce32, secp256k1_group_order_bytes, 32); if (counter == 4) { nonce32[31]++; } @@ -6358,9 +6364,9 @@ static int nonce_function_test_retry(unsigned char *nonce32, const unsigned char return nonce_function_rfc6979(nonce32, msg32, key32, algo16, data, counter - 5); } -static int is_empty_signature(const rustsecp256k1_v0_11_ecdsa_signature *sig) { - static const unsigned char res[sizeof(rustsecp256k1_v0_11_ecdsa_signature)] = {0}; - return rustsecp256k1_v0_11_memcmp_var(sig, res, sizeof(rustsecp256k1_v0_11_ecdsa_signature)) == 0; +static int is_empty_signature(const secp256k1_ecdsa_signature *sig) { + static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0}; + return secp256k1_memcmp_var(sig, res, sizeof(secp256k1_ecdsa_signature)) == 0; } static void test_ecdsa_end_to_end(void) { @@ -6368,149 +6374,135 @@ static void test_ecdsa_end_to_end(void) { unsigned char privkey[32]; unsigned char message[32]; unsigned char privkey2[32]; - rustsecp256k1_v0_11_ecdsa_signature signature[6]; - rustsecp256k1_v0_11_scalar r, s; + secp256k1_ecdsa_signature signature[6]; + secp256k1_scalar r, s; unsigned char sig[74]; size_t siglen = 74; unsigned char pubkeyc[65]; size_t pubkeyclen = 65; - rustsecp256k1_v0_11_pubkey pubkey; - rustsecp256k1_v0_11_pubkey pubkey_tmp; + secp256k1_pubkey pubkey; + secp256k1_pubkey pubkey_tmp; unsigned char seckey[300]; size_t seckeylen = 300; /* Generate a random key and message. */ { - rustsecp256k1_v0_11_scalar msg, key; + secp256k1_scalar msg, key; testutil_random_scalar_order_test(&msg); testutil_random_scalar_order_test(&key); - rustsecp256k1_v0_11_scalar_get_b32(privkey, &key); - rustsecp256k1_v0_11_scalar_get_b32(message, &msg); + secp256k1_scalar_get_b32(privkey, &key); + secp256k1_scalar_get_b32(message, &msg); } /* Construct and verify corresponding public key. */ - CHECK(rustsecp256k1_v0_11_ec_seckey_verify(CTX, privkey) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, privkey) == 1); + CHECK(secp256k1_ec_seckey_verify(CTX, privkey) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, privkey) == 1); /* Verify exporting and importing public key. */ - CHECK(rustsecp256k1_v0_11_ec_pubkey_serialize(CTX, pubkeyc, &pubkeyclen, &pubkey, testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); + CHECK(secp256k1_ec_pubkey_serialize(CTX, pubkeyc, &pubkeyclen, &pubkey, testrand_bits(1) == 1 ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED)); memset(&pubkey, 0, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pubkeyc, pubkeyclen) == 1); /* Verify negation changes the key and changes it back */ memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_negate(CTX, &pubkey_tmp) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); - CHECK(rustsecp256k1_v0_11_ec_pubkey_negate(CTX, &pubkey_tmp) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_negate(CTX, &pubkey_tmp) == 1); + CHECK(secp256k1_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) != 0); + CHECK(secp256k1_ec_pubkey_negate(CTX, &pubkey_tmp) == 1); + CHECK(secp256k1_memcmp_var(&pubkey_tmp, &pubkey, sizeof(pubkey)) == 0); /* Verify private key import and export. */ CHECK(ec_privkey_export_der(CTX, seckey, &seckeylen, privkey, testrand_bits(1) == 1)); CHECK(ec_privkey_import_der(CTX, privkey2, seckey, seckeylen) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(privkey, privkey2, 32) == 0); + CHECK(secp256k1_memcmp_var(privkey, privkey2, 32) == 0); /* Optionally tweak the keys using addition. */ if (testrand_int(3) == 0) { int ret1; int ret2; - int ret3; unsigned char rnd[32]; - unsigned char privkey_tmp[32]; - rustsecp256k1_v0_11_pubkey pubkey2; + secp256k1_pubkey pubkey2; testrand256_test(rnd); - memcpy(privkey_tmp, privkey, 32); - ret1 = rustsecp256k1_v0_11_ec_seckey_tweak_add(CTX, privkey, rnd); - ret2 = rustsecp256k1_v0_11_ec_pubkey_tweak_add(CTX, &pubkey, rnd); - /* Check that privkey alias gives same result */ - ret3 = rustsecp256k1_v0_11_ec_privkey_tweak_add(CTX, privkey_tmp, rnd); + ret1 = secp256k1_ec_seckey_tweak_add(CTX, privkey, rnd); + ret2 = secp256k1_ec_pubkey_tweak_add(CTX, &pubkey, rnd); CHECK(ret1 == ret2); - CHECK(ret2 == ret3); if (ret1 == 0) { return; } - CHECK(rustsecp256k1_v0_11_memcmp_var(privkey, privkey_tmp, 32) == 0); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey2, privkey) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey2, privkey) == 1); + CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); } /* Optionally tweak the keys using multiplication. */ if (testrand_int(3) == 0) { int ret1; int ret2; - int ret3; unsigned char rnd[32]; - unsigned char privkey_tmp[32]; - rustsecp256k1_v0_11_pubkey pubkey2; + secp256k1_pubkey pubkey2; testrand256_test(rnd); - memcpy(privkey_tmp, privkey, 32); - ret1 = rustsecp256k1_v0_11_ec_seckey_tweak_mul(CTX, privkey, rnd); - ret2 = rustsecp256k1_v0_11_ec_pubkey_tweak_mul(CTX, &pubkey, rnd); - /* Check that privkey alias gives same result */ - ret3 = rustsecp256k1_v0_11_ec_privkey_tweak_mul(CTX, privkey_tmp, rnd); + ret1 = secp256k1_ec_seckey_tweak_mul(CTX, privkey, rnd); + ret2 = secp256k1_ec_pubkey_tweak_mul(CTX, &pubkey, rnd); CHECK(ret1 == ret2); - CHECK(ret2 == ret3); if (ret1 == 0) { return; } - CHECK(rustsecp256k1_v0_11_memcmp_var(privkey, privkey_tmp, 32) == 0); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey2, privkey) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey2, privkey) == 1); + CHECK(secp256k1_memcmp_var(&pubkey, &pubkey2, sizeof(pubkey)) == 0); } /* Sign. */ - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &signature[0], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &signature[4], message, privkey, NULL, NULL) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &signature[1], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[0], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[4], message, privkey, NULL, NULL) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[1], message, privkey, NULL, extra) == 1); extra[31] = 1; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &signature[2], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[2], message, privkey, NULL, extra) == 1); extra[31] = 0; extra[0] = 1; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &signature[3], message, privkey, NULL, extra) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[0], &signature[4], sizeof(signature[0])) == 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[0], &signature[1], sizeof(signature[0])) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[0], &signature[2], sizeof(signature[0])) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[0], &signature[3], sizeof(signature[0])) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[1], &signature[2], sizeof(signature[0])) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[1], &signature[3], sizeof(signature[0])) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[2], &signature[3], sizeof(signature[0])) != 0); + CHECK(secp256k1_ecdsa_sign(CTX, &signature[3], message, privkey, NULL, extra) == 1); + CHECK(secp256k1_memcmp_var(&signature[0], &signature[4], sizeof(signature[0])) == 0); + CHECK(secp256k1_memcmp_var(&signature[0], &signature[1], sizeof(signature[0])) != 0); + CHECK(secp256k1_memcmp_var(&signature[0], &signature[2], sizeof(signature[0])) != 0); + CHECK(secp256k1_memcmp_var(&signature[0], &signature[3], sizeof(signature[0])) != 0); + CHECK(secp256k1_memcmp_var(&signature[1], &signature[2], sizeof(signature[0])) != 0); + CHECK(secp256k1_memcmp_var(&signature[1], &signature[3], sizeof(signature[0])) != 0); + CHECK(secp256k1_memcmp_var(&signature[2], &signature[3], sizeof(signature[0])) != 0); /* Verify. */ - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[1], message, &pubkey) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[2], message, &pubkey) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[3], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[1], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[2], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[3], message, &pubkey) == 1); /* Test lower-S form, malleate, verify and fail, test again, malleate again */ - CHECK(!rustsecp256k1_v0_11_ecdsa_signature_normalize(CTX, NULL, &signature[0])); - rustsecp256k1_v0_11_ecdsa_signature_load(CTX, &r, &s, &signature[0]); - rustsecp256k1_v0_11_scalar_negate(&s, &s); - rustsecp256k1_v0_11_ecdsa_signature_save(&signature[5], &r, &s); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_normalize(CTX, NULL, &signature[5])); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_normalize(CTX, &signature[5], &signature[5])); - CHECK(!rustsecp256k1_v0_11_ecdsa_signature_normalize(CTX, NULL, &signature[5])); - CHECK(!rustsecp256k1_v0_11_ecdsa_signature_normalize(CTX, &signature[5], &signature[5])); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 1); - rustsecp256k1_v0_11_scalar_negate(&s, &s); - rustsecp256k1_v0_11_ecdsa_signature_save(&signature[5], &r, &s); - CHECK(!rustsecp256k1_v0_11_ecdsa_signature_normalize(CTX, NULL, &signature[5])); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&signature[5], &signature[0], 64) == 0); + CHECK(!secp256k1_ecdsa_signature_normalize(CTX, NULL, &signature[0])); + secp256k1_ecdsa_signature_load(CTX, &r, &s, &signature[0]); + secp256k1_scalar_negate(&s, &s); + secp256k1_ecdsa_signature_save(&signature[5], &r, &s); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 0); + CHECK(secp256k1_ecdsa_signature_normalize(CTX, NULL, &signature[5])); + CHECK(secp256k1_ecdsa_signature_normalize(CTX, &signature[5], &signature[5])); + CHECK(!secp256k1_ecdsa_signature_normalize(CTX, NULL, &signature[5])); + CHECK(!secp256k1_ecdsa_signature_normalize(CTX, &signature[5], &signature[5])); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 1); + secp256k1_scalar_negate(&s, &s); + secp256k1_ecdsa_signature_save(&signature[5], &r, &s); + CHECK(!secp256k1_ecdsa_signature_normalize(CTX, NULL, &signature[5])); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[5], message, &pubkey) == 1); + CHECK(secp256k1_memcmp_var(&signature[5], &signature[0], 64) == 0); /* Serialize/parse DER and verify again */ - CHECK(rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, sig, &siglen, &signature[0]) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, sig, &siglen, &signature[0]) == 1); memset(&signature[0], 0, sizeof(signature[0])); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &signature[0], sig, siglen) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 1); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &signature[0], sig, siglen) == 1); + CHECK(secp256k1_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 1); /* Serialize/destroy/parse DER and verify again. */ siglen = 74; - CHECK(rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, sig, &siglen, &signature[0]) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, sig, &siglen, &signature[0]) == 1); sig[testrand_int(siglen)] += 1 + testrand_int(255); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &signature[0], sig, siglen) == 0 || - rustsecp256k1_v0_11_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 0); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &signature[0], sig, siglen) == 0 || + secp256k1_ecdsa_verify(CTX, &signature[0], message, &pubkey) == 0); } static void test_random_pubkeys(void) { - rustsecp256k1_v0_11_ge elem; - rustsecp256k1_v0_11_ge elem2; + secp256k1_ge elem; + secp256k1_ge elem2; unsigned char in[65]; /* Generate some randomly sized pubkeys. */ size_t len = testrand_bits(2) == 0 ? 65 : 33; @@ -6531,28 +6523,28 @@ static void test_random_pubkeys(void) { if (len > 33) { testrand256(&in[33]); } - if (rustsecp256k1_v0_11_eckey_pubkey_parse(&elem, in, len)) { + if (secp256k1_eckey_pubkey_parse(&elem, in, len)) { unsigned char out[65]; unsigned char firstb; int res; size_t size = len; firstb = in[0]; /* If the pubkey can be parsed, it should round-trip... */ - CHECK(rustsecp256k1_v0_11_eckey_pubkey_serialize(&elem, out, &size, len == 33)); + CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, len == 33)); CHECK(size == len); - CHECK(rustsecp256k1_v0_11_memcmp_var(&in[1], &out[1], len-1) == 0); + CHECK(secp256k1_memcmp_var(&in[1], &out[1], len-1) == 0); /* ... except for the type of hybrid inputs. */ if ((in[0] != 6) && (in[0] != 7)) { CHECK(in[0] == out[0]); } size = 65; - CHECK(rustsecp256k1_v0_11_eckey_pubkey_serialize(&elem, in, &size, 0)); + CHECK(secp256k1_eckey_pubkey_serialize(&elem, in, &size, 0)); CHECK(size == 65); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_parse(&elem2, in, size)); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&elem2, &elem)); + CHECK(secp256k1_eckey_pubkey_parse(&elem2, in, size)); + CHECK(secp256k1_ge_eq_var(&elem2, &elem)); /* Check that the X9.62 hybrid type is checked. */ in[0] = testrand_bits(1) ? 6 : 7; - res = rustsecp256k1_v0_11_eckey_pubkey_parse(&elem2, in, size); + res = secp256k1_eckey_pubkey_parse(&elem2, in, size); if (firstb == 2 || firstb == 3) { if (in[0] == firstb + 4) { CHECK(res); @@ -6561,9 +6553,9 @@ static void test_random_pubkeys(void) { } } if (res) { - CHECK(rustsecp256k1_v0_11_ge_eq_var(&elem, &elem2)); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_serialize(&elem, out, &size, 0)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&in[1], &out[1], 64) == 0); + CHECK(secp256k1_ge_eq_var(&elem, &elem2)); + CHECK(secp256k1_eckey_pubkey_serialize(&elem, out, &size, 0)); + CHECK(secp256k1_memcmp_var(&in[1], &out[1], 64) == 0); } } } @@ -6579,50 +6571,50 @@ static void run_pubkey_comparison(void) { 0xde, 0x36, 0x0e, 0x87, 0x59, 0x8f, 0x3c, 0x01, 0x36, 0x2a, 0x2a, 0xb8, 0xc6, 0xf4, 0x5e, 0x4d, 0xb2, 0xc2, 0xd5, 0x03, 0xa7, 0xf9, 0xf1, 0x4f, 0xa8, 0xfa, 0x95, 0xa8, 0xe9, 0x69, 0x76, 0x1c }; - rustsecp256k1_v0_11_pubkey pk1; - rustsecp256k1_v0_11_pubkey pk2; - - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pk1, pk1_ser, sizeof(pk1_ser)) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pk2, pk2_ser, sizeof(pk2_ser)) == 1); - - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, NULL, &pk2) < 0)); - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk1, NULL) > 0)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk1, &pk2) < 0); - CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk2, &pk1) > 0); - CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk1, &pk1) == 0); - CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk2, &pk2) == 0); + secp256k1_pubkey pk1; + secp256k1_pubkey pk2; + + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk1, pk1_ser, sizeof(pk1_ser)) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk2, pk2_ser, sizeof(pk2_ser)) == 1); + + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_cmp(CTX, NULL, &pk2) < 0)); + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, NULL) > 0)); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, &pk2) < 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk1) > 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, &pk1) == 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk2) == 0); { - rustsecp256k1_v0_11_pubkey pk_tmp; + secp256k1_pubkey pk_tmp; memset(&pk_tmp, 0, sizeof(pk_tmp)); /* illegal pubkey */ - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk_tmp, &pk2) < 0)); + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk_tmp, &pk2) < 0)); { int32_t ecount = 0; - rustsecp256k1_v0_11_context_set_illegal_callback(CTX, counting_callback_fn, &ecount); - CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk_tmp, &pk_tmp) == 0); + secp256k1_context_set_illegal_callback(CTX, counting_callback_fn, &ecount); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk_tmp, &pk_tmp) == 0); CHECK(ecount == 2); - rustsecp256k1_v0_11_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); } - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk2, &pk_tmp) > 0)); + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk_tmp) > 0)); } /* Make pk2 the same as pk1 but with 3 rather than 2. Note that in * an uncompressed encoding, these would have the opposite ordering */ pk1_ser[0] = 3; - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pk2, pk1_ser, sizeof(pk1_ser)) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk1, &pk2) < 0); - CHECK(rustsecp256k1_v0_11_ec_pubkey_cmp(CTX, &pk2, &pk1) > 0); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk2, pk1_ser, sizeof(pk1_ser)) == 1); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk1, &pk2) < 0); + CHECK(secp256k1_ec_pubkey_cmp(CTX, &pk2, &pk1) > 0); } -static void test_sort_helper(rustsecp256k1_v0_11_pubkey *pk, size_t *pk_order, size_t n_pk) { +static void test_sort_helper(secp256k1_pubkey *pk, size_t *pk_order, size_t n_pk) { size_t i; - const rustsecp256k1_v0_11_pubkey *pk_test[5]; + const secp256k1_pubkey *pk_test[5]; for (i = 0; i < n_pk; i++) { pk_test[i] = &pk[pk_order[i]]; } - rustsecp256k1_v0_11_ec_pubkey_sort(CTX, pk_test, n_pk); + secp256k1_ec_pubkey_sort(CTX, pk_test, n_pk); for (i = 0; i < n_pk; i++) { - CHECK(rustsecp256k1_v0_11_memcmp_var(pk_test[i], &pk[i], sizeof(*pk_test[i])) == 0); + CHECK(secp256k1_memcmp_var(pk_test[i], &pk[i], sizeof(*pk_test[i])) == 0); } } @@ -6638,8 +6630,8 @@ static void permute(size_t *arr, size_t n) { } static void test_sort_api(void) { - rustsecp256k1_v0_11_pubkey pks[2]; - const rustsecp256k1_v0_11_pubkey *pks_ptr[2]; + secp256k1_pubkey pks[2]; + const secp256k1_pubkey *pks_ptr[2]; pks_ptr[0] = &pks[0]; pks_ptr[1] = &pks[1]; @@ -6647,24 +6639,24 @@ static void test_sort_api(void) { testutil_random_pubkey_test(&pks[0]); testutil_random_pubkey_test(&pks[1]); - CHECK(rustsecp256k1_v0_11_ec_pubkey_sort(CTX, pks_ptr, 2) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_sort(CTX, NULL, 2)); - CHECK(rustsecp256k1_v0_11_ec_pubkey_sort(CTX, pks_ptr, 0) == 1); + CHECK(secp256k1_ec_pubkey_sort(CTX, pks_ptr, 2) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_sort(CTX, NULL, 2)); + CHECK(secp256k1_ec_pubkey_sort(CTX, pks_ptr, 0) == 1); /* Test illegal public keys */ memset(&pks[0], 0, sizeof(pks[0])); - CHECK_ILLEGAL_VOID(CTX, CHECK(rustsecp256k1_v0_11_ec_pubkey_sort(CTX, pks_ptr, 2) == 1)); + CHECK_ILLEGAL_VOID(CTX, CHECK(secp256k1_ec_pubkey_sort(CTX, pks_ptr, 2) == 1)); memset(&pks[1], 0, sizeof(pks[1])); { int32_t ecount = 0; - rustsecp256k1_v0_11_context_set_illegal_callback(CTX, counting_callback_fn, &ecount); - CHECK(rustsecp256k1_v0_11_ec_pubkey_sort(CTX, pks_ptr, 2) == 1); + secp256k1_context_set_illegal_callback(CTX, counting_callback_fn, &ecount); + CHECK(secp256k1_ec_pubkey_sort(CTX, pks_ptr, 2) == 1); CHECK(ecount == 2); - rustsecp256k1_v0_11_context_set_illegal_callback(CTX, NULL, NULL); + secp256k1_context_set_illegal_callback(CTX, NULL, NULL); } } static void test_sort(void) { - rustsecp256k1_v0_11_pubkey pk[5]; + secp256k1_pubkey pk[5]; unsigned char pk_ser[5][33] = { { 0x02, 0x08 }, { 0x02, 0x0b }, @@ -6676,7 +6668,7 @@ static void test_sort(void) { size_t pk_order[5] = { 0, 1, 2, 3, 4 }; for (i = 0; i < 5; i++) { - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pk[i], pk_ser[i], sizeof(pk_ser[i]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pk[i], pk_ser[i], sizeof(pk_ser[i]))); } permute(pk_order, 1); @@ -6696,14 +6688,14 @@ static void test_sort(void) { /* Check that sorting also works for random pubkeys */ for (i = 0; i < COUNT; i++) { int j; - const rustsecp256k1_v0_11_pubkey *pk_ptr[5]; + const secp256k1_pubkey *pk_ptr[5]; for (j = 0; j < 5; j++) { testutil_random_pubkey_test(&pk[j]); pk_ptr[j] = &pk[j]; } - rustsecp256k1_v0_11_ec_pubkey_sort(CTX, pk_ptr, 5); + secp256k1_ec_pubkey_sort(CTX, pk_ptr, 5); for (j = 1; j < 5; j++) { - CHECK(rustsecp256k1_v0_11_ec_pubkey_sort_cmp(&pk_ptr[j - 1], &pk_ptr[j], CTX) <= 0); + CHECK(secp256k1_ec_pubkey_sort_cmp(&pk_ptr[j - 1], &pk_ptr[j], CTX) <= 0); } } } @@ -6731,9 +6723,9 @@ static void test_sort_vectors(void) { 0xA7, 0x2B, 0x9C, 0xC1, 0xB7, 0xCC, 0x01, 0x39, 0x71, 0x53, 0x09, 0xB0, 0x86, 0xC9, 0x60, 0xE1, 0x8F, 0xD9, 0x69, 0x77, 0x4E, 0xB8 } }; - rustsecp256k1_v0_11_pubkey pubkeys[N_PUBKEYS]; - rustsecp256k1_v0_11_pubkey *sorted[N_PUBKEYS]; - const rustsecp256k1_v0_11_pubkey *pks_ptr[N_PUBKEYS]; + secp256k1_pubkey pubkeys[N_PUBKEYS]; + secp256k1_pubkey *sorted[N_PUBKEYS]; + const secp256k1_pubkey *pks_ptr[N_PUBKEYS]; int i; sorted[0] = &pubkeys[3]; @@ -6744,12 +6736,12 @@ static void test_sort_vectors(void) { sorted[5] = &pubkeys[2]; for (i = 0; i < N_PUBKEYS; i++) { - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkeys[i], pk_ser[i], sizeof(pk_ser[i]))); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkeys[i], pk_ser[i], sizeof(pk_ser[i]))); pks_ptr[i] = &pubkeys[i]; } - CHECK(rustsecp256k1_v0_11_ec_pubkey_sort(CTX, pks_ptr, N_PUBKEYS) == 1); + CHECK(secp256k1_ec_pubkey_sort(CTX, pks_ptr, N_PUBKEYS) == 1); for (i = 0; i < N_PUBKEYS; i++) { - CHECK(rustsecp256k1_v0_11_memcmp_var(pks_ptr[i], sorted[i], sizeof(rustsecp256k1_v0_11_pubkey)) == 0); + CHECK(secp256k1_memcmp_var(pks_ptr[i], sorted[i], sizeof(secp256k1_pubkey)) == 0); } } @@ -6779,36 +6771,36 @@ static int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int cer int ret = 0; - rustsecp256k1_v0_11_ecdsa_signature sig_der; + secp256k1_ecdsa_signature sig_der; unsigned char roundtrip_der[2048]; unsigned char compact_der[64]; size_t len_der = 2048; int parsed_der = 0, valid_der = 0, roundtrips_der = 0; - rustsecp256k1_v0_11_ecdsa_signature sig_der_lax; + secp256k1_ecdsa_signature sig_der_lax; unsigned char roundtrip_der_lax[2048]; unsigned char compact_der_lax[64]; size_t len_der_lax = 2048; int parsed_der_lax = 0, valid_der_lax = 0, roundtrips_der_lax = 0; - parsed_der = rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig_der, sig, siglen); + parsed_der = secp256k1_ecdsa_signature_parse_der(CTX, &sig_der, sig, siglen); if (parsed_der) { - ret |= (!rustsecp256k1_v0_11_ecdsa_signature_serialize_compact(CTX, compact_der, &sig_der)) << 0; - valid_der = (rustsecp256k1_v0_11_memcmp_var(compact_der, zeroes, 32) != 0) && (rustsecp256k1_v0_11_memcmp_var(compact_der + 32, zeroes, 32) != 0); + ret |= (!secp256k1_ecdsa_signature_serialize_compact(CTX, compact_der, &sig_der)) << 0; + valid_der = (secp256k1_memcmp_var(compact_der, zeroes, 32) != 0) && (secp256k1_memcmp_var(compact_der + 32, zeroes, 32) != 0); } if (valid_der) { - ret |= (!rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, roundtrip_der, &len_der, &sig_der)) << 1; - roundtrips_der = (len_der == siglen) && rustsecp256k1_v0_11_memcmp_var(roundtrip_der, sig, siglen) == 0; + ret |= (!secp256k1_ecdsa_signature_serialize_der(CTX, roundtrip_der, &len_der, &sig_der)) << 1; + roundtrips_der = (len_der == siglen) && secp256k1_memcmp_var(roundtrip_der, sig, siglen) == 0; } - parsed_der_lax = rustsecp256k1_v0_11_ecdsa_signature_parse_der_lax(CTX, &sig_der_lax, sig, siglen); + parsed_der_lax = ecdsa_signature_parse_der_lax(CTX, &sig_der_lax, sig, siglen); if (parsed_der_lax) { - ret |= (!rustsecp256k1_v0_11_ecdsa_signature_serialize_compact(CTX, compact_der_lax, &sig_der_lax)) << 10; - valid_der_lax = (rustsecp256k1_v0_11_memcmp_var(compact_der_lax, zeroes, 32) != 0) && (rustsecp256k1_v0_11_memcmp_var(compact_der_lax + 32, zeroes, 32) != 0); + ret |= (!secp256k1_ecdsa_signature_serialize_compact(CTX, compact_der_lax, &sig_der_lax)) << 10; + valid_der_lax = (secp256k1_memcmp_var(compact_der_lax, zeroes, 32) != 0) && (secp256k1_memcmp_var(compact_der_lax + 32, zeroes, 32) != 0); } if (valid_der_lax) { - ret |= (!rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; - roundtrips_der_lax = (len_der_lax == siglen) && rustsecp256k1_v0_11_memcmp_var(roundtrip_der_lax, sig, siglen) == 0; + ret |= (!secp256k1_ecdsa_signature_serialize_der(CTX, roundtrip_der_lax, &len_der_lax, &sig_der_lax)) << 11; + roundtrips_der_lax = (len_der_lax == siglen) && secp256k1_memcmp_var(roundtrip_der_lax, sig, siglen) == 0; } if (certainly_der) { @@ -6824,7 +6816,7 @@ static int test_ecdsa_der_parse(const unsigned char *sig, size_t siglen, int cer if (valid_der) { ret |= (!roundtrips_der_lax) << 12; ret |= (len_der != len_der_lax) << 13; - ret |= ((len_der != len_der_lax) || (rustsecp256k1_v0_11_memcmp_var(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; + ret |= ((len_der != len_der_lax) || (secp256k1_memcmp_var(roundtrip_der_lax, roundtrip_der, len_der) != 0)) << 14; } ret |= (roundtrips_der != roundtrips_der_lax) << 15; if (parsed_der) { @@ -7053,22 +7045,22 @@ static void run_ecdsa_der_parse(void) { /* Tests several edge cases. */ static void test_ecdsa_edge_cases(void) { int t; - rustsecp256k1_v0_11_ecdsa_signature sig; + secp256k1_ecdsa_signature sig; /* Test the case where ECDSA recomputes a point that is infinity. */ { - rustsecp256k1_v0_11_gej keyj; - rustsecp256k1_v0_11_ge key; - rustsecp256k1_v0_11_scalar msg; - rustsecp256k1_v0_11_scalar sr, ss; - rustsecp256k1_v0_11_scalar_set_int(&ss, 1); - rustsecp256k1_v0_11_scalar_negate(&ss, &ss); - rustsecp256k1_v0_11_scalar_inverse(&ss, &ss); - rustsecp256k1_v0_11_scalar_set_int(&sr, 1); - rustsecp256k1_v0_11_ecmult_gen(&CTX->ecmult_gen_ctx, &keyj, &sr); - rustsecp256k1_v0_11_ge_set_gej(&key, &keyj); + secp256k1_gej keyj; + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_negate(&ss, &ss); + secp256k1_scalar_inverse(&ss, &ss); + secp256k1_scalar_set_int(&sr, 1); + secp256k1_ecmult_gen(&CTX->ecmult_gen_ctx, &keyj, &sr); + secp256k1_ge_set_gej(&key, &keyj); msg = ss; - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); } /* Verify signature with r of zero fails. */ @@ -7080,14 +7072,14 @@ static void test_ecdsa_edge_cases(void) { 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 }; - rustsecp256k1_v0_11_ge key; - rustsecp256k1_v0_11_scalar msg; - rustsecp256k1_v0_11_scalar sr, ss; - rustsecp256k1_v0_11_scalar_set_int(&ss, 1); - rustsecp256k1_v0_11_scalar_set_int(&msg, 0); - rustsecp256k1_v0_11_scalar_set_int(&sr, 0); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_parse(&key, pubkey_mods_zero, 33)); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify( &sr, &ss, &key, &msg) == 0); + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 0); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey_mods_zero, 33)); + CHECK(secp256k1_ecdsa_sig_verify( &sr, &ss, &key, &msg) == 0); } /* Verify signature with s of zero fails. */ @@ -7099,14 +7091,14 @@ static void test_ecdsa_edge_cases(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; - rustsecp256k1_v0_11_ge key; - rustsecp256k1_v0_11_scalar msg; - rustsecp256k1_v0_11_scalar sr, ss; - rustsecp256k1_v0_11_scalar_set_int(&ss, 0); - rustsecp256k1_v0_11_scalar_set_int(&msg, 0); - rustsecp256k1_v0_11_scalar_set_int(&sr, 1); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 0); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 1); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); } /* Verify signature with message 0 passes. */ @@ -7125,23 +7117,23 @@ static void test_ecdsa_edge_cases(void) { 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x43 }; - rustsecp256k1_v0_11_ge key; - rustsecp256k1_v0_11_ge key2; - rustsecp256k1_v0_11_scalar msg; - rustsecp256k1_v0_11_scalar sr, ss; - rustsecp256k1_v0_11_scalar_set_int(&ss, 2); - rustsecp256k1_v0_11_scalar_set_int(&msg, 0); - rustsecp256k1_v0_11_scalar_set_int(&sr, 2); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_parse(&key2, pubkey2, 33)); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 1); - rustsecp256k1_v0_11_scalar_negate(&ss, &ss); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 1); - rustsecp256k1_v0_11_scalar_set_int(&ss, 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 0); + secp256k1_ge key; + secp256k1_ge key2; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 2); + secp256k1_scalar_set_int(&msg, 0); + secp256k1_scalar_set_int(&sr, 2); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_eckey_pubkey_parse(&key2, pubkey2, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_set_int(&ss, 1); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 0); } /* Verify signature with message 1 passes. */ @@ -7166,24 +7158,24 @@ static void test_ecdsa_edge_cases(void) { 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xeb }; - rustsecp256k1_v0_11_ge key; - rustsecp256k1_v0_11_ge key2; - rustsecp256k1_v0_11_scalar msg; - rustsecp256k1_v0_11_scalar sr, ss; - rustsecp256k1_v0_11_scalar_set_int(&ss, 1); - rustsecp256k1_v0_11_scalar_set_int(&msg, 1); - rustsecp256k1_v0_11_scalar_set_b32(&sr, csr, NULL); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_parse(&key2, pubkey2, 33)); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 1); - rustsecp256k1_v0_11_scalar_negate(&ss, &ss); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 1); - rustsecp256k1_v0_11_scalar_set_int(&ss, 2); - rustsecp256k1_v0_11_scalar_inverse_var(&ss, &ss); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 0); + secp256k1_ge key; + secp256k1_ge key2; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 1); + secp256k1_scalar_set_b32(&sr, csr, NULL); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_eckey_pubkey_parse(&key2, pubkey2, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 1); + secp256k1_scalar_set_int(&ss, 2); + secp256k1_scalar_inverse_var(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key2, &msg) == 0); } /* Verify signature with message -1 passes. */ @@ -7201,25 +7193,25 @@ static void test_ecdsa_edge_cases(void) { 0x45, 0x51, 0x23, 0x19, 0x50, 0xb7, 0x5f, 0xc4, 0x40, 0x2d, 0xa1, 0x72, 0x2f, 0xc9, 0xba, 0xee }; - rustsecp256k1_v0_11_ge key; - rustsecp256k1_v0_11_scalar msg; - rustsecp256k1_v0_11_scalar sr, ss; - rustsecp256k1_v0_11_scalar_set_int(&ss, 1); - rustsecp256k1_v0_11_scalar_set_int(&msg, 1); - rustsecp256k1_v0_11_scalar_negate(&msg, &msg); - rustsecp256k1_v0_11_scalar_set_b32(&sr, csr, NULL); - CHECK(rustsecp256k1_v0_11_eckey_pubkey_parse(&key, pubkey, 33)); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); - rustsecp256k1_v0_11_scalar_negate(&ss, &ss); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); - rustsecp256k1_v0_11_scalar_set_int(&ss, 3); - rustsecp256k1_v0_11_scalar_inverse_var(&ss, &ss); - CHECK(rustsecp256k1_v0_11_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); + secp256k1_ge key; + secp256k1_scalar msg; + secp256k1_scalar sr, ss; + secp256k1_scalar_set_int(&ss, 1); + secp256k1_scalar_set_int(&msg, 1); + secp256k1_scalar_negate(&msg, &msg); + secp256k1_scalar_set_b32(&sr, csr, NULL); + CHECK(secp256k1_eckey_pubkey_parse(&key, pubkey, 33)); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); + secp256k1_scalar_negate(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 1); + secp256k1_scalar_set_int(&ss, 3); + secp256k1_scalar_inverse_var(&ss, &ss); + CHECK(secp256k1_ecdsa_sig_verify(&sr, &ss, &key, &msg) == 0); } /* Signature where s would be zero. */ { - rustsecp256k1_v0_11_pubkey pubkey; + secp256k1_pubkey pubkey; size_t siglen; unsigned char signature[72]; static const unsigned char nonce[32] = { @@ -7246,42 +7238,42 @@ static void test_ecdsa_edge_cases(void) { 0xb8, 0x12, 0xe0, 0x0b, 0x81, 0x7a, 0x77, 0x62, 0x65, 0xdf, 0xdd, 0x31, 0xb9, 0x3e, 0x29, 0xa9, }; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce) == 0); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce2) == 0); msg[31] = 0xaa; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_sign(CTX, NULL, msg, key, precomputed_nonce_function, nonce2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, NULL, key, precomputed_nonce_function, nonce2)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, NULL, precomputed_nonce_function, nonce2)); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); - CHECK(rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, key) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_verify(CTX, NULL, msg, &pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, NULL, &pubkey)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg, NULL)); - CHECK(rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg, &pubkey) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ec_pubkey_create(CTX, &pubkey, NULL)); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign(CTX, NULL, msg, key, precomputed_nonce_function, nonce2)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign(CTX, &sig, NULL, key, precomputed_nonce_function, nonce2)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_sign(CTX, &sig, msg, NULL, precomputed_nonce_function, nonce2)); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, precomputed_nonce_function, nonce2) == 1); + CHECK(secp256k1_ec_pubkey_create(CTX, &pubkey, key) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_verify(CTX, NULL, msg, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_verify(CTX, &sig, NULL, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_verify(CTX, &sig, msg, NULL)); + CHECK(secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ec_pubkey_create(CTX, &pubkey, NULL)); /* That pubkeyload fails via an ARGCHECK is a little odd but makes sense because pubkeys are an opaque data type. */ - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_verify(CTX, &sig, msg, &pubkey)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_verify(CTX, &sig, msg, &pubkey)); siglen = 72; - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, NULL, &siglen, &sig)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, signature, NULL, &sig)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, signature, &siglen, NULL)); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, signature, &siglen, &sig) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, NULL, signature, siglen)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, NULL, siglen)); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &sig, signature, siglen) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_der(CTX, NULL, &siglen, &sig)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_der(CTX, signature, NULL, &sig)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, NULL)); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, &sig) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_parse_der(CTX, NULL, signature, siglen)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_parse_der(CTX, &sig, NULL, siglen)); + CHECK(secp256k1_ecdsa_signature_parse_der(CTX, &sig, signature, siglen) == 1); siglen = 10; /* Too little room for a signature does not fail via ARGCHECK. */ - CHECK(rustsecp256k1_v0_11_ecdsa_signature_serialize_der(CTX, signature, &siglen, &sig) == 0); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_normalize(CTX, NULL, NULL)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_serialize_compact(CTX, NULL, &sig)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_serialize_compact(CTX, signature, NULL)); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_serialize_compact(CTX, signature, &sig) == 1); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_parse_compact(CTX, NULL, signature)); - CHECK_ILLEGAL(CTX, rustsecp256k1_v0_11_ecdsa_signature_parse_compact(CTX, &sig, NULL)); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_compact(CTX, &sig, signature) == 1); + CHECK(secp256k1_ecdsa_signature_serialize_der(CTX, signature, &siglen, &sig) == 0); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_normalize(CTX, NULL, NULL)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_compact(CTX, NULL, &sig)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_serialize_compact(CTX, signature, NULL)); + CHECK(secp256k1_ecdsa_signature_serialize_compact(CTX, signature, &sig) == 1); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_parse_compact(CTX, NULL, signature)); + CHECK_ILLEGAL(CTX, secp256k1_ecdsa_signature_parse_compact(CTX, &sig, NULL)); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, signature) == 1); memset(signature, 255, 64); - CHECK(rustsecp256k1_v0_11_ecdsa_signature_parse_compact(CTX, &sig, signature) == 0); + CHECK(secp256k1_ecdsa_signature_parse_compact(CTX, &sig, signature) == 0); } /* Nonce function corner cases. */ @@ -7290,43 +7282,43 @@ static void test_ecdsa_edge_cases(void) { int i; unsigned char key[32]; unsigned char msg[32]; - rustsecp256k1_v0_11_ecdsa_signature sig2; - rustsecp256k1_v0_11_scalar sr[512], ss; + secp256k1_ecdsa_signature sig2; + secp256k1_scalar sr[512], ss; const unsigned char *extra; extra = t == 0 ? NULL : zero; memset(msg, 0, 32); msg[31] = 1; /* High key results in signature failure. */ memset(key, 0xFF, 32); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, key, NULL, extra) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, NULL, extra) == 0); CHECK(is_empty_signature(&sig)); /* Zero key results in signature failure. */ memset(key, 0, 32); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, key, NULL, extra) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, NULL, extra) == 0); CHECK(is_empty_signature(&sig)); /* Nonce function failure results in signature failure. */ key[31] = 1; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, key, nonce_function_test_fail, extra) == 0); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, nonce_function_test_fail, extra) == 0); CHECK(is_empty_signature(&sig)); /* The retry loop successfully makes its way to the first good value. */ - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig, msg, key, nonce_function_test_retry, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig, msg, key, nonce_function_test_retry, extra) == 1); CHECK(!is_empty_signature(&sig)); - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig2, msg, key, nonce_function_rfc6979, extra) == 1); CHECK(!is_empty_signature(&sig2)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); + CHECK(secp256k1_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); /* The default nonce function is deterministic. */ - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - CHECK(rustsecp256k1_v0_11_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); + CHECK(secp256k1_memcmp_var(&sig, &sig2, sizeof(sig)) == 0); /* The default nonce function changes output with different messages. */ for(i = 0; i < 256; i++) { int j; msg[0] = i; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - rustsecp256k1_v0_11_ecdsa_signature_load(CTX, &sr[i], &ss, &sig2); + secp256k1_ecdsa_signature_load(CTX, &sr[i], &ss, &sig2); for (j = 0; j < i; j++) { - CHECK(!rustsecp256k1_v0_11_scalar_eq(&sr[i], &sr[j])); + CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); } } msg[0] = 0; @@ -7335,11 +7327,11 @@ static void test_ecdsa_edge_cases(void) { for(i = 256; i < 512; i++) { int j; key[0] = i - 256; - CHECK(rustsecp256k1_v0_11_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); + CHECK(secp256k1_ecdsa_sign(CTX, &sig2, msg, key, NULL, extra) == 1); CHECK(!is_empty_signature(&sig2)); - rustsecp256k1_v0_11_ecdsa_signature_load(CTX, &sr[i], &ss, &sig2); + secp256k1_ecdsa_signature_load(CTX, &sr[i], &ss, &sig2); for (j = 0; j < i; j++) { - CHECK(!rustsecp256k1_v0_11_scalar_eq(&sr[i], &sr[j])); + CHECK(!secp256k1_scalar_eq(&sr[i], &sr[j])); } } key[0] = 0; @@ -7364,24 +7356,19 @@ static void test_ecdsa_edge_cases(void) { SECP256K1_CHECKMEM_CHECK(nonce3,32); CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1); SECP256K1_CHECKMEM_CHECK(nonce4,32); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce, nonce2, 32) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce, nonce3, 32) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce, nonce4, 32) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce2, nonce3, 32) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce2, nonce4, 32) != 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(nonce3, nonce4, 32) != 0); + CHECK(secp256k1_memcmp_var(nonce, nonce2, 32) != 0); + CHECK(secp256k1_memcmp_var(nonce, nonce3, 32) != 0); + CHECK(secp256k1_memcmp_var(nonce, nonce4, 32) != 0); + CHECK(secp256k1_memcmp_var(nonce2, nonce3, 32) != 0); + CHECK(secp256k1_memcmp_var(nonce2, nonce4, 32) != 0); + CHECK(secp256k1_memcmp_var(nonce3, nonce4, 32) != 0); } /* Privkey export where pubkey is the point at infinity. */ { unsigned char privkey[300]; - unsigned char seckey[32] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, - 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, - 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41, - }; + const unsigned char *seckey = secp256k1_group_order_bytes; size_t outlen = 300; CHECK(!ec_privkey_export_der(CTX, privkey, &outlen, seckey, 0)); outlen = 300; @@ -7398,29 +7385,29 @@ static void run_ecdsa_edge_cases(void) { The tests check for known attacks (range checks in (r,s), arithmetic errors, malleability). */ static void test_ecdsa_wycheproof(void) { - #include "wycheproof/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.h" + #include "wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h" int t; for (t = 0; t < SECP256K1_ECDSA_WYCHEPROOF_NUMBER_TESTVECTORS; t++) { - rustsecp256k1_v0_11_ecdsa_signature signature; - rustsecp256k1_v0_11_sha256 hasher; - rustsecp256k1_v0_11_pubkey pubkey; + secp256k1_ecdsa_signature signature; + secp256k1_sha256 hasher; + secp256k1_pubkey pubkey; const unsigned char *msg, *sig, *pk; unsigned char out[32] = {0}; int actual_verify = 0; memset(&pubkey, 0, sizeof(pubkey)); pk = &wycheproof_ecdsa_public_keys[testvectors[t].pk_offset]; - CHECK(rustsecp256k1_v0_11_ec_pubkey_parse(CTX, &pubkey, pk, 65) == 1); + CHECK(secp256k1_ec_pubkey_parse(CTX, &pubkey, pk, 65) == 1); - rustsecp256k1_v0_11_sha256_initialize(&hasher); + secp256k1_sha256_initialize(&hasher); msg = &wycheproof_ecdsa_messages[testvectors[t].msg_offset]; - rustsecp256k1_v0_11_sha256_write(&hasher, msg, testvectors[t].msg_len); - rustsecp256k1_v0_11_sha256_finalize(&hasher, out); + secp256k1_sha256_write(&hasher, msg, testvectors[t].msg_len); + secp256k1_sha256_finalize(&hasher, out); sig = &wycheproof_ecdsa_signatures[testvectors[t].sig_offset]; - if (rustsecp256k1_v0_11_ecdsa_signature_parse_der(CTX, &signature, sig, testvectors[t].sig_len) == 1) { - actual_verify = rustsecp256k1_v0_11_ecdsa_verify(CTX, (const rustsecp256k1_v0_11_ecdsa_signature *)&signature, out, &pubkey); + if (secp256k1_ecdsa_signature_parse_der(CTX, &signature, sig, testvectors[t].sig_len) == 1) { + actual_verify = secp256k1_ecdsa_verify(CTX, (const secp256k1_ecdsa_signature *)&signature, out, &pubkey); } CHECK(testvectors[t].expected_verify == actual_verify); } @@ -7455,44 +7442,44 @@ static void run_ecdsa_wycheproof(void) { # include "modules/ellswift/tests_impl.h" #endif -static void run_rustsecp256k1_v0_11_memczero_test(void) { +static void run_secp256k1_memczero_test(void) { unsigned char buf1[6] = {1, 2, 3, 4, 5, 6}; unsigned char buf2[sizeof(buf1)]; - /* rustsecp256k1_v0_11_memczero(..., ..., 0) is a noop. */ + /* secp256k1_memczero(..., ..., 0) is a noop. */ memcpy(buf2, buf1, sizeof(buf1)); - rustsecp256k1_v0_11_memczero(buf1, sizeof(buf1), 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(buf1, buf2, sizeof(buf1)) == 0); + secp256k1_memczero(buf1, sizeof(buf1), 0); + CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0); - /* rustsecp256k1_v0_11_memczero(..., ..., 1) zeros the buffer. */ + /* secp256k1_memczero(..., ..., 1) zeros the buffer. */ memset(buf2, 0, sizeof(buf2)); - rustsecp256k1_v0_11_memczero(buf1, sizeof(buf1) , 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(buf1, buf2, sizeof(buf1)) == 0); + secp256k1_memczero(buf1, sizeof(buf1) , 1); + CHECK(secp256k1_memcmp_var(buf1, buf2, sizeof(buf1)) == 0); } -static void run_rustsecp256k1_v0_11_is_zero_array_test(void) { +static void run_secp256k1_is_zero_array_test(void) { unsigned char buf1[3] = {0, 1}; unsigned char buf2[3] = {1, 0}; - CHECK(rustsecp256k1_v0_11_is_zero_array(buf1, 0) == 1); - CHECK(rustsecp256k1_v0_11_is_zero_array(buf1, 1) == 1); - CHECK(rustsecp256k1_v0_11_is_zero_array(buf1, 2) == 0); - CHECK(rustsecp256k1_v0_11_is_zero_array(buf2, 1) == 0); - CHECK(rustsecp256k1_v0_11_is_zero_array(buf2, 2) == 0); + CHECK(secp256k1_is_zero_array(buf1, 0) == 1); + CHECK(secp256k1_is_zero_array(buf1, 1) == 1); + CHECK(secp256k1_is_zero_array(buf1, 2) == 0); + CHECK(secp256k1_is_zero_array(buf2, 1) == 0); + CHECK(secp256k1_is_zero_array(buf2, 2) == 0); } -static void run_rustsecp256k1_v0_11_byteorder_tests(void) { +static void run_secp256k1_byteorder_tests(void) { { const uint32_t x = 0xFF03AB45; const unsigned char x_be[4] = {0xFF, 0x03, 0xAB, 0x45}; unsigned char buf[4]; uint32_t x_; - rustsecp256k1_v0_11_write_be32(buf, x); - CHECK(rustsecp256k1_v0_11_memcmp_var(buf, x_be, sizeof(buf)) == 0); + secp256k1_write_be32(buf, x); + CHECK(secp256k1_memcmp_var(buf, x_be, sizeof(buf)) == 0); - x_ = rustsecp256k1_v0_11_read_be32(buf); + x_ = secp256k1_read_be32(buf); CHECK(x == x_); } @@ -7502,10 +7489,10 @@ static void run_rustsecp256k1_v0_11_byteorder_tests(void) { unsigned char buf[8]; uint64_t x_; - rustsecp256k1_v0_11_write_be64(buf, x); - CHECK(rustsecp256k1_v0_11_memcmp_var(buf, x_be, sizeof(buf)) == 0); + secp256k1_write_be64(buf, x); + CHECK(secp256k1_memcmp_var(buf, x_be, sizeof(buf)) == 0); - x_ = rustsecp256k1_v0_11_read_be64(buf); + x_ = secp256k1_read_be64(buf); CHECK(x == x_); } } @@ -7514,145 +7501,145 @@ static void int_cmov_test(void) { int r = INT_MAX; int a = 0; - rustsecp256k1_v0_11_int_cmov(&r, &a, 0); + secp256k1_int_cmov(&r, &a, 0); CHECK(r == INT_MAX); r = 0; a = INT_MAX; - rustsecp256k1_v0_11_int_cmov(&r, &a, 1); + secp256k1_int_cmov(&r, &a, 1); CHECK(r == INT_MAX); a = 0; - rustsecp256k1_v0_11_int_cmov(&r, &a, 1); + secp256k1_int_cmov(&r, &a, 1); CHECK(r == 0); a = 1; - rustsecp256k1_v0_11_int_cmov(&r, &a, 1); + secp256k1_int_cmov(&r, &a, 1); CHECK(r == 1); r = 1; a = 0; - rustsecp256k1_v0_11_int_cmov(&r, &a, 0); + secp256k1_int_cmov(&r, &a, 0); CHECK(r == 1); } static void fe_cmov_test(void) { - static const rustsecp256k1_v0_11_fe zero = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0); - static const rustsecp256k1_v0_11_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); - static const rustsecp256k1_v0_11_fe max = SECP256K1_FE_CONST( + static const secp256k1_fe zero = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const secp256k1_fe one = SECP256K1_FE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + static const secp256k1_fe max = SECP256K1_FE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - rustsecp256k1_v0_11_fe r = max; - rustsecp256k1_v0_11_fe a = zero; + secp256k1_fe r = max; + secp256k1_fe a = zero; - rustsecp256k1_v0_11_fe_cmov(&r, &a, 0); + secp256k1_fe_cmov(&r, &a, 0); CHECK(fe_identical(&r, &max)); r = zero; a = max; - rustsecp256k1_v0_11_fe_cmov(&r, &a, 1); + secp256k1_fe_cmov(&r, &a, 1); CHECK(fe_identical(&r, &max)); a = zero; - rustsecp256k1_v0_11_fe_cmov(&r, &a, 1); + secp256k1_fe_cmov(&r, &a, 1); CHECK(fe_identical(&r, &zero)); a = one; - rustsecp256k1_v0_11_fe_cmov(&r, &a, 1); + secp256k1_fe_cmov(&r, &a, 1); CHECK(fe_identical(&r, &one)); r = one; a = zero; - rustsecp256k1_v0_11_fe_cmov(&r, &a, 0); + secp256k1_fe_cmov(&r, &a, 0); CHECK(fe_identical(&r, &one)); } static void fe_storage_cmov_test(void) { - static const rustsecp256k1_v0_11_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0); - static const rustsecp256k1_v0_11_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1); - static const rustsecp256k1_v0_11_fe_storage max = SECP256K1_FE_STORAGE_CONST( + static const secp256k1_fe_storage zero = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0); + static const secp256k1_fe_storage one = SECP256K1_FE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1); + static const secp256k1_fe_storage max = SECP256K1_FE_STORAGE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - rustsecp256k1_v0_11_fe_storage r = max; - rustsecp256k1_v0_11_fe_storage a = zero; + secp256k1_fe_storage r = max; + secp256k1_fe_storage a = zero; - rustsecp256k1_v0_11_fe_storage_cmov(&r, &a, 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &max, sizeof(r)) == 0); + secp256k1_fe_storage_cmov(&r, &a, 0); + CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); r = zero; a = max; - rustsecp256k1_v0_11_fe_storage_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &max, sizeof(r)) == 0); + secp256k1_fe_storage_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); a = zero; - rustsecp256k1_v0_11_fe_storage_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &zero, sizeof(r)) == 0); + secp256k1_fe_storage_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0); a = one; - rustsecp256k1_v0_11_fe_storage_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &one, sizeof(r)) == 0); + secp256k1_fe_storage_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); r = one; a = zero; - rustsecp256k1_v0_11_fe_storage_cmov(&r, &a, 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &one, sizeof(r)) == 0); + secp256k1_fe_storage_cmov(&r, &a, 0); + CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); } static void scalar_cmov_test(void) { - static const rustsecp256k1_v0_11_scalar max = SECP256K1_SCALAR_CONST( + static const secp256k1_scalar max = SECP256K1_SCALAR_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFEUL, 0xBAAEDCE6UL, 0xAF48A03BUL, 0xBFD25E8CUL, 0xD0364140UL ); - rustsecp256k1_v0_11_scalar r = max; - rustsecp256k1_v0_11_scalar a = rustsecp256k1_v0_11_scalar_zero; + secp256k1_scalar r = max; + secp256k1_scalar a = secp256k1_scalar_zero; - rustsecp256k1_v0_11_scalar_cmov(&r, &a, 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &max, sizeof(r)) == 0); + secp256k1_scalar_cmov(&r, &a, 0); + CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); - r = rustsecp256k1_v0_11_scalar_zero; a = max; - rustsecp256k1_v0_11_scalar_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &max, sizeof(r)) == 0); + r = secp256k1_scalar_zero; a = max; + secp256k1_scalar_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); - a = rustsecp256k1_v0_11_scalar_zero; - rustsecp256k1_v0_11_scalar_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &rustsecp256k1_v0_11_scalar_zero, sizeof(r)) == 0); + a = secp256k1_scalar_zero; + secp256k1_scalar_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &secp256k1_scalar_zero, sizeof(r)) == 0); - a = rustsecp256k1_v0_11_scalar_one; - rustsecp256k1_v0_11_scalar_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &rustsecp256k1_v0_11_scalar_one, sizeof(r)) == 0); + a = secp256k1_scalar_one; + secp256k1_scalar_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &secp256k1_scalar_one, sizeof(r)) == 0); - r = rustsecp256k1_v0_11_scalar_one; a = rustsecp256k1_v0_11_scalar_zero; - rustsecp256k1_v0_11_scalar_cmov(&r, &a, 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &rustsecp256k1_v0_11_scalar_one, sizeof(r)) == 0); + r = secp256k1_scalar_one; a = secp256k1_scalar_zero; + secp256k1_scalar_cmov(&r, &a, 0); + CHECK(secp256k1_memcmp_var(&r, &secp256k1_scalar_one, sizeof(r)) == 0); } static void ge_storage_cmov_test(void) { - static const rustsecp256k1_v0_11_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); - static const rustsecp256k1_v0_11_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1); - static const rustsecp256k1_v0_11_ge_storage max = SECP256K1_GE_STORAGE_CONST( + static const secp256k1_ge_storage zero = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + static const secp256k1_ge_storage one = SECP256K1_GE_STORAGE_CONST(0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1); + static const secp256k1_ge_storage max = SECP256K1_GE_STORAGE_CONST( 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL, 0xFFFFFFFFUL ); - rustsecp256k1_v0_11_ge_storage r = max; - rustsecp256k1_v0_11_ge_storage a = zero; + secp256k1_ge_storage r = max; + secp256k1_ge_storage a = zero; - rustsecp256k1_v0_11_ge_storage_cmov(&r, &a, 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &max, sizeof(r)) == 0); + secp256k1_ge_storage_cmov(&r, &a, 0); + CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); r = zero; a = max; - rustsecp256k1_v0_11_ge_storage_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &max, sizeof(r)) == 0); + secp256k1_ge_storage_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &max, sizeof(r)) == 0); a = zero; - rustsecp256k1_v0_11_ge_storage_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &zero, sizeof(r)) == 0); + secp256k1_ge_storage_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &zero, sizeof(r)) == 0); a = one; - rustsecp256k1_v0_11_ge_storage_cmov(&r, &a, 1); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &one, sizeof(r)) == 0); + secp256k1_ge_storage_cmov(&r, &a, 1); + CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); r = one; a = zero; - rustsecp256k1_v0_11_ge_storage_cmov(&r, &a, 0); - CHECK(rustsecp256k1_v0_11_memcmp_var(&r, &one, sizeof(r)) == 0); + secp256k1_ge_storage_cmov(&r, &a, 0); + CHECK(secp256k1_memcmp_var(&r, &one, sizeof(r)) == 0); } static void run_cmov_tests(void) { @@ -7696,23 +7683,23 @@ int main(int argc, char **argv) { /*** Setup test environment ***/ /* Create a global context available to all tests */ - CTX = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + CTX = secp256k1_context_create(SECP256K1_CONTEXT_NONE); /* Randomize the context only with probability 15/16 to make sure we test without context randomization from time to time. TODO Reconsider this when recalibrating the tests. */ if (testrand_bits(4)) { unsigned char rand32[32]; testrand256(rand32); - CHECK(rustsecp256k1_v0_11_context_randomize(CTX, rand32)); + CHECK(secp256k1_context_randomize(CTX, rand32)); } - /* Make a writable copy of rustsecp256k1_v0_11_context_static in order to test the effect of API functions + /* Make a writable copy of secp256k1_context_static in order to test the effect of API functions that write to the context. The API does not support cloning the static context, so we use memcpy instead. The user is not supposed to copy a context but we should still ensure that the API functions handle copies of the static context gracefully. */ - STATIC_CTX = malloc(sizeof(*rustsecp256k1_v0_11_context_static)); + STATIC_CTX = malloc(sizeof(*secp256k1_context_static)); CHECK(STATIC_CTX != NULL); - memcpy(STATIC_CTX, rustsecp256k1_v0_11_context_static, sizeof(rustsecp256k1_v0_11_context)); - CHECK(!rustsecp256k1_v0_11_context_is_proper(STATIC_CTX)); + memcpy(STATIC_CTX, secp256k1_context_static, sizeof(secp256k1_context)); + CHECK(!secp256k1_context_is_proper(STATIC_CTX)); /*** Run actual tests ***/ @@ -7824,18 +7811,18 @@ int main(int argc, char **argv) { #endif /* util tests */ - run_rustsecp256k1_v0_11_memczero_test(); - run_rustsecp256k1_v0_11_is_zero_array_test(); - run_rustsecp256k1_v0_11_byteorder_tests(); + run_secp256k1_memczero_test(); + run_secp256k1_is_zero_array_test(); + run_secp256k1_byteorder_tests(); run_cmov_tests(); /*** Tear down test environment ***/ free(STATIC_CTX); - rustsecp256k1_v0_11_context_destroy(CTX); + secp256k1_context_destroy(CTX); testrand_finish(); printf("no problems found\n"); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/src/tests_exhaustive.c b/secp256k1-sys/depend/secp256k1/src/tests_exhaustive.c index 722b03c5f..f8bbcaaf5 100644 --- a/secp256k1-sys/depend/secp256k1/src/tests_exhaustive.c +++ b/secp256k1-sys/depend/secp256k1/src/tests_exhaustive.c @@ -42,10 +42,10 @@ SECP256K1_INLINE static int skip_section(uint64_t* iter) { return ((((uint32_t)*iter ^ (*iter >> 32)) * num_cores) >> 32) != this_core; } -static int rustsecp256k1_v0_11_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, +static int secp256k1_nonce_function_smallint(unsigned char *nonce32, const unsigned char *msg32, const unsigned char *key32, const unsigned char *algo16, void *data, unsigned int attempt) { - rustsecp256k1_v0_11_scalar s; + secp256k1_scalar s; int *idata = data; (void)msg32; (void)key32; @@ -57,94 +57,94 @@ static int rustsecp256k1_v0_11_nonce_function_smallint(unsigned char *nonce32, c if (attempt > 0) { *idata = (*idata + 1) % EXHAUSTIVE_TEST_ORDER; } - rustsecp256k1_v0_11_scalar_set_int(&s, *idata); - rustsecp256k1_v0_11_scalar_get_b32(nonce32, &s); + secp256k1_scalar_set_int(&s, *idata); + secp256k1_scalar_get_b32(nonce32, &s); return 1; } -static void test_exhaustive_endomorphism(const rustsecp256k1_v0_11_ge *group) { +static void test_exhaustive_endomorphism(const secp256k1_ge *group) { int i; for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_11_ge res; - rustsecp256k1_v0_11_ge_mul_lambda(&res, &group[i]); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res)); + secp256k1_ge res; + secp256k1_ge_mul_lambda(&res, &group[i]); + CHECK(secp256k1_ge_eq_var(&group[i * EXHAUSTIVE_TEST_LAMBDA % EXHAUSTIVE_TEST_ORDER], &res)); } } -static void test_exhaustive_addition(const rustsecp256k1_v0_11_ge *group, const rustsecp256k1_v0_11_gej *groupj) { +static void test_exhaustive_addition(const secp256k1_ge *group, const secp256k1_gej *groupj) { int i, j; uint64_t iter = 0; /* Sanity-check (and check infinity functions) */ - CHECK(rustsecp256k1_v0_11_ge_is_infinity(&group[0])); - CHECK(rustsecp256k1_v0_11_gej_is_infinity(&groupj[0])); + CHECK(secp256k1_ge_is_infinity(&group[0])); + CHECK(secp256k1_gej_is_infinity(&groupj[0])); for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - CHECK(!rustsecp256k1_v0_11_ge_is_infinity(&group[i])); - CHECK(!rustsecp256k1_v0_11_gej_is_infinity(&groupj[i])); + CHECK(!secp256k1_ge_is_infinity(&group[i])); + CHECK(!secp256k1_gej_is_infinity(&groupj[i])); } /* Check all addition formulae */ for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { - rustsecp256k1_v0_11_fe fe_inv; + secp256k1_fe fe_inv; if (skip_section(&iter)) continue; - rustsecp256k1_v0_11_fe_inv(&fe_inv, &groupj[j].z); + secp256k1_fe_inv(&fe_inv, &groupj[j].z); for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_11_ge zless_gej; - rustsecp256k1_v0_11_gej tmp; + secp256k1_ge zless_gej; + secp256k1_gej tmp; /* add_var */ - rustsecp256k1_v0_11_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER])); + secp256k1_gej_add_var(&tmp, &groupj[i], &groupj[j], NULL); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER])); /* add_ge */ if (j > 0) { - rustsecp256k1_v0_11_gej_add_ge(&tmp, &groupj[i], &group[j]); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER])); + secp256k1_gej_add_ge(&tmp, &groupj[i], &group[j]); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER])); } /* add_ge_var */ - rustsecp256k1_v0_11_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER])); + secp256k1_gej_add_ge_var(&tmp, &groupj[i], &group[j], NULL); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER])); /* add_zinv_var */ zless_gej.infinity = groupj[j].infinity; zless_gej.x = groupj[j].x; zless_gej.y = groupj[j].y; - rustsecp256k1_v0_11_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER])); + secp256k1_gej_add_zinv_var(&tmp, &groupj[i], &zless_gej, &fe_inv); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i + j) % EXHAUSTIVE_TEST_ORDER])); } } /* Check doubling */ for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_11_gej tmp; - rustsecp256k1_v0_11_gej_double(&tmp, &groupj[i]); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(2 * i) % EXHAUSTIVE_TEST_ORDER])); - rustsecp256k1_v0_11_gej_double_var(&tmp, &groupj[i], NULL); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(2 * i) % EXHAUSTIVE_TEST_ORDER])); + secp256k1_gej tmp; + secp256k1_gej_double(&tmp, &groupj[i]); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(2 * i) % EXHAUSTIVE_TEST_ORDER])); + secp256k1_gej_double_var(&tmp, &groupj[i], NULL); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(2 * i) % EXHAUSTIVE_TEST_ORDER])); } /* Check negation */ for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_11_ge tmp; - rustsecp256k1_v0_11_gej tmpj; - rustsecp256k1_v0_11_ge_neg(&tmp, &group[i]); - CHECK(rustsecp256k1_v0_11_ge_eq_var(&tmp, &group[EXHAUSTIVE_TEST_ORDER - i])); - rustsecp256k1_v0_11_gej_neg(&tmpj, &groupj[i]); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmpj, &group[EXHAUSTIVE_TEST_ORDER - i])); + secp256k1_ge tmp; + secp256k1_gej tmpj; + secp256k1_ge_neg(&tmp, &group[i]); + CHECK(secp256k1_ge_eq_var(&tmp, &group[EXHAUSTIVE_TEST_ORDER - i])); + secp256k1_gej_neg(&tmpj, &groupj[i]); + CHECK(secp256k1_gej_eq_ge_var(&tmpj, &group[EXHAUSTIVE_TEST_ORDER - i])); } } -static void test_exhaustive_ecmult(const rustsecp256k1_v0_11_ge *group, const rustsecp256k1_v0_11_gej *groupj) { +static void test_exhaustive_ecmult(const secp256k1_ge *group, const secp256k1_gej *groupj) { int i, j, r_log; uint64_t iter = 0; for (r_log = 1; r_log < EXHAUSTIVE_TEST_ORDER; r_log++) { for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { if (skip_section(&iter)) continue; for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_11_gej tmp; - rustsecp256k1_v0_11_scalar na, ng; - rustsecp256k1_v0_11_scalar_set_int(&na, i); - rustsecp256k1_v0_11_scalar_set_int(&ng, j); + secp256k1_gej tmp; + secp256k1_scalar na, ng; + secp256k1_scalar_set_int(&na, i); + secp256k1_scalar_set_int(&ng, j); - rustsecp256k1_v0_11_ecmult(&tmp, &groupj[r_log], &na, &ng); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(i * r_log + j) % EXHAUSTIVE_TEST_ORDER])); + secp256k1_ecmult(&tmp, &groupj[r_log], &na, &ng); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i * r_log + j) % EXHAUSTIVE_TEST_ORDER])); } } } @@ -152,141 +152,141 @@ static void test_exhaustive_ecmult(const rustsecp256k1_v0_11_ge *group, const ru for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { int ret; - rustsecp256k1_v0_11_gej tmp; - rustsecp256k1_v0_11_fe xn, xd, tmpf; - rustsecp256k1_v0_11_scalar ng; + secp256k1_gej tmp; + secp256k1_fe xn, xd, tmpf; + secp256k1_scalar ng; if (skip_section(&iter)) continue; - rustsecp256k1_v0_11_scalar_set_int(&ng, j); + secp256k1_scalar_set_int(&ng, j); - /* Test rustsecp256k1_v0_11_ecmult_const. */ - rustsecp256k1_v0_11_ecmult_const(&tmp, &group[i], &ng); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(i * j) % EXHAUSTIVE_TEST_ORDER])); + /* Test secp256k1_ecmult_const. */ + secp256k1_ecmult_const(&tmp, &group[i], &ng); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i * j) % EXHAUSTIVE_TEST_ORDER])); if (i != 0 && j != 0) { - /* Test rustsecp256k1_v0_11_ecmult_const_xonly with all curve X coordinates, and xd=NULL. */ - ret = rustsecp256k1_v0_11_ecmult_const_xonly(&tmpf, &group[i].x, NULL, &ng, 0); + /* Test secp256k1_ecmult_const_xonly with all curve X coordinates, and xd=NULL. */ + ret = secp256k1_ecmult_const_xonly(&tmpf, &group[i].x, NULL, &ng, 0); CHECK(ret); - CHECK(rustsecp256k1_v0_11_fe_equal(&tmpf, &group[(i * j) % EXHAUSTIVE_TEST_ORDER].x)); + CHECK(secp256k1_fe_equal(&tmpf, &group[(i * j) % EXHAUSTIVE_TEST_ORDER].x)); - /* Test rustsecp256k1_v0_11_ecmult_const_xonly with all curve X coordinates, with random xd. */ + /* Test secp256k1_ecmult_const_xonly with all curve X coordinates, with random xd. */ testutil_random_fe_non_zero(&xd); - rustsecp256k1_v0_11_fe_mul(&xn, &xd, &group[i].x); - ret = rustsecp256k1_v0_11_ecmult_const_xonly(&tmpf, &xn, &xd, &ng, 0); + secp256k1_fe_mul(&xn, &xd, &group[i].x); + ret = secp256k1_ecmult_const_xonly(&tmpf, &xn, &xd, &ng, 0); CHECK(ret); - CHECK(rustsecp256k1_v0_11_fe_equal(&tmpf, &group[(i * j) % EXHAUSTIVE_TEST_ORDER].x)); + CHECK(secp256k1_fe_equal(&tmpf, &group[(i * j) % EXHAUSTIVE_TEST_ORDER].x)); } } } } typedef struct { - rustsecp256k1_v0_11_scalar sc[2]; - rustsecp256k1_v0_11_ge pt[2]; + secp256k1_scalar sc[2]; + secp256k1_ge pt[2]; } ecmult_multi_data; -static int ecmult_multi_callback(rustsecp256k1_v0_11_scalar *sc, rustsecp256k1_v0_11_ge *pt, size_t idx, void *cbdata) { +static int ecmult_multi_callback(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void *cbdata) { ecmult_multi_data *data = (ecmult_multi_data*) cbdata; *sc = data->sc[idx]; *pt = data->pt[idx]; return 1; } -static void test_exhaustive_ecmult_multi(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_ge *group) { +static void test_exhaustive_ecmult_multi(const secp256k1_context *ctx, const secp256k1_ge *group) { int i, j, k, x, y; uint64_t iter = 0; - rustsecp256k1_v0_11_scratch *scratch = rustsecp256k1_v0_11_scratch_create(&ctx->error_callback, 4096); + secp256k1_scratch *scratch = secp256k1_scratch_create(&ctx->error_callback, 4096); for (i = 0; i < EXHAUSTIVE_TEST_ORDER; i++) { for (j = 0; j < EXHAUSTIVE_TEST_ORDER; j++) { for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { for (x = 0; x < EXHAUSTIVE_TEST_ORDER; x++) { if (skip_section(&iter)) continue; for (y = 0; y < EXHAUSTIVE_TEST_ORDER; y++) { - rustsecp256k1_v0_11_gej tmp; - rustsecp256k1_v0_11_scalar g_sc; + secp256k1_gej tmp; + secp256k1_scalar g_sc; ecmult_multi_data data; - rustsecp256k1_v0_11_scalar_set_int(&data.sc[0], i); - rustsecp256k1_v0_11_scalar_set_int(&data.sc[1], j); - rustsecp256k1_v0_11_scalar_set_int(&g_sc, k); + secp256k1_scalar_set_int(&data.sc[0], i); + secp256k1_scalar_set_int(&data.sc[1], j); + secp256k1_scalar_set_int(&g_sc, k); data.pt[0] = group[x]; data.pt[1] = group[y]; - rustsecp256k1_v0_11_ecmult_multi_var(&ctx->error_callback, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); - CHECK(rustsecp256k1_v0_11_gej_eq_ge_var(&tmp, &group[(i * x + j * y + k) % EXHAUSTIVE_TEST_ORDER])); + secp256k1_ecmult_multi_var(&ctx->error_callback, scratch, &tmp, &g_sc, ecmult_multi_callback, &data, 2); + CHECK(secp256k1_gej_eq_ge_var(&tmp, &group[(i * x + j * y + k) % EXHAUSTIVE_TEST_ORDER])); } } } } } - rustsecp256k1_v0_11_scratch_destroy(&ctx->error_callback, scratch); + secp256k1_scratch_destroy(&ctx->error_callback, scratch); } -static void r_from_k(rustsecp256k1_v0_11_scalar *r, const rustsecp256k1_v0_11_ge *group, int k, int* overflow) { - rustsecp256k1_v0_11_fe x; +static void r_from_k(secp256k1_scalar *r, const secp256k1_ge *group, int k, int* overflow) { + secp256k1_fe x; unsigned char x_bin[32]; k %= EXHAUSTIVE_TEST_ORDER; x = group[k].x; - rustsecp256k1_v0_11_fe_normalize(&x); - rustsecp256k1_v0_11_fe_get_b32(x_bin, &x); - rustsecp256k1_v0_11_scalar_set_b32(r, x_bin, overflow); + secp256k1_fe_normalize(&x); + secp256k1_fe_get_b32(x_bin, &x); + secp256k1_scalar_set_b32(r, x_bin, overflow); } -static void test_exhaustive_verify(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_ge *group) { +static void test_exhaustive_verify(const secp256k1_context *ctx, const secp256k1_ge *group) { int s, r, msg, key; uint64_t iter = 0; for (s = 1; s < EXHAUSTIVE_TEST_ORDER; s++) { for (r = 1; r < EXHAUSTIVE_TEST_ORDER; r++) { for (msg = 1; msg < EXHAUSTIVE_TEST_ORDER; msg++) { for (key = 1; key < EXHAUSTIVE_TEST_ORDER; key++) { - rustsecp256k1_v0_11_ge nonconst_ge; - rustsecp256k1_v0_11_ecdsa_signature sig; - rustsecp256k1_v0_11_pubkey pk; - rustsecp256k1_v0_11_scalar sk_s, msg_s, r_s, s_s; - rustsecp256k1_v0_11_scalar s_times_k_s, msg_plus_r_times_sk_s; + secp256k1_ge nonconst_ge; + secp256k1_ecdsa_signature sig; + secp256k1_pubkey pk; + secp256k1_scalar sk_s, msg_s, r_s, s_s; + secp256k1_scalar s_times_k_s, msg_plus_r_times_sk_s; int k, should_verify; unsigned char msg32[32]; if (skip_section(&iter)) continue; - rustsecp256k1_v0_11_scalar_set_int(&s_s, s); - rustsecp256k1_v0_11_scalar_set_int(&r_s, r); - rustsecp256k1_v0_11_scalar_set_int(&msg_s, msg); - rustsecp256k1_v0_11_scalar_set_int(&sk_s, key); + secp256k1_scalar_set_int(&s_s, s); + secp256k1_scalar_set_int(&r_s, r); + secp256k1_scalar_set_int(&msg_s, msg); + secp256k1_scalar_set_int(&sk_s, key); /* Verify by hand */ /* Run through every k value that gives us this r and check that *one* works. * Note there could be none, there could be multiple, ECDSA is weird. */ should_verify = 0; for (k = 0; k < EXHAUSTIVE_TEST_ORDER; k++) { - rustsecp256k1_v0_11_scalar check_x_s; + secp256k1_scalar check_x_s; r_from_k(&check_x_s, group, k, NULL); if (r_s == check_x_s) { - rustsecp256k1_v0_11_scalar_set_int(&s_times_k_s, k); - rustsecp256k1_v0_11_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); - rustsecp256k1_v0_11_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); - rustsecp256k1_v0_11_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); - should_verify |= rustsecp256k1_v0_11_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); + secp256k1_scalar_set_int(&s_times_k_s, k); + secp256k1_scalar_mul(&s_times_k_s, &s_times_k_s, &s_s); + secp256k1_scalar_mul(&msg_plus_r_times_sk_s, &r_s, &sk_s); + secp256k1_scalar_add(&msg_plus_r_times_sk_s, &msg_plus_r_times_sk_s, &msg_s); + should_verify |= secp256k1_scalar_eq(&s_times_k_s, &msg_plus_r_times_sk_s); } } /* nb we have a "high s" rule */ - should_verify &= !rustsecp256k1_v0_11_scalar_is_high(&s_s); + should_verify &= !secp256k1_scalar_is_high(&s_s); /* Verify by calling verify */ - rustsecp256k1_v0_11_ecdsa_signature_save(&sig, &r_s, &s_s); + secp256k1_ecdsa_signature_save(&sig, &r_s, &s_s); memcpy(&nonconst_ge, &group[sk_s], sizeof(nonconst_ge)); - rustsecp256k1_v0_11_pubkey_save(&pk, &nonconst_ge); - rustsecp256k1_v0_11_scalar_get_b32(msg32, &msg_s); + secp256k1_pubkey_save(&pk, &nonconst_ge); + secp256k1_scalar_get_b32(msg32, &msg_s); CHECK(should_verify == - rustsecp256k1_v0_11_ecdsa_verify(ctx, &sig, msg32, &pk)); + secp256k1_ecdsa_verify(ctx, &sig, msg32, &pk)); } } } } } -static void test_exhaustive_sign(const rustsecp256k1_v0_11_context *ctx, const rustsecp256k1_v0_11_ge *group) { +static void test_exhaustive_sign(const secp256k1_context *ctx, const secp256k1_ge *group) { int i, j, k; uint64_t iter = 0; @@ -297,18 +297,18 @@ static void test_exhaustive_sign(const rustsecp256k1_v0_11_context *ctx, const r for (k = 1; k < EXHAUSTIVE_TEST_ORDER; k++) { /* nonce */ const int starting_k = k; int ret; - rustsecp256k1_v0_11_ecdsa_signature sig; - rustsecp256k1_v0_11_scalar sk, msg, r, s, expected_r; + secp256k1_ecdsa_signature sig; + secp256k1_scalar sk, msg, r, s, expected_r; unsigned char sk32[32], msg32[32]; - rustsecp256k1_v0_11_scalar_set_int(&msg, i); - rustsecp256k1_v0_11_scalar_set_int(&sk, j); - rustsecp256k1_v0_11_scalar_get_b32(sk32, &sk); - rustsecp256k1_v0_11_scalar_get_b32(msg32, &msg); + secp256k1_scalar_set_int(&msg, i); + secp256k1_scalar_set_int(&sk, j); + secp256k1_scalar_get_b32(sk32, &sk); + secp256k1_scalar_get_b32(msg32, &msg); - ret = rustsecp256k1_v0_11_ecdsa_sign(ctx, &sig, msg32, sk32, rustsecp256k1_v0_11_nonce_function_smallint, &k); + ret = secp256k1_ecdsa_sign(ctx, &sig, msg32, sk32, secp256k1_nonce_function_smallint, &k); CHECK(ret == 1); - rustsecp256k1_v0_11_ecdsa_signature_load(ctx, &r, &s, &sig); + secp256k1_ecdsa_signature_load(ctx, &r, &s, &sig); /* Note that we compute expected_r *after* signing -- this is important * because our nonce-computing function function might change k during * signing. */ @@ -353,10 +353,10 @@ static void test_exhaustive_sign(const rustsecp256k1_v0_11_context *ctx, const r int main(int argc, char** argv) { int i; - rustsecp256k1_v0_11_gej groupj[EXHAUSTIVE_TEST_ORDER]; - rustsecp256k1_v0_11_ge group[EXHAUSTIVE_TEST_ORDER]; + secp256k1_gej groupj[EXHAUSTIVE_TEST_ORDER]; + secp256k1_ge group[EXHAUSTIVE_TEST_ORDER]; unsigned char rand32[32]; - rustsecp256k1_v0_11_context *ctx; + secp256k1_context *ctx; /* Disable buffering for stdout to improve reliability of getting * diagnostic information. Happens right at the start of main because @@ -383,49 +383,49 @@ int main(int argc, char** argv) { this_core = strtol(argv[4], NULL, 0); if (num_cores < 1 || this_core >= num_cores) { fprintf(stderr, "Usage: %s [count] [seed] [numcores] [thiscore]\n", argv[0]); - return 1; + return EXIT_FAILURE; } printf("running tests for core %lu (out of [0..%lu])\n", (unsigned long)this_core, (unsigned long)num_cores - 1); } /* Recreate the ecmult{,_gen} tables using the right generator (as selected via EXHAUSTIVE_TEST_ORDER) */ - rustsecp256k1_v0_11_ecmult_gen_compute_table(&rustsecp256k1_v0_11_ecmult_gen_prec_table[0][0], &rustsecp256k1_v0_11_ge_const_g, COMB_BLOCKS, COMB_TEETH, COMB_SPACING); - rustsecp256k1_v0_11_ecmult_compute_two_tables(rustsecp256k1_v0_11_pre_g, rustsecp256k1_v0_11_pre_g_128, WINDOW_G, &rustsecp256k1_v0_11_ge_const_g); + secp256k1_ecmult_gen_compute_table(&secp256k1_ecmult_gen_prec_table[0][0], &secp256k1_ge_const_g, COMB_BLOCKS, COMB_TEETH, COMB_SPACING); + secp256k1_ecmult_compute_two_tables(secp256k1_pre_g, secp256k1_pre_g_128, WINDOW_G, &secp256k1_ge_const_g); while (count--) { /* Build context */ - ctx = rustsecp256k1_v0_11_context_create(SECP256K1_CONTEXT_NONE); + ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE); testrand256(rand32); - CHECK(rustsecp256k1_v0_11_context_randomize(ctx, rand32)); + CHECK(secp256k1_context_randomize(ctx, rand32)); /* Generate the entire group */ - rustsecp256k1_v0_11_gej_set_infinity(&groupj[0]); - rustsecp256k1_v0_11_ge_set_gej(&group[0], &groupj[0]); + secp256k1_gej_set_infinity(&groupj[0]); + secp256k1_ge_set_gej(&group[0], &groupj[0]); for (i = 1; i < EXHAUSTIVE_TEST_ORDER; i++) { - rustsecp256k1_v0_11_gej_add_ge(&groupj[i], &groupj[i - 1], &rustsecp256k1_v0_11_ge_const_g); - rustsecp256k1_v0_11_ge_set_gej(&group[i], &groupj[i]); + secp256k1_gej_add_ge(&groupj[i], &groupj[i - 1], &secp256k1_ge_const_g); + secp256k1_ge_set_gej(&group[i], &groupj[i]); if (count != 0) { /* Set a different random z-value for each Jacobian point, except z=1 is used in the last iteration. */ - rustsecp256k1_v0_11_fe z; + secp256k1_fe z; testutil_random_fe(&z); - rustsecp256k1_v0_11_gej_rescale(&groupj[i], &z); + secp256k1_gej_rescale(&groupj[i], &z); } /* Verify against ecmult_gen */ { - rustsecp256k1_v0_11_scalar scalar_i; - rustsecp256k1_v0_11_gej generatedj; - rustsecp256k1_v0_11_ge generated; + secp256k1_scalar scalar_i; + secp256k1_gej generatedj; + secp256k1_ge generated; - rustsecp256k1_v0_11_scalar_set_int(&scalar_i, i); - rustsecp256k1_v0_11_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); - rustsecp256k1_v0_11_ge_set_gej(&generated, &generatedj); + secp256k1_scalar_set_int(&scalar_i, i); + secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &generatedj, &scalar_i); + secp256k1_ge_set_gej(&generated, &generatedj); CHECK(group[i].infinity == 0); CHECK(generated.infinity == 0); - CHECK(rustsecp256k1_v0_11_fe_equal(&generated.x, &group[i].x)); - CHECK(rustsecp256k1_v0_11_fe_equal(&generated.y, &group[i].y)); + CHECK(secp256k1_fe_equal(&generated.x, &group[i].x)); + CHECK(secp256k1_fe_equal(&generated.y, &group[i].y)); } } @@ -456,11 +456,11 @@ int main(int argc, char** argv) { #endif #endif - rustsecp256k1_v0_11_context_destroy(ctx); + secp256k1_context_destroy(ctx); } testrand_finish(); printf("no problems found\n"); - return 0; + return EXIT_SUCCESS; } diff --git a/secp256k1-sys/depend/secp256k1/src/testutil.h b/secp256k1-sys/depend/secp256k1/src/testutil.h index bd4ac6043..480f6a1a0 100644 --- a/secp256k1-sys/depend/secp256k1/src/testutil.h +++ b/secp256k1-sys/depend/secp256k1/src/testutil.h @@ -11,128 +11,136 @@ #include "testrand.h" #include "util.h" -static void testutil_random_fe(rustsecp256k1_v0_11_fe *x) { +/* group order of the secp256k1 curve in 32-byte big endian representation */ +static const unsigned char secp256k1_group_order_bytes[32] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, + 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, 0x3b, + 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, 0x41 +}; + +static void testutil_random_fe(secp256k1_fe *x) { unsigned char bin[32]; do { testrand256(bin); - if (rustsecp256k1_v0_11_fe_set_b32_limit(x, bin)) { + if (secp256k1_fe_set_b32_limit(x, bin)) { return; } } while(1); } -static void testutil_random_fe_non_zero(rustsecp256k1_v0_11_fe *nz) { +static void testutil_random_fe_non_zero(secp256k1_fe *nz) { do { testutil_random_fe(nz); - } while (rustsecp256k1_v0_11_fe_is_zero(nz)); + } while (secp256k1_fe_is_zero(nz)); } -static void testutil_random_fe_magnitude(rustsecp256k1_v0_11_fe *fe, int m) { - rustsecp256k1_v0_11_fe zero; +static void testutil_random_fe_magnitude(secp256k1_fe *fe, int m) { + secp256k1_fe zero; int n = testrand_int(m + 1); - rustsecp256k1_v0_11_fe_normalize(fe); + secp256k1_fe_normalize(fe); if (n == 0) { return; } - rustsecp256k1_v0_11_fe_set_int(&zero, 0); - rustsecp256k1_v0_11_fe_negate(&zero, &zero, 0); - rustsecp256k1_v0_11_fe_mul_int_unchecked(&zero, n - 1); - rustsecp256k1_v0_11_fe_add(fe, &zero); + secp256k1_fe_set_int(&zero, 0); + secp256k1_fe_negate(&zero, &zero, 0); + secp256k1_fe_mul_int_unchecked(&zero, n - 1); + secp256k1_fe_add(fe, &zero); #ifdef VERIFY CHECK(fe->magnitude == n); #endif } -static void testutil_random_fe_test(rustsecp256k1_v0_11_fe *x) { +static void testutil_random_fe_test(secp256k1_fe *x) { unsigned char bin[32]; do { testrand256_test(bin); - if (rustsecp256k1_v0_11_fe_set_b32_limit(x, bin)) { + if (secp256k1_fe_set_b32_limit(x, bin)) { return; } } while(1); } -static void testutil_random_fe_non_zero_test(rustsecp256k1_v0_11_fe *fe) { +static void testutil_random_fe_non_zero_test(secp256k1_fe *fe) { do { testutil_random_fe_test(fe); - } while(rustsecp256k1_v0_11_fe_is_zero(fe)); + } while(secp256k1_fe_is_zero(fe)); } -static void testutil_random_ge_x_magnitude(rustsecp256k1_v0_11_ge *ge) { +static void testutil_random_ge_x_magnitude(secp256k1_ge *ge) { testutil_random_fe_magnitude(&ge->x, SECP256K1_GE_X_MAGNITUDE_MAX); } -static void testutil_random_ge_y_magnitude(rustsecp256k1_v0_11_ge *ge) { +static void testutil_random_ge_y_magnitude(secp256k1_ge *ge) { testutil_random_fe_magnitude(&ge->y, SECP256K1_GE_Y_MAGNITUDE_MAX); } -static void testutil_random_gej_x_magnitude(rustsecp256k1_v0_11_gej *gej) { +static void testutil_random_gej_x_magnitude(secp256k1_gej *gej) { testutil_random_fe_magnitude(&gej->x, SECP256K1_GEJ_X_MAGNITUDE_MAX); } -static void testutil_random_gej_y_magnitude(rustsecp256k1_v0_11_gej *gej) { +static void testutil_random_gej_y_magnitude(secp256k1_gej *gej) { testutil_random_fe_magnitude(&gej->y, SECP256K1_GEJ_Y_MAGNITUDE_MAX); } -static void testutil_random_gej_z_magnitude(rustsecp256k1_v0_11_gej *gej) { +static void testutil_random_gej_z_magnitude(secp256k1_gej *gej) { testutil_random_fe_magnitude(&gej->z, SECP256K1_GEJ_Z_MAGNITUDE_MAX); } -static void testutil_random_ge_test(rustsecp256k1_v0_11_ge *ge) { - rustsecp256k1_v0_11_fe fe; +static void testutil_random_ge_test(secp256k1_ge *ge) { + secp256k1_fe fe; do { testutil_random_fe_test(&fe); - if (rustsecp256k1_v0_11_ge_set_xo_var(ge, &fe, testrand_bits(1))) { - rustsecp256k1_v0_11_fe_normalize(&ge->y); + if (secp256k1_ge_set_xo_var(ge, &fe, testrand_bits(1))) { + secp256k1_fe_normalize(&ge->y); break; } } while(1); ge->infinity = 0; } -static void testutil_random_ge_jacobian_test(rustsecp256k1_v0_11_gej *gej, const rustsecp256k1_v0_11_ge *ge) { - rustsecp256k1_v0_11_fe z2, z3; +static void testutil_random_ge_jacobian_test(secp256k1_gej *gej, const secp256k1_ge *ge) { + secp256k1_fe z2, z3; testutil_random_fe_non_zero_test(&gej->z); - rustsecp256k1_v0_11_fe_sqr(&z2, &gej->z); - rustsecp256k1_v0_11_fe_mul(&z3, &z2, &gej->z); - rustsecp256k1_v0_11_fe_mul(&gej->x, &ge->x, &z2); - rustsecp256k1_v0_11_fe_mul(&gej->y, &ge->y, &z3); + secp256k1_fe_sqr(&z2, &gej->z); + secp256k1_fe_mul(&z3, &z2, &gej->z); + secp256k1_fe_mul(&gej->x, &ge->x, &z2); + secp256k1_fe_mul(&gej->y, &ge->y, &z3); gej->infinity = ge->infinity; } -static void testutil_random_gej_test(rustsecp256k1_v0_11_gej *gej) { - rustsecp256k1_v0_11_ge ge; +static void testutil_random_gej_test(secp256k1_gej *gej) { + secp256k1_ge ge; testutil_random_ge_test(&ge); testutil_random_ge_jacobian_test(gej, &ge); } -static void testutil_random_pubkey_test(rustsecp256k1_v0_11_pubkey *pk) { - rustsecp256k1_v0_11_ge ge; +static void testutil_random_pubkey_test(secp256k1_pubkey *pk) { + secp256k1_ge ge; testutil_random_ge_test(&ge); - rustsecp256k1_v0_11_pubkey_save(pk, &ge); + secp256k1_pubkey_save(pk, &ge); } -static void testutil_random_scalar_order_test(rustsecp256k1_v0_11_scalar *num) { +static void testutil_random_scalar_order_test(secp256k1_scalar *num) { do { unsigned char b32[32]; int overflow = 0; testrand256_test(b32); - rustsecp256k1_v0_11_scalar_set_b32(num, b32, &overflow); - if (overflow || rustsecp256k1_v0_11_scalar_is_zero(num)) { + secp256k1_scalar_set_b32(num, b32, &overflow); + if (overflow || secp256k1_scalar_is_zero(num)) { continue; } break; } while(1); } -static void testutil_random_scalar_order(rustsecp256k1_v0_11_scalar *num) { +static void testutil_random_scalar_order(secp256k1_scalar *num) { do { unsigned char b32[32]; int overflow = 0; testrand256(b32); - rustsecp256k1_v0_11_scalar_set_b32(num, b32, &overflow); - if (overflow || rustsecp256k1_v0_11_scalar_is_zero(num)) { + secp256k1_scalar_set_b32(num, b32, &overflow); + if (overflow || secp256k1_scalar_is_zero(num)) { continue; } break; @@ -140,9 +148,9 @@ static void testutil_random_scalar_order(rustsecp256k1_v0_11_scalar *num) { } static void testutil_random_scalar_order_b32(unsigned char *b32) { - rustsecp256k1_v0_11_scalar num; + secp256k1_scalar num; testutil_random_scalar_order(&num); - rustsecp256k1_v0_11_scalar_get_b32(b32, &num); + secp256k1_scalar_get_b32(b32, &num); } #endif /* SECP256K1_TESTUTIL_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/util.h b/secp256k1-sys/depend/secp256k1/src/util.h index 702ffe1a1..94e0837da 100644 --- a/secp256k1-sys/depend/secp256k1/src/util.h +++ b/secp256k1-sys/depend/secp256k1/src/util.h @@ -13,6 +13,7 @@ #include #include #include +#include #include #if defined(_MSC_VER) /* For SecureZeroMemory */ @@ -24,6 +25,26 @@ #define DEBUG_CONFIG_MSG(x) "DEBUG_CONFIG: " x #define DEBUG_CONFIG_DEF(x) DEBUG_CONFIG_MSG(#x "=" STR(x)) +/* Debug helper for printing arrays of unsigned char. */ +#define PRINT_BUF(buf, len) do { \ + printf("%s[%lu] = ", #buf, (unsigned long)len); \ + print_buf_plain(buf, len); \ +} while(0) + +static void print_buf_plain(const unsigned char *buf, size_t len) { + size_t i; + printf("{"); + for (i = 0; i < len; i++) { + if (i % 8 == 0) { + printf("\n "); + } else { + printf(" "); + } + printf("0x%02X,", buf[i]); + } + printf("\n}\n"); +} + # if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) ) # if SECP256K1_GNUC_PREREQ(2,7) # define SECP256K1_INLINE __inline__ @@ -66,35 +87,35 @@ typedef struct { void (*fn)(const char *text, void* data); const void* data; -} rustsecp256k1_v0_11_callback; +} secp256k1_callback; -static SECP256K1_INLINE void rustsecp256k1_v0_11_callback_call(const rustsecp256k1_v0_11_callback * const cb, const char * const text) { +static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback * const cb, const char * const text) { cb->fn(text, (void*)cb->data); } #ifndef USE_EXTERNAL_DEFAULT_CALLBACKS -static void rustsecp256k1_v0_11_default_illegal_callback_fn(const char* str, void* data) { +static void secp256k1_default_illegal_callback_fn(const char* str, void* data) { (void)data; fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str); abort(); } -static void rustsecp256k1_v0_11_default_error_callback_fn(const char* str, void* data) { +static void secp256k1_default_error_callback_fn(const char* str, void* data) { (void)data; fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str); abort(); } #else -void rustsecp256k1_v0_11_default_illegal_callback_fn(const char* str, void* data); -void rustsecp256k1_v0_11_default_error_callback_fn(const char* str, void* data); +void secp256k1_default_illegal_callback_fn(const char* str, void* data); +void secp256k1_default_error_callback_fn(const char* str, void* data); #endif -static const rustsecp256k1_v0_11_callback default_illegal_callback = { - rustsecp256k1_v0_11_default_illegal_callback_fn, +static const secp256k1_callback default_illegal_callback = { + secp256k1_default_illegal_callback_fn, NULL }; -static const rustsecp256k1_v0_11_callback default_error_callback = { - rustsecp256k1_v0_11_default_error_callback_fn, +static const secp256k1_callback default_error_callback = { + secp256k1_default_error_callback_fn, NULL }; @@ -138,10 +159,12 @@ static const rustsecp256k1_v0_11_callback default_error_callback = { #define VERIFY_CHECK(cond) #endif -static SECP256K1_INLINE void *checked_malloc(const rustsecp256k1_v0_11_callback* cb, size_t size) { - (void) cb; - (void) size; - return NULL; +static SECP256K1_INLINE void *checked_malloc(const secp256k1_callback* cb, size_t size) { + void *ret = malloc(size); + if (ret == NULL) { + secp256k1_callback_call(cb, "Out of memory"); + } + return ret; } #if defined(__BIGGEST_ALIGNMENT__) @@ -182,7 +205,7 @@ static SECP256K1_INLINE void *checked_malloc(const rustsecp256k1_v0_11_callback* #endif /* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_memczero(void *s, size_t len, int flag) { +static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag) { unsigned char *p = (unsigned char *)s; /* Access flag with a volatile-qualified lvalue. This prevents clang from figuring out (after inlining) that flag can @@ -196,8 +219,8 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_memczero(void *s, size_t len, i } } -/* Cleanses memory to prevent leaking sensitive info. Won't be optimized out. */ -static SECP256K1_INLINE void rustsecp256k1_v0_11_memclear(void *ptr, size_t len) { +/* Zeroes memory to prevent leaking sensitive info. Won't be optimized out. */ +static SECP256K1_INLINE void secp256k1_memzero_explicit(void *ptr, size_t len) { #if defined(_MSC_VER) /* SecureZeroMemory is guaranteed not to be optimized out by MSVC. */ SecureZeroMemory(ptr, len); @@ -209,7 +232,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_memclear(void *ptr, size_t len) * As best as we can tell, this is sufficient to break any optimisations that * might try to eliminate "superfluous" memsets. * This method is used in memzero_explicit() the Linux kernel, too. Its advantage is that it - * is pretty efficient, because the compiler can still implement the memset() efficently, + * is pretty efficient, because the compiler can still implement the memset() efficiently, * just not remove it entirely. See "Dead Store Elimination (Still) Considered Harmful" by * Yang et al. (USENIX Security 2017) for more background. */ @@ -219,6 +242,19 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_memclear(void *ptr, size_t len) void *(*volatile const volatile_memset)(void *, int, size_t) = memset; volatile_memset(ptr, 0, len); #endif +} + +/* Cleanses memory to prevent leaking sensitive info. Won't be optimized out. + * The state of the memory after this call is unspecified so callers must not + * make any assumptions about its contents. + * + * In VERIFY builds, it has the side effect of marking the memory as undefined. + * This helps to detect use-after-clear bugs where code incorrectly reads from + * cleansed memory during testing. + */ +static SECP256K1_INLINE void secp256k1_memclear_explicit(void *ptr, size_t len) { + /* The current implementation zeroes, but callers must not rely on this */ + secp256k1_memzero_explicit(ptr, len); #ifdef VERIFY SECP256K1_CHECKMEM_UNDEFINE(ptr, len); #endif @@ -229,7 +265,7 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_memclear(void *ptr, size_t len) * We use this to avoid possible compiler bugs with memcmp, e.g. * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95189 */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_memcmp_var(const void *s1, const void *s2, size_t n) { +static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n) { const unsigned char *p1 = s1, *p2 = s2; size_t i; @@ -244,7 +280,7 @@ static SECP256K1_INLINE int rustsecp256k1_v0_11_memcmp_var(const void *s1, const /* Return 1 if all elements of array s are 0 and otherwise return 0. * Constant-time. */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_is_zero_array(const unsigned char *s, size_t len) { +static SECP256K1_INLINE int secp256k1_is_zero_array(const unsigned char *s, size_t len) { unsigned char acc = 0; int ret; size_t i; @@ -254,12 +290,12 @@ static SECP256K1_INLINE int rustsecp256k1_v0_11_is_zero_array(const unsigned cha } ret = (acc == 0); /* acc may contain secret values. Try to explicitly clear it. */ - rustsecp256k1_v0_11_memclear(&acc, sizeof(acc)); + secp256k1_memclear_explicit(&acc, sizeof(acc)); return ret; } /** If flag is true, set *r equal to *a; otherwise leave it. Constant-time. Both *r and *a must be initialized and non-negative.*/ -static SECP256K1_INLINE void rustsecp256k1_v0_11_int_cmov(int *r, const int *a, int flag) { +static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag) { unsigned int mask0, mask1, r_masked, a_masked; /* Access flag with a volatile-qualified lvalue. This prevents clang from figuring out (after inlining) that flag can @@ -314,8 +350,8 @@ static SECP256K1_INLINE void rustsecp256k1_v0_11_int_cmov(int *r, const int *a, /* Determine the number of trailing zero bits in a (non-zero) 32-bit x. * This function is only intended to be used as fallback for - * rustsecp256k1_v0_11_ctz32_var, but permits it to be tested separately. */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_ctz32_var_debruijn(uint32_t x) { + * secp256k1_ctz32_var, but permits it to be tested separately. */ +static SECP256K1_INLINE int secp256k1_ctz32_var_debruijn(uint32_t x) { static const uint8_t debruijn[32] = { 0x00, 0x01, 0x02, 0x18, 0x03, 0x13, 0x06, 0x19, 0x16, 0x04, 0x14, 0x0A, 0x10, 0x07, 0x0C, 0x1A, 0x1F, 0x17, 0x12, 0x05, 0x15, 0x09, 0x0F, 0x0B, @@ -326,8 +362,8 @@ static SECP256K1_INLINE int rustsecp256k1_v0_11_ctz32_var_debruijn(uint32_t x) { /* Determine the number of trailing zero bits in a (non-zero) 64-bit x. * This function is only intended to be used as fallback for - * rustsecp256k1_v0_11_ctz64_var, but permits it to be tested separately. */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_ctz64_var_debruijn(uint64_t x) { + * secp256k1_ctz64_var, but permits it to be tested separately. */ +static SECP256K1_INLINE int secp256k1_ctz64_var_debruijn(uint64_t x) { static const uint8_t debruijn[64] = { 0, 1, 2, 53, 3, 7, 54, 27, 4, 38, 41, 8, 34, 55, 48, 28, 62, 5, 39, 46, 44, 42, 22, 9, 24, 35, 59, 56, 49, 18, 29, 11, @@ -338,7 +374,7 @@ static SECP256K1_INLINE int rustsecp256k1_v0_11_ctz64_var_debruijn(uint64_t x) { } /* Determine the number of trailing zero bits in a (non-zero) 32-bit x. */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_ctz32_var(uint32_t x) { +static SECP256K1_INLINE int secp256k1_ctz32_var(uint32_t x) { VERIFY_CHECK(x != 0); #if (__has_builtin(__builtin_ctz) || SECP256K1_GNUC_PREREQ(3,4)) /* If the unsigned type is sufficient to represent the largest uint32_t, consider __builtin_ctz. */ @@ -351,12 +387,12 @@ static SECP256K1_INLINE int rustsecp256k1_v0_11_ctz32_var(uint32_t x) { return __builtin_ctzl(x); #else /* If no suitable CTZ builtin is available, use a (variable time) software emulation. */ - return rustsecp256k1_v0_11_ctz32_var_debruijn(x); + return secp256k1_ctz32_var_debruijn(x); #endif } /* Determine the number of trailing zero bits in a (non-zero) 64-bit x. */ -static SECP256K1_INLINE int rustsecp256k1_v0_11_ctz64_var(uint64_t x) { +static SECP256K1_INLINE int secp256k1_ctz64_var(uint64_t x) { VERIFY_CHECK(x != 0); #if (__has_builtin(__builtin_ctzl) || SECP256K1_GNUC_PREREQ(3,4)) /* If the unsigned long type is sufficient to represent the largest uint64_t, consider __builtin_ctzl. */ @@ -369,12 +405,12 @@ static SECP256K1_INLINE int rustsecp256k1_v0_11_ctz64_var(uint64_t x) { return __builtin_ctzll(x); #else /* If no suitable CTZ builtin is available, use a (variable time) software emulation. */ - return rustsecp256k1_v0_11_ctz64_var_debruijn(x); + return secp256k1_ctz64_var_debruijn(x); #endif } /* Read a uint32_t in big endian */ -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_read_be32(const unsigned char* p) { +SECP256K1_INLINE static uint32_t secp256k1_read_be32(const unsigned char* p) { return (uint32_t)p[0] << 24 | (uint32_t)p[1] << 16 | (uint32_t)p[2] << 8 | @@ -382,7 +418,7 @@ SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_read_be32(const unsigned ch } /* Write a uint32_t in big endian */ -SECP256K1_INLINE static void rustsecp256k1_v0_11_write_be32(unsigned char* p, uint32_t x) { +SECP256K1_INLINE static void secp256k1_write_be32(unsigned char* p, uint32_t x) { p[3] = x; p[2] = x >> 8; p[1] = x >> 16; @@ -390,7 +426,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_write_be32(unsigned char* p, ui } /* Read a uint64_t in big endian */ -SECP256K1_INLINE static uint64_t rustsecp256k1_v0_11_read_be64(const unsigned char* p) { +SECP256K1_INLINE static uint64_t secp256k1_read_be64(const unsigned char* p) { return (uint64_t)p[0] << 56 | (uint64_t)p[1] << 48 | (uint64_t)p[2] << 40 | @@ -402,7 +438,7 @@ SECP256K1_INLINE static uint64_t rustsecp256k1_v0_11_read_be64(const unsigned ch } /* Write a uint64_t in big endian */ -SECP256K1_INLINE static void rustsecp256k1_v0_11_write_be64(unsigned char* p, uint64_t x) { +SECP256K1_INLINE static void secp256k1_write_be64(unsigned char* p, uint64_t x) { p[7] = x; p[6] = x >> 8; p[5] = x >> 16; @@ -414,7 +450,7 @@ SECP256K1_INLINE static void rustsecp256k1_v0_11_write_be64(unsigned char* p, ui } /* Rotate a uint32_t to the right. */ -SECP256K1_INLINE static uint32_t rustsecp256k1_v0_11_rotr32(const uint32_t x, const unsigned int by) { +SECP256K1_INLINE static uint32_t secp256k1_rotr32(const uint32_t x, const unsigned int by) { #if defined(_MSC_VER) return _rotr(x, by); /* needs */ #else diff --git a/secp256k1-sys/depend/secp256k1/src/util_local_visibility.h b/secp256k1-sys/depend/secp256k1/src/util_local_visibility.h new file mode 100644 index 000000000..8912a64d1 --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/src/util_local_visibility.h @@ -0,0 +1,12 @@ +#ifndef SECP256K1_LOCAL_VISIBILITY_H +#define SECP256K1_LOCAL_VISIBILITY_H + +/* Global variable visibility */ +/* See: https://github.com/bitcoin-core/secp256k1/issues/1181 */ +#if !defined(_WIN32) && defined(__GNUC__) && (__GNUC__ >= 4) +# define SECP256K1_LOCAL_VAR extern __attribute__ ((visibility ("hidden"))) +#else +# define SECP256K1_LOCAL_VAR extern +#endif + +#endif /* SECP256K1_LOCAL_VISIBILITY_H */ diff --git a/secp256k1-sys/depend/secp256k1/src/wycheproof/WYCHEPROOF_COPYING b/secp256k1-sys/depend/secp256k1/src/wycheproof/WYCHEPROOF_COPYING index 87835e2d1..c9a4ef81f 100644 --- a/secp256k1-sys/depend/secp256k1/src/wycheproof/WYCHEPROOF_COPYING +++ b/secp256k1-sys/depend/secp256k1/src/wycheproof/WYCHEPROOF_COPYING @@ -1,11 +1,20 @@ -* The file `ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.json` in this directory - comes from Google's project Wycheproof with git commit - `b063b4aedae951c69df014cd25fa6d69ae9e8cb9`, see - https://github.com/google/wycheproof/blob/b063b4aedae951c69df014cd25fa6d69ae9e8cb9/testvectors_v1/ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.json - -* The file `ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.h` is generated from - `ecdsa_rustsecp256k1_v0_11_sha256_bitcoin_test.json` using the script - `tests_wycheproof_generate.py`. +* The file `ecdsa_secp256k1_sha256_bitcoin_test.json` in this directory + comes from project Wycheproof with git commit + `7ae4532f417575ced2b1cbbabed81a7fecfaef5d`, see + https://github.com/C2SP/wycheproof/blob/7ae4532f417575ced2b1cbbabed81a7fecfaef5d/testvectors_v1/ecdsa_secp256k1_sha256_bitcoin_test.json + +* The file `ecdh_secp256k1_test.json` in this directory + comes from project Wycheproof with git commit + `df4e933efef449fc88af0c06e028d425d84a9495`, see + https://github.com/C2SP/wycheproof/blob/df4e933efef449fc88af0c06e028d425d84a9495/testvectors_v1/ecdh_secp256k1_test.json + +* The file `ecdsa_secp256k1_sha256_bitcoin_test.h` is generated from + `ecdsa_secp256k1_sha256_bitcoin_test.json` using the script + `tests_wycheproof_generate_ecdsa.py`. + +* The file `ecdh_secp256k1_test.h` is generated from + `ecdh_secp256k1_test.json` using the script + `tests_wycheproof_generate_ecdh.py`. ------------------------------------------------------------------------------- diff --git a/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdh_secp256k1_test.h b/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdh_secp256k1_test.h new file mode 100644 index 000000000..02a087e53 --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdh_secp256k1_test.h @@ -0,0 +1,2008 @@ +/* Note: this file was autogenerated using tests_wycheproof_ecdh.py. Do not edit. */ +#define SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS (503) + +typedef struct { + size_t pk_offset; + size_t pk_len; + size_t sk_offset; + size_t sk_len; + size_t shared_offset; + size_t shared_len; + int expected_result; + int wycheproof_tcid; +} wycheproof_ecdh_testvector; + +static const unsigned char wycheproof_ecdh_private_keys[] = { 0xf4,0xb7,0xff,0x7c,0xcc,0xc9,0x88,0x13,0xa6,0x9f,0xae,0x3d,0xf2,0x22,0xbf,0xe3,0xf4,0xe2,0x8f,0x76,0x4b,0xf9,0x1b,0x4a,0x10,0xd8,0x09,0x6c,0xe4,0x46,0xb2,0x54, + 0xa2,0xb6,0x44,0x2a,0x37,0xf8,0xa3,0x76,0x4a,0xef,0xf4,0x01,0x1a,0x4c,0x42,0x2b,0x38,0x9a,0x1e,0x50,0x96,0x69,0xc4,0x3f,0x27,0x9c,0x8b,0x7e,0x32,0xd8,0x0c,0x3a, + 0x2b,0xc1,0x5c,0xf3,0x98,0x1e,0xab,0x61,0xe5,0x94,0xeb,0xf5,0x91,0x29,0x0a,0x04,0x5c,0xa9,0x32,0x6a,0x8d,0x3d,0xd4,0x9f,0x3d,0xe1,0x19,0x0d,0x39,0x27,0x0b,0xb8, + 0x93,0x8f,0x3d,0xbe,0x37,0x13,0x5c,0xd8,0xc8,0xc4,0x8a,0x67,0x6b,0x28,0xb2,0x33,0x4b,0x72,0xa3,0xf0,0x98,0x14,0xc8,0xef,0xb6,0xa4,0x51,0xbe,0x00,0xc9,0x3d,0x23, + 0xc1,0x78,0x1d,0x86,0xca,0xc2,0xc0,0x52,0xb8,0x65,0xf2,0x28,0xe6,0x4b,0xd1,0xce,0x43,0x3c,0x78,0xca,0x7d,0xfc,0xa9,0xe8,0xb8,0x10,0x47,0x3e,0x2c,0xe1,0x7d,0xa5, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03, + 0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3a,0xbf,0xd2,0x5e,0x8c,0xd0,0x36,0x41,0x41, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xc2,0x5e,0x8c,0xd0,0x36,0x41,0x41, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xca,0x5e,0x8c,0xd0,0x36,0x41,0x41, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xd2,0x5e,0x8b,0xd0,0x36,0x41,0x41, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xd2,0x5e,0x8c,0xd0,0x36,0x40,0xc3, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xd2,0x5e,0x8c,0xd0,0x36,0x41,0x03, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xd2,0x5e,0x8c,0xd0,0x36,0x41,0x23, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xd2,0x5e,0x8c,0xd0,0x36,0x41,0x33, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xd2,0x5e,0x8c,0xd0,0x36,0x41,0x3b, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xd2,0x5e,0x8c,0xd0,0x36,0x41,0x3e, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xba,0xae,0xdc,0xe6,0xaf,0x48,0xa0,0x3b,0xbf,0xd2,0x5e,0x8c,0xd0,0x36,0x41,0x3f, + 0xc6,0xca,0xfb,0x74,0xe2,0xa5,0x0c,0x83,0xb3,0xd2,0x32,0xc4,0x58,0x52,0x37,0xf4,0x4d,0x4c,0x54,0x33,0xc4,0xb3,0xf5,0x0c,0xe9,0x78,0xe6,0xae,0xda,0x3a,0x4f,0x5d, + 0xcf,0xe7,0x5e,0xe7,0x64,0x19,0x7a,0xa7,0x73,0x2a,0x54,0x78,0x55,0x6b,0x47,0x88,0x98,0x42,0x3d,0x2b,0xc0,0xe4,0x84,0xa6,0xeb,0xb3,0x67,0x4a,0x60,0x36,0xa6,0x5d, + 0xd0,0x91,0x82,0xa4,0xd0,0xc9,0x4b,0xa8,0x5f,0x82,0xef,0xf9,0xfc,0x1b,0xdd,0xb0,0xb0,0x7d,0x3f,0x2a,0xf8,0x63,0x2f,0xc1,0xc7,0x3a,0x36,0x04,0xe8,0xf0,0xb3,0x35}; + +static const unsigned char wycheproof_ecdh_public_keys[] = { 0x04,0xd8,0x09,0x6a,0xf8,0xa1,0x1e,0x0b,0x80,0x03,0x7e,0x1e,0xe6,0x82,0x46,0xb5,0xdc,0xbb,0x0a,0xeb,0x1c,0xf1,0x24,0x4f,0xd7,0x67,0xdb,0x80,0xf3,0xfa,0x27,0xda,0x2b,0x39,0x68,0x12,0xea,0x16,0x86,0xe7,0x47,0x2e,0x96,0x92,0xea,0xf3,0xe9,0x58,0xe5,0x0e,0x95,0x00,0xd3,0xb4,0xc7,0x72,0x43,0xdb,0x1f,0x2a,0xcd,0x67,0xba,0x9c,0xc4, + 0x02,0xd8,0x09,0x6a,0xf8,0xa1,0x1e,0x0b,0x80,0x03,0x7e,0x1e,0xe6,0x82,0x46,0xb5,0xdc,0xbb,0x0a,0xeb,0x1c,0xf1,0x24,0x4f,0xd7,0x67,0xdb,0x80,0xf3,0xfa,0x27,0xda,0x2b, + 0x04,0x96,0x5f,0xf4,0x2d,0x65,0x4e,0x05,0x8e,0xe7,0x31,0x7c,0xce,0xd7,0xca,0xf0,0x93,0xfb,0xb1,0x80,0xd8,0xd3,0xa7,0x4b,0x0d,0xcd,0x9d,0x8c,0xd4,0x7a,0x39,0xd5,0xcb,0x9c,0x2a,0xa4,0xda,0xac,0x01,0xa4,0xbe,0x37,0xc2,0x04,0x67,0xed,0xe9,0x64,0x66,0x2f,0x12,0x98,0x3e,0x0b,0x52,0x72,0xa4,0x7a,0x5f,0x27,0x85,0x68,0x5d,0x80,0x87, + 0x04,0x06,0xc4,0xb8,0x7b,0xa7,0x6c,0x6d,0xcb,0x10,0x1f,0x54,0xa0,0x50,0xa0,0x86,0xaa,0x2c,0xb0,0x72,0x2f,0x03,0x13,0x7d,0xf5,0xa9,0x22,0x47,0x2f,0x1b,0xdc,0x11,0xb9,0x82,0xe3,0xc7,0x35,0xc4,0xb6,0xc4,0x81,0xd0,0x92,0x69,0x55,0x9f,0x08,0x0a,0xd0,0x86,0x32,0xf3,0x70,0xa0,0x54,0xaf,0x12,0xc1,0xfd,0x1e,0xce,0xd2,0xea,0x92,0x11, + 0x04,0xbb,0xa3,0x0e,0xef,0x79,0x67,0xa2,0xf2,0xf0,0x8a,0x2f,0xfa,0xda,0xc0,0xe4,0x1f,0xd4,0xdb,0x12,0xa9,0x3c,0xef,0x0b,0x04,0x5b,0x57,0x06,0xf2,0x85,0x38,0x21,0xe6,0xd5,0x0b,0x2b,0xf8,0xcb,0xf5,0x30,0xe6,0x19,0x86,0x9e,0x07,0xc0,0x21,0xef,0x16,0xf6,0x93,0xcf,0xc0,0xa4,0xb0,0xd4,0xed,0x5a,0x8f,0x46,0x46,0x92,0xbf,0x3d,0x6e, + 0x04,0x6d,0xa9,0xeb,0x2c,0xda,0xc0,0x21,0x22,0xd5,0xf0,0x5c,0xf6,0xa8,0xcd,0x76,0x8e,0x37,0x8f,0x66,0x4e,0xa4,0xa7,0x87,0x1d,0x10,0xe2,0x5f,0x57,0xeb,0x1e,0xe1,0xcc,0x5b,0x2b,0x5a,0xbf,0x9c,0x6c,0x65,0x96,0xf8,0xf3,0x83,0xdd,0xbc,0xb3,0xbc,0xc2,0xd5,0xa7,0xcc,0x60,0x59,0x84,0x93,0x12,0x39,0xca,0x96,0x69,0x94,0x60,0x32,0xee, + 0x04,0xf2,0x97,0x61,0x54,0xc4,0xf5,0x3c,0xe3,0x92,0xd1,0xfe,0x39,0xa8,0x91,0xa4,0x61,0x1b,0xa8,0xcf,0x04,0x60,0x23,0xcd,0x8f,0x1b,0xcd,0x9f,0xdd,0x2e,0x92,0x11,0x91,0xb2,0x5c,0xf3,0x1c,0xae,0xdf,0xbb,0x41,0x53,0x81,0x63,0x7b,0xc3,0xf5,0x99,0xa3,0x4f,0xba,0x3e,0x14,0x13,0xf6,0x44,0xcb,0x16,0x68,0x46,0x9f,0x45,0x58,0xa7,0x72, + 0x04,0x5e,0x42,0x2f,0xea,0x67,0xcc,0xa5,0xeb,0xae,0xac,0x87,0x74,0x5c,0x81,0xb1,0x0e,0xf8,0x07,0x03,0x03,0x67,0xe6,0xfc,0xe0,0x12,0x25,0x41,0x76,0xec,0x8c,0xf1,0x99,0x88,0x15,0x92,0xf4,0x2c,0x26,0x43,0x71,0xe1,0x9e,0x30,0x37,0x38,0x8a,0xb6,0x4f,0x32,0xfa,0x88,0x70,0xe6,0x29,0x05,0xe7,0xaf,0x20,0x5e,0x43,0xb0,0x2a,0xad,0x12, + 0x04,0xbb,0x57,0xb9,0xa1,0x23,0x1b,0xe0,0x42,0xd1,0x85,0xc0,0x3e,0xda,0x69,0x26,0xa6,0xde,0xf1,0x77,0xfe,0x67,0x45,0xed,0xa0,0x00,0xc5,0x20,0xd6,0x65,0x81,0xf0,0xcd,0xf1,0xd7,0x3c,0x80,0x45,0x3f,0x2f,0xe3,0x07,0x25,0xad,0xf9,0x51,0x39,0x0c,0x73,0x9e,0x36,0xfc,0x86,0x77,0x69,0x1d,0xb1,0x07,0x88,0x13,0x42,0x61,0x3d,0x00,0xab, + 0x04,0x55,0x63,0xc7,0x6c,0x19,0x37,0x76,0x38,0xf7,0xd5,0x17,0xbd,0xbe,0x0a,0xce,0x46,0x7e,0xb5,0xd4,0xdd,0x9f,0xb4,0xbf,0x18,0x33,0x2b,0xab,0x8f,0x07,0xb1,0xd8,0x0c,0x26,0x13,0x32,0xd4,0x6e,0x31,0x67,0x11,0x27,0x8b,0xac,0xcc,0xd8,0x80,0x05,0xee,0x4c,0x11,0x5f,0xa8,0x40,0x89,0xfd,0x19,0x06,0x74,0x62,0x6e,0x5e,0xd1,0xeb,0xfe, + 0x04,0x89,0x83,0xaa,0xe8,0xc0,0x02,0xf2,0xb5,0x55,0xac,0xb2,0x37,0x0a,0xdb,0x9b,0x50,0xba,0x4c,0xac,0x1b,0xfc,0xc9,0x03,0x9a,0x12,0x5c,0x70,0xca,0x7c,0x5f,0xc0,0xd1,0xf6,0xef,0xeb,0x8a,0xe4,0xba,0x8c,0x69,0x42,0x9d,0x93,0x24,0x43,0x82,0x44,0x7a,0xc5,0x34,0x89,0x1c,0x66,0x09,0x00,0x25,0x28,0x26,0x55,0x71,0x9b,0xd7,0x25,0x12, + 0x04,0x23,0x55,0x65,0x64,0x85,0x0c,0x50,0xfb,0xa5,0x1f,0x1e,0x64,0xef,0x98,0x37,0x8e,0xf5,0xc2,0x2f,0xea,0xfa,0x29,0x49,0x9c,0xa2,0x76,0x00,0xc4,0x73,0xca,0xce,0x88,0x9d,0x56,0x79,0xe9,0x17,0xda,0xa7,0xf4,0xc7,0x89,0x95,0x17,0xd3,0x78,0x26,0x28,0x4f,0x03,0x1d,0xe0,0x1a,0x60,0xbc,0x81,0x36,0x96,0x41,0x4d,0x04,0x53,0x1a,0x21, + 0x04,0xdd,0xbf,0x80,0x7e,0x22,0xc5,0x6a,0x19,0xcf,0x6c,0x47,0x28,0x29,0x15,0x03,0x50,0x78,0x10,0x34,0xa5,0xed,0xde,0xc3,0x65,0x69,0x4d,0x4b,0xd5,0xc8,0x65,0xea,0xd1,0x4e,0x67,0x41,0x27,0x02,0x8c,0x91,0xd3,0x39,0x4c,0xac,0x37,0x29,0x3a,0x86,0x60,0x55,0xd1,0x0f,0x0f,0x40,0xa3,0x70,0x6a,0xd1,0x6b,0x64,0xfc,0x9d,0x59,0x98,0xbd, + 0x04,0x64,0x68,0x8e,0xae,0x7a,0xab,0xd2,0x48,0xf6,0xf4,0x4a,0x0d,0x6e,0x2c,0x43,0x8e,0x41,0x00,0x00,0x18,0x13,0xeb,0x71,0xf9,0xf0,0x82,0xfa,0xd3,0xdf,0xe4,0x3e,0x28,0x7d,0xab,0x3d,0xab,0xe7,0xd4,0x36,0x00,0x1a,0x0f,0xb7,0x63,0x01,0x5d,0xed,0xbb,0x90,0xf8,0x11,0x00,0x0e,0xc8,0xf5,0xf2,0x99,0x53,0xe3,0xaf,0x42,0xf9,0x20,0x65, + 0x04,0xc4,0x04,0xe1,0x71,0x41,0xd1,0x02,0xbb,0xa2,0xf1,0xcb,0x16,0xbb,0x95,0x4a,0x20,0x87,0x98,0xb0,0x4d,0xca,0x8d,0xd1,0x39,0xa8,0xab,0x7f,0x01,0xf0,0xdb,0xef,0x39,0xc7,0xb8,0xe5,0x5f,0x22,0x57,0xa4,0x80,0x07,0x7e,0x41,0x90,0x57,0x0a,0x00,0x4c,0xbe,0x66,0x82,0x00,0xc9,0xc7,0x8e,0xaa,0x53,0xb6,0x1b,0x20,0xfc,0xe4,0xc6,0x85, + 0x04,0xe1,0x60,0xe8,0x7c,0x0a,0x56,0x2a,0x1d,0xbb,0x59,0xb4,0xc2,0xf6,0x14,0x72,0x0e,0x77,0x53,0x60,0x86,0x72,0xeb,0x8d,0x88,0x3b,0x91,0xe2,0x5f,0x8c,0xfc,0x58,0x47,0x46,0x23,0xcb,0xa5,0x84,0xe1,0x32,0x4b,0xc4,0x9b,0xcd,0xf0,0x89,0x11,0x66,0xb5,0x45,0xb7,0x70,0x4e,0x2b,0xbd,0xa7,0x05,0xd0,0xd7,0x3b,0x75,0x30,0xe4,0x79,0x52, + 0x04,0x5d,0x4d,0x18,0x2b,0x18,0x78,0x2a,0x02,0x68,0x5d,0xcc,0x7b,0x67,0x1e,0xc7,0x42,0xce,0x30,0x8c,0x7a,0xcc,0x8e,0x62,0x60,0xf6,0x7e,0x81,0x51,0x6e,0xb5,0x46,0xe8,0xa3,0x8f,0x07,0x56,0x07,0x4e,0xea,0x48,0x57,0x95,0x33,0x98,0xb6,0xd0,0x55,0x97,0xc7,0xce,0xb5,0xe6,0x5e,0x4e,0x8c,0xee,0x31,0xe8,0x1c,0x56,0x58,0x82,0x4c,0xe4, + 0x04,0x8e,0xcd,0x6a,0x25,0x76,0xf4,0x26,0x26,0x79,0x20,0x76,0x93,0x5e,0x2f,0xe9,0x61,0x59,0x9e,0x48,0x4c,0xd2,0x12,0xbc,0xe2,0x62,0x3b,0x83,0xaa,0x22,0xf5,0x46,0xd2,0xa7,0xf8,0x55,0xb0,0x9b,0xef,0x28,0x6b,0xcb,0xe9,0xe8,0xba,0xb1,0x7f,0xd5,0x6d,0x70,0x55,0xdf,0x64,0xf3,0x44,0x31,0x0c,0x35,0x22,0xe8,0xf2,0x27,0xe4,0x72,0xc8, + 0x04,0x68,0x26,0xf7,0x9e,0xf8,0x4d,0xa8,0x03,0x46,0x0a,0xed,0x09,0x19,0x8d,0x2b,0xbb,0x42,0xd7,0x89,0x2e,0xd6,0x08,0xaa,0xcb,0xb2,0x81,0xa9,0x5a,0xca,0xe1,0x14,0x65,0xa2,0x58,0x09,0x19,0x1a,0xa5,0xbd,0xfa,0x61,0xb8,0x96,0x3b,0xea,0xcb,0x4e,0xb1,0x33,0x26,0x6a,0x90,0xf3,0x3d,0x1b,0x2c,0xa4,0xf6,0x15,0x2d,0x37,0xa9,0x4f,0xd8, + 0x04,0xa5,0x4b,0xb2,0xae,0x80,0x08,0x60,0x53,0xa5,0xfa,0x4f,0xdb,0x18,0x36,0xa8,0xc6,0xac,0x41,0x78,0x36,0x50,0xb0,0xf7,0x9a,0x54,0x28,0xc9,0x8f,0xf6,0x4d,0x07,0x8a,0x12,0xbb,0xb4,0xcb,0x8a,0xf2,0x0c,0xa7,0x5e,0xc1,0x5b,0x2e,0x0d,0x47,0xa8,0x3c,0xa9,0x3f,0xc7,0x8c,0xd9,0x26,0x40,0xa0,0x2e,0x80,0x02,0x96,0x6f,0x1f,0xe8,0x0b, + 0x04,0xba,0xce,0x46,0xee,0xd4,0x92,0x74,0x3c,0x69,0x3e,0x1a,0x33,0xad,0xb0,0x46,0xb7,0x72,0x2c,0x55,0xce,0x36,0x9d,0x14,0x38,0xe6,0x7f,0x9c,0x5b,0x34,0x12,0x78,0x31,0x45,0x26,0x2d,0xd4,0xa8,0x6c,0x8a,0x52,0x7b,0x23,0xf4,0x11,0x4b,0x8a,0x9b,0x9f,0x36,0xf9,0x70,0x18,0x35,0xf5,0x0b,0x67,0x8b,0x24,0xd2,0xa9,0x15,0x5e,0xbc,0x2c, + 0x04,0x01,0x05,0x51,0x47,0x86,0x3a,0xa0,0x60,0xc0,0xe1,0x04,0xe2,0x43,0xec,0x01,0xed,0xa2,0xb0,0xe0,0xc6,0x81,0x4e,0x23,0x2d,0x67,0x1a,0xbc,0xba,0x97,0x15,0xd5,0xce,0x0c,0x13,0x00,0x6a,0xa7,0x96,0x0c,0x54,0xfe,0x3f,0x20,0x22,0x0b,0xef,0x76,0x67,0x56,0xc9,0x10,0xfd,0x05,0x76,0x4a,0xfc,0x31,0x83,0x75,0x54,0x0c,0xef,0x2d,0x5c, + 0x04,0x59,0x5e,0x46,0xee,0x7c,0x2d,0x71,0x83,0xff,0x2e,0xa7,0x60,0xff,0xd8,0x47,0x2f,0xb8,0x34,0xec,0x89,0xc0,0x8b,0x6e,0xf4,0x8f,0xf9,0x2b,0x44,0xa1,0x3a,0x6e,0x1a,0xe5,0x63,0xe2,0x39,0x53,0xc9,0x7c,0x26,0x44,0x13,0x23,0xd2,0x50,0x0c,0x84,0xe8,0xce,0xe0,0x4c,0x15,0xd4,0xd5,0xd2,0xcc,0x45,0x87,0x03,0xd1,0xf2,0xd0,0x2d,0x31, + 0x04,0x6a,0x40,0xad,0xc8,0x11,0xb0,0x9e,0x83,0xba,0x0f,0xb8,0xa9,0x4f,0xea,0x50,0x59,0x1c,0xa9,0xe5,0x8b,0xb7,0xd4,0x73,0x04,0x95,0x0d,0xbf,0xf7,0x8d,0xad,0x77,0x7e,0xe3,0xbd,0x08,0xf7,0x42,0xd7,0xe8,0xe3,0x0c,0xff,0x31,0xbc,0x6a,0x6c,0xc0,0x2c,0x87,0x17,0xee,0x25,0x83,0x8a,0xab,0xff,0xa6,0xe4,0x8f,0x65,0xcc,0xe7,0x4d,0x81, + 0x04,0x5a,0x33,0xfe,0x91,0xd7,0xe3,0x5d,0xb7,0x87,0x52,0x08,0xbe,0xe7,0x7f,0x4c,0xc0,0x00,0x6f,0x14,0x39,0xcc,0x84,0x5f,0x69,0x5b,0x6a,0x12,0x67,0x3d,0xcd,0x03,0xd1,0x8f,0x86,0xee,0x12,0x1c,0x5e,0xa0,0xda,0x3e,0xb0,0x21,0x05,0x09,0xe1,0x2d,0xb8,0x45,0x29,0x62,0x25,0xca,0x97,0x3e,0x2e,0x19,0xce,0x3e,0x3d,0x01,0x48,0x60,0x90, + 0x04,0xf6,0xeb,0xaa,0xb6,0x2c,0x35,0xfd,0x4b,0x8b,0xec,0x9d,0x95,0xbc,0xfc,0x43,0x3e,0x6b,0xde,0x7c,0x0f,0x0d,0x5e,0xf7,0x5d,0x6f,0xd3,0x26,0xaa,0xf2,0x8f,0x23,0xb0,0xb2,0xf4,0xd1,0xc2,0xe8,0x91,0x70,0x6b,0x7b,0xad,0xa5,0x9f,0xb0,0xf6,0xa3,0x2b,0x54,0x63,0x98,0x2a,0x9c,0x8c,0x2d,0x8e,0xa3,0x89,0x54,0x41,0x81,0x83,0xb6,0x34, + 0x04,0x52,0x43,0x92,0x41,0x6f,0x8c,0xfc,0x5f,0x84,0xdc,0x9b,0x72,0xf2,0x88,0x7c,0x68,0x4e,0x4b,0xd2,0x47,0x96,0xf0,0x06,0x50,0x78,0xe1,0x8d,0x16,0xbc,0x43,0xb5,0x6e,0xa0,0x21,0x78,0x31,0x17,0x99,0xeb,0x61,0xad,0x3b,0x3e,0x7d,0xcd,0xa1,0x04,0x04,0xdc,0x45,0x41,0xc1,0x3e,0x3d,0xe0,0xce,0xb4,0x0c,0x9a,0xa7,0xaf,0xab,0xc5,0x3b, + 0x04,0x99,0x96,0x5c,0x47,0x7a,0x24,0x0a,0xeb,0xbd,0x19,0xcd,0x09,0x4c,0x8b,0x62,0x85,0x2d,0xe8,0x66,0x3d,0x0c,0xc9,0xf0,0x6e,0xeb,0x39,0x5f,0xfc,0x92,0xd1,0x21,0xf6,0x48,0x11,0x88,0x2f,0x40,0x60,0x80,0xd7,0xd0,0x4e,0xa4,0xf3,0x39,0xbd,0xdd,0x2e,0x5e,0xf0,0x34,0x5b,0x58,0x34,0x14,0x2f,0x75,0xb5,0x62,0x15,0x4d,0x5e,0xc7,0xae, + 0x04,0xad,0x3d,0x17,0x98,0x77,0xe7,0x4e,0xe2,0x58,0xba,0x6f,0x8e,0x12,0x8b,0xc2,0xa0,0x04,0x5c,0x06,0xa3,0xd3,0xc3,0x0f,0xcc,0xe0,0x1c,0xa8,0xd9,0xe1,0xaf,0xee,0x4e,0xa3,0xfe,0x47,0x15,0x6f,0xb7,0x27,0xfc,0x1c,0x55,0xef,0x9d,0xb5,0x16,0xdf,0x66,0x5c,0xbb,0x07,0x34,0x05,0xc2,0xc3,0x01,0xa8,0xfe,0x1d,0x10,0xf3,0xb9,0xb3,0x00, + 0x04,0x4b,0xb1,0x9d,0xea,0xe6,0x38,0xfc,0x5f,0xa7,0x07,0x0c,0xc9,0x0e,0x96,0x9b,0xac,0x3f,0x83,0x84,0xa5,0x9e,0xa1,0x1c,0xb0,0x1b,0xc0,0x91,0xed,0xf1,0xa4,0xcb,0xd6,0x77,0xed,0x6b,0xdf,0x89,0x71,0xd3,0xe6,0x3c,0x90,0x3d,0x9a,0xca,0xbc,0x28,0xb7,0x5a,0xf6,0x61,0xa0,0x34,0x57,0x26,0x1c,0x5a,0x8d,0x59,0x40,0xad,0x02,0xc5,0x09, + 0x04,0x24,0x17,0x5c,0x07,0x8e,0x30,0x5d,0x31,0x39,0xe5,0xda,0xb7,0x27,0xa6,0xab,0x85,0x87,0xb2,0x6d,0xaa,0x47,0x0a,0x52,0x9a,0x23,0xc1,0x05,0x85,0xcb,0x56,0xc0,0x38,0xbf,0x1f,0x2b,0x93,0x7a,0xe0,0x74,0xff,0x94,0xb1,0x5f,0x5c,0xb5,0xe6,0x0e,0xb5,0xd3,0x2a,0xfb,0xa2,0x07,0x75,0x39,0xdb,0x79,0x42,0x94,0xbc,0xaa,0xb7,0x1a,0x81, + 0x04,0xef,0x69,0x1a,0xfe,0x2e,0xe4,0xaa,0x18,0xa8,0x48,0x5a,0x71,0xc0,0xe2,0x0e,0xff,0x13,0x37,0xae,0x06,0x22,0xac,0xc0,0x9c,0xcd,0xa1,0x0f,0x49,0x57,0x4a,0xe8,0x40,0xb8,0x27,0x30,0xbb,0x2e,0xef,0x59,0xa1,0x7a,0xb0,0x95,0xac,0xd1,0x31,0xe5,0xfc,0xf8,0xba,0x11,0x15,0x0a,0x94,0x21,0xbb,0xab,0x6b,0x9f,0x14,0x6a,0xa7,0x8f,0xfb, + 0x04,0x06,0x7e,0x7d,0xf0,0x9f,0x5e,0x38,0xf2,0xb2,0x82,0x3f,0x65,0xa6,0xb1,0x13,0x5c,0x32,0x90,0x58,0x6f,0xef,0x6e,0xce,0xff,0xa6,0xd5,0x95,0x95,0x74,0x88,0x79,0xf6,0x69,0x32,0xb3,0xf7,0x0d,0x60,0x32,0x29,0xe1,0x0a,0x57,0x34,0x4e,0xcd,0xe5,0x03,0xa2,0xdf,0x93,0x06,0x51,0x04,0x6c,0x2f,0x1d,0x2b,0x71,0x9b,0xfc,0x93,0xe0,0xa1, + 0x04,0xb8,0x72,0x2e,0xcd,0xde,0x7c,0x85,0x31,0x7e,0x48,0x6b,0x03,0x65,0x6b,0x83,0x91,0x0a,0xc3,0xc8,0x86,0x87,0xa4,0x29,0x1e,0x8b,0xb9,0xa4,0xb6,0xa5,0x2c,0xc6,0xe0,0x2e,0x41,0x58,0xa5,0xa8,0x8d,0xe0,0x23,0xd6,0xa1,0x35,0xbd,0x04,0xc1,0x58,0x5e,0xf4,0x67,0x41,0x89,0x03,0x76,0x13,0x54,0x53,0xec,0x56,0x2d,0xa5,0xb3,0x76,0x0b, + 0x04,0x72,0x8e,0x15,0xd5,0x78,0x21,0x2b,0xc4,0x22,0x87,0xc0,0x11,0x8c,0x82,0xc8,0x4b,0x12,0x6f,0x97,0xd5,0x49,0x22,0x3c,0x10,0xad,0x07,0xf4,0xe9,0x8a,0xf9,0x12,0x38,0x5d,0x23,0xb1,0xa6,0xe7,0x16,0x92,0x58,0x55,0xa2,0x47,0xb1,0x6e,0xff,0xe9,0x27,0x73,0x31,0x52,0x41,0xac,0x95,0x1c,0xdf,0xef,0xdf,0xac,0x0e,0xd1,0x64,0x67,0xf6, + 0x04,0xc3,0xef,0x35,0xfd,0x4c,0xda,0x66,0xe8,0xe8,0x50,0x09,0x5e,0x1e,0x69,0x7a,0xee,0x56,0xde,0xcc,0x29,0x48,0x4a,0xa4,0x63,0xf8,0x79,0xc7,0xb6,0xdd,0x76,0x69,0xe6,0x25,0x94,0x53,0x51,0x27,0x67,0x19,0xc5,0xe3,0xbb,0x8e,0x51,0x4f,0x69,0x30,0x5b,0x60,0x85,0xb7,0xc7,0x82,0xa0,0x7b,0x26,0xa8,0x42,0x88,0x7c,0x33,0xa9,0x3d,0xc6, + 0x04,0x78,0x49,0x07,0xc6,0xbe,0x62,0x02,0x77,0x0b,0x98,0xd0,0x1f,0x1f,0xfe,0x11,0xb9,0xed,0x2c,0x97,0x51,0x58,0x43,0xf5,0x7c,0x2c,0x06,0x36,0x3a,0x9d,0xad,0xc7,0x01,0x1d,0xe5,0xfb,0xaa,0x73,0x56,0xcf,0x3b,0xa2,0x8c,0xb7,0xb9,0x32,0xa0,0x7c,0x83,0x21,0x00,0x7c,0x7c,0x45,0x39,0x67,0x51,0xfe,0x70,0x72,0x43,0x43,0xd2,0xb1,0x9f, + 0x04,0x7c,0x01,0x6d,0xee,0x8b,0x54,0x11,0xf8,0xe9,0x51,0x84,0xda,0xf8,0xe3,0x18,0x11,0x9e,0x84,0x4b,0x8b,0xdc,0x70,0xd7,0x5e,0xfb,0x99,0xb8,0xd0,0xff,0x10,0xab,0x74,0x5e,0x90,0x51,0x03,0xd5,0x7d,0x65,0x37,0x90,0x8e,0x6e,0x98,0x64,0xae,0xe4,0xf0,0x91,0x7f,0x5b,0x92,0x0d,0x06,0xf9,0x80,0xaa,0x82,0x3f,0x04,0x3e,0xf9,0x13,0x9e, + 0x04,0x36,0xe1,0xe7,0x6f,0xfd,0xbe,0x85,0x77,0x52,0x0b,0x07,0x16,0xeb,0x88,0xc1,0x8e,0xa7,0x2a,0x49,0xe5,0xa4,0xe5,0x68,0x0a,0x7d,0x29,0x00,0x93,0xf8,0x41,0xcb,0x6e,0x73,0x10,0x72,0x8b,0x59,0xc7,0x57,0x2c,0x4b,0x35,0xfb,0x6c,0x29,0xc3,0x6e,0xba,0xbf,0xc5,0x35,0x53,0xc0,0x6e,0xcf,0x74,0x7f,0xcf,0xbe,0xfc,0xf6,0x11,0x4e,0x1c, + 0x04,0x7a,0x19,0x50,0x1d,0x64,0x6f,0xc9,0x33,0x2a,0x85,0x25,0xaf,0x4c,0xc7,0x95,0x23,0xb5,0x7d,0x73,0x6b,0x69,0xbb,0x24,0xb0,0x62,0x70,0xc1,0xb1,0xda,0xdf,0x88,0xce,0x83,0x4e,0xfa,0x1b,0xce,0x85,0x4f,0xf5,0xbc,0xad,0xe4,0x0c,0xbc,0xee,0x9f,0x40,0x15,0x4b,0xc2,0x60,0x36,0xad,0xc5,0xcf,0x87,0xe5,0x0e,0xa3,0x88,0xaf,0x29,0x87, + 0x04,0xf4,0x3b,0x61,0x0a,0x2a,0x5c,0x5f,0x6e,0x2b,0x39,0x55,0x67,0x48,0x96,0x57,0x05,0x9e,0x33,0x51,0xc6,0xf9,0xa7,0xe2,0xeb,0xde,0x52,0x63,0x8a,0xbf,0xea,0x00,0x6a,0xb2,0xd6,0x90,0x51,0x3e,0x91,0x87,0xc0,0xcc,0x90,0x3c,0xee,0xe0,0x22,0xee,0x42,0x1c,0x59,0x4a,0x8b,0xd7,0x61,0x0c,0x68,0xcd,0x81,0x43,0xad,0xfc,0x74,0x1d,0xde, + 0x04,0xd9,0x3b,0xfd,0xaa,0x79,0x7c,0xd4,0xbd,0x81,0xde,0xa8,0x0d,0x7c,0x72,0xa2,0x49,0x23,0xce,0x50,0xe9,0x4b,0xfc,0x4e,0xe1,0xbd,0x5f,0x5f,0x10,0xee,0xa3,0xf8,0xec,0xc0,0xb5,0x94,0x18,0x90,0xa2,0x6e,0x88,0xe5,0x02,0x9c,0x28,0x3e,0x0f,0xad,0xec,0xcc,0x0b,0x98,0x0f,0x8a,0x50,0x98,0xaa,0x78,0x35,0xc5,0xc9,0x58,0xd4,0x71,0xe5, + 0x04,0x0a,0xc1,0xea,0x7a,0x29,0xf7,0xac,0xe8,0xa3,0x8b,0x2f,0xed,0xbf,0xe4,0xd0,0xd9,0xae,0x45,0x34,0x44,0x32,0xab,0x3e,0xb5,0xe0,0xa5,0xb6,0x67,0x16,0xf6,0x1c,0x6a,0xaa,0xa3,0x9a,0x5f,0x09,0x8f,0xd4,0x47,0x25,0x87,0xd1,0x4b,0xdf,0x72,0xb3,0xdd,0x3e,0x96,0x6b,0x5f,0x0b,0x6e,0x40,0x0f,0xff,0x6e,0x0e,0x9c,0x84,0x53,0xfc,0x79, + 0x04,0xbf,0x2e,0x8a,0x61,0xa2,0x1d,0x96,0xe7,0x4a,0x29,0x6b,0x39,0x7e,0x53,0x04,0x4f,0x37,0x3a,0xcb,0x73,0xa6,0xea,0x4a,0x39,0x8d,0x89,0xc5,0x65,0x49,0xe9,0x6b,0x7f,0xe8,0x46,0xfd,0x0d,0xf2,0x39,0x69,0x1d,0x06,0x82,0xb0,0x67,0xa5,0x0a,0x24,0x23,0xd8,0x8b,0x4d,0x97,0x0b,0x1d,0x3d,0x81,0x41,0xa0,0x66,0xd1,0x3c,0x18,0x6f,0x96, + 0x04,0x56,0xba,0xf1,0xd7,0x26,0x06,0xc7,0xaf,0x5a,0x5f,0xa1,0x08,0x62,0x0b,0x08,0x39,0xe2,0xc7,0xdd,0x40,0xb8,0x32,0xef,0x84,0x7e,0x5b,0x64,0xc8,0x6e,0xfe,0x1a,0xa5,0x63,0xe5,0x86,0xa6,0x67,0xa6,0x5b,0xbb,0x56,0x92,0x50,0x0d,0xf1,0xff,0x84,0x03,0x73,0x68,0x38,0xb3,0x0e,0xa9,0x79,0x1d,0x9d,0x39,0x0e,0x3d,0xc6,0x68,0x9e,0x2c, + 0x04,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x9f,0xa2,0xf1,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x07,0xed,0x35,0x3c,0x9f,0x10,0x39,0xed,0xcc,0x9c,0xc5,0x33,0x6c,0x03,0x4d,0xc1,0x31,0xa4,0x08,0x76,0x92,0xc2,0xe5,0x6b,0xc1,0xdd,0x19,0x04,0xe3,0xff,0xff,0xff, + 0x04,0x5e,0x4c,0x2c,0xf1,0x32,0x0e,0xc8,0x4e,0xf8,0x92,0x08,0x67,0xb4,0x09,0xa9,0xa9,0x1d,0x2d,0xd0,0x08,0x21,0x6a,0x28,0x2e,0x36,0xbd,0x84,0xe8,0x84,0x72,0x6f,0xa0,0x5a,0x5e,0x4a,0xf1,0x1c,0xf6,0x3c,0xea,0xaa,0x42,0xa6,0xdc,0x9e,0x4c,0xcb,0x39,0x48,0x52,0xcf,0x84,0x28,0x4e,0x8d,0x26,0x27,0x57,0x2f,0xbf,0x22,0xc0,0xba,0x88, + 0x04,0x02,0xa3,0x0c,0x2f,0xab,0xc8,0x7e,0x67,0x30,0x62,0x5d,0xec,0x2f,0x0d,0x03,0x89,0x43,0x87,0xb7,0xf7,0x43,0xce,0x69,0xc4,0x73,0x51,0xeb,0xe5,0xee,0x98,0xa4,0x83,0x07,0xeb,0x78,0xd3,0x87,0x70,0xfe,0xa1,0xa4,0x4f,0x4d,0xa7,0x2c,0x26,0xf8,0x5b,0x17,0xf3,0x50,0x1a,0x4f,0x93,0x94,0xfe,0x29,0x85,0x6c,0xcb,0xf1,0x5f,0xd2,0x84, + 0x04,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa3,0x03,0x7e,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x03,0x1a,0x6b,0xf3,0x44,0xb8,0x67,0x30,0xac,0x5c,0x54,0xa7,0x75,0x1a,0xef,0xdb,0xa1,0x35,0x75,0x9b,0x9d,0x53,0x5c,0xa6,0x41,0x11,0xf2,0x98,0xa3,0x8d, + 0x04,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x24,0xdc,0xb0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x01,0x3b,0xc6,0xf0,0x84,0x31,0xe7,0x29,0xed,0x28,0x63,0xf2,0xf4,0xac,0x8a,0x30,0x27,0x96,0x95,0xc8,0x10,0x9c,0x34,0x0a,0x39,0xfa,0x86,0xf4,0x51,0xcd, + 0x04,0x5e,0x4c,0x2c,0xf1,0x32,0x0e,0xc8,0x4e,0xf8,0x92,0x08,0x67,0xb4,0x09,0xa9,0xa9,0x1d,0x2d,0xd0,0x08,0x21,0x6a,0x28,0x2e,0x36,0xbd,0x84,0xe8,0x84,0x72,0x6f,0xa0,0xa5,0xa1,0xb5,0x0e,0xe3,0x09,0xc3,0x15,0x55,0xbd,0x59,0x23,0x61,0xb3,0x34,0xc6,0xb7,0xad,0x30,0x7b,0xd7,0xb1,0x72,0xd9,0xd8,0xa8,0xd0,0x3f,0xdd,0x3f,0x41,0xa7, + 0x04,0x02,0xa3,0x0c,0x2f,0xab,0xc8,0x7e,0x67,0x30,0x62,0x5d,0xec,0x2f,0x0d,0x03,0x89,0x43,0x87,0xb7,0xf7,0x43,0xce,0x69,0xc4,0x73,0x51,0xeb,0xe5,0xee,0x98,0xa4,0x83,0xf8,0x14,0x87,0x2c,0x78,0x8f,0x01,0x5e,0x5b,0xb0,0xb2,0x58,0xd3,0xd9,0x07,0xa4,0xe8,0x0c,0xaf,0xe5,0xb0,0x6c,0x6b,0x01,0xd6,0x7a,0x93,0x33,0x0e,0xa0,0x29,0xab, + 0x04,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa3,0x03,0x7e,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfc,0xe5,0x94,0x0c,0xbb,0x47,0x98,0xcf,0x53,0xa3,0xab,0x58,0x8a,0xe5,0x10,0x24,0x5e,0xca,0x8a,0x64,0x62,0xac,0xa3,0x59,0xbe,0xed,0x0d,0x67,0x58,0xa2, + 0x04,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x24,0xdc,0xb0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xc4,0x39,0x0f,0x7b,0xce,0x18,0xd6,0x12,0xd7,0x9c,0x0d,0x0b,0x53,0x75,0xcf,0xd8,0x69,0x6a,0x37,0xef,0x63,0xcb,0xf5,0xc6,0x04,0x79,0x0b,0xaa,0x62, + 0x04,0x54,0x50,0xca,0xce,0x04,0x38,0x6a,0xdc,0x54,0xa1,0x43,0x50,0x79,0x3e,0x83,0xbd,0xc5,0xf2,0x65,0xd6,0xc2,0x92,0x87,0xec,0xd0,0x7f,0x79,0x1a,0xd2,0x78,0x4c,0x4c,0xeb,0xd3,0xc2,0x44,0x51,0x32,0x23,0x34,0xd8,0xd5,0x10,0x33,0xe9,0xd3,0x4b,0x6b,0xb5,0x92,0xb1,0x99,0x5d,0x07,0x86,0x78,0x63,0xd1,0x04,0x4b,0xd5,0x9d,0x75,0x01, + 0x04,0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x12,0x6b,0x54,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x41,0x06,0xa3,0x69,0x06,0x8d,0x45,0x4e,0xa4,0xb9,0xc3,0xac,0x61,0x77,0xf8,0x7f,0xc8,0xfd,0x3a,0xa2,0x40,0xb2,0xcc,0xb4,0x88,0x2b,0xdc,0xcb,0xd4,0x00,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x42,0x18,0xf2,0x0a,0xe6,0xc6,0x46,0xb3,0x63,0xdb,0x68,0x60,0x58,0x22,0xfb,0x14,0x26,0x4c,0xa8,0xd2,0x58,0x7f,0xdd,0x6f,0xbc,0x75,0x0d,0x58,0x7e,0x76,0xa7,0xee, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x66,0xfb,0xe7,0x27,0xb2,0xba,0x09,0xe0,0x9f,0x5a,0x98,0xd7,0x0a,0x5e,0xfc,0xe8,0x42,0x4c,0x5f,0xa4,0x25,0xbb,0xda,0x1c,0x51,0x1f,0x86,0x06,0x57,0xb8,0x53,0x5e, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0x2f,0x23,0x33,0x95,0xc8,0xb0,0x7a,0x38,0x34,0xa0,0xe5,0x9b,0xda,0x43,0x94,0x4b,0x5d,0xf3,0x78,0x85,0x2e,0x56,0x0e,0xbc,0x0f,0x22,0x87,0x7e,0x9f,0x49,0xbb,0x4b, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2c,0x0e,0x99,0x4b,0x14,0xea,0x72,0xf8,0xc3,0xeb,0x95,0xc7,0x1e,0xf6,0x92,0x57,0x5e,0x77,0x50,0x58,0x33,0x2d,0x7e,0x52,0xd0,0x99,0x5c,0xf8,0x03,0x88,0x71,0xb6,0x7d, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x3c,0x81,0xe8,0x72,0x41,0xd9,0x45,0x1d,0x28,0x6d,0xdb,0xe6,0x5b,0x14,0xd4,0x72,0x34,0x30,0x7b,0x80,0xce,0x74,0xb8,0x92,0x1a,0xf7,0xd4,0x93,0x57,0x07,0x54,0x9d, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x07,0x15,0x09,0x85,0x98,0xdc,0x12,0xcf,0x29,0x4e,0xa5,0xac,0x1e,0xb5,0xee,0xae,0x91,0x39,0xf5,0xcf,0xd3,0xd0,0xff,0xdc,0xfa,0x72,0x97,0xa0,0x1d,0xce,0x1e,0xe9,0xdf, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x61,0xbd,0x3a,0x38,0xf7,0x07,0x71,0x3b,0x97,0xea,0xf8,0xd0,0x18,0x4e,0x00,0x79,0xe2,0xa6,0x2c,0xfb,0xa7,0x5d,0x42,0x8b,0x13,0x26,0xea,0x86,0x1a,0xad,0xe9,0x50, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x15,0x82,0x0e,0x7e,0x26,0x67,0x0c,0x6b,0x45,0xc1,0xe0,0xca,0xa9,0x51,0xea,0xb3,0x12,0x75,0x41,0x80,0xba,0xa9,0xfc,0xff,0x9f,0x7e,0x7b,0xf4,0x6d,0xee,0xa7,0xfc, + 0x04,0x0b,0x7b,0xeb,0xa3,0x4f,0xeb,0x64,0x7d,0xa2,0x00,0xbe,0xd0,0x5f,0xad,0x57,0xc0,0x34,0x8d,0x24,0x9e,0x2a,0x90,0xc8,0x8f,0x31,0xf9,0x94,0x8b,0xb6,0x5d,0x52,0x07,0x74,0x35,0xa6,0xbe,0xf9,0x1b,0x92,0xae,0x32,0xcf,0x51,0xd7,0x14,0x9c,0xad,0x03,0x53,0xa4,0x65,0x13,0x85,0x14,0x27,0xc3,0x44,0x36,0x53,0x6e,0xc7,0xea,0xe4,0x83, + 0x04,0x21,0x0c,0x79,0x05,0x73,0x63,0x23,0x59,0xb1,0xed,0xb4,0x30,0x2c,0x11,0x7d,0x8a,0x13,0x26,0x54,0x69,0x2c,0x3f,0xee,0xb7,0xde,0x3a,0x86,0xac,0x3f,0x3b,0x53,0xf7,0x5f,0x45,0x0d,0xbb,0xf7,0x18,0xa4,0xf6,0x58,0x2d,0x7a,0xf8,0x39,0x53,0x17,0x0b,0x30,0x37,0xfb,0x81,0xa4,0x50,0xa5,0xca,0x5a,0xcb,0xec,0x74,0xad,0x6c,0xac,0x89, + 0x04,0x42,0x18,0xf2,0x0a,0xe6,0xc6,0x46,0xb3,0x63,0xdb,0x68,0x60,0x58,0x22,0xfb,0x14,0x26,0x4c,0xa8,0xd2,0x58,0x7f,0xdd,0x6f,0xbc,0x75,0x0d,0x58,0x7e,0x76,0xa7,0xee,0x37,0x26,0x9a,0x64,0xbb,0xcf,0x3a,0x3f,0x22,0x76,0x31,0xc7,0xa8,0xce,0x53,0x2c,0x77,0x24,0x5a,0x1c,0x0d,0xb4,0x34,0x3f,0x16,0xaa,0x1d,0x33,0x9f,0xd2,0x59,0x1a, + 0x04,0x39,0xf8,0x83,0xf1,0x05,0xac,0x7f,0x09,0xf4,0xe7,0xe4,0xdc,0xc8,0x4b,0xc7,0xff,0x4b,0x3b,0x74,0xf3,0x01,0xef,0xaa,0xaf,0x8b,0x63,0x8f,0x47,0x72,0x0f,0xda,0xec,0x24,0xf5,0x0e,0xfd,0x39,0xb8,0xae,0x75,0x36,0xe8,0x80,0x69,0x27,0xea,0xc6,0xfd,0x52,0x21,0x0a,0x23,0x9f,0xb4,0x12,0x9e,0x0b,0xfe,0xd3,0x33,0x47,0x65,0x75,0xea, + 0x04,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x50,0x13,0x4a,0x74,0xfc,0x6e,0x7d,0x7a,0xce,0xf5,0xbb,0x20,0xe9,0x69,0xab,0xb6,0xf0,0x26,0xec,0x0c,0xb0,0x4d,0xff,0x34,0xf7,0x91,0x6c,0xa6,0x4b,0x07,0xff,0xf5,0x11, + 0x04,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0x76,0x9a,0xfe,0x39,0x7a,0x57,0x09,0x20,0x1b,0xda,0x50,0xce,0x2d,0x31,0xa1,0x3f,0xde,0x40,0x76,0x72,0x2a,0x85,0x77,0x19,0x92,0x40,0x09,0xcc,0x28,0x15,0x98,0x69, + 0x04,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x04,0x34,0xe8,0x77,0xea,0xa7,0x13,0x40,0xaa,0x5e,0x57,0xe5,0x8a,0x01,0xf0,0xb0,0xae,0xc8,0xd2,0x4b,0x5c,0x64,0xaa,0x77,0xef,0x95,0xfa,0xe9,0xb4,0x95,0x8c,0x5d, + 0x04,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcb,0x2e,0x80,0x8a,0x8b,0x6c,0x6e,0x5b,0xc0,0x68,0xf9,0x63,0x48,0xd6,0x81,0x71,0xe6,0x61,0x59,0xa0,0xee,0x27,0x07,0x3c,0x82,0xfc,0x3f,0x95,0x81,0xa4,0xa1,0xfb,0x28, + 0x04,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0c,0x1d,0x85,0x42,0x10,0xf7,0x97,0xc5,0x47,0xbd,0x3b,0x3f,0xec,0xcd,0xe1,0xce,0x3e,0x67,0xc6,0x1c,0x34,0x00,0x14,0x1d,0xa2,0x06,0x85,0x20,0xe2,0xba,0xe9,0xbf,0x90, + 0x04,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0x22,0xbc,0xbf,0x40,0xd6,0x58,0xbf,0x3f,0xf0,0x2d,0x98,0xae,0xa5,0xae,0x45,0xd4,0x3e,0xd8,0x5f,0x6d,0xe9,0x26,0x8f,0x0e,0xae,0x85,0x21,0x0f,0x2f,0xed,0x81,0xc6, + 0x04,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x21,0x0a,0x46,0x30,0x48,0x81,0x32,0x9c,0x98,0x07,0xb7,0x1b,0x63,0x93,0xba,0x10,0x4b,0x9f,0x27,0xd9,0x76,0x06,0x5e,0x85,0x24,0x29,0xfd,0x66,0x4d,0xe9,0x8e,0xee, + 0x04,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0x70,0x11,0xd6,0xe8,0x51,0xe5,0xa5,0x3f,0xde,0x41,0xc1,0xf3,0x48,0x69,0x0c,0x01,0x88,0xf2,0x4c,0x10,0x5d,0x5c,0xfc,0xa5,0xb6,0xff,0x3c,0x93,0xdb,0xfd,0xef,0x99, + 0x04,0x7f,0xff,0x00,0x01,0xff,0xfc,0x00,0x07,0xff,0xf0,0x00,0x1f,0xff,0xc0,0x00,0x7f,0xff,0x00,0x01,0xff,0xfc,0x00,0x07,0xff,0xf0,0x00,0x1f,0xff,0xc0,0x00,0x7f,0xff,0x4b,0x66,0x00,0x3c,0x74,0x82,0xd0,0xf2,0xfd,0x7b,0x1c,0xb2,0xb0,0xb7,0x07,0x8c,0xd1,0x99,0xf2,0x20,0x8f,0xc3,0x7e,0xb2,0xef,0x28,0x6c,0xcb,0x2f,0x12,0x24,0xe7, + 0x04,0x80,0x00,0xff,0xfe,0x00,0x03,0xff,0xf8,0x00,0x0f,0xff,0xe0,0x00,0x3f,0xff,0x80,0x00,0xff,0xfe,0x00,0x03,0xff,0xf8,0x00,0x0f,0xff,0xe0,0x00,0x3f,0xff,0x7f,0xff,0x0a,0x23,0x31,0x88,0x0c,0xb3,0xf8,0xf9,0x00,0x4b,0xf6,0x8f,0xc3,0x79,0xbe,0xb6,0xe3,0xaf,0xfa,0xdc,0xbe,0x81,0xbd,0x4f,0x9b,0xf7,0x6e,0x4a,0xc5,0xab,0x2c,0x37, + 0x04,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xfd,0x3b,0x6a,0x26,0x29,0xd5,0x98,0xa0,0x45,0xbe,0x28,0xa1,0x68,0x72,0x88,0xcc,0x4d,0x0c,0x38,0x9c,0xc6,0xfe,0x62,0x7c,0x5c,0xc3,0xaa,0x2a,0xb9,0x63,0xdb,0x74,0x95, + 0x04,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xfe,0xff,0xfe,0x35,0xe3,0x9d,0x53,0xd1,0x01,0xa6,0xaa,0x4a,0xb4,0x34,0xc5,0x5a,0x70,0xb0,0x3d,0x24,0x4b,0x6a,0x20,0x25,0xa1,0x8d,0x4d,0x54,0x9d,0xea,0x45,0x1c,0x03,0x13,0x92, + 0x04,0x80,0x00,0x00,0x3f,0xff,0xff,0xf0,0x00,0x00,0x07,0xff,0xff,0xfe,0x00,0x00,0x00,0xff,0xff,0xff,0xc0,0x00,0x00,0x1f,0xff,0xff,0xf8,0x00,0x00,0x03,0xff,0xff,0xfd,0x3a,0xa7,0x74,0xf4,0xd2,0x9f,0xef,0xdd,0xd9,0x54,0x6a,0xd1,0xf7,0xb2,0xb7,0x9c,0xf4,0x26,0x34,0x28,0x4f,0xbb,0x1d,0x7c,0x70,0x2e,0x9f,0xca,0x3f,0xe0,0x49,0xaf, + 0x04,0x7f,0xff,0xff,0xe0,0x00,0x00,0x0f,0xff,0xff,0xfc,0x00,0x00,0x01,0xff,0xff,0xff,0x80,0x00,0x00,0x3f,0xff,0xff,0xf0,0x00,0x00,0x07,0xff,0xff,0xfd,0xff,0xff,0xfe,0x23,0xe4,0xbc,0xa0,0x98,0x4d,0xa4,0x24,0xa6,0x12,0x0a,0x13,0xdc,0x67,0x6c,0x77,0x76,0x07,0x56,0x2d,0x16,0xed,0x9b,0x8f,0xa9,0x4c,0x21,0xff,0xf7,0x15,0x1d,0x4e, + 0x04,0x00,0x00,0x03,0xff,0xff,0xff,0x00,0x00,0x00,0x3f,0xff,0xff,0xf0,0x00,0x00,0x03,0xff,0xff,0xff,0x00,0x00,0x00,0x3f,0xff,0xff,0xf0,0x00,0x00,0x03,0xff,0xff,0xfc,0x2a,0x95,0xc8,0x12,0x53,0xac,0x55,0x48,0x46,0x81,0x2d,0x2a,0x44,0x15,0xf6,0xed,0xcf,0x95,0x42,0x09,0x00,0x8d,0x26,0x0a,0x80,0x6b,0x85,0xab,0xa7,0x59,0xff,0x72, + 0x04,0xff,0xff,0xfc,0x00,0x00,0x00,0xff,0xff,0xff,0xc0,0x00,0x00,0x0f,0xff,0xff,0xfc,0x00,0x00,0x00,0xff,0xff,0xff,0xc0,0x00,0x00,0x0f,0xff,0xff,0xfb,0xff,0xff,0xfe,0x03,0x15,0x37,0xfc,0xab,0xe5,0xd5,0xe2,0x51,0x65,0xa1,0x8b,0x1b,0xd4,0x08,0x21,0x2c,0xb5,0x23,0xef,0xea,0x0f,0xc0,0xfd,0x1e,0xac,0x46,0xe8,0x3b,0x0d,0x0b,0x52, + 0x04,0xff,0xff,0x00,0x00,0x00,0x03,0xff,0xff,0xff,0xf0,0x00,0x00,0x00,0x3f,0xff,0xff,0xff,0x00,0x00,0x00,0x03,0xff,0xff,0xff,0xf0,0x00,0x00,0x00,0x3f,0xff,0xff,0xff,0x63,0xa8,0x8b,0x2e,0x0c,0x89,0x87,0xc6,0x31,0x0c,0xf8,0x1d,0x0c,0x93,0x5f,0x00,0x21,0x3f,0x98,0xa3,0xda,0xd2,0xf4,0x3c,0x81,0x28,0xfa,0x31,0x3a,0x90,0xd5,0x5b, + 0x04,0x00,0x00,0xff,0xff,0xff,0xfc,0x00,0x00,0x00,0x0f,0xff,0xff,0xff,0xc0,0x00,0x00,0x00,0xff,0xff,0xff,0xfc,0x00,0x00,0x00,0x0f,0xff,0xff,0xff,0xbf,0xff,0xff,0xfd,0x24,0x07,0xbd,0xdc,0x5a,0x50,0xb2,0xa7,0xb9,0x6a,0x28,0x8e,0xfb,0x83,0x8b,0xf7,0x68,0xc6,0x06,0x6e,0x60,0xb7,0x2f,0x08,0xa9,0x78,0x2d,0xa2,0xe3,0x9b,0xd3,0x4f, + 0x04,0xff,0x00,0x00,0x00,0x01,0xff,0xff,0xff,0xfc,0x00,0x00,0x00,0x07,0xff,0xff,0xff,0xf0,0x00,0x00,0x00,0x1f,0xff,0xff,0xff,0xc0,0x00,0x00,0x00,0x7f,0xff,0xff,0xfd,0x4a,0xf9,0xcc,0x40,0x6a,0x46,0x94,0x3f,0xfe,0x0f,0xe6,0x30,0xbd,0x21,0xf2,0x05,0xee,0xfa,0x05,0x35,0x5f,0x3a,0x13,0xc9,0x94,0x3d,0x58,0xe1,0x6e,0x88,0x04,0x35, + 0x04,0x00,0xff,0xff,0xff,0xfe,0x00,0x00,0x00,0x03,0xff,0xff,0xff,0xf8,0x00,0x00,0x00,0x0f,0xff,0xff,0xff,0xe0,0x00,0x00,0x00,0x3f,0xff,0xff,0xff,0x80,0x00,0x00,0x00,0x27,0x96,0xcf,0x7b,0xde,0x36,0xdc,0x6b,0x19,0x50,0x00,0x12,0x28,0xb7,0x24,0x9d,0x34,0x38,0xa3,0x5f,0xe5,0xbe,0x98,0x66,0x12,0x55,0xbf,0x63,0xa8,0x79,0xb3,0xa5, + 0x04,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x73,0xb0,0x88,0x64,0x96,0xae,0xd7,0x0d,0xb3,0x71,0xe2,0xe4,0x9d,0xb6,0x40,0xab,0xba,0x54,0x7e,0x5e,0x0c,0x27,0x63,0xb7,0x3a,0x0a,0x42,0xf8,0x43,0x48,0xa6,0xb1, + 0x04,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,0xff,0x00,0x13,0xa9,0xbe,0x0c,0xba,0xaa,0xcf,0x4e,0x0f,0x53,0xee,0x45,0xbc,0x57,0x3e,0xaa,0x44,0xdb,0xf4,0x8d,0x5f,0xaf,0xc2,0x68,0x56,0xb4,0x4d,0x6d,0x00,0xe2,0xbe, + 0x04,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0x6e,0x56,0x3b,0xca,0x87,0x3b,0xd5,0x91,0xc9,0x66,0x33,0x91,0xc8,0x26,0x15,0x07,0x95,0xe3,0xc4,0x2c,0xed,0xd2,0x69,0xe6,0x8f,0xf0,0xe5,0x6d,0xc9,0x71,0xd5,0x54, + 0x04,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x5b,0x5b,0x2e,0xc5,0x53,0xbe,0x67,0xfd,0x73,0xad,0xd4,0xcc,0x2b,0xce,0xd4,0xeb,0xe6,0xd0,0x4a,0x05,0xb0,0xe9,0x26,0xe3,0x12,0x03,0x7b,0x39,0x51,0x66,0x78,0x47, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x31,0xcf,0x13,0x67,0x1b,0x57,0x4e,0x31,0x3c,0x35,0x21,0x75,0x66,0xf1,0x8b,0xd2,0xc5,0xf7,0x58,0xc1,0x40,0xd2,0x4e,0x94,0xe6,0xa4,0xfd,0xa7,0xf4,0xc7,0xb1,0x2b, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf5,0x3a,0x54,0x14,0x15,0x98,0x33,0x46,0x50,0xd1,0xf9,0x9a,0x12,0x85,0x07,0x69,0xf5,0x3d,0x34,0x52,0x9b,0x07,0xae,0x59,0x12,0x44,0xc6,0xed,0x70,0x2f,0x1a,0xa1,0x71, + 0x04,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x54,0xff,0xff,0xfe,0xbc,0x7c,0x97,0x6b,0xdd,0xab,0x1d,0x1a,0x30,0x2c,0xfa,0x17,0x6c,0x25,0x43,0x45,0x58,0xec,0x7c,0xac,0x23,0x8e,0x73,0x9c,0xa9,0x84,0x9a,0xa1,0x04,0x32,0x3b,0x10,0x6c, + 0x04,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x32,0xff,0xff,0xff,0x3c,0x7b,0x2b,0xf3,0x71,0x6a,0x9e,0x33,0x6e,0x16,0x29,0x66,0x59,0x7e,0x5c,0x42,0x3b,0xb9,0xd3,0xd0,0xd0,0xc3,0xc0,0x2b,0x9e,0x2d,0xc4,0xaa,0xba,0xd1,0x7b,0xfd,0xcb, + 0x04,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x6d,0xb6,0xda,0xe2,0x28,0x17,0x58,0x8a,0xa1,0x9f,0x91,0x0e,0x8b,0xed,0x1f,0x89,0xa6,0xb5,0xea,0x6c,0xde,0x48,0x00,0xdd,0x9b,0xeb,0x28,0xd1,0x33,0x6b,0xb4,0x60,0x75,0x11,0x81,0x44, + 0x04,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x55,0x55,0x54,0xe8,0x3c,0x4d,0x16,0xba,0x69,0x91,0x01,0x1c,0xf3,0xf9,0x4f,0xee,0xff,0x3f,0x48,0xad,0x29,0xed,0x9a,0x22,0xbc,0xef,0x8f,0xac,0x40,0xd9,0xb2,0xaf,0x25,0xe2,0xb9,0x09, + 0x04,0x59,0x29,0x4e,0x8b,0xc5,0x4e,0x76,0xd4,0x8b,0x55,0x94,0xf0,0x1f,0xe4,0x72,0x95,0x66,0xd9,0xb6,0xdf,0x63,0x85,0x98,0x2f,0xbb,0x53,0x31,0x83,0x92,0x1f,0x1a,0x12,0x45,0x43,0xe4,0x11,0x0b,0xf4,0xcd,0x22,0xe1,0xd4,0x44,0xd8,0x3e,0x24,0xc5,0xec,0xdb,0x32,0x8a,0x98,0xf2,0xf9,0x3e,0x8e,0xdc,0xb9,0x9b,0x07,0xd5,0xd9,0xfa,0xfc, + 0x04,0x29,0xb5,0x79,0x69,0x02,0x64,0x95,0x49,0x85,0x18,0x7a,0xaa,0x9e,0xa3,0x13,0xd3,0x9b,0x5c,0x82,0x8e,0x02,0x2a,0xfc,0xe8,0xfd,0x0c,0xb7,0x64,0xed,0x69,0x34,0x73,0xba,0x8c,0xde,0x1b,0x2b,0xe1,0x74,0x9c,0xf4,0xd5,0xbc,0x0d,0xf5,0x78,0x00,0x9c,0x96,0x50,0xe4,0x4b,0x6c,0x38,0x5c,0x5e,0xe2,0x62,0x1f,0xff,0xfc,0x20,0x5c,0xb7, + 0x04,0x41,0x50,0xa1,0x11,0xe0,0x48,0x9c,0xc8,0x2d,0x43,0xba,0x66,0xf4,0x04,0xba,0x0d,0xf2,0xb1,0xfa,0x13,0xff,0xea,0x36,0x14,0x42,0xf7,0x85,0x4f,0x9a,0xbb,0x38,0x14,0x65,0x62,0x7e,0x96,0xf3,0x72,0xfd,0x04,0x00,0xec,0xa4,0x21,0x13,0x89,0x0c,0xb1,0x10,0xc1,0x1e,0xda,0x22,0x40,0x5b,0xcd,0x29,0x5b,0x1c,0xaa,0xb9,0xd9,0x3a,0xf7, + 0x04,0xa7,0x46,0x46,0xc7,0x98,0xfd,0x5a,0x0a,0xf4,0x42,0xda,0x69,0xc8,0x22,0xcd,0xf1,0x13,0x4a,0xdb,0xa3,0x61,0xf9,0x06,0x63,0xd6,0x26,0x48,0x1a,0xa1,0x0e,0x00,0x04,0x56,0x71,0x60,0x69,0x68,0x18,0x28,0x6b,0x72,0xf0,0x1a,0x3e,0x5e,0x8c,0xac,0xa7,0x36,0x24,0x91,0x60,0xc7,0xde,0xd6,0x9d,0xd5,0x19,0x13,0xc3,0x03,0xa2,0xfa,0x97, + 0x04,0x61,0x1c,0x65,0xee,0xcd,0x9e,0x3d,0xe5,0x28,0xf6,0x39,0xe8,0xb6,0x69,0x86,0x88,0xdb,0x1f,0x4f,0xc8,0xc1,0x16,0x50,0xa6,0x01,0xfe,0x6d,0xae,0xca,0x5c,0x59,0x66,0x5f,0xa4,0x5a,0x23,0x40,0x06,0x33,0xba,0x36,0x30,0x24,0x4a,0xa6,0xb0,0x14,0x4d,0xe2,0xab,0x3b,0x62,0x95,0xe3,0xdf,0xa1,0x5f,0x58,0x6e,0x40,0xa8,0x40,0x53,0xaf, + 0x04,0xb4,0x9c,0x67,0x91,0x64,0x79,0x37,0x56,0x8c,0x75,0x70,0x06,0x48,0x56,0x42,0x08,0x35,0xd4,0x4a,0xf1,0xce,0xdd,0xd6,0x82,0x96,0x7f,0xbd,0x44,0xfc,0x97,0x29,0x4c,0xd1,0x35,0x65,0x1b,0xd7,0xee,0x3a,0xab,0x95,0x7e,0xba,0x10,0xed,0x4b,0x7a,0x5c,0x40,0xca,0x00,0xd9,0x59,0xca,0x66,0x30,0x80,0xc4,0xea,0xf0,0xe1,0x89,0xbc,0x21, + 0x04,0xc7,0x3c,0x71,0xd8,0x56,0xcb,0x94,0x9a,0x31,0xc2,0x49,0xc1,0xe9,0x9b,0x11,0xff,0xb6,0x98,0xcb,0xc1,0xdb,0xf4,0x00,0x2e,0x95,0x6c,0xde,0xb6,0x55,0xf8,0x40,0x45,0x71,0x6e,0x98,0xde,0xc1,0x0a,0x99,0x05,0xfa,0x1d,0x3a,0x85,0x1f,0x4f,0x1f,0xe6,0x17,0x35,0x6c,0xb5,0x6d,0x56,0x43,0xa1,0x48,0xee,0xc3,0x76,0x23,0x7a,0x27,0xf1, + 0x04,0xac,0xab,0xed,0xbe,0x76,0x0e,0x93,0x30,0xaf,0x35,0x08,0x20,0x9b,0xa0,0x08,0x1b,0x9c,0xe0,0x61,0x32,0x7d,0x1e,0xa0,0xb6,0xff,0xdc,0x57,0x7d,0xba,0xf2,0x8e,0x26,0x9c,0xd0,0x01,0x76,0x35,0x88,0x28,0x21,0x5d,0x30,0xad,0xe0,0xcf,0xf8,0xcd,0xc0,0x85,0x6c,0x84,0xfc,0xdb,0x42,0x4f,0xeb,0x93,0xce,0x58,0xa2,0x55,0x4a,0x9b,0xcd, + 0x04,0x4c,0xc9,0x19,0x7b,0xfd,0xef,0x17,0xd3,0x3a,0x9e,0xa7,0x43,0xbf,0x83,0x74,0x7b,0x56,0x4d,0x6a,0xd1,0x1e,0x60,0x80,0x95,0x7a,0x9d,0x3a,0xc4,0x41,0x65,0xfa,0x79,0x3c,0xe2,0x0d,0x13,0xd4,0x31,0x07,0x1b,0xe3,0x67,0xe5,0x92,0xf8,0xa2,0x2f,0x88,0xed,0xee,0x1c,0xd5,0x1c,0xad,0xb0,0x84,0x5e,0xbe,0xa6,0x4b,0x11,0xc4,0x57,0x08, + 0x04,0xfb,0xf4,0x11,0xaf,0xc8,0x83,0x58,0xdf,0xf2,0xba,0x15,0x6c,0xe2,0x73,0xd7,0xb1,0x5d,0x0b,0xa3,0x98,0x0a,0x60,0xa8,0x2e,0xb3,0x8b,0xfa,0x58,0x99,0x5e,0x16,0x3d,0x57,0xc6,0x2e,0x53,0x07,0x0e,0x8e,0x6c,0xb1,0xdf,0x4e,0xf5,0x09,0xeb,0x25,0x98,0xdb,0xdb,0x07,0xa5,0xff,0xd7,0x13,0x01,0xea,0xa2,0x89,0x2a,0xd1,0x23,0x8f,0x4a, + 0x04,0xcd,0x78,0x63,0xad,0xdd,0xaf,0x00,0x99,0x64,0x71,0x39,0xce,0x64,0xca,0x0b,0x39,0xdb,0xd3,0x12,0xcc,0xf9,0x6c,0x15,0xa6,0x2f,0x2c,0x49,0xe6,0x28,0x24,0x82,0x35,0x99,0x9f,0x82,0xaf,0xd0,0xf7,0x6e,0x74,0x4a,0xfd,0x0f,0xca,0x2a,0xab,0x36,0xf2,0x2f,0xf7,0xeb,0xef,0xd8,0xe5,0x41,0xfc,0xb6,0xe9,0x72,0x70,0x4b,0x8a,0xc5,0x21, + 0x04,0xbd,0x4f,0xd8,0x57,0x64,0x0a,0x6b,0xdf,0x5d,0xa4,0x2f,0xfc,0x5c,0x2c,0x17,0x55,0xc4,0xc1,0x25,0xa9,0x9d,0x38,0x0a,0x59,0x35,0xeb,0x1c,0x4c,0x3a,0x9c,0x2a,0x3a,0x47,0x60,0xdf,0x25,0xca,0x56,0x17,0x24,0xa8,0x2e,0x3f,0x9c,0x9d,0x78,0x25,0x36,0xdb,0x43,0x10,0xd6,0xc9,0xc7,0x69,0xf5,0x1b,0x73,0x3d,0xe4,0x4a,0x9c,0x02,0xf1, + 0x04,0x45,0x65,0x4b,0x3b,0x66,0x06,0x57,0x43,0xac,0x86,0x85,0x4d,0xaa,0x77,0xc9,0xe5,0xcf,0x71,0x3a,0x40,0x2f,0xbd,0x4a,0xda,0x36,0x5f,0x4f,0x96,0xbf,0x17,0x17,0xcd,0x63,0xcf,0x23,0xba,0x03,0x5d,0xe4,0x30,0xa2,0x12,0x8d,0xab,0x0d,0x2c,0x7b,0x93,0x9d,0x44,0xc6,0x66,0x24,0xf6,0x97,0x92,0x75,0xcd,0x37,0xcd,0x02,0x37,0x06,0x69, + 0x04,0xdd,0xa7,0x93,0xfe,0x7f,0xde,0xa5,0xc7,0x48,0x1c,0x75,0x6f,0x59,0xfb,0xff,0x48,0x48,0x17,0x77,0xa5,0x42,0x18,0xd9,0x5e,0xaa,0x24,0xe7,0xb8,0x6d,0x8a,0x58,0x58,0xfd,0xac,0x18,0x59,0x0c,0xd9,0x6e,0x19,0x3d,0xb5,0x1c,0x50,0x30,0x7d,0x26,0x06,0x67,0x4d,0x5b,0x8a,0xfc,0xc8,0x2d,0x1b,0x67,0x2d,0xd8,0xe0,0x97,0x19,0xa6,0xac, + 0x04,0x2e,0x04,0x3b,0x85,0x1f,0xc5,0xa5,0xf1,0x2d,0xeb,0x76,0xfe,0x94,0x18,0x2b,0x99,0xbb,0xce,0x72,0x7b,0x47,0x67,0x83,0xf9,0xd8,0x68,0xad,0x3a,0xb7,0xac,0x7a,0x25,0x14,0x62,0xb4,0x69,0xc2,0xe0,0x24,0x91,0xe0,0x5a,0x3a,0x45,0x23,0xe0,0x9a,0x6b,0xe8,0xe5,0xb2,0xd1,0x04,0x19,0xcb,0x77,0x60,0xa8,0x50,0x3a,0xe4,0xeb,0x7e,0x7b, + 0x04,0x3d,0x8f,0xdd,0xf4,0x1e,0x52,0x32,0x0c,0x80,0x81,0xe0,0xd6,0x0f,0x53,0x97,0x99,0x3a,0xbd,0xfa,0x97,0x9c,0x4b,0x5e,0x83,0x2a,0xc6,0x1b,0xf3,0xcc,0x2e,0x6f,0xd9,0x45,0x04,0xfe,0x32,0x07,0xdb,0xd1,0x8e,0xba,0xd2,0xb9,0x21,0xa5,0x2a,0x16,0xa3,0x36,0x59,0x93,0x9c,0x16,0xfb,0xb9,0x18,0x6c,0xaf,0x5e,0x2c,0xf3,0x17,0x03,0x46, + 0x04,0x65,0x10,0x6f,0xdc,0xa0,0xc4,0x08,0x73,0x8c,0x23,0x16,0xf3,0xec,0x22,0x38,0xd4,0x59,0x15,0x7b,0xab,0x2c,0x28,0x55,0x32,0x3b,0x95,0xbd,0x27,0x1c,0x91,0xde,0xdc,0xd9,0xfc,0x2d,0x68,0x54,0x46,0x78,0x98,0x29,0x25,0x1d,0x29,0x3a,0x50,0xd1,0x50,0xdf,0x5f,0x1f,0xc1,0xa0,0x60,0x4e,0x4d,0xef,0xaa,0x9a,0x8e,0x3f,0x8c,0x91,0x69, + 0x04,0x32,0x0c,0x81,0x35,0x48,0x18,0x3a,0xad,0xb0,0xe7,0xd2,0x1a,0x0f,0xfe,0x47,0x2b,0xfa,0x9b,0x4f,0xfe,0x81,0x5a,0xde,0xfd,0x09,0x18,0x0a,0x3a,0xe2,0xd1,0x5f,0xbc,0xd0,0xca,0x20,0x61,0x1d,0x22,0x32,0x84,0x7a,0xa8,0x0e,0x7f,0x76,0x91,0xc0,0x08,0xff,0x88,0x6d,0xfc,0xe5,0x50,0xf9,0x0c,0x4c,0x19,0x98,0x2e,0xd7,0x79,0xb4,0x66, + 0x04,0xa0,0xe2,0xb1,0xa9,0x2a,0x6a,0xfa,0x9f,0xe6,0x84,0x24,0xbc,0x63,0xdc,0xad,0x62,0x0b,0x7d,0xc8,0x44,0xe4,0x57,0x1f,0x54,0x04,0xab,0x9d,0x18,0xbf,0x08,0x54,0x5c,0xcb,0xa1,0xc1,0xff,0x49,0xbf,0x7b,0xaa,0x9b,0xe1,0xfc,0x0a,0xc4,0xbb,0xa6,0x3b,0x41,0xba,0x7a,0x37,0x4e,0x15,0xfc,0x39,0xb8,0x84,0xd8,0x0a,0x75,0xb0,0x70,0x92, + 0x04,0xdc,0x97,0x13,0x9a,0x3d,0xd1,0x41,0x1d,0x74,0x61,0x61,0x54,0xaa,0x0d,0x6b,0xce,0x78,0x7c,0xfa,0xfb,0xd8,0xfd,0x06,0x0b,0x68,0x0b,0x04,0xb4,0x22,0xb0,0xd2,0x2f,0x6a,0xb5,0x0e,0x5c,0x68,0xe0,0x27,0x80,0x59,0x53,0xbf,0x7c,0x3b,0xe4,0x0a,0x8f,0x7c,0x9b,0x56,0xc6,0xdb,0xbe,0x86,0x33,0x7e,0x61,0x63,0xad,0xa0,0x1d,0x9d,0x63, + 0x04,0x09,0x78,0xd4,0x2e,0x15,0x94,0x56,0x95,0x89,0xb5,0x78,0x26,0x6c,0xed,0xb6,0x08,0x8a,0x84,0xc9,0xcc,0x9b,0xaf,0xf0,0x07,0x0d,0xc1,0xd9,0x34,0x34,0x26,0x05,0xe6,0x2c,0xe8,0x0a,0x96,0x6b,0x5c,0xa0,0x34,0x49,0x81,0xf4,0x22,0x9c,0x7a,0xb6,0x22,0xa8,0x53,0xbd,0x9b,0xc5,0x9b,0x66,0x2e,0xcd,0x92,0xdf,0x23,0x8e,0x4e,0x46,0xed, + 0x04,0xa8,0x63,0x0a,0x7b,0xdb,0x78,0xa9,0x70,0xa0,0x1b,0x20,0xc3,0xe7,0xb9,0x5d,0x25,0xd3,0xee,0xbd,0xc8,0xe9,0x4e,0xcf,0xe0,0xf5,0x08,0xe4,0x13,0x6e,0xca,0x49,0xaf,0xa5,0xeb,0x12,0x11,0x4b,0x50,0xac,0x77,0xd6,0x8d,0x41,0x0c,0xd5,0xef,0x51,0x07,0xb2,0xe6,0x8f,0x08,0x60,0x0e,0x5e,0x69,0x38,0xc4,0x52,0xd5,0x1d,0x69,0x93,0xba, + 0x04,0xc4,0xea,0x8e,0xd3,0x1a,0xb4,0xa8,0xc9,0x94,0xa9,0x65,0xef,0xd4,0x77,0x0b,0xbb,0x5e,0x26,0xee,0x54,0xcb,0x72,0x17,0xff,0xd3,0x1f,0xa8,0x88,0xc1,0x08,0xfe,0xca,0x06,0x3c,0x41,0x52,0x01,0x32,0x9d,0xda,0x13,0x0f,0x43,0x97,0x3f,0x44,0x2a,0xd3,0x20,0xda,0x0c,0xcf,0x28,0x9c,0xd1,0xb7,0x14,0x89,0xca,0x0a,0x72,0x01,0xd5,0xa6, + 0x04,0x91,0x78,0x0d,0x19,0x05,0x31,0x61,0x05,0xd6,0xa6,0xac,0xa9,0x4a,0x0d,0x44,0x88,0xd1,0x34,0xf9,0x85,0xf7,0xe2,0x9a,0xde,0xcb,0x1b,0xc6,0xcd,0x0c,0x21,0x1a,0x78,0x80,0x35,0xb0,0x6e,0x49,0x5d,0x1e,0x58,0xb0,0x85,0xbf,0xb6,0x72,0x0b,0xca,0x84,0x55,0x7b,0x67,0x0d,0xe3,0x45,0x87,0xdf,0x0d,0x7e,0x3a,0xad,0x5b,0xbc,0x80,0x3a, + 0x04,0x19,0x61,0xa1,0xa4,0xb2,0x96,0x71,0xf1,0xd8,0x35,0xb3,0x13,0xff,0xeb,0xa4,0xd8,0x20,0x3d,0x84,0x14,0xcd,0xc0,0xea,0x11,0xe4,0x7d,0x61,0x9b,0x47,0x03,0x8b,0x1d,0xe5,0x0a,0x63,0xb8,0x9c,0xbc,0x89,0x56,0xa5,0x87,0x0c,0x6c,0x48,0x30,0xe2,0x10,0x2d,0x52,0x81,0xb9,0xb5,0xdc,0x12,0x7b,0x10,0x52,0xfe,0x7b,0x3e,0x11,0xc4,0x38, + 0x04,0x29,0xa9,0xe7,0xf2,0x51,0x09,0xa8,0xc4,0xbd,0x80,0xdb,0xea,0x05,0xfb,0xb4,0x6a,0xad,0xe5,0x87,0x97,0xc3,0xb2,0xfa,0x5f,0x00,0xf0,0xf0,0x81,0x66,0x9a,0xe3,0x9d,0x2c,0x78,0xfb,0x11,0x60,0xde,0x6e,0xda,0x50,0xf4,0x72,0xba,0x65,0x9d,0x4f,0x1d,0xb4,0xea,0x6e,0x29,0x72,0x44,0xb6,0xae,0x68,0xa0,0x51,0xd9,0x6e,0x62,0xe7,0x5e, + 0x04,0x16,0x17,0xdc,0x03,0xd3,0xee,0xa4,0x2e,0x8e,0xa2,0xc5,0xbd,0x03,0x4a,0x38,0xc5,0xa3,0xd7,0x41,0x65,0xa5,0x48,0x07,0x4b,0x7b,0x57,0x65,0xcc,0xd8,0x46,0x5b,0x7f,0x61,0x08,0x9d,0x6d,0xde,0x53,0x43,0x0f,0x34,0xcf,0x82,0x85,0xdd,0xbc,0x58,0x4d,0x15,0x43,0xfd,0xc7,0x0c,0x23,0x33,0xfc,0x31,0x5e,0xed,0x4e,0x93,0x0a,0xc3,0xa1, + 0x04,0x20,0xe7,0xa1,0x35,0x84,0x36,0xf6,0x75,0xf3,0x77,0x4d,0x60,0x95,0x4b,0x56,0x21,0x14,0x5b,0x8f,0x52,0x60,0xb5,0x50,0x36,0x36,0xf5,0x48,0x78,0xec,0xaa,0xff,0x8d,0xcc,0xaf,0x2f,0xff,0xcb,0x7c,0x70,0x84,0xe3,0x25,0xda,0xe5,0xe2,0x4b,0xff,0x5a,0x34,0xe3,0x79,0x80,0xd1,0x72,0x20,0x16,0xdd,0x66,0x67,0xda,0x71,0xf1,0x64,0xc4, + 0x04,0x27,0x59,0xbf,0x4c,0x33,0x65,0x01,0x34,0x0c,0xbc,0x67,0xaf,0xb4,0xa8,0xf5,0x74,0x4f,0x91,0x31,0xd9,0x73,0x96,0x6a,0x9d,0xe5,0x0d,0xed,0x60,0xfb,0xe0,0x45,0x12,0x1b,0x67,0xa9,0xe8,0x1e,0x53,0xb0,0x64,0xad,0xed,0xdd,0x16,0xa4,0xc0,0x30,0xdb,0xb1,0x89,0xcc,0xd7,0x01,0x9b,0x32,0x9d,0x67,0xa5,0x27,0xc3,0x11,0x72,0x34,0x69, + 0x04,0x19,0xb8,0xa1,0x0f,0x50,0x21,0xf1,0x1e,0x29,0xe1,0x86,0x11,0xfa,0x82,0x84,0xb7,0xe9,0xa3,0xf6,0x7c,0xf3,0x6e,0xec,0x8e,0xcc,0x4d,0x7a,0x5b,0x54,0x80,0x34,0x11,0x31,0x1a,0x8a,0x4e,0x19,0x9d,0x98,0xeb,0x35,0x8e,0x19,0xa2,0x7e,0x80,0xcd,0xa6,0xaf,0x14,0x2d,0x60,0x91,0xdd,0xaa,0x93,0x70,0xed,0x61,0x04,0x53,0xab,0xc6,0xc8, + 0x04,0x9b,0xa8,0x41,0xf4,0x12,0x45,0xac,0x08,0x95,0x59,0x66,0x47,0x04,0x25,0x59,0x32,0x90,0xb9,0xe1,0xd8,0x7b,0xda,0x8f,0x47,0xdf,0x19,0x04,0x8d,0xb8,0xe3,0xd8,0x30,0x97,0xf6,0x89,0x05,0xf3,0x60,0xce,0xd2,0x68,0x01,0x87,0x2a,0x7f,0xf1,0x24,0xc3,0x63,0x7b,0x02,0xc4,0xa5,0x96,0xb8,0x3a,0xba,0xfe,0x7b,0xce,0x56,0x7c,0xa1,0x77, + 0x04,0x68,0xaf,0x76,0x1d,0x05,0x3d,0xee,0x64,0xac,0xa5,0xe9,0x8f,0x54,0x7f,0xeb,0x2d,0xfb,0x6f,0x5e,0xdb,0x81,0x38,0x01,0x1c,0x7f,0x5c,0x33,0x80,0x9b,0x4b,0x9e,0x00,0x46,0x6d,0xd7,0x6c,0xb8,0xce,0xeb,0x51,0x32,0x86,0x20,0x52,0xad,0x3e,0x08,0xbf,0xea,0x24,0x5e,0xf1,0x6c,0xa0,0xd0,0x0e,0xd0,0xc4,0xb4,0x5f,0xb6,0xbd,0x30,0x28, + 0x04,0x05,0xdc,0x8b,0x18,0xbc,0x28,0x6f,0x20,0x32,0x13,0xb1,0x31,0x94,0x13,0xdf,0xa4,0x91,0x1d,0x6c,0x2e,0x30,0xf3,0xc7,0x78,0xc5,0x5e,0x4e,0x5f,0x5d,0x9b,0xfd,0xba,0xcd,0x0b,0x3b,0x20,0x9e,0x76,0x04,0x98,0x95,0xae,0x80,0xff,0x63,0xc0,0x22,0x5a,0x56,0x32,0x28,0xcd,0x99,0x24,0x3f,0x62,0x8a,0x9d,0xba,0xe7,0x0d,0x77,0x3c,0x66, + 0x04,0xba,0xcb,0x60,0x63,0x84,0xb1,0x93,0x0b,0xb4,0xb7,0x4d,0xed,0x23,0x6d,0x03,0xd3,0xbb,0x17,0x39,0xa5,0x1b,0x73,0xf2,0x0d,0xc3,0x34,0x9e,0xc3,0xb3,0x83,0x18,0x0a,0x68,0x96,0xed,0x59,0xfa,0x0b,0x65,0x4a,0x9c,0x40,0x4b,0x34,0xfe,0xe2,0xc7,0x67,0xbe,0x23,0x83,0xf4,0xb8,0xb1,0x71,0xd2,0x35,0x98,0x06,0xb0,0x4b,0x50,0x2d,0x16, + 0x04,0x48,0xab,0x89,0xb2,0xa3,0x12,0xde,0x51,0x0a,0x6d,0x3c,0x9a,0xc9,0xe4,0xc4,0xf5,0xb4,0x6e,0x04,0xd3,0xf8,0x58,0x43,0x3b,0x76,0x46,0xe4,0x62,0x73,0xd9,0x4d,0xce,0x4a,0x0c,0x7d,0xa6,0x16,0x38,0x8f,0x1e,0xb8,0xd5,0x5e,0xce,0x64,0xab,0x69,0x5e,0x54,0x05,0xd7,0x79,0xc9,0x2f,0x3b,0xc2,0x59,0x5c,0x27,0xd6,0x5d,0xef,0x8d,0xb9, + 0x04,0xfd,0x9d,0xe3,0x04,0xea,0x5f,0x18,0xdd,0x64,0x15,0x10,0xb9,0x80,0x94,0x73,0xd3,0x9a,0x23,0x73,0xed,0x5a,0x47,0x0f,0xfc,0x5e,0xa7,0xc8,0x30,0x93,0x91,0x1b,0x45,0x40,0xba,0xab,0xb9,0xd9,0x12,0x27,0x9a,0xee,0xa4,0x43,0x79,0x11,0x0a,0xbe,0xc7,0x5a,0xb7,0x99,0x4a,0x61,0x83,0xc6,0x29,0x4b,0xad,0x27,0xba,0xb5,0xbb,0xf8,0x21, + 0x04,0xbf,0x89,0x76,0xa2,0x82,0x21,0x00,0x0d,0x7f,0x52,0x19,0xfa,0x8d,0x06,0xf9,0xf8,0xae,0x47,0xbe,0x62,0x6f,0x89,0xc2,0xbb,0x6c,0x4d,0x03,0x23,0xbf,0x02,0xf8,0x49,0x0c,0x78,0xbc,0x94,0x8c,0x6b,0xf8,0x2a,0x19,0x1f,0x1d,0xe9,0x72,0xe5,0x7d,0xb3,0x5b,0x05,0x91,0x85,0x94,0xcc,0xfb,0xe8,0xda,0x19,0xbd,0x46,0xfa,0xcb,0xda,0x78, + 0x04,0xc3,0x22,0x9c,0x9b,0x4f,0x40,0x9a,0x65,0x39,0x48,0x41,0x52,0xb3,0x95,0x35,0xc5,0x12,0xa6,0x67,0x48,0x97,0x20,0x25,0x16,0x5f,0xd8,0x88,0xc3,0x88,0x36,0x9f,0xb3,0x29,0x8c,0xc4,0x1d,0xda,0x36,0xfc,0xb1,0x5a,0x0d,0x97,0xca,0xbf,0x75,0x7b,0xf0,0x73,0x7d,0xae,0x70,0x82,0x9f,0x4b,0x9a,0x1d,0x49,0x9d,0x9e,0x99,0x11,0x67,0x3a, + 0x04,0x6f,0x2c,0x3d,0xd8,0x4b,0x44,0xda,0xca,0x93,0x6a,0x2e,0xda,0xf4,0x3a,0xdc,0x8c,0x1b,0xd5,0xf4,0x28,0x01,0x23,0x17,0x18,0xfc,0xe6,0xf5,0xe9,0x4d,0x14,0x47,0x17,0xa2,0x47,0x59,0x8c,0x11,0xea,0xa2,0xc5,0x07,0xb0,0xe9,0x6d,0xfd,0xd0,0x32,0x94,0xcb,0xa4,0x47,0x2a,0xe8,0xa2,0x12,0x8e,0x36,0xf1,0xea,0xbd,0x31,0x5a,0xeb,0x25, + 0x04,0xa5,0x11,0xb0,0x93,0x34,0xf0,0x32,0xcc,0x33,0xee,0x4d,0xdb,0xb8,0x39,0x30,0x4f,0x6b,0xbf,0x1d,0xaa,0x4a,0x80,0xde,0x52,0x4c,0xa2,0x4e,0xbb,0x65,0xa0,0xa9,0x2e,0x4e,0xa4,0x82,0x43,0xcf,0x7e,0x26,0xde,0xaf,0x4d,0xe7,0x77,0x9c,0xa7,0x1f,0x76,0xd9,0xdc,0x6c,0x8c,0x1b,0x7f,0x44,0xcf,0x19,0x0f,0xdd,0xbe,0x82,0xc2,0xc9,0x40, + 0x04,0x7c,0xf4,0xa6,0xec,0x11,0x0d,0xb8,0x92,0xe4,0x5a,0x7b,0x2a,0xb3,0x8b,0x41,0x1a,0x6c,0x41,0xe8,0x6f,0xd2,0x1a,0x64,0x55,0xca,0x1a,0x4c,0x2e,0x22,0x20,0x68,0x13,0x09,0xb3,0xe3,0x99,0xae,0x30,0x09,0x8b,0xf8,0x72,0xc9,0xae,0xd5,0xdb,0x69,0xd1,0x4c,0xb7,0x11,0x49,0xab,0xb0,0x5c,0xf5,0x22,0x7a,0x62,0x0c,0x4b,0x16,0xb7,0x40, + 0x04,0x36,0xc7,0xdc,0xd1,0x52,0xfb,0x7e,0x53,0xfd,0x16,0x22,0x84,0x65,0xea,0x0c,0x41,0x9d,0xa2,0x9c,0xc6,0xc7,0x9f,0xd4,0x26,0x63,0x03,0xb3,0xbd,0x06,0xaa,0x0b,0x90,0x36,0x36,0x3a,0x95,0x9f,0x8c,0x0b,0x40,0x0d,0xa5,0x25,0xad,0x76,0x74,0x67,0x7f,0x82,0x90,0x92,0xae,0x7f,0x7e,0x8d,0xbf,0x88,0x39,0x7f,0xcd,0x19,0x04,0x7a,0xf5, + 0x04,0xb6,0x1d,0x3c,0xd2,0x7b,0xfa,0x12,0x69,0x23,0x4a,0x77,0x7e,0x11,0x8f,0x7d,0xb1,0x0a,0x38,0x44,0xe8,0xc7,0xd1,0x16,0x2c,0x09,0x9a,0x80,0x99,0xd8,0x87,0xdf,0xb8,0x49,0x52,0x0e,0x9a,0x03,0x8f,0x8b,0xa8,0x80,0x4d,0x44,0xf2,0x2b,0x37,0x45,0x25,0x14,0xf0,0xae,0xfe,0xa9,0x3b,0xab,0x7b,0xdf,0x18,0x0d,0xb5,0x44,0x85,0xaa,0xda, + 0x04,0xac,0x9c,0xbc,0x8b,0xd9,0x17,0x19,0x29,0x28,0xd9,0xa0,0x65,0xfb,0x1f,0x89,0xbe,0x4b,0xea,0x85,0x01,0x86,0xfd,0x46,0x6a,0x7a,0x90,0x14,0x06,0x6c,0xe0,0x02,0xc5,0x1a,0x90,0x6c,0x90,0xee,0xe5,0x5c,0xb5,0x69,0x2f,0x0a,0xc0,0x46,0x74,0x6e,0xe4,0xbd,0x22,0x05,0xfe,0x5f,0x43,0x5d,0x1e,0x71,0xf1,0x9a,0x8c,0xb8,0x55,0x0f,0x3e, + 0x04,0xc0,0x50,0xd0,0x58,0xaa,0xda,0x9e,0x43,0x76,0x7f,0x1f,0x76,0x0a,0xbd,0xbc,0x42,0x1a,0xe2,0x20,0xfd,0x01,0xe8,0x32,0xae,0x81,0xc6,0x28,0xbf,0xb1,0x27,0x7c,0x99,0xd3,0x54,0x83,0xfe,0x6a,0xea,0x51,0xde,0xa9,0xc0,0x17,0xc3,0x26,0xba,0x7b,0xbd,0x41,0x75,0x68,0x7a,0x72,0xdc,0x5c,0x4f,0x44,0x9e,0xed,0x0c,0x53,0xa0,0x80,0x52, + 0x04,0x39,0x95,0x42,0x88,0x2c,0xa4,0xd5,0xfa,0xe3,0x28,0x2c,0x4e,0xdf,0xfc,0x3c,0x7e,0xda,0x7c,0x45,0x1e,0x46,0xad,0xee,0x42,0x19,0x01,0x5e,0x91,0xc8,0xc6,0x9c,0xf8,0xb1,0x23,0xf8,0xed,0xe4,0x8a,0xb7,0x6f,0xe2,0xc9,0x21,0x83,0x26,0xcb,0x06,0x54,0x2a,0x83,0x2d,0x0a,0x32,0xb7,0xac,0x0d,0x48,0x5b,0x46,0x29,0xbf,0xaf,0x0d,0x76, + 0x04,0xbf,0xc3,0x04,0xfd,0x88,0xad,0x8f,0x11,0x80,0x1d,0x35,0x28,0x6a,0x49,0x50,0x5c,0xf3,0x49,0x40,0x3d,0x81,0x00,0xef,0xe9,0x03,0xd0,0x78,0xef,0xd5,0xd3,0xa6,0x6e,0xbf,0x05,0xd6,0xfe,0x2a,0x14,0xc0,0x69,0x90,0x2f,0x0d,0x8e,0xb6,0x80,0x04,0x60,0x73,0x1d,0x48,0x39,0x5e,0xfa,0xc4,0x42,0x8e,0xd8,0x7b,0x00,0xf3,0xfc,0x6f,0xb0, + 0x04,0x68,0x81,0x67,0x8d,0x6c,0x6d,0x8c,0xeb,0x01,0xde,0x5d,0x66,0x64,0xa0,0xb5,0x7b,0x47,0x0f,0x14,0x94,0x92,0xe8,0xe7,0x51,0x3e,0x12,0x1f,0xad,0x84,0x9a,0xba,0x1b,0x2a,0xd3,0x4d,0xb0,0x24,0xcc,0xd2,0x69,0x4e,0x49,0x7f,0x6a,0xdf,0x4d,0x3c,0xf5,0xad,0xbf,0x51,0x8c,0x76,0x8a,0x46,0x28,0xbc,0x2e,0x15,0x9d,0x09,0x49,0xf2,0xaa, + 0x04,0xe3,0x8d,0xac,0x9c,0xa4,0xef,0x5b,0x35,0xda,0x77,0xd8,0x46,0x09,0x3e,0x0d,0x29,0xc1,0xca,0x35,0x0e,0x72,0xb5,0xa6,0xce,0x90,0x1b,0xed,0x9f,0x47,0x2e,0xa1,0x99,0xf8,0x05,0xfc,0x32,0x02,0x92,0x07,0x82,0xf4,0x9f,0x4b,0x6e,0x72,0x57,0xa4,0x36,0x4d,0xd5,0x45,0x1d,0x98,0x2f,0x29,0xb6,0x2d,0x5d,0x4b,0x8e,0x07,0xa3,0x30,0x68, + 0x04,0x2d,0x8c,0x67,0x32,0xe3,0xd0,0xe1,0x82,0x21,0x93,0x24,0x3b,0xb9,0xec,0x3f,0xc2,0xc7,0xf2,0x64,0xe9,0x4e,0xe6,0x1b,0x29,0x5d,0xe5,0xb3,0xc1,0x0d,0xb9,0x37,0xf1,0x35,0x34,0x34,0x53,0x83,0x81,0x14,0xa4,0x75,0x2a,0x55,0x14,0xbc,0xfb,0x9d,0xce,0x10,0xf8,0x3e,0x01,0x90,0xc5,0x40,0xfe,0xf1,0x06,0x75,0xcb,0x42,0x58,0x4a,0x05, + 0x04,0x20,0xbe,0xc8,0xd2,0xb5,0xaa,0xe1,0xf9,0x55,0xb7,0x99,0x21,0x98,0xbc,0xfe,0x20,0x88,0x04,0x94,0x15,0x00,0x58,0xcf,0x61,0x51,0xfe,0x14,0xf6,0x07,0x1b,0xad,0x31,0x32,0xdc,0x1c,0xe5,0x03,0x96,0x9b,0x82,0x4c,0x5a,0x9e,0x23,0xae,0xb4,0x72,0x25,0x5d,0xd2,0x3f,0x97,0xd0,0x2f,0x68,0x28,0x1a,0xd0,0x26,0x98,0x18,0xb1,0x7e,0x49, + 0x04,0xf4,0x56,0x94,0x67,0x70,0xaf,0x5d,0x06,0x9d,0x60,0xb2,0x79,0xae,0x51,0x9e,0xa1,0x8e,0x71,0x9a,0xba,0xf5,0x78,0x74,0x76,0x87,0x3a,0x5e,0x61,0xf9,0x69,0x07,0x4d,0x47,0xeb,0x27,0x52,0x0d,0x72,0xfc,0xe1,0x06,0x50,0xd3,0x12,0xa5,0x43,0x1b,0xbd,0x6b,0x3f,0x37,0xcd,0x46,0x75,0x5b,0x7a,0x8e,0x1e,0xf1,0xa7,0x96,0xf9,0x09,0x08, + 0x04,0xd1,0x39,0x0a,0x94,0x4d,0x24,0xf3,0x00,0xfd,0xab,0x9b,0xd2,0x72,0xbb,0xac,0xa0,0x56,0xfe,0xb7,0x1c,0x0c,0x37,0x46,0x8e,0x03,0x27,0xb0,0x85,0x04,0xd5,0x5f,0x3a,0x80,0xa4,0xb2,0x40,0x56,0x5a,0xa4,0x3b,0xe8,0xf3,0xe2,0x08,0x9b,0x47,0x88,0x04,0x9c,0x5d,0x37,0x8b,0x66,0x7e,0x98,0x7e,0x01,0xaa,0x8a,0x08,0xa4,0xcd,0x2c,0x95, + 0x04,0x3e,0x61,0xff,0x24,0x43,0xd1,0x0b,0x1e,0x25,0xfb,0x0c,0xe1,0x9f,0x57,0xae,0x39,0x22,0x3d,0x33,0xfb,0xb0,0xe5,0xee,0x2b,0x47,0x40,0xfa,0x19,0x38,0x4b,0x7d,0x0e,0x14,0x08,0x11,0x9a,0x70,0xaa,0x9b,0x23,0x0d,0x9f,0x18,0x26,0x9c,0x06,0x5c,0x53,0xd4,0xc2,0x61,0x96,0x73,0xb4,0x93,0x77,0xaf,0x4c,0xdd,0x53,0x6c,0x93,0x1a,0xae, + 0x04,0xb0,0x60,0x28,0xd7,0x29,0x03,0x96,0x17,0xf9,0x12,0xe8,0x6d,0x1d,0x1f,0x44,0xe9,0x3e,0x63,0xaa,0x21,0x6a,0xb0,0x64,0x18,0x13,0xd0,0x6c,0x16,0xa3,0xed,0xae,0xe9,0x79,0xd2,0x15,0x72,0xf9,0x54,0x0d,0x7b,0x07,0xb0,0xa6,0x66,0x7f,0x7e,0x0a,0x94,0x52,0xf6,0xf9,0xf3,0x67,0x1e,0x52,0x2e,0x2b,0x49,0x7e,0xec,0x13,0x8a,0x46,0xea, + 0x04,0x0a,0x8f,0x74,0xce,0xe5,0x0d,0x1e,0x85,0x3a,0x38,0xc0,0x26,0xf6,0x27,0xfe,0x47,0xd8,0x1f,0xc1,0x1f,0x88,0x62,0x68,0xb3,0x53,0x79,0xa3,0x2a,0xda,0x24,0x9b,0xb9,0x1d,0x63,0xcf,0x01,0x98,0xe1,0xc9,0x26,0xbc,0xb6,0x5c,0xe2,0x18,0x13,0xe4,0xd7,0x21,0x18,0xb7,0x09,0x2a,0x5e,0x8b,0xc1,0x52,0x90,0x92,0x22,0xac,0x19,0x60,0x3a, + 0x04,0x0e,0xdb,0x70,0x20,0xcf,0x4d,0x6a,0xb1,0x4b,0x5a,0x3f,0x8f,0x69,0x8d,0x66,0xef,0xf9,0x83,0x58,0x88,0x46,0xd7,0x18,0xb4,0x84,0x5d,0x67,0x4e,0x7b,0xbf,0xc0,0xed,0xd9,0x2a,0x27,0xe4,0x0e,0x5a,0xb2,0xe0,0xcd,0x2d,0x0a,0xc1,0xab,0x67,0x94,0x02,0xce,0x36,0xf1,0x6d,0x3e,0xbf,0xc0,0xfd,0x9d,0xf8,0x17,0xda,0xb1,0x72,0x92,0xd9, + 0x04,0xf0,0x6c,0x77,0xca,0xc2,0x4a,0x6e,0xe5,0x14,0x21,0x86,0x3a,0x0d,0x14,0x69,0x41,0x8f,0x0a,0x64,0x30,0xe0,0x62,0xda,0x18,0xf2,0x7d,0xd5,0x74,0x01,0xc0,0xb6,0x12,0x03,0x2b,0x7e,0x05,0x91,0x45,0x5c,0xa3,0x3b,0x4e,0x49,0xe5,0x3f,0xac,0xf5,0x86,0x44,0x10,0xba,0x04,0x6b,0xa5,0xd4,0xfc,0x6b,0xac,0xfe,0xa9,0xa0,0x78,0x2f,0xf3, + 0x04,0xcb,0x2b,0x9d,0xf4,0xdd,0xc4,0x30,0xdf,0x7b,0x0b,0xef,0xcb,0x5a,0x82,0x6d,0xa1,0x58,0x9a,0x15,0xbe,0xf1,0xb6,0xb2,0x5f,0x12,0x01,0xda,0xab,0x5b,0x2f,0xa4,0xac,0x38,0x01,0xe2,0x7d,0x11,0x2f,0x0f,0x32,0x76,0x72,0x2d,0xcb,0x58,0xb8,0xb4,0xf4,0x84,0x4a,0x2e,0x61,0x4d,0xe4,0x9d,0xb4,0x40,0xb7,0xcc,0x76,0x20,0x81,0x27,0x34, + 0x04,0x45,0x20,0x6b,0x62,0xe4,0xa3,0xc4,0x40,0x4c,0x74,0xae,0x86,0x95,0xcd,0xb9,0x05,0xa8,0xe6,0xa9,0x45,0x6d,0xa0,0x9c,0x72,0xc7,0x2e,0xb7,0x71,0x2d,0x9d,0x52,0xe8,0x1d,0xdc,0x2d,0x56,0xb6,0x34,0xe4,0xab,0x66,0xb7,0x98,0xcd,0xb4,0xdb,0x86,0xcf,0x94,0xf0,0x22,0x08,0xf7,0x47,0x30,0x4a,0xb3,0xd5,0xaa,0x2b,0xb1,0x25,0xe1,0x37, + 0x04,0x58,0x4d,0x2d,0xc2,0x58,0xbd,0x46,0x50,0xe6,0xfa,0x04,0xfe,0x9d,0x3d,0x2a,0x5e,0x76,0x8d,0x79,0x59,0x45,0xed,0x23,0x23,0xf8,0x44,0xd0,0xa8,0xfa,0x0c,0x6f,0xbd,0x5f,0x96,0x25,0x6b,0x9e,0x1b,0x72,0x63,0xfa,0x00,0xfa,0x75,0x8c,0xd6,0xbe,0x15,0xd9,0xf6,0x15,0x7f,0xad,0x66,0xc7,0x29,0xab,0x0d,0xad,0x69,0x45,0x64,0xe8,0x34, + 0x04,0x6c,0x55,0x27,0x89,0x8a,0xe8,0x06,0x7d,0xa5,0x6a,0xc8,0x2c,0xaf,0x33,0x8c,0x9e,0x7f,0x40,0xee,0x44,0x89,0x11,0x5d,0xaf,0x0a,0xba,0x92,0x3a,0x8b,0x6e,0x50,0x1e,0x43,0x0f,0x59,0x70,0xce,0x9d,0x01,0xd0,0x3e,0xc0,0x76,0xf8,0xda,0xf6,0x85,0xcf,0x4d,0x5a,0x9c,0xcd,0x5e,0xb9,0xe8,0x49,0xd4,0x3a,0xe2,0xf3,0x6f,0x2e,0x80,0xe5, + 0x04,0x52,0xcd,0x99,0x24,0x79,0x5f,0xe2,0xa2,0x51,0xaf,0x7c,0xb5,0x69,0xf6,0x6d,0x91,0x41,0xdb,0x89,0x45,0x45,0xd7,0x98,0xa0,0xdb,0x3d,0x30,0xe5,0x0f,0x10,0x0f,0xe2,0x04,0xea,0x81,0xc8,0x08,0x58,0x7c,0x90,0xf3,0xf2,0xc9,0x4d,0x99,0x3c,0x2d,0x0c,0xc4,0xbe,0x64,0xdd,0x6a,0xeb,0x9d,0xc8,0x1c,0x70,0xd7,0x88,0x85,0xb2,0xf7,0x76, + 0x04,0xbb,0xad,0x8d,0xa4,0xc0,0x18,0xbd,0xc1,0x5a,0x5a,0xf8,0xf3,0xda,0x4b,0x38,0x4c,0x53,0x0e,0xa7,0x55,0x60,0xcd,0xfd,0x24,0x2b,0xfa,0x32,0x35,0xd8,0xd3,0x59,0x5f,0x73,0x4c,0xbd,0x86,0x64,0x87,0xb8,0x3f,0xcb,0x84,0xa4,0xac,0x74,0xac,0x54,0x8f,0x25,0x35,0xb7,0x9b,0x57,0xd0,0x2f,0x03,0xa1,0xa3,0x7e,0x27,0x91,0xa0,0x96,0xe4, + 0x04,0x38,0x9a,0xa5,0x22,0x35,0x04,0x3b,0xbd,0x75,0x98,0x68,0x89,0x8b,0xbe,0x27,0x7a,0xb9,0x96,0xea,0x93,0x87,0xbd,0x70,0x98,0xb0,0x07,0x24,0x42,0xbd,0x2b,0x42,0xf5,0xb8,0x23,0x36,0x4e,0x91,0x44,0xa1,0xee,0xf1,0xf1,0x00,0x93,0xfd,0xa0,0xc3,0x01,0x68,0xf3,0x00,0x4e,0x2c,0x2e,0xa7,0x4f,0xde,0x49,0x78,0xf3,0xaa,0x1a,0x31,0xc0, + 0x04,0xfd,0x1b,0xac,0x14,0x43,0x54,0xcf,0xe1,0xcd,0x4c,0x64,0xaa,0x3a,0x2f,0x77,0xf0,0xae,0xfa,0x26,0xcc,0x51,0x41,0x08,0x26,0x76,0x37,0x0a,0x0f,0x1e,0xc9,0x2c,0xd8,0xfe,0xe6,0x69,0x92,0xd2,0xd2,0xfc,0xb8,0x7f,0x90,0xda,0x0a,0x67,0x43,0x37,0x84,0x66,0x65,0x55,0x19,0xbc,0x78,0x2d,0xd7,0xb0,0xab,0x57,0x0f,0x6e,0xd4,0x51,0xd8, + 0x04,0x78,0xc9,0x26,0xb0,0xee,0x01,0xc0,0x00,0xc2,0x5a,0x83,0x63,0x12,0x19,0xf0,0x8d,0x8b,0x34,0x74,0x5d,0x2e,0xa2,0xfd,0xc9,0xeb,0xdc,0x5a,0x22,0x88,0xfa,0x9b,0x03,0x06,0xbc,0x00,0xab,0x37,0x90,0x50,0x8e,0x57,0x05,0xee,0xab,0xfb,0xaa,0x07,0x44,0x71,0x9c,0x9b,0xd7,0xb4,0x67,0xca,0x4a,0x37,0xa0,0x6f,0x6f,0xdb,0xe6,0xd8,0x6c, + 0x04,0x4c,0xae,0x56,0x06,0xba,0xd6,0x01,0x3f,0x7f,0x36,0x19,0x0d,0x72,0x54,0xcb,0xf0,0xd5,0xa9,0x2b,0x33,0x8e,0x4a,0x47,0x70,0x2a,0x3c,0x97,0xa3,0x37,0x1d,0x7e,0xc2,0x80,0xd2,0x73,0xdd,0x59,0x8c,0x20,0x39,0x2c,0x54,0x0e,0x58,0xbe,0xc9,0xb1,0x80,0x40,0x6f,0x3f,0xa6,0xe6,0xc5,0x29,0xa8,0x51,0xbc,0xf2,0xb9,0x6d,0x8f,0x38,0x09, + 0x04,0x08,0xcc,0xbd,0x74,0xf2,0x97,0xfe,0x71,0xca,0x31,0x15,0xc0,0xb1,0xef,0x4e,0x04,0x21,0xb9,0x9c,0xe9,0x1f,0xfc,0xd4,0xb7,0x2a,0x53,0x0b,0x22,0x99,0x3e,0x18,0xe9,0xba,0x0a,0xe1,0xbd,0xbe,0x1c,0x28,0x36,0xff,0xe9,0xa6,0x1a,0xe5,0xa8,0x99,0xf1,0x52,0xc9,0x0b,0x42,0x82,0x36,0x38,0xbe,0x4d,0x51,0xdc,0x3a,0xfa,0x99,0xe6,0xa0, + 0x04,0xaa,0xcc,0xef,0x83,0x4f,0x57,0xe6,0xc5,0x52,0x6f,0xe9,0x27,0x48,0xcd,0x8c,0xdc,0x13,0x75,0xc2,0xac,0x71,0x13,0x9f,0x5d,0x25,0x87,0x30,0x5b,0xd3,0xfd,0xd3,0xcd,0x96,0x5d,0xd5,0x37,0x4b,0x6a,0x31,0x98,0x50,0xc2,0x3e,0xbc,0x2e,0xc7,0xa2,0xde,0xb7,0xff,0x3e,0x42,0x86,0x79,0xd4,0xaf,0xc9,0xdf,0x7e,0x75,0xf2,0xe0,0x6e,0x4d, + 0x04,0xa5,0x85,0xe1,0xed,0x6e,0x47,0x22,0x4a,0x47,0x2c,0xf4,0xed,0x4f,0xf3,0x4e,0x62,0x51,0xc6,0x2a,0xc6,0x82,0xe4,0xb7,0x09,0x92,0xd5,0x00,0x2f,0x08,0xd9,0xe2,0x03,0xe9,0xb7,0xb2,0x88,0x95,0xb9,0xdb,0x40,0x16,0xe5,0xd9,0x4a,0x9f,0x59,0x38,0x5c,0x16,0xdb,0x73,0x8a,0x83,0xb8,0x4e,0x6d,0x43,0xec,0xef,0x82,0x0c,0x55,0xd4,0x62, + 0x04,0xb1,0x04,0xd0,0xcc,0x4a,0x98,0x77,0x71,0x65,0x51,0x05,0xcf,0xc8,0x40,0xf1,0x95,0x74,0x6e,0x11,0x23,0x34,0xc5,0x48,0x01,0xfd,0x93,0xf4,0xbe,0x8b,0x11,0x4a,0x1d,0x3c,0xd8,0xcb,0xcf,0x4b,0x27,0x41,0x66,0xf8,0x2c,0xfe,0x57,0x39,0x30,0x42,0xe3,0x53,0x4e,0x68,0xdf,0x2f,0x4c,0x3d,0xad,0x1b,0x7c,0xe7,0x2b,0x47,0xca,0xd2,0x56, + 0x04,0x82,0xbe,0xd3,0xd5,0x52,0x09,0x8d,0x2f,0xc9,0xe0,0x2f,0x1f,0x3c,0xc3,0x2f,0x5f,0x31,0xcf,0x6c,0xd1,0x01,0xbb,0xb8,0xb4,0x2b,0xc6,0xf7,0x32,0xba,0xdc,0x19,0x76,0x22,0x92,0x57,0xd9,0x2b,0x24,0x1f,0x20,0x31,0xec,0xae,0xba,0x10,0xf1,0xac,0x15,0x4d,0x8a,0x3b,0xea,0x30,0x93,0x28,0x23,0x12,0x72,0xeb,0x6a,0xa0,0x1a,0xa6,0x5f, + 0x04,0x5c,0x4f,0xb6,0x81,0x21,0x3b,0xf3,0x9b,0x68,0xe7,0xca,0x91,0x4d,0x28,0x30,0xb1,0x2a,0x7a,0x32,0xc9,0x6a,0x9c,0x78,0x8a,0xd2,0x98,0x7c,0x00,0x9e,0x08,0xd0,0xa3,0x76,0xa0,0x2c,0xcf,0x59,0x4c,0x28,0x99,0x5c,0xfc,0xb2,0x85,0xed,0x5d,0x91,0xdd,0xed,0x92,0x92,0x11,0x08,0xa0,0xb4,0x09,0x28,0x48,0x7c,0xd0,0x71,0x80,0xab,0x21, + 0x04,0x6b,0x29,0xf8,0xc0,0x06,0x86,0x9a,0xb6,0xbe,0x79,0x3e,0xa7,0x2b,0x97,0x0a,0xce,0xeb,0xb7,0xa4,0xc4,0xb6,0xfb,0xaf,0xec,0xd1,0xe3,0x57,0x13,0xa2,0x8b,0xf2,0x84,0xc7,0x6b,0x07,0xdc,0x14,0xf1,0xdc,0x53,0x3f,0x1c,0x4c,0xcb,0x09,0x73,0xeb,0x53,0xe5,0x30,0x23,0xf0,0xb0,0xf1,0xa8,0x91,0x4c,0x77,0x08,0xc2,0xd7,0x3d,0x48,0x17, + 0x04,0x6e,0x68,0x49,0xc2,0xb0,0x7a,0x37,0xc4,0xf3,0x6b,0xe9,0x11,0xb3,0x23,0xe4,0xce,0x70,0xc1,0x8b,0x15,0x90,0x26,0x12,0xc4,0xfc,0x0f,0xe6,0xd9,0x1e,0x7c,0x18,0x0d,0xe9,0x25,0x54,0x43,0x63,0xc6,0x80,0x35,0x49,0x8c,0xbb,0x22,0x36,0xf5,0xc1,0xec,0xd0,0xe4,0xb2,0xcb,0xb5,0x80,0x1a,0x8c,0xac,0x4d,0x08,0x83,0xf6,0x51,0xbb,0xd0, + 0x04,0x33,0x64,0x9a,0x1e,0x74,0xc7,0xff,0xb5,0xed,0xc3,0x94,0x9c,0x58,0xb7,0xa7,0xf4,0xb5,0x34,0x82,0x88,0xf6,0x21,0xc5,0x0f,0xbb,0xdb,0x71,0x4f,0xa4,0x2a,0xa7,0x93,0xcb,0xfd,0x96,0x9e,0x07,0x7b,0x00,0xea,0xd2,0x10,0x82,0xf0,0x98,0x00,0x09,0x86,0x8f,0x79,0xe4,0x30,0xef,0x1c,0x21,0x63,0x94,0xbb,0x0e,0x9e,0xda,0x13,0x5e,0x9c, + 0x04,0xbf,0x97,0x6e,0xf2,0x04,0x53,0x2b,0xf6,0x74,0x43,0xe8,0xb8,0xd9,0x98,0x7a,0x68,0x31,0x84,0xec,0x26,0x42,0x03,0x29,0xba,0x26,0x8e,0x54,0xe9,0x0b,0x48,0x0d,0xe0,0xbe,0xb1,0x08,0xdf,0x26,0xed,0xa9,0x1e,0xb4,0xfd,0x23,0xd2,0x6a,0xf6,0xf2,0xd7,0x8a,0x42,0x81,0xd5,0xed,0xe0,0x75,0xc2,0xc7,0x15,0xfb,0x1c,0x4f,0x87,0x67,0x84, + 0x04,0x2c,0x43,0x5d,0x9f,0xaa,0x59,0x80,0x70,0xb4,0x92,0x02,0x77,0x50,0x6c,0x10,0x0d,0xe6,0x2a,0x7d,0xf0,0x5c,0x34,0xa3,0x93,0x17,0x78,0x5d,0x62,0x8d,0x74,0xdd,0xe3,0xc7,0xf5,0xd0,0xbe,0xdf,0x54,0xaf,0x1c,0x7d,0x21,0xff,0x95,0x51,0x28,0x00,0x2f,0xd5,0x29,0x62,0x37,0x38,0x47,0x23,0xfe,0xf1,0xfb,0x80,0x6c,0x2a,0x6d,0x8e,0xa9, + 0x04,0x38,0x19,0xdf,0xaa,0xb5,0x53,0x78,0x63,0xc8,0xdb,0xf4,0x06,0xac,0x18,0xdd,0x67,0x56,0x19,0xc9,0xa7,0xa5,0x54,0x62,0x0a,0xd8,0xa1,0x44,0x92,0xbb,0xa4,0x25,0xa3,0xd6,0x8e,0x8c,0x68,0x18,0x15,0x55,0xe2,0x23,0x62,0x41,0x5c,0x95,0xa3,0x17,0x24,0xeb,0xfe,0x8b,0x2b,0xf1,0x76,0x4e,0x20,0x9e,0xae,0x9e,0x53,0xb3,0xf4,0x62,0xa0, + 0x04,0x70,0xad,0x3a,0x9c,0x9a,0x9d,0xb7,0x1d,0x42,0x0a,0xba,0xe8,0x4c,0xcd,0xb1,0x27,0x68,0x85,0x1b,0xac,0x6a,0x82,0xff,0xd0,0x3d,0x89,0x62,0x1a,0x50,0xa7,0xc3,0x11,0xbf,0xff,0x7c,0x66,0x4c,0x21,0x1f,0x93,0x76,0x8f,0x84,0xb5,0x25,0x5d,0x95,0xc7,0xf6,0x78,0x87,0xc3,0x30,0x5d,0x78,0x9d,0x7f,0xce,0xdc,0x2d,0x29,0x98,0x9f,0x9a, + 0x04,0x58,0x39,0x13,0x61,0xfb,0xc8,0x11,0x5c,0x97,0x8e,0x82,0x03,0x78,0x14,0xd3,0x1a,0xa3,0xa8,0x88,0x73,0xed,0x6c,0x74,0xc4,0xaa,0xea,0x97,0x27,0xe3,0x00,0xd9,0x45,0x42,0x92,0x4c,0x67,0xb5,0xcf,0x82,0x8b,0xe8,0x27,0xe5,0x81,0xda,0xfc,0xbd,0x16,0xe6,0x53,0xe7,0x2a,0x4f,0x2d,0x4d,0x05,0x50,0x80,0x53,0x87,0xb9,0x41,0x7e,0x77, + 0x04,0x23,0xa2,0xbe,0x68,0x4b,0x0b,0x5f,0x04,0xbe,0xf5,0xc6,0xca,0x8a,0x99,0x1b,0xf7,0x52,0xf5,0x96,0x4f,0x6f,0xdf,0x36,0xd7,0x12,0x91,0x00,0xda,0xf8,0x0f,0x14,0x34,0xb6,0xf3,0xca,0x2a,0x5e,0x85,0xce,0x00,0x5e,0x1c,0xb6,0xd2,0xb1,0x30,0x94,0xc4,0x34,0xfd,0xc1,0xc0,0x95,0xa3,0xae,0x5e,0x53,0xf6,0x49,0x49,0xca,0x56,0x69,0x1b, + 0x04,0x14,0x7b,0x8a,0x2f,0xb4,0xf6,0xe8,0x5e,0xea,0xd8,0x1c,0xa0,0xb3,0xf2,0x30,0xb8,0xd8,0xcc,0x23,0x0d,0xe7,0x31,0x07,0xd9,0xca,0xbc,0xbc,0x5b,0x39,0xe4,0xe7,0xea,0xda,0xa4,0x4e,0xc1,0xed,0x0b,0x95,0xf6,0x10,0x92,0x23,0xbc,0x48,0x0e,0x91,0x74,0x19,0xd8,0x60,0xf9,0xb9,0xa7,0x5f,0x81,0xd6,0xf8,0xca,0x3a,0xda,0x37,0x75,0x33, + 0x04,0x2b,0x3f,0xe6,0x4b,0xb1,0x42,0x78,0x9e,0x89,0xe1,0x09,0x2d,0xb4,0x6b,0x61,0x30,0x12,0xbc,0xfa,0xe5,0x77,0x59,0xea,0x90,0x81,0x65,0xc0,0x36,0x2f,0x80,0x4f,0x36,0xc0,0x05,0x3f,0xaf,0x32,0x66,0xad,0x7e,0xec,0xed,0xcb,0x24,0x63,0x6b,0x99,0xc9,0x35,0xf1,0xc8,0xe7,0x31,0x68,0xf0,0xee,0xb3,0xdd,0xfb,0x66,0x08,0x01,0xe5,0x5b, + 0x04,0xc4,0xed,0x72,0x44,0x54,0x65,0xcd,0xb4,0x4f,0x58,0xb0,0xe1,0xaf,0x08,0x23,0x22,0x6e,0xa7,0x9e,0xb2,0xe1,0xbc,0x3f,0x27,0xfb,0x8e,0x4c,0xe7,0xb8,0x5f,0x4a,0x30,0xc2,0x37,0xe5,0x74,0xc5,0x9a,0x99,0x24,0x06,0xfd,0x51,0x7f,0x4d,0x90,0x5e,0x03,0xd7,0xa2,0xb0,0xa4,0x0e,0xf8,0x5a,0xa3,0xc7,0x3b,0xd4,0x6a,0x1a,0x06,0xa9,0x18, + 0x04,0x18,0xef,0x4e,0x2f,0xad,0xaa,0xc1,0xb9,0x82,0xa7,0xd2,0xd1,0x2e,0x9d,0x51,0x48,0xec,0xf3,0x36,0xb1,0xd3,0x77,0x5d,0xa2,0xf7,0xdf,0x82,0x2a,0xd4,0x9a,0x13,0x24,0xbd,0x07,0x04,0x6a,0x3f,0x8e,0x94,0x9e,0x7a,0x0d,0x96,0x0f,0xe9,0xd9,0xa1,0xde,0x0f,0x61,0x49,0x7c,0xb4,0xe7,0xb2,0xf3,0x9a,0xee,0x68,0x44,0x39,0x6f,0x99,0x7f, + 0x04,0x39,0x8c,0xa1,0xa9,0x44,0x21,0x0a,0x10,0xb1,0xf5,0x73,0x20,0x71,0x25,0x95,0x28,0xdf,0x87,0xd4,0x2d,0x3d,0x7b,0x00,0x6b,0xc6,0xfd,0x9e,0x1e,0x09,0xf6,0xfa,0x30,0xfe,0xd3,0x79,0xdb,0x3f,0x1b,0xd9,0x15,0xdb,0x2b,0xa2,0x73,0x84,0xec,0x13,0x71,0x54,0x17,0x44,0x6e,0xe8,0x4f,0xb5,0xfd,0x0a,0x4b,0xf6,0x43,0x1c,0xfd,0x3f,0x15, + 0x04,0xd1,0xc1,0x82,0xad,0xb1,0x01,0xeb,0xe5,0xfe,0xc3,0x91,0x0f,0x80,0x05,0x8e,0x09,0x1d,0x13,0x25,0x43,0x3d,0x4f,0xd3,0xbb,0xb3,0x8e,0xb7,0x5b,0xca,0xf2,0x69,0x8a,0x21,0x21,0x8f,0x75,0x44,0xce,0x84,0xdc,0xfe,0x52,0xe8,0x17,0xec,0x0b,0xa6,0xbf,0x84,0x46,0x0f,0x49,0x93,0x2b,0x3e,0xc5,0xed,0x27,0x68,0x2d,0x33,0x7f,0x27,0x0d, + 0x04,0x3f,0x68,0xc4,0xe4,0x12,0xc5,0x7d,0xa0,0x15,0x56,0x8e,0x0a,0x9f,0xcc,0x3d,0xb4,0x99,0xb7,0x7e,0x6c,0x0f,0x55,0x05,0x08,0x28,0xc5,0x0c,0x35,0x49,0x3a,0xf5,0xe3,0xd0,0xb5,0x3f,0xe3,0x0b,0x0c,0x6c,0xf4,0x2c,0xdf,0x9f,0x4f,0x01,0xd5,0xc9,0x05,0x8f,0x81,0x69,0xb2,0x41,0xbd,0xea,0x22,0x59,0x32,0xf9,0x03,0x3f,0x8b,0xc5,0xeb, + 0x04,0x56,0xdd,0x4c,0x2b,0x1d,0x7a,0x1a,0x2d,0x65,0x59,0xb5,0x20,0x3f,0xcb,0x89,0x74,0xfa,0x81,0xbe,0x7d,0x64,0xcf,0x0a,0xe7,0xa1,0x4f,0xd9,0x65,0xdf,0xd6,0x9c,0xdd,0xeb,0xe1,0xca,0x78,0xd5,0x58,0x3f,0xda,0x34,0x87,0x04,0x0d,0xcd,0x94,0x76,0x4f,0x8d,0xc6,0x19,0xe8,0xd7,0x4a,0xae,0x8d,0x96,0x65,0xf3,0x40,0x69,0x3c,0x21,0xb3, + 0x04,0xe1,0xe5,0x05,0x3b,0x6f,0x43,0xb8,0x71,0x4a,0x02,0x5a,0xcf,0xb8,0x6a,0x8f,0x51,0x19,0x54,0x88,0x09,0x9b,0x1f,0x5d,0x63,0x31,0x0a,0x6b,0xec,0xd7,0xcc,0xb4,0x7e,0xf0,0xd1,0x6b,0xc0,0xc3,0x23,0x44,0x70,0xff,0xa8,0xd4,0x5f,0x58,0x2f,0xcb,0x65,0xff,0x9c,0xca,0xaa,0x6a,0xe0,0xcd,0x6b,0x57,0x2b,0xeb,0xaa,0x50,0xc1,0x77,0x41, + 0x04,0x1a,0x46,0x57,0x1a,0x14,0x38,0xca,0x23,0xdc,0x79,0x12,0xa8,0xa7,0xb2,0x24,0x5d,0x70,0xc8,0x52,0xa6,0xe9,0xf4,0xd3,0x85,0xdd,0x60,0x84,0x27,0xec,0x3c,0x41,0xe7,0xfe,0x06,0xe2,0xde,0xdf,0xba,0xa3,0x76,0xa6,0x14,0x65,0x7c,0xe6,0x17,0x01,0xa7,0xdb,0x18,0x1e,0x5b,0x1f,0x31,0x39,0x04,0x5b,0x84,0x24,0xee,0x54,0x96,0x4b,0x7a, + 0x04,0x8c,0xe5,0xa3,0xc8,0xbd,0x25,0x44,0x69,0x5a,0x00,0x58,0x41,0x61,0x2a,0x7c,0x5d,0x05,0xbe,0xb0,0x7c,0xf7,0xbc,0xa1,0x02,0x71,0x72,0xb0,0x30,0xac,0xf7,0xd2,0x75,0xfb,0xa0,0xc3,0x39,0xf7,0x4c,0xe3,0x6d,0x10,0x4f,0xff,0xbd,0x5a,0xe1,0xc9,0xc7,0x25,0x88,0x69,0x31,0x90,0xed,0x2b,0x36,0x87,0x43,0x30,0x87,0x21,0x3b,0x5b,0xdf, + 0x04,0xa0,0xab,0xcd,0xb1,0xef,0x03,0x5e,0x18,0x6e,0x72,0x06,0x06,0xb0,0x7f,0xd6,0x15,0x53,0x20,0x39,0x27,0x5a,0xc1,0xb6,0xf2,0x27,0x20,0xb7,0x56,0xc0,0xf8,0x57,0xcf,0x76,0xe4,0x65,0xcf,0xde,0xf3,0x06,0x02,0xb2,0xe0,0x55,0xa3,0x03,0xbc,0x6e,0x17,0x6d,0xfe,0x97,0x2d,0x06,0xcc,0x6f,0x38,0x21,0x78,0x03,0x87,0xbd,0x63,0x57,0xc1, + 0x04,0x85,0x9b,0x6b,0xeb,0x70,0x67,0x1b,0x3e,0x64,0x99,0x1b,0xb6,0x61,0x18,0x0d,0xbb,0xe8,0x35,0xf6,0x3c,0x0a,0x58,0x78,0xc3,0xf8,0x3f,0x09,0x22,0x66,0x0a,0x7c,0x09,0x33,0x89,0xbf,0x4c,0xe6,0xb5,0xc1,0xc2,0xf8,0x01,0xc8,0x4c,0x54,0x39,0x1d,0x53,0xaa,0x95,0x3e,0xad,0x5e,0x51,0xb7,0x75,0x7b,0x35,0x08,0x34,0x5b,0xb4,0xcd,0xeb, + 0x04,0x35,0x51,0x0d,0x43,0xf4,0xd1,0xa1,0x73,0xa0,0x46,0x7d,0x5c,0xb3,0x5a,0x41,0x70,0xc3,0xfc,0x40,0x7e,0x55,0xb4,0x16,0xb4,0xdf,0xce,0x28,0x65,0x0f,0x88,0x02,0xaf,0xe8,0xef,0x2a,0xdb,0xde,0x8b,0x40,0xa1,0x71,0x42,0x86,0x17,0x6d,0x67,0x44,0x89,0xbf,0x9a,0xcb,0x2e,0x4a,0x83,0x53,0xa7,0xda,0xe1,0xa9,0xe9,0x7c,0xbb,0x41,0x50, + 0x04,0xfa,0x4a,0xf0,0x89,0xc1,0x4d,0x6a,0x8b,0xe1,0x88,0x11,0x35,0x98,0x94,0x11,0x60,0x71,0x60,0xd1,0x41,0xa7,0xa8,0xcb,0x45,0x46,0xf3,0x58,0xa7,0x97,0xd2,0xaa,0xfd,0xbe,0x00,0x86,0x79,0x64,0x36,0x34,0x4d,0xae,0xec,0x06,0x3f,0x4f,0x4a,0x41,0x4a,0x87,0x79,0xe7,0x2a,0x96,0x08,0x92,0x33,0x5a,0xcd,0xfb,0xfd,0x45,0x2f,0x72,0x7a, + 0x04,0x3c,0xdc,0xaa,0x08,0x64,0x27,0x02,0x3b,0xbd,0x91,0xb5,0xb2,0xe2,0x12,0xbe,0x77,0xde,0x55,0x91,0xa1,0xa0,0xc2,0x10,0xd5,0x4f,0x04,0x82,0xf2,0x7c,0x42,0x65,0x58,0xf8,0xe1,0xf4,0xfe,0x6e,0x3b,0xf0,0x37,0xc0,0xe0,0x3d,0x40,0x43,0xc1,0xd9,0xb2,0x54,0x36,0xe0,0x80,0x3b,0x1a,0x42,0xb6,0xde,0x2e,0x40,0xd9,0x9e,0x83,0x9c,0x68, + 0x04,0xd7,0xad,0xbe,0x30,0xa5,0x68,0x2a,0xcf,0x9d,0x39,0x8f,0x58,0xda,0x8f,0xd3,0xb5,0x83,0x28,0x3d,0x9e,0xda,0x74,0xae,0x06,0x7b,0x9b,0x53,0x3c,0xd6,0xc0,0x82,0x4c,0xfe,0x50,0xd0,0x37,0x1c,0x0e,0x7b,0x59,0x04,0x3f,0xfa,0xd2,0x5e,0x17,0x44,0x5c,0xfb,0xdf,0xb3,0xfe,0xa4,0x0e,0x55,0xbc,0x7d,0xe1,0x9a,0xc5,0xf2,0x7c,0x64,0xa2, + 0x04,0x02,0x9e,0x1c,0x6e,0xb3,0x7c,0x38,0x3f,0xb4,0xe2,0x7e,0xbb,0x31,0x97,0x68,0x8f,0x8d,0x8a,0xf7,0x55,0xdb,0x83,0xb7,0x62,0x8e,0x17,0x57,0x9c,0xb3,0xf9,0x0f,0x05,0x8a,0x2b,0xf5,0x78,0x57,0xf5,0xff,0x63,0x31,0xcd,0xcf,0x87,0x44,0x0b,0x6e,0x69,0xcc,0x1b,0x6e,0x44,0x4c,0xe5,0x40,0xb8,0x22,0x2b,0x95,0x5c,0x98,0xa9,0x99,0x55, + 0x04,0x3a,0x35,0xde,0x21,0x3b,0x2d,0xc3,0x3e,0xb3,0x48,0x94,0x8a,0x22,0xed,0x5a,0x93,0x60,0x0f,0xad,0x07,0x1b,0xb0,0x17,0xa6,0xa2,0x50,0xe6,0x60,0x9b,0x13,0xf7,0xca,0xfb,0xec,0x06,0xb6,0x63,0xa5,0xf5,0x46,0x89,0xd0,0xee,0x67,0x09,0xfd,0x0d,0xa4,0x6a,0xcf,0xd2,0x60,0x38,0x93,0x59,0x35,0xf7,0x49,0xd6,0xd4,0xbc,0x21,0x06,0x0f, + 0x04,0x6b,0x91,0x0d,0x9e,0x99,0x43,0xcb,0xef,0xf7,0x17,0xca,0x95,0x46,0xaa,0x56,0x77,0xe0,0x61,0x18,0xf5,0xf0,0x4a,0x02,0x46,0xb5,0xba,0xb7,0x35,0x05,0x77,0x5d,0x65,0xc8,0x7a,0x4c,0x1f,0xd7,0xbc,0x58,0x4c,0x56,0x99,0x11,0x19,0x69,0x9b,0x90,0xb4,0xb3,0xa5,0x68,0xe5,0x08,0xea,0xa8,0x3f,0x11,0x83,0x32,0xda,0x91,0x52,0xb1,0x3a, + 0x04,0xf1,0x02,0xb9,0x0a,0xd3,0x78,0x72,0x5f,0xb7,0xff,0xe3,0xfc,0x3f,0xe6,0xef,0xb3,0x20,0xa7,0x28,0xa0,0x3c,0xe0,0x9a,0x88,0xee,0x25,0xba,0xb2,0xcf,0x13,0x3c,0x04,0xaf,0x2c,0xfe,0xe5,0x28,0xf3,0x91,0x3c,0x83,0x50,0x44,0x98,0xca,0x8b,0x3b,0x6d,0xeb,0x9e,0x28,0x42,0x41,0xb8,0xd0,0x1c,0x67,0x8a,0xb7,0x9a,0xd8,0x09,0x18,0x88, + 0x04,0x7f,0x42,0x0f,0xce,0xf9,0x3b,0x0b,0x9d,0x0a,0x9f,0x86,0xb2,0xc6,0x5e,0x18,0x93,0x8e,0x17,0xaa,0x84,0xea,0xde,0x2a,0x7a,0x64,0x40,0xad,0xec,0x91,0x4c,0xb2,0xf6,0xec,0x16,0x63,0xba,0xab,0x8a,0xf3,0x08,0x33,0x33,0x99,0xad,0xce,0xff,0x90,0x8e,0xe3,0x3c,0x8f,0x86,0xb3,0xdf,0x9e,0xf9,0x3a,0x51,0x52,0x09,0x31,0xf8,0x51,0xec, + 0x04,0x6b,0x83,0xad,0xf5,0x8b,0xbf,0x00,0xda,0x4b,0x77,0xb6,0xc4,0x61,0x59,0x25,0xcf,0x5a,0x8f,0x7b,0x72,0x99,0x7a,0xd9,0x69,0x04,0x85,0x54,0x90,0x83,0x4b,0xcf,0x82,0x22,0x4d,0xb9,0x40,0xbb,0xa0,0x28,0xdb,0xdd,0xaf,0x3c,0xba,0x94,0x9d,0xc4,0x1b,0x0d,0xb7,0x95,0x51,0x5e,0x34,0x54,0x9f,0xac,0x11,0xa1,0x83,0xb8,0x9d,0x5b,0xb7, + 0x04,0x04,0x10,0x23,0x67,0xdc,0x53,0x57,0x6a,0x83,0x85,0xfc,0x58,0xee,0x23,0x37,0xe2,0xb9,0xaf,0x54,0x7e,0x69,0x93,0x4f,0xe3,0xec,0x79,0x7a,0x84,0xc2,0x25,0xdf,0x0c,0x62,0x1c,0xec,0xc7,0x27,0x66,0x9f,0x2e,0x55,0x87,0x62,0xb6,0x5b,0x33,0xb3,0xcf,0x3f,0x22,0x8f,0xe9,0xa9,0xc2,0x22,0x23,0xab,0x71,0xe7,0x7f,0x90,0x4d,0x6a,0xa9, + 0x04,0x25,0x83,0x40,0x10,0x58,0x42,0xeb,0xe7,0x60,0xc4,0xfd,0xe1,0x3e,0x31,0xee,0xfd,0x52,0xe5,0x1a,0xae,0xf9,0x38,0xc4,0x47,0x7d,0x14,0x8b,0xba,0xc6,0xd3,0x74,0x12,0x30,0x1f,0x4b,0x4d,0x1b,0xfe,0x0e,0x70,0x46,0xcb,0x1f,0x99,0x3a,0x35,0x9f,0x91,0x91,0xfd,0x7b,0xca,0x7c,0x53,0xe0,0x39,0xfa,0x51,0xdb,0x8a,0x11,0x7e,0xfa,0xa3, + 0x04,0xd9,0xa5,0x21,0xd8,0x14,0x7c,0x1e,0x83,0xdf,0x82,0xb9,0xdb,0x62,0xb2,0x5e,0x6f,0xf1,0x41,0x7d,0xdd,0x41,0xae,0xf3,0xff,0xb1,0x82,0xad,0x23,0xf2,0x78,0x22,0xf7,0xb0,0xad,0x91,0x74,0x62,0xcd,0x2a,0x5a,0xbc,0xe2,0xec,0x2c,0x4a,0x4f,0x74,0x56,0xeb,0xdb,0x65,0xdb,0x10,0xd9,0x62,0x05,0x6e,0x75,0xf6,0xf8,0x85,0x3d,0x2a,0x4c, + 0x04,0x0b,0x58,0x00,0x6e,0x37,0x15,0x70,0x68,0x66,0x58,0xd4,0x58,0xf2,0x6f,0xaa,0x34,0xcc,0xf8,0xb4,0x9f,0xba,0x82,0x34,0xeb,0xd7,0x30,0x4c,0xbb,0xa3,0xab,0x1b,0x24,0x68,0x78,0x7e,0x9c,0x7e,0xa3,0x04,0x3e,0x0b,0xf2,0x7a,0xa9,0x73,0x0a,0x5a,0xbe,0x47,0x30,0x60,0xb7,0x7c,0x53,0xbd,0xdc,0x70,0xe2,0x01,0xd7,0xf5,0xb1,0xd8,0x9c, + 0x04,0x4a,0xb8,0xf5,0xac,0x88,0xee,0xcf,0xcb,0x03,0x94,0xf6,0xcf,0xe5,0x52,0x85,0x96,0xb6,0xb4,0xc4,0xfd,0xac,0x82,0x47,0xfd,0x62,0x95,0x72,0x89,0x13,0x3e,0x62,0x0e,0x1a,0xf5,0x18,0x52,0xe1,0x1b,0x19,0xd6,0x13,0x78,0x52,0xe2,0x18,0xfd,0x64,0xd2,0xeb,0xb5,0x67,0xf8,0xfa,0x92,0xa1,0xed,0x43,0xa5,0xe3,0x4f,0x56,0x94,0xa9,0x4b, + 0x04,0x90,0x32,0x01,0xba,0x08,0x35,0x3b,0xa6,0x15,0x8c,0x06,0xe6,0x6d,0xf0,0xb4,0x13,0xb7,0x71,0xd2,0x1a,0xcc,0x08,0x32,0x21,0x3b,0xd0,0x3d,0x58,0x95,0x75,0xe6,0x76,0x77,0xa9,0x0c,0xcf,0x2f,0x30,0x79,0xcd,0x2a,0xc6,0xc5,0x9c,0xc0,0x25,0x6a,0x61,0x2c,0x07,0x9b,0x8a,0x91,0xb5,0x9e,0xce,0x1e,0xfd,0x07,0x6f,0x53,0xbf,0x5b,0x04, + 0x04,0xc8,0x02,0x1b,0xe2,0x26,0x9a,0x2e,0xe8,0x38,0x53,0xe4,0xa1,0x2b,0xb0,0x68,0x08,0x25,0x08,0x8d,0x9a,0xc0,0xe5,0x6f,0xb5,0x05,0x10,0x9f,0x47,0x08,0xdd,0x9d,0x5d,0xd8,0x02,0xad,0x69,0x0d,0x8e,0x8b,0x81,0x7a,0x81,0x5d,0xe6,0x07,0x86,0x5a,0xfa,0xbf,0xbe,0xd7,0x65,0x09,0x88,0xf9,0x25,0xec,0xf2,0x3f,0xe5,0x65,0x4d,0x0c,0x9c, + 0x04,0xa5,0x3f,0x7c,0x41,0x2c,0x11,0xad,0x6a,0x36,0x2b,0xd2,0xbe,0x2e,0x7d,0x1f,0x20,0x44,0x02,0x97,0xbe,0x86,0x59,0x4a,0xbb,0xcb,0xea,0x25,0x94,0xdd,0xf9,0x37,0x23,0x79,0xdb,0x08,0xad,0x87,0xb5,0x36,0x93,0x9a,0x70,0x58,0x26,0x82,0xcb,0x75,0x70,0x26,0x36,0x55,0xcc,0x25,0xa2,0x97,0x9f,0x84,0x5f,0xd6,0x8b,0xe3,0xd8,0x29,0x53, + 0x04,0x46,0xfe,0xed,0x4e,0x52,0x29,0x63,0x19,0x2c,0xbd,0x6c,0x6e,0xda,0xbd,0x51,0x75,0xd1,0x0f,0x93,0x99,0x9a,0x58,0x5a,0x04,0x5a,0x30,0x26,0xb6,0x9b,0xb4,0xd5,0x28,0xed,0x7f,0x6a,0xbd,0x7b,0x39,0xe4,0x0e,0x08,0xe2,0x12,0x69,0x91,0xed,0x41,0x03,0x94,0xbf,0xda,0xbe,0xa9,0x90,0xab,0xb7,0xb2,0xca,0x5e,0xb9,0xf0,0x48,0xfa,0x4f, + 0x04,0x67,0xdb,0x11,0xee,0x0b,0x73,0x07,0x1b,0xf3,0xb8,0x15,0x86,0x4a,0x17,0x85,0x81,0xad,0xa3,0xd1,0x00,0x91,0x83,0x65,0xe7,0x12,0x0d,0x9b,0xde,0xc9,0xcd,0x9c,0x33,0x25,0xf5,0xeb,0x5a,0x1b,0x66,0xad,0x10,0x4a,0x5c,0x9e,0x43,0xb0,0x7a,0xfa,0x4b,0x15,0x2a,0x75,0xfa,0x22,0xa3,0xe4,0x29,0xaf,0x41,0xe4,0x59,0xe7,0x99,0x3e,0x45, + 0x04,0x14,0xcd,0xc4,0xf1,0x6c,0x07,0xd6,0xe6,0x07,0x4c,0xaa,0x8e,0xcc,0xa2,0x6a,0x01,0x86,0x34,0x7e,0x72,0x3d,0xce,0xdf,0x9a,0xff,0x9d,0xc6,0xfc,0x8c,0x38,0x15,0xbf,0x5d,0x64,0xfe,0x2d,0x7e,0x6a,0xbc,0x20,0x80,0x2a,0x1c,0x15,0x80,0x40,0xce,0xbd,0x61,0x4d,0xed,0xa0,0x34,0x79,0x87,0xe0,0xcd,0xcf,0xd4,0x1e,0x09,0x61,0x8c,0xf5, + 0x04,0x24,0x19,0x3c,0x35,0x01,0xff,0xa7,0x7e,0xbf,0x1e,0xe6,0x2f,0x7c,0x11,0x8b,0x28,0xc0,0x5a,0x1c,0x0a,0x94,0x6f,0x44,0x2b,0x20,0x8a,0x83,0x05,0xc6,0xa7,0x45,0xf8,0x86,0x36,0x03,0x29,0x9d,0xfd,0xf5,0xd2,0xbd,0xa1,0x92,0x30,0x00,0x7d,0x0e,0x03,0xae,0x61,0xfe,0x1c,0xae,0xaf,0xa5,0x84,0xdd,0xad,0x4c,0xea,0x6d,0xc7,0xd7,0x6a, + 0x04,0x08,0x1c,0xea,0xb1,0xd3,0xcd,0x53,0x17,0xfc,0x78,0x2c,0x9c,0x8d,0xc3,0x33,0x99,0x70,0x5a,0xba,0x68,0x99,0xc0,0xb8,0x04,0xef,0xa9,0x6e,0xd4,0xee,0x94,0x4d,0xa9,0x00,0xad,0xf5,0x1c,0xd3,0x1b,0x50,0x00,0xf2,0xd1,0x75,0x69,0x5d,0x48,0xa1,0x22,0x13,0xae,0x15,0x95,0xb9,0x83,0x72,0x64,0x3e,0xc0,0xeb,0x40,0x0e,0xf7,0x9d,0x41, + 0x04,0x13,0xe5,0x6b,0x20,0x78,0x55,0xea,0xbb,0x4b,0x8a,0x27,0xdf,0xe8,0xd1,0xec,0x89,0x64,0x4b,0xe7,0xc0,0x96,0xf6,0xc2,0xf3,0xa1,0x22,0xc9,0xcd,0x0b,0x8b,0x50,0x8b,0xb5,0xb7,0x97,0x0e,0x3a,0x14,0x11,0xf4,0xff,0xe3,0x71,0x14,0x05,0xec,0x65,0xef,0x98,0xdb,0x12,0xa2,0xb3,0x7d,0x8c,0x18,0xc8,0xd1,0x98,0x41,0x34,0xe8,0x54,0x92, + 0x04,0x5c,0xf9,0x5e,0x23,0xe6,0x81,0x05,0x9f,0x00,0x8b,0x32,0xdf,0x32,0x6f,0xfb,0x77,0x95,0xbd,0xf7,0x4b,0xb3,0x37,0xf7,0x7c,0xff,0x50,0x52,0xde,0x78,0x26,0x79,0x4b,0x5c,0xb0,0x38,0xec,0x1f,0xde,0xfd,0xe5,0x1f,0x6c,0x68,0xdc,0x5e,0x12,0xa1,0x98,0xa5,0x1c,0xe8,0x6b,0x92,0x16,0x78,0x83,0x68,0x7b,0x25,0x34,0x15,0xd6,0xd3,0x7a, + 0x04,0x9c,0x49,0x75,0x4a,0x4c,0x45,0xd9,0x7e,0x5b,0x70,0xd0,0x93,0x1b,0x98,0xf6,0x0b,0x3a,0x99,0xf5,0x1a,0x95,0x49,0x75,0x37,0xbd,0x85,0xed,0xe7,0xe9,0x87,0x94,0x29,0xdc,0xad,0xfe,0x27,0x3a,0x40,0x86,0xc3,0x0d,0xde,0x47,0x55,0x66,0x79,0x23,0xe5,0x8c,0x46,0x3e,0x8d,0x94,0xcb,0xb7,0xd5,0x6c,0x9e,0x0f,0x4d,0xe7,0x9e,0x6d,0x21, + 0x04,0xfc,0x7f,0xd9,0x84,0xdd,0x0d,0xc3,0xc9,0x38,0x46,0xf8,0xb4,0x1b,0x07,0x29,0x6e,0xa8,0x54,0x40,0x13,0x25,0xf1,0x55,0xf1,0x23,0x6f,0x2e,0x44,0x14,0xa9,0xb9,0xda,0x47,0x3f,0x38,0xa5,0xf8,0x4d,0x08,0xc0,0xac,0x7a,0x1d,0xab,0x8a,0x56,0x8e,0xac,0x21,0x06,0x60,0x74,0x94,0x74,0x49,0xa8,0xc3,0xd1,0x6f,0x05,0x5a,0x37,0x9b,0xff, + 0x04,0x33,0x7e,0x2e,0x26,0x0a,0x35,0x65,0xff,0x81,0xe0,0xbe,0x90,0x0c,0x8d,0xaf,0xb2,0xce,0x23,0x10,0x68,0x8c,0x3e,0xeb,0x6c,0x02,0x5c,0xac,0x20,0x8b,0x08,0xa1,0x8a,0x44,0x84,0xfc,0x5f,0xb0,0x1c,0x2d,0x40,0x4d,0xa9,0x9b,0x56,0xa4,0xdc,0x22,0x64,0x20,0xdc,0x3e,0x67,0x6f,0xd0,0x22,0x3b,0xa3,0xa4,0x5d,0x43,0xcd,0xcf,0x35,0x62, + 0x04,0xe2,0xb1,0x70,0xd1,0xdc,0x4d,0x9e,0x32,0x95,0x14,0xa5,0x4f,0x10,0xdc,0x81,0xd9,0x02,0xf3,0x75,0x2c,0x3a,0x6e,0x2f,0x8b,0xe5,0xd8,0x20,0xfa,0xfe,0xfa,0x9d,0x8b,0xe0,0x87,0xdb,0xd3,0x90,0x15,0x2e,0xbb,0x04,0xc7,0x3b,0x8c,0x50,0x4b,0x99,0x4a,0x76,0x83,0x72,0xd3,0xf9,0x20,0xa5,0xce,0xdc,0x42,0x42,0xbf,0x83,0x4c,0xcc,0x6f, + 0x04,0x67,0x02,0xab,0x6b,0x25,0x7c,0x24,0x44,0x0b,0xf7,0x19,0xc0,0x2d,0x21,0x61,0xe4,0xe3,0x1e,0x22,0xd5,0x5e,0xd8,0xad,0x0f,0x33,0xe5,0xaf,0x95,0x68,0xac,0x4a,0x9a,0xbf,0x87,0xac,0xcc,0x75,0x85,0x77,0x38,0x90,0x42,0xf5,0xb6,0x50,0xc3,0x7d,0xb6,0xb0,0xc7,0x68,0x22,0x03,0x15,0x6d,0xe7,0x37,0x28,0xa5,0x82,0xbe,0xd6,0xa6,0xd4, + 0x04,0x0c,0xec,0x0a,0xa4,0xde,0x0c,0x14,0x3f,0x5d,0x4c,0x3d,0x36,0xde,0x3d,0xb4,0xcd,0x72,0xe8,0xfe,0x0f,0xbd,0x33,0x6d,0xe8,0x79,0xa5,0x62,0xac,0x87,0xe6,0x28,0xd8,0xe7,0x5d,0x0d,0x0a,0xe3,0xd7,0xb4,0xd8,0x69,0xe7,0xf6,0xff,0x56,0x4e,0x21,0xef,0xc3,0x0a,0x15,0xff,0x2d,0x4c,0x87,0x61,0x81,0x04,0xfb,0xd4,0x2e,0xf5,0xe0,0x0b, + 0x04,0x92,0x76,0x15,0x1f,0xb9,0x99,0xff,0x3f,0x7f,0xcf,0x54,0x24,0x91,0xfb,0x62,0x47,0x9f,0xd1,0xea,0xe9,0x3f,0xc2,0xe7,0xd2,0x2c,0x38,0xd9,0x44,0x86,0x7c,0x44,0x7e,0xf0,0xe7,0x18,0x5e,0x4d,0x55,0xa1,0xc2,0xea,0xfa,0x2c,0xf8,0xd2,0x62,0x63,0x6d,0x6e,0x4b,0x35,0x3f,0xe7,0x1a,0xe3,0xd3,0xcc,0xe6,0xb1,0x58,0xd8,0x6c,0xf5,0xfe, + 0x04,0xe6,0x57,0xa9,0x1a,0xbd,0xcb,0x67,0xbf,0xfa,0x8f,0x78,0x56,0x5e,0xc7,0x96,0xb4,0x90,0x1f,0x29,0x91,0xc1,0x27,0x22,0xd2,0x7b,0xca,0x6a,0x02,0x17,0xf2,0xb0,0x0c,0x9b,0xb2,0xcf,0x5f,0x6c,0x57,0x80,0xc7,0x0f,0xa8,0xf0,0x31,0x59,0xbc,0xb0,0xd5,0x60,0x96,0xae,0xec,0xf5,0x3e,0xa5,0xe2,0x8d,0x10,0x58,0xc3,0xa5,0x0d,0x20,0x91, + 0x04,0x7c,0x05,0x1c,0x1e,0xeb,0xc7,0x67,0x46,0xeb,0x26,0x7e,0x8e,0x91,0xa4,0x7d,0x8a,0xb8,0x1b,0x89,0xbd,0x3b,0x3a,0x9d,0xe6,0xf1,0xc3,0xe6,0xb9,0x8d,0xb8,0x1c,0x7b,0x75,0xdf,0x08,0x88,0x82,0x15,0x0b,0x97,0xe2,0x01,0x46,0x54,0x7e,0xe0,0x7b,0x6b,0x56,0x20,0xbc,0xec,0xe4,0xd4,0x0a,0x53,0xee,0xed,0x84,0xe5,0xd4,0x77,0x9a,0x1f, + 0x04,0xd8,0x90,0x40,0x0f,0x12,0x30,0xfa,0x80,0xd8,0xd4,0xc9,0x51,0x73,0x92,0x4e,0x9e,0x7b,0x34,0x58,0xf7,0xe5,0x46,0x80,0xab,0x18,0x34,0xe5,0x05,0xa2,0xdc,0xcb,0x26,0xf7,0x14,0x37,0x4c,0x99,0x78,0x43,0x28,0x30,0xb8,0xe1,0xb8,0x27,0x42,0xca,0x86,0x77,0x7f,0x9b,0x8b,0x68,0x6b,0x19,0x24,0xee,0x55,0xe7,0xc5,0x72,0xc2,0xb1,0x19, + 0x04,0xf4,0x48,0x66,0xb8,0xee,0x1b,0x93,0x7d,0x18,0x2f,0xf7,0x9a,0xad,0xe4,0x1b,0x54,0x9b,0x71,0xff,0x1b,0xfa,0x88,0x2a,0x19,0x2e,0xc9,0x0d,0xc8,0x7a,0x51,0x77,0x4d,0x5e,0x33,0x5f,0x19,0x88,0x0e,0x84,0x38,0xb9,0xf2,0x05,0x93,0x26,0x64,0x51,0x2c,0xd6,0xdd,0x53,0xd5,0xa4,0x0a,0x70,0x08,0xfc,0x5c,0x98,0x12,0x4a,0x7d,0x95,0x54, + 0x04,0xfd,0x29,0x8a,0xb9,0x44,0xa0,0x87,0x02,0x81,0x6a,0x73,0x95,0xf8,0x4e,0x45,0xed,0x78,0x29,0x68,0xb7,0x01,0x83,0x8b,0x67,0xfa,0x25,0x28,0x11,0x1c,0xd4,0xf4,0x14,0x85,0x99,0x86,0x7c,0x89,0x17,0x4f,0x00,0xcc,0xf3,0x06,0x27,0x81,0x5e,0x66,0x18,0xbd,0x28,0x45,0xf3,0x58,0x19,0xdb,0x07,0x54,0x18,0x05,0x35,0xbb,0x4d,0x4b,0x2f, + 0x04,0x7b,0x78,0xd5,0x99,0x67,0xed,0x07,0xc8,0x3f,0x0e,0xd7,0xf8,0xf0,0xb2,0x63,0x88,0xdb,0x76,0xb0,0x86,0x3b,0x64,0xac,0x14,0xb7,0xec,0xbe,0xd8,0xe3,0xa1,0xbd,0xa2,0x4b,0x49,0xda,0xe1,0xad,0xf9,0x48,0x86,0x07,0x41,0x37,0x6c,0x91,0x9c,0xfd,0x50,0xff,0xcf,0x74,0x96,0x72,0xf1,0x9f,0x78,0xad,0x56,0x5e,0x88,0xf6,0x09,0x6d,0xf6, + 0x04,0x79,0x1c,0x90,0x17,0xb3,0xa9,0x3c,0xa2,0xf2,0xd0,0x3f,0xcf,0x18,0xb4,0x23,0x03,0x31,0xfd,0xc3,0xde,0x57,0x85,0xe8,0x47,0xc9,0xf5,0x1d,0x22,0xca,0xf5,0x0c,0xdb,0xed,0xc7,0x29,0xc9,0x2f,0x0a,0x88,0x23,0x3a,0x29,0xa2,0x25,0x9e,0x7e,0x62,0x65,0xb9,0x2a,0x14,0x38,0xc0,0xb5,0x95,0x91,0x67,0xfb,0xe2,0xaa,0x4a,0x65,0xa6,0xc0, + 0x04,0x47,0x57,0x86,0xce,0x21,0x5a,0x18,0x73,0xe0,0x4a,0x0c,0x67,0x64,0x2c,0x31,0x9a,0x6d,0x24,0xdf,0xfb,0x06,0xa4,0xcf,0xfb,0xb1,0x5a,0x82,0x56,0xd2,0xc8,0x11,0xec,0x5a,0x1b,0xba,0x7f,0x66,0x1e,0x38,0xd6,0x94,0xd9,0xa1,0x15,0x64,0xb5,0x11,0xaf,0x6c,0x66,0x32,0xa5,0xef,0xc9,0x33,0x73,0x26,0x42,0xdd,0x5c,0x49,0x28,0xa4,0x1b, + 0x04,0x75,0x9a,0xe7,0x72,0x33,0xb1,0x19,0xfb,0x37,0x89,0x05,0x97,0x60,0x11,0x2f,0x38,0xe8,0xd9,0xe6,0x9f,0x43,0x1c,0xf0,0xe8,0xf0,0xbb,0xe6,0xa0,0x6e,0x23,0xbc,0x5b,0x18,0xd6,0x9b,0x80,0x98,0x0f,0x53,0xb7,0xe8,0xc7,0x6c,0x9b,0x82,0xdc,0x61,0xf0,0x5c,0xdc,0x03,0x82,0x6c,0x2c,0x96,0x37,0xcc,0x02,0xaf,0x2a,0x6d,0xb0,0xe4,0xfa, + 0x04,0x3a,0xf2,0xb8,0x62,0x9a,0x34,0x75,0x29,0x4e,0xe0,0xd5,0x43,0x73,0x21,0xfc,0xd5,0xfa,0x45,0x54,0xc7,0x80,0xb6,0xb1,0x8b,0x86,0x24,0x2d,0x3e,0xdf,0x36,0xf5,0x51,0xed,0xe3,0x7c,0x4e,0xa3,0x19,0xd4,0x2f,0x8f,0xc3,0xcf,0x97,0xcf,0xe7,0xdd,0x17,0xe8,0x5b,0xa6,0xe1,0x1b,0xa2,0x60,0xed,0x99,0x1c,0x22,0xee,0x89,0x1a,0xbc,0x2b, + 0x04,0xca,0x2d,0xf3,0xb3,0xd7,0xd9,0x58,0xb0,0xd4,0x6e,0xd6,0xe0,0xff,0xe3,0xb7,0x48,0x8f,0x2e,0x13,0x66,0x09,0x51,0xeb,0x82,0x1c,0x24,0x24,0x6d,0x6c,0x7f,0x2e,0xc2,0x05,0x5e,0x78,0x0e,0x6a,0x53,0x4f,0x9f,0xf4,0x69,0xb0,0xba,0x3c,0x8d,0x38,0x96,0x2a,0xc0,0xac,0xdc,0x7b,0x4b,0x3d,0xc0,0x57,0xc0,0x7e,0xad,0x3f,0x4b,0x7a,0xa0, + 0x04,0xef,0x17,0xac,0x08,0x4a,0xba,0xd1,0x24,0x96,0xdf,0x80,0xd8,0x0d,0xbe,0x21,0xdf,0xad,0xe5,0x8e,0x30,0x2a,0xc0,0x39,0x80,0x02,0xc5,0x34,0x9d,0x85,0x25,0x28,0xcc,0xef,0x34,0x50,0x02,0x66,0xa5,0xdd,0x3f,0xb4,0x54,0x82,0x8e,0xd8,0x56,0x84,0xa6,0x2e,0x6e,0xb1,0x42,0xf6,0x5f,0x54,0x97,0xe6,0x4d,0x23,0x14,0x8f,0x75,0x79,0x76, + 0x04,0x62,0x4c,0xf7,0x45,0x9a,0x3e,0x09,0x7f,0x11,0x43,0x83,0xa1,0x25,0xc7,0xcd,0xec,0x33,0xb9,0x47,0xc5,0xbc,0x0a,0x26,0x79,0xd7,0xaa,0xe5,0x08,0xb5,0xd4,0x64,0x79,0x40,0x8c,0xac,0x79,0x1f,0x2e,0xd7,0x1d,0x9b,0xd5,0x94,0xbd,0x66,0xf6,0xce,0x70,0xd9,0x28,0xd3,0xb2,0x0f,0xe0,0x2b,0x5b,0x66,0xcf,0x74,0x3b,0x51,0x73,0x9a,0x74, + 0x04,0xe4,0x1e,0xc5,0x56,0xbb,0x3f,0x85,0xce,0xf6,0x65,0x1a,0x2d,0xb1,0x81,0x6d,0xab,0x3b,0xc8,0x28,0x98,0x87,0x14,0x82,0xdb,0xf1,0xcc,0x80,0x14,0x07,0xce,0x4d,0x1d,0xed,0xea,0xfe,0x8c,0x33,0x72,0x12,0x50,0xbf,0x75,0xcd,0xb9,0x18,0x1e,0x99,0x04,0x92,0xd3,0x70,0x80,0xe7,0xda,0xb4,0x1d,0xa1,0x67,0x3d,0x62,0xa8,0xb8,0x35,0xdf, + 0x04,0xb5,0xc3,0xcb,0x14,0x6d,0x30,0xfe,0xcf,0xd7,0xfe,0xd0,0x09,0x3d,0xcb,0xa0,0x18,0x46,0xa2,0x8a,0xa5,0x0c,0x7f,0xe3,0xc0,0xcf,0x4b,0x8c,0x5a,0xa8,0x37,0xd5,0xb0,0xb2,0x1b,0x76,0x05,0xca,0xdb,0xc7,0xb6,0x20,0x6e,0x5d,0xd4,0x28,0x9e,0x1d,0xe9,0xcc,0x36,0xbc,0x98,0x09,0x4f,0xb1,0x82,0x23,0xbe,0x63,0x6e,0x6d,0x36,0xe0,0xfa, + 0x04,0xb3,0xc6,0x28,0x48,0xbe,0xb0,0x63,0xfc,0x8f,0x28,0x5c,0x0d,0xa7,0x20,0x7e,0x70,0x7c,0x71,0x46,0x0b,0x8f,0x79,0x2a,0xe0,0x89,0x0f,0x23,0x62,0xfc,0x8f,0x02,0x10,0x9c,0xf8,0x0c,0x0e,0x0d,0x75,0xd2,0xf5,0x4a,0x6b,0xff,0xe3,0xfe,0xf3,0x94,0x41,0xed,0x0c,0xbf,0x29,0xc8,0x39,0x7b,0x76,0xa8,0x24,0xff,0x9e,0xcf,0x4c,0x77,0x2b, + 0x04,0x07,0xad,0x8c,0xd0,0x55,0x52,0x8f,0xeb,0x4b,0x3a,0x53,0xd3,0x54,0xc7,0xc7,0xcc,0x06,0x16,0xca,0x3f,0xf7,0x87,0xbb,0xb0,0xbf,0x79,0x90,0x96,0x06,0xd2,0x7e,0x8a,0x70,0xb4,0xd2,0x71,0xeb,0xd8,0x36,0x3d,0x9a,0xd9,0x10,0xcf,0x4d,0x84,0xe5,0x21,0x71,0xb5,0xb3,0x59,0x79,0x2f,0x7f,0xf8,0xa8,0x9c,0x44,0x27,0xfb,0x6a,0xfa,0x21, + 0x04,0x7c,0x66,0xfd,0x67,0xb7,0x9f,0x88,0x53,0x1a,0x07,0x47,0x28,0x87,0x26,0xdb,0xeb,0x29,0x9d,0xd8,0xe1,0x15,0x96,0x12,0xbf,0xf2,0xd9,0x79,0xfe,0x4b,0xd1,0x06,0x0c,0x15,0xc5,0x4c,0x5c,0xf4,0x0b,0x7a,0x6b,0x36,0xf4,0x40,0x0b,0xdb,0xaa,0x2b,0x6d,0xd0,0x66,0x9c,0x3b,0x45,0xa5,0x59,0x25,0x63,0x52,0x87,0x11,0x6a,0xaa,0xff,0x1c, + 0x04,0x94,0x06,0x46,0x98,0x28,0x0e,0x7e,0xb6,0xe1,0x4d,0xd8,0x1e,0xfa,0x9f,0x0a,0xb5,0x27,0xfe,0x6c,0xee,0xde,0xd6,0x0c,0xd4,0xd4,0x22,0x16,0x2c,0x39,0x7d,0x5b,0xad,0x16,0x3a,0x63,0x34,0x2b,0x44,0x62,0x9e,0x57,0xc0,0x9b,0xb4,0x90,0x11,0x8b,0x1d,0xaf,0x06,0xbc,0x0b,0xd1,0xde,0x48,0xa9,0x8e,0xa7,0xac,0x3e,0x89,0x3e,0x44,0x70, + 0x04,0xb4,0x54,0x03,0x93,0x84,0xab,0xb1,0x91,0xe5,0x93,0x46,0x39,0x76,0xde,0xa9,0x37,0x42,0x8b,0x76,0xa2,0xf2,0x1f,0x85,0x53,0xa9,0x94,0xe0,0xe2,0x3a,0x0d,0xe3,0x28,0x28,0x88,0xd4,0xe2,0x2e,0xaa,0x98,0x6d,0xfc,0xd2,0x0e,0x5a,0x4c,0x96,0x66,0xa2,0xa3,0x41,0xea,0xad,0xcd,0xf8,0x6b,0x6e,0x13,0x76,0x60,0xc9,0x55,0x61,0x56,0x6f, + 0x04,0xd4,0x3b,0x70,0x4b,0xcd,0xa6,0xed,0x2c,0xd8,0xca,0xcd,0x64,0xa6,0x71,0x91,0xda,0x2f,0x68,0xf2,0x5a,0x6a,0x98,0x3d,0xd7,0x90,0x10,0xb1,0x06,0x69,0x42,0x73,0x0f,0x2e,0xaa,0x0d,0x09,0x33,0xf7,0x10,0x91,0x7e,0x32,0x23,0xf2,0xfe,0xb2,0x33,0x88,0xad,0xd3,0xfe,0xd3,0xa2,0xa7,0xde,0x18,0xaf,0x50,0x80,0x3b,0x0b,0x20,0xd6,0xc9, + 0x04,0x9e,0xa3,0xdb,0x44,0xd3,0xc1,0xe0,0x97,0x15,0xec,0x33,0x0d,0x36,0x07,0xa0,0x6c,0xfd,0xc1,0xb0,0xba,0xf4,0xf5,0x70,0xfb,0xad,0x15,0xd6,0x3e,0x1a,0x8d,0x19,0x0b,0xda,0xe7,0x8a,0x1a,0x46,0xed,0x6f,0xda,0xa0,0x2e,0xa2,0x78,0x5c,0x2b,0xad,0x33,0xaa,0xce,0x95,0x39,0x7b,0x29,0x0e,0xb7,0xc2,0x64,0x28,0xef,0x68,0x49,0x4a,0xbf, + 0x04,0xe4,0xcb,0x3b,0x67,0xd6,0x21,0x08,0x68,0x7c,0x74,0xb3,0x6a,0x08,0x1c,0x3a,0xdb,0x9f,0xc4,0xe1,0x88,0xb5,0xe6,0x11,0x72,0x73,0x12,0xb7,0x08,0x86,0xe8,0x1a,0x79,0x5e,0xdb,0xa4,0xdf,0x71,0xb9,0xc4,0xb0,0x6f,0x7b,0x05,0x2b,0x5b,0x48,0xd9,0xe0,0xbe,0x85,0x5f,0xfc,0xc2,0xf2,0x79,0x26,0x52,0x4c,0xb2,0x2f,0xfb,0xb9,0xe8,0x65, + 0x04,0x6e,0x83,0x3d,0xc7,0x86,0x03,0x9c,0xb0,0x81,0xca,0x12,0x03,0x4a,0xdf,0xae,0x41,0xe3,0x45,0x4c,0xad,0x09,0x76,0xa0,0x96,0x12,0xf1,0xaf,0x4c,0x39,0x0d,0x58,0x9f,0x16,0xf4,0x99,0xbb,0x67,0x9c,0xe6,0x3d,0x15,0xbd,0x4b,0x82,0x13,0x92,0xe6,0xc3,0xde,0xb9,0xac,0x21,0x63,0xd0,0x21,0x1a,0x68,0xa6,0x16,0x7b,0xcb,0x5d,0xd0,0xe2, + 0x04,0x93,0xb0,0xcf,0x66,0xe6,0xc5,0x1e,0xc9,0xf5,0xb0,0x25,0x89,0x60,0x74,0x43,0xba,0xb7,0xb9,0x7b,0x18,0xf3,0xdd,0x2c,0x9c,0xc8,0x31,0xc0,0xa3,0x56,0xb6,0x0c,0x21,0xf9,0x60,0xbe,0xbf,0x79,0xb0,0xc2,0x95,0x79,0x42,0x37,0xc6,0x05,0x76,0xd6,0xa7,0x4e,0x5f,0x69,0x4d,0x9f,0xcc,0xdc,0x2c,0x4a,0x46,0x9e,0x00,0xb1,0x81,0x15,0xac, + 0x04,0x67,0xf4,0xd7,0xcf,0x5b,0x85,0x74,0xfa,0x36,0xec,0x8d,0x3d,0x4c,0xaa,0x36,0x9e,0xfe,0x05,0x21,0xff,0x9e,0x25,0x76,0x0c,0xf9,0x98,0x94,0xc6,0x4f,0x06,0x4c,0xa3,0x4d,0xb1,0x59,0x7f,0xbd,0x96,0xd7,0xb7,0xe3,0x19,0x23,0x6e,0x06,0x60,0xb0,0x58,0x00,0xed,0x99,0x09,0x9c,0x8c,0x10,0x22,0xd5,0x5b,0xe3,0xa8,0xfd,0x23,0x1e,0x96, + 0x04,0x43,0x96,0x38,0xad,0xcd,0xa8,0x70,0x13,0x74,0x36,0xee,0xb0,0x9e,0x27,0xc3,0x26,0x37,0x30,0x79,0x21,0x97,0x4b,0x64,0xb9,0xf7,0x3e,0x26,0x6d,0x8e,0x95,0x39,0x30,0x94,0xcf,0xcf,0x35,0x0b,0x98,0x28,0x24,0x37,0x97,0x4d,0xb3,0xe4,0x02,0xfd,0x86,0xe3,0xeb,0xdd,0xdc,0x5e,0x23,0xfc,0xd0,0x73,0x03,0xa0,0xa5,0xcf,0x28,0x2b,0xa4, + 0x04,0xbf,0x32,0x69,0x3d,0xd7,0x7e,0x18,0x2d,0x8b,0x26,0x50,0x38,0x28,0x32,0xf3,0x7f,0x67,0x70,0x09,0x01,0x32,0xaa,0x77,0xa7,0xeb,0xc1,0x82,0x15,0xe0,0x0c,0x44,0xc0,0x46,0x42,0xea,0x34,0x61,0xff,0x10,0xe2,0xe1,0x80,0x0d,0xc3,0x92,0x73,0x8d,0x7d,0x01,0x17,0x46,0x79,0xc9,0xd2,0xe3,0x82,0xa8,0x0e,0xd4,0x96,0x1f,0xe4,0x8b,0x6b, + 0x04,0xd2,0x0a,0x02,0xa6,0xd0,0x42,0x48,0x20,0xf7,0xc2,0xed,0x6a,0xfd,0x1b,0x7c,0x14,0x9f,0x67,0x62,0xbf,0x8c,0xe4,0xdb,0xa5,0x0d,0xed,0x97,0x92,0x36,0x8d,0xce,0xac,0xc5,0x74,0xcc,0x62,0x98,0xfa,0x1d,0x96,0xed,0xd1,0x78,0x30,0x9f,0x75,0x08,0xce,0x8a,0xab,0xf6,0x9f,0xc0,0xc4,0x9b,0x85,0x29,0x9b,0xaf,0x91,0x23,0x9e,0x66,0x65, + 0x04,0xaf,0xd3,0x21,0xe9,0xff,0x7b,0x24,0xd8,0x56,0xbf,0x14,0xbb,0xc5,0xaf,0xef,0x19,0x52,0x74,0x48,0x67,0xca,0xe4,0xa9,0xf3,0xe3,0x8f,0x66,0x73,0xda,0x90,0x8a,0xed,0x71,0x49,0x66,0xdf,0xee,0x5a,0xf5,0xb7,0xdd,0xfc,0x17,0x79,0xdb,0x74,0x98,0x7e,0x9e,0x87,0xf5,0x32,0xbe,0xa7,0x6a,0x2c,0xbe,0xd7,0x17,0xa3,0x6c,0x91,0x00,0xe7, + 0x04,0xcf,0xd6,0xd8,0x41,0x13,0xfc,0x92,0x0b,0x44,0xbf,0x6d,0x67,0xcb,0x84,0x16,0x91,0xdb,0xae,0x07,0xbd,0x67,0x32,0xe5,0xde,0xc0,0x45,0xe6,0x0d,0x90,0xb9,0x8f,0x71,0x10,0xcb,0xf8,0xc9,0xff,0xae,0xf3,0x6f,0x3d,0x53,0x13,0x2b,0x1c,0x10,0xdb,0x56,0x72,0xac,0xd5,0xdf,0x5b,0x87,0xcb,0x98,0xd1,0x9d,0xaf,0x87,0xb0,0xde,0x35,0x73, + 0x04,0xf0,0x96,0x16,0x82,0x7b,0x93,0xb6,0x01,0x7d,0x77,0x0c,0x75,0xe3,0x5b,0x01,0x62,0xc5,0x45,0x5c,0xe2,0x38,0x0e,0xf2,0xfe,0xc5,0x4e,0x33,0x6d,0xfe,0x94,0xcb,0xbc,0xf3,0xd0,0x1b,0x7b,0x10,0x2b,0xec,0x4f,0xf0,0x24,0x5d,0xb8,0xc9,0x43,0xc6,0x8c,0x23,0xcf,0x11,0x72,0xc6,0x55,0x44,0xaa,0x11,0x74,0xe4,0x4c,0xd5,0x24,0xf0,0x49, + 0x04,0xbf,0xeb,0x62,0xd5,0xcd,0xb7,0x33,0x3e,0x09,0x76,0xfa,0xd3,0xa2,0x59,0xdd,0xb9,0xcb,0x52,0x5a,0xee,0xe6,0x83,0x27,0x65,0x7a,0xed,0x59,0x28,0x53,0x52,0xf3,0x47,0x6e,0x88,0xbc,0x97,0x99,0xdf,0x4d,0x0c,0x14,0x2b,0xc6,0x32,0xc8,0x1d,0x40,0x48,0x6f,0xe2,0x37,0x63,0x92,0xe0,0x18,0x0a,0xf9,0x3d,0xeb,0xcb,0x82,0xc6,0x39,0xcd, + 0x04,0x6d,0x86,0x4a,0x7c,0xb7,0xf8,0xe3,0xa1,0xfe,0x1c,0x80,0x94,0xe3,0x85,0x2f,0x8f,0x43,0xcc,0x4c,0xa6,0xa9,0x03,0x95,0x12,0xb2,0xad,0xe5,0xf0,0x40,0xe3,0xb4,0x23,0x7c,0x90,0x8e,0xc1,0xcb,0x9f,0xbc,0x1f,0x6d,0x49,0x46,0x0a,0xc1,0x9f,0x2d,0x45,0x26,0xf6,0x6e,0x00,0xdb,0x60,0xd2,0x07,0x40,0x8b,0xd4,0x6c,0x95,0xbf,0xff,0xf0, + 0x04,0xfe,0xb6,0x8f,0x41,0xe8,0x06,0xa2,0x39,0xf6,0x24,0x45,0xd2,0x3d,0x1b,0x92,0x59,0x78,0xa9,0xb6,0x96,0xd6,0xf0,0xca,0xa9,0xdc,0x29,0xf4,0x05,0x39,0xb0,0x73,0xcc,0x2c,0x90,0x2a,0xff,0xb2,0x00,0x66,0xd2,0xc2,0xc9,0x20,0xce,0xb8,0xa4,0x53,0xe4,0x2c,0xd2,0x45,0x49,0x88,0xc3,0x32,0xcf,0x0d,0xb9,0x07,0xbb,0x4f,0xe9,0x59,0x43, + 0x04,0x57,0xd0,0x4c,0x65,0x33,0x25,0xa6,0xcb,0x99,0x8f,0x61,0xce,0x34,0x71,0x09,0xec,0xa0,0xef,0xff,0x9a,0x16,0xa7,0x34,0x13,0x4a,0x69,0xcd,0x1e,0x0b,0x08,0x1a,0xce,0xb4,0x3a,0xea,0x4f,0x71,0xb1,0xf2,0x80,0x2f,0xbe,0x41,0x07,0xd0,0xbf,0xb9,0xf6,0xfb,0xbd,0xa4,0x64,0x50,0x1b,0x87,0xff,0x73,0xc4,0x71,0x03,0xe3,0x72,0xf6,0x35, + 0x04,0x60,0x5f,0xd3,0x3a,0x42,0xd9,0x21,0xe0,0x1e,0xe7,0xf7,0x58,0x06,0x10,0x6d,0xe7,0x2c,0xb5,0x03,0x9f,0x65,0xff,0x31,0xd6,0xca,0x2e,0x1e,0xfd,0x6a,0xa8,0x1a,0x1c,0x95,0x78,0x9f,0x09,0x23,0xd7,0x05,0xfd,0x19,0xd5,0xa8,0xae,0x18,0xb6,0x66,0x87,0xcb,0x29,0x09,0x1e,0x17,0x94,0x4b,0x37,0xd2,0x7f,0x39,0x8b,0xd5,0x54,0x6b,0xdb, + 0x04,0x30,0x3c,0xe8,0x96,0xaa,0x57,0x0c,0xf8,0xf9,0x79,0x54,0xba,0x48,0xfc,0xc2,0x5f,0x5f,0x25,0x28,0x67,0xf0,0x1a,0x9b,0x9e,0xde,0xce,0xaa,0x6b,0xfc,0xce,0xdf,0x56,0x11,0x34,0xd6,0x29,0x0e,0x16,0x49,0xbb,0x02,0x8a,0x16,0xc6,0xf5,0x4e,0xb0,0x6c,0x7e,0x72,0x4a,0x94,0x7a,0x62,0x48,0x27,0x4a,0x4b,0xf6,0xa6,0xaa,0x13,0x90,0x96, + 0x04,0x1c,0x2c,0xa6,0x73,0x11,0xdc,0x5c,0x45,0x4d,0xc8,0x30,0x38,0x6b,0x79,0x97,0xe5,0x0b,0xc6,0x7e,0x3d,0x5f,0xf5,0x22,0xd3,0xe8,0xa3,0x9f,0x14,0x49,0x98,0xf8,0x84,0x86,0x2c,0x97,0x5f,0x54,0x8a,0x5f,0x55,0xdd,0x85,0x04,0xda,0xb5,0xc9,0xe8,0x8f,0x0e,0xd3,0x12,0x36,0x88,0xd4,0x75,0xb2,0x11,0xda,0x5a,0x4d,0x69,0x20,0xdd,0x63, + 0x04,0x56,0x33,0xcb,0xcf,0xdf,0x74,0x32,0x7d,0xe0,0x88,0x3f,0x59,0xe1,0x78,0x8e,0xed,0x76,0xbb,0x0b,0x9e,0x0f,0x9e,0x55,0xe2,0x76,0x9e,0xc9,0xaa,0x36,0x5a,0x30,0xe1,0xd9,0x13,0xbd,0x53,0x1f,0x4a,0x61,0xc2,0xd0,0x7b,0x84,0x7d,0x31,0x8e,0xe9,0x64,0x82,0xd2,0xf8,0xfa,0x7a,0x12,0xaa,0xb3,0xb3,0x03,0xc1,0x08,0x51,0xce,0x7f,0xcd, + 0x04,0x19,0xd5,0x3e,0x44,0xb0,0x58,0xc3,0x17,0xfb,0xed,0xbf,0x10,0x6c,0x98,0xf3,0x18,0x32,0xcd,0xfb,0x84,0xf2,0x1a,0xdd,0x75,0x3c,0xf2,0x13,0xba,0x5d,0xe9,0x02,0x6a,0x61,0x4c,0xf7,0xb7,0xb6,0x0e,0x75,0x9a,0x15,0xa6,0xc7,0xd8,0x64,0xed,0xde,0xc6,0xdc,0x25,0x35,0x19,0x97,0x5d,0xf7,0xf3,0xe9,0xbc,0x0c,0x77,0xfd,0x80,0xe5,0x10, + 0x04,0x1c,0x96,0xcc,0x2b,0x22,0xe5,0xbd,0xb1,0x95,0xb2,0xa4,0x71,0x87,0xfa,0xd5,0xee,0x67,0x36,0xbd,0x96,0xdc,0xef,0xef,0x20,0x25,0x9a,0x55,0x1e,0x98,0x47,0xb5,0xe0,0xc5,0xab,0x05,0x2c,0x88,0x36,0xe4,0xf7,0xcc,0x7b,0x65,0x54,0x57,0x75,0xd5,0x5b,0x0c,0x7b,0x0c,0x7f,0x83,0x0c,0x65,0x39,0x91,0x5c,0xb6,0x24,0xa5,0x07,0xdb,0xfe, + 0x04,0x73,0x32,0x42,0xcc,0x4a,0xfb,0x82,0x27,0x10,0x34,0x11,0x1b,0x81,0x30,0x9e,0x15,0x6a,0xe4,0x46,0x6e,0x7f,0x2f,0xc5,0xfc,0x10,0x42,0xf4,0xf6,0xe3,0xc4,0x4f,0x43,0x5c,0x6f,0x61,0x4d,0x4b,0xe1,0x8a,0x73,0x17,0x0c,0x85,0xa6,0xb6,0x8a,0x96,0x14,0x05,0x29,0x34,0xe1,0xd6,0x12,0x46,0x6d,0xd4,0x92,0x19,0x89,0x47,0x4f,0xf5,0x13, + 0x04,0x1a,0x24,0xb6,0x52,0x0a,0xf4,0xf0,0x28,0x82,0x4b,0xee,0xce,0x59,0xb6,0x03,0xd1,0x5d,0x6d,0x15,0xcd,0xe0,0x71,0x9a,0xd2,0xf7,0xb8,0xe3,0xfc,0xb6,0xc1,0x34,0x2c,0x7e,0xd7,0x02,0xa3,0x0e,0x87,0x5b,0x24,0x36,0xdb,0x2f,0x2d,0x36,0x87,0xd9,0x58,0x0d,0x3b,0xd7,0xb3,0xf8,0xd1,0x28,0x0a,0x81,0x07,0x1f,0x3c,0xcd,0x6b,0x40,0x7d, + 0x04,0x4a,0xde,0x6f,0xa1,0x3e,0x59,0x11,0x7e,0x05,0x4a,0xc1,0xbc,0xa3,0xca,0x52,0xf4,0x14,0x03,0x54,0x93,0xac,0x2e,0xe7,0xb1,0xa8,0x11,0xf1,0xfb,0x52,0x52,0x1e,0x81,0x16,0xad,0x61,0x2c,0xd7,0xab,0x0c,0x21,0xef,0x78,0x93,0x89,0x45,0xd8,0x70,0xda,0xc8,0x27,0xbe,0xcb,0x5b,0x87,0x3c,0x84,0x22,0x5c,0x4a,0xef,0x15,0x9e,0xe4,0xbb, + 0x04,0x34,0xb2,0xac,0x5a,0x3e,0x49,0x16,0xd0,0x81,0xd1,0xed,0x40,0x4b,0x5b,0xcc,0xfe,0x07,0x6a,0xa7,0xf4,0x1e,0x29,0xd0,0x36,0x23,0x90,0xf7,0xf0,0x84,0x58,0xb4,0x4c,0x25,0x98,0x7b,0x7f,0x7a,0x21,0x43,0x23,0x76,0x3e,0x1a,0xa1,0x04,0x4a,0x87,0x79,0xbb,0xff,0xc5,0xe2,0x2b,0xe6,0x28,0x13,0x8a,0x1d,0x80,0x26,0x83,0x64,0x69,0x8e, + 0x04,0x58,0xc2,0x5f,0x40,0x47,0x78,0x2b,0x81,0x5b,0x41,0x00,0x1d,0xea,0x63,0x6c,0x86,0xef,0x19,0xd6,0x7e,0xc0,0x56,0x32,0x41,0x27,0x22,0x5a,0xaf,0x6f,0xf1,0x08,0x32,0x76,0x13,0x25,0xc4,0xa7,0x03,0x07,0xdc,0xeb,0x9b,0xf4,0x51,0xc7,0x40,0x5e,0x42,0x58,0x08,0x68,0xe6,0x65,0xf3,0xf2,0x59,0x99,0x5f,0x8c,0x35,0x8e,0xb0,0x79,0x9d, + 0x04,0xe3,0xd0,0x5f,0x1a,0xff,0x72,0xac,0xff,0x70,0xe4,0xd5,0x1b,0x42,0x07,0x88,0x0e,0xc0,0x6b,0x4c,0x26,0x9d,0xb0,0x27,0x53,0xd6,0xd8,0x58,0xaa,0x5e,0x6d,0x56,0x1e,0x7c,0x75,0x6f,0x6b,0x0c,0xd1,0x06,0xbb,0x73,0x2e,0x5f,0x20,0xc9,0x1d,0xdd,0xe4,0xf2,0x4a,0x36,0x99,0xdf,0x11,0x25,0x20,0x6f,0xcc,0x47,0x44,0x9a,0xbb,0x7d,0x1e, + 0x04,0x75,0x63,0x8c,0xa9,0xef,0x9f,0xa2,0x52,0x42,0x9d,0x21,0x24,0x3c,0x77,0x8b,0xe3,0x55,0xbd,0x13,0x0c,0x1e,0xf6,0x26,0x59,0x3c,0xa0,0xc2,0x44,0xcf,0x2b,0x6e,0xf2,0x53,0xb8,0x87,0x66,0x23,0x0c,0xe8,0xde,0xd7,0x90,0x09,0x56,0xa5,0x29,0x1a,0x69,0x67,0xc2,0xa5,0x42,0x79,0x84,0x4c,0xb0,0x7d,0x7c,0x58,0x5d,0x87,0xd4,0x06,0x61, + 0x04,0x44,0x68,0x2e,0x43,0x74,0x48,0x73,0x0f,0x59,0x4a,0x82,0x0e,0xad,0x23,0x2c,0x44,0x43,0xf7,0xe7,0x84,0x37,0x0b,0xfb,0x03,0x13,0x04,0xb8,0x51,0x99,0xc4,0x15,0x9f,0x71,0x51,0xec,0xea,0xa0,0xa6,0x98,0xd1,0x57,0x85,0xcc,0x7a,0x2e,0x81,0x2a,0xed,0xa1,0x2f,0x9b,0xa4,0x23,0x8a,0x7f,0x5e,0x76,0xe9,0x30,0xf3,0x90,0x50,0x15,0xaa, + 0x04,0xc9,0x8b,0x01,0xfe,0x92,0xfe,0xae,0x44,0x1d,0x9f,0x4d,0xe5,0x0d,0x4d,0xfb,0xe9,0x78,0x97,0x11,0xd9,0x11,0xbe,0x6e,0xf7,0xcd,0x9c,0x55,0xf4,0xb3,0xe8,0xca,0xbd,0xd9,0xe3,0xaa,0xf1,0x66,0x05,0xb0,0xab,0x50,0x63,0x2d,0xf6,0xc0,0x0e,0xc8,0x55,0x4f,0x36,0xec,0xf4,0x27,0xd3,0x1d,0xf9,0x30,0xd4,0x45,0x8f,0xe1,0xcb,0xaf,0x11, + 0x04,0x91,0x73,0xae,0x01,0x4b,0x64,0x57,0x24,0x58,0x7e,0xe2,0x6e,0x17,0xbf,0xeb,0x61,0xf9,0x12,0x53,0xfe,0x86,0x53,0xda,0xfb,0xda,0x43,0x81,0xda,0x9f,0xa5,0x7e,0x98,0x15,0xa9,0x16,0x6e,0x1d,0xfc,0x2a,0x81,0xcb,0xe1,0x26,0xa2,0x59,0x4e,0x51,0xfb,0x98,0xfb,0xee,0x7b,0x3d,0x65,0x88,0xad,0x86,0xa8,0x64,0x31,0x14,0x14,0x44,0xf4, + 0x04,0xe4,0x10,0x2f,0x16,0xfa,0x7f,0x38,0x6e,0x91,0x2d,0x3a,0x7f,0x77,0xdc,0xc7,0xdc,0x9f,0x8a,0xf5,0x4c,0xae,0x11,0x7d,0xdb,0xa1,0x0a,0x3d,0x09,0x62,0x0e,0xff,0x8c,0x68,0x9c,0x20,0xe1,0x2c,0xe8,0xf7,0x84,0x12,0x94,0x5e,0x1d,0x3a,0xcb,0xf9,0x93,0x5e,0x46,0x53,0xfb,0x0d,0xce,0x02,0xb1,0x4a,0x7d,0x52,0x6a,0x11,0x4f,0x13,0x87, + 0x04,0x7a,0xa6,0x7d,0x00,0x33,0x22,0x6f,0xb2,0xb1,0xbf,0x97,0x5d,0x45,0x68,0xe1,0xf2,0x29,0x9e,0x82,0xf2,0xe4,0x59,0xff,0x0b,0x6e,0xe3,0xc0,0xc5,0x7d,0xbd,0x40,0x41,0x7c,0x20,0x63,0x46,0x44,0x99,0x3b,0xd8,0x4a,0xa3,0x61,0x03,0x7c,0xe8,0xbf,0x3f,0xb7,0x22,0x86,0xdf,0xdf,0x44,0x82,0x45,0x8b,0x07,0x6a,0x7a,0x5f,0x46,0xd1,0xdd, + 0x04,0x80,0x69,0x4b,0xa7,0xd6,0xad,0x6e,0xfa,0x8a,0xd5,0xce,0x04,0x35,0xa1,0xbd,0x22,0x5e,0x02,0x88,0xb6,0xfc,0x22,0xa1,0x1e,0x70,0x13,0xaa,0x0d,0x4e,0x9a,0x49,0x6b,0x31,0x6d,0x67,0xd1,0xc7,0x0e,0x6c,0x13,0x04,0x20,0xf5,0x7c,0xb6,0xe0,0xd6,0x0c,0xda,0x15,0x4c,0x73,0x7f,0x01,0x18,0x00,0x7c,0xfe,0xa5,0xc2,0xd5,0xb4,0xe3,0x97, + 0x04,0x06,0xc6,0x69,0x70,0xe5,0x39,0xd9,0xae,0x0f,0x8f,0x67,0xa7,0x2f,0x42,0x6c,0x10,0x0b,0x3b,0x2c,0xf2,0xe2,0x76,0xe9,0xb0,0xae,0xa7,0x5b,0x4e,0xfc,0x98,0x83,0x25,0x24,0xee,0xab,0x2b,0x41,0x3b,0xa1,0x7d,0xb8,0x11,0xf7,0x40,0xf9,0xfb,0x9f,0xc3,0xc7,0x3b,0x5c,0xe5,0x1f,0x1e,0x74,0xe7,0xe0,0x8b,0xcd,0x8a,0xb4,0x8d,0xae,0x83, + 0x04,0x41,0x27,0x7a,0x6f,0x20,0xd8,0x55,0xaf,0x6a,0xce,0xc5,0x3e,0x99,0x23,0x21,0x6d,0x74,0xee,0x2a,0xed,0x18,0xa4,0x14,0x05,0x91,0xeb,0xbb,0x0b,0x34,0x55,0x07,0x26,0x69,0xbc,0x7f,0x19,0xd6,0x46,0x47,0xe7,0x4f,0xf0,0x0d,0x0c,0x89,0xbb,0xfe,0x50,0x8e,0x32,0x2b,0x43,0x97,0xdd,0xb8,0x56,0x4e,0xd2,0x83,0x2e,0xaa,0x5b,0x2d,0x92, + 0x04,0x14,0x6d,0xee,0x2b,0xca,0xa5,0xcc,0x08,0x17,0xfe,0x19,0x1b,0x6d,0x10,0xde,0xf6,0x25,0x9d,0xf7,0x44,0xaf,0xdc,0x9e,0x5b,0x0d,0xde,0x52,0x3b,0x34,0x8a,0xaa,0xb4,0x45,0xb1,0x54,0x6f,0x79,0xb7,0xa6,0xaa,0xdf,0xa5,0x47,0xbf,0xa4,0x16,0xf6,0x2b,0x54,0xf7,0xa4,0x76,0xd6,0xd8,0x88,0x05,0x6b,0x9c,0x05,0xc7,0x2e,0x01,0x39,0xf1, + 0x04,0xc4,0x8e,0xe9,0x0f,0x8f,0xe8,0x00,0x66,0x40,0x86,0xed,0x5b,0xa1,0x29,0x30,0xca,0xcd,0xfa,0x17,0x5a,0x67,0xa2,0xc4,0x39,0x81,0x68,0xf6,0x26,0x69,0x9d,0xeb,0x8d,0xd7,0x8c,0x35,0xa4,0x80,0x42,0xaa,0xfb,0xc6,0xc7,0xca,0xf3,0xa6,0x83,0x85,0xdd,0xb5,0xd4,0x06,0xac,0xee,0x86,0xd9,0x64,0x03,0xe7,0x5b,0xaf,0xfe,0xce,0x00,0xe3, + 0x04,0x73,0x7d,0x92,0xf5,0xda,0xd5,0x1d,0x58,0x26,0x1a,0x77,0xe7,0x55,0x67,0x8a,0xb0,0x2b,0x10,0x79,0x12,0x04,0x1c,0x5d,0x29,0x5f,0x58,0x29,0xcb,0xd1,0x0c,0xd8,0xc5,0x9b,0x55,0xdd,0x08,0x4f,0x84,0x93,0x7c,0x27,0x56,0x5a,0x90,0x75,0xfe,0x10,0x87,0x45,0xe1,0x70,0x01,0x66,0x67,0x43,0xdb,0x55,0x14,0x36,0xe6,0x91,0xea,0x81,0x8d, + 0x04,0x59,0xef,0xed,0x74,0x73,0x03,0x89,0x1b,0xaa,0xb0,0xe1,0xdf,0xdc,0x32,0xd6,0x99,0x06,0xe0,0xfc,0x68,0x15,0xb0,0x56,0xda,0xe0,0xed,0xa2,0x08,0x09,0x57,0xa3,0xeb,0xf2,0x05,0xfd,0x29,0x9c,0x63,0xe5,0x49,0xd2,0x4c,0x15,0x39,0x35,0xd9,0x50,0x14,0x1c,0x3d,0xc2,0x69,0x9a,0xfe,0x87,0x31,0xa4,0x63,0x04,0xe2,0x03,0xca,0xc1,0x5d, + 0x04,0x8e,0xf9,0xa7,0x99,0x7b,0x71,0x7f,0xdb,0xc5,0xd2,0xa7,0xf9,0xa6,0x7f,0x70,0x5e,0x5d,0xee,0x4c,0x82,0xca,0x38,0x3b,0x7e,0xe2,0xd0,0x7c,0x24,0x85,0x03,0x96,0xd0,0x72,0xc9,0x8f,0x7d,0xc1,0x65,0x8f,0x9d,0xc3,0xc4,0x34,0xa9,0xfd,0xdc,0x2f,0x98,0x6c,0xc0,0xe3,0xe3,0xef,0x40,0x98,0x27,0x53,0x76,0x17,0xee,0x67,0x10,0x5f,0x2b, + 0x04,0x04,0x56,0x9e,0xc9,0xfb,0x3d,0x6b,0xce,0xdc,0x05,0x9e,0x7f,0xd0,0x4a,0xb7,0xd3,0xf6,0xba,0xc7,0x30,0xb1,0xb7,0x5a,0x11,0x74,0x9e,0x43,0x46,0x45,0x8f,0x92,0x96,0xa0,0x51,0xc8,0x4d,0x55,0x8d,0xbd,0x29,0x57,0xc1,0x59,0x07,0x47,0x77,0x76,0xaf,0x66,0x0a,0xc0,0x15,0x82,0xc0,0x01,0xdc,0x1f,0x86,0x8e,0xbf,0xc6,0xb3,0xb2,0x64, + 0x04,0x4b,0x29,0x8a,0x3e,0xba,0x6a,0x09,0xfc,0xd8,0x41,0x59,0x76,0xe0,0xfa,0xea,0x99,0x7f,0xd5,0x19,0xff,0xd3,0x36,0x3b,0xd2,0x01,0x07,0x75,0x21,0x23,0xe1,0x01,0x46,0x6a,0xbb,0x70,0xc0,0x13,0xba,0x23,0x89,0xc3,0x71,0xbe,0x19,0xdd,0x32,0x96,0xf0,0x60,0x0e,0x64,0xf0,0x57,0x55,0xe1,0x5c,0xf8,0x93,0x20,0xac,0x7f,0xfb,0x25,0xd6, + 0x04,0x18,0xbd,0xe0,0x79,0x52,0xd7,0xbe,0x89,0x14,0xd2,0xb2,0x54,0x4c,0x65,0xa3,0xde,0xbd,0xdd,0xd9,0xe7,0xce,0x8a,0x9c,0x46,0xa0,0x3d,0x12,0x4a,0xcf,0xb8,0x54,0x8b,0x01,0xa4,0xa1,0x75,0xa2,0xa8,0x1a,0xf9,0x8e,0x60,0x28,0x77,0x0d,0x05,0x5e,0x22,0xf1,0x01,0x6d,0xf1,0x54,0x62,0xb6,0x5f,0x55,0xa2,0xd4,0x85,0x0c,0xc4,0x15,0xe5, + 0x04,0x00,0x2b,0xeb,0x75,0x5f,0x69,0x4a,0x09,0xf6,0x0b,0xce,0x5b,0x34,0xdc,0x34,0x7c,0x5c,0x3a,0xa2,0x36,0xde,0x90,0x07,0xbc,0xdd,0x07,0x07,0xe9,0xbc,0x80,0x71,0x69,0x4f,0x44,0x3b,0x00,0x45,0x99,0x9f,0x2f,0x58,0x99,0xca,0x79,0x34,0x24,0xa9,0xb4,0x23,0xb0,0xec,0x0a,0x3e,0xdc,0xbb,0xf4,0xaf,0xb9,0xe6,0x65,0x26,0xcf,0x89,0xb2, + 0x04,0x95,0x7e,0x5b,0xcd,0x11,0xfc,0x45,0x0b,0xff,0xce,0xfe,0x63,0x6c,0x0b,0x73,0xf1,0x0f,0xe8,0x58,0x5e,0x04,0xc6,0xc7,0xaa,0x7f,0xa0,0xb6,0x03,0xd2,0x41,0x62,0xd9,0x9e,0x55,0x3e,0x94,0x09,0x56,0xaa,0x04,0xa2,0x37,0xa0,0xc2,0x57,0x0a,0x0c,0x7b,0xc3,0x71,0x21,0x72,0xb8,0xf7,0x8c,0x7b,0x47,0x0a,0x04,0x2a,0xe3,0x1f,0x32,0x23, + 0x04,0xc4,0x3b,0x1b,0x40,0x99,0xda,0x70,0xf8,0xd3,0x3f,0xbb,0x61,0xb6,0x8d,0x9b,0x0e,0x9c,0x7a,0xed,0xd4,0xf4,0x76,0x1c,0x67,0x22,0x99,0x66,0x66,0x97,0x4e,0x29,0x8e,0x97,0x8c,0x02,0xea,0x78,0x99,0xcd,0xd4,0x6a,0x47,0x40,0x5a,0xc0,0xd8,0x9f,0xd6,0xa4,0xd6,0x67,0x18,0xa4,0x50,0x24,0x38,0xad,0x45,0x46,0x32,0x60,0x97,0x68,0x41, + 0x04,0xde,0xb8,0x5f,0x60,0x4b,0xe1,0x93,0x0d,0xba,0xc6,0x62,0x9c,0xb9,0x62,0x10,0xf6,0xfb,0xc8,0x7c,0xe2,0xb2,0x60,0xb6,0x6c,0xc7,0xd6,0x61,0x86,0x18,0x06,0xaf,0xe1,0x12,0x0b,0xbc,0xf8,0x35,0x6d,0xcf,0xbf,0x1d,0xe4,0xbb,0xb7,0xd2,0x06,0x6c,0x3d,0xdd,0xfb,0xaf,0x33,0x0a,0xf7,0x54,0xc5,0x78,0x59,0x13,0x7a,0x9c,0xc4,0xa6,0x8e, + 0x04,0x27,0x89,0x9f,0xe2,0x48,0x11,0xad,0xc8,0x69,0xd4,0x9a,0xc4,0x51,0xcb,0x21,0x06,0x31,0xd1,0x9a,0xff,0x89,0x71,0xac,0x7c,0x3d,0xd2,0xfe,0x82,0x62,0x62,0x50,0x7f,0xd9,0xdd,0xff,0xef,0x4c,0xc9,0xcd,0x81,0xbd,0xd3,0xea,0xb8,0xac,0xdd,0x5c,0x28,0x7a,0x89,0x34,0xf8,0x2d,0xfc,0x25,0x5d,0xde,0xd1,0xac,0x1f,0x11,0x00,0xaa,0x17, + 0x04,0x43,0x01,0xf5,0x4b,0x35,0x92,0xd1,0xea,0x2a,0x40,0x98,0x9c,0x94,0x26,0x1d,0x2b,0x1d,0x1f,0xe2,0x97,0xed,0x6e,0xd6,0x41,0x25,0xee,0x24,0x1d,0xe0,0x5d,0x00,0x4b,0xc7,0x90,0x14,0xf1,0x56,0xe9,0xb7,0xbf,0xb3,0x6b,0x8a,0xd2,0xd6,0x6d,0x55,0xf3,0xa7,0x53,0x82,0x9a,0x9d,0xdb,0x86,0x05,0x5b,0xb9,0x16,0x6d,0xd3,0xaf,0xf4,0x57, + 0x04,0x36,0xb0,0xf6,0x6b,0xf5,0xf9,0xfd,0x4b,0x2d,0xf9,0xcd,0xae,0x2a,0xf8,0x73,0xa0,0x75,0xc5,0x54,0x97,0xd7,0xfe,0xc4,0x73,0x7a,0x7c,0x96,0x43,0xc2,0xc7,0x6f,0xe5,0xda,0x9f,0x72,0x87,0xb3,0xcd,0x4e,0x5f,0x05,0xb9,0xa1,0xa4,0xf6,0x4e,0x8a,0x8d,0x96,0xc3,0x16,0xe4,0x52,0x59,0x4d,0x02,0xa4,0x59,0x2a,0x21,0x07,0xec,0xe9,0x0b, + 0x04,0x82,0xab,0xb5,0x8a,0xfb,0x62,0xd2,0x61,0x87,0x8b,0xde,0xe1,0x26,0x64,0xdf,0x14,0x99,0xb8,0x24,0xf1,0xd6,0x0f,0xb0,0x28,0x11,0x64,0x2c,0xb0,0x2f,0x4a,0xff,0x5d,0x30,0x71,0x98,0x35,0xd9,0x6f,0x32,0xdc,0x03,0xc4,0x9d,0x81,0x5f,0xfa,0x21,0x28,0x57,0x33,0x13,0x7f,0x50,0x7c,0xe3,0x16,0xce,0xc6,0x5c,0xa5,0x62,0xce,0x2a,0xd0, + 0x04,0x7d,0xe7,0xb7,0xcf,0x5c,0x5f,0xf4,0x24,0x0d,0xaf,0x31,0xa5,0x0a,0xc6,0xcf,0x6b,0x16,0x9a,0xad,0x07,0xd2,0xc5,0x93,0x6c,0x73,0xb8,0x3e,0xe3,0x98,0x7e,0x22,0xa1,0x94,0x0c,0x1b,0xd7,0x8e,0x4b,0xe6,0x69,0x25,0x85,0xc9,0x9d,0xc9,0x2b,0x47,0x67,0x1e,0x2c,0xcb,0xcf,0x12,0xa9,0xa9,0x85,0x4c,0x66,0x07,0xf9,0x82,0x13,0xc1,0x08, + 0x04,0x06,0xfa,0x93,0x52,0x72,0x94,0xc8,0x53,0x3a,0xa4,0x01,0xce,0x4e,0x6c,0x8a,0xeb,0x05,0xa6,0x92,0x1b,0xc4,0x87,0x98,0xa8,0xe2,0x0a,0x0f,0x84,0xa5,0x08,0x5a,0xf4,0xec,0x48,0x28,0xf8,0x39,0x4d,0x22,0xde,0x43,0x04,0x31,0x17,0xb8,0x59,0x5f,0xb1,0x13,0x24,0x5f,0x72,0x85,0xcb,0x35,0x43,0x93,0x89,0xe8,0x54,0x7a,0x10,0x50,0x39, + 0x04,0x8a,0x4f,0x62,0x52,0x10,0xb4,0x48,0xdc,0x84,0x6a,0xd2,0x39,0x9b,0x31,0xcd,0x1b,0xc3,0xf1,0x78,0x8c,0x7b,0xed,0x69,0xcc,0x1c,0xb7,0xaa,0xc8,0xab,0x28,0xd5,0x39,0x30,0x07,0xc6,0xf1,0x1f,0x3e,0x24,0x8d,0xe6,0x51,0xc6,0x62,0x2d,0xe3,0x08,0xee,0x55,0x76,0xbe,0x84,0xef,0x1e,0xd8,0xed,0x91,0xfd,0x24,0x4f,0x14,0xfc,0x20,0x53, + 0x04,0x88,0x5e,0x45,0x2c,0xbb,0x0e,0x4b,0x2a,0x97,0x68,0xb7,0x59,0x6c,0x15,0x31,0x98,0xa9,0x22,0xda,0xbb,0xb8,0xd0,0xca,0x1d,0xc3,0xfa,0xf4,0xf0,0x97,0xf0,0x91,0x13,0xbe,0x9a,0xaa,0x63,0x09,0x18,0xd5,0x05,0x60,0x53,0xec,0xf7,0x38,0x8f,0x44,0x8b,0x91,0x2d,0x9c,0xcf,0xbe,0xd8,0x0d,0x7c,0xa2,0x3c,0x0e,0x79,0x91,0xa3,0x49,0x01, + 0x04,0xe2,0x26,0xdf,0x1f,0xcf,0x7c,0x13,0x7a,0x41,0xc9,0x20,0xff,0x74,0xd6,0x20,0x4f,0xaa,0x20,0x93,0xee,0xff,0xc4,0xa9,0xee,0x0a,0x23,0xfb,0x2e,0x99,0x40,0x41,0xc3,0x45,0x71,0x07,0x44,0x2c,0xc4,0xb3,0xaf,0x63,0x1c,0x4d,0xfb,0x5f,0x53,0xe2,0xc5,0x60,0x8b,0xed,0x04,0xff,0x66,0x53,0xb7,0x71,0xf7,0xcd,0x46,0x70,0xf8,0x10,0x34, + 0x04,0xf5,0x3e,0xad,0x95,0x75,0xee,0xbb,0xa3,0xb0,0xeb,0x0d,0x03,0x3a,0xcb,0x7e,0x99,0x38,0x8e,0x85,0x90,0xb4,0xad,0x2d,0xb5,0xea,0x4f,0x6b,0xd9,0xbd,0xe1,0x69,0x95,0xb5,0xf3,0xab,0x15,0xf9,0x73,0xca,0x9e,0x3a,0xa9,0xdf,0xe2,0x91,0x4e,0xeb,0xbd,0x2e,0x11,0x01,0x0b,0x45,0x55,0x13,0x90,0x79,0x08,0x80,0x03,0x96,0xfb,0x9d,0x1a, + 0x04,0x88,0x27,0x73,0xec,0x7e,0x10,0x60,0x5c,0x8f,0x9e,0x2e,0x3b,0x87,0x00,0x94,0x3b,0xe2,0x6b,0xcc,0x4c,0x9d,0x1f,0xed,0xf2,0xbd,0xcf,0xb3,0x69,0x94,0xf2,0x3c,0x7f,0x8e,0x5d,0x05,0xb2,0xfd,0xd2,0x95,0x4b,0x61,0x88,0x73,0x6e,0xbe,0x3f,0x56,0x46,0x60,0x2a,0x58,0xd9,0x78,0xb7,0x16,0xb5,0x30,0x4e,0xa5,0x67,0x77,0x69,0x1d,0xb3, + 0x04,0xa6,0x0b,0x64,0x58,0x25,0x6b,0x38,0xd4,0x64,0x44,0x51,0xb4,0x90,0xbd,0x35,0x7f,0xea,0xde,0x7b,0xb6,0xb8,0x45,0x3c,0x1f,0xc8,0x97,0x94,0xd5,0xa4,0x5f,0x76,0x8d,0x81,0xee,0xe9,0x05,0x48,0xa5,0x9e,0x5d,0x2c,0xec,0xd7,0x2d,0x4b,0x0b,0x5e,0x65,0x74,0xd6,0x5a,0x9d,0x83,0x7c,0x7c,0x59,0x0d,0x1d,0x12,0x5e,0xe3,0x7c,0x4d,0x51, + 0x04,0x52,0xd9,0xa4,0x4b,0xf0,0xbc,0x72,0x9e,0x5f,0x3f,0xfc,0x8a,0x73,0xa4,0xda,0x33,0x2e,0x29,0x62,0xb2,0x20,0x13,0x39,0x1b,0x60,0xeb,0x66,0xde,0x6e,0x1b,0x83,0x43,0x1e,0xb0,0xd9,0xc6,0xe9,0x2a,0x42,0x4b,0xc2,0x4a,0xb2,0x3c,0xaf,0x99,0xe3,0xcd,0xa8,0x30,0x26,0x36,0x89,0x65,0x36,0x26,0xf8,0xbe,0x91,0x59,0x0f,0xb7,0x5c,0xbd, + 0x04,0x78,0xa9,0x9d,0xfc,0xb7,0xdf,0x4d,0x92,0x77,0xf9,0x7b,0x5e,0x24,0xe9,0x79,0xf4,0x8a,0x8a,0xa8,0x98,0x3e,0xf9,0xdd,0x86,0x76,0x5d,0xcc,0xc3,0x3d,0x8a,0xde,0x9f,0x98,0x57,0xdc,0xcc,0xe2,0xa7,0xff,0x0a,0xc4,0x1b,0x25,0x5e,0xb8,0xdf,0x45,0xdf,0x61,0xb4,0xdb,0x58,0xfb,0x5e,0x99,0x76,0x14,0xbf,0x0d,0x5a,0xb2,0x17,0xdd,0x90, + 0x04,0x11,0x62,0x42,0x4a,0xa9,0xfa,0x0d,0x42,0xbf,0x60,0xe0,0x6a,0x16,0xb7,0xe7,0xea,0x45,0xac,0x0e,0x2f,0x07,0xf1,0xe3,0x67,0x35,0xbd,0x0d,0x98,0xc7,0x0b,0x88,0x50,0x69,0x3f,0x2a,0xc1,0x28,0xf4,0x7f,0x21,0x33,0x22,0xc5,0xf8,0x87,0x2d,0xde,0x92,0x61,0xaf,0xfe,0x61,0x4e,0x3f,0x36,0x4a,0x79,0x2d,0x17,0xb0,0xe8,0x42,0x18,0x40, + 0x04,0x30,0xd2,0xd4,0x2a,0x85,0x38,0x5b,0x64,0x81,0x7d,0x09,0x00,0xbc,0x8c,0x98,0x47,0x16,0x93,0x45,0x29,0x05,0x6d,0xa0,0x32,0xd5,0xfd,0xe8,0x44,0x91,0x5d,0x66,0x9b,0x0e,0x5e,0xf4,0x0d,0x56,0x6f,0x5b,0x23,0x99,0x21,0x32,0xc4,0xae,0x58,0x80,0x17,0xeb,0xd1,0x60,0xe5,0xdb,0xf4,0x80,0x4f,0x93,0x6c,0xb0,0xf2,0x57,0xa9,0x34,0x46, + 0x04,0xa7,0x7a,0x25,0x9a,0x55,0xed,0x98,0xd6,0x43,0xe1,0xa3,0xe1,0x38,0x04,0xc9,0x5e,0x54,0x3c,0x15,0x57,0xe6,0x14,0x1e,0x4e,0xd4,0x7d,0xcf,0x13,0xb9,0x41,0xa6,0xfa,0x8b,0xfa,0x5f,0x87,0x9a,0xb1,0x4a,0xeb,0xa7,0xb2,0xac,0x06,0xe5,0xa7,0x19,0xc8,0x6f,0x4a,0x2e,0xd3,0x91,0x16,0x03,0x80,0xaa,0x3b,0x6f,0x74,0x14,0x1c,0xd3,0x54, + 0x04,0xf8,0x94,0x54,0x59,0x3d,0xba,0x57,0x20,0x16,0x4d,0x17,0xbc,0x1c,0xa3,0x2f,0x10,0xdd,0xd1,0xa7,0xd3,0x7b,0x7b,0xf0,0x2e,0x5e,0xc0,0xd5,0x97,0x94,0xf4,0xd6,0x3d,0x34,0x26,0x8d,0xe3,0xf6,0xa2,0xc1,0x08,0x51,0x4a,0x52,0x70,0x2f,0x7e,0x67,0xd2,0x78,0x29,0xfa,0x03,0x40,0xb3,0xc4,0x71,0x06,0x51,0x29,0x14,0x83,0xc8,0xb2,0x13, + 0x04,0xb0,0x0b,0xef,0xcb,0x86,0x8e,0xeb,0x5d,0x55,0x8e,0xf2,0xec,0x2e,0xc6,0x79,0xdc,0x08,0x2e,0xc1,0x5a,0x57,0xc5,0x89,0x93,0x11,0x17,0x84,0x24,0x67,0x4b,0x8f,0x50,0x58,0x87,0x42,0x72,0x8a,0x63,0x84,0xa1,0x80,0x50,0x6b,0x87,0x39,0xa7,0x9c,0x4c,0xe9,0x5e,0x10,0x55,0xc0,0xd0,0xea,0xb2,0x25,0x4c,0xa5,0x5b,0x18,0xa3,0xe7,0xb2, + 0x04,0xb3,0xe2,0xf9,0xc7,0xf9,0xf0,0x68,0xc5,0xda,0x88,0x82,0xfd,0x58,0x1e,0x71,0x12,0xe5,0x38,0xaa,0x01,0xfe,0xb5,0xf0,0x17,0x43,0x3c,0x00,0xfc,0x8a,0x82,0x8f,0xcc,0xc5,0x6a,0x3f,0x69,0x2e,0x3b,0x23,0x7b,0x7c,0xaf,0x49,0x86,0x90,0x09,0xe6,0x74,0x3e,0x35,0xec,0x5a,0xed,0x19,0xd8,0x14,0xcf,0xc1,0x38,0x69,0xf7,0x8e,0xb8,0x95, + 0x04,0xe5,0xda,0xe9,0x77,0x9e,0x0c,0x16,0x8e,0x60,0xb8,0x42,0x50,0x8e,0x25,0x3d,0x2a,0xc8,0x0e,0x7e,0x50,0x4d,0xae,0xd9,0xfa,0xc0,0x77,0xb9,0xb4,0x49,0xc3,0x68,0xb5,0x7b,0xd8,0x66,0x1b,0xbb,0xcc,0xef,0x47,0x8f,0x05,0x0f,0x4f,0xfe,0xc8,0xaa,0x47,0xed,0x7f,0x98,0xe8,0x95,0x14,0xd9,0x08,0x3f,0xac,0xf0,0xa7,0xf2,0xf7,0xb7,0x0f, + 0x04,0x42,0x0e,0x10,0xbb,0x81,0xb3,0x79,0xd7,0x28,0x87,0x9f,0xe6,0x00,0xe6,0xf1,0xbf,0x2b,0x85,0xd8,0x02,0x38,0x48,0xa0,0x40,0xc7,0x65,0x4a,0x97,0x34,0xda,0x1a,0xc4,0xcb,0xee,0x56,0x15,0x71,0xa6,0x16,0xb0,0x94,0xa3,0x84,0x36,0xe0,0x2c,0x6d,0x7b,0x54,0xb4,0x27,0x9a,0x23,0x41,0x93,0xa8,0x28,0xe8,0x6e,0x21,0xe6,0xb7,0x1d,0x16, + 0x04,0x8d,0xbf,0x1b,0xa8,0x75,0x97,0x00,0x4a,0xf5,0x52,0x31,0x72,0x25,0x91,0x6a,0xbf,0x3d,0x71,0xdf,0xf9,0x0f,0xe9,0xe6,0x1f,0x9d,0x28,0x63,0xa6,0xde,0x21,0x8d,0x4a,0x08,0x97,0xe3,0x34,0x00,0x01,0x39,0xb0,0x84,0x9d,0x77,0x27,0x57,0xb1,0x50,0xe5,0xd8,0x6b,0x55,0xd7,0xa0,0x0a,0x74,0x4b,0xcc,0xbb,0x7c,0xb8,0xd1,0xa6,0xb0,0x7b, + 0x04,0x1a,0xcc,0xb8,0x5b,0x61,0x2d,0x32,0xd5,0x84,0x59,0xca,0xec,0x0b,0xb6,0x76,0x8f,0x05,0xce,0x80,0x94,0xe3,0x86,0x24,0x22,0xa7,0xc1,0x23,0x40,0xdd,0x31,0xbd,0x73,0x97,0xe0,0x37,0x7d,0x33,0xcc,0xdc,0xe8,0xbd,0x87,0x2f,0x89,0x8b,0xe6,0xcb,0xcf,0x72,0x74,0xb3,0xbe,0xef,0xb5,0xdd,0x7c,0xad,0xdd,0xf0,0x27,0xd0,0xc0,0x2c,0x2e, + 0x04,0x14,0xee,0xf4,0x1b,0x67,0xc1,0x7b,0x1d,0x4a,0x04,0x05,0x54,0x28,0x7c,0xd6,0xa9,0xe6,0xb3,0x08,0x03,0x35,0xea,0x4e,0x16,0x82,0x1d,0xbd,0x64,0x3e,0xc6,0x7d,0xba,0x6d,0x67,0xca,0xdc,0xbd,0x1a,0x3f,0x02,0x27,0xb7,0xca,0xf2,0xc0,0x60,0x4d,0x2b,0x35,0x07,0xae,0xb9,0x6e,0xd9,0x8c,0x32,0xe2,0x35,0x0f,0xe2,0x95,0xed,0x89,0x98, + 0x04,0xa9,0x9a,0xf5,0xde,0xc3,0xc9,0x95,0x08,0x0d,0xdc,0xc1,0x5d,0x79,0x94,0xda,0xff,0x26,0x6a,0xa5,0x3f,0x18,0x1f,0xba,0x4b,0xcd,0xd5,0x04,0xd2,0x06,0xbf,0xca,0x2f,0x37,0x39,0x58,0x8f,0x07,0x1e,0x41,0x92,0xb6,0x15,0x36,0x1e,0xc8,0x17,0x35,0xfe,0x2e,0xf2,0x92,0x3c,0x40,0x56,0xc4,0x32,0xf4,0xc2,0x78,0x2e,0x5d,0x72,0x22,0x15, + 0x04,0xa3,0x55,0xd8,0xd1,0x7d,0x50,0xf6,0x42,0x8e,0x0a,0xf3,0x45,0x92,0x16,0x62,0x58,0x7e,0x2b,0x62,0x49,0xee,0xd1,0xe3,0x26,0xab,0xb7,0xc8,0x60,0x50,0x36,0xb1,0xdb,0x1f,0xd7,0x2e,0xfa,0xca,0x90,0x82,0xbb,0x6f,0xab,0x44,0x35,0x9f,0xa7,0xf6,0xef,0x8a,0x45,0xd0,0x36,0x85,0x28,0x32,0xe2,0xad,0xe9,0xd4,0x1f,0x28,0x21,0x91,0x44, + 0x04,0xfa,0x53,0xe5,0xb5,0x8d,0x55,0xeb,0xf5,0x17,0xd8,0xdb,0x07,0xb0,0x21,0xd8,0x09,0x18,0xd1,0xf2,0x60,0xf9,0xe0,0xb3,0xd0,0x0b,0xd4,0x7b,0x24,0xa9,0x1a,0xe6,0xab,0x85,0xab,0x2a,0xdc,0xc3,0x1b,0x98,0xca,0xae,0xc2,0x68,0x1a,0x84,0x1d,0x50,0xbc,0x0e,0xda,0x87,0x55,0x61,0xfa,0xb7,0x0c,0x97,0x94,0x63,0xff,0xb6,0xa1,0xd7,0x4c, + 0x04,0x33,0xfe,0x37,0x94,0x93,0x75,0xde,0xbd,0x97,0x34,0xf5,0x4b,0x70,0x36,0xb7,0xa9,0x78,0xbc,0x8f,0xc4,0xae,0x3f,0xe9,0x27,0xa5,0x21,0xf9,0x40,0xd9,0xe3,0x5d,0xd3,0x8f,0x81,0xa9,0x16,0x0c,0x05,0xdf,0x04,0xe3,0x42,0x90,0xdb,0x40,0xc3,0xe0,0x45,0xb8,0x32,0x37,0x39,0x41,0xca,0x85,0xb4,0x33,0x85,0x4e,0x43,0xca,0xed,0x32,0x3d, + 0x04,0xb9,0xba,0x84,0x45,0x06,0x7d,0x0e,0x81,0xbd,0x32,0xdd,0x99,0xe6,0xb4,0xea,0x3d,0x44,0x2d,0x06,0x3a,0x8e,0xb9,0x87,0x35,0x18,0xee,0x3b,0xb1,0x8c,0x05,0x37,0x06,0x09,0x99,0x64,0xb6,0x88,0x91,0x05,0x78,0x4d,0x9d,0x6d,0x9d,0x9a,0xa7,0x9c,0x76,0xb6,0xa3,0xd3,0x37,0x63,0x15,0x95,0x3a,0xfd,0xcb,0x5a,0x74,0x39,0xe7,0xc7,0x06, + 0x04,0x78,0xb2,0x48,0x63,0x42,0x70,0xa7,0xa6,0x64,0x0b,0xd0,0xc6,0x45,0x95,0xdc,0x4e,0x98,0xad,0xfe,0x6b,0xdb,0x81,0x12,0x59,0x3a,0x41,0x73,0xe3,0x6d,0x4a,0x9b,0x49,0x69,0xa1,0xf3,0xd1,0x9b,0x32,0x58,0x98,0xe3,0x64,0x59,0xc4,0x1e,0xba,0x1d,0xe9,0x92,0x29,0xb0,0xba,0x2c,0xf1,0x33,0x74,0x61,0xc8,0x43,0x91,0xd9,0xae,0xa1,0xfc, + 0x04,0xc7,0x88,0x88,0x4a,0xc8,0x68,0x59,0x3d,0xb2,0x41,0xf5,0xb3,0xea,0x70,0x13,0x81,0x0d,0x3c,0xe2,0x8a,0x02,0x68,0x0a,0x96,0xff,0x35,0x7b,0x26,0x1f,0xad,0x61,0x1b,0xef,0x35,0x3b,0x0e,0x82,0xc1,0xc6,0x8c,0x47,0x1f,0xf1,0xed,0x5c,0x47,0x49,0xe1,0x68,0xe7,0xaf,0x85,0x91,0xa5,0xe6,0xda,0xb5,0x99,0xb9,0x66,0x20,0xde,0x0e,0xde, + 0x04,0x18,0x64,0xe3,0x73,0xac,0x60,0xc2,0x35,0x43,0xfe,0xa9,0xe1,0xf2,0x37,0x95,0x0a,0x81,0x69,0xe0,0x7c,0x81,0x7d,0xb6,0x9d,0x50,0x0e,0x55,0x92,0xd1,0xdf,0x9d,0x5a,0x10,0xda,0x46,0x51,0xef,0xcc,0xc4,0x6d,0x37,0xe7,0xea,0xe1,0x6c,0x36,0xac,0x86,0xa9,0xa8,0x6b,0x88,0xad,0x08,0x75,0x1a,0x8d,0xcd,0x15,0x06,0x00,0x19,0x70,0x4b, + 0x04,0xdd,0x73,0x08,0xd2,0xa6,0x75,0x7f,0x92,0x4d,0xc9,0x79,0x06,0x6e,0x75,0xee,0x6f,0xa5,0x2b,0x03,0x39,0x3d,0x28,0x92,0xf5,0x97,0x88,0xef,0xfa,0x55,0x3b,0x69,0x0d,0x1f,0xef,0x00,0xc1,0xc2,0x2b,0xa8,0x0b,0x95,0xd5,0x29,0x78,0x2d,0xbe,0xf5,0x5a,0x63,0x04,0x61,0x79,0xfb,0x4e,0xf0,0x0f,0xdc,0xcf,0x5b,0x62,0xce,0x55,0xc1,0x36, + 0x04,0x57,0x5d,0x51,0xbe,0x2b,0xdd,0xf5,0xbf,0x1a,0xb4,0x24,0x31,0xba,0x7e,0x3b,0x5f,0x29,0x47,0xbc,0x57,0x4d,0xf9,0xf6,0x0a,0x44,0x8b,0x8d,0xb5,0xca,0x28,0xc9,0x2c,0xd8,0x36,0xf5,0x5c,0x55,0x64,0x40,0xa7,0xdf,0x12,0x5d,0xe6,0x59,0x9b,0x21,0xae,0x68,0xf1,0x5d,0x5b,0x9f,0x42,0x2d,0x6e,0xec,0x88,0xab,0x2f,0x65,0x40,0x6b,0xf9, + 0x04,0xc7,0x42,0x2a,0x80,0xae,0xbd,0xb5,0x18,0xbd,0x2d,0xab,0xa6,0x91,0xd3,0x9a,0x25,0xea,0x2f,0xe4,0x9a,0x35,0xcd,0xfb,0x2a,0x0f,0x94,0xbd,0xfb,0xad,0xc6,0x62,0x9a,0xe5,0x5a,0xc7,0xc4,0x00,0xaf,0xd2,0x97,0x6b,0x7c,0x3b,0x24,0xf7,0x12,0x68,0x07,0xa5,0xa0,0xaf,0xb9,0x31,0xcf,0xa5,0xc6,0xad,0xa1,0xf4,0xff,0x98,0x4e,0xa5,0xa7, + 0x04,0xad,0x40,0x62,0x21,0x6f,0x84,0xff,0xd6,0x6e,0x32,0x64,0x97,0xbc,0xbc,0xab,0x98,0x22,0x83,0x49,0x33,0x92,0xec,0x0f,0x73,0x9c,0xef,0x8c,0xd7,0xea,0xf3,0x45,0x34,0x14,0xc5,0xa2,0x89,0xa8,0x46,0xe2,0x8b,0xf2,0x04,0x2e,0xa5,0xdc,0x7b,0x15,0xe2,0x52,0xf4,0x8d,0x3c,0xf9,0x80,0xe7,0xc4,0x75,0x1c,0xc3,0x54,0x93,0xa1,0xc3,0x28, + 0x04,0xcc,0xac,0xd1,0xbf,0x7c,0x7f,0x4e,0xa9,0xc7,0xe5,0x9b,0xd8,0x02,0x80,0x4a,0x9d,0x33,0x52,0x62,0x71,0x6a,0xc2,0x88,0xc6,0xee,0xfd,0x7a,0x71,0x35,0x34,0x9a,0x4f,0x7b,0x86,0x12,0xe2,0xbd,0xbd,0x43,0xb3,0xfc,0x4f,0xa6,0x94,0x1a,0xc1,0x5a,0x8f,0x37,0xe3,0x4f,0xe7,0x81,0x0a,0x0c,0x0d,0x43,0xc0,0x5a,0xfa,0xfb,0x64,0x80,0xef, + 0x04,0x9a,0xa7,0xf1,0xf9,0x34,0x74,0xfa,0x37,0x0c,0x4d,0xf3,0x80,0x5b,0xd2,0x83,0x93,0x28,0x89,0x58,0x80,0xdc,0xe1,0x97,0xa0,0x6c,0xf9,0x05,0x2e,0x6a,0xb7,0xa6,0x93,0x8c,0x9a,0x20,0x8b,0x33,0x5b,0xfd,0xa6,0xb0,0x13,0x21,0xf0,0x29,0xa0,0xd8,0x3c,0x8b,0xb9,0x65,0x61,0x20,0x84,0x81,0xf7,0xaf,0x6c,0x6c,0xf1,0xd2,0x65,0x78,0x43, + 0x04,0x83,0xb7,0xaf,0xfc,0xec,0x11,0x68,0x5d,0x15,0x61,0x4e,0x2d,0x53,0xc1,0xe7,0x35,0x04,0xe3,0xd9,0x83,0x44,0xbb,0xd5,0xfc,0x0a,0xd8,0x6d,0xc4,0xc3,0x67,0x04,0x32,0x3a,0x7f,0x73,0xa0,0x95,0x33,0xd1,0xa1,0x07,0x6a,0xa9,0xc4,0xaf,0x22,0xa6,0xba,0xb9,0x2f,0x3f,0x0d,0x76,0x67,0x98,0xdb,0x7a,0xa4,0x18,0x3c,0x03,0x7f,0x86,0xe6, + 0x04,0xae,0xeb,0xdd,0x97,0x1c,0xf4,0xe9,0x88,0xfa,0xbd,0x80,0x70,0xc7,0x5c,0x64,0xaa,0xb9,0x0a,0x83,0xa3,0x67,0x35,0xfe,0xcf,0xb3,0x85,0x60,0x59,0x79,0xc0,0x08,0xae,0x8c,0x39,0x88,0x8f,0x0d,0xaf,0x74,0xf9,0x8c,0xeb,0xbb,0x08,0xf6,0xb9,0x1a,0x51,0x93,0xf6,0x84,0xa5,0x67,0x61,0xb9,0xf2,0xb6,0x3d,0x87,0xd3,0xf6,0x04,0x91,0xed, + 0x04,0xe3,0x8e,0xec,0x4c,0x1a,0x4d,0x81,0xa5,0xd9,0x94,0xb0,0xd7,0x78,0x03,0x05,0xaf,0x65,0x18,0x92,0xcb,0xf0,0x7f,0x3a,0x07,0x62,0x8f,0x4e,0x24,0x73,0xa8,0xab,0x75,0x4b,0xda,0x96,0x62,0x24,0x62,0x88,0x0d,0x35,0x36,0xd3,0x90,0x13,0x2a,0x85,0xdb,0x61,0x47,0xf8,0x14,0xc6,0x2e,0xfb,0x58,0x0a,0x6f,0x52,0x95,0x98,0xb0,0xdd,0x1e, + 0x04,0x10,0xf0,0x2d,0x49,0x6e,0x9a,0x87,0x58,0xc8,0x31,0x38,0x98,0x92,0xa4,0x5e,0xd0,0x09,0x28,0x2e,0xa1,0xeb,0x20,0x1a,0xb8,0xca,0xf0,0x9e,0x6f,0x2d,0xe9,0xfa,0x4a,0xcc,0x12,0x6b,0xec,0xc2,0x04,0xc4,0x1a,0x94,0xaf,0xf4,0xf2,0xea,0xd7,0x55,0x2e,0xc2,0x3f,0xc6,0x8f,0x00,0x05,0x14,0x76,0x25,0xa9,0x56,0x22,0xb5,0x21,0x09,0x0d, + 0x04,0x4c,0x85,0x9a,0xff,0x34,0x2c,0x56,0xa9,0x50,0x8b,0x85,0x9a,0xb1,0x50,0x9e,0xdc,0xab,0xf6,0x6e,0x04,0x4e,0x20,0x26,0xcc,0x29,0x34,0x74,0x38,0x9b,0x3d,0x58,0xc1,0x6b,0xc0,0x6c,0xf9,0x9d,0xd6,0xd8,0x24,0x9c,0x5d,0x24,0x38,0x6a,0x55,0xa9,0x72,0x14,0xea,0x0c,0xda,0x27,0x0a,0xd9,0x47,0x09,0x86,0xc3,0xa3,0xd0,0x23,0xcb,0x07, + 0x04,0xd1,0xeb,0x4f,0x7c,0x68,0x0a,0x24,0x7a,0x14,0xf3,0xd6,0x7f,0x85,0xcd,0xb1,0xc4,0xc6,0xf1,0x3d,0x44,0x82,0x1f,0xc4,0x56,0xc9,0x24,0x7a,0x60,0x66,0x22,0xaf,0xec,0x49,0x52,0xcf,0x05,0xff,0x06,0xf0,0x6d,0x70,0x30,0xe8,0x89,0x04,0x73,0x70,0x96,0xcb,0xf8,0xdd,0x90,0xe4,0x78,0xa3,0xb5,0xdf,0xed,0x2e,0xe4,0x87,0xa0,0x83,0x5c, + 0x04,0x3b,0xf7,0x9d,0x6c,0x1a,0x20,0xd8,0x51,0x15,0xe9,0x73,0x07,0x97,0x07,0xf5,0x13,0x1e,0xed,0x2f,0x83,0xbe,0x56,0x83,0xc3,0x4d,0x0f,0xb3,0xee,0xe1,0xae,0x40,0xdf,0xd2,0xea,0x4f,0x1b,0x73,0x5c,0xf6,0x23,0x41,0x83,0x5a,0x57,0x21,0xc2,0x5d,0xaa,0x0d,0xc1,0xa3,0x88,0x6a,0xb7,0x5e,0xf6,0x53,0xf4,0x72,0xd8,0xf3,0xaa,0x1e,0x97, + 0x04,0xb1,0xf8,0x08,0x28,0x6a,0x42,0xee,0xee,0x85,0xd5,0x85,0xe5,0x4d,0xc2,0x8a,0xba,0x2a,0xeb,0xfb,0x95,0x68,0x05,0xf5,0xc0,0x11,0x27,0xbc,0xdf,0x43,0x51,0x54,0xcb,0x5b,0x17,0x8f,0xda,0x58,0x96,0xd9,0xe7,0x50,0x86,0x61,0xfe,0xe7,0xee,0x55,0xfa,0x96,0x23,0x61,0x0b,0x3d,0x9f,0x4a,0x59,0x15,0x6b,0x76,0xd8,0x87,0x7b,0x4e,0xf1, + 0x04,0xa2,0x1e,0x80,0xd0,0x9e,0x11,0xac,0xbc,0xcb,0xc9,0x09,0xde,0x6c,0x9f,0x11,0x59,0xad,0xdb,0xb5,0xdd,0x47,0x72,0x11,0xb9,0x0a,0x37,0x0f,0x8c,0x75,0x48,0xe6,0x0d,0x1d,0x7a,0xac,0xb6,0xe4,0x55,0xbc,0xdc,0x23,0x03,0x31,0xd7,0x9a,0xd9,0x46,0x4a,0x77,0xb7,0x02,0xc8,0x58,0x40,0x09,0x00,0xcb,0x44,0x88,0xcb,0x6c,0x28,0xbd,0x61, + 0x04,0x50,0x55,0xa8,0xc4,0x5e,0x81,0x38,0x5f,0x41,0x44,0xc7,0xb6,0xfb,0x32,0x11,0x93,0x95,0xa9,0x4d,0xbd,0x07,0x66,0x5e,0xd7,0xbc,0x1c,0xce,0x1e,0x62,0xdc,0x47,0xc8,0xb6,0xd5,0x0a,0x39,0xa5,0x5d,0x3b,0x8e,0x99,0x66,0x24,0xfb,0x6e,0xc2,0xf2,0x96,0x0c,0x7c,0x2b,0xc0,0xbc,0x94,0xb2,0xa6,0x3d,0x65,0x09,0x6f,0xd9,0x9c,0xa4,0x1a, + 0x04,0xaf,0x52,0x2f,0xc0,0xa6,0x14,0x40,0x17,0x39,0x45,0xb9,0x14,0xd6,0x40,0x4b,0x19,0x40,0xb5,0x47,0xa6,0xf7,0x68,0x55,0x02,0x80,0xfe,0x28,0xbd,0x33,0x1c,0x9c,0x66,0x1d,0x28,0x24,0x29,0xf2,0x91,0x12,0x98,0xf9,0xc5,0xb8,0x2f,0x87,0xc7,0xf5,0x04,0x47,0x06,0x74,0x8c,0x19,0x03,0x56,0x89,0xb2,0x16,0xd6,0x44,0x74,0xbf,0x5a,0xd0, + 0x04,0xec,0x1a,0x88,0x65,0x2d,0xe7,0x14,0xd2,0x1f,0xdd,0xb5,0x4d,0xb4,0xa3,0x42,0x35,0x21,0xae,0xad,0x58,0x28,0xb8,0x43,0xbd,0xde,0x9a,0x42,0xcf,0x4a,0x8b,0xf1,0x24,0xa6,0x95,0x68,0xc6,0x64,0xe2,0xd9,0x31,0x7a,0xc7,0x32,0xc9,0x8c,0x43,0x55,0x48,0xdc,0xec,0x0e,0xeb,0x8a,0xb3,0x10,0x27,0xee,0x5f,0x16,0x93,0xcc,0xd9,0x7c,0x68, + 0x04,0x48,0xe4,0xc9,0xcc,0x88,0xa6,0x01,0xeb,0x63,0x9f,0x81,0xff,0xa6,0x79,0x54,0x0b,0xf1,0xd7,0xbc,0xbe,0x87,0x6a,0x95,0x5e,0x73,0xbf,0xad,0xe0,0x55,0x38,0x41,0x60,0xba,0xe1,0x30,0x24,0x3e,0xf5,0xfd,0x32,0x8f,0x65,0x27,0x8e,0x00,0xca,0xd6,0x00,0x13,0x27,0xab,0x42,0xfd,0xf3,0xb9,0x65,0x4a,0xad,0x6f,0x26,0x05,0x42,0xb0,0x2b, + 0x04,0xe8,0x61,0x37,0x9f,0x1c,0x1b,0x07,0x54,0x01,0x55,0xbb,0xfe,0xf4,0xa6,0x9a,0x84,0xbe,0x81,0xb1,0x44,0x1d,0x43,0xe7,0x85,0x0c,0x7a,0xc1,0x00,0x5a,0x80,0x42,0x38,0xbb,0x33,0xc7,0x98,0x1d,0x38,0x3a,0x06,0xd1,0xb7,0x95,0x55,0x2a,0x7b,0x31,0xf4,0x91,0x45,0xfb,0xa9,0x37,0x87,0x6f,0xdc,0x9f,0x0d,0x13,0x8a,0xa5,0xb3,0xf3,0x22, + 0x04,0xb4,0x48,0x9c,0xd4,0x99,0x16,0x8b,0xd4,0x8c,0xd2,0xc3,0x11,0x67,0xed,0xad,0x24,0x6c,0x63,0x85,0x9b,0xf8,0xb4,0x83,0x98,0x61,0x7a,0x7a,0x05,0x56,0x34,0x1e,0x3c,0x0b,0x0f,0x66,0xf6,0x65,0x03,0x8b,0xaa,0x29,0xdb,0x8c,0x29,0x6d,0x4f,0x2a,0xe0,0x7b,0x9a,0xb9,0x19,0x3b,0xfc,0x00,0x98,0x1d,0x7d,0xf0,0x59,0x9c,0xe0,0x64,0x8d, + 0x04,0x88,0x4e,0x74,0x88,0x5e,0xa4,0x50,0xf5,0xaa,0xb0,0xcc,0x8f,0x06,0xc0,0x06,0x63,0x0e,0x8b,0x18,0x3a,0x06,0xbd,0xa5,0x09,0x32,0x2f,0xcd,0x97,0xba,0x5d,0x2d,0x2b,0x00,0xe1,0x37,0x3d,0x53,0x3b,0xd5,0x92,0x04,0x27,0xd1,0x06,0xb7,0xf3,0x3e,0xeb,0x53,0xd2,0x1b,0x5c,0xf4,0x6c,0xa0,0x15,0x1e,0x91,0x85,0x9e,0x81,0x1a,0x39,0xcb, + 0x04,0xc5,0x02,0x24,0xa8,0xcf,0x3a,0x19,0xda,0x61,0x33,0xe7,0x46,0xd0,0x02,0x17,0x28,0x5d,0xf8,0x55,0x89,0xed,0x33,0x4b,0x54,0xd9,0x5b,0x00,0x5b,0x8f,0x03,0x3f,0x7d,0xf7,0xbc,0x6a,0x5d,0xdc,0x59,0xd0,0x33,0xf0,0xc6,0x6b,0xed,0x57,0x14,0x9a,0x16,0x0f,0x25,0x72,0x31,0x17,0xa2,0xfc,0xd4,0x13,0xaf,0xf8,0xc9,0xad,0xa4,0x3b,0xf9, + 0x04,0xc6,0x6a,0x91,0x7f,0xc4,0x35,0xc9,0xf4,0x1c,0x47,0x42,0x8e,0x71,0x8a,0x30,0x17,0xb3,0xc5,0xc9,0x92,0xb4,0xd9,0x4a,0x66,0x36,0x02,0xf7,0x3f,0xd8,0x25,0xd0,0x43,0xa0,0x3c,0xb9,0xf5,0x81,0x74,0xcf,0xfb,0x35,0x9e,0x2f,0x54,0x1c,0xfb,0x5e,0x55,0x1c,0x50,0xfd,0x81,0x1b,0x82,0x36,0x2e,0xad,0xb2,0x16,0xa4,0xcf,0xd0,0xf8,0xc3, + 0x04,0xf5,0x5a,0x45,0x1e,0x6e,0x0d,0x8f,0x76,0x00,0xc7,0xbf,0x7c,0x05,0x74,0x1c,0x5e,0x59,0x85,0xb8,0xff,0xe4,0xea,0xb6,0x2d,0x4f,0xfc,0x04,0xae,0xdb,0x72,0x5a,0x66,0xe9,0x42,0xcf,0x48,0x6e,0xfc,0xf3,0xb8,0x54,0x88,0xcf,0x3c,0xd4,0xfb,0x02,0x48,0xb8,0x20,0x70,0x3b,0x93,0x8c,0xe7,0x7a,0x07,0x4a,0x2f,0x92,0x86,0xaf,0x03,0xbf, + 0x04,0xa9,0x6a,0xa2,0x5b,0xee,0x8c,0x8c,0xb6,0xf6,0xaa,0xf4,0x0b,0xe9,0x8c,0xa0,0x47,0xda,0x24,0x5e,0x8d,0x4c,0xae,0x28,0xfc,0x89,0x2a,0x03,0x69,0xb2,0x99,0xcb,0xa3,0xef,0x5f,0x54,0xbb,0x59,0xf4,0xad,0x58,0xa8,0x43,0x32,0xa0,0x0d,0x89,0xa1,0xcf,0x3d,0x56,0xc4,0xe6,0xec,0x9c,0x3a,0x46,0x7a,0x4a,0x2a,0x04,0xad,0x3b,0xce,0x97, + 0x04,0x49,0xf5,0x72,0xfa,0x8c,0xdf,0x67,0x50,0xad,0xab,0xc3,0xab,0x0e,0x46,0xbf,0x23,0xdd,0x7a,0xd7,0x11,0x4b,0xf3,0x19,0xf3,0x5a,0xfa,0x6a,0x2c,0xcb,0xe2,0xe7,0xd3,0x43,0xc4,0x4f,0x01,0x8f,0x8e,0xfc,0x9f,0x52,0x69,0x1b,0x27,0x4a,0x8c,0x89,0x28,0x3d,0x13,0xce,0x93,0xd1,0xb5,0x8a,0xea,0x11,0xd6,0x2c,0x88,0x59,0x9c,0x30,0x9c, + 0x04,0xb3,0x6f,0x6b,0x02,0xbf,0x1d,0x21,0x3d,0x9a,0xbc,0xfc,0x98,0xc2,0x5f,0xc8,0x1a,0xb3,0xb9,0x8c,0xb1,0x3d,0x67,0x8d,0xa8,0x71,0x31,0x0a,0xa0,0x93,0xab,0x7b,0x58,0xa5,0x0b,0x13,0x48,0x18,0x32,0x1a,0x48,0xff,0xc1,0xef,0x9f,0x86,0x24,0xe3,0x71,0xdd,0xf0,0x78,0xd8,0x98,0x3f,0xda,0x6c,0x4e,0xb2,0x7d,0xfb,0x25,0x51,0x74,0xe9, + 0x04,0x74,0xf5,0x7f,0xf3,0xda,0x8d,0x60,0xec,0x0b,0x38,0x2e,0x68,0x66,0xbe,0x45,0x02,0xf6,0x95,0x68,0x83,0x84,0xb4,0x05,0xe2,0x17,0x9a,0xab,0x61,0x06,0x61,0x96,0xd7,0xd2,0x40,0x64,0x18,0x5d,0x68,0xde,0x95,0xbd,0x72,0xb2,0x19,0xc0,0xc0,0xa9,0x38,0x79,0x32,0x4f,0x29,0x9f,0xb1,0x92,0x14,0xb3,0x3a,0x3e,0xd2,0xf1,0xbf,0x48,0x23, + 0x04,0x92,0x4f,0xe3,0x43,0x9d,0x35,0x42,0x7e,0x2a,0xd9,0xb1,0xf6,0xe6,0x78,0x77,0xed,0x34,0x41,0xd7,0x4b,0xdd,0x0e,0xb9,0xf8,0x2a,0xe3,0x60,0x43,0x4b,0xc2,0x06,0x24,0x53,0x7e,0x34,0x00,0x00,0x7c,0xd2,0xd1,0x40,0xf2,0xca,0xa0,0xf7,0xb6,0x1c,0x71,0x18,0xab,0xb9,0xac,0x5c,0x76,0x6e,0xca,0xb3,0xf8,0xf7,0x2e,0xa5,0xd9,0x6c,0xdf, + 0x04,0xfb,0x0e,0x48,0xa3,0x81,0x5a,0x2b,0x80,0xe9,0xe7,0x25,0x03,0x6a,0x23,0x97,0x57,0xe9,0xc5,0x98,0x78,0x50,0xa9,0x41,0xc5,0xf5,0xd2,0xb8,0x9b,0x77,0x6a,0xac,0x68,0x3a,0xdb,0x54,0x81,0xfc,0xd8,0x5f,0x00,0x13,0xfe,0xb2,0x05,0x05,0xeb,0xba,0xff,0x27,0xed,0xf8,0x47,0x4a,0x7c,0xf4,0xd9,0x85,0xec,0x56,0x73,0x65,0xec,0xbc,0x1d, + 0x04,0xe6,0x69,0x91,0x5e,0xe1,0x60,0x69,0x4e,0x85,0x59,0xd7,0x96,0x5f,0x7c,0xff,0x94,0x5c,0x1c,0xb0,0x76,0xf1,0x94,0xec,0x98,0x94,0xb1,0xa3,0x8b,0x10,0x72,0x6f,0xb0,0x38,0x96,0x75,0xe3,0x15,0x5b,0x06,0x9b,0x38,0x62,0xda,0x3d,0x11,0x12,0x17,0x9a,0x04,0xac,0xcb,0xe7,0xdb,0xb7,0x0b,0x3c,0xc4,0x8b,0xed,0xb7,0x59,0x1d,0x2e,0xac, + 0x04,0xb7,0x60,0xdf,0xff,0x4c,0x5c,0x20,0x0a,0xec,0x18,0xb9,0x30,0xb1,0x8d,0xf3,0x42,0x97,0xbb,0x42,0x1b,0x96,0x01,0x7e,0xf9,0x02,0x13,0x9f,0xe6,0xb1,0x23,0x49,0xf6,0xcc,0xb8,0xcf,0x83,0xd2,0x83,0x7c,0x75,0x20,0x30,0x0f,0x19,0x7b,0x49,0x1c,0x03,0x68,0x47,0x0e,0xe8,0x6f,0x74,0xca,0x03,0x81,0x68,0x2b,0xb6,0xad,0x80,0x34,0x4f, + 0x04,0xb0,0xe4,0xde,0x91,0x4f,0xe7,0x1b,0x61,0x63,0x6e,0x61,0x39,0x15,0x28,0xef,0xac,0x8b,0x6c,0x11,0xed,0xcd,0x41,0xc9,0x76,0x6a,0xf8,0x69,0x3d,0xbb,0x6e,0x41,0xf2,0x51,0x72,0x93,0x72,0x55,0x52,0xf2,0x2d,0xd6,0xe1,0xdb,0x7c,0x2c,0x24,0x3f,0x80,0xc1,0x07,0x13,0xf6,0xaa,0x48,0xfc,0x5e,0x39,0x5b,0xd9,0xec,0x51,0xf1,0xe9,0xc5, + 0x04,0x8e,0xb6,0xee,0x2e,0xe9,0xe0,0x61,0xac,0xb9,0x31,0x2a,0xd0,0x15,0xb1,0x95,0x4e,0xa4,0x7c,0xa3,0x04,0xa2,0xce,0xbb,0x77,0xf3,0xbf,0x6c,0x78,0x67,0x8c,0x11,0x49,0xd9,0x3f,0xc6,0xe8,0x05,0x61,0xf3,0x11,0x0f,0xd0,0xe9,0x5f,0xdc,0x0c,0xe8,0xda,0x2c,0x3f,0x32,0xf7,0xf5,0x81,0xf9,0xb6,0x66,0xd7,0x49,0x00,0xb3,0x76,0x0b,0x9f, + 0x04,0x90,0x12,0x10,0x21,0x54,0x6a,0x96,0xe7,0x87,0x9d,0x53,0xe7,0xb8,0x5c,0x21,0xf4,0x04,0x7d,0xf4,0x9b,0x9a,0xd8,0x50,0x20,0x10,0x4f,0x21,0x6d,0x01,0x0f,0x52,0x0d,0x1b,0xba,0x6e,0x76,0x57,0x42,0x39,0x5b,0x4c,0x89,0x4f,0xd0,0xea,0xaf,0x87,0x27,0x5d,0x1c,0x77,0x49,0x4c,0x01,0xcc,0xe8,0x82,0xde,0x28,0x05,0xd1,0x92,0x2c,0x0b, + 0x04,0x64,0xc1,0x71,0x2e,0x3e,0x9e,0xf4,0x40,0xc7,0xea,0x8f,0xaf,0x05,0x40,0xd2,0xe6,0xa0,0x5a,0xdc,0xcb,0xd5,0x3a,0x7f,0xb2,0x4f,0xf1,0x6a,0x95,0x02,0xa8,0x18,0xf7,0x47,0xcf,0xaf,0xd2,0x20,0x94,0x30,0xeb,0x77,0x94,0xf5,0xda,0x91,0xd6,0xc5,0xe2,0xdb,0x50,0x5b,0xa2,0x87,0xbc,0x6e,0xf3,0x97,0xbf,0x7f,0x30,0xc7,0x47,0x53,0x6a, + 0x04,0xcb,0xb0,0xde,0xab,0x12,0x57,0x54,0xf1,0xfd,0xb2,0x03,0x8b,0x04,0x34,0xed,0x9c,0xb3,0xfb,0x53,0xab,0x73,0x53,0x91,0x12,0x99,0x94,0xa5,0x35,0xd9,0x25,0xf6,0x73,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x04,0x24,0x80,0x0d,0xea,0xc3,0xfe,0x4c,0x76,0x5b,0x6d,0xec,0x80,0xea,0x29,0x9d,0x77,0x1a,0xda,0x4f,0x30,0xe4,0xe1,0x56,0xb3,0xac,0xb7,0x20,0xdb,0xa3,0x73,0x94,0x71,0x5f,0xe4,0xc6,0x4b,0xb0,0x64,0x8e,0x26,0xd0,0x5c,0xb9,0xcc,0x98,0xac,0x86,0xd4,0xe9,0x7b,0x8b,0xf1,0x2f,0x92,0xb9,0xb2,0xfd,0xc3,0xae,0xcd,0x8e,0xa6,0x64,0x8b, + 0x04,0x8f,0x33,0x65,0x2f,0x5b,0xda,0x2c,0x32,0x95,0x3e,0xbf,0x2d,0x2e,0xca,0x95,0xe0,0x5b,0x17,0xc8,0xab,0x7d,0x99,0x60,0x1b,0xee,0x44,0x5d,0xf8,0x44,0xd4,0x6a,0x36,0x9c,0xf5,0xac,0x00,0x77,0x11,0xbd,0xbe,0x5c,0x03,0x33,0xdc,0x0c,0x06,0x36,0xa6,0x48,0x23,0xee,0x48,0x01,0x94,0x64,0x94,0x0d,0x1f,0x27,0xe0,0x5c,0x42,0x08,0xde, + 0x04,0x14,0x6d,0x3b,0x65,0xad,0xd9,0xf5,0x4c,0xcc,0xa2,0x85,0x33,0xc8,0x8e,0x2c,0xbc,0x63,0xf7,0x44,0x3e,0x16,0x58,0x78,0x3a,0xb4,0x1f,0x8e,0xf9,0x7c,0x2a,0x10,0xb5,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x04,0xb0,0x34,0x44,0x18,0xa4,0x50,0x4c,0x07,0xe7,0x92,0x1e,0xd9,0xf0,0x07,0x14,0xb5,0xd3,0x90,0xe5,0xcb,0x5e,0x79,0x3b,0xb1,0x46,0x5f,0x73,0x17,0x4f,0x6c,0x26,0xfe,0x5f,0xe4,0xc6,0x4b,0xb0,0x64,0x8e,0x26,0xd0,0x5c,0xb9,0xcc,0x98,0xac,0x86,0xd4,0xe9,0x7b,0x8b,0xf1,0x2f,0x92,0xb9,0xb2,0xfd,0xc3,0xae,0xcd,0x8e,0xa6,0x64,0x8b, + 0x04,0x8a,0x98,0xc1,0xbc,0x6b,0xe7,0x5c,0x57,0x96,0xbe,0x4b,0x29,0xdd,0x88,0x5c,0x34,0x85,0xe7,0x5e,0x37,0xb4,0xcc,0xac,0x9b,0x37,0x25,0x1e,0x67,0x17,0x5f,0xf0,0xd6,0x9c,0xf5,0xac,0x00,0x77,0x11,0xbd,0xbe,0x5c,0x03,0x33,0xdc,0x0c,0x06,0x36,0xa6,0x48,0x23,0xee,0x48,0x01,0x94,0x64,0x94,0x0d,0x1f,0x27,0xe0,0x5c,0x42,0x08,0xde, + 0x04,0x1f,0xe1,0xe5,0xef,0x3f,0xce,0xb5,0xc1,0x35,0xab,0x77,0x41,0x33,0x3c,0xe5,0xa6,0xe8,0x0d,0x68,0x16,0x76,0x53,0xf6,0xb2,0xb2,0x4b,0xcb,0xcf,0xaa,0xaf,0xf5,0x07,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x04,0x2b,0x4b,0xad,0xfc,0x97,0xb1,0x67,0x81,0xbc,0xff,0xf4,0xa5,0x25,0xcf,0x4d,0xd3,0x11,0x94,0xcb,0x03,0xbc,0xa5,0x6d,0x9b,0x0c,0xe9,0x6c,0x0c,0x0d,0x20,0x40,0xc0,0x5f,0xe4,0xc6,0x4b,0xb0,0x64,0x8e,0x26,0xd0,0x5c,0xb9,0xcc,0x98,0xac,0x86,0xd4,0xe9,0x7b,0x8b,0xf1,0x2f,0x92,0xb9,0xb2,0xfd,0xc3,0xae,0xcd,0x8e,0xa6,0x64,0x8b, + 0x04,0xe6,0x33,0xd9,0x14,0x38,0x3e,0x77,0x75,0xd4,0x02,0xf5,0xa8,0xf3,0xad,0x0d,0xeb,0x1f,0x00,0xd9,0x1c,0xcd,0x99,0xf3,0x48,0xda,0x96,0x83,0x9e,0xa3,0xcb,0x9d,0x52,0x9c,0xf5,0xac,0x00,0x77,0x11,0xbd,0xbe,0x5c,0x03,0x33,0xdc,0x0c,0x06,0x36,0xa6,0x48,0x23,0xee,0x48,0x01,0x94,0x64,0x94,0x0d,0x1f,0x27,0xe0,0x5c,0x42,0x08,0xde, + 0x04,0xd1,0xc1,0xb5,0x09,0xc9,0xdd,0xb7,0x62,0x21,0xa0,0x66,0xa2,0x2a,0x3c,0x33,0x3f,0xee,0x5e,0x1d,0x2d,0x1a,0x4b,0xab,0xde,0x4a,0x1d,0x33,0xec,0x24,0x7a,0x7e,0xa3,0x01,0x62,0xf9,0x54,0x53,0x4e,0xad,0xb1,0xb4,0xea,0x95,0xc5,0x7d,0x40,0xa1,0x02,0x14,0xe5,0xb7,0x46,0xee,0x6a,0xa4,0x19,0x4e,0xd2,0xb2,0x01,0x2b,0x72,0xf9,0x7d, + 0x04,0x75,0x5d,0x88,0x45,0xe7,0xb4,0xfd,0x27,0x03,0x53,0xf6,0x99,0x9e,0x97,0x24,0x22,0x24,0x01,0x55,0x27,0xbf,0x3f,0x94,0xcc,0x2c,0x69,0x3d,0x1b,0x6b,0xa1,0x22,0x98,0x60,0x4f,0x81,0x74,0xe3,0x60,0x5b,0x8f,0x18,0xbe,0xd3,0x74,0x2b,0x68,0x71,0xa8,0xcf,0xfc,0xe0,0x06,0xdb,0x31,0xb8,0xd7,0xd8,0x36,0xf5,0x0c,0xfc,0xda,0x7d,0x16, + 0x04,0xc6,0xf9,0xfc,0x86,0x44,0xba,0x5c,0x9e,0xa9,0xbe,0xb1,0x2c,0xe2,0xcb,0x91,0x1c,0x54,0x87,0xe8,0xb1,0xbe,0x91,0xd5,0xa1,0x68,0x31,0x8f,0x4a,0xe4,0x4d,0x66,0x80,0x7b,0xc3,0x37,0xa1,0xc8,0x2e,0x3c,0x5f,0x7a,0x29,0x27,0x98,0x7b,0x8f,0xae,0x13,0x62,0x72,0x37,0xd2,0x20,0xfa,0xfb,0x40,0x13,0x12,0x3b,0xfb,0xd9,0x5f,0x0b,0xa5, + 0x04,0xd3,0x17,0x9f,0xce,0x57,0x81,0xd0,0xc4,0x9c,0xe8,0x48,0x0a,0x81,0x1f,0x6f,0x08,0xe3,0xf1,0x23,0xd9,0xf6,0x01,0x0f,0xbf,0x61,0x9b,0x5d,0x86,0x8a,0x8e,0xa8,0x33,0xdd,0xf9,0xa6,0x66,0xbf,0x00,0x15,0xb2,0x0e,0x49,0x12,0xf7,0x0f,0x65,0x5e,0xf2,0x1b,0x82,0x08,0x75,0x96,0xaa,0x1e,0x2f,0x1e,0x28,0x65,0x35,0x0d,0x15,0x91,0x85, + 0x04,0x9e,0x09,0x80,0x95,0x46,0x3c,0x91,0xac,0x71,0x07,0xa9,0x20,0xcc,0xb2,0x76,0xd4,0x5e,0x1f,0x72,0x40,0xef,0x2b,0x93,0xb9,0x57,0xee,0x09,0x39,0x3d,0x32,0xe0,0x01,0x50,0x3a,0xf4,0xa2,0xe3,0xb2,0x62,0x79,0x56,0x4f,0xed,0x8e,0x77,0x2a,0x04,0x3e,0x75,0x63,0x0e,0x4e,0x38,0x59,0x97,0x6e,0xde,0x88,0xff,0xcf,0x16,0xf5,0xca,0x71, + 0x04,0xbf,0x30,0x34,0xa9,0x93,0x51,0x82,0xda,0x36,0x25,0x70,0x31,0x50,0x11,0x54,0x4a,0xc2,0xce,0x8a,0x9c,0x22,0x77,0x7c,0x2f,0xc7,0x67,0xac,0x9c,0x5c,0x0d,0xae,0xeb,0xcf,0x33,0x35,0x62,0xf3,0xe0,0x18,0x89,0x23,0x74,0x35,0x36,0x74,0xde,0x84,0x90,0xfc,0x9d,0x30,0x42,0x65,0x98,0xeb,0x60,0x07,0x79,0x15,0x4b,0xaf,0x2a,0xec,0x17, + 0x04,0x70,0x9c,0x71,0x79,0xc2,0xbb,0x27,0xce,0x39,0x85,0xba,0x42,0xfe,0xb8,0x70,0xf0,0x69,0xda,0xce,0xad,0x92,0x94,0xc8,0x05,0x57,0xbe,0x88,0x2f,0xb5,0x77,0x90,0x48,0x1e,0x6f,0xe2,0xc1,0xa7,0x15,0x16,0x3e,0xfa,0xf8,0x6e,0xa8,0xb1,0xe5,0x5e,0xa5,0x74,0x2d,0x6b,0x04,0x2e,0x6c,0xbf,0x8a,0xcc,0x69,0xc9,0x9f,0x82,0x71,0xa9,0x02, + 0x04,0x26,0x4c,0x00,0xa2,0xd9,0x25,0x14,0xa6,0xdb,0xe6,0x55,0xde,0x3c,0x71,0xa5,0x74,0x0c,0xec,0x4f,0xcb,0x25,0x1a,0xa4,0x8c,0xa6,0x74,0x5d,0xbe,0xa6,0xf5,0xf7,0xcf,0xc1,0xd5,0xee,0x9f,0xc3,0xce,0x49,0xfd,0x45,0x09,0xd3,0x3c,0x4d,0xcf,0xcc,0x1a,0x20,0xa6,0x60,0x52,0x9f,0xa9,0xeb,0xd6,0xe6,0xaf,0xc3,0xd5,0xc8,0x4c,0x72,0xbb, + 0x04,0xa1,0x21,0x24,0x60,0x6b,0xcb,0xbb,0x33,0xce,0xce,0xc7,0xfc,0x8d,0x78,0xb3,0x89,0x71,0x92,0xca,0x85,0x15,0x60,0xc5,0x39,0xe4,0x7d,0xd2,0x76,0xc6,0x3b,0xd3,0xc2,0xf2,0x0a,0x0c,0xa6,0x18,0xba,0x01,0x31,0xa2,0xe3,0x73,0xf3,0x1f,0x73,0xb3,0xf5,0x5e,0x91,0x88,0xd4,0x6f,0xdd,0xbc,0x63,0x87,0xe3,0x2a,0xef,0xb9,0xf3,0xba,0x12, + 0x04,0x24,0x4b,0x7a,0xfe,0x7f,0x31,0x28,0x9f,0x9d,0x6a,0xae,0xb7,0xf7,0x0d,0x29,0xa7,0xb4,0x9a,0x22,0x8c,0x7b,0xb2,0x02,0x76,0x4a,0xba,0x94,0xda,0xaa,0xa3,0x33,0x22,0x70,0xc6,0x09,0x75,0x74,0x8f,0x0c,0x74,0x9a,0x8b,0x0f,0x8f,0xc1,0xe2,0x22,0xdd,0xcb,0xd3,0x38,0x4f,0x6d,0x68,0xf0,0xb6,0xb6,0xff,0x67,0x9b,0x43,0x5c,0xdc,0xb1, + 0x04,0x2a,0xc2,0x9d,0xb2,0xeb,0xc4,0xfa,0x94,0x73,0xb4,0x2b,0xd3,0x35,0xa6,0x02,0x26,0x57,0x9c,0xc1,0x86,0xb2,0xc6,0x76,0xa3,0xb0,0x1b,0xc6,0x0e,0x58,0x96,0x16,0x16,0x5a,0xa9,0xc0,0xd1,0xb2,0x40,0xe6,0xdd,0x42,0x11,0xe3,0x23,0x54,0x25,0x63,0x4b,0x27,0x8a,0xd8,0x8f,0xed,0xe0,0x33,0x7d,0x5a,0xcf,0x31,0x36,0x58,0x7d,0x84,0x13, + 0x04,0xe6,0x2a,0xee,0x52,0x05,0xa8,0x06,0x3e,0x3a,0xe4,0x01,0xd5,0x3e,0x93,0x43,0x00,0x1e,0x55,0xeb,0x5f,0x4e,0x4d,0x6b,0x70,0xe2,0xb8,0x41,0x59,0xcf,0x31,0x57,0xe6,0x4b,0xa2,0xe4,0x20,0xca,0xbc,0x43,0xb6,0xe8,0xe8,0x65,0x90,0xfc,0x23,0x83,0xd1,0x78,0x27,0xdd,0x99,0xa6,0x0c,0x21,0x1f,0x19,0x0a,0x74,0x26,0x91,0x00,0xc1,0x41, + 0x04,0x31,0xdc,0xe6,0xde,0x74,0x1f,0x10,0x26,0x7f,0x2e,0x8f,0x3d,0x57,0x2a,0x4f,0x49,0xbe,0x5f,0xe5,0x2f,0xf7,0xbf,0xf3,0xc3,0xb4,0x64,0x6f,0x38,0x07,0x6c,0x06,0x75,0x27,0x02,0xa5,0x15,0xa9,0xa5,0x0d,0xb1,0xd8,0x6f,0xd4,0x2a,0xea,0x08,0x34,0xda,0xeb,0x62,0xbe,0x03,0xd0,0xcd,0x90,0x33,0xf8,0x4b,0x9c,0x4b,0x56,0xa1,0x9f,0x12, + 0x04,0x65,0x18,0xcd,0x66,0xb1,0xd8,0x41,0xe6,0x89,0xd5,0xdc,0x66,0x74,0xc7,0xcc,0x7d,0x96,0x45,0x74,0xd1,0x49,0x0f,0xff,0x79,0x06,0xbd,0x37,0x34,0x94,0x79,0x15,0x99,0x10,0x42,0x77,0x17,0x06,0x92,0xfa,0x6b,0xf2,0x27,0x05,0x80,0xd5,0x6d,0x1b,0xc8,0x1b,0x54,0xf4,0x77,0xd8,0xab,0x6c,0x3f,0x58,0x42,0x65,0x0a,0xc7,0x17,0x6d,0x71, + 0x04,0x95,0x2a,0x88,0xce,0x31,0xad,0x4c,0xb0,0x86,0x97,0x8e,0x6c,0x56,0x21,0xc3,0xd8,0x02,0x3b,0x2c,0x11,0x41,0x8d,0x6f,0xd0,0xdc,0xef,0x8d,0xe7,0x21,0x23,0xef,0xc1,0x5d,0x36,0x76,0x88,0xfd,0xe5,0xe0,0x82,0xf0,0x97,0x85,0x5a,0x0c,0x0a,0xdc,0x30,0x5d,0xd6,0xcf,0x46,0xf5,0x0c,0xa7,0x58,0x59,0xbb,0x24,0x3b,0x70,0x24,0x96,0x05, + 0x04,0x2a,0x43,0xf3,0x35,0x73,0xb6,0x19,0x71,0x90,0x99,0xcf,0x54,0xf6,0xcc,0xcb,0x28,0xd1,0x6d,0xf3,0x99,0x22,0x39,0xfa,0xdf,0x79,0xc7,0xac,0xb9,0xc6,0x4f,0x7a,0xf0,0xf4,0xd1,0xd2,0x2a,0xf7,0x18,0x7c,0x8d,0xe1,0xb9,0x92,0xa4,0x04,0x6c,0x41,0x9b,0x80,0x1c,0xde,0x57,0xd6,0x38,0xd3,0x0f,0x2e,0x1a,0xc4,0x93,0x53,0x11,0x7a,0x20, + 0x04,0x1b,0x1b,0x0c,0x75,0x40,0x87,0x85,0xe8,0x47,0x27,0xb0,0xe5,0x5e,0x4b,0xa2,0x0d,0x0f,0x25,0x99,0xc4,0xed,0x08,0x48,0x2d,0xc1,0xf3,0xb5,0xdf,0x54,0x56,0x91,0x38,0x01,0x62,0xf9,0x54,0x53,0x4e,0xad,0xb1,0xb4,0xea,0x95,0xc5,0x7d,0x40,0xa1,0x02,0x14,0xe5,0xb7,0x46,0xee,0x6a,0xa4,0x19,0x4e,0xd2,0xb2,0x01,0x2b,0x72,0xf9,0x7d, + 0x04,0x4d,0xd1,0x28,0x3b,0xcc,0xd3,0x6c,0xc3,0x40,0x2f,0x3a,0x81,0xe2,0xe9,0xb0,0xd6,0xa2,0xb2,0xb1,0xde,0xbb,0xbd,0x44,0xff,0xc1,0xf1,0x79,0xbd,0x49,0xcf,0x0a,0x7e,0x60,0x4f,0x81,0x74,0xe3,0x60,0x5b,0x8f,0x18,0xbe,0xd3,0x74,0x2b,0x68,0x71,0xa8,0xcf,0xfc,0xe0,0x06,0xdb,0x31,0xb8,0xd7,0xd8,0x36,0xf5,0x0c,0xfc,0xda,0x7d,0x16, + 0x04,0xa4,0x99,0xdb,0xf7,0x32,0xe4,0x38,0xbe,0x0e,0xb0,0x84,0xb9,0xe6,0xad,0x87,0x9d,0xd7,0xa2,0x90,0x4b,0xbb,0x00,0x4b,0x40,0x02,0x79,0x69,0xa1,0x71,0xf2,0xd4,0x26,0x7b,0xc3,0x37,0xa1,0xc8,0x2e,0x3c,0x5f,0x7a,0x29,0x27,0x98,0x7b,0x8f,0xae,0x13,0x62,0x72,0x37,0xd2,0x20,0xfa,0xfb,0x40,0x13,0x12,0x3b,0xfb,0xd9,0x5f,0x0b,0xa5, + 0x04,0xad,0xcf,0x0f,0xfb,0xa9,0xcb,0x6e,0xf0,0xc8,0x03,0x1c,0x42,0x91,0xa4,0x34,0xb1,0x8d,0x78,0xf4,0x2e,0x45,0xe6,0x2b,0xa0,0x1f,0xbe,0x91,0xf9,0x27,0x3f,0x0a,0xd1,0xdd,0xf9,0xa6,0x66,0xbf,0x00,0x15,0xb2,0x0e,0x49,0x12,0xf7,0x0f,0x65,0x5e,0xf2,0x1b,0x82,0x08,0x75,0x96,0xaa,0x1e,0x2f,0x1e,0x28,0x65,0x35,0x0d,0x15,0x91,0x85, + 0x04,0x21,0x71,0x27,0x25,0xd9,0x80,0x6a,0xcf,0x54,0xd3,0xa6,0xc8,0x2b,0xf9,0x3c,0x0f,0xe2,0x49,0x26,0x8c,0xa9,0xf4,0x2e,0xce,0xac,0x19,0xe9,0x3a,0x5e,0xab,0x80,0x56,0x50,0x3a,0xf4,0xa2,0xe3,0xb2,0x62,0x79,0x56,0x4f,0xed,0x8e,0x77,0x2a,0x04,0x3e,0x75,0x63,0x0e,0x4e,0x38,0x59,0x97,0x6e,0xde,0x88,0xff,0xcf,0x16,0xf5,0xca,0x71, + 0x04,0x1e,0x02,0x17,0x68,0x24,0xbd,0x31,0xea,0xbd,0xce,0x03,0xa9,0x40,0x3c,0x7d,0x3c,0x2a,0xc6,0x31,0xf9,0xb0,0xe8,0x8d,0x9a,0x92,0x47,0x01,0xc1,0xb2,0xf2,0x9b,0x85,0xcf,0x33,0x35,0x62,0xf3,0xe0,0x18,0x89,0x23,0x74,0x35,0x36,0x74,0xde,0x84,0x90,0xfc,0x9d,0x30,0x42,0x65,0x98,0xeb,0x60,0x07,0x79,0x15,0x4b,0xaf,0x2a,0xec,0x17, + 0x04,0x63,0xe7,0xa1,0xaf,0x36,0xd6,0xb5,0x40,0xa4,0x92,0x76,0xaa,0xc3,0xfe,0xc9,0xcb,0x45,0xed,0x6b,0xab,0x16,0x7c,0x06,0xb0,0x41,0x9a,0x77,0xb9,0x13,0x99,0xf6,0x18,0x1e,0x6f,0xe2,0xc1,0xa7,0x15,0x16,0x3e,0xfa,0xf8,0x6e,0xa8,0xb1,0xe5,0x5e,0xa5,0x74,0x2d,0x6b,0x04,0x2e,0x6c,0xbf,0x8a,0xcc,0x69,0xc9,0x9f,0x82,0x71,0xa9,0x02, + 0x04,0x1e,0x26,0x5a,0xb5,0xb7,0xf7,0x19,0x94,0x70,0xe5,0x32,0x65,0x3d,0x2a,0x7b,0x9a,0x8b,0x72,0x89,0x70,0xb8,0x38,0x13,0x7c,0x96,0x92,0xed,0x06,0x92,0x89,0x7b,0x2a,0xc1,0xd5,0xee,0x9f,0xc3,0xce,0x49,0xfd,0x45,0x09,0xd3,0x3c,0x4d,0xcf,0xcc,0x1a,0x20,0xa6,0x60,0x52,0x9f,0xa9,0xeb,0xd6,0xe6,0xaf,0xc3,0xd5,0xc8,0x4c,0x72,0xbb, + 0x04,0x54,0xd2,0xa4,0x39,0x4c,0x10,0x9f,0xcb,0xd3,0xcb,0x98,0x86,0xfe,0xc3,0xad,0xd5,0x1b,0xa4,0xd2,0xe4,0x4e,0x1d,0x56,0x76,0xe4,0xb9,0x8f,0x0c,0x13,0x65,0x5f,0xc5,0xf2,0x0a,0x0c,0xa6,0x18,0xba,0x01,0x31,0xa2,0xe3,0x73,0xf3,0x1f,0x73,0xb3,0xf5,0x5e,0x91,0x88,0xd4,0x6f,0xdd,0xbc,0x63,0x87,0xe3,0x2a,0xef,0xb9,0xf3,0xba,0x12, + 0x04,0x93,0xf1,0x45,0x92,0x07,0xfb,0x09,0xc6,0xf0,0xa8,0x8c,0x39,0x8a,0xc8,0x0d,0x10,0x52,0xa4,0xcd,0x33,0xe7,0xee,0xf5,0x68,0x7d,0xa9,0x9a,0xb9,0x7c,0x60,0x24,0xb7,0x70,0xc6,0x09,0x75,0x74,0x8f,0x0c,0x74,0x9a,0x8b,0x0f,0x8f,0xc1,0xe2,0x22,0xdd,0xcb,0xd3,0x38,0x4f,0x6d,0x68,0xf0,0xb6,0xb6,0xff,0x67,0x9b,0x43,0x5c,0xdc,0xb1, + 0x04,0x1f,0xa0,0x49,0xa1,0x89,0x2b,0x67,0x98,0x57,0xc6,0xdf,0xf0,0x8a,0xf1,0x9d,0xb7,0x0c,0xbc,0x99,0xb6,0xf2,0xd7,0xbc,0x51,0xa3,0x41,0xfe,0x79,0xd1,0x64,0x7f,0x4a,0x5a,0xa9,0xc0,0xd1,0xb2,0x40,0xe6,0xdd,0x42,0x11,0xe3,0x23,0x54,0x25,0x63,0x4b,0x27,0x8a,0xd8,0x8f,0xed,0xe0,0x33,0x7d,0x5a,0xcf,0x31,0x36,0x58,0x7d,0x84,0x13, + 0x04,0x84,0xe0,0xb1,0x92,0xd6,0x0a,0xbf,0x53,0x1e,0x82,0x8e,0x88,0x7d,0x36,0x6d,0x86,0x9e,0x10,0x33,0xa1,0x6e,0x9c,0x7f,0x11,0x67,0x45,0x8c,0x81,0x34,0xc1,0x0f,0xba,0x4b,0xa2,0xe4,0x20,0xca,0xbc,0x43,0xb6,0xe8,0xe8,0x65,0x90,0xfc,0x23,0x83,0xd1,0x78,0x27,0xdd,0x99,0xa6,0x0c,0x21,0x1f,0x19,0x0a,0x74,0x26,0x91,0x00,0xc1,0x41, + 0x04,0x2f,0x97,0x07,0xc6,0x71,0x18,0x72,0x41,0x11,0xef,0xbb,0xbb,0xf0,0x6b,0x62,0x3a,0xb2,0xff,0xd9,0x25,0x9d,0xdc,0x35,0x4f,0xca,0xaf,0x81,0xba,0x01,0xf6,0xfa,0x7b,0x27,0x02,0xa5,0x15,0xa9,0xa5,0x0d,0xb1,0xd8,0x6f,0xd4,0x2a,0xea,0x08,0x34,0xda,0xeb,0x62,0xbe,0x03,0xd0,0xcd,0x90,0x33,0xf8,0x4b,0x9c,0x4b,0x56,0xa1,0x9f,0x12, + 0x04,0xac,0x1f,0xbb,0xe4,0x22,0x93,0xa9,0xf9,0xae,0x10,0x4e,0xe2,0xda,0x0b,0x0a,0x9b,0x34,0x64,0xd5,0xd8,0xb1,0xe8,0x54,0xdf,0x19,0xd3,0xc4,0x45,0x6a,0xf8,0xf9,0xa6,0x10,0x42,0x77,0x17,0x06,0x92,0xfa,0x6b,0xf2,0x27,0x05,0x80,0xd5,0x6d,0x1b,0xc8,0x1b,0x54,0xf4,0x77,0xd8,0xab,0x6c,0x3f,0x58,0x42,0x65,0x0a,0xc7,0x17,0x6d,0x71, + 0x04,0xba,0xe1,0x0c,0xf9,0x3f,0xf7,0xb7,0x2d,0x6e,0xd9,0x85,0x19,0x60,0x2e,0x9f,0x03,0xaa,0x40,0x30,0x3f,0xa0,0x67,0x4f,0xb3,0xdd,0xee,0x7d,0x2d,0xb1,0xc9,0x2b,0xb2,0x5d,0x36,0x76,0x88,0xfd,0xe5,0xe0,0x82,0xf0,0x97,0x85,0x5a,0x0c,0x0a,0xdc,0x30,0x5d,0xd6,0xcf,0x46,0xf5,0x0c,0xa7,0x58,0x59,0xbb,0x24,0x3b,0x70,0x24,0x96,0x05, + 0x04,0xed,0xb4,0x28,0x8c,0xf5,0x56,0x76,0x73,0xd5,0x0a,0x1c,0xd9,0xe6,0xbe,0xa4,0x53,0x17,0x82,0x3f,0x30,0x38,0x3f,0x60,0xd9,0xbc,0x3b,0x9e,0xe4,0x2a,0xc2,0x98,0x71,0xf4,0xd1,0xd2,0x2a,0xf7,0x18,0x7c,0x8d,0xe1,0xb9,0x92,0xa4,0x04,0x6c,0x41,0x9b,0x80,0x1c,0xde,0x57,0xd6,0x38,0xd3,0x0f,0x2e,0x1a,0xc4,0x93,0x53,0x11,0x7a,0x20, + 0x04,0x13,0x23,0x3e,0x80,0xf5,0x9a,0xc2,0xb5,0x97,0x37,0xe8,0x78,0x77,0x78,0x2a,0xb3,0x02,0x7c,0x49,0x0d,0xf8,0xac,0x0b,0xf3,0xf3,0xef,0x16,0x33,0x87,0x2e,0xec,0x54,0x01,0x62,0xf9,0x54,0x53,0x4e,0xad,0xb1,0xb4,0xea,0x95,0xc5,0x7d,0x40,0xa1,0x02,0x14,0xe5,0xb7,0x46,0xee,0x6a,0xa4,0x19,0x4e,0xd2,0xb2,0x01,0x2b,0x72,0xf9,0x7d, + 0x04,0x3c,0xd1,0x4f,0x7e,0x4b,0x77,0x96,0x15,0xbc,0x7c,0xce,0xe4,0x7e,0x7f,0x2b,0x07,0x39,0x4b,0xf8,0xf9,0x85,0x03,0x26,0x34,0x11,0xa5,0x49,0x26,0x4a,0x8f,0xcf,0x19,0x60,0x4f,0x81,0x74,0xe3,0x60,0x5b,0x8f,0x18,0xbe,0xd3,0x74,0x2b,0x68,0x71,0xa8,0xcf,0xfc,0xe0,0x06,0xdb,0x31,0xb8,0xd7,0xd8,0x36,0xf5,0x0c,0xfc,0xda,0x7d,0x16, + 0x04,0x94,0x6c,0x27,0x82,0x88,0x61,0x6a,0xa3,0x47,0x90,0xca,0x19,0x36,0x86,0xe7,0x45,0xd3,0xd5,0x87,0x02,0x86,0x6d,0xdf,0x1e,0x95,0x55,0x07,0x11,0xa9,0xbf,0xbd,0xb8,0x7b,0xc3,0x37,0xa1,0xc8,0x2e,0x3c,0x5f,0x7a,0x29,0x27,0x98,0x7b,0x8f,0xae,0x13,0x62,0x72,0x37,0xd2,0x20,0xfa,0xfb,0x40,0x13,0x12,0x3b,0xfb,0xd9,0x5f,0x0b,0xa5, + 0x04,0x7f,0x19,0x50,0x35,0xfe,0xb2,0xc0,0x4a,0x9b,0x14,0x9b,0xb2,0xed,0x3c,0x5c,0x45,0x8e,0x95,0xe7,0xf7,0xc4,0x18,0xc4,0xa0,0x7e,0xa6,0x10,0x7e,0x4e,0x32,0x45,0x5a,0xdd,0xf9,0xa6,0x66,0xbf,0x00,0x15,0xb2,0x0e,0x49,0x12,0xf7,0x0f,0x65,0x5e,0xf2,0x1b,0x82,0x08,0x75,0x96,0xaa,0x1e,0x2f,0x1e,0x28,0x65,0x35,0x0d,0x15,0x91,0x85, + 0x04,0x40,0x85,0x58,0x44,0xe0,0x43,0x03,0x84,0x3a,0x24,0xb0,0x17,0x07,0x54,0x4d,0x1b,0xbf,0x97,0x67,0x32,0x66,0xe0,0x3d,0x77,0xfb,0xf8,0x0d,0x8b,0x64,0x21,0x9b,0xd8,0x50,0x3a,0xf4,0xa2,0xe3,0xb2,0x62,0x79,0x56,0x4f,0xed,0x8e,0x77,0x2a,0x04,0x3e,0x75,0x63,0x0e,0x4e,0x38,0x59,0x97,0x6e,0xde,0x88,0xff,0xcf,0x16,0xf5,0xca,0x71, + 0x04,0x22,0xcd,0xb3,0xee,0x47,0xf1,0x4b,0x3b,0x0c,0x0c,0x8c,0x25,0x6f,0xb2,0x2e,0x79,0x12,0x6b,0x43,0x6a,0x2c,0x9f,0xf6,0x35,0xa6,0x51,0x51,0xa0,0xf0,0xff,0xb1,0xbf,0xcf,0x33,0x35,0x62,0xf3,0xe0,0x18,0x89,0x23,0x74,0x35,0x36,0x74,0xde,0x84,0x90,0xfc,0x9d,0x30,0x42,0x65,0x98,0xeb,0x60,0x07,0x79,0x15,0x4b,0xaf,0x2a,0xec,0x17, + 0x04,0x2b,0x7b,0xec,0xd7,0x06,0x6e,0x22,0xf1,0x21,0xe7,0xcf,0x12,0x3d,0x48,0xc5,0x44,0x50,0x37,0xc5,0xa7,0x56,0xef,0x31,0x4a,0x66,0xa7,0x00,0x16,0x36,0xee,0x75,0xcf,0x1e,0x6f,0xe2,0xc1,0xa7,0x15,0x16,0x3e,0xfa,0xf8,0x6e,0xa8,0xb1,0xe5,0x5e,0xa5,0x74,0x2d,0x6b,0x04,0x2e,0x6c,0xbf,0x8a,0xcc,0x69,0xc9,0x9f,0x82,0x71,0xa9,0x02, + 0x04,0xbb,0x8d,0xa4,0xa7,0x6e,0xe3,0xd1,0xc4,0xb3,0x34,0x77,0xbc,0x86,0x63,0xde,0xf1,0x67,0xa1,0x26,0xc4,0x22,0xad,0x47,0xf6,0xc2,0xf8,0xb5,0x39,0xc6,0x80,0x89,0x36,0xc1,0xd5,0xee,0x9f,0xc3,0xce,0x49,0xfd,0x45,0x09,0xd3,0x3c,0x4d,0xcf,0xcc,0x1a,0x20,0xa6,0x60,0x52,0x9f,0xa9,0xeb,0xd6,0xe6,0xaf,0xc3,0xd5,0xc8,0x4c,0x72,0xbb, + 0x04,0x0a,0x0c,0x37,0x66,0x48,0x23,0xa5,0x00,0x5d,0x65,0x9f,0x7c,0x73,0xc3,0x9e,0xa1,0x72,0xc8,0x62,0x96,0x9c,0x81,0xe4,0x4f,0x36,0xc8,0x9e,0x7c,0x26,0x5e,0xc8,0xa8,0xf2,0x0a,0x0c,0xa6,0x18,0xba,0x01,0x31,0xa2,0xe3,0x73,0xf3,0x1f,0x73,0xb3,0xf5,0x5e,0x91,0x88,0xd4,0x6f,0xdd,0xbc,0x63,0x87,0xe3,0x2a,0xef,0xb9,0xf3,0xba,0x12, + 0x04,0x47,0xc3,0x3f,0x6f,0x78,0xd3,0xcd,0x99,0x71,0xec,0xc5,0x0e,0x7e,0x2a,0xc9,0x47,0xf8,0xc1,0x10,0x3f,0x9c,0x5f,0x08,0x21,0x37,0x9b,0xd0,0x6a,0xd8,0xfc,0xa4,0x56,0x70,0xc6,0x09,0x75,0x74,0x8f,0x0c,0x74,0x9a,0x8b,0x0f,0x8f,0xc1,0xe2,0x22,0xdd,0xcb,0xd3,0x38,0x4f,0x6d,0x68,0xf0,0xb6,0xb6,0xff,0x67,0x9b,0x43,0x5c,0xdc,0xb1, + 0x04,0xb5,0x9d,0x18,0xab,0x8b,0x0f,0x9d,0xd3,0x34,0x84,0xf4,0x3c,0x3f,0x68,0x60,0x22,0x9b,0xa6,0xa4,0xc2,0x5a,0x61,0xcd,0x0a,0xac,0xa2,0x3b,0x76,0xd6,0x05,0x66,0xcf,0x5a,0xa9,0xc0,0xd1,0xb2,0x40,0xe6,0xdd,0x42,0x11,0xe3,0x23,0x54,0x25,0x63,0x4b,0x27,0x8a,0xd8,0x8f,0xed,0xe0,0x33,0x7d,0x5a,0xcf,0x31,0x36,0x58,0x7d,0x84,0x13, + 0x04,0x94,0xf4,0x60,0x1b,0x24,0x4d,0x3a,0x6e,0xa6,0x99,0x6f,0xa2,0x44,0x36,0x4f,0x79,0x43,0x99,0xe0,0xff,0x43,0x16,0x15,0x7d,0xb6,0x02,0x32,0x22,0xfc,0x0d,0x90,0xbe,0x4b,0xa2,0xe4,0x20,0xca,0xbc,0x43,0xb6,0xe8,0xe8,0x65,0x90,0xfc,0x23,0x83,0xd1,0x78,0x27,0xdd,0x99,0xa6,0x0c,0x21,0x1f,0x19,0x0a,0x74,0x26,0x91,0x00,0xc1,0x41, + 0x04,0x9e,0x8c,0x11,0x5b,0x1a,0xc8,0x7d,0x98,0x6e,0xe1,0xb5,0x06,0xb8,0x6a,0x4e,0x7b,0x8e,0xa0,0x41,0xaa,0x6a,0x63,0xd6,0xec,0x80,0xec,0x0f,0x0c,0xf6,0x9c,0xfb,0x3f,0x27,0x02,0xa5,0x15,0xa9,0xa5,0x0d,0xb1,0xd8,0x6f,0xd4,0x2a,0xea,0x08,0x34,0xda,0xeb,0x62,0xbe,0x03,0xd0,0xcd,0x90,0x33,0xf8,0x4b,0x9c,0x4b,0x56,0xa1,0x9f,0x12, + 0x04,0xee,0xc7,0x76,0xb5,0x2b,0x94,0x14,0x1f,0xc8,0x19,0xd4,0xb6,0xb1,0x2d,0x28,0xe7,0x35,0x55,0xb5,0x56,0x05,0x07,0xab,0xa7,0xdf,0x6f,0x04,0x84,0x00,0x8d,0xe9,0x1f,0x10,0x42,0x77,0x17,0x06,0x92,0xfa,0x6b,0xf2,0x27,0x05,0x80,0xd5,0x6d,0x1b,0xc8,0x1b,0x54,0xf4,0x77,0xd8,0xab,0x6c,0x3f,0x58,0x42,0x65,0x0a,0xc7,0x17,0x6d,0x71, + 0x04,0xaf,0xf4,0x6a,0x38,0x8e,0x5a,0xfc,0x22,0x0a,0x8e,0xec,0x7a,0x49,0xaf,0x9d,0x24,0x53,0x84,0xa3,0xaf,0x1e,0x0b,0x40,0x7b,0x45,0x21,0xf4,0xe9,0x2d,0x12,0xdc,0xeb,0x5d,0x36,0x76,0x88,0xfd,0xe5,0xe0,0x82,0xf0,0x97,0x85,0x5a,0x0c,0x0a,0xdc,0x30,0x5d,0xd6,0xcf,0x46,0xf5,0x0c,0xa7,0x58,0x59,0xbb,0x24,0x3b,0x70,0x24,0x96,0x05, + 0x04,0xe8,0x07,0xe4,0x3d,0x96,0xf3,0x70,0x1a,0x9a,0x5c,0x13,0xd1,0x22,0x74,0x90,0x84,0x17,0x0f,0xcd,0x36,0xa5,0x86,0xa4,0x46,0xc9,0xfc,0xb4,0x60,0x0e,0xed,0xe4,0xfd,0xf4,0xd1,0xd2,0x2a,0xf7,0x18,0x7c,0x8d,0xe1,0xb9,0x92,0xa4,0x04,0x6c,0x41,0x9b,0x80,0x1c,0xde,0x57,0xd6,0x38,0xd3,0x0f,0x2e,0x1a,0xc4,0x93,0x53,0x11,0x7a,0x20, + 0x04,0x79,0x88,0x68,0xa5,0x69,0x16,0xd3,0x41,0xe7,0xd6,0xf9,0x63,0x59,0xae,0x36,0x58,0x83,0x6e,0x22,0x14,0x59,0xf4,0xf7,0xb7,0xb6,0x36,0x94,0xde,0x18,0xa5,0xe9,0x24,0x77,0x13,0xfd,0xb0,0x3a,0x8d,0xe8,0xc6,0xd2,0x9c,0xa3,0x8a,0x9f,0xba,0xa8,0x2e,0x5e,0x02,0xbe,0xad,0x2f,0x9e,0xec,0x69,0xb6,0x44,0x4b,0x7a,0xdb,0x05,0x33,0x3b, + 0x04,0xff,0x41,0x99,0x09,0xd8,0xa8,0xce,0x0a,0x94,0x16,0x05,0x1f,0x4e,0x25,0x62,0x08,0xc1,0xdc,0x03,0x55,0x81,0xa5,0x33,0x12,0xd5,0x66,0x13,0x7e,0x22,0x10,0x4e,0x98,0x77,0x42,0x1a,0xb0,0x1e,0x00,0xe8,0x38,0x41,0xb9,0x46,0xda,0xe5,0xbb,0x5a,0x23,0x97,0x3d,0xaa,0x98,0xfe,0x1a,0x81,0x72,0x88,0x3a,0xbc,0xbe,0xdc,0xed,0x70,0x21, + 0x04,0x8b,0x48,0x11,0x9d,0x70,0x89,0xd3,0xb9,0x5c,0xd2,0xea,0xf8,0xc8,0x55,0x84,0xfa,0x8f,0x5e,0x56,0xc4,0xc4,0xcc,0xee,0x70,0x37,0xd7,0x4c,0xdb,0xf8,0x8e,0x57,0x17,0x14,0xc1,0xaa,0xc5,0xf0,0xbf,0x1b,0x48,0xa4,0xab,0xcf,0x1d,0x92,0x91,0xb9,0xa8,0x77,0x6a,0x00,0x43,0x80,0x54,0x6a,0x5a,0x1c,0x1f,0x29,0x46,0x90,0xf6,0x19,0x69, + 0x04,0xe2,0x88,0x81,0x19,0x37,0x9b,0x5b,0x21,0x51,0xbd,0x78,0x85,0x05,0xde,0xf1,0xd6,0xbd,0x78,0x63,0x29,0x43,0x1c,0xaf,0x39,0x70,0x5d,0x9c,0xbf,0x96,0xa4,0x2e,0xa4,0x3b,0xb7,0x32,0x88,0x39,0xd2,0xae,0xca,0xc6,0x4b,0x1c,0xdb,0x18,0x2f,0x08,0xad,0xcc,0xaa,0xc3,0x27,0xed,0x00,0x89,0x87,0xa1,0x0e,0xdc,0x97,0x32,0x41,0x3c,0xed, + 0x04,0x6d,0xcc,0x39,0x71,0xbd,0x20,0x91,0x3d,0x59,0xa9,0x1f,0x20,0xd9,0x12,0xf5,0x6d,0x07,0xe7,0xf0,0x14,0x20,0x6b,0xef,0x4a,0x65,0x3d,0xdf,0xe5,0xd1,0x28,0x42,0xc3,0x9b,0x51,0xb1,0x7b,0x76,0xea,0x6c,0xc1,0x37,0xee,0xbd,0x93,0xc8,0x11,0xe6,0x36,0xd8,0xae,0x26,0xc7,0x0d,0x06,0x46,0x50,0xf7,0x20,0x5a,0x86,0x5d,0x01,0xa6,0xee, + 0x04,0x7e,0xbe,0xa4,0x58,0x54,0x56,0x9a,0x1f,0x7e,0xa6,0xb9,0x5b,0x82,0xd6,0xbe,0xfe,0xfb,0xf6,0x29,0x6e,0xbc,0x87,0xc8,0x10,0xb6,0xcb,0xa9,0x3c,0x0c,0x12,0x20,0xb2,0x3f,0x18,0x74,0xfa,0x08,0xa6,0x93,0xb0,0x86,0x64,0x3e,0xf2,0x1e,0xb5,0x9d,0x75,0x56,0x2d,0xa9,0x42,0x2d,0x13,0xd9,0xa3,0x9b,0x0b,0x17,0xe2,0x41,0xb0,0x4d,0x32, + 0x04,0xce,0xab,0x59,0x37,0x90,0x0d,0x34,0xfa,0x88,0x37,0x8d,0x37,0x1f,0x4a,0xca,0xa7,0xc6,0xa2,0x02,0x8b,0x61,0x43,0x21,0x34,0x13,0xf1,0x6b,0xa2,0xdc,0x71,0x47,0x87,0x77,0x13,0xfd,0xb0,0x3a,0x8d,0xe8,0xc6,0xd2,0x9c,0xa3,0x8a,0x9f,0xba,0xa8,0x2e,0x5e,0x02,0xbe,0xad,0x2f,0x9e,0xec,0x69,0xb6,0x44,0x4b,0x7a,0xdb,0x05,0x33,0x3b, + 0x04,0xa4,0xff,0xea,0x5e,0x25,0xf7,0x5e,0x4f,0x68,0x9c,0x81,0x08,0x4a,0x35,0xc1,0x22,0x0e,0x8e,0x6b,0x91,0x4c,0x48,0x2f,0x4a,0x2e,0x8f,0x93,0xcf,0xfc,0xa6,0x96,0x47,0x77,0x42,0x1a,0xb0,0x1e,0x00,0xe8,0x38,0x41,0xb9,0x46,0xda,0xe5,0xbb,0x5a,0x23,0x97,0x3d,0xaa,0x98,0xfe,0x1a,0x81,0x72,0x88,0x3a,0xbc,0xbe,0xdc,0xed,0x70,0x21, + 0x04,0xde,0x88,0x09,0xea,0x0e,0xcc,0xe1,0xd2,0x4a,0x04,0x31,0x42,0x95,0x10,0x38,0x3a,0x6f,0x6e,0x5a,0x1c,0x51,0xce,0xa3,0x2d,0x83,0x0c,0x6c,0x35,0x30,0x42,0x60,0x3e,0x14,0xc1,0xaa,0xc5,0xf0,0xbf,0x1b,0x48,0xa4,0xab,0xcf,0x1d,0x92,0x91,0xb9,0xa8,0x77,0x6a,0x00,0x43,0x80,0x54,0x6a,0x5a,0x1c,0x1f,0x29,0x46,0x90,0xf6,0x19,0x69, + 0x04,0x56,0x62,0x09,0xf1,0x74,0xd6,0xbf,0x79,0x72,0x0b,0x70,0xed,0xb2,0x7e,0x51,0x35,0x0b,0xee,0xb2,0xb0,0xbc,0xd0,0x83,0xbb,0xae,0x72,0x14,0xf7,0x1c,0xf8,0x24,0xd4,0x3b,0xb7,0x32,0x88,0x39,0xd2,0xae,0xca,0xc6,0x4b,0x1c,0xdb,0x18,0x2f,0x08,0xad,0xcc,0xaa,0xc3,0x27,0xed,0x00,0x89,0x87,0xa1,0x0e,0xdc,0x97,0x32,0x41,0x3c,0xed, + 0x04,0xcc,0x31,0x81,0xc0,0x12,0x71,0x37,0x53,0x6c,0xee,0xc9,0x4f,0xd4,0x59,0x96,0x65,0x7d,0xf7,0x2e,0x0f,0x97,0xc4,0x4b,0x9d,0xad,0x14,0x76,0x3c,0xe5,0x06,0xe9,0xdc,0x9b,0x51,0xb1,0x7b,0x76,0xea,0x6c,0xc1,0x37,0xee,0xbd,0x93,0xc8,0x11,0xe6,0x36,0xd8,0xae,0x26,0xc7,0x0d,0x06,0x46,0x50,0xf7,0x20,0x5a,0x86,0x5d,0x01,0xa6,0xee, + 0x04,0xd7,0x05,0x2a,0x1e,0xea,0xfc,0x0e,0x78,0xd7,0x9e,0x7f,0x26,0x00,0x3a,0xa0,0xa4,0x09,0x28,0x7c,0xf4,0x76,0x00,0x7d,0xf2,0x8d,0x28,0x1b,0x14,0x2b,0xe1,0xa0,0xe2,0x3f,0x18,0x74,0xfa,0x08,0xa6,0x93,0xb0,0x86,0x64,0x3e,0xf2,0x1e,0xb5,0x9d,0x75,0x56,0x2d,0xa9,0x42,0x2d,0x13,0xd9,0xa3,0x9b,0x0b,0x17,0xe2,0x41,0xb0,0x4d,0x32, + 0x04,0xb7,0xcc,0x3e,0x23,0x06,0xdb,0xf7,0xc3,0x8f,0xf1,0x79,0x65,0x87,0x06,0xfe,0xff,0xb5,0xef,0xdb,0x60,0x44,0xc7,0xe7,0x14,0x35,0xd7,0xff,0x7d,0x0a,0xe8,0xc7,0xb3,0x77,0x13,0xfd,0xb0,0x3a,0x8d,0xe8,0xc6,0xd2,0x9c,0xa3,0x8a,0x9f,0xba,0xa8,0x2e,0x5e,0x02,0xbe,0xad,0x2f,0x9e,0xec,0x69,0xb6,0x44,0x4b,0x7a,0xdb,0x05,0x33,0x3b, + 0x04,0x5b,0xbe,0x7c,0x98,0x01,0x5f,0xd3,0xa6,0x03,0x4d,0x79,0xd8,0x67,0xa4,0xdc,0xd5,0x2f,0x95,0x91,0x19,0x32,0x12,0x9d,0xa2,0xfc,0x0a,0x58,0xaf,0xe1,0x49,0x13,0x7f,0x77,0x42,0x1a,0xb0,0x1e,0x00,0xe8,0x38,0x41,0xb9,0x46,0xda,0xe5,0xbb,0x5a,0x23,0x97,0x3d,0xaa,0x98,0xfe,0x1a,0x81,0x72,0x88,0x3a,0xbc,0xbe,0xdc,0xed,0x70,0x21, + 0x04,0x96,0x2f,0xe4,0x78,0x80,0xa9,0x4a,0x74,0x59,0x28,0xe3,0xc4,0xa2,0x9a,0x42,0xcb,0x01,0x33,0x4f,0x1e,0xe9,0x64,0x6e,0x62,0x45,0x1c,0x46,0xec,0xd7,0x2f,0x41,0x09,0x14,0xc1,0xaa,0xc5,0xf0,0xbf,0x1b,0x48,0xa4,0xab,0xcf,0x1d,0x92,0x91,0xb9,0xa8,0x77,0x6a,0x00,0x43,0x80,0x54,0x6a,0x5a,0x1c,0x1f,0x29,0x46,0x90,0xf6,0x19,0x69, + 0x04,0xc7,0x15,0x74,0xf5,0x53,0x8d,0xe5,0x65,0x3c,0x37,0x16,0x8d,0x47,0xa2,0xbc,0xf4,0x36,0x98,0xea,0x26,0x00,0x12,0xcd,0x0a,0xe1,0x30,0x4e,0x47,0x4c,0x63,0xa4,0xe6,0x3b,0xb7,0x32,0x88,0x39,0xd2,0xae,0xca,0xc6,0x4b,0x1c,0xdb,0x18,0x2f,0x08,0xad,0xcc,0xaa,0xc3,0x27,0xed,0x00,0x89,0x87,0xa1,0x0e,0xdc,0x97,0x32,0x41,0x3c,0xed, + 0x04,0xc6,0x02,0x44,0xce,0x30,0x6e,0x37,0x6f,0x39,0x68,0x17,0x8f,0x52,0x93,0x74,0x2d,0x7a,0x20,0xe1,0xdc,0x47,0xcf,0xc5,0x17,0xed,0xad,0xa9,0xdb,0x49,0xd0,0xcb,0xbf,0x9b,0x51,0xb1,0x7b,0x76,0xea,0x6c,0xc1,0x37,0xee,0xbd,0x93,0xc8,0x11,0xe6,0x36,0xd8,0xae,0x26,0xc7,0x0d,0x06,0x46,0x50,0xf7,0x20,0x5a,0x86,0x5d,0x01,0xa6,0xee, + 0x04,0xaa,0x3c,0x31,0x88,0xc0,0xad,0x57,0x67,0xa9,0xba,0xc7,0x7e,0x7c,0xee,0xa0,0x5c,0xfa,0xe1,0x59,0x9c,0xcd,0x77,0xb9,0xfc,0xbc,0x0c,0x3b,0xad,0xc8,0x0c,0x36,0xca,0x3f,0x18,0x74,0xfa,0x08,0xa6,0x93,0xb0,0x86,0x64,0x3e,0xf2,0x1e,0xb5,0x9d,0x75,0x56,0x2d,0xa9,0x42,0x2d,0x13,0xd9,0xa3,0x9b,0x0b,0x17,0xe2,0x41,0xb0,0x4d,0x32, + 0x04,0x2c,0xce,0x8d,0xdf,0xe4,0x82,0x7d,0xc0,0x30,0xdd,0xf3,0x8f,0x99,0x8b,0x3f,0x2e,0xd5,0xe0,0x62,0x1d,0x0b,0x38,0x05,0x66,0x6d,0xaf,0x48,0xc8,0xc3,0x1e,0x75,0xe5,0x19,0x8d,0x9e,0xf4,0xe9,0x73,0xb6,0xbd,0xeb,0xe1,0x19,0xa3,0x5f,0xaa,0xe8,0x61,0x91,0xac,0xd7,0x58,0xc1,0xed,0x8a,0xcc,0xaf,0x1e,0x70,0x6a,0xd5,0x5d,0x83,0xd7, + 0x04,0x14,0xbf,0xc3,0xe5,0xa4,0x6b,0x69,0x88,0x1a,0x9a,0x34,0x6d,0x95,0x89,0x44,0x18,0x61,0x4e,0xd9,0x14,0x76,0xa1,0xdd,0xce,0x48,0x67,0x6b,0x7c,0xba,0xb9,0xba,0x02,0xf3,0x34,0xd6,0x4f,0x2c,0xaf,0x56,0x1b,0x06,0x3b,0xc1,0xf7,0x88,0x9e,0x93,0x73,0x02,0xa4,0x55,0xff,0x68,0x5d,0x8a,0xe5,0x7c,0xb2,0x44,0x4a,0x17,0xda,0xd0,0x68, + 0x04,0xbd,0x44,0x2f,0xa5,0xa2,0xa8,0xd7,0x2e,0x13,0xe4,0x4f,0xd2,0x22,0x2c,0x85,0xa0,0x06,0xf0,0x33,0x75,0xe0,0x21,0x1b,0x27,0x2f,0x55,0x50,0x52,0xb0,0x3d,0xb7,0x50,0xbe,0x34,0x57,0x37,0xf7,0xc6,0xb5,0xe7,0x0e,0x97,0xd9,0xfe,0x9d,0xc4,0xca,0x94,0xfb,0x18,0x5f,0x4b,0x9d,0x2a,0x00,0xe0,0x86,0xc1,0xd4,0x72,0x73,0xb3,0x36,0x02, + 0x04,0x0d,0x7a,0x3f,0xf4,0x9b,0xda,0x6a,0x58,0x7e,0xd0,0x76,0x91,0x45,0x04,0x25,0xaa,0x02,0xd2,0x53,0xba,0x57,0x3a,0x16,0xad,0x86,0xc6,0x1a,0xf4,0x12,0xdd,0x3c,0x77,0x0b,0x6d,0x3b,0x9e,0x57,0x0b,0xa0,0x04,0x87,0x7c,0x9a,0x69,0xe4,0x81,0xfe,0x21,0x5d,0xe0,0x3a,0x70,0x12,0x63,0x05,0xa4,0x52,0x82,0x6e,0x66,0xd9,0xb5,0x58,0x3e, + 0x04,0xbd,0xea,0x5d,0x2a,0x3a,0xdd,0xe7,0xdf,0x2e,0x83,0x9f,0xf6,0x3f,0x62,0x53,0x4b,0x3f,0x27,0xcb,0x19,0x1b,0xb5,0x4d,0xfa,0x1d,0x39,0xcb,0xff,0x71,0x3b,0xa9,0xed,0x30,0x7d,0x8f,0x1d,0x02,0xc6,0xf0,0x71,0x46,0x65,0x5e,0x63,0x83,0xb0,0xef,0x30,0x35,0xbe,0xe7,0x06,0x7c,0x33,0x6f,0xdb,0x91,0x36,0x5e,0x19,0x7a,0x97,0xb6,0x16, + 0x04,0xd4,0xc0,0x63,0xe3,0xc0,0x36,0xf4,0x7c,0x92,0xf6,0xf5,0x47,0x0a,0x26,0xa8,0x35,0xe1,0xa2,0x45,0x05,0xb1,0x4d,0x1b,0x29,0x27,0x90,0x62,0xa1,0x6c,0xf6,0xf4,0x89,0x19,0x8d,0x9e,0xf4,0xe9,0x73,0xb6,0xbd,0xeb,0xe1,0x19,0xa3,0x5f,0xaa,0xe8,0x61,0x91,0xac,0xd7,0x58,0xc1,0xed,0x8a,0xcc,0xaf,0x1e,0x70,0x6a,0xd5,0x5d,0x83,0xd7, + 0x04,0x3c,0xb9,0xf0,0x79,0x97,0x75,0x68,0x59,0xe9,0xb9,0xa8,0x5b,0x68,0x1f,0xa5,0x0e,0xe2,0x03,0x57,0xf5,0x35,0xc1,0xb3,0x11,0xc4,0x63,0x7d,0x16,0xb7,0x6b,0x9e,0xbf,0xf3,0x34,0xd6,0x4f,0x2c,0xaf,0x56,0x1b,0x06,0x3b,0xc1,0xf7,0x88,0x9e,0x93,0x73,0x02,0xa4,0x55,0xff,0x68,0x5d,0x8a,0xe5,0x7c,0xb2,0x44,0x4a,0x17,0xda,0xd0,0x68, + 0x04,0x79,0x34,0x12,0xff,0x63,0x6c,0x08,0xa2,0xd0,0xf6,0xd6,0x0c,0xc6,0x08,0xe9,0xa9,0x09,0x83,0x49,0xa2,0x50,0x1f,0x91,0xc9,0x5f,0x69,0x20,0x10,0xbc,0x12,0x38,0xb2,0xbe,0x34,0x57,0x37,0xf7,0xc6,0xb5,0xe7,0x0e,0x97,0xd9,0xfe,0x9d,0xc4,0xca,0x94,0xfb,0x18,0x5f,0x4b,0x9d,0x2a,0x00,0xe0,0x86,0xc1,0xd4,0x72,0x73,0xb3,0x36,0x02, + 0x04,0xbd,0x1e,0xb0,0x84,0x9e,0x2e,0x6a,0x13,0xd5,0x4b,0x76,0x51,0x8f,0x11,0xba,0x87,0x75,0xc2,0xd7,0x63,0x4d,0x85,0x15,0x25,0x34,0xbc,0x7c,0x3a,0xf4,0x16,0x1e,0xfa,0x0b,0x6d,0x3b,0x9e,0x57,0x0b,0xa0,0x04,0x87,0x7c,0x9a,0x69,0xe4,0x81,0xfe,0x21,0x5d,0xe0,0x3a,0x70,0x12,0x63,0x05,0xa4,0x52,0x82,0x6e,0x66,0xd9,0xb5,0x58,0x3e, + 0x04,0x62,0x4b,0x3b,0x4b,0xa9,0x93,0xa8,0xb9,0x38,0x12,0x56,0x89,0xf6,0xcf,0x75,0x73,0x92,0xee,0x39,0x0d,0x14,0xa9,0x0f,0xea,0x6d,0xb9,0x44,0xb5,0xa8,0xde,0xb8,0xd0,0x30,0x7d,0x8f,0x1d,0x02,0xc6,0xf0,0x71,0x46,0x65,0x5e,0x63,0x83,0xb0,0xef,0x30,0x35,0xbe,0xe7,0x06,0x7c,0x33,0x6f,0xdb,0x91,0x36,0x5e,0x19,0x7a,0x97,0xb6,0x16, + 0x04,0xfe,0x71,0x0e,0x3c,0x5b,0x46,0x8d,0xc3,0x3c,0x2b,0x17,0x29,0x5c,0x4e,0x18,0x9b,0x48,0x7d,0x58,0xdd,0x43,0x7a,0xdf,0x70,0x6a,0xc0,0x54,0x93,0xcf,0xea,0x8d,0xf0,0x19,0x8d,0x9e,0xf4,0xe9,0x73,0xb6,0xbd,0xeb,0xe1,0x19,0xa3,0x5f,0xaa,0xe8,0x61,0x91,0xac,0xd7,0x58,0xc1,0xed,0x8a,0xcc,0xaf,0x1e,0x70,0x6a,0xd5,0x5d,0x83,0xd7, + 0x04,0xae,0x86,0x4b,0xa0,0xc4,0x1f,0x2e,0x1d,0xfb,0xac,0x23,0x37,0x02,0x57,0x16,0xd8,0xbc,0xad,0xce,0xf6,0x53,0x9c,0x6f,0x1f,0xf3,0x35,0x17,0x6b,0x8d,0xda,0xa3,0x6e,0xf3,0x34,0xd6,0x4f,0x2c,0xaf,0x56,0x1b,0x06,0x3b,0xc1,0xf7,0x88,0x9e,0x93,0x73,0x02,0xa4,0x55,0xff,0x68,0x5d,0x8a,0xe5,0x7c,0xb2,0x44,0x4a,0x17,0xda,0xd0,0x68, + 0x04,0xc9,0x87,0xbd,0x5a,0xf9,0xeb,0x20,0x2f,0x1b,0x24,0xda,0x21,0x17,0xca,0x90,0xb6,0xef,0x8c,0x82,0xe7,0xcf,0xbf,0x53,0x0f,0x71,0x41,0x8f,0x9a,0x93,0xb0,0x08,0x5c,0xbe,0x34,0x57,0x37,0xf7,0xc6,0xb5,0xe7,0x0e,0x97,0xd9,0xfe,0x9d,0xc4,0xca,0x94,0xfb,0x18,0x5f,0x4b,0x9d,0x2a,0x00,0xe0,0x86,0xc1,0xd4,0x72,0x73,0xb3,0x36,0x02, + 0x04,0x35,0x67,0x0f,0x86,0xc5,0xf7,0x2b,0x93,0xab,0xe4,0x13,0x1d,0x2b,0xea,0x1f,0xce,0x87,0x6a,0xd4,0xe2,0x5b,0x40,0xd4,0x2d,0x44,0x7d,0x68,0xcf,0xf9,0x0c,0xa0,0xbe,0x0b,0x6d,0x3b,0x9e,0x57,0x0b,0xa0,0x04,0x87,0x7c,0x9a,0x69,0xe4,0x81,0xfe,0x21,0x5d,0xe0,0x3a,0x70,0x12,0x63,0x05,0xa4,0x52,0x82,0x6e,0x66,0xd9,0xb5,0x58,0x3e, + 0x04,0xdf,0xca,0x67,0x8a,0x1b,0x8e,0x6f,0x67,0x99,0x6a,0x09,0x7f,0xc9,0xce,0x37,0x41,0x2d,0xe9,0xfb,0xd9,0xcf,0xa1,0xa2,0x1b,0x75,0x0c,0xef,0x48,0xe5,0xe5,0x95,0xa1,0x30,0x7d,0x8f,0x1d,0x02,0xc6,0xf0,0x71,0x46,0x65,0x5e,0x63,0x83,0xb0,0xef,0x30,0x35,0xbe,0xe7,0x06,0x7c,0x33,0x6f,0xdb,0x91,0x36,0x5e,0x19,0x7a,0x97,0xb6,0x16, + 0x04,0x32,0xbd,0xd9,0x78,0xeb,0x62,0xb1,0xf3,0x69,0xa5,0x6d,0x09,0x49,0xab,0x85,0x51,0xa7,0xad,0x52,0x7d,0x96,0x02,0xe8,0x91,0xce,0x45,0x75,0x86,0xc2,0xa8,0x56,0x9e,0x98,0x1e,0x67,0xfa,0xe0,0x53,0xb0,0x3f,0xc3,0x3e,0x1a,0x29,0x1f,0x0a,0x3b,0xeb,0x58,0xfc,0xeb,0x2e,0x85,0xbb,0x12,0x05,0xda,0xce,0xe1,0x23,0x2d,0xfd,0x31,0x6b, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2e, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2f, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2e, + 0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2f, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2e,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2e,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2e,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2e, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2e,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2f, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2e, + 0x04,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2f, + 0x04,0x49,0xc2,0x48,0xed,0xc6,0x59,0xe1,0x84,0x82,0xb7,0x10,0x57,0x48,0xa4,0xb9,0x5d,0x3a,0x46,0x95,0x2a,0x5b,0xa7,0x2d,0xa0,0xd7,0x02,0xdc,0x97,0xa6,0x4e,0x99,0x79,0x9d,0x8c,0xff,0x7a,0x5c,0x4b,0x92,0x5e,0x43,0x60,0xec,0xe2,0x5c,0xcf,0x30,0x7d,0x7a,0x9a,0x70,0x63,0x28,0x6b,0xbd,0x16,0xef,0x64,0xc6,0x5f,0x54,0x67,0x57,0xe4, + 0x04,0x49,0xc2,0x48,0xed,0xc6,0x59,0xe1,0x84,0x82,0xb7,0x10,0x57,0x48,0xa4,0xb9,0x5d,0x3a,0x46,0x95,0x2a,0x5b,0xa7,0x2d,0xa0,0xd7,0x02,0xdc,0x97,0xa6,0x4e,0x99,0x79,0x9d,0x8c,0xff,0x7a,0x5c,0x4b,0x92,0x5e,0x43,0x60,0xec,0xe2,0x5c,0xcf,0x30,0x7d,0x7a,0x9a,0x70,0x63,0x28,0x6b,0xbd,0x16,0xef,0x64,0xc6,0x5f,0x54,0x67,0x57,0xe2, + 0x04,0x07,0x4f,0x56,0xdc,0x2e,0xa6,0x48,0xef,0x89,0xc3,0xb7,0x2e,0x23,0xbb,0xd2,0xda,0x36,0xf6,0x02,0x43,0xe4,0xd2,0x06,0x7b,0x70,0x60,0x4a,0xf1,0xc2,0x16,0x5c,0xec,0x2f,0x86,0x60,0x3d,0x60,0xc8,0xa6,0x11,0xd5,0xb8,0x4b,0xa3,0xd9,0x1d,0xfe,0x1a,0x48,0x08,0x25,0xbc,0xc4,0xaf,0x3b,0xcf, + 0x04,0xcb,0xf6,0x60,0x65,0x95,0xa3,0xee,0x50,0xf9,0xfc,0xea,0xa2,0x79,0x8c,0x27,0x40,0xc8,0x25,0x40,0x51,0x6b,0x4e,0x5a,0x7d,0x36,0x1f,0xf2,0x4e,0x9d,0xd1,0x53,0x64,0xe5,0x40,0x8b,0x2e,0x67,0x9f,0x9d,0x53,0x10,0xd1,0xf6,0x89,0x3b,0x36,0xce,0x16,0xb4,0xa5,0x07,0x50,0x91,0x75,0xfc,0xb5,0x2a,0xea,0x53,0xb7,0x81,0x55,0x6b,0x39, + 0x04,0xfb,0x60,0x75,0xd2,0x6c,0x35,0x01,0xc0,0x14,0xe4,0x8c,0x79,0xb3,0x46,0x3c,0xd7,0x68,0x37,0x8c,0x39,0x0d,0x7e,0x6e,0xeb,0x37,0x97,0x17,0xd4,0x90,0xc4,0xe6,0x34,0x78,0x04,0x35,0x77,0x19,0x79,0x87,0x88,0x16,0x70,0xbc,0x13,0xfd,0x0b,0x5f,0x0b,0xa1,0x0f,0x06,0xbc,0xef,0x27,0x11,0xc2,0x8f,0x5e,0xfd,0x7e,0x31,0xd5,0x15,0x7c, + 0x02,0x97,0x7c,0xb7,0xfb,0x9a,0x0e,0xc5,0xb2,0x08,0xe8,0x11,0xd6,0xa0,0x79,0x5e,0xb7,0x8d,0x76,0x42,0xe3,0xca,0xc4,0x2a,0x80,0x1b,0xcc,0x8f,0xc0,0xf0,0x64,0x72,0xd4}; + +static const unsigned char wycheproof_ecdh_shared_secrets[] = { 0x54,0x4d,0xfa,0xe2,0x2a,0xf6,0xaf,0x93,0x90,0x42,0xb1,0xd8,0x5b,0x71,0xa1,0xe4,0x9e,0x9a,0x56,0x14,0x12,0x3c,0x4d,0x6a,0xd0,0xc8,0xaf,0x65,0xba,0xf8,0x7d,0x65, + 0x54,0x4d,0xfa,0xe2,0x2a,0xf6,0xaf,0x93,0x90,0x42,0xb1,0xd8,0x5b,0x71,0xa1,0xe4,0x9e,0x9a,0x56,0x14,0x12,0x3c,0x4d,0x6a,0xd0,0xc8,0xaf,0x65,0xba,0xf8,0x7d,0x65, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xfc,0x2c, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x07, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x0b,0x7b,0xeb,0xa3,0x4f,0xeb,0x64,0x7d,0xa2,0x00,0xbe,0xd0,0x5f,0xad,0x57,0xc0,0x34,0x8d,0x24,0x9e,0x2a,0x90,0xc8,0x8f,0x31,0xf9,0x94,0x8b,0xb6,0x5d,0x52,0x07, + 0x21,0x0c,0x79,0x05,0x73,0x63,0x23,0x59,0xb1,0xed,0xb4,0x30,0x2c,0x11,0x7d,0x8a,0x13,0x26,0x54,0x69,0x2c,0x3f,0xee,0xb7,0xde,0x3a,0x86,0xac,0x3f,0x3b,0x53,0xf7, + 0x42,0x18,0xf2,0x0a,0xe6,0xc6,0x46,0xb3,0x63,0xdb,0x68,0x60,0x58,0x22,0xfb,0x14,0x26,0x4c,0xa8,0xd2,0x58,0x7f,0xdd,0x6f,0xbc,0x75,0x0d,0x58,0x7e,0x76,0xa7,0xee, + 0x39,0xf8,0x83,0xf1,0x05,0xac,0x7f,0x09,0xf4,0xe7,0xe4,0xdc,0xc8,0x4b,0xc7,0xff,0x4b,0x3b,0x74,0xf3,0x01,0xef,0xaa,0xaf,0x8b,0x63,0x8f,0x47,0x72,0x0f,0xda,0xec, + 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x50, + 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa, + 0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33, + 0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcc,0xcb, + 0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0f,0x0c, + 0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0,0xf0, + 0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff, + 0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00,0xff,0x00, + 0x7f,0xff,0x00,0x01,0xff,0xfc,0x00,0x07,0xff,0xf0,0x00,0x1f,0xff,0xc0,0x00,0x7f,0xff,0x00,0x01,0xff,0xfc,0x00,0x07,0xff,0xf0,0x00,0x1f,0xff,0xc0,0x00,0x7f,0xff, + 0x80,0x00,0xff,0xfe,0x00,0x03,0xff,0xf8,0x00,0x0f,0xff,0xe0,0x00,0x3f,0xff,0x80,0x00,0xff,0xfe,0x00,0x03,0xff,0xf8,0x00,0x0f,0xff,0xe0,0x00,0x3f,0xff,0x7f,0xff, + 0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xfd, + 0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xff,0x00,0x00,0xff,0xfe,0xff,0xfe, + 0x80,0x00,0x00,0x3f,0xff,0xff,0xf0,0x00,0x00,0x07,0xff,0xff,0xfe,0x00,0x00,0x00,0xff,0xff,0xff,0xc0,0x00,0x00,0x1f,0xff,0xff,0xf8,0x00,0x00,0x03,0xff,0xff,0xfd, + 0x7f,0xff,0xff,0xe0,0x00,0x00,0x0f,0xff,0xff,0xfc,0x00,0x00,0x01,0xff,0xff,0xff,0x80,0x00,0x00,0x3f,0xff,0xff,0xf0,0x00,0x00,0x07,0xff,0xff,0xfd,0xff,0xff,0xfe, + 0x00,0x00,0x03,0xff,0xff,0xff,0x00,0x00,0x00,0x3f,0xff,0xff,0xf0,0x00,0x00,0x03,0xff,0xff,0xff,0x00,0x00,0x00,0x3f,0xff,0xff,0xf0,0x00,0x00,0x03,0xff,0xff,0xfc, + 0xff,0xff,0xfc,0x00,0x00,0x00,0xff,0xff,0xff,0xc0,0x00,0x00,0x0f,0xff,0xff,0xfc,0x00,0x00,0x00,0xff,0xff,0xff,0xc0,0x00,0x00,0x0f,0xff,0xff,0xfb,0xff,0xff,0xfe, + 0xff,0xff,0x00,0x00,0x00,0x03,0xff,0xff,0xff,0xf0,0x00,0x00,0x00,0x3f,0xff,0xff,0xff,0x00,0x00,0x00,0x03,0xff,0xff,0xff,0xf0,0x00,0x00,0x00,0x3f,0xff,0xff,0xff, + 0x00,0x00,0xff,0xff,0xff,0xfc,0x00,0x00,0x00,0x0f,0xff,0xff,0xff,0xc0,0x00,0x00,0x00,0xff,0xff,0xff,0xfc,0x00,0x00,0x00,0x0f,0xff,0xff,0xff,0xbf,0xff,0xff,0xfd, + 0xff,0x00,0x00,0x00,0x01,0xff,0xff,0xff,0xfc,0x00,0x00,0x00,0x07,0xff,0xff,0xff,0xf0,0x00,0x00,0x00,0x1f,0xff,0xff,0xff,0xc0,0x00,0x00,0x00,0x7f,0xff,0xff,0xfd, + 0x00,0xff,0xff,0xff,0xfe,0x00,0x00,0x00,0x03,0xff,0xff,0xff,0xf8,0x00,0x00,0x00,0x0f,0xff,0xff,0xff,0xe0,0x00,0x00,0x00,0x3f,0xff,0xff,0xff,0x80,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xfe, + 0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf5, + 0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x55,0x54,0xff,0xff,0xfe,0xbc, + 0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x33,0x32,0xff,0xff,0xff,0x3c, + 0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x92,0x49,0x24,0x6d,0xb6,0xda,0xe2, + 0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x71,0xc7,0x1c,0x55,0x55,0x54,0xe8, + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x9f,0xa2,0xf1,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x7c,0x07,0xb1,0x99,0xb6,0xa6,0x2e,0x7a,0xc6,0x46,0xc7,0xe1,0xde,0xe9,0x4a,0xca,0x55,0xde,0x1a,0x97,0x25,0x1d,0xdf,0x92,0xfc,0xd4,0xfe,0x01,0x45,0xb4,0x0f,0x12, + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa3,0x03,0x7e,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x24,0xdc,0xb0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x52,0x06,0xc3,0xde,0x46,0x94,0x9b,0x9d,0xa1,0x60,0x29,0x5e,0xe0,0xaa,0x14,0x2f,0xe3,0xe6,0x62,0x9c,0xc2,0x5e,0x2d,0x67,0x1e,0x58,0x2e,0x30,0xff,0x87,0x50,0x82, + 0x8a,0x8c,0x18,0xb7,0x8e,0x1b,0x1f,0xcf,0xd2,0x2e,0xe1,0x8b,0x4a,0x3a,0x9f,0x39,0x1a,0x3f,0xdf,0x15,0x40,0x8f,0xb7,0xf8,0xc1,0xdb,0xa3,0x3c,0x27,0x1d,0xbd,0x2f, + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xa3,0x03,0x7e,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x24,0xdc,0xb0,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x52,0x06,0xc3,0xde,0x46,0x94,0x9b,0x9d,0xa1,0x60,0x29,0x5e,0xe0,0xaa,0x14,0x2f,0xe3,0xe6,0x62,0x9c,0xc2,0x5e,0x2d,0x67,0x1e,0x58,0x2e,0x30,0xff,0x87,0x50,0x82, + 0x8a,0x8c,0x18,0xb7,0x8e,0x1b,0x1f,0xcf,0xd2,0x2e,0xe1,0x8b,0x4a,0x3a,0x9f,0x39,0x1a,0x3f,0xdf,0x15,0x40,0x8f,0xb7,0xf8,0xc1,0xdb,0xa3,0x3c,0x27,0x1d,0xbd,0x2f, + 0x80,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x12,0x6b,0x54,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xe5,0x9d,0xdc,0x76,0x46,0xe4,0xae,0xf0,0x62,0x3c,0x71,0xc4,0x86,0xf2,0x4d,0x5d,0x32,0xf7,0x25,0x7e,0xf3,0xda,0xb8,0xfa,0x52,0x4b,0x39,0x4e,0xae,0x19,0xeb,0xe1, + 0x12,0xc2,0xad,0x36,0xa5,0x9f,0xda,0x5a,0xc4,0xf7,0xe9,0x7f,0xf6,0x11,0x72,0x8d,0x07,0x48,0xac,0x35,0x9f,0xca,0x9b,0x12,0xf6,0xd4,0xf4,0x35,0x19,0x51,0x64,0x87, + 0x45,0xaa,0x96,0x66,0x75,0x78,0x15,0xe9,0x97,0x41,0x40,0xd1,0xb5,0x71,0x91,0xc9,0x2c,0x58,0x8f,0x6e,0x56,0x81,0x13,0x1e,0x0d,0xf9,0xb3,0xd2,0x41,0x83,0x1a,0xd4, + 0xb9,0x09,0x64,0xc0,0x5e,0x46,0x4c,0x23,0xac,0xb7,0x47,0xa4,0xc8,0x35,0x11,0xe9,0x30,0x07,0xf7,0x49,0x9b,0x06,0x5c,0x8e,0x8e,0xcc,0xec,0x95,0x5d,0x87,0x31,0xf4, + 0xe9,0x7f,0xb4,0xc4,0xfb,0x33,0xd6,0xa1,0x14,0xda,0x6e,0x0d,0x18,0x0e,0x54,0xf9,0x9e,0xc1,0xec,0xe9,0xff,0x55,0x88,0x71,0x05,0x4e,0x99,0xd2,0x21,0x93,0x0d,0x16, + 0x1e,0xea,0x9c,0x27,0x56,0xa3,0x30,0x5b,0xb5,0x17,0x8f,0x2c,0x37,0x43,0x6e,0x7b,0x41,0xcf,0x38,0x05,0xcd,0x0a,0x10,0x87,0xd2,0xd0,0x24,0x07,0xfc,0x55,0x3c,0x09, + 0x2f,0x1c,0x5c,0x59,0x0f,0x97,0xf7,0x93,0x51,0xfb,0x9d,0x36,0xc5,0x97,0xd1,0xc6,0x1f,0x1c,0x40,0x9f,0xcd,0xed,0xae,0xae,0x79,0x51,0x12,0xfa,0x1a,0x2c,0x74,0x53, + 0x82,0xb8,0xe9,0x0e,0x6b,0x64,0x41,0xb7,0x16,0x4c,0x97,0x25,0xac,0x1a,0x35,0xf0,0x98,0x78,0x80,0x96,0xaf,0x95,0xc2,0x76,0xfa,0xc3,0xc5,0xa3,0x83,0xd6,0xb5,0x6c, + 0x8a,0x95,0x5b,0x6c,0xf4,0xd5,0x18,0x55,0x8e,0x59,0x37,0x24,0x44,0xd3,0xfd,0x9b,0x78,0x93,0x3e,0x2d,0x32,0x29,0xdf,0xdf,0xa6,0xf5,0xf6,0x64,0x03,0x29,0x0e,0x19, + 0x56,0x26,0xbb,0xf7,0x9f,0x10,0x82,0x7e,0x23,0xfa,0x5a,0xef,0x9a,0x26,0x53,0x3f,0x5f,0x4e,0x74,0x72,0x93,0x4e,0xd9,0x75,0x9b,0x7b,0x3a,0x77,0xcd,0xa0,0x4b,0x82, + 0x19,0x08,0xae,0x93,0x6f,0x53,0xb9,0xa8,0xa2,0xd0,0x97,0x07,0xae,0x41,0x40,0x84,0x09,0x0b,0x17,0x53,0x65,0x40,0x14,0x25,0x47,0x9b,0x10,0xb8,0xc3,0xe8,0xd1,0xba, + 0x5e,0x13,0xb3,0xdc,0x04,0xe3,0x3f,0x18,0xd1,0x28,0x6c,0x60,0x6c,0xb0,0x19,0x17,0x85,0xf6,0x94,0xe8,0x2e,0x17,0x79,0x61,0x45,0xc9,0xe7,0xb4,0x9b,0xc2,0xaf,0x58, + 0xa9,0x95,0x57,0x2a,0xd1,0x74,0x89,0x7f,0xf1,0x97,0x1e,0x6d,0x1e,0x39,0xf9,0x08,0x44,0x8a,0x58,0x78,0xda,0x1e,0x60,0xf3,0x90,0x1f,0x57,0xca,0xcd,0x49,0xe5,0xf6, + 0xcd,0x84,0x27,0xea,0x93,0xf9,0xfe,0xde,0x38,0xa7,0x0d,0x0c,0x39,0xdb,0xd9,0x67,0x59,0x61,0x3b,0xa0,0x0f,0x27,0xb9,0xdb,0x39,0x71,0xc8,0x0a,0xec,0x07,0xe2,0xd6, + 0x76,0x6b,0x07,0x52,0xcd,0x89,0x5b,0x4b,0x85,0x43,0xd4,0x4c,0x9a,0x34,0x88,0x68,0xff,0xff,0x12,0xae,0xd6,0x32,0xf8,0x07,0x0e,0x73,0x1d,0x45,0x0d,0x8a,0x8c,0x94, + 0x09,0xb0,0xaa,0x83,0x98,0x93,0xb7,0xad,0x37,0xcc,0x83,0x16,0x0e,0x6f,0x3c,0x55,0x06,0xbb,0xe3,0x23,0x49,0x7c,0x21,0x50,0x5a,0xe9,0x93,0x7c,0x75,0xd9,0x43,0xc8, + 0x3c,0x2a,0x61,0x12,0x1f,0x09,0x4d,0x5e,0xec,0xdd,0xf7,0xd3,0xb0,0x01,0x6c,0x17,0x0b,0x90,0xfd,0x3f,0x2f,0xea,0x0b,0x12,0xe3,0x1d,0xb0,0x4a,0xe7,0xc2,0x79,0xa2, + 0x9a,0x64,0x1d,0x5e,0xfa,0x8b,0xe7,0xdc,0x72,0x3a,0xa5,0x8e,0x2e,0x52,0xa1,0x50,0xc8,0xef,0xce,0xd2,0xfa,0x10,0x84,0x04,0x12,0x49,0x77,0x3c,0x75,0x62,0xc6,0x6d, + 0xd3,0x29,0x77,0xec,0xa6,0x4d,0x22,0x3e,0xa9,0x0f,0x10,0xf7,0x2f,0x81,0x0e,0xc6,0x4d,0x66,0x18,0x33,0xac,0xc4,0xc8,0x39,0x59,0x1d,0xa8,0x13,0xef,0x86,0xf7,0x36, + 0x55,0x13,0x7f,0xec,0xb2,0x1e,0xb3,0xeb,0xed,0x1b,0x41,0xfb,0x2f,0x7e,0x1c,0xa3,0x37,0x00,0x94,0x65,0xf8,0x55,0xf3,0xf9,0x20,0xbc,0x7d,0x0b,0x73,0xc2,0xda,0x32, + 0x0b,0xde,0x65,0x9e,0xd8,0x92,0x81,0xe6,0xc8,0xa5,0xfb,0xda,0xb7,0x64,0xd0,0x49,0x9b,0x86,0xd1,0x9d,0x33,0xf4,0xc9,0x78,0xe2,0x60,0xbb,0xae,0x58,0x7d,0x40,0x57, + 0x31,0x35,0xa6,0x28,0x3b,0x97,0xe7,0x53,0x7a,0x8b,0xc2,0x08,0xa3,0x55,0xc2,0xa8,0x54,0xb8,0xee,0x6e,0x42,0x27,0x20,0x67,0x30,0xe6,0xd7,0x25,0xda,0x04,0x4d,0xee, + 0x2a,0x3d,0x29,0xce,0x04,0x9f,0xc5,0x0b,0x00,0xfa,0xb5,0x0e,0x75,0x81,0xb8,0x4d,0x44,0x1d,0x29,0x7b,0xe6,0x51,0x5f,0xbe,0x83,0xdc,0x48,0x5b,0xdf,0x32,0xb6,0xdc, + 0x03,0xc2,0x02,0xa6,0x4e,0x60,0xff,0x59,0x48,0xd2,0x98,0x16,0xd6,0x84,0x20,0xc6,0x4c,0x05,0x18,0xa7,0x52,0x2a,0x92,0x93,0x81,0x36,0x5b,0x12,0x45,0x77,0x0a,0x02, + 0xd0,0x7f,0xcf,0x7b,0x89,0xbd,0x1b,0xa2,0x41,0x94,0xca,0xf9,0x77,0xdb,0x68,0xa5,0x50,0x3a,0x47,0x1a,0x37,0xd3,0x74,0xe0,0x91,0x7a,0x5f,0xe3,0x1d,0x48,0xc9,0x9e, + 0xea,0x9f,0x3a,0x53,0xab,0x40,0x53,0xdf,0x0b,0xae,0x01,0x56,0x76,0x7a,0x62,0xec,0x5b,0xa0,0xde,0x43,0x73,0xef,0x12,0xcb,0xfb,0x19,0xaa,0x80,0xc6,0xbc,0xd9,0x04, + 0xf0,0x55,0x7b,0xe2,0xb2,0x6d,0xdb,0x56,0xd4,0x4d,0x2c,0xb8,0x52,0x22,0x4a,0x29,0x1d,0xe7,0x71,0x41,0x8f,0xe1,0x48,0xa7,0x30,0xa7,0x6d,0xad,0xf5,0x88,0x2f,0x18, + 0xc6,0x8f,0x07,0x23,0x3e,0xfd,0x07,0x45,0xd8,0xbc,0xd5,0x1a,0x89,0x15,0x87,0x17,0xc2,0xdc,0x53,0x2f,0x75,0xa9,0xe4,0xde,0x20,0x76,0xe1,0xb8,0x30,0x65,0x4e,0xc8, + 0x6e,0xec,0x8a,0x68,0xeb,0x5f,0x9c,0xaf,0x2a,0xb3,0x05,0x3a,0x30,0x47,0xbb,0xc0,0x84,0x12,0xa1,0xd4,0x33,0xd7,0x9e,0xea,0x65,0xef,0xfc,0x5e,0x0c,0xd5,0x83,0xbf, + 0xbb,0xd9,0xd3,0x05,0xb9,0x9f,0xf3,0xdb,0x56,0xf7,0x7f,0xea,0x9e,0x89,0xf3,0x22,0x60,0xee,0x73,0x26,0x04,0x00,0x67,0xce,0x05,0xdd,0x15,0xe0,0xdc,0xc1,0x3e,0xd8, + 0x1f,0x81,0xaa,0x3d,0x70,0xf8,0x75,0x6b,0x94,0x95,0xfb,0xa8,0x29,0x21,0x71,0x7d,0x40,0x06,0x20,0x6a,0x44,0x51,0xd8,0xd5,0x9f,0x3c,0x9b,0x8d,0x95,0xb5,0x48,0xe8, + 0x66,0xe7,0x07,0xfa,0xf9,0x54,0xd1,0xec,0x84,0xfe,0x0f,0x68,0xf8,0x29,0xbe,0xb2,0xfe,0x95,0x05,0x82,0x71,0xb6,0x36,0x36,0x2e,0x3e,0xb5,0xc5,0xd4,0x92,0xcb,0xf8, + 0x42,0xdd,0x6d,0x83,0xbb,0xce,0x6a,0xfa,0xb5,0x04,0x5e,0x13,0x93,0x83,0x8a,0x97,0xa4,0x61,0x61,0xc2,0x5a,0xe9,0x1d,0xb0,0x14,0x3e,0x98,0x5d,0x29,0x16,0x2f,0xaa, + 0xab,0x43,0x91,0x7a,0x64,0xc1,0xb0,0x10,0x15,0x96,0x43,0xc1,0x8e,0x2e,0xb0,0x6d,0x25,0xee,0xda,0xe5,0xb7,0x8d,0x02,0xfa,0x9b,0x3d,0xeb,0xac,0xbf,0x31,0xb7,0x77, + 0xf3,0x9b,0xf4,0x90,0x11,0xcb,0x32,0x3e,0xe0,0x0f,0x77,0xe0,0x34,0x4a,0x9b,0x9d,0xa1,0x25,0x6d,0xb9,0x26,0x46,0xdd,0xa0,0xe3,0x42,0xf8,0xc1,0xad,0x37,0x41,0xc5, + 0x27,0x86,0x0f,0xa0,0x67,0x9e,0xdd,0x45,0x56,0xf0,0x42,0x3a,0x21,0xcc,0x21,0xe1,0xe3,0xf1,0x70,0x1d,0xa3,0xe6,0x2a,0x54,0x49,0x74,0xae,0x94,0xf1,0x5f,0x91,0xa0, + 0x2b,0xcf,0xc9,0x5b,0xba,0x84,0x52,0x4d,0x80,0x93,0xdc,0xe1,0x09,0x2b,0xc1,0x57,0xca,0x1f,0xa4,0x2a,0x37,0xaa,0xca,0x9b,0x07,0x59,0x43,0x7f,0x94,0x0c,0x3e,0x7d, + 0x1a,0x32,0x74,0x9d,0xcf,0x04,0x7a,0x7e,0x06,0x19,0x4c,0xcb,0x34,0xd7,0xc9,0x53,0x8a,0x16,0xdd,0xab,0xee,0xed,0xe7,0x4b,0xea,0x5f,0x7e,0xf0,0x49,0x79,0xf7,0xf7, + 0x11,0x9a,0xa4,0x77,0xaf,0xad,0x55,0x0e,0x98,0xdb,0x77,0xbf,0xb4,0xe7,0x1a,0x4b,0x6e,0xc7,0x9e,0xc4,0xfe,0x17,0xb7,0x28,0x3f,0x9b,0x8b,0xb7,0xb9,0xfd,0xb5,0xec, + 0x21,0xed,0xb7,0x00,0xcf,0x62,0xc1,0xbb,0x81,0x6a,0x87,0x79,0x88,0xee,0x8c,0x5b,0xc1,0x6a,0x84,0x64,0xbc,0xb6,0x45,0x4a,0xdb,0x8a,0xbf,0x8b,0x5c,0xef,0x7c,0xeb, + 0x1b,0xa5,0x45,0x71,0xd1,0xd2,0x80,0xf5,0xfa,0x2d,0x0c,0x58,0x46,0xec,0x39,0x2c,0x72,0x1a,0xcd,0x4b,0xa7,0xe4,0xaa,0xdc,0x3d,0xc2,0x35,0x39,0x57,0xab,0xd8,0x0b, + 0x9d,0x42,0x2c,0xe4,0x2f,0x74,0xaa,0x02,0x72,0xe5,0x53,0x0b,0x5d,0xd0,0x94,0x22,0x5f,0x11,0xd1,0x10,0x0f,0xed,0x95,0x4f,0xf7,0x14,0xa2,0xd4,0x71,0x55,0x9c,0xef, + 0xa5,0xab,0x2c,0xc5,0xbb,0x68,0x81,0xf7,0xe7,0x34,0xd7,0xcc,0xc9,0xd4,0x48,0x12,0x7d,0x94,0x65,0xfd,0x34,0x2d,0x81,0xc8,0x38,0x15,0x72,0x05,0x9b,0x3a,0xa2,0xb7, + 0xe9,0x76,0x05,0x7e,0x8a,0x32,0x2d,0xfd,0xb2,0xde,0xbd,0x55,0xd8,0xe5,0x88,0x02,0xfb,0x54,0x42,0x59,0x50,0xb2,0xdb,0xfd,0x00,0xf0,0x81,0x3d,0xe2,0x71,0x05,0xe4, + 0x09,0xfa,0x5a,0x51,0x05,0x58,0xa1,0x21,0x10,0xda,0xf7,0x51,0x17,0xaf,0x1e,0x17,0x5f,0x93,0xd7,0xc4,0xd8,0xba,0x41,0xc5,0xbf,0x3e,0xfe,0x95,0xd8,0x29,0xff,0x50, + 0x98,0xbc,0x61,0x8f,0xae,0xf7,0xc4,0x31,0x1c,0x3d,0x8f,0xd3,0x7b,0x39,0xe9,0xba,0xad,0x78,0x0e,0x14,0xf0,0x52,0x7f,0xa6,0x9a,0x3f,0x4c,0x2b,0x66,0xac,0x63,0x94, + 0x8a,0x0b,0x2d,0xde,0xf3,0xa1,0x10,0x8f,0x6e,0xa3,0x67,0xed,0x08,0x07,0x9a,0x0e,0xc9,0x84,0x94,0xfe,0x46,0xcf,0xad,0x58,0x4b,0xdc,0x98,0xe9,0x9e,0x6d,0x7f,0x99, + 0x89,0xb8,0x63,0x29,0xf0,0xf1,0x3a,0xab,0x07,0xa4,0x8d,0x0d,0x3b,0x7a,0xfe,0x53,0x0a,0xd2,0x60,0xa9,0x0d,0xe6,0xc2,0x5e,0xc3,0xda,0x8b,0x69,0x05,0x50,0x25,0x51, + 0x75,0x1b,0x52,0x1d,0xe6,0x38,0x4a,0x01,0x7c,0xaa,0xfa,0x10,0x41,0x9f,0xc3,0x5d,0x58,0xf6,0xdb,0xac,0xe8,0x6f,0x6b,0x53,0x3c,0x11,0x7e,0x38,0xda,0xb1,0xd6,0x89, + 0xf2,0x82,0xa7,0x89,0x42,0x21,0x8f,0xac,0x63,0x8e,0xeb,0x0e,0xb1,0x50,0x98,0xf5,0xaa,0xba,0xe1,0x5b,0x3d,0xdb,0x7a,0xbd,0xd4,0x0a,0x8a,0xd3,0xb5,0x54,0x0c,0x8e, + 0x6a,0xeb,0x70,0x04,0xf6,0xcf,0x6b,0x05,0xf3,0x0b,0xf4,0x81,0xe8,0xb3,0x2a,0x1e,0x25,0xfc,0x66,0xd9,0x6a,0x4a,0x53,0x16,0x57,0x27,0xbb,0x30,0x4c,0xc2,0x7b,0xaa, + 0x67,0xb5,0xa9,0x92,0x6b,0xc5,0x80,0x25,0xc8,0xbc,0x2b,0x95,0x04,0xb7,0x2c,0x3a,0x84,0x65,0x17,0x3d,0x70,0xf5,0xd5,0xec,0x15,0x80,0xfe,0x88,0xc5,0xa4,0x88,0x7b, + 0x12,0x18,0x2c,0x05,0x56,0x8a,0x6b,0x18,0xa9,0x8e,0xa1,0x91,0x10,0x33,0x01,0x46,0xe7,0xdb,0xc4,0x92,0x74,0xf3,0x24,0xb5,0xed,0xef,0x4e,0xb8,0x61,0xf7,0x2b,0xec, + 0xf7,0x59,0x20,0xe6,0x1e,0x7d,0x05,0xc3,0xcf,0x41,0x07,0xe5,0xe8,0x1f,0x3c,0x1b,0xe7,0xff,0xb0,0x63,0x7f,0x0a,0xc8,0xb8,0x95,0xd8,0x73,0x61,0x34,0x5d,0x9a,0x87, + 0x37,0x3a,0xca,0x70,0xb0,0x36,0xb7,0x0c,0xf8,0xe4,0x6f,0xc9,0x45,0x7a,0x8e,0x19,0xc6,0x82,0x1b,0xe2,0xf2,0xd6,0xc1,0x6e,0xda,0xdd,0x20,0xd7,0xb3,0x0e,0xb3,0xba, + 0xca,0xec,0x9d,0xe4,0xa7,0x4d,0x76,0x60,0x3c,0x5d,0x5d,0x07,0xde,0x2d,0xf0,0xd4,0x35,0xbe,0xf2,0xb9,0x06,0x3b,0x51,0x23,0x30,0x5d,0x2f,0xcb,0xd5,0xdb,0xb3,0x18, + 0x27,0x98,0x05,0x11,0xf4,0x33,0xfe,0xea,0x84,0x47,0x5b,0x82,0x28,0x1b,0x1f,0xa6,0xb9,0x46,0xc9,0x7c,0x64,0x67,0x38,0xd5,0xac,0x33,0x45,0x25,0x0f,0x86,0x03,0x7d, + 0x20,0xb2,0x7f,0x84,0xae,0x12,0x8f,0x67,0x4e,0x14,0x4d,0x82,0xbc,0xd1,0x54,0x41,0x46,0xbf,0xd0,0x15,0x0b,0x08,0x43,0xea,0x58,0x53,0x14,0xf5,0x9c,0xc5,0x4a,0xae, + 0x92,0x59,0x27,0x91,0xff,0x90,0xb5,0x95,0xdd,0x2a,0xe7,0xec,0x03,0x9b,0xf6,0xb7,0xbf,0xea,0xe7,0xf0,0x44,0x76,0x1f,0x5e,0x7f,0xa8,0x65,0x64,0xeb,0xc4,0x6b,0x2b, + 0x8e,0x61,0xb2,0xe0,0x72,0xbd,0x14,0x01,0xda,0x12,0xa3,0xf3,0xd8,0x16,0x4d,0xae,0xda,0xb0,0xbf,0x0c,0xa7,0x95,0xbc,0xf5,0x6a,0xff,0x81,0xd0,0x7c,0xaf,0x72,0x81, + 0xa4,0x11,0x70,0xf6,0x16,0xc5,0x49,0x9e,0x28,0x9b,0x48,0x93,0xb3,0x97,0x3e,0x11,0x55,0xf6,0x6f,0xf3,0x54,0xae,0x6a,0x81,0x2b,0xcd,0x0e,0x33,0xbd,0x7d,0xd5,0xcc, + 0xb8,0xcb,0xc2,0x7d,0x4e,0xa1,0xb2,0x5f,0x22,0x92,0x29,0x2a,0xe5,0x3a,0x3b,0xb9,0x54,0xb7,0xca,0x77,0xcc,0xca,0x5b,0x4d,0xcc,0xf1,0xb9,0x58,0xb0,0xaa,0xd1,0x63, + 0x4b,0xaa,0xee,0x93,0xa7,0x52,0x39,0x7b,0xf2,0xad,0x0b,0xe7,0x2a,0xc8,0x2b,0x0a,0xd2,0x41,0x7e,0x16,0x7b,0xfd,0xfc,0xe4,0x90,0x4f,0x01,0x2d,0x4c,0x33,0xfe,0xa6, + 0x3b,0x3d,0x86,0x18,0x7d,0x05,0xa0,0x01,0x2d,0x83,0xbe,0x28,0x09,0x87,0xdc,0x95,0xb1,0xc0,0xc9,0xb5,0x7f,0x25,0x3b,0x64,0x53,0x0d,0x1d,0x42,0x20,0xaa,0x4a,0xbf, + 0x47,0x2d,0x4b,0x34,0xf5,0xbe,0x6b,0x49,0x9f,0x76,0xb0,0xd9,0xe4,0x39,0xe1,0x15,0xf6,0xa8,0x9b,0x72,0x5d,0x9e,0x9e,0x81,0x11,0x85,0xa6,0x15,0xf1,0x40,0x07,0xd0, + 0xfa,0x67,0xf4,0xa9,0xea,0x34,0xfd,0xe1,0x96,0xa7,0xdf,0xf6,0xbc,0x1a,0x29,0x17,0xb1,0x52,0x6d,0x54,0x95,0x03,0x35,0xbe,0xa2,0xab,0xe2,0x2e,0x1e,0xda,0xb4,0x10, + 0x95,0xc1,0x31,0xde,0x0c,0x89,0xe5,0xb1,0x7f,0x91,0xe5,0x67,0x79,0xc1,0x57,0x1d,0xe2,0xc8,0xa2,0x07,0x94,0x08,0x4f,0xa2,0x74,0xec,0xcc,0x8e,0xed,0x1d,0x3d,0x65, + 0x5b,0xae,0x6d,0x6d,0x23,0xa6,0x8f,0x28,0x3f,0xe0,0xde,0x46,0xf1,0xd7,0x4c,0x0f,0x52,0xe2,0x78,0xcb,0x18,0x1f,0x55,0xc4,0x35,0x3f,0x76,0x8b,0xa1,0x62,0xaa,0xc7, + 0xb4,0xfe,0x12,0x01,0xa8,0x64,0x7b,0xe6,0xd6,0xd5,0x9f,0x40,0x6f,0xa9,0x70,0xcc,0x85,0x8f,0x5a,0x46,0xa5,0x0a,0x6a,0xe9,0xd9,0x92,0xc0,0xe2,0x3f,0x5e,0x2a,0xd3, + 0xb7,0x21,0xeb,0xc7,0xeb,0x1b,0x09,0x43,0x8d,0x75,0x4a,0xe8,0x03,0x02,0xb2,0xa2,0xbf,0x40,0xf8,0x66,0xec,0x50,0x75,0x40,0xab,0x51,0x20,0xb2,0x2f,0x86,0x88,0x86, + 0xb8,0xda,0x5d,0x1b,0xf9,0x41,0x9e,0x2b,0x87,0x6e,0x70,0x88,0x71,0xa9,0xa2,0x95,0x74,0x68,0x66,0x89,0xba,0xe8,0xd8,0x79,0x85,0xd7,0x2a,0x4e,0x57,0x3d,0xde,0xd4, + 0x39,0xaa,0x2b,0xbc,0x4b,0x6f,0x30,0xc2,0x68,0xb1,0x99,0x09,0xd5,0x07,0x01,0x55,0xc3,0x9c,0x60,0x64,0x9b,0x7a,0x2e,0xbe,0xc2,0x66,0xbd,0xd1,0x8f,0xff,0x8c,0xbf, + 0xe4,0x03,0x96,0xa9,0x08,0xc2,0xcc,0xa4,0x50,0x4f,0x4f,0x40,0xbe,0x39,0x4a,0x12,0x24,0x4a,0xe1,0x84,0xf6,0x90,0x9e,0xc7,0x25,0xce,0x72,0x34,0x85,0xbb,0xbb,0x97, + 0x13,0xa2,0x1d,0xc5,0x0c,0xdf,0xae,0xab,0xd5,0x72,0xf2,0xd9,0x4d,0xc0,0xf3,0xf7,0x68,0xf1,0x7f,0x99,0x0e,0xe5,0x9d,0x7f,0x16,0xac,0xe9,0xbf,0xad,0x8a,0x70,0x5c, + 0xa8,0x2f,0xb3,0xbb,0xdf,0x6d,0x69,0xc7,0x39,0x8e,0xe9,0x02,0x0f,0xe0,0x06,0xd5,0xb2,0x8c,0x63,0x2f,0x2d,0xa3,0x57,0x39,0x3f,0xe5,0x8d,0xeb,0x8d,0x27,0xfd,0x08, + 0x8f,0xa4,0x4f,0x09,0xcf,0xdd,0xef,0x86,0xaa,0x90,0x07,0xcd,0x4b,0xea,0x6f,0x0b,0xc9,0xb5,0xb2,0x11,0x52,0x56,0x30,0x3d,0xf0,0x9f,0x8a,0x20,0x90,0x9c,0x52,0x71, + 0xef,0x76,0x29,0x92,0xd2,0x2b,0xac,0xaf,0x06,0xaa,0x1e,0x48,0x2c,0x07,0x11,0x04,0x6b,0x52,0xe0,0xe4,0x0d,0xe2,0xa2,0x1d,0x4e,0x38,0xdf,0x01,0x09,0xad,0x67,0xc0, + 0x3b,0x09,0x36,0xf2,0x23,0x37,0xec,0xe9,0x71,0xee,0x10,0x21,0x78,0xf3,0x7b,0xca,0x3c,0xb6,0x9b,0x50,0xb8,0xec,0x9c,0x9b,0x47,0x33,0x4c,0x68,0xb5,0xd4,0x32,0x0b, + 0xec,0x57,0x18,0x78,0xfb,0x1e,0x3b,0x1f,0x5d,0x4f,0x66,0xb8,0xb0,0x80,0xbd,0x4e,0x50,0x41,0x0b,0x6e,0xee,0xa4,0xdc,0xd3,0xce,0xdd,0x46,0x22,0xbf,0x87,0x61,0x60, + 0x9f,0x3d,0x9d,0xe8,0x7d,0x9c,0xc5,0x09,0x9f,0xf4,0xf5,0x6d,0x91,0x3b,0x98,0xb5,0xeb,0x12,0x60,0xe2,0xb3,0xa2,0xd7,0xa3,0xc5,0xe0,0x1a,0x7e,0x68,0x21,0x9d,0x10, + 0x23,0xad,0xda,0x65,0x71,0xd4,0xad,0x7e,0x94,0x0c,0x21,0x02,0x3a,0xf3,0xff,0xed,0xef,0x9d,0x8f,0x64,0xe8,0x3c,0xc1,0xcf,0x6e,0x99,0x2d,0x1d,0xa1,0x45,0x1d,0x91, + 0x91,0xe7,0x0b,0xd8,0xbf,0x85,0xbc,0x63,0x11,0xb2,0xcd,0x77,0x91,0xb7,0xed,0xf0,0x0e,0x22,0xf9,0xcb,0x8b,0xfd,0x72,0x57,0x1e,0xc9,0xa0,0x3b,0xbf,0x71,0x6f,0x37, + 0xa7,0xd2,0xf3,0xe3,0xfa,0xa7,0x72,0xd7,0xa8,0x60,0x26,0xe2,0xf1,0x83,0xdb,0xe7,0xa2,0x98,0xae,0x3d,0x1b,0xc3,0xab,0xce,0xa0,0xdf,0x3c,0x11,0xca,0xe4,0xca,0x60, + 0xc6,0x11,0xd2,0x7e,0x7c,0xb5,0x2e,0x7c,0x56,0xcf,0xa9,0x06,0x2e,0x59,0xf3,0xde,0xfe,0x7c,0x1e,0x22,0x57,0x27,0xb9,0x04,0x93,0x84,0xa1,0x80,0xbd,0x16,0x88,0xa8, + 0x66,0x1f,0x5d,0x36,0xb5,0x7a,0xf4,0x89,0x82,0xe4,0x4f,0xf8,0x9a,0xe7,0x5f,0x84,0x9a,0x08,0xb1,0xda,0xed,0x64,0x17,0xa2,0x02,0x12,0xbe,0xa8,0x8c,0x7f,0x2f,0x8a, + 0x54,0x0e,0x25,0x5f,0x6c,0xb5,0x8d,0x23,0x79,0x90,0xa7,0x43,0x7c,0xc7,0xaa,0xe7,0x70,0x42,0x87,0x96,0xde,0xb6,0x07,0xbc,0x29,0xfb,0xf0,0xa4,0xd1,0x18,0x73,0xc8, + 0xac,0x67,0x05,0xaf,0x9d,0x05,0x9c,0xac,0x99,0x77,0x96,0x7c,0x0c,0xe5,0x14,0xd7,0x0d,0xc5,0x1d,0x88,0xfd,0xe6,0x84,0x12,0x3a,0x92,0x12,0x44,0x93,0x3b,0xa8,0xec, + 0xf7,0xa5,0xb6,0x9b,0xc3,0x9a,0x97,0x6b,0xfa,0x66,0x44,0xa1,0x52,0x78,0x9c,0x31,0x49,0x35,0x20,0x93,0xb1,0xdc,0xc4,0xb6,0xb0,0x6f,0x6c,0x4c,0x7c,0x90,0xfd,0xf3, + 0xf0,0x58,0x7f,0xbd,0x10,0xe3,0x32,0xad,0x29,0x7b,0x5e,0x46,0x3d,0x4f,0x09,0xd2,0x16,0x7c,0x85,0x89,0xc4,0x6d,0xc6,0x68,0x0c,0x13,0xb0,0x44,0xa3,0x44,0x85,0xea, + 0x2f,0xb4,0x99,0x13,0x32,0xa5,0xd6,0x48,0xdf,0x5c,0xa6,0xbb,0xd0,0x85,0x75,0xc7,0x55,0x37,0x73,0xa9,0x73,0x12,0x30,0x34,0x40,0xcf,0xe7,0xe4,0x3d,0x3a,0x26,0x8c, + 0xcb,0x65,0x08,0x2d,0xf5,0xf5,0x4c,0xdc,0x66,0x86,0x25,0x01,0x7c,0xdf,0x45,0xf2,0x2f,0x30,0x5a,0x8f,0x34,0xad,0x91,0xfa,0xbf,0x36,0xc0,0x71,0x49,0x6c,0x84,0xcc, + 0x64,0x41,0xac,0x7b,0xe8,0x1c,0x2f,0xb6,0x47,0x26,0x55,0x52,0x8f,0x21,0x45,0x4d,0x40,0x23,0x6a,0x87,0x8f,0xba,0xc2,0xce,0x31,0xe4,0x35,0x8a,0xb4,0xed,0x02,0xcc, + 0x0b,0x58,0x6c,0x44,0x2e,0xaf,0x01,0x6f,0x38,0x21,0x99,0x72,0x9f,0x60,0x24,0x0c,0xe5,0x0c,0x0f,0x71,0x07,0xc4,0x88,0xa4,0x23,0xd4,0x27,0x94,0xdb,0x5f,0x66,0x63, + 0xb3,0x76,0xd9,0xbc,0x19,0x09,0xee,0xf9,0x29,0x53,0xce,0xbc,0x3b,0xd6,0xf2,0xbc,0x0c,0xd6,0xcc,0xa6,0x20,0xc1,0x90,0x14,0x17,0x40,0xf6,0x22,0x39,0x57,0x93,0x34, + 0xae,0x73,0x9f,0x62,0x4c,0xcb,0x1f,0x0e,0xc9,0x64,0xb2,0xd1,0x89,0x6d,0x2d,0xf8,0x3c,0xa1,0x96,0x9a,0xd6,0xca,0x26,0xb3,0x34,0x34,0x20,0x13,0xd8,0x32,0x82,0xaa, + 0x3c,0x25,0x12,0x6e,0xce,0x58,0xad,0x8e,0x93,0xeb,0xfe,0x6e,0x75,0x47,0xb0,0x5b,0x39,0xc6,0xd9,0x85,0x8e,0x55,0x9f,0xc0,0x1f,0xf6,0xb6,0xe5,0x0b,0x0a,0x22,0xac, + 0xe4,0x7d,0x65,0x8d,0xf5,0xc1,0xf9,0x59,0x9d,0x4e,0x56,0x09,0x54,0xab,0x86,0x0e,0x9a,0x63,0x77,0xde,0xcb,0x0b,0x56,0xef,0x3c,0x13,0xde,0xe3,0x61,0x85,0xb2,0xf3, + 0xd8,0x27,0x9c,0x1e,0xc9,0x51,0x89,0xfe,0x63,0xd7,0x5d,0x1c,0x6d,0x7f,0xc3,0x12,0xe4,0x11,0xa3,0xd1,0x1e,0x4d,0x67,0x1a,0x49,0xfa,0x17,0xfa,0x36,0xc3,0xce,0xe1, + 0x07,0x7c,0x7a,0x4e,0x60,0x60,0x99,0xd7,0x81,0xcb,0xe5,0xa8,0x9c,0xaf,0x7b,0xdf,0x4f,0x44,0x8b,0x1c,0x0d,0x7d,0x30,0x97,0x26,0x3a,0x04,0x51,0x70,0x27,0x5a,0x3a, + 0x20,0x25,0x80,0x8c,0x60,0x9a,0xb0,0xb0,0x79,0x24,0x44,0x4e,0xa4,0xaa,0x0f,0xa5,0x25,0x63,0x85,0x8a,0x53,0x22,0x1f,0x71,0x9c,0x91,0xb1,0x55,0x76,0xf4,0x9e,0xa2, + 0x98,0x32,0x40,0x5d,0x56,0x5c,0x97,0xba,0x1d,0x6f,0xf4,0x6e,0x1d,0x8f,0xe3,0x38,0x86,0x22,0x2c,0xba,0xa6,0x99,0x63,0x86,0x8d,0x12,0xa8,0xbe,0x07,0xab,0xac,0x6d, + 0xc4,0xbb,0xf4,0x45,0x47,0xe8,0x12,0x8b,0x9a,0x46,0xed,0x92,0xce,0xb0,0x7d,0xf6,0x91,0xe2,0xe9,0x1d,0x0b,0x47,0xda,0xc0,0xdc,0x2a,0xfd,0x14,0x12,0x1e,0x7a,0x80, + 0x17,0x0a,0x91,0xaa,0x81,0x96,0xdf,0x6f,0x0d,0x09,0xec,0x19,0x7f,0xc5,0x26,0x99,0x6f,0xfc,0xb6,0x79,0x28,0x80,0xf0,0x10,0x18,0xb3,0x32,0x7a,0x09,0x6f,0xe6,0x38, + 0xed,0x52,0x7e,0x31,0x22,0x3f,0x17,0x5a,0xa7,0x86,0xf1,0x46,0xb3,0xfe,0x05,0x61,0xa4,0x1b,0x10,0x51,0xd5,0xeb,0x32,0x24,0x97,0x90,0x48,0x1e,0xab,0x1e,0xf3,0x81, + 0x5a,0x74,0x55,0x57,0x32,0xd8,0x54,0x1d,0x2f,0x73,0xe3,0xa5,0x9e,0xb3,0x1a,0x13,0x1c,0x8d,0x41,0x46,0x4a,0x1f,0x2c,0x37,0x53,0x1a,0x25,0xf4,0xa6,0xd3,0xbf,0xe4, + 0xf2,0x75,0x0c,0x99,0x6f,0x22,0x76,0x26,0x29,0xa3,0xf8,0x08,0xda,0x6e,0xed,0xd7,0xcc,0x72,0xaf,0x4f,0xb0,0xbd,0x81,0x6c,0x86,0xe6,0x36,0x26,0x4b,0xf5,0x76,0x64, + 0x5d,0x21,0x63,0xca,0x85,0x07,0x49,0x99,0x1c,0xf7,0x82,0xc3,0x85,0x2e,0x86,0xb0,0x5e,0x6b,0x05,0xec,0x86,0x62,0x90,0x5b,0x60,0xcc,0x7b,0x7e,0x37,0x43,0x4f,0xbd, + 0xf8,0xcf,0x2c,0xcc,0xdc,0xb5,0x3b,0x3d,0x3c,0x6d,0x19,0x90,0xae,0x16,0xc7,0x1a,0xd9,0xd1,0x41,0xca,0x49,0xf8,0x57,0x4a,0x72,0x04,0x7c,0xe6,0xc2,0xda,0x95,0x0b, + 0xcc,0xf6,0xe1,0x4d,0x1a,0xdd,0x6e,0x4b,0x5a,0x42,0x28,0xe5,0xaa,0xd0,0xb3,0x1f,0xac,0x4b,0x45,0xe2,0x11,0x2c,0x1c,0x76,0x7e,0x93,0x3c,0x6a,0x0c,0x3f,0x2e,0xdb, + 0x57,0x55,0x64,0x59,0xe9,0xd3,0x2b,0x75,0xa1,0x37,0x76,0xbd,0xdc,0x8f,0x54,0x7c,0xb6,0x47,0x08,0x13,0x3e,0x79,0x17,0xb6,0x1e,0x36,0x97,0xc3,0x92,0x00,0x3d,0xe7, + 0xe5,0x49,0x0c,0xb4,0x94,0xbc,0x6a,0xb2,0x10,0x8d,0xa2,0xcb,0x0b,0x92,0x6c,0xd8,0x78,0x71,0x2f,0x54,0xbf,0xa7,0x2b,0x59,0xf7,0x02,0xc1,0x80,0xc6,0x2b,0x0c,0x91, + 0xb3,0xca,0x75,0x3c,0x1e,0x10,0x67,0xb5,0x50,0x73,0x6a,0x66,0xc0,0xd6,0xb6,0xf4,0x7e,0x93,0x94,0xc5,0x6b,0xb8,0x0b,0x5d,0x42,0x04,0xfb,0xec,0x9e,0x59,0xb4,0x90, + 0xb0,0xcf,0x8c,0x17,0x8a,0xd9,0x59,0x52,0x52,0x02,0x64,0xd0,0xf4,0xa2,0x43,0x89,0xbf,0x1b,0x23,0xdc,0x7a,0xc1,0xb6,0x5d,0x4e,0x8f,0xe8,0x22,0xdc,0xf2,0x0d,0x67, + 0x15,0xe4,0x0d,0xc4,0x9e,0xd6,0x2d,0x35,0xe8,0xc9,0x19,0x99,0xb0,0x50,0x68,0xf4,0x19,0x23,0x8a,0x22,0x2d,0xeb,0xa2,0x06,0xdf,0x47,0xd9,0x09,0xd3,0xa1,0xf4,0x0f, + 0xe9,0x45,0x80,0x64,0xd3,0xbf,0xc4,0x44,0x41,0x74,0x86,0xac,0x13,0x34,0xa9,0x3c,0x9a,0xa4,0x46,0x80,0x31,0x13,0x4e,0xe0,0x19,0x6c,0xa6,0xe3,0x17,0x13,0x95,0x6c, + 0xf4,0x44,0x6e,0x98,0xa6,0x3b,0x05,0x98,0x01,0x1b,0xaa,0xa4,0xf9,0x30,0x51,0x32,0x18,0xe8,0x37,0x0a,0xbf,0xbd,0x46,0xf7,0x21,0xc8,0xdb,0xf3,0x7e,0x17,0x0d,0x85, + 0xdc,0xa8,0x27,0x68,0x7a,0xa2,0x4f,0x2f,0xcb,0xca,0xb5,0xc3,0x80,0x69,0xf4,0x86,0x0d,0xee,0x66,0x98,0xfc,0x23,0x90,0x8b,0x06,0xc7,0xda,0xe7,0x13,0xa1,0x41,0xf9, + 0x19,0x71,0x4f,0x1d,0x4a,0xaf,0x8b,0xd6,0x15,0x20,0xb6,0x47,0x63,0x3a,0x8e,0x53,0x09,0x94,0x99,0xac,0x36,0x8c,0x3d,0xd6,0xf1,0xb0,0x84,0x89,0x16,0x19,0xb0,0xc0, + 0xd7,0xa2,0xda,0x8d,0xe2,0x43,0x4e,0x2a,0xd2,0x64,0xf9,0x70,0x6b,0x30,0xd0,0x65,0x7c,0x72,0x76,0x06,0xd8,0x28,0x5d,0x21,0x79,0x80,0x0a,0x97,0x0b,0x4f,0xae,0xe3, + 0x85,0x3d,0x4e,0x01,0xd4,0xdd,0x4c,0x9d,0x6e,0x78,0x20,0xad,0xc1,0x6f,0x32,0xce,0x7b,0xfe,0xec,0x0d,0x57,0x8d,0xea,0xf2,0x8a,0xf9,0xcb,0xb3,0x31,0x5e,0x8f,0x1b, + 0x35,0x71,0x5b,0xef,0xcf,0xde,0xd1,0x6e,0x67,0xfc,0x0d,0xce,0xbe,0x94,0x5c,0x62,0x64,0xca,0x0d,0x91,0xb3,0x66,0x3b,0xd3,0xec,0x07,0x22,0xb5,0x85,0xe5,0xd6,0x52, + 0x2b,0xaf,0x10,0x86,0x68,0xe8,0x2b,0x7f,0xca,0xf3,0xf5,0xe3,0x27,0x26,0x37,0xb4,0x26,0xc5,0x51,0xd8,0xaf,0x0e,0x55,0xf5,0xd7,0x4b,0xc3,0x17,0xa4,0x47,0x47,0x67, + 0xbb,0xa4,0x43,0xb1,0x60,0x99,0x7a,0xa8,0xb7,0xfb,0x27,0x48,0x91,0x1d,0xc2,0x15,0x4c,0x0f,0x6b,0x98,0x6f,0xbe,0x9a,0x49,0xe0,0xa2,0x93,0x4f,0xa5,0xf3,0x29,0x54, + 0xb4,0x83,0x17,0x36,0x60,0x1e,0x73,0x87,0x05,0x0b,0xa3,0xd4,0x01,0xae,0xa2,0x41,0xc3,0x50,0x6b,0x56,0xa0,0x47,0x38,0x86,0xc4,0x08,0xb3,0x66,0xc8,0x69,0x64,0x29, + 0xec,0xd0,0xc9,0xe1,0xac,0xb9,0x0f,0xf8,0xbd,0xe8,0x8f,0x77,0x57,0xa0,0x89,0xcc,0x86,0xcb,0xa2,0x7f,0x0d,0x15,0xfd,0xf7,0x37,0xab,0x3b,0x8e,0xcf,0x9f,0xd9,0xc8, + 0x6b,0x9e,0xe6,0x18,0x59,0x8f,0x33,0xc1,0x84,0xcd,0x63,0xcf,0x89,0x30,0xa4,0xdb,0x3a,0x2d,0x4e,0xa0,0x22,0xd5,0x0e,0x63,0xcd,0xff,0xf8,0x57,0x34,0xa7,0x7a,0xb4, + 0xd8,0x01,0xdc,0x93,0x54,0xcb,0x75,0x6e,0x6c,0x27,0xde,0x5a,0x7c,0xc8,0x8e,0xd5,0xcb,0x21,0x4a,0xc5,0x09,0x1b,0x40,0x90,0x62,0x4e,0xe8,0xaf,0xbc,0xba,0x35,0xf9, + 0x03,0x30,0x7e,0xa5,0x57,0x02,0x46,0x86,0x91,0x0d,0x2d,0x1d,0x2d,0x27,0x60,0xd8,0x26,0x64,0x41,0x3b,0x8f,0xee,0xc6,0x6a,0xe8,0xd2,0xdb,0xf1,0x02,0x5f,0x0c,0x45, + 0xdc,0x2c,0xd9,0x43,0x21,0x64,0x3e,0x89,0xdc,0xc9,0x2a,0xcb,0x01,0x28,0xd8,0x86,0xb2,0x8c,0xb7,0xd6,0x6a,0x0e,0xaa,0x5b,0x96,0x19,0x44,0x65,0x70,0x87,0x80,0xd6, + 0xb8,0x31,0xf4,0xa0,0xfb,0x75,0x92,0x7b,0xdd,0x29,0x45,0xc0,0x08,0x1f,0x11,0xcc,0xe8,0x71,0xc9,0xd6,0xdb,0xf8,0x3b,0x78,0x95,0x74,0x8c,0x3f,0x46,0x37,0x5a,0xc7, + 0xed,0x60,0x7a,0x9e,0x6d,0x41,0xa4,0xbc,0x05,0x35,0xc5,0x16,0x1c,0x98,0x61,0x3e,0xda,0xc6,0xb5,0x19,0x59,0x0b,0x48,0x14,0x20,0xfb,0x2b,0xa1,0xed,0x2c,0x35,0xe6, + 0x64,0xa6,0x8f,0xad,0x23,0x78,0x59,0x1a,0x18,0xf8,0xf2,0xa4,0xe3,0x46,0xfa,0xf5,0x9d,0xa2,0x94,0x46,0xec,0x16,0xb3,0xfb,0x8c,0x37,0xae,0xf2,0xd7,0x9f,0xae,0xa5, + 0x0f,0xdd,0xd5,0x0b,0xb2,0x76,0x66,0xd4,0xd3,0x8e,0x6e,0xc1,0x8c,0x8a,0xe1,0xbe,0x3d,0x76,0x3b,0xe7,0xdd,0x11,0x06,0x72,0x13,0xe9,0x97,0xfa,0x40,0x59,0xc6,0x7a, + 0x9c,0x41,0x20,0x23,0xb7,0xa6,0x6e,0xbc,0x95,0x79,0xa8,0xd1,0x6b,0xfd,0x31,0x09,0xba,0x08,0x5c,0x42,0xf3,0xfd,0x39,0x5e,0x07,0x53,0x45,0x29,0xad,0x23,0x40,0xa4, + 0x28,0x71,0x77,0x26,0xdc,0x36,0x74,0xab,0xb4,0xf8,0x2b,0x66,0x83,0x7e,0x86,0x85,0xed,0xe1,0x6c,0xb0,0xcd,0x96,0x58,0x24,0x35,0x2a,0xc0,0xa2,0xf9,0xd8,0x93,0xa7, + 0x2e,0x74,0x66,0x11,0x09,0xf0,0xcb,0xc6,0xd5,0x87,0x79,0x03,0x30,0xd6,0x79,0x88,0x65,0x8b,0xcf,0xab,0xf1,0xf7,0x49,0x8a,0x2b,0x32,0x79,0x21,0x28,0x28,0xe2,0x07, + 0xd2,0x02,0xdf,0x66,0x62,0xba,0x06,0xd3,0x08,0x83,0x63,0xc6,0x0e,0x34,0x12,0x83,0xf7,0xb6,0x30,0x01,0x04,0xd5,0x8c,0xf6,0xd7,0x07,0x26,0x2b,0xe6,0x97,0x2b,0x59, + 0xa5,0x4a,0x81,0xc1,0x8f,0x4b,0x7a,0xb0,0xf3,0x70,0x20,0x13,0x67,0x85,0x66,0xce,0x29,0xe9,0x1c,0x41,0x42,0x11,0x4d,0x62,0xf8,0x67,0xa5,0x27,0x8f,0x89,0xcf,0xff, + 0x9a,0x95,0x41,0x12,0xf5,0x2d,0x76,0x70,0x9d,0x64,0x73,0x9d,0xc7,0x5e,0x9c,0xe7,0xa7,0x6a,0xa1,0x92,0x42,0xb3,0x06,0x39,0x1f,0xcf,0x25,0xff,0x92,0xb7,0x69,0x01, + 0x87,0x63,0xcb,0x23,0x5f,0x27,0x80,0xc1,0xbb,0xd3,0x5f,0xe6,0xc3,0x87,0xd5,0x50,0x5f,0x72,0xeb,0x0a,0x77,0xb1,0x04,0xc7,0x75,0xc2,0xb3,0xb4,0x27,0x86,0xd7,0xc9, + 0xb9,0x30,0x9d,0xdc,0x5e,0xb6,0x4a,0x4d,0x81,0x9a,0x8a,0x33,0x2b,0x06,0x1a,0x59,0xf1,0x63,0xa5,0xf5,0x0d,0x48,0x65,0x69,0x7e,0x4d,0x12,0x3e,0xfc,0x9b,0x2b,0x29, + 0x87,0xe9,0xf5,0xec,0x4a,0x90,0x91,0xd9,0x4a,0xc2,0x2a,0x6a,0x71,0x40,0x82,0x13,0xf4,0x44,0xbe,0x09,0x4c,0x61,0x8d,0x45,0x96,0x82,0xe1,0x73,0x57,0x63,0x19,0x39, + 0xc6,0x9a,0x00,0x01,0x71,0x84,0xa1,0x3c,0x71,0x3c,0xc0,0xa7,0x0e,0x89,0xc6,0x01,0x74,0x36,0x1d,0x07,0xde,0xa5,0x08,0x5f,0xd7,0x07,0xf4,0xb5,0xed,0x3f,0xae,0xad, + 0xc1,0x39,0xb7,0x56,0x15,0xe1,0x01,0x0c,0x92,0x0b,0x07,0xd1,0x4f,0x6a,0x19,0x80,0xff,0x4c,0x97,0xa0,0xa9,0xbb,0x8a,0x09,0x7a,0xec,0x2a,0x45,0x6b,0x6b,0xc4,0xed, + 0x70,0xaa,0xb5,0xe9,0x6e,0x49,0x91,0x32,0x1f,0xaf,0x44,0x0c,0xa2,0xde,0xa8,0x61,0xba,0x00,0x7d,0xf0,0x8e,0xe4,0x6c,0x6f,0x57,0x97,0x31,0xea,0xd5,0x16,0x36,0xda, + 0xe2,0xae,0x03,0xb8,0x44,0xb3,0xf2,0x79,0xd5,0xcd,0x16,0xbf,0xf2,0x0a,0xb5,0xca,0xd0,0x7e,0x4c,0x98,0x4f,0x21,0xcb,0xe7,0x3e,0x19,0x97,0xa0,0x2b,0xd2,0xc2,0x91, + 0x0a,0xab,0x6b,0x19,0xe4,0x20,0x55,0x48,0xf9,0x29,0x36,0x2e,0x72,0xb0,0x77,0xf2,0x36,0x56,0x67,0xbd,0xd8,0x1d,0x93,0xa4,0x04,0x34,0x3e,0x7a,0x5f,0x84,0xc6,0xba, + 0xd9,0x6c,0xdd,0x08,0xe6,0xee,0xec,0xa6,0x90,0x98,0x9b,0x65,0x90,0x24,0xf3,0x24,0xe1,0x8c,0x2f,0xaf,0x5c,0x50,0x95,0x8d,0xa6,0x98,0x5f,0x70,0x82,0x60,0x95,0xc5, + 0x43,0x4b,0xd6,0x8e,0x45,0x63,0x0c,0xa1,0xb3,0x48,0x45,0x17,0xda,0x08,0x0e,0x3c,0x31,0x98,0xdd,0xec,0x5e,0xf1,0xf7,0xe9,0xd2,0xe3,0x42,0x5d,0xf2,0x14,0xb9,0x0d, + 0xae,0xa4,0x74,0x44,0xc8,0x97,0xf7,0x15,0x7f,0x33,0x6c,0x77,0xb7,0x40,0x19,0x79,0x06,0x6d,0x66,0x17,0xb5,0x9a,0x01,0x98,0x8f,0x78,0xf6,0xc9,0xa9,0x8f,0xee,0xdf, + 0x48,0x6c,0xf8,0x95,0x9f,0x7d,0x93,0x9c,0x4c,0x79,0xa0,0x71,0x5b,0xa7,0xbb,0xf0,0xcc,0x3f,0xa7,0xb2,0xa1,0xd6,0x0e,0x86,0xad,0x09,0x7c,0x91,0xe5,0x61,0x2e,0x24, + 0x5a,0x1f,0x06,0x74,0xb1,0x39,0x7b,0x6e,0x65,0x3f,0xf6,0xe4,0x73,0xd6,0x41,0xda,0x4f,0xb9,0xe7,0xbc,0x90,0xa7,0x38,0x02,0x73,0x9a,0x03,0x49,0x14,0x85,0x00,0xfa, + 0x9a,0x90,0x75,0x14,0xa9,0xec,0xc8,0x5f,0x96,0x59,0xb9,0xe9,0x79,0x09,0xa3,0x8f,0x97,0x2b,0x0c,0x9a,0x7c,0x00,0x97,0x78,0xb8,0x19,0x04,0x38,0xa8,0xeb,0xc0,0x0a, + 0x94,0x16,0x85,0xfe,0x4d,0xe8,0x16,0x26,0x11,0x57,0xb2,0xfe,0x3d,0x3a,0xc2,0x81,0x95,0xd8,0x1f,0xac,0x62,0x25,0xfd,0x31,0x03,0xee,0x60,0xa0,0xc2,0x4d,0xf4,0x72, + 0xb2,0x03,0xeb,0x03,0x65,0xa4,0x06,0x24,0xa4,0x42,0x57,0x2e,0x0b,0xad,0x80,0xe1,0xf0,0xc9,0x95,0x8e,0x57,0x09,0x51,0x2e,0x76,0xb2,0x8f,0x4e,0x0b,0xfb,0x22,0x91, + 0xe0,0x9d,0x25,0xf8,0x22,0x47,0x1e,0x64,0x70,0x64,0xb5,0xb6,0x8c,0xd2,0xae,0x42,0xd6,0xbe,0x7b,0x87,0x65,0xcd,0xc0,0x26,0xbb,0x76,0x96,0xa5,0x24,0xc8,0x3f,0x49, + 0x97,0xe3,0xc2,0x9f,0x69,0xd9,0x03,0x2e,0x67,0x69,0x33,0xed,0xb1,0x52,0xf2,0x43,0x8e,0xc7,0xdf,0xfb,0x17,0x64,0x14,0x42,0xce,0x93,0x42,0xe1,0x38,0xf8,0x16,0x67, + 0xcd,0x78,0x74,0x61,0x2d,0x68,0xc9,0x07,0xb4,0x34,0xbd,0x81,0xbf,0x1b,0x1a,0x83,0xcf,0x94,0x29,0xb2,0x4c,0xee,0x75,0x3c,0xc2,0x28,0xec,0xbd,0xd6,0x65,0x73,0x88, + 0x62,0x1d,0xdb,0x18,0x93,0x13,0x7c,0x12,0x14,0x7e,0x90,0x9d,0xff,0x83,0x08,0x59,0xdc,0xd7,0x3d,0xdb,0x00,0xac,0xdb,0x40,0x97,0xf1,0xd6,0x6e,0x14,0xfe,0x36,0x6e, + 0x19,0xad,0x36,0x2e,0xf4,0x4a,0x36,0x34,0x2c,0xf9,0x14,0x3b,0x88,0x47,0x0d,0x56,0x59,0xfc,0xa6,0xa3,0xa3,0x0c,0x90,0x42,0x71,0xf6,0xd6,0xbd,0xc0,0x5e,0x94,0x07, + 0x43,0xbd,0x8c,0xf3,0x70,0x25,0x7b,0xc8,0x8f,0x38,0xb0,0xde,0xd6,0x8a,0xf2,0xf9,0xd9,0x39,0x77,0x23,0x4a,0x19,0xfb,0xf6,0x7a,0xbf,0x2e,0x0a,0x4c,0x09,0xc1,0x20, + 0x9d,0x92,0x0e,0x7a,0x6f,0x61,0xfe,0x41,0x40,0xbb,0xe5,0x6f,0x43,0x17,0xe3,0x89,0x2d,0x21,0xa8,0x0f,0xb4,0x80,0xa0,0x91,0xa3,0xc1,0x6a,0x0a,0x67,0xa7,0xa9,0x7d, + 0x07,0x96,0x22,0x17,0x92,0x86,0x02,0x98,0xf1,0xb4,0xc5,0xaa,0x15,0x61,0xec,0x5d,0xb0,0x1a,0xd8,0x76,0xc3,0x55,0x2b,0xd9,0x6b,0x00,0xaa,0x23,0xef,0x47,0xb7,0x1d, + 0x8c,0xec,0x89,0x08,0x42,0x61,0x7d,0xe7,0x78,0x9c,0x3c,0x29,0x09,0xe2,0xd3,0x80,0x31,0xd5,0xaa,0xd9,0x57,0xd9,0x95,0xbd,0xec,0x62,0x2b,0x01,0x0c,0xe9,0xe0,0xb7, + 0x1d,0x4c,0x7c,0x7a,0xa3,0x59,0x14,0x0e,0xdf,0x90,0x7c,0x82,0x34,0xef,0x16,0xb9,0x2f,0x20,0x1f,0x56,0x2c,0x22,0x37,0xaa,0x32,0xad,0xbc,0xbd,0xc0,0xca,0xbd,0x0c, + 0xb1,0x51,0x34,0xb9,0xe9,0x19,0x96,0xe2,0x28,0xea,0x7b,0xa6,0xcb,0x45,0x00,0xa1,0x17,0x98,0x3c,0x8e,0xeb,0x68,0x71,0x74,0x65,0x73,0x54,0xe5,0x99,0x61,0xe5,0x21, + 0x90,0x6a,0xcb,0x96,0x12,0x0e,0xc7,0x68,0x4e,0x39,0x11,0x00,0xcf,0x0b,0xb7,0x47,0x69,0x16,0x78,0xeb,0x3e,0x14,0x7f,0x53,0xdb,0x88,0x6b,0xa0,0xfc,0x5a,0xa7,0x0d, + 0x73,0xdd,0x08,0x7b,0x1c,0xb3,0xc5,0xa0,0x7a,0xcd,0xb9,0xb0,0xa4,0xa0,0x2c,0x64,0xb7,0x08,0x7a,0xe9,0x78,0x36,0xe9,0x43,0x43,0x9d,0xbf,0xdf,0x41,0xea,0xc8,0x33, + 0xf7,0x3c,0x49,0xf6,0xda,0x53,0x7b,0x2f,0xf3,0x0e,0xad,0x75,0x38,0xc0,0x47,0x26,0xbc,0x74,0x15,0x25,0x35,0xd2,0x2b,0x6b,0xaf,0x92,0xd0,0x6a,0xdb,0x45,0xe6,0x76, + 0xf4,0xa7,0x57,0xce,0xb0,0xba,0x6c,0xb9,0x61,0x8a,0xcd,0x8f,0xef,0x68,0xd2,0xc8,0xfe,0x99,0x01,0xff,0xf1,0x41,0x77,0xf2,0x7b,0x6e,0x6b,0x8c,0x6b,0xd3,0x4c,0xb7, + 0x3e,0xb4,0xa6,0x34,0xd0,0x09,0x01,0x75,0x34,0x76,0x13,0xb7,0xee,0xd6,0xd4,0x9b,0x9b,0x59,0x44,0xe7,0x0a,0xcc,0x3e,0xd9,0x84,0x74,0x98,0x9d,0x30,0xa4,0xc2,0x99, + 0x52,0x0d,0xff,0x4d,0x04,0x08,0x58,0x71,0xcf,0xf6,0x9b,0x3a,0x20,0xa7,0x5b,0x8f,0x3b,0x10,0x3d,0xa0,0xe4,0x68,0x36,0x5e,0x8c,0x92,0x87,0xc0,0xa7,0xad,0x7d,0x9e, + 0xc8,0x0a,0xc1,0x3c,0x5d,0x2e,0x67,0x23,0xe8,0x48,0xed,0xb0,0x23,0xfc,0x17,0xec,0xae,0x55,0x37,0x81,0xa4,0xaa,0xc9,0x0f,0x25,0x77,0xfa,0xe7,0x51,0x17,0x11,0xcf, + 0xb0,0xc2,0x8a,0x99,0x38,0xcf,0x09,0x5a,0x4b,0x0e,0xbf,0x3d,0xaa,0x6a,0x16,0xe1,0x9e,0x3f,0x41,0x99,0xe3,0x47,0x5c,0xa3,0xaa,0x58,0x74,0x6f,0x65,0x1b,0x92,0x1e, + 0x78,0xdb,0xfe,0xc6,0xb4,0xaa,0xd2,0xd0,0xa9,0x9b,0xdd,0xe7,0xb9,0x09,0x96,0x32,0x4c,0x0f,0x7b,0x9d,0x13,0x6a,0x6e,0xde,0x5c,0x29,0x95,0x19,0x7d,0x0d,0x41,0x2a, + 0x36,0xa2,0xe7,0x7f,0x56,0xc3,0xe5,0xb1,0x1e,0x35,0xbf,0x4b,0xa5,0xde,0x18,0x85,0xcf,0x02,0x64,0x64,0x3c,0xac,0x5d,0x6f,0x7b,0xfb,0x1a,0xe0,0x1e,0x39,0xa6,0xc0, + 0x9f,0x4e,0x92,0xd9,0xa9,0x59,0xc0,0x9e,0xed,0xdd,0x15,0x2f,0x6d,0x95,0xff,0x2c,0x31,0x57,0x44,0x6f,0x47,0x7f,0xbe,0xd2,0x14,0xa0,0x06,0x21,0xd0,0x14,0xf9,0x36, + 0xd0,0xb1,0x65,0x61,0x34,0x9f,0x18,0x2e,0xf2,0x79,0x2d,0x0c,0x2d,0xd5,0x85,0x60,0x1c,0xe4,0xe0,0x32,0x75,0x4b,0x76,0x28,0xb3,0xd8,0x01,0xf1,0x87,0xc1,0x4f,0xd4, + 0x5f,0xd6,0xd7,0xf0,0xba,0x31,0x7a,0x36,0x43,0x4e,0x1a,0x99,0x5b,0xed,0x54,0xa4,0x28,0x98,0xd9,0x40,0xee,0x5f,0xa4,0x57,0x83,0x73,0xe8,0xd4,0xc2,0x3f,0x55,0x67, + 0xbb,0xe5,0x59,0xb7,0x7e,0x83,0x90,0x5b,0x08,0x95,0x4d,0xc3,0x73,0x6a,0x27,0x52,0xd5,0x6a,0x5b,0xc3,0x66,0xa5,0xfc,0xd8,0x4e,0x04,0x2a,0x78,0xc8,0xaf,0x68,0xd3, + 0xe6,0x24,0x29,0xb8,0xeb,0x32,0x2d,0x24,0xe4,0xbd,0xb9,0xa7,0x2b,0xf6,0xe9,0xc9,0x4d,0x82,0x96,0x2b,0x26,0xd9,0x9f,0x63,0x3e,0x1f,0x21,0x70,0x9b,0x7e,0xdd,0xbe, + 0x58,0x22,0xc1,0x68,0xaa,0xb9,0xbb,0x6f,0xfe,0x00,0xb7,0xc4,0xc7,0xbe,0x55,0x51,0xda,0xa8,0x30,0x4b,0x8d,0x2c,0x06,0x96,0xe2,0xd7,0x7f,0xe5,0x0b,0x9d,0x8d,0x8d, + 0xba,0xe2,0x6f,0xa6,0x9d,0xa0,0x0a,0xa0,0x3f,0xd9,0x02,0x8f,0xa8,0x4d,0x46,0xb9,0x2c,0x13,0xd5,0xe5,0x55,0xb2,0xe7,0xb3,0xdb,0x0d,0x09,0xbb,0x95,0xd4,0x14,0x86, + 0x97,0xce,0x8c,0x4b,0x6e,0x03,0x17,0x76,0xb1,0x9f,0xc7,0xc9,0x57,0x7c,0xb2,0x6f,0x08,0x52,0x74,0xa5,0x84,0x07,0x26,0x7b,0xca,0x35,0xa9,0x76,0x92,0xa2,0xe8,0xe6, + 0x5e,0xb5,0x72,0x2f,0x98,0xaa,0xd0,0x62,0x20,0x97,0xd9,0x44,0xbb,0x12,0x0e,0x09,0xe7,0xa1,0x22,0x49,0x8b,0x20,0xae,0x2b,0xff,0xf9,0x1c,0x8b,0x36,0x2d,0xaa,0xd2, + 0xf5,0xc9,0xb8,0x8d,0x48,0x11,0x20,0x41,0x33,0x4c,0x57,0x4f,0x93,0x31,0x36,0x70,0xcd,0xec,0xbe,0x0c,0x0b,0x6c,0x26,0x55,0x77,0x8d,0xf8,0xff,0x62,0x02,0x5d,0x3f, + 0xef,0xfa,0x36,0x2f,0xce,0x62,0xe2,0x71,0x01,0x6d,0x50,0xa0,0xe3,0x5c,0x03,0x14,0x55,0xfc,0xa2,0x80,0xb8,0x0e,0xd2,0xcc,0xe8,0x7c,0x83,0xe5,0x7e,0x3c,0xfd,0x36, + 0x59,0xb8,0xdc,0xdc,0x66,0x76,0x02,0x91,0x09,0x87,0x1f,0xc6,0x7b,0x46,0x6a,0x7f,0xb6,0x22,0x22,0x5c,0xd6,0xc7,0x7b,0xbc,0x21,0xb1,0xb6,0x28,0x46,0x47,0x98,0xa2, + 0x42,0xdd,0x3a,0x8e,0x14,0xdf,0xe9,0xfe,0x2e,0xbf,0x80,0x74,0x69,0x89,0xba,0x66,0xf2,0x8e,0x54,0x60,0x11,0x6a,0x02,0xbc,0xe2,0x4c,0x54,0x9d,0x11,0x7d,0x6b,0x0f, + 0xb0,0xe1,0x02,0x5b,0x39,0xc5,0x48,0x1a,0x74,0x8a,0x04,0x61,0xaa,0x77,0x73,0xa6,0xb3,0x42,0xad,0xea,0xd4,0xb4,0x58,0x75,0x21,0xa1,0x95,0x3d,0x4f,0xf0,0x29,0x6b, + 0x9d,0xd7,0x11,0x80,0x06,0xee,0x56,0xfc,0xcf,0x30,0x7a,0x31,0xa6,0x33,0x4b,0xe7,0xe1,0x9d,0xb2,0xde,0xca,0x68,0xfd,0x45,0xb3,0xf4,0xf9,0x4f,0x10,0x0d,0xe6,0xa4, + 0x1f,0xb1,0x63,0x36,0x39,0x3b,0xa6,0x03,0xfb,0x2e,0xb7,0x01,0xfe,0xd0,0xe9,0x82,0xad,0x32,0x96,0x4a,0xfa,0xe7,0xdb,0xbf,0xbc,0x5a,0x81,0x12,0x38,0x2e,0x51,0xe3, + 0x9a,0x6d,0x03,0xa1,0x7e,0x68,0x56,0x1a,0x10,0x5d,0xa6,0x6d,0x2f,0xb1,0xd9,0xec,0x9e,0x3c,0xa6,0xc6,0x86,0xf6,0x5d,0x9d,0xa9,0x26,0x84,0x9d,0x7a,0xf4,0xfc,0xb7, + 0x3c,0x03,0x07,0x7e,0x00,0x98,0xa8,0x45,0xf7,0xc9,0xb2,0x2b,0x73,0xee,0xcd,0x49,0x5a,0x2d,0x6a,0x0b,0x34,0xd2,0x11,0x15,0x4e,0xe3,0x89,0x86,0x34,0xf8,0x23,0xb4, + 0xb8,0x45,0x4b,0xcf,0x84,0x63,0xc2,0xbd,0x59,0xf7,0x53,0x8b,0x65,0xf1,0x1b,0x9c,0x98,0xc1,0x8c,0x13,0x43,0x84,0x17,0xcc,0x08,0xa3,0x9c,0x88,0x42,0xa0,0xb7,0xed, + 0xb4,0xdf,0x5f,0x33,0x5a,0x04,0x61,0xa3,0x88,0x52,0x20,0x5a,0xc7,0x3b,0xc5,0x15,0x12,0xb5,0xc7,0xf6,0xa8,0x30,0x5f,0x1a,0x8d,0x4f,0x19,0x1c,0xb6,0xfd,0x3b,0x2a, + 0xa9,0xde,0x6e,0x92,0xaf,0x14,0xbf,0x4e,0xb1,0x1d,0x75,0x33,0xbb,0xcb,0x28,0xcf,0x62,0x2e,0xc5,0xe5,0x2e,0x4a,0x2f,0x4c,0xde,0x4d,0xdc,0x3d,0x21,0xba,0xbc,0xee, + 0xed,0xcd,0x8e,0x48,0xdf,0x11,0xaa,0x67,0xa9,0x0c,0x75,0x61,0x49,0x83,0x46,0x6d,0x24,0x4e,0x4b,0x54,0x73,0xf8,0xac,0x01,0xa4,0x1c,0x14,0x6d,0xb1,0x3c,0x48,0x27, + 0x2c,0x8d,0xd7,0x47,0x92,0xce,0xd2,0x81,0xf9,0xcb,0x16,0x1d,0x2f,0x64,0xd2,0x38,0xcb,0xac,0x2d,0x18,0xf8,0x66,0x1b,0x0f,0x56,0x74,0xd7,0x9c,0xd5,0xc6,0xed,0xb8, + 0x50,0x3f,0xb9,0xbf,0x4b,0x57,0xb0,0x0e,0x0c,0x23,0x9b,0x3e,0x83,0x71,0xf2,0x46,0x60,0xaa,0x01,0xcb,0xf7,0x9f,0x4c,0x49,0x9e,0x4f,0xe1,0xa1,0x55,0x52,0x8f,0xf9, + 0xe6,0x1a,0xd5,0xf8,0x06,0x32,0x38,0x2b,0x62,0x6f,0x9a,0x77,0xfb,0x7f,0x5d,0xb0,0x20,0xdb,0xc0,0x84,0xc8,0x88,0xc6,0xb0,0x99,0x93,0xe1,0x2f,0xe4,0xd3,0x16,0x04, + 0x51,0xc1,0x0b,0x83,0x32,0xb3,0x3f,0xaf,0x52,0x9c,0x58,0xcc,0x2d,0xa4,0x5a,0x23,0xbb,0xfe,0xcc,0x1d,0x4e,0x0a,0xa4,0xea,0x54,0xfd,0x81,0x9b,0x7e,0x31,0xe5,0x55, + 0x98,0xd6,0x78,0x22,0xc3,0x18,0xdb,0x06,0x53,0xa4,0x70,0xa6,0xed,0x96,0xe7,0xc2,0x2a,0x04,0x6a,0x2a,0x25,0x66,0x4c,0x19,0x53,0x9a,0xf6,0x2a,0xe1,0xd3,0xa9,0x6b, + 0x7c,0x46,0x48,0xcd,0x80,0x8d,0xf9,0xa5,0x4f,0x99,0x2b,0x29,0x4a,0x3e,0xce,0x56,0x2b,0xa5,0xef,0xbe,0xba,0x7e,0x17,0x60,0xf1,0xf1,0x07,0xed,0x1a,0xf8,0xc1,0x87, + 0x41,0xb8,0x9b,0x46,0xf0,0x18,0xa3,0xac,0x88,0x4a,0xd9,0x21,0xe4,0x9f,0xcf,0x5d,0x96,0x77,0xae,0x84,0xe3,0x9e,0x6e,0xa8,0xde,0x84,0x4a,0xcc,0x33,0x7d,0x84,0x81, + 0xd1,0x55,0xb0,0xe0,0xe3,0x7d,0xa1,0xa1,0x9a,0xf0,0xe8,0x5e,0x68,0xe7,0xbb,0x41,0x80,0xaa,0xb5,0x5b,0x1e,0x95,0x50,0x1a,0x1a,0x3a,0xe0,0xcd,0x95,0x40,0x4a,0xee, + 0x12,0xbd,0x72,0xe9,0x52,0xe6,0xb8,0x12,0x55,0xad,0x79,0xaf,0x19,0x31,0x0d,0xa2,0xe0,0xef,0x97,0x72,0x00,0x33,0x84,0xa1,0xf3,0x57,0x53,0xe6,0xbe,0xab,0x71,0xd6, + 0x35,0x14,0xb8,0x36,0x2e,0xe1,0xe7,0x0e,0x84,0x6e,0xde,0x7e,0xd5,0x72,0x83,0xf5,0xd5,0x89,0x1f,0xdb,0x9b,0x0c,0x56,0x05,0xda,0x45,0xdb,0xc5,0xc6,0xf4,0x4e,0x53, + 0xf6,0xc8,0x29,0xed,0x9c,0xa3,0xdf,0xdd,0x1f,0x16,0x5a,0x20,0x44,0x61,0xe1,0xc1,0x66,0x20,0xe7,0x52,0x21,0x6e,0x2b,0x6e,0x3a,0xab,0x61,0x97,0xf3,0xdd,0x2b,0x3b, + 0x37,0x19,0xf7,0xaf,0xe8,0x2c,0x3f,0xa5,0x4c,0x0c,0x12,0x60,0x47,0x62,0x46,0x44,0x1d,0x38,0x79,0x70,0x93,0x5e,0x4c,0x76,0x96,0x5c,0xed,0x96,0xda,0x3a,0x07,0xde, + 0x0a,0x36,0x8c,0x74,0xc5,0x6c,0x61,0xaa,0xb0,0x24,0x40,0xe6,0x4b,0x26,0x99,0xc2,0x4c,0xda,0xcb,0x4d,0xfb,0xcd,0xeb,0xe0,0xb3,0xcf,0x80,0x1e,0x86,0xf1,0xf7,0x4f, + 0xde,0x5b,0x6c,0x29,0xf2,0xf4,0xf1,0x7f,0x8e,0xd9,0x25,0xf1,0x29,0x15,0x94,0x10,0xe4,0x55,0x7d,0xff,0xc5,0x47,0x29,0x44,0xb8,0x86,0x2c,0x42,0xbd,0x2b,0x18,0x0a, + 0x8f,0xca,0x30,0xfc,0x5d,0x73,0x1f,0x42,0xd3,0x76,0x64,0xd5,0x2b,0x64,0xe0,0x22,0xd9,0x8a,0x25,0x06,0x5f,0xb1,0xf8,0xbd,0x77,0x85,0x3d,0x7f,0x2b,0xbf,0x07,0xe0, + 0xc9,0x43,0x1b,0x6d,0xed,0xa0,0xc9,0xf9,0x2f,0x36,0x8f,0x7c,0xa1,0x29,0x86,0xf0,0xe0,0x7e,0x01,0x24,0x22,0xb8,0x40,0xc7,0xaa,0x78,0x4a,0x0c,0x71,0x3b,0x50,0x1f, + 0x67,0x2c,0x23,0x39,0xe4,0xc3,0x9e,0x36,0xcf,0xe1,0x3e,0x2c,0xfe,0x35,0x28,0x59,0xe1,0xef,0x66,0x31,0x8f,0xe9,0xf9,0x7d,0xd2,0x6d,0x9d,0x03,0xa9,0x17,0x1f,0x7f, + 0x8c,0xd1,0x13,0x40,0x31,0x3b,0x97,0x8f,0xa3,0x77,0x49,0xf4,0xb3,0x67,0xc0,0x87,0xfd,0x90,0x0f,0x17,0x94,0x10,0x02,0xde,0x22,0xce,0x40,0x29,0xaa,0x55,0x0e,0x7f, + 0x6f,0x1c,0xc2,0xd0,0x7f,0x6e,0xe0,0x7d,0x0b,0x13,0x8b,0x60,0x1c,0x94,0xde,0xb2,0x0a,0xa2,0x34,0xe5,0x26,0xfa,0xb3,0xee,0x4a,0xdc,0x98,0x70,0x70,0x85,0xa7,0x3d, + 0xc2,0x81,0x2e,0xb9,0xb4,0x56,0x29,0x75,0x72,0xe8,0xd8,0x70,0x75,0x4b,0x48,0x48,0x9e,0xa3,0x66,0xf3,0x51,0xf8,0x22,0x75,0x9d,0xe8,0x31,0x72,0x68,0x15,0xe5,0x82, + 0x9c,0xf1,0x68,0x9a,0x01,0x5a,0xc3,0x95,0x8d,0xc9,0x5f,0xc7,0x1c,0xb0,0xd1,0x03,0xe8,0x1b,0x45,0x94,0x68,0x46,0x38,0x93,0x3a,0x5d,0xaa,0xa9,0x9f,0xb3,0xb1,0xfa, + 0x2d,0x60,0x49,0xf8,0xe4,0x6c,0x67,0xc1,0x7d,0xdf,0xc8,0x17,0x8d,0xd9,0x18,0xb2,0x3f,0xd1,0x96,0x9e,0x11,0xc9,0x59,0xb6,0x4e,0xa4,0x2e,0x39,0xc9,0xa8,0x7d,0xea, + 0x9b,0x7f,0x8b,0xe2,0x62,0xb9,0xcd,0x27,0x51,0xef,0x8e,0xae,0x2b,0xad,0x7b,0x1e,0xcf,0x07,0xcb,0x76,0x61,0x3c,0xfe,0x70,0x88,0xcc,0x9b,0xde,0xf1,0xd0,0x44,0x36, + 0x52,0x98,0x0b,0x59,0x80,0xdf,0x38,0xf7,0xc2,0xd5,0x9e,0x4e,0x30,0x7d,0xa2,0x56,0x55,0xd5,0x0c,0x6e,0x03,0x02,0x34,0xb2,0x41,0xc0,0x98,0xc9,0x35,0xa5,0x59,0x6d, + 0x2f,0x1f,0x69,0x90,0xc3,0x01,0x36,0xd6,0xf4,0x4d,0xe8,0x14,0x5f,0x19,0x18,0x40,0xc4,0xb9,0xef,0xbc,0xf8,0x7c,0x39,0xb7,0x99,0x5c,0x26,0x2b,0xdc,0xdf,0x9d,0x40, + 0xaf,0xe5,0xb6,0x0f,0xe3,0xe1,0xdc,0x87,0x3b,0x3f,0x30,0x22,0x89,0x3a,0x35,0x98,0x80,0xe8,0x17,0x53,0x7b,0xeb,0x96,0xb3,0xd4,0x8d,0x37,0x57,0x66,0xab,0x59,0xe6, + 0x33,0x15,0x05,0x38,0x97,0x35,0x10,0x82,0x7c,0xaf,0xdf,0xe9,0x44,0x9e,0x7a,0x5a,0x2e,0x1a,0x79,0x46,0xf4,0xe4,0x85,0xa0,0x0f,0xf2,0x19,0xb2,0xcd,0x58,0xd8,0x01, + 0xb5,0x52,0x3f,0x93,0x82,0xb3,0x5e,0xd9,0xe1,0xc4,0xf2,0xb4,0x20,0xdf,0x9f,0x61,0xe6,0xac,0x8f,0x6d,0x34,0x22,0x13,0xfa,0x4d,0x75,0x45,0x8f,0x5b,0xd8,0x28,0xd1, + 0xad,0x9a,0x53,0xd0,0x53,0x15,0x00,0x9f,0xb1,0x48,0x73,0x69,0xf7,0x2f,0xdc,0x33,0xe6,0xdb,0xba,0x14,0x85,0xef,0xae,0xde,0x29,0x51,0x43,0x35,0x26,0xd2,0xfd,0x0a, + 0xa8,0x8c,0xca,0x88,0xb5,0x9c,0xd8,0x6e,0xdd,0xa2,0x02,0xcb,0x4e,0xa1,0xb2,0xd5,0x41,0xd5,0xc8,0xc2,0x2c,0x06,0x2a,0x08,0xf9,0xdb,0x49,0x6d,0x56,0x25,0x73,0x30, + 0xb7,0xf5,0x31,0xb4,0xa9,0xac,0x00,0x95,0x2b,0xfc,0xf2,0xcb,0xec,0x41,0xe5,0x8b,0x54,0xc4,0xf4,0x12,0xf4,0x64,0xbc,0xf1,0xf1,0xbf,0x10,0xa2,0x4b,0x9b,0x19,0x74, + 0x47,0x34,0x73,0x51,0x8f,0x0e,0x84,0x3d,0x1f,0xb5,0x10,0x5b,0x16,0xfe,0x88,0xed,0xaa,0x41,0x8b,0x39,0x6c,0xab,0x7c,0xb5,0x53,0x24,0x16,0xd1,0x71,0xf2,0xe7,0xbc, + 0xc2,0x56,0x3f,0x49,0xe6,0x23,0xb1,0x39,0xa8,0x3c,0x4c,0xb7,0x1c,0xb7,0x3d,0xeb,0x06,0x45,0x83,0x85,0x65,0x8b,0xf8,0x79,0x6b,0xac,0x0c,0x2e,0xd1,0x2c,0x8a,0x67, + 0x28,0xc2,0x47,0xae,0x91,0xfd,0xac,0x1b,0x29,0x89,0x64,0x15,0xfe,0xc6,0x0f,0x42,0x52,0xfe,0xed,0x9c,0x9f,0xfa,0x02,0x16,0xd3,0x13,0x50,0xd7,0x08,0x64,0x6d,0x89, + 0x76,0xe9,0xe6,0xf1,0x33,0x9b,0xff,0x54,0xb8,0x2a,0x45,0x98,0x07,0x45,0x52,0x6f,0xf9,0x24,0x9e,0x94,0x2b,0x1f,0x83,0x6a,0xab,0x71,0x9f,0xd9,0x59,0xfc,0x80,0x99, + 0x0d,0xe8,0x21,0x77,0xc8,0x0f,0x4e,0x35,0xf3,0xb7,0xa3,0x00,0xe8,0x9a,0xc2,0x88,0xf3,0x0e,0x01,0xa8,0x65,0x89,0x33,0xc1,0x6b,0x8c,0x90,0x60,0x5e,0x35,0xd6,0xc7, + 0xf4,0x1d,0xe3,0xa7,0x75,0x97,0x83,0x5f,0xa9,0x04,0xd1,0xf0,0x54,0x11,0x36,0x8e,0x6e,0x87,0x8a,0xbd,0x04,0x85,0x47,0x7d,0x16,0x2b,0x2c,0x76,0x4e,0xf0,0x45,0xac, + 0xc4,0xdb,0xe3,0xb9,0x4e,0x72,0x9b,0x1e,0x0a,0xe3,0x4f,0xfb,0x0f,0x6b,0x0d,0x95,0xd7,0xe6,0x19,0xab,0x39,0x43,0xaa,0x38,0x36,0xcf,0x1e,0x72,0x1a,0x47,0x0a,0x9e, + 0x83,0xb3,0x10,0x61,0xf1,0xb7,0x01,0x48,0x87,0x0a,0x92,0x82,0xa4,0x64,0x1c,0xc8,0x42,0x89,0x43,0xa3,0xb1,0x0e,0x03,0x01,0x95,0x5f,0x59,0x60,0xc3,0x86,0xfb,0x04, + 0x5f,0x74,0xc0,0x66,0x59,0x5f,0xe9,0xea,0x28,0x32,0x74,0x96,0x4a,0xe8,0x3f,0xba,0x1a,0x73,0xef,0x9d,0x29,0xd2,0x4e,0x66,0x04,0xa4,0xaa,0x08,0x81,0xfe,0x39,0x0d, + 0xc6,0x72,0x60,0x1d,0x95,0x1b,0xdb,0x55,0x0e,0xa9,0xcc,0x58,0xd2,0x03,0x13,0x37,0xdb,0x39,0xa3,0x79,0x9d,0xe2,0x1a,0xf4,0xe5,0xc2,0x3e,0x2f,0xd7,0xf5,0x37,0xda, + 0xb2,0xc2,0xc0,0x05,0x32,0xd4,0x68,0xd2,0x53,0x74,0xae,0x2e,0x6e,0xc9,0xbc,0x52,0xbc,0xb2,0xe8,0xdf,0x20,0xad,0x1a,0x40,0x71,0x9b,0x7d,0x91,0x74,0x6d,0xae,0xab, + 0xe5,0xfe,0x7c,0x96,0x37,0x18,0x78,0xcf,0x86,0xdb,0x42,0x10,0xa4,0x87,0xd7,0xd3,0x3a,0xc4,0xbc,0xc4,0x5b,0x8d,0xf2,0x15,0x2e,0x82,0xaa,0x72,0x28,0xa9,0x91,0xe2, + 0x1b,0xb9,0xa5,0x01,0xab,0x9d,0x21,0x52,0x30,0xcd,0x10,0x72,0x04,0x2b,0x3c,0x82,0x71,0xae,0xc3,0xb2,0xc1,0xda,0x10,0xd1,0xa8,0xc8,0x10,0xfc,0xea,0xed,0x47,0xa4, + 0xfd,0xc1,0x5a,0x26,0xab,0xba,0xde,0x34,0x16,0xe1,0x20,0x1a,0x6d,0x73,0x71,0x28,0xa2,0xf8,0x97,0xf0,0xd8,0x81,0x08,0x64,0x54,0x53,0xa1,0xb3,0xdd,0xd0,0x56,0x88, + 0xe3,0x63,0x48,0xe3,0xa4,0x64,0xbc,0x51,0x83,0x84,0x80,0x6c,0x54,0x8e,0x15,0x6e,0xdd,0x99,0x4c,0xb6,0x94,0x64,0x73,0xc2,0x65,0xa2,0x49,0x14,0xd5,0x55,0x9f,0x1c, + 0x7d,0x65,0x68,0x4b,0xdc,0xe4,0xac,0x95,0xdb,0x00,0x2f,0xba,0x35,0x0d,0xc8,0x9d,0x0d,0x0f,0xc9,0xe1,0x22,0x60,0xd0,0x18,0x68,0x54,0x3f,0x2a,0x6c,0x8c,0x5b,0x8d, + 0x6e,0xc6,0xba,0x23,0x74,0xab,0x0a,0x9a,0xe6,0x63,0xf3,0xf7,0x36,0x71,0x15,0x8a,0xaa,0xba,0xc3,0xac,0x68,0x9d,0x6c,0x27,0x02,0xeb,0xdf,0x41,0x86,0x59,0x7a,0x85, + 0x6d,0x6e,0x87,0x78,0x7d,0x0a,0x94,0x7e,0xcf,0xbf,0x79,0x62,0x14,0x2f,0xde,0x8f,0xf9,0xb5,0x90,0xe4,0x72,0xc0,0xc4,0x6b,0xbc,0x5d,0x39,0x02,0x0e,0x4f,0x78,0xa7, + 0x56,0xea,0x43,0x82,0xf8,0xe1,0xab,0xfc,0xb2,0x11,0x98,0x9f,0x50,0x06,0x76,0x44,0x9a,0xbc,0xeb,0xfe,0x2c,0xd2,0x20,0x4d,0xd8,0x92,0x3d,0xeb,0x53,0x0a,0x6c,0x7b, + 0x2c,0x36,0x2c,0x27,0xb3,0x10,0x7e,0xa8,0xa0,0x42,0xc0,0x5c,0xc5,0x0c,0x4a,0x8d,0xda,0xae,0x8c,0xdc,0x33,0xd0,0x58,0x49,0x29,0x51,0xa0,0x3f,0x8d,0x8f,0x81,0x94, + 0x01,0x88,0xda,0x28,0x9c,0xe8,0x97,0x4a,0x4f,0x44,0x52,0x09,0x60,0xfa,0xe8,0xb3,0x53,0x75,0x0a,0xca,0x78,0x92,0x72,0xe9,0xf9,0x0d,0x12,0x15,0xba,0xcd,0xd8,0x70, + 0xf7,0x8b,0xd7,0xff,0x89,0x9c,0x81,0xb8,0x66,0xbe,0x17,0xc0,0xa9,0x4b,0xec,0x59,0x28,0x38,0xd7,0x8d,0x1f,0x0c,0x0c,0xf5,0x32,0x82,0x9b,0x6c,0x46,0x4c,0x28,0xac, + 0x99,0xf6,0x15,0x1f,0xba,0x28,0x06,0x7e,0xac,0x73,0x35,0x49,0x20,0xfc,0xc1,0xfa,0x17,0xfe,0xa6,0x32,0x25,0xa5,0x83,0x32,0x3c,0xb6,0xc3,0xd4,0x05,0x4e,0xca,0xca, + 0x68,0xca,0x39,0xde,0x0c,0xec,0x22,0x97,0x52,0x9f,0x56,0x87,0x6b,0xc3,0xde,0x7b,0xe3,0x70,0xf3,0x00,0xe8,0x7c,0x2b,0x09,0xcd,0xbb,0x51,0x20,0x38,0x2d,0x69,0x77, + 0x1a,0xf2,0x54,0xaf,0x90,0xc1,0x6d,0xbd,0x21,0x7f,0x33,0x56,0xf7,0xfe,0xf9,0xad,0x53,0x2d,0x49,0x02,0xa6,0xd6,0x72,0x18,0xe3,0x18,0x8a,0x9e,0x84,0x0f,0xc9,0x29, + 0x9e,0x23,0x22,0x23,0xaf,0xd0,0xd5,0x7a,0x7b,0x15,0x0f,0x65,0x70,0x0a,0xc6,0x0a,0x78,0xba,0xe2,0xaa,0xfc,0x0c,0xf9,0xd1,0xa8,0x20,0x45,0x2c,0xa1,0xe5,0x7a,0x14, + 0xec,0x2f,0x75,0x42,0xcc,0x1d,0xf6,0x65,0x76,0x4c,0x5b,0x9b,0xff,0x75,0x12,0x08,0xd6,0x68,0xbe,0x9f,0x3d,0x61,0xcd,0x6c,0x33,0xb3,0x5e,0xd0,0xf4,0xfe,0x5a,0x17, + 0xb0,0x95,0xe9,0xc2,0xf9,0x33,0xa0,0x00,0x53,0xa9,0x57,0x58,0xdc,0x20,0xfe,0x1e,0x72,0xa7,0x98,0x46,0x2f,0x90,0xfd,0x67,0xfa,0xfb,0xbd,0x68,0xd7,0x61,0xdd,0x67, + 0x95,0x48,0x4c,0x55,0x54,0xb5,0x43,0xf8,0xeb,0x2f,0xc2,0x18,0xcc,0x46,0xff,0xe6,0x48,0xa3,0xbf,0xac,0x41,0xe6,0xdf,0xaf,0xca,0x1b,0xa1,0x1f,0x8c,0x53,0xed,0x6e, + 0xf2,0x2e,0xbb,0x68,0x43,0x28,0x1b,0x54,0xb2,0x2a,0x9f,0xf1,0xa9,0x14,0x85,0xc7,0xdb,0x8f,0x95,0xdb,0x4b,0xf8,0xa1,0x13,0x1f,0x89,0x2b,0x3b,0xfc,0xe5,0x66,0x62, + 0x99,0x62,0x3d,0x9f,0x44,0x7b,0x66,0xcb,0x32,0x24,0x88,0xea,0x46,0x3b,0x3e,0x40,0xd5,0x62,0x0f,0x4d,0xf7,0x8f,0x89,0xc6,0x2f,0xe0,0xba,0x8b,0x90,0xff,0x38,0x6e, + 0xd6,0x11,0xaf,0xb4,0x04,0x6c,0x9f,0x4b,0x28,0x87,0xb7,0xdd,0x4d,0x45,0xb8,0x0e,0x95,0x84,0xec,0xa9,0x3f,0x5a,0x85,0x5d,0xc3,0x0e,0x52,0x9e,0xed,0xbf,0x50,0x17, + 0x04,0x38,0x08,0x5a,0xb0,0x10,0x4f,0xb4,0x7c,0x69,0x6b,0xe5,0xc0,0x8f,0x95,0xe3,0x19,0xed,0x55,0x07,0xab,0x78,0x1f,0xe1,0xcd,0xcc,0xd6,0xdd,0xb3,0x4b,0xda,0x67, + 0x32,0x6d,0xba,0xbf,0xfe,0x17,0xc6,0xef,0xc7,0x10,0xbd,0xb8,0xd0,0x4d,0x16,0xc8,0x62,0x4c,0x08,0x3d,0x48,0xbf,0xa6,0xe4,0x41,0x1d,0x22,0x12,0x64,0xd8,0x27,0x7f, + 0xf4,0x7a,0x91,0xe2,0x9e,0xbe,0x69,0xba,0xab,0x6b,0x34,0x0b,0xb6,0x4a,0x6d,0xc3,0x4f,0xca,0x75,0x46,0xfd,0x6e,0xba,0x53,0xf5,0xbb,0xe4,0x1f,0x61,0x78,0xc7,0xc6, + 0xcf,0x83,0x31,0x9c,0x73,0x53,0x48,0xdd,0x13,0xc4,0x4b,0x05,0x5f,0x67,0xa2,0x92,0xf7,0xaf,0xc5,0xd9,0xd2,0xbd,0x07,0x06,0xc9,0x66,0xad,0x76,0x53,0x68,0xd4,0x22, + 0x41,0xee,0x78,0x01,0xcc,0xb7,0x02,0xf2,0xf6,0x33,0xd1,0xd0,0xec,0x20,0xd7,0xc4,0x27,0x93,0x68,0x86,0xdf,0x89,0xad,0x33,0xd1,0x9d,0xbb,0x56,0xf6,0x6a,0x26,0x56, + 0xaf,0x82,0x8d,0x6b,0xc2,0x1a,0xd6,0xb4,0x57,0x0b,0x5f,0x68,0xa6,0x20,0x8d,0x3a,0x2f,0x46,0xed,0xca,0x69,0xb1,0x98,0x0f,0xe5,0x04,0x67,0x92,0xc6,0x8c,0xab,0x80, + 0x4e,0xbf,0x7f,0x17,0x4c,0xdb,0x3f,0xda,0x94,0xf9,0x96,0x98,0x31,0x7f,0xfe,0xf5,0xf4,0xd4,0xfb,0x93,0x3f,0x32,0x92,0xf1,0xaa,0xa7,0x82,0xc3,0x54,0xba,0x03,0xe7, + 0x16,0x49,0xf8,0x3c,0x47,0xa6,0x64,0x0a,0x94,0xb7,0x73,0xab,0x43,0x09,0xbd,0x69,0x64,0x10,0x94,0x33,0xe3,0xf3,0xee,0x5b,0x02,0x4d,0x19,0x15,0xef,0x51,0x39,0xde, + 0xf4,0x34,0xc3,0xff,0xe1,0x09,0x52,0x84,0x56,0xc2,0x3d,0x6c,0xfe,0x51,0xec,0x0b,0x10,0xbe,0x60,0x6d,0x7a,0x26,0x77,0x5f,0xe2,0xff,0x0a,0x9b,0x18,0xf9,0x2f,0x39, + 0xbd,0x02,0xb9,0xdf,0xc8,0xef,0x76,0x07,0x08,0x95,0x0b,0xd9,0x72,0xf2,0xdc,0x24,0x48,0x93,0xb6,0x1b,0x6b,0x46,0xc3,0xb1,0x9b,0xe1,0xb2,0xda,0x7b,0x03,0x4a,0xc5, + 0x41,0x22,0x69,0xbf,0xc1,0x5d,0x8b,0x1f,0xd7,0xf2,0x5d,0xe3,0x3b,0x15,0x15,0xea,0x67,0xf2,0x19,0x4e,0x73,0xba,0x06,0xc8,0x5e,0xf9,0x9b,0xb4,0x27,0x22,0xf9,0x5d, + 0x0a,0xd7,0x55,0x6a,0x62,0x10,0x74,0xa7,0x71,0xbf,0x12,0x91,0x63,0xd0,0x9a,0x2e,0x9d,0x2e,0x17,0x4f,0x2b,0x8a,0x4b,0x69,0x73,0xe8,0x9e,0xa1,0x38,0xc9,0xa6,0x03, + 0x76,0xac,0xc7,0x4d,0xd6,0x08,0x72,0xab,0x29,0xe1,0xbc,0xb9,0x9d,0xd4,0x63,0x65,0xc7,0xc7,0xf7,0x92,0x61,0x9c,0x90,0x1c,0x7b,0xa5,0xc6,0x83,0x78,0xb2,0x33,0xf5, + 0x50,0xe2,0x3b,0x94,0xfc,0xc3,0x3d,0x93,0xdb,0xcd,0x71,0xe9,0x55,0xe1,0x95,0xfe,0x0b,0xf6,0xac,0x9b,0x04,0xb1,0x5f,0x00,0x1e,0x53,0xb5,0xdc,0x7b,0xad,0x15,0x8e, + 0x33,0x24,0xbf,0x2f,0xb3,0x48,0x6b,0x11,0x04,0xff,0xfa,0x35,0xef,0x38,0x97,0x5f,0xaf,0xfb,0xa1,0xeb,0xe4,0x2c,0x54,0x39,0x92,0x06,0xfa,0xce,0x50,0x54,0x48,0xc7, + 0x23,0x5f,0xd3,0xe7,0x21,0x6c,0x92,0xf7,0x38,0x60,0xf0,0xac,0x01,0x21,0xb4,0x26,0x4f,0xf8,0x9d,0x80,0xbc,0x75,0xd5,0x9d,0xd4,0x55,0x29,0x85,0x97,0xc5,0xf2,0xec, + 0x0b,0xf7,0x58,0xde,0x27,0x05,0x23,0x19,0xda,0xc3,0x9b,0x32,0x4a,0x6e,0xa5,0x5e,0x92,0x86,0x03,0xa3,0xef,0x90,0x49,0xad,0x14,0x7f,0x8c,0xa3,0x5f,0x55,0xb6,0x56, + 0x31,0x2e,0xea,0xae,0xe3,0x97,0x22,0x4f,0xc1,0x7d,0xec,0x71,0x91,0xce,0x69,0xce,0xf4,0x0e,0x8f,0xb3,0x73,0x51,0x6c,0x2b,0x1e,0xda,0xda,0x03,0x36,0xc9,0x9c,0x13, + 0xaa,0x16,0x91,0x85,0x8e,0x6a,0x1a,0x06,0xc6,0xdf,0x57,0xce,0x10,0xa4,0xc7,0x30,0x97,0x4c,0x06,0xd1,0xe0,0x10,0x6d,0x1a,0x31,0xb5,0x1b,0x91,0x5c,0xd6,0xb6,0x0e, + 0x57,0x86,0xd6,0xea,0x09,0xff,0xb2,0x1a,0x63,0xad,0xb0,0x20,0xb1,0x17,0x09,0x64,0x84,0xef,0x99,0x5e,0x8c,0x4a,0x72,0xaf,0xa4,0x79,0xcb,0xa9,0x5c,0x95,0x99,0x20, + 0xae,0x0c,0x78,0x45,0xb8,0x29,0x95,0x26,0x3c,0x51,0xe1,0x3e,0x29,0x74,0x12,0xd1,0x7b,0x65,0x0a,0xa8,0x3d,0xce,0x4f,0x55,0xa0,0x69,0xdb,0xee,0x67,0x1c,0x16,0xb8, + 0xe5,0xe7,0x64,0xa3,0x8b,0x73,0x81,0x6f,0x6e,0x11,0xe7,0xcf,0x29,0x8b,0x2b,0xe5,0x4d,0x11,0x24,0x9c,0x61,0x5f,0x0a,0x71,0x49,0x8a,0x0a,0x82,0x1b,0x57,0x36,0xbb, + 0x6a,0xa7,0xe7,0x4a,0x7a,0x83,0x8e,0xfa,0x96,0x07,0xf3,0x58,0x7d,0x41,0x17,0xf1,0x91,0x4c,0x57,0xfa,0x92,0x4b,0x44,0x1c,0x27,0xfb,0x7a,0x7c,0x31,0xfb,0xaa,0xc4, + 0x39,0x1b,0x62,0x4f,0x28,0xeb,0x39,0x81,0x56,0x66,0x6d,0xbe,0xc1,0xd6,0x35,0xf8,0xff,0x17,0x53,0xeb,0x86,0x29,0x79,0x73,0xa1,0xc2,0x83,0x1b,0x10,0x91,0xe2,0xdf, + 0xe3,0xf3,0x9d,0x07,0x1b,0x74,0x3c,0x80,0x41,0x45,0x4d,0x1d,0xac,0xba,0x93,0xdc,0x9f,0x3f,0x12,0xa5,0xae,0x1b,0xfb,0xeb,0xaa,0x59,0xfc,0x4c,0xef,0xee,0x6b,0x82, + 0x09,0xd0,0xd1,0xb9,0x2a,0xf1,0xe7,0x11,0x1d,0x22,0x3b,0xf5,0xef,0xcd,0xfa,0x6d,0xf2,0x62,0x2a,0xb3,0xcf,0x16,0x1a,0xf0,0xeb,0xbf,0x06,0xad,0x00,0xc0,0x9b,0x6e, + 0xa7,0x38,0x72,0x7e,0x0f,0x5b,0x20,0x44,0x80,0x09,0xd1,0x02,0x9c,0xa7,0x27,0xf2,0x38,0x0d,0x2c,0x6e,0x15,0x2a,0x6e,0x2d,0xa8,0xea,0x50,0x53,0x1c,0xe3,0x94,0x99, + 0xa3,0x14,0xe4,0xee,0x9e,0x30,0x3d,0x97,0x0b,0x4e,0x9f,0x0c,0xdc,0x26,0x26,0x57,0xd5,0xc5,0x19,0x2f,0x05,0x54,0x66,0xb9,0xd0,0x9d,0x9c,0x88,0x8d,0x6b,0x72,0x56, + 0x8f,0x4e,0x1b,0xf8,0xe5,0x18,0x2a,0x1f,0xbc,0xde,0xac,0x92,0x4d,0xf1,0xba,0x2f,0x93,0x71,0x62,0xd4,0x8a,0x20,0x67,0x83,0xc4,0x81,0x32,0xcb,0x58,0x2c,0x07,0xdb, + 0x16,0x68,0x2c,0x86,0x2c,0xf5,0x37,0x55,0xb3,0xc2,0x8a,0xdf,0x7d,0xe0,0x52,0xd5,0xcf,0x0e,0x81,0xe5,0xd8,0xac,0xb3,0x46,0x70,0x2a,0x39,0x2b,0xc6,0xb2,0xb1,0xd5, + 0xcc,0x33,0xe8,0x40,0xb5,0x35,0x4b,0xf6,0xe0,0x88,0x04,0x7e,0x76,0xdc,0x16,0x8f,0x15,0xc0,0xc1,0xaa,0x94,0x67,0x31,0x60,0x0f,0x52,0xd6,0xf1,0xc9,0x29,0x9b,0x27, + 0xd7,0xb4,0xf5,0xe2,0xdd,0x1e,0xbe,0xcf,0xc9,0x23,0x18,0xd9,0x20,0x85,0x27,0x1b,0xe4,0x82,0xfe,0x65,0xa0,0x3e,0x83,0xb2,0xe3,0x58,0xa3,0x97,0xa5,0x97,0x44,0x9b, + 0x1d,0x88,0xed,0x8e,0x45,0x79,0xa4,0xc6,0x2f,0xed,0x95,0xea,0xfe,0x15,0x28,0xf8,0xd5,0x05,0x60,0x41,0xfc,0x41,0xf3,0xef,0x06,0x36,0x05,0xdd,0xc9,0x80,0xee,0x09, + 0xa6,0x69,0x85,0x78,0x65,0x0d,0xad,0xb4,0x52,0xd6,0x77,0xc3,0x98,0x3e,0x6b,0x80,0x91,0x52,0xd7,0xd2,0xd8,0xfb,0xa3,0x49,0xce,0xc6,0x86,0xe7,0x2e,0x6f,0x86,0x93, + 0x8e,0x42,0xc3,0x89,0x02,0xb2,0x5f,0xa1,0x38,0xb9,0x5f,0x4f,0x28,0x0b,0x68,0x4c,0x09,0xe1,0x21,0x2c,0x4f,0x06,0xa2,0xbc,0x2c,0x2b,0x2b,0x87,0x90,0x11,0x20,0x34, + 0xa1,0x9f,0x11,0x65,0xd3,0x1c,0x16,0x95,0x35,0x99,0x29,0xde,0xeb,0xcd,0x24,0x84,0x6c,0xcb,0x9a,0x3c,0x2a,0x38,0xc1,0x0b,0xdc,0x7c,0x85,0x5b,0xf8,0xa3,0x2d,0xf7, + 0x0a,0x87,0x93,0x5c,0x03,0x6d,0xe6,0x66,0xb7,0x61,0x9f,0x14,0xec,0x58,0xf9,0xf7,0x86,0x98,0xcc,0x23,0xa6,0x67,0x61,0x6f,0x84,0xc1,0x77,0xf3,0x46,0x61,0xeb,0xe2, + 0x90,0xac,0xcd,0x1c,0x3a,0xf1,0xcd,0x78,0x2e,0xa1,0xe8,0x64,0xa3,0x07,0xaa,0xef,0x6a,0x01,0xfd,0x3a,0x63,0x05,0xa0,0xad,0xae,0x37,0xe7,0x68,0x44,0xb9,0xce,0x10, + 0xe1,0x64,0xd8,0x8f,0xcb,0xd1,0xcc,0xdd,0x65,0x4d,0xe0,0x41,0x5b,0xfb,0xd2,0xa1,0x71,0x59,0x07,0x13,0x01,0x5f,0x4a,0x17,0x55,0x50,0x4e,0x62,0xf7,0xa0,0x38,0x70, + 0xd4,0xb6,0xd4,0x25,0x1a,0xc1,0xf8,0xa0,0xb0,0xc7,0x5b,0xba,0xc3,0x51,0x7a,0x13,0xea,0x0c,0x85,0x7b,0x54,0x99,0xb0,0x3d,0x15,0x3b,0xe6,0x63,0xa8,0x71,0x54,0x80, + 0xf5,0x27,0x0d,0x0c,0x41,0x19,0xf1,0xef,0x46,0x7a,0x37,0x50,0x16,0x88,0xb4,0xbf,0x4a,0x51,0x6e,0x5f,0x58,0xa0,0xf5,0xa4,0x0f,0x23,0xae,0x70,0xee,0x81,0x3c,0x26, + 0x17,0x63,0xeb,0x5b,0xd3,0x67,0x7d,0xe8,0x8e,0x98,0xaa,0xd8,0x40,0x38,0x83,0x84,0x22,0xd6,0xe5,0x56,0x05,0xa1,0x47,0x61,0x78,0x8c,0xf3,0x05,0x67,0x2e,0xb6,0x70, + 0x98,0xc9,0x5e,0xf9,0xfd,0xed,0x24,0x1d,0xa0,0x93,0x92,0x57,0x31,0x44,0xda,0xf4,0x4b,0x03,0x32,0x51,0x8f,0x45,0x81,0x67,0xe0,0x9d,0x67,0x20,0x11,0xea,0x46,0x18, + 0xb0,0xfe,0x8f,0xc6,0xab,0xe8,0x53,0xb1,0xea,0x6a,0xa4,0xf4,0xb4,0x49,0x0b,0xcd,0x94,0xff,0xd3,0x53,0x2c,0x1d,0x7c,0xce,0x36,0xd0,0x59,0xac,0x8f,0x29,0xcd,0x67, + 0x4f,0xdc,0x7c,0xc0,0x4b,0x24,0x59,0xf7,0x3c,0x85,0x60,0x23,0xe8,0x92,0x69,0x9b,0x90,0x18,0xba,0xca,0x1b,0x8e,0x3b,0x04,0x0e,0xc7,0x43,0x24,0x60,0x7c,0x97,0xc5, + 0x56,0x11,0x38,0x97,0x99,0x56,0xfe,0x6a,0x1a,0xea,0xe0,0x62,0x77,0x45,0x6c,0x7e,0x5e,0x7e,0x7d,0x64,0x39,0x10,0xe2,0x47,0xfb,0x24,0x8d,0xd7,0x43,0x56,0x91,0xa0, + 0x06,0xc0,0x6a,0xbb,0x60,0x3b,0xff,0x68,0xf3,0x56,0xce,0x49,0x6c,0x17,0xfc,0xd0,0x66,0x2f,0xa0,0x40,0xeb,0x0c,0xd4,0x5a,0x98,0x11,0x2e,0x6c,0x1e,0xea,0x11,0xdb, + 0x31,0x92,0x97,0xf7,0x7a,0x75,0x38,0x1b,0x65,0xd7,0x31,0x07,0xe8,0x26,0xee,0xa0,0xe6,0x9d,0x85,0x98,0x5d,0xb4,0x56,0x8f,0xea,0x21,0xd1,0x2d,0xda,0x69,0x69,0x21, + 0xc3,0xef,0x6e,0xb9,0x1a,0xad,0x69,0x45,0x6e,0xde,0x51,0x74,0xb0,0xe5,0xe3,0xd6,0x86,0x3c,0x02,0x4a,0xef,0x31,0x85,0xd2,0x25,0x89,0x46,0x36,0x29,0x03,0xe5,0x76, + 0xa1,0x8b,0x1f,0xba,0x4d,0x49,0x64,0x19,0xed,0xe7,0x0c,0xc2,0x3c,0xee,0xd6,0x74,0x52,0x6f,0x34,0x29,0x9e,0x5b,0x09,0xc0,0xee,0x2d,0xd1,0x66,0x96,0x93,0xfe,0xf9, + 0x9f,0xc7,0xff,0xf3,0xbb,0x4d,0x6e,0x5a,0x4d,0x52,0xeb,0x0e,0x3c,0x51,0x3a,0x3c,0x9f,0xa5,0x60,0x14,0xc0,0x30,0x44,0x95,0x46,0xcd,0xa7,0x44,0xaa,0x12,0x6f,0x6e, + 0x61,0xcb,0x2f,0xb9,0x9b,0x69,0x5e,0xcb,0xaf,0x91,0xa9,0x5e,0x6e,0x0c,0x7e,0x24,0x63,0x3b,0xc7,0x61,0x3e,0xbf,0x51,0x8c,0x6f,0x1c,0x81,0x61,0xdc,0x75,0xea,0x5f, + 0xaf,0x30,0x6c,0x99,0x3d,0xee,0x0d,0xcf,0xc4,0x41,0xeb,0xe5,0x33,0x60,0xb5,0x69,0xe2,0x1f,0x18,0x60,0x52,0xdb,0x81,0x97,0xf4,0xa1,0x24,0xfa,0x77,0xb9,0x81,0x48, + 0xaa,0x7f,0xc9,0xfe,0x60,0x44,0x5e,0xac,0x24,0x51,0xec,0x24,0xc1,0xa4,0x49,0x09,0x84,0x2f,0xa1,0x40,0x25,0xf2,0xa1,0xd3,0xdd,0x7f,0x31,0x01,0x9f,0x96,0x2b,0xe5, + 0x08,0x2a,0x43,0xa8,0x41,0x77,0x82,0xa7,0x95,0xc8,0xd4,0xc7,0x0f,0x43,0xed,0xca,0xbb,0xc2,0x45,0xa8,0x82,0x0a,0xc0,0x1b,0xe9,0x0c,0x1a,0xcf,0x03,0x43,0xba,0x91, + 0x70,0x81,0x0b,0x47,0x80,0xa6,0x3c,0x86,0x04,0x27,0xd3,0xa0,0x26,0x9f,0x6c,0x9d,0x3c,0x2e,0xa3,0x34,0x94,0xc5,0x0e,0x58,0xa2,0x0b,0x94,0x80,0x03,0x4b,0xc7,0xa0, + 0xa7,0xd3,0x4e,0xe2,0x5f,0xbb,0x35,0x4f,0x86,0x38,0xd3,0x18,0x50,0xda,0xb4,0x1e,0x4b,0x08,0x68,0x86,0xf7,0xed,0x3f,0x2d,0x6e,0x03,0x5b,0xce,0xb8,0xca,0xb8,0xa0, + 0x3f,0x09,0xcb,0xc1,0x2e,0xd1,0x70,0x1f,0x59,0xdd,0x5a,0xa8,0x3d,0xae,0xf5,0xe6,0x67,0x6a,0xdf,0x7f,0xd2,0x35,0xc5,0x3f,0x69,0xae,0xb5,0xd5,0xb6,0x77,0x99,0xe0, + 0xe0,0x4e,0x88,0x1f,0x41,0x6b,0xb5,0xaa,0x37,0x96,0x40,0x7a,0xa5,0xff,0xdd,0xf8,0xe1,0xb2,0x44,0x6b,0x18,0x5f,0x70,0x0f,0x69,0x53,0x46,0x83,0x84,0xfa,0xaf,0x76, + 0xad,0xac,0xe7,0x1f,0x40,0x00,0x6c,0x04,0x55,0x75,0x40,0xc2,0xed,0x81,0x02,0xd8,0x30,0xc7,0xf6,0x38,0xe2,0x20,0x1e,0xfe,0xb4,0x7d,0x73,0x2d,0xa7,0x9f,0x13,0xd9, + 0xb8,0xcb,0xf0,0x96,0x8f,0xb7,0x0d,0x39,0x10,0x59,0xd0,0x90,0xb3,0x0d,0x1c,0x4e,0xdc,0xd2,0xda,0xd7,0xab,0xbf,0x7a,0xa4,0xad,0x45,0x2f,0x5a,0x46,0x44,0xa7,0xbe, + 0x07,0x25,0x72,0x45,0xda,0x4b,0xc2,0x66,0x96,0xe2,0x45,0x53,0x1c,0x7a,0x97,0xc2,0xb5,0x29,0xf1,0xca,0x2d,0x8c,0x05,0x16,0x26,0x52,0x0e,0x6b,0x83,0xd7,0xfa,0xf2, + 0xd6,0xaa,0x40,0x1b,0x9c,0xe1,0x7e,0xcf,0x7d,0xd7,0xb0,0x86,0x1d,0xfe,0xb3,0x6b,0xb1,0x74,0x9d,0x12,0x53,0x39,0x91,0xe6,0x6c,0x0d,0x94,0x22,0x81,0xae,0x13,0xab, + 0xf4,0x3b,0xfe,0x4e,0xcc,0xc2,0x4e,0xbf,0x6e,0x36,0xc5,0xbc,0xac,0xa4,0x7b,0x77,0x0c,0x17,0xbc,0xb5,0x9e,0xa7,0x88,0xb1,0x5c,0x74,0xae,0x6c,0x9d,0xd0,0x55,0xa1, + 0x00,0x9b,0xc3,0xab,0xb3,0xcf,0x0a,0xca,0x21,0x4f,0x0e,0x8d,0xb5,0x08,0x8d,0x52,0x0b,0x3d,0x4a,0xad,0xb1,0xd4,0x4c,0x4a,0x2b,0xe7,0xf0,0x31,0x46,0x1c,0x94,0x20, + 0x8b,0xcb,0x07,0xa3,0xd0,0xfa,0x82,0xaf,0x60,0xc8,0x8a,0x8d,0x67,0x81,0x0e,0xbc,0xa0,0xea,0x27,0x54,0x83,0x84,0xe9,0x6d,0x34,0x83,0x31,0x02,0x12,0x21,0x93,0x12, + 0xa0,0x9d,0xdc,0x7c,0xfe,0x02,0x3a,0xcd,0x95,0x71,0xef,0x07,0x54,0x01,0x02,0x89,0xc8,0x04,0x67,0x8c,0x04,0x3f,0x90,0x0f,0x26,0x91,0xdd,0x80,0x1b,0x94,0x2e,0xd4, + 0xda,0x98,0x05,0x4d,0x51,0xac,0x96,0x15,0xe9,0xd4,0xf5,0xce,0xda,0x1f,0x1b,0xad,0x40,0x30,0x2a,0xc1,0x16,0x03,0x43,0x1e,0xfe,0xc1,0x3a,0xb5,0x0e,0x32,0xfc,0xf2, + 0xd6,0x07,0x95,0xd8,0xf3,0x10,0xb1,0x55,0x72,0x65,0x34,0xb8,0xbe,0x3d,0x0b,0x8a,0x7b,0xc2,0xce,0xd4,0x68,0xc6,0xe6,0x4c,0x8b,0x9a,0xe0,0x87,0xb3,0x3e,0xe0,0x0b, + 0x67,0x5f,0xef,0x8f,0x56,0x80,0xbf,0x76,0x22,0x0e,0x91,0x36,0x26,0x13,0x94,0x40,0x99,0x04,0x6b,0x0b,0xa0,0x7e,0x58,0x24,0xe9,0x3f,0x3e,0x3c,0xc2,0xcc,0x27,0x58, + 0x76,0xb4,0x39,0xf8,0xea,0x7b,0x42,0xf1,0x1c,0xd5,0x9e,0x6d,0x91,0xb2,0xd2,0xa7,0x25,0x77,0xc1,0x85,0x38,0x6b,0x6a,0xf6,0x63,0x9b,0xe8,0xe3,0x86,0x4a,0x7f,0x27, + 0x56,0xe6,0x3f,0xa7,0x88,0x12,0x1d,0x5e,0xfa,0x0c,0xe3,0xca,0xf4,0x60,0x5a,0xf1,0x8d,0x48,0xc6,0x31,0x49,0x6c,0xdf,0xa8,0x62,0xc4,0x3e,0xcf,0x5e,0x5f,0xc1,0x27, + 0xcf,0xf3,0xb5,0xe1,0x9e,0xd6,0x7e,0x51,0x11,0xdd,0x76,0xe3,0x10,0xa1,0xf1,0x1d,0x7f,0x99,0xa9,0x3f,0xbe,0x9c,0xc5,0xc6,0xf3,0x38,0x40,0x86,0xca,0xcd,0x11,0x42, + 0xe2,0x94,0x83,0x88,0x4a,0x74,0xfb,0x84,0xf4,0x60,0x16,0x54,0x88,0x5a,0x0f,0x57,0x46,0x91,0x39,0x4f,0x06,0x4e,0xa6,0x93,0x7a,0x84,0x61,0x75,0xef,0x08,0x1f,0xc5, + 0x9c,0x6a,0x4b,0xcb,0x2f,0xc0,0x86,0xac,0xa8,0x72,0x6d,0x85,0x0f,0xa7,0x99,0x20,0x21,0x4a,0xf4,0xc1,0x51,0xac,0xea,0x0f,0xcf,0x12,0xa7,0x69,0xad,0x1f,0x35,0x74, + 0x34,0xb7,0xab,0xc3,0xf3,0xe3,0x6e,0x37,0xe2,0xd5,0x72,0x8a,0x87,0x0a,0x29,0x3a,0x16,0x40,0x31,0x46,0xca,0x67,0xff,0x91,0xcb,0xab,0xee,0xe2,0xbb,0x2e,0x03,0x8b, + 0x9b,0xd1,0x28,0x4f,0x1b,0xcb,0x19,0x34,0xd4,0x83,0x83,0x4c,0xae,0x41,0xa7,0x7d,0xb2,0x8c,0xd9,0x55,0x38,0x69,0x38,0x47,0x55,0xb6,0x98,0x3f,0x4f,0x38,0x48,0xa0, + 0x16,0x7e,0x3d,0xb6,0xa9,0x12,0xac,0x61,0x17,0x64,0x45,0x25,0x91,0x1f,0xc8,0x87,0x2e,0xd3,0x3b,0x8e,0x0b,0xbd,0x50,0x07,0x3d,0xd3,0xc1,0x7a,0x74,0x4e,0x61,0xe0, + 0x7c,0x30,0x20,0xe2,0x79,0xcb,0x5a,0xf1,0x41,0x84,0xb4,0x65,0x3c,0xc8,0x7c,0x1d,0xdd,0x7f,0x49,0xcd,0x31,0xcd,0x37,0x1a,0xe8,0x13,0x68,0x1d,0xd6,0x61,0x7d,0x0e, + 0xac,0xfd,0xff,0x56,0x6b,0x8b,0x55,0x31,0x88,0x69,0xfa,0x64,0x6f,0x78,0x9f,0x80,0x36,0xd4,0x0b,0x90,0xf0,0xfc,0x52,0x0a,0xe2,0xa5,0xa2,0x75,0x44,0xf9,0x62,0xc0, + 0x5c,0x6b,0x01,0xcf,0xf4,0xe6,0xce,0x81,0xa6,0x30,0x23,0x8b,0x5d,0xb3,0x66,0x2e,0x77,0xfb,0x88,0xbf,0xfd,0xde,0x61,0x44,0x3a,0x7d,0x85,0x54,0xba,0x00,0x1e,0xf2, + 0xe7,0x28,0x1d,0x12,0xb7,0x4b,0x06,0xee,0xcb,0x27,0x3e,0xc3,0xe0,0xd8,0xfe,0x66,0x3e,0x9e,0xc1,0xd5,0xa5,0x0c,0x2b,0x6c,0x68,0xec,0x8b,0x36,0x93,0xf2,0x3c,0x4c, + 0x80,0x64,0x3e,0xd8,0xb9,0x05,0x2a,0x2e,0x74,0x6a,0x26,0xd9,0x17,0x8f,0xe2,0xcc,0xff,0x35,0xed,0xbb,0x81,0xf6,0x0c,0xd7,0x80,0x04,0xfb,0x8d,0x5f,0x14,0x3a,0xae, + 0x75,0x87,0x3a,0xc5,0x44,0xad,0x69,0xd3,0xdd,0xc5,0xc9,0xcf,0xfe,0x38,0x4d,0x27,0x5e,0x9d,0xa2,0x94,0x9d,0x69,0x82,0xda,0x4b,0x99,0x0f,0x8b,0xf2,0xb7,0x64,0x74, + 0x35,0x5c,0x9f,0xac,0xa2,0x9c,0xf7,0xcc,0x96,0x88,0x53,0xee,0x29,0xff,0xe6,0x2d,0x11,0x27,0xfc,0xc1,0xdc,0x57,0xe9,0xdd,0xaf,0x0e,0x0f,0x44,0x71,0x46,0x06,0x4e, + 0xfc,0x17,0x5a,0x5e,0xf1,0x85,0x95,0xb6,0x9e,0x45,0xbe,0x2c,0xda,0x8a,0xe0,0x0d,0x9c,0x8b,0xdb,0xef,0xbc,0xf7,0xf6,0x92,0xf9,0x1c,0xef,0xdc,0x56,0x0e,0x47,0x22, + 0x46,0x55,0x91,0x46,0xa9,0x3a,0xae,0x90,0x4d,0xbc,0xaa,0xaa,0x07,0xe6,0xcd,0x1b,0xb4,0x50,0xf1,0xb3,0x7c,0x83,0x92,0x9a,0x99,0x4b,0x45,0x79,0x23,0x33,0xd5,0xf6, + 0xc6,0x4b,0x07,0x11,0x90,0x54,0xa3,0x79,0x61,0xc0,0xa1,0x77,0x15,0x82,0x56,0x08,0x1b,0x38,0xb0,0x08,0x7b,0x30,0x7e,0x0c,0xad,0x7e,0x30,0xd7,0x90,0xce,0xb0,0xce, + 0xbe,0xa8,0xcf,0xc0,0xbe,0xe8,0x57,0x1c,0xcf,0x0c,0x52,0x56,0x54,0xef,0x26,0xd1,0xfc,0x78,0x2b,0xb2,0x2d,0xec,0xcf,0x67,0xea,0x4e,0xa0,0x80,0x3d,0xc1,0x5d,0xaf, + 0x60,0x45,0x1d,0xa4,0xad,0xfe,0x5b,0xb3,0x93,0x10,0x90,0x69,0xef,0xdc,0x84,0x41,0x5e,0xc8,0xa2,0xc4,0x29,0x95,0x5c,0xbf,0x22,0xa4,0x34,0x0f,0x8f,0xc4,0x89,0x36, + 0xd6,0x8e,0x74,0x6f,0x3d,0x43,0xfe,0xac,0x5f,0xd4,0x89,0x8d,0xe9,0x43,0xdc,0x38,0x20,0x5a,0xf7,0xe2,0x63,0x1e,0xd7,0x32,0x07,0x9b,0xbf,0xc8,0xab,0x52,0x51,0x1c, + 0x28,0xda,0xea,0xad,0xc6,0x09,0x38,0x6d,0x77,0x0d,0xff,0x4c,0x71,0x20,0xb2,0xa8,0x7c,0xab,0x3e,0x21,0xfd,0xb8,0xa6,0xe4,0xdc,0x12,0x40,0xa5,0x1d,0x12,0xe5,0x5c, + 0xbb,0x41,0x10,0xb7,0x34,0xc8,0xef,0x8a,0x08,0xbb,0x60,0x11,0xac,0xb3,0x5c,0xbd,0xa9,0xae,0x8e,0x2e,0xf6,0xc4,0xd0,0x86,0x25,0x76,0xa6,0x87,0x92,0x66,0x7b,0xb9, + 0xe2,0x5c,0x50,0x03,0x7c,0xa1,0x91,0x38,0x51,0xb9,0x75,0x87,0x52,0x65,0x9f,0xb6,0x1c,0x02,0xd2,0xa7,0xc6,0xb6,0xaa,0xe2,0x9b,0xda,0x30,0x19,0x07,0xd9,0x9f,0x5d, + 0xad,0x25,0x9f,0x01,0xe9,0x53,0x26,0x3f,0x40,0xa3,0x9b,0x14,0xa5,0x38,0xd0,0x76,0x71,0x0c,0x19,0x20,0x7a,0xf9,0x36,0xfe,0xab,0xdf,0x03,0xbd,0xa7,0xf0,0x67,0xa5, + 0x5e,0xc6,0x02,0x5a,0xc7,0xb2,0x5c,0x0f,0x09,0x5f,0x3f,0xde,0xe3,0xe2,0xe5,0x08,0xbd,0x14,0x37,0xb9,0x70,0x5c,0x25,0x43,0xc0,0xe5,0xaf,0x1c,0x1d,0x36,0x3f,0xfd, + 0xa2,0xf9,0x3a,0x84,0x57,0x4a,0x26,0xb4,0x38,0x80,0xcd,0xe6,0xed,0x44,0x0c,0x7f,0x7c,0xc7,0x2c,0x92,0x50,0x4d,0x52,0x71,0x99,0x9a,0x8a,0x78,0xff,0xe3,0x49,0x1d, + 0x8d,0x0c,0xdb,0x49,0x77,0xba,0x76,0x61,0xd4,0x10,0x36,0xae,0xb7,0xa5,0xf2,0xdd,0x20,0x77,0x16,0xd5,0xd7,0x6e,0xeb,0x26,0x62,0x90,0x43,0xc5,0x59,0xec,0x29,0x00, + 0xde,0xfd,0xe4,0xaa,0x48,0xf8,0x9b,0x03,0xf6,0x23,0xea,0x1f,0x94,0x6f,0x1a,0xa9,0x38,0xc5,0xaa,0xb8,0x79,0xca,0x63,0x19,0x59,0x69,0x26,0xf0,0x85,0x57,0x8e,0xdc, + 0xaf,0xe0,0xbf,0xed,0x69,0xa6,0x00,0x16,0x38,0x65,0x40,0x61,0x27,0xa8,0x97,0x2b,0x61,0x32,0x32,0xaa,0x4c,0x93,0x3a,0x06,0xb5,0xa5,0xb5,0xbc,0xff,0x15,0x96,0xf8, + 0xf4,0x9b,0xca,0x7a,0x6a,0x52,0x56,0xdd,0xf7,0x12,0x77,0x59,0x17,0xc3,0x0e,0x48,0x73,0x15,0x34,0x69,0xba,0xe1,0x2f,0xd5,0xc5,0x57,0x10,0x31,0xdb,0x7b,0x12,0x05, + 0x9c,0x88,0xb6,0x11,0xb7,0xf9,0xaa,0xd3,0x3f,0xab,0xb0,0x9c,0xff,0x61,0x8b,0xb1,0xca,0x6f,0xb9,0x04,0xa2,0x89,0xb1,0x48,0x1d,0xa3,0xd1,0xe4,0xe7,0x25,0x89,0xe4, + 0x42,0xf6,0x34,0xc0,0x6c,0x4a,0x0e,0x7e,0x95,0x6d,0xb6,0xe8,0x66,0x66,0x60,0x3d,0x26,0x37,0x4c,0xc7,0x4b,0x11,0x02,0x6f,0x03,0x18,0xd1,0xa2,0x56,0x81,0xa7,0x12, + 0xe2,0xce,0xb9,0x46,0xe7,0x99,0x3f,0x27,0xa4,0x32,0x7a,0xbd,0xf6,0x1d,0x4f,0x06,0x57,0x7e,0x89,0xc6,0x3b,0x62,0xa2,0x4a,0xef,0xbd,0x90,0x57,0x10,0xd1,0x86,0x69, + 0x71,0x63,0x7a,0x5d,0xa2,0x41,0x2a,0x92,0x1f,0x16,0x36,0xc6,0x9a,0x6e,0xe8,0x10,0x83,0xee,0x2b,0x0e,0x13,0x76,0x6a,0xd1,0x22,0x79,0x1e,0xf6,0xf7,0x71,0x89,0x6d, + 0xbd,0x26,0x5e,0xd3,0x07,0x8c,0xa8,0xc7,0x78,0x8f,0x59,0x41,0x87,0xc9,0x6c,0x67,0x5a,0xa6,0x23,0xec,0xd0,0x1b,0xfc,0xad,0x62,0xd7,0x6a,0x78,0x81,0x33,0x4f,0x63, + 0x8d,0x07,0x3f,0xc5,0x92,0xfb,0x7a,0xa6,0xf7,0xb9,0x08,0xed,0x07,0x14,0x8a,0xa7,0xbe,0x5a,0x13,0x5c,0x4b,0x34,0x3e,0xbe,0x29,0x51,0x98,0xcb,0xa7,0x8e,0x71,0xce, + 0xa2,0x6d,0x69,0x8e,0x46,0x13,0x59,0x5a,0xa6,0x1c,0x8e,0x29,0x07,0xd5,0x24,0x1d,0x6d,0x14,0x90,0x97,0x37,0xdf,0x59,0x89,0x58,0x41,0xd0,0x77,0x27,0xbf,0x13,0x48, + 0xa8,0xed,0xc6,0xf9,0xaf,0x6b,0xf7,0x41,0x22,0xc1,0x1c,0xa1,0xa5,0x0a,0xfb,0xc4,0xa3,0xc4,0x98,0x7b,0xd0,0xd1,0xf7,0x32,0x84,0xd2,0xc1,0x37,0x1e,0x61,0x34,0x05, + 0x17,0x96,0x3d,0xe0,0x78,0x99,0x6e,0xb8,0x50,0x3c,0x7c,0xc3,0xe1,0xa2,0xd5,0x14,0x7d,0x7f,0x0b,0xfb,0x25,0x1a,0x02,0x0b,0x43,0x92,0x03,0x30,0x63,0x58,0x7c,0x8d, + 0x06,0x27,0x99,0xa1,0x95,0x45,0xd3,0x1b,0x3e,0xd7,0x22,0x53,0xbc,0xde,0x59,0x76,0x2a,0xa6,0x10,0x4a,0x88,0xac,0x5e,0x2f,0xb6,0x89,0x26,0xb0,0xf7,0x14,0x66,0x98, + 0x9f,0x42,0xdd,0x8f,0xce,0x13,0xf8,0x10,0x3b,0x3b,0x2b,0xc1,0x5e,0x61,0x24,0x2e,0x68,0x20,0xfe,0x13,0x25,0xa2,0x0e,0xf4,0x60,0xfe,0x64,0xd9,0xeb,0x12,0xb2,0x31, + 0xd1,0xb2,0x04,0xe5,0x2d,0x1f,0xac,0x6d,0x50,0x41,0x32,0xc7,0x6c,0xa2,0x33,0xc8,0x7e,0x37,0x7d,0xcc,0x79,0xc8,0x93,0xc9,0x70,0xdd,0xbb,0x9f,0x87,0xb2,0x7f,0xa0, + 0xc8,0xd6,0xbd,0x28,0xc1,0xe6,0x5a,0xe7,0xc7,0xa5,0xde,0xbe,0x67,0xa7,0xdf,0xaf,0x92,0xb4,0x29,0xed,0xe3,0x68,0xef,0xc9,0xda,0x7d,0x57,0x8a,0x53,0x9b,0x70,0x54, + 0x0d,0x1f,0x90,0x5c,0xc7,0x47,0x20,0xbd,0xe6,0x7a,0xe8,0x4f,0x58,0x27,0x28,0x58,0x8c,0x75,0x44,0x4c,0x27,0x3d,0xae,0x41,0x06,0xfa,0x20,0xd1,0xd6,0x94,0x64,0x30, + 0x3f,0x01,0x4e,0x30,0x91,0x92,0x58,0x8f,0xa8,0x3e,0x47,0xd4,0xac,0x96,0x85,0xd2,0x04,0x12,0x04,0xe2,0xea,0xf6,0x33,0xa1,0x31,0x28,0x12,0xe5,0x1a,0xe7,0x4c,0xbd, + 0x68,0xb4,0x04,0xd5,0x56,0xc8,0x20,0x04,0xc6,0xc4,0xbb,0xa4,0x51,0x8e,0xc0,0x0b,0x1d,0x4f,0x11,0x61,0xca,0xfe,0x6c,0x89,0xae,0xb8,0x49,0x4a,0x9b,0xa0,0x9d,0xb5, + 0xc3,0x31,0xad,0xe7,0xa4,0x57,0xdf,0x7f,0x12,0xa2,0xf5,0xc4,0x3d,0x7e,0xa9,0x48,0x6c,0x15,0x63,0xb8,0x1c,0xd8,0xa0,0xf2,0x3f,0x92,0x3c,0x1a,0x9f,0xa6,0x12,0xe3, + 0x17,0xb5,0xc7,0xa3,0x11,0xee,0xa9,0xd2,0xab,0x75,0x71,0xf8,0xb9,0xf8,0x48,0xd4,0x70,0x59,0x97,0xcf,0x3e,0xaf,0x9b,0xdc,0xbe,0x0e,0x34,0xa6,0x70,0xf8,0x1f,0x45, + 0x2f,0x0e,0x4e,0xcc,0xbc,0x45,0x18,0xac,0xe5,0x58,0xe0,0x66,0x04,0xf9,0xbf,0xf4,0x78,0x7f,0x5b,0x01,0x94,0x37,0xb5,0x21,0x95,0xec,0xb6,0xb8,0x21,0x91,0xa6,0xae, + 0x74,0x94,0xd8,0x64,0xcb,0x6e,0xa9,0xc5,0xd9,0x82,0xd4,0x0a,0x5f,0x10,0x37,0x00,0xd0,0x2d,0xc9,0x82,0x63,0x77,0x53,0xcf,0xc7,0xd8,0xaf,0xe1,0xbe,0xaf,0xff,0x70, + 0xa9,0x68,0x73,0xee,0xf5,0xd4,0x38,0xb8,0x07,0x85,0x3b,0x67,0x71,0xc6,0xa5,0x19,0x7e,0x6e,0xef,0x21,0xef,0xef,0xca,0x53,0x8b,0x45,0xe9,0xe9,0x81,0xc0,0x32,0xe5, + 0x91,0x24,0x61,0x89,0x13,0xf2,0x0c,0xdf,0xfa,0x64,0x22,0x07,0xf1,0x92,0xe6,0x7e,0xb8,0x0a,0xde,0x53,0xac,0x55,0x35,0x46,0x9a,0xbe,0x90,0x03,0x6d,0x4a,0xf7,0xe2, + 0x9d,0x8b,0x74,0x88,0x8d,0x94,0x28,0x70,0xb2,0x21,0xde,0x7a,0x64,0x20,0x32,0x89,0x2b,0xc9,0x9e,0x34,0xbd,0x85,0x50,0x19,0x5f,0x6f,0x5f,0x09,0x75,0x47,0x33,0x4a, + 0x16,0x98,0x33,0x77,0xc0,0xf1,0xa9,0xc0,0x04,0x49,0x5b,0x3f,0xd9,0x65,0x83,0x63,0x11,0x6e,0xea,0x64,0x47,0x87,0xd0,0x59,0xd1,0x14,0x0f,0xb9,0x07,0x55,0x5d,0x4a, + 0x08,0x1a,0xf4,0x0a,0x81,0xd4,0x8c,0x6b,0x53,0x01,0x40,0xdb,0x93,0x5e,0x60,0x5b,0xf4,0xcc,0x7b,0x10,0x88,0x5f,0x5b,0x14,0x8f,0x95,0xf1,0xbc,0x8a,0xd2,0xe5,0x2d, + 0x7e,0x4b,0x97,0x3e,0x6d,0x4a,0x35,0x7c,0x40,0x02,0x43,0xa6,0x48,0xc8,0xa0,0xa6,0xa3,0x5c,0xf2,0x31,0x75,0x4a,0xfd,0xef,0x31,0x2d,0x2f,0x4b,0x6a,0xbb,0x98,0x8f, + 0x0f,0x02,0x35,0xda,0x2a,0x06,0xc8,0xd4,0x08,0xc2,0x71,0x51,0xf3,0xf1,0x53,0x42,0xed,0x8c,0x19,0x45,0xaa,0xf8,0x4e,0xd1,0x49,0x93,0x78,0x6d,0x6a,0xc5,0xf5,0x70, + 0x56,0x22,0xc2,0xfb,0xe8,0xaf,0x5a,0xd6,0xce,0xf7,0x2a,0x01,0xbe,0x18,0x6e,0x55,0x48,0x47,0x57,0x61,0x06,0xf8,0x97,0x97,0x72,0xfa,0x56,0x11,0x4d,0x11,0x60,0xab, + 0xbb,0x95,0xe0,0xd0,0xfb,0xaa,0xd8,0x6c,0x5b,0xd8,0x7b,0x95,0x94,0x6c,0x77,0xff,0x1d,0x65,0x32,0x2a,0x17,0x5c,0xcf,0x16,0x41,0x91,0x02,0xc0,0xa1,0x7f,0x5a,0x72, + 0x45,0x10,0x68,0x3c,0x7b,0xfa,0x25,0x1f,0x0c,0xb5,0x6b,0xba,0x7e,0x0a,0xb7,0x4d,0x90,0xf5,0xe2,0xca,0x01,0xe9,0x1e,0x7c,0xa9,0x93,0x12,0xcc,0xff,0x2d,0x90,0xb6, + 0x02,0x54,0x85,0x14,0x2c,0xa1,0xce,0xd7,0x52,0x28,0x9f,0x77,0x21,0x30,0xfc,0x10,0xc7,0x5a,0x45,0x08,0xc4,0x6b,0xff,0xde,0xf9,0x29,0x0a,0xd3,0xe7,0xba,0xf9,0xca, + 0x90,0x67,0x93,0x21,0x50,0x72,0x49,0x65,0xaa,0x47,0x9c,0x1e,0xf1,0xbe,0x55,0x54,0x4b,0xed,0x9f,0xa9,0x45,0x00,0xa3,0xb6,0x78,0x87,0xed,0x91,0xae,0x3b,0x81,0xe5, + 0xf8,0x08,0x4a,0x89,0xad,0xcc,0xdc,0x3a,0xef,0x89,0xe5,0x09,0x1a,0x0f,0x07,0xd6,0x16,0x0a,0x66,0xcb,0x95,0x75,0x24,0x11,0x00,0xc1,0xd3,0x9b,0xf0,0x54,0x9a,0xe2, + 0x44,0x62,0x55,0x8c,0x89,0x90,0x21,0x17,0x05,0x1c,0xb2,0xc5,0x99,0xad,0x66,0xf0,0x08,0x87,0xb5,0x4c,0xae,0x3d,0xa9,0xc0,0x4d,0x31,0x7a,0x5b,0x2a,0xfb,0x46,0x3b, + 0x30,0xb4,0x74,0x1a,0x64,0xf8,0x7d,0x28,0xec,0x00,0x29,0xbd,0x19,0x6b,0x5a,0x74,0x55,0x5f,0x2c,0x9a,0x97,0x6a,0x46,0xd6,0x28,0x57,0x24,0x74,0x46,0x6a,0x63,0x1d, + 0x3a,0xfc,0x04,0xac,0x92,0x11,0x7e,0x50,0xb0,0x91,0x3b,0x09,0xdb,0xbb,0x4e,0x6c,0x78,0x0c,0x05,0x15,0x00,0x20,0x1f,0xad,0x51,0x2b,0x79,0x08,0x0b,0xff,0x39,0xe2, + 0x60,0x96,0x37,0x04,0x85,0x86,0xed,0xc6,0x4c,0xf5,0xf2,0x8f,0x1a,0x50,0x57,0x68,0xc6,0x86,0x47,0x11,0x10,0x07,0x0d,0x78,0x3d,0xe4,0x99,0xff,0xe6,0xfe,0x84,0xda, + 0xb1,0xd4,0xf2,0x7a,0x69,0x83,0xc8,0xee,0x41,0x7e,0xf0,0xf5,0x27,0xd8,0x89,0xd4,0xa1,0xae,0x41,0xd3,0x63,0x92,0x44,0x57,0x8c,0x43,0xd6,0x50,0xc2,0x99,0xfc,0xd1, + 0x00,0x07,0xc9,0xa2,0x7a,0xc5,0x06,0x7c,0x9f,0x0a,0xd1,0xa4,0xd1,0xe6,0x21,0x10,0xda,0x13,0x18,0x89,0x3a,0x65,0x87,0x29,0x71,0x3d,0x82,0xe3,0x33,0x85,0x5b,0x82, + 0x8a,0x3b,0x23,0xa9,0x1f,0x0d,0x5d,0xb8,0x07,0x4a,0x6a,0x88,0x68,0x89,0xee,0x3e,0x19,0xaa,0xf0,0x9b,0x66,0xac,0x9a,0xad,0x2e,0x15,0xc8,0xbd,0xba,0x68,0x08,0x5c, + 0xc2,0xaf,0x76,0x3f,0x41,0x4c,0xb2,0xd7,0xfd,0x46,0x25,0x7f,0x03,0x13,0xb5,0x82,0xc0,0x99,0xb5,0xe2,0x3b,0x73,0xe0,0x73,0xb5,0xab,0x7c,0x23,0x0c,0x45,0xc8,0x83, + 0x34,0x00,0x56,0x94,0xe3,0xca,0xc0,0x93,0x32,0xaa,0x42,0x80,0x7e,0x3a,0xfd,0xc3,0xb3,0xb3,0xbc,0x7c,0x7b,0xe8,0x87,0xd1,0xf9,0x8d,0x76,0x77,0x8c,0x55,0xcf,0xd7, + 0x58,0x41,0xac,0xd3,0xcf,0xf2,0xd6,0x28,0x61,0xbb,0xe1,0x10,0x84,0x73,0x80,0x06,0xd6,0x8c,0xcf,0x35,0xac,0xae,0x61,0x5e,0xe9,0x52,0x47,0x26,0xe9,0x3d,0x0d,0xa5, + 0x43,0x48,0xe4,0xcb,0xa3,0x71,0xea,0xd0,0x39,0x82,0x01,0x8a,0xbc,0x9a,0xac,0xec,0xae,0xbf,0xd6,0x36,0xdd,0xa8,0x2e,0x60,0x9f,0xd2,0x98,0x94,0x7f,0x90,0x7d,0xe8, + 0xe5,0x62,0x21,0xc2,0xb0,0xdc,0x33,0xb9,0x8b,0x90,0xdf,0xd3,0x23,0x9a,0x2c,0x0c,0xb1,0xe4,0xad,0x03,0x99,0xa3,0xaa,0xef,0x3f,0x9d,0x47,0xfb,0x10,0x3d,0xae,0xf0, + 0x5b,0x34,0xa2,0x9b,0x1c,0x4d,0xdc,0xb2,0x10,0x11,0x62,0xd3,0x4b,0xed,0x9f,0x07,0x02,0x36,0x1f,0xe5,0xaf,0x50,0x5d,0xf3,0x15,0xef,0xf7,0xbe,0xfd,0x0e,0x47,0x19, + 0xce,0xce,0x52,0x1b,0x8b,0x5a,0x32,0xbb,0xee,0x38,0x93,0x6b,0xa7,0xd6,0x45,0x82,0x4f,0x23,0x8e,0x56,0x17,0x01,0xa3,0x86,0xfb,0x88,0x8e,0x01,0x0d,0xb5,0x4b,0x2f, + 0x82,0x95,0x21,0xb7,0x9d,0x71,0xf5,0x01,0x1e,0x07,0x97,0x56,0xb8,0x51,0xa0,0xd5,0xc8,0x35,0x57,0x86,0x61,0x89,0xa6,0x25,0x8c,0x1e,0x78,0xa1,0x70,0x0c,0x69,0x04, + 0x8c,0x59,0x34,0x79,0x35,0x05,0xa6,0xa1,0xf8,0x4d,0x41,0x28,0x33,0x41,0x68,0x0c,0x49,0x23,0xf1,0xf4,0xd5,0x62,0x98,0x9a,0x11,0xcc,0x62,0x6f,0xea,0x5e,0xda,0x5a, + 0x35,0x6c,0xae,0xe7,0xe7,0xee,0xe0,0x31,0xa1,0x5e,0x54,0xc3,0xa5,0xc4,0xe7,0x2f,0x9c,0x74,0xbb,0x28,0x7c,0xe6,0x01,0x61,0x9e,0xf8,0x5e,0xb9,0x6c,0x28,0x94,0x52, + 0x09,0xc7,0x33,0x7d,0xf6,0xc2,0xb3,0x5e,0xdf,0x3a,0x21,0x38,0x25,0x11,0xcc,0x5a,0xdd,0x1a,0x71,0xa8,0x4c,0xbf,0x8d,0x33,0x96,0xa5,0xbe,0x54,0x8d,0x92,0xfa,0x67, + 0xd1,0x6c,0xae,0xdd,0x25,0x79,0x36,0x66,0xf9,0xe2,0x6f,0x53,0x31,0x38,0x21,0x06,0xf5,0x40,0x95,0xb3,0xd2,0x0d,0x40,0xc7,0x45,0xb6,0x8c,0xa7,0x6c,0x0e,0x69,0x83, + 0xb8,0xae,0x1e,0x21,0xd8,0xb3,0x4c,0xe4,0xca,0xff,0xed,0x71,0x67,0xa2,0x68,0x68,0xec,0x80,0xa7,0xd4,0xa6,0xa9,0x8b,0x63,0x9d,0x4d,0x05,0xcd,0x22,0x65,0x04,0xde, + 0x02,0x77,0x63,0x15,0xfe,0x14,0x7a,0x36,0xa4,0xb0,0x98,0x74,0x92,0xb6,0x50,0x3a,0xcd,0xea,0x60,0xf9,0x26,0x45,0x0e,0x5e,0xdd,0xb9,0xf8,0x8f,0xc8,0x21,0x78,0xd3, + 0x39,0x88,0xc9,0xc7,0x05,0x0a,0x28,0x79,0x49,0x34,0xe5,0xbd,0x67,0x62,0x9b,0x55,0x6d,0x97,0xa4,0x85,0x8d,0x22,0x81,0x28,0x35,0xf4,0xa3,0x7d,0xca,0x35,0x19,0x43, + 0x34,0x00,0x56,0x94,0xe3,0xca,0xc0,0x93,0x32,0xaa,0x42,0x80,0x7e,0x3a,0xfd,0xc3,0xb3,0xb3,0xbc,0x7c,0x7b,0xe8,0x87,0xd1,0xf9,0x8d,0x76,0x77,0x8c,0x55,0xcf,0xd7, + 0x4b,0x52,0x25,0x7d,0x8b,0x3b,0xa3,0x87,0x79,0x7f,0xdf,0x7a,0x75,0x2f,0x19,0x5d,0xdc,0x4f,0x7d,0x76,0x26,0x3d,0xe6,0x1d,0x0d,0x52,0xa5,0xec,0x14,0xa3,0x6c,0xbf, + 0x38,0x0c,0x53,0xe0,0xa5,0x09,0xeb,0xb3,0xb6,0x33,0x46,0x59,0x81,0x05,0x21,0x9b,0x43,0xd5,0x1a,0xe1,0x96,0xb4,0x55,0x7d,0x59,0xbb,0xd6,0x78,0x24,0x03,0x2d,0xff, + 0x38,0x0c,0x53,0xe0,0xa5,0x09,0xeb,0xb3,0xb6,0x33,0x46,0x59,0x81,0x05,0x21,0x9b,0x43,0xd5,0x1a,0xe1,0x96,0xb4,0x55,0x7d,0x59,0xbb,0xd6,0x78,0x24,0x03,0x2d,0xff, + 0x38,0x0c,0x53,0xe0,0xa5,0x09,0xeb,0xb3,0xb6,0x33,0x46,0x59,0x81,0x05,0x21,0x9b,0x43,0xd5,0x1a,0xe1,0x96,0xb4,0x55,0x7d,0x59,0xbb,0xd6,0x78,0x24,0x03,0x2d,0xff, + 0x38,0x0c,0x53,0xe0,0xa5,0x09,0xeb,0xb3,0xb6,0x33,0x46,0x59,0x81,0x05,0x21,0x9b,0x43,0xd5,0x1a,0xe1,0x96,0xb4,0x55,0x7d,0x59,0xbb,0xd6,0x78,0x24,0x03,0x2d,0xff, + 0x38,0x0c,0x53,0xe0,0xa5,0x09,0xeb,0xb3,0xb6,0x33,0x46,0x59,0x81,0x05,0x21,0x9b,0x43,0xd5,0x1a,0xe1,0x96,0xb4,0x55,0x7d,0x59,0xbb,0xd6,0x78,0x24,0x03,0x2d,0xff, + 0x38,0x0c,0x53,0xe0,0xa5,0x09,0xeb,0xb3,0xb6,0x33,0x46,0x59,0x81,0x05,0x21,0x9b,0x43,0xd5,0x1a,0xe1,0x96,0xb4,0x55,0x7d,0x59,0xbb,0xd6,0x78,0x24,0x03,0x2d,0xff}; + +static const wycheproof_ecdh_testvector testvectors[SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS] = { + /* tcId: 1. normal case */ + {0, 65, 0, 32, 0, 32, 1, 1 }, + /* tcId: 2. compressed public key */ + {65, 33, 0, 32, 32, 32, 1, 2 }, + /* tcId: 3. shared secret has x-coordinate that satisfies x**2 + a = 1 */ + {98, 65, 32, 32, 64, 32, 1, 3 }, + /* tcId: 4. shared secret has x-coordinate that satisfies x**2 + a = 4 */ + {163, 65, 32, 32, 96, 32, 1, 4 }, + /* tcId: 5. shared secret has x-coordinate that satisfies x**2 + a = 9 */ + {228, 65, 32, 32, 128, 32, 1, 5 }, + /* tcId: 6. shared secret has x-coordinate p-3 */ + {293, 65, 32, 32, 160, 32, 1, 6 }, + /* tcId: 7. shared secret has x-coordinate 2**16 + 0 */ + {358, 65, 32, 32, 192, 32, 1, 7 }, + /* tcId: 8. shared secret has x-coordinate 2**32 + 7 */ + {423, 65, 32, 32, 224, 32, 1, 8 }, + /* tcId: 9. shared secret has x-coordinate 2**64 + 1 */ + {488, 65, 32, 32, 256, 32, 1, 9 }, + /* tcId: 10. shared secret has x-coordinate 2**96 + 1 */ + {553, 65, 32, 32, 288, 32, 1, 10 }, + /* tcId: 11. shared secret has x-coordinate that satisfies x**2 + a = -6 */ + {618, 65, 32, 32, 320, 32, 1, 11 }, + /* tcId: 12. shared secret has x-coordinate that satisfies x**2 + a = 2 */ + {683, 65, 32, 32, 352, 32, 1, 12 }, + /* tcId: 13. shared secret has x-coordinate that satisfies x**2 + a = 8 */ + {748, 65, 32, 32, 384, 32, 1, 13 }, + /* tcId: 14. shared secret has x-coordinate that satisfies x**2 = 2**96 + 2 */ + {813, 65, 32, 32, 416, 32, 1, 14 }, + /* tcId: 15. shared secret has x-coordinate with repeating bit-pattern of size 2 */ + {878, 65, 32, 32, 448, 32, 1, 15 }, + /* tcId: 16. shared secret has x-coordinate with repeating bit-pattern of size 2 */ + {943, 65, 32, 32, 480, 32, 1, 16 }, + /* tcId: 17. shared secret has x-coordinate with repeating bit-pattern of size 4 */ + {1008, 65, 32, 32, 512, 32, 1, 17 }, + /* tcId: 18. shared secret has x-coordinate with repeating bit-pattern of size 4 */ + {1073, 65, 32, 32, 544, 32, 1, 18 }, + /* tcId: 19. shared secret has x-coordinate with repeating bit-pattern of size 8 */ + {1138, 65, 32, 32, 576, 32, 1, 19 }, + /* tcId: 20. shared secret has x-coordinate with repeating bit-pattern of size 8 */ + {1203, 65, 32, 32, 608, 32, 1, 20 }, + /* tcId: 21. shared secret has x-coordinate with repeating bit-pattern of size 16 */ + {1268, 65, 32, 32, 640, 32, 1, 21 }, + /* tcId: 22. shared secret has x-coordinate with repeating bit-pattern of size 16 */ + {1333, 65, 32, 32, 672, 32, 1, 22 }, + /* tcId: 23. shared secret has x-coordinate with repeating bit-pattern of size 30 */ + {1398, 65, 32, 32, 704, 32, 1, 23 }, + /* tcId: 24. shared secret has x-coordinate with repeating bit-pattern of size 30 */ + {1463, 65, 32, 32, 736, 32, 1, 24 }, + /* tcId: 25. shared secret has x-coordinate with repeating bit-pattern of size 32 */ + {1528, 65, 32, 32, 768, 32, 1, 25 }, + /* tcId: 26. shared secret has x-coordinate with repeating bit-pattern of size 32 */ + {1593, 65, 32, 32, 800, 32, 1, 26 }, + /* tcId: 27. shared secret has x-coordinate with repeating bit-pattern of size 51 */ + {1658, 65, 32, 32, 832, 32, 1, 27 }, + /* tcId: 28. shared secret has x-coordinate with repeating bit-pattern of size 51 */ + {1723, 65, 32, 32, 864, 32, 1, 28 }, + /* tcId: 29. shared secret has x-coordinate with repeating bit-pattern of size 52 */ + {1788, 65, 32, 32, 896, 32, 1, 29 }, + /* tcId: 30. shared secret has x-coordinate with repeating bit-pattern of size 52 */ + {1853, 65, 32, 32, 928, 32, 1, 30 }, + /* tcId: 31. shared secret has x-coordinate with repeating bit-pattern of size 60 */ + {1918, 65, 32, 32, 960, 32, 1, 31 }, + /* tcId: 32. shared secret has x-coordinate with repeating bit-pattern of size 60 */ + {1983, 65, 32, 32, 992, 32, 1, 32 }, + /* tcId: 33. shared secret has x-coordinate with repeating bit-pattern of size 62 */ + {2048, 65, 32, 32, 1024, 32, 1, 33 }, + /* tcId: 34. shared secret has x-coordinate with repeating bit-pattern of size 62 */ + {2113, 65, 32, 32, 1056, 32, 1, 34 }, + /* tcId: 35. shared secret has x-coordinate with repeating bit-pattern of size 64 */ + {2178, 65, 32, 32, 1088, 32, 1, 35 }, + /* tcId: 36. shared secret has x-coordinate with repeating bit-pattern of size 64 */ + {2243, 65, 32, 32, 1120, 32, 1, 36 }, + /* tcId: 37. shared secret has x-coordinate with repeating bit-pattern of size 112 */ + {2308, 65, 32, 32, 1152, 32, 1, 37 }, + /* tcId: 38. shared secret has x-coordinate with repeating bit-pattern of size 112 */ + {2373, 65, 32, 32, 1184, 32, 1, 38 }, + /* tcId: 39. shared secret has x-coordinate with repeating bit-pattern of size 128 */ + {2438, 65, 32, 32, 1216, 32, 1, 39 }, + /* tcId: 40. shared secret has x-coordinate with repeating bit-pattern of size 128 */ + {2503, 65, 32, 32, 1248, 32, 1, 40 }, + /* tcId: 41. shared secret has an x-coordinate of approx p//3 */ + {2568, 65, 32, 32, 1280, 32, 1, 41 }, + /* tcId: 42. shared secret has an x-coordinate of approx p//5 */ + {2633, 65, 32, 32, 1312, 32, 1, 42 }, + /* tcId: 43. shared secret has an x-coordinate of approx p//7 */ + {2698, 65, 32, 32, 1344, 32, 1, 43 }, + /* tcId: 44. shared secret has an x-coordinate of approx p//9 */ + {2763, 65, 32, 32, 1376, 32, 1, 44 }, + /* tcId: 45. y-coordinate of the public key has many trailing 1's */ + {2828, 65, 32, 32, 1408, 32, 1, 45 }, + /* tcId: 46. y-coordinate of the public key has many trailing 1's */ + {2893, 65, 64, 32, 1440, 32, 1, 46 }, + /* tcId: 47. y-coordinate of the public key is small */ + {2958, 65, 32, 32, 1472, 32, 1, 47 }, + /* tcId: 48. y-coordinate of the public key is small */ + {3023, 65, 32, 32, 1504, 32, 1, 48 }, + /* tcId: 49. y-coordinate of the public key is small */ + {3088, 65, 64, 32, 1536, 32, 1, 49 }, + /* tcId: 50. y-coordinate of the public key is small */ + {3153, 65, 64, 32, 1568, 32, 1, 50 }, + /* tcId: 51. y-coordinate of the public key is large */ + {3218, 65, 32, 32, 1600, 32, 1, 51 }, + /* tcId: 52. y-coordinate of the public key is large */ + {3283, 65, 32, 32, 1632, 32, 1, 52 }, + /* tcId: 53. y-coordinate of the public key is large */ + {3348, 65, 64, 32, 1664, 32, 1, 53 }, + /* tcId: 54. y-coordinate of the public key is large */ + {3413, 65, 64, 32, 1696, 32, 1, 54 }, + /* tcId: 55. y-coordinate of the public key has many trailing 0's */ + {3478, 65, 32, 32, 1728, 32, 1, 55 }, + /* tcId: 56. y-coordinate of the public key has many trailing 0's */ + {3543, 65, 64, 32, 1760, 32, 1, 56 }, + /* tcId: 57. ephemeral key has x-coordinate that satisfies x**2 + a = 1 */ + {3608, 65, 64, 32, 1792, 32, 1, 57 }, + /* tcId: 58. ephemeral key has x-coordinate that satisfies x**2 + a = 4 */ + {3673, 65, 64, 32, 1824, 32, 1, 58 }, + /* tcId: 59. ephemeral key has x-coordinate that satisfies x**2 + a = 9 */ + {3738, 65, 64, 32, 1856, 32, 1, 59 }, + /* tcId: 60. ephemeral key has x-coordinate p-3 */ + {3803, 65, 64, 32, 1888, 32, 1, 60 }, + /* tcId: 61. ephemeral key has x-coordinate 2**16 + 0 */ + {3868, 65, 64, 32, 1920, 32, 1, 61 }, + /* tcId: 62. ephemeral key has x-coordinate 2**32 + 7 */ + {3933, 65, 64, 32, 1952, 32, 1, 62 }, + /* tcId: 63. ephemeral key has x-coordinate 2**64 + 1 */ + {3998, 65, 64, 32, 1984, 32, 1, 63 }, + /* tcId: 64. ephemeral key has x-coordinate 2**96 + 1 */ + {4063, 65, 64, 32, 2016, 32, 1, 64 }, + /* tcId: 65. ephemeral key has x-coordinate that satisfies x**2 + a = -6 */ + {4128, 65, 64, 32, 2048, 32, 1, 65 }, + /* tcId: 66. ephemeral key has x-coordinate that satisfies x**2 + a = 2 */ + {4193, 65, 64, 32, 2080, 32, 1, 66 }, + /* tcId: 67. ephemeral key has x-coordinate that satisfies x**2 + a = 8 */ + {4258, 65, 64, 32, 2112, 32, 1, 67 }, + /* tcId: 68. ephemeral key has x-coordinate that satisfies x**2 = 2**96 + 2 */ + {4323, 65, 64, 32, 2144, 32, 1, 68 }, + /* tcId: 69. ephemeral key has x-coordinate with repeating bit-pattern of size 2 */ + {4388, 65, 64, 32, 2176, 32, 1, 69 }, + /* tcId: 70. ephemeral key has x-coordinate with repeating bit-pattern of size 2 */ + {4453, 65, 64, 32, 2208, 32, 1, 70 }, + /* tcId: 71. ephemeral key has x-coordinate with repeating bit-pattern of size 4 */ + {4518, 65, 64, 32, 2240, 32, 1, 71 }, + /* tcId: 72. ephemeral key has x-coordinate with repeating bit-pattern of size 4 */ + {4583, 65, 64, 32, 2272, 32, 1, 72 }, + /* tcId: 73. ephemeral key has x-coordinate with repeating bit-pattern of size 8 */ + {4648, 65, 64, 32, 2304, 32, 1, 73 }, + /* tcId: 74. ephemeral key has x-coordinate with repeating bit-pattern of size 8 */ + {4713, 65, 64, 32, 2336, 32, 1, 74 }, + /* tcId: 75. ephemeral key has x-coordinate with repeating bit-pattern of size 16 */ + {4778, 65, 64, 32, 2368, 32, 1, 75 }, + /* tcId: 76. ephemeral key has x-coordinate with repeating bit-pattern of size 16 */ + {4843, 65, 64, 32, 2400, 32, 1, 76 }, + /* tcId: 77. ephemeral key has x-coordinate with repeating bit-pattern of size 30 */ + {4908, 65, 64, 32, 2432, 32, 1, 77 }, + /* tcId: 78. ephemeral key has x-coordinate with repeating bit-pattern of size 30 */ + {4973, 65, 64, 32, 2464, 32, 1, 78 }, + /* tcId: 79. ephemeral key has x-coordinate with repeating bit-pattern of size 32 */ + {5038, 65, 64, 32, 2496, 32, 1, 79 }, + /* tcId: 80. ephemeral key has x-coordinate with repeating bit-pattern of size 32 */ + {5103, 65, 64, 32, 2528, 32, 1, 80 }, + /* tcId: 81. ephemeral key has x-coordinate with repeating bit-pattern of size 51 */ + {5168, 65, 64, 32, 2560, 32, 1, 81 }, + /* tcId: 82. ephemeral key has x-coordinate with repeating bit-pattern of size 51 */ + {5233, 65, 64, 32, 2592, 32, 1, 82 }, + /* tcId: 83. ephemeral key has x-coordinate with repeating bit-pattern of size 52 */ + {5298, 65, 64, 32, 2624, 32, 1, 83 }, + /* tcId: 84. ephemeral key has x-coordinate with repeating bit-pattern of size 52 */ + {5363, 65, 64, 32, 2656, 32, 1, 84 }, + /* tcId: 85. ephemeral key has x-coordinate with repeating bit-pattern of size 60 */ + {5428, 65, 64, 32, 2688, 32, 1, 85 }, + /* tcId: 86. ephemeral key has x-coordinate with repeating bit-pattern of size 60 */ + {5493, 65, 64, 32, 2720, 32, 1, 86 }, + /* tcId: 87. ephemeral key has x-coordinate with repeating bit-pattern of size 62 */ + {5558, 65, 64, 32, 2752, 32, 1, 87 }, + /* tcId: 88. ephemeral key has x-coordinate with repeating bit-pattern of size 62 */ + {5623, 65, 64, 32, 2784, 32, 1, 88 }, + /* tcId: 89. ephemeral key has x-coordinate with repeating bit-pattern of size 64 */ + {5688, 65, 64, 32, 2816, 32, 1, 89 }, + /* tcId: 90. ephemeral key has x-coordinate with repeating bit-pattern of size 64 */ + {5753, 65, 64, 32, 2848, 32, 1, 90 }, + /* tcId: 91. ephemeral key has x-coordinate with repeating bit-pattern of size 112 */ + {5818, 65, 64, 32, 2880, 32, 1, 91 }, + /* tcId: 92. ephemeral key has x-coordinate with repeating bit-pattern of size 112 */ + {5883, 65, 64, 32, 2912, 32, 1, 92 }, + /* tcId: 93. ephemeral key has x-coordinate with repeating bit-pattern of size 128 */ + {5948, 65, 64, 32, 2944, 32, 1, 93 }, + /* tcId: 94. ephemeral key has x-coordinate with repeating bit-pattern of size 128 */ + {6013, 65, 64, 32, 2976, 32, 1, 94 }, + /* tcId: 95. ephemeral key has an x-coordinate of approx p//3 */ + {6078, 65, 64, 32, 3008, 32, 1, 95 }, + /* tcId: 96. ephemeral key has an x-coordinate of approx p//5 */ + {6143, 65, 64, 32, 3040, 32, 1, 96 }, + /* tcId: 97. ephemeral key has an x-coordinate of approx p//7 */ + {6208, 65, 64, 32, 3072, 32, 1, 97 }, + /* tcId: 98. ephemeral key has an x-coordinate of approx p//9 */ + {6273, 65, 64, 32, 3104, 32, 1, 98 }, + /* tcId: 99. edge case for Jacobian and projective coordinates */ + {6338, 65, 96, 32, 3136, 32, 1, 99 }, + /* tcId: 100. edge case for Jacobian and projective coordinates */ + {6403, 65, 96, 32, 3168, 32, 1, 100 }, + /* tcId: 101. edge case for Jacobian and projective coordinates */ + {6468, 65, 96, 32, 3200, 32, 1, 101 }, + /* tcId: 102. edge case for Jacobian and projective coordinates */ + {6533, 65, 128, 32, 3232, 32, 1, 102 }, + /* tcId: 103. edge case for Jacobian and projective coordinates */ + {6598, 65, 128, 32, 3264, 32, 1, 103 }, + /* tcId: 104. edge case for Jacobian and projective coordinates */ + {6663, 65, 128, 32, 3296, 32, 1, 104 }, + /* tcId: 105. edge case for Jacobian and projective coordinates in left to right addition chain */ + {6728, 65, 96, 32, 3328, 32, 1, 105 }, + /* tcId: 106. edge case for Jacobian and projective coordinates in left to right addition chain */ + {6793, 65, 96, 32, 3360, 32, 1, 106 }, + /* tcId: 107. edge case for Jacobian and projective coordinates in left to right addition chain */ + {6858, 65, 96, 32, 3392, 32, 1, 107 }, + /* tcId: 108. edge case for Jacobian and projective coordinates in left to right addition chain */ + {6923, 65, 96, 32, 3424, 32, 1, 108 }, + /* tcId: 109. edge case for Jacobian and projective coordinates in left to right addition chain */ + {6988, 65, 96, 32, 3456, 32, 1, 109 }, + /* tcId: 110. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7053, 65, 96, 32, 3488, 32, 1, 110 }, + /* tcId: 111. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7118, 65, 96, 32, 3520, 32, 1, 111 }, + /* tcId: 112. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7183, 65, 96, 32, 3552, 32, 1, 112 }, + /* tcId: 113. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7248, 65, 96, 32, 3584, 32, 1, 113 }, + /* tcId: 114. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7313, 65, 96, 32, 3616, 32, 1, 114 }, + /* tcId: 115. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7378, 65, 96, 32, 3648, 32, 1, 115 }, + /* tcId: 116. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7443, 65, 96, 32, 3680, 32, 1, 116 }, + /* tcId: 117. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7508, 65, 96, 32, 3712, 32, 1, 117 }, + /* tcId: 118. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7573, 65, 96, 32, 3744, 32, 1, 118 }, + /* tcId: 119. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7638, 65, 96, 32, 3776, 32, 1, 119 }, + /* tcId: 120. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7703, 65, 96, 32, 3808, 32, 1, 120 }, + /* tcId: 121. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7768, 65, 128, 32, 3840, 32, 1, 121 }, + /* tcId: 122. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7833, 65, 128, 32, 3872, 32, 1, 122 }, + /* tcId: 123. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7898, 65, 128, 32, 3904, 32, 1, 123 }, + /* tcId: 124. edge case for Jacobian and projective coordinates in left to right addition chain */ + {7963, 65, 128, 32, 3936, 32, 1, 124 }, + /* tcId: 125. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8028, 65, 128, 32, 3968, 32, 1, 125 }, + /* tcId: 126. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8093, 65, 128, 32, 4000, 32, 1, 126 }, + /* tcId: 127. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8158, 65, 128, 32, 4032, 32, 1, 127 }, + /* tcId: 128. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8223, 65, 128, 32, 4064, 32, 1, 128 }, + /* tcId: 129. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8288, 65, 128, 32, 4096, 32, 1, 129 }, + /* tcId: 130. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8353, 65, 128, 32, 4128, 32, 1, 130 }, + /* tcId: 131. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8418, 65, 128, 32, 4160, 32, 1, 131 }, + /* tcId: 132. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8483, 65, 128, 32, 4192, 32, 1, 132 }, + /* tcId: 133. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8548, 65, 128, 32, 4224, 32, 1, 133 }, + /* tcId: 134. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8613, 65, 128, 32, 4256, 32, 1, 134 }, + /* tcId: 135. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8678, 65, 128, 32, 4288, 32, 1, 135 }, + /* tcId: 136. edge case for Jacobian and projective coordinates in left to right addition chain */ + {8743, 65, 128, 32, 4320, 32, 1, 136 }, + /* tcId: 137. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {8808, 65, 128, 32, 4352, 32, 1, 137 }, + /* tcId: 138. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {8873, 65, 128, 32, 4384, 32, 1, 138 }, + /* tcId: 139. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {8938, 65, 128, 32, 4416, 32, 1, 139 }, + /* tcId: 140. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9003, 65, 128, 32, 4448, 32, 1, 140 }, + /* tcId: 141. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9068, 65, 128, 32, 4480, 32, 1, 141 }, + /* tcId: 142. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9133, 65, 128, 32, 4512, 32, 1, 142 }, + /* tcId: 143. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9198, 65, 128, 32, 4544, 32, 1, 143 }, + /* tcId: 144. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9263, 65, 128, 32, 4576, 32, 1, 144 }, + /* tcId: 145. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9328, 65, 128, 32, 4608, 32, 1, 145 }, + /* tcId: 146. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9393, 65, 128, 32, 4640, 32, 1, 146 }, + /* tcId: 147. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9458, 65, 128, 32, 4672, 32, 1, 147 }, + /* tcId: 148. edge case for Jacobian and projective coordinates in precomputation or right to left addition chain */ + {9523, 65, 128, 32, 4704, 32, 1, 148 }, + /* tcId: 149. edge case for Jacobian and projective coordinates in right to left addition chain */ + {9588, 65, 128, 32, 4736, 32, 1, 149 }, + /* tcId: 150. edge case for Jacobian and projective coordinates in right to left addition chain */ + {9653, 65, 128, 32, 4768, 32, 1, 150 }, + /* tcId: 151. edge case for Jacobian and projective coordinates in right to left addition chain */ + {9718, 65, 128, 32, 4800, 32, 1, 151 }, + /* tcId: 152. edge case for Jacobian and projective coordinates in right to left addition chain */ + {9783, 65, 128, 32, 4832, 32, 1, 152 }, + /* tcId: 153. edge case for Jacobian and projective coordinates in right to left addition chain */ + {9848, 65, 128, 32, 4864, 32, 1, 153 }, + /* tcId: 154. edge case for Jacobian and projective coordinates in right to left addition chain */ + {9913, 65, 128, 32, 4896, 32, 1, 154 }, + /* tcId: 155. edge case for Jacobian and projective coordinates in right to left addition chain */ + {9978, 65, 128, 32, 4928, 32, 1, 155 }, + /* tcId: 156. edge case for Jacobian and projective coordinates in right to left addition chain */ + {10043, 65, 128, 32, 4960, 32, 1, 156 }, + /* tcId: 157. edge case for Jacobian and projective coordinates in right to left addition chain */ + {10108, 65, 128, 32, 4992, 32, 1, 157 }, + /* tcId: 158. edge case for Jacobian and projective coordinates in right to left addition chain */ + {10173, 65, 128, 32, 5024, 32, 1, 158 }, + /* tcId: 159. edge case for computation of x with projective coordinates */ + {10238, 65, 128, 32, 5056, 32, 1, 159 }, + /* tcId: 160. edge case for computation of x with projective coordinates */ + {10303, 65, 128, 32, 5088, 32, 1, 160 }, + /* tcId: 161. edge case for computation of x with projective coordinates */ + {10368, 65, 128, 32, 5120, 32, 1, 161 }, + /* tcId: 162. edge case for computation of x with projective coordinates */ + {10433, 65, 128, 32, 5152, 32, 1, 162 }, + /* tcId: 163. edge case for computation of x with projective coordinates */ + {10498, 65, 128, 32, 5184, 32, 1, 163 }, + /* tcId: 164. edge case for computation of x with projective coordinates */ + {10563, 65, 128, 32, 5216, 32, 1, 164 }, + /* tcId: 165. edge case for computation of x with projective coordinates */ + {10628, 65, 128, 32, 5248, 32, 1, 165 }, + /* tcId: 166. edge case for computation of x with projective coordinates */ + {10693, 65, 128, 32, 5280, 32, 1, 166 }, + /* tcId: 167. edge case for computation of x with projective coordinates */ + {10758, 65, 128, 32, 5312, 32, 1, 167 }, + /* tcId: 168. edge case for computation of x with projective coordinates in left to right addition chain */ + {10823, 65, 128, 32, 5344, 32, 1, 168 }, + /* tcId: 169. edge case for computation of x with projective coordinates in left to right addition chain */ + {10888, 65, 128, 32, 5376, 32, 1, 169 }, + /* tcId: 170. edge case for computation of x with projective coordinates in left to right addition chain */ + {10953, 65, 128, 32, 5408, 32, 1, 170 }, + /* tcId: 171. edge case for computation of x with projective coordinates in left to right addition chain */ + {11018, 65, 128, 32, 5440, 32, 1, 171 }, + /* tcId: 172. edge case for computation of x with projective coordinates in left to right addition chain */ + {11083, 65, 128, 32, 5472, 32, 1, 172 }, + /* tcId: 173. edge case for computation of x with projective coordinates in left to right addition chain */ + {11148, 65, 128, 32, 5504, 32, 1, 173 }, + /* tcId: 174. edge case for computation of x with projective coordinates in left to right addition chain */ + {11213, 65, 128, 32, 5536, 32, 1, 174 }, + /* tcId: 175. edge case for computation of x with projective coordinates in left to right addition chain */ + {11278, 65, 128, 32, 5568, 32, 1, 175 }, + /* tcId: 176. edge case for computation of x with projective coordinates in left to right addition chain */ + {11343, 65, 128, 32, 5600, 32, 1, 176 }, + /* tcId: 177. edge case for computation of x with projective coordinates in left to right addition chain */ + {11408, 65, 128, 32, 5632, 32, 1, 177 }, + /* tcId: 178. edge case for computation of x with projective coordinates in left to right addition chain */ + {11473, 65, 128, 32, 5664, 32, 1, 178 }, + /* tcId: 179. edge case for computation of x with projective coordinates in left to right addition chain */ + {11538, 65, 128, 32, 5696, 32, 1, 179 }, + /* tcId: 180. edge case for computation of x with projective coordinates in left to right addition chain */ + {11603, 65, 128, 32, 5728, 32, 1, 180 }, + /* tcId: 181. edge case for computation of x with projective coordinates in left to right addition chain */ + {11668, 65, 128, 32, 5760, 32, 1, 181 }, + /* tcId: 182. edge case for computation of x with projective coordinates in left to right addition chain */ + {11733, 65, 128, 32, 5792, 32, 1, 182 }, + /* tcId: 183. edge case for computation of x with projective coordinates in left to right addition chain */ + {11798, 65, 128, 32, 5824, 32, 1, 183 }, + /* tcId: 184. edge case for computation of x with projective coordinates in left to right addition chain */ + {11863, 65, 128, 32, 5856, 32, 1, 184 }, + /* tcId: 185. edge case for computation of x with projective coordinates in left to right addition chain */ + {11928, 65, 128, 32, 5888, 32, 1, 185 }, + /* tcId: 186. edge case for computation of x with projective coordinates in left to right addition chain */ + {11993, 65, 128, 32, 5920, 32, 1, 186 }, + /* tcId: 187. edge case for computation of x with projective coordinates in left to right addition chain */ + {12058, 65, 128, 32, 5952, 32, 1, 187 }, + /* tcId: 188. edge case for computation of x with projective coordinates in left to right addition chain */ + {12123, 65, 128, 32, 5984, 32, 1, 188 }, + /* tcId: 189. edge case for computation of x with projective coordinates in left to right addition chain */ + {12188, 65, 128, 32, 6016, 32, 1, 189 }, + /* tcId: 190. edge case for computation of x with projective coordinates in left to right addition chain */ + {12253, 65, 128, 32, 6048, 32, 1, 190 }, + /* tcId: 191. edge case for computation of x with projective coordinates in left to right addition chain */ + {12318, 65, 128, 32, 6080, 32, 1, 191 }, + /* tcId: 192. edge case for computation of x with projective coordinates in left to right addition chain */ + {12383, 65, 128, 32, 6112, 32, 1, 192 }, + /* tcId: 193. edge case for computation of x with projective coordinates in left to right addition chain */ + {12448, 65, 128, 32, 6144, 32, 1, 193 }, + /* tcId: 194. edge case for computation of x with projective coordinates in left to right addition chain */ + {12513, 65, 128, 32, 6176, 32, 1, 194 }, + /* tcId: 195. edge case for computation of x with projective coordinates in left to right addition chain */ + {12578, 65, 128, 32, 6208, 32, 1, 195 }, + /* tcId: 196. edge case for computation of x with projective coordinates in left to right addition chain */ + {12643, 65, 128, 32, 6240, 32, 1, 196 }, + /* tcId: 197. edge case for computation of x with projective coordinates in left to right addition chain */ + {12708, 65, 128, 32, 6272, 32, 1, 197 }, + /* tcId: 198. edge case for computation of x with projective coordinates in left to right addition chain */ + {12773, 65, 128, 32, 6304, 32, 1, 198 }, + /* tcId: 199. edge case for computation of x with projective coordinates in left to right addition chain */ + {12838, 65, 128, 32, 6336, 32, 1, 199 }, + /* tcId: 200. edge case for computation of x with projective coordinates in left to right addition chain */ + {12903, 65, 128, 32, 6368, 32, 1, 200 }, + /* tcId: 201. edge case for computation of x with projective coordinates in left to right addition chain */ + {12968, 65, 128, 32, 6400, 32, 1, 201 }, + /* tcId: 202. edge case for computation of x with projective coordinates in left to right addition chain */ + {13033, 65, 128, 32, 6432, 32, 1, 202 }, + /* tcId: 203. edge case for computation of x with projective coordinates in left to right addition chain */ + {13098, 65, 128, 32, 6464, 32, 1, 203 }, + /* tcId: 204. edge case for computation of x with projective coordinates in left to right addition chain */ + {13163, 65, 128, 32, 6496, 32, 1, 204 }, + /* tcId: 205. edge case for computation of x with projective coordinates in left to right addition chain */ + {13228, 65, 128, 32, 6528, 32, 1, 205 }, + /* tcId: 206. edge case for computation of x with projective coordinates in left to right addition chain */ + {13293, 65, 128, 32, 6560, 32, 1, 206 }, + /* tcId: 207. edge case for computation of x with projective coordinates in left to right addition chain */ + {13358, 65, 128, 32, 6592, 32, 1, 207 }, + /* tcId: 208. edge case for computation of x with projective coordinates in left to right addition chain */ + {13423, 65, 128, 32, 6624, 32, 1, 208 }, + /* tcId: 209. edge case for computation of x with projective coordinates in left to right addition chain */ + {13488, 65, 128, 32, 6656, 32, 1, 209 }, + /* tcId: 210. edge case for computation of x with projective coordinates in left to right addition chain */ + {13553, 65, 128, 32, 6688, 32, 1, 210 }, + /* tcId: 211. edge case for computation of x with projective coordinates in left to right addition chain */ + {13618, 65, 128, 32, 6720, 32, 1, 211 }, + /* tcId: 212. edge case for computation of x with projective coordinates in left to right addition chain */ + {13683, 65, 128, 32, 6752, 32, 1, 212 }, + /* tcId: 213. edge case for computation of x with projective coordinates in left to right addition chain */ + {13748, 65, 128, 32, 6784, 32, 1, 213 }, + /* tcId: 214. edge case for computation of x with projective coordinates in left to right addition chain */ + {13813, 65, 128, 32, 6816, 32, 1, 214 }, + /* tcId: 215. edge case for computation of x with projective coordinates in left to right addition chain */ + {13878, 65, 128, 32, 6848, 32, 1, 215 }, + /* tcId: 216. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {13943, 65, 128, 32, 6880, 32, 1, 216 }, + /* tcId: 217. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14008, 65, 128, 32, 6912, 32, 1, 217 }, + /* tcId: 218. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14073, 65, 128, 32, 6944, 32, 1, 218 }, + /* tcId: 219. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14138, 65, 128, 32, 6976, 32, 1, 219 }, + /* tcId: 220. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14203, 65, 128, 32, 7008, 32, 1, 220 }, + /* tcId: 221. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14268, 65, 128, 32, 7040, 32, 1, 221 }, + /* tcId: 222. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14333, 65, 128, 32, 7072, 32, 1, 222 }, + /* tcId: 223. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14398, 65, 128, 32, 7104, 32, 1, 223 }, + /* tcId: 224. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14463, 65, 128, 32, 7136, 32, 1, 224 }, + /* tcId: 225. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14528, 65, 128, 32, 7168, 32, 1, 225 }, + /* tcId: 226. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14593, 65, 128, 32, 7200, 32, 1, 226 }, + /* tcId: 227. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14658, 65, 128, 32, 7232, 32, 1, 227 }, + /* tcId: 228. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14723, 65, 128, 32, 7264, 32, 1, 228 }, + /* tcId: 229. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14788, 65, 128, 32, 7296, 32, 1, 229 }, + /* tcId: 230. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14853, 65, 128, 32, 7328, 32, 1, 230 }, + /* tcId: 231. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14918, 65, 128, 32, 7360, 32, 1, 231 }, + /* tcId: 232. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {14983, 65, 128, 32, 7392, 32, 1, 232 }, + /* tcId: 233. edge case for computation of x with projective coordinates in precomputation or right to left addition chain */ + {15048, 65, 128, 32, 7424, 32, 1, 233 }, + /* tcId: 234. edge case for computation of x with projective coordinates in right to left addition chain */ + {15113, 65, 128, 32, 7456, 32, 1, 234 }, + /* tcId: 235. edge case for computation of x with projective coordinates in right to left addition chain */ + {15178, 65, 128, 32, 7488, 32, 1, 235 }, + /* tcId: 236. edge case for computation of x with projective coordinates in right to left addition chain */ + {15243, 65, 128, 32, 7520, 32, 1, 236 }, + /* tcId: 237. edge case for computation of x with projective coordinates in right to left addition chain */ + {15308, 65, 128, 32, 7552, 32, 1, 237 }, + /* tcId: 238. edge case for computation of x with projective coordinates in right to left addition chain */ + {15373, 65, 128, 32, 7584, 32, 1, 238 }, + /* tcId: 239. edge case for computation of x with projective coordinates in right to left addition chain */ + {15438, 65, 128, 32, 7616, 32, 1, 239 }, + /* tcId: 240. edge case for computation of x with projective coordinates in right to left addition chain */ + {15503, 65, 128, 32, 7648, 32, 1, 240 }, + /* tcId: 241. edge case for computation of x with projective coordinates in right to left addition chain */ + {15568, 65, 128, 32, 7680, 32, 1, 241 }, + /* tcId: 242. edge case for computation of x with projective coordinates in right to left addition chain */ + {15633, 65, 128, 32, 7712, 32, 1, 242 }, + /* tcId: 243. edge case for computation of x with projective coordinates in right to left addition chain */ + {15698, 65, 128, 32, 7744, 32, 1, 243 }, + /* tcId: 244. edge case for computation of x with projective coordinates in right to left addition chain */ + {15763, 65, 128, 32, 7776, 32, 1, 244 }, + /* tcId: 245. edge case for computation of x with projective coordinates in right to left addition chain */ + {15828, 65, 128, 32, 7808, 32, 1, 245 }, + /* tcId: 246. edge case for computation of x with projective coordinates in right to left addition chain */ + {15893, 65, 128, 32, 7840, 32, 1, 246 }, + /* tcId: 247. edge case for computation of x with projective coordinates in right to left addition chain */ + {15958, 65, 128, 32, 7872, 32, 1, 247 }, + /* tcId: 248. edge case for computation of x with projective coordinates in right to left addition chain */ + {16023, 65, 128, 32, 7904, 32, 1, 248 }, + /* tcId: 249. edge case for computation of y with projective coordinates */ + {16088, 65, 128, 32, 7936, 32, 1, 249 }, + /* tcId: 250. edge case for computation of y with projective coordinates */ + {16153, 65, 128, 32, 7968, 32, 1, 250 }, + /* tcId: 251. edge case for computation of y with projective coordinates */ + {16218, 65, 128, 32, 8000, 32, 1, 251 }, + /* tcId: 252. edge case for computation of y with projective coordinates in left to right addition chain */ + {16283, 65, 128, 32, 8032, 32, 1, 252 }, + /* tcId: 253. edge case for computation of y with projective coordinates in left to right addition chain */ + {16348, 65, 128, 32, 8064, 32, 1, 253 }, + /* tcId: 254. edge case for computation of y with projective coordinates in left to right addition chain */ + {16413, 65, 128, 32, 8096, 32, 1, 254 }, + /* tcId: 255. edge case for computation of y with projective coordinates in left to right addition chain */ + {16478, 65, 128, 32, 8128, 32, 1, 255 }, + /* tcId: 256. edge case for computation of y with projective coordinates in left to right addition chain */ + {16543, 65, 128, 32, 8160, 32, 1, 256 }, + /* tcId: 257. edge case for computation of y with projective coordinates in left to right addition chain */ + {16608, 65, 128, 32, 8192, 32, 1, 257 }, + /* tcId: 258. edge case for computation of y with projective coordinates in left to right addition chain */ + {16673, 65, 128, 32, 8224, 32, 1, 258 }, + /* tcId: 259. edge case for computation of y with projective coordinates in left to right addition chain */ + {16738, 65, 128, 32, 8256, 32, 1, 259 }, + /* tcId: 260. edge case for computation of y with projective coordinates in left to right addition chain */ + {16803, 65, 128, 32, 8288, 32, 1, 260 }, + /* tcId: 261. edge case for computation of y with projective coordinates in left to right addition chain */ + {16868, 65, 128, 32, 8320, 32, 1, 261 }, + /* tcId: 262. edge case for computation of y with projective coordinates in left to right addition chain */ + {16933, 65, 128, 32, 8352, 32, 1, 262 }, + /* tcId: 263. edge case for computation of y with projective coordinates in left to right addition chain */ + {16998, 65, 128, 32, 8384, 32, 1, 263 }, + /* tcId: 264. edge case for computation of y with projective coordinates in left to right addition chain */ + {17063, 65, 128, 32, 8416, 32, 1, 264 }, + /* tcId: 265. edge case for computation of y with projective coordinates in left to right addition chain */ + {17128, 65, 128, 32, 8448, 32, 1, 265 }, + /* tcId: 266. edge case for computation of y with projective coordinates in left to right addition chain */ + {17193, 65, 128, 32, 8480, 32, 1, 266 }, + /* tcId: 267. edge case for computation of y with projective coordinates in left to right addition chain */ + {17258, 65, 128, 32, 8512, 32, 1, 267 }, + /* tcId: 268. edge case for computation of y with projective coordinates in precomputation or right to left addition chain */ + {17323, 65, 128, 32, 8544, 32, 1, 268 }, + /* tcId: 269. edge case for computation of y with projective coordinates in precomputation or right to left addition chain */ + {17388, 65, 128, 32, 8576, 32, 1, 269 }, + /* tcId: 270. edge case for computation of y with projective coordinates in precomputation or right to left addition chain */ + {17453, 65, 128, 32, 8608, 32, 1, 270 }, + /* tcId: 271. edge case for computation of y with projective coordinates in precomputation or right to left addition chain */ + {17518, 65, 128, 32, 8640, 32, 1, 271 }, + /* tcId: 272. edge case for computation of y with projective coordinates in precomputation or right to left addition chain */ + {17583, 65, 128, 32, 8672, 32, 1, 272 }, + /* tcId: 273. edge case for computation of y with projective coordinates in precomputation or right to left addition chain */ + {17648, 65, 128, 32, 8704, 32, 1, 273 }, + /* tcId: 274. edge case for computation of y with projective coordinates in right to left addition chain */ + {17713, 65, 128, 32, 8736, 32, 1, 274 }, + /* tcId: 275. edge case for computation of y with projective coordinates in right to left addition chain */ + {17778, 65, 128, 32, 8768, 32, 1, 275 }, + /* tcId: 276. edge case for computation of y with projective coordinates in right to left addition chain */ + {17843, 65, 128, 32, 8800, 32, 1, 276 }, + /* tcId: 277. edge case for computation of y with projective coordinates in right to left addition chain */ + {17908, 65, 128, 32, 8832, 32, 1, 277 }, + /* tcId: 278. edge case for computation of y with projective coordinates in right to left addition chain */ + {17973, 65, 128, 32, 8864, 32, 1, 278 }, + /* tcId: 279. point with coordinate x = 1 */ + {3608, 65, 128, 32, 8896, 32, 1, 279 }, + /* tcId: 280. point with coordinate x = 1 */ + {18038, 65, 128, 32, 8928, 32, 1, 280 }, + /* tcId: 281. point with coordinate x = 1 */ + {18103, 65, 128, 32, 8960, 32, 1, 281 }, + /* tcId: 282. point with coordinate x = 1 in left to right addition chain */ + {18168, 65, 128, 32, 8992, 32, 1, 282 }, + /* tcId: 283. point with coordinate x = 1 in left to right addition chain */ + {18233, 65, 128, 32, 9024, 32, 1, 283 }, + /* tcId: 284. point with coordinate x = 1 in left to right addition chain */ + {18298, 65, 128, 32, 9056, 32, 1, 284 }, + /* tcId: 285. point with coordinate x = 1 in left to right addition chain */ + {18363, 65, 128, 32, 9088, 32, 1, 285 }, + /* tcId: 286. point with coordinate x = 1 in left to right addition chain */ + {18428, 65, 128, 32, 9120, 32, 1, 286 }, + /* tcId: 287. point with coordinate x = 1 in left to right addition chain */ + {18493, 65, 128, 32, 9152, 32, 1, 287 }, + /* tcId: 288. point with coordinate x = 1 in left to right addition chain */ + {18558, 65, 128, 32, 9184, 32, 1, 288 }, + /* tcId: 289. point with coordinate x = 1 in left to right addition chain */ + {18623, 65, 128, 32, 9216, 32, 1, 289 }, + /* tcId: 290. point with coordinate x = 1 in left to right addition chain */ + {18688, 65, 128, 32, 9248, 32, 1, 290 }, + /* tcId: 291. point with coordinate x = 1 in left to right addition chain */ + {18753, 65, 128, 32, 9280, 32, 1, 291 }, + /* tcId: 292. point with coordinate x = 1 in left to right addition chain */ + {18818, 65, 128, 32, 9312, 32, 1, 292 }, + /* tcId: 293. point with coordinate x = 1 in left to right addition chain */ + {18883, 65, 128, 32, 9344, 32, 1, 293 }, + /* tcId: 294. point with coordinate x = 1 in left to right addition chain */ + {18948, 65, 128, 32, 9376, 32, 1, 294 }, + /* tcId: 295. point with coordinate x = 1 in left to right addition chain */ + {19013, 65, 128, 32, 9408, 32, 1, 295 }, + /* tcId: 296. point with coordinate x = 1 in left to right addition chain */ + {19078, 65, 128, 32, 9440, 32, 1, 296 }, + /* tcId: 297. point with coordinate x = 1 in left to right addition chain */ + {19143, 65, 128, 32, 9472, 32, 1, 297 }, + /* tcId: 298. point with coordinate x = 1 in precomputation or right to left addition chain */ + {19208, 65, 128, 32, 9504, 32, 1, 298 }, + /* tcId: 299. point with coordinate x = 1 in precomputation or right to left addition chain */ + {19273, 65, 128, 32, 9536, 32, 1, 299 }, + /* tcId: 300. point with coordinate x = 1 in precomputation or right to left addition chain */ + {19338, 65, 128, 32, 9568, 32, 1, 300 }, + /* tcId: 301. point with coordinate x = 1 in precomputation or right to left addition chain */ + {19403, 65, 128, 32, 9600, 32, 1, 301 }, + /* tcId: 302. point with coordinate x = 1 in precomputation or right to left addition chain */ + {19468, 65, 128, 32, 9632, 32, 1, 302 }, + /* tcId: 303. point with coordinate x = 1 in precomputation or right to left addition chain */ + {19533, 65, 128, 32, 9664, 32, 1, 303 }, + /* tcId: 304. point with coordinate x = 1 in right to left addition chain */ + {19598, 65, 128, 32, 9696, 32, 1, 304 }, + /* tcId: 305. point with coordinate x = 1 in right to left addition chain */ + {19663, 65, 128, 32, 9728, 32, 1, 305 }, + /* tcId: 306. point with coordinate x = 1 in right to left addition chain */ + {19728, 65, 128, 32, 9760, 32, 1, 306 }, + /* tcId: 307. point with coordinate x = 1 in right to left addition chain */ + {19793, 65, 128, 32, 9792, 32, 1, 307 }, + /* tcId: 308. point with coordinate x = 1 in right to left addition chain */ + {19858, 65, 128, 32, 9824, 32, 1, 308 }, + /* tcId: 309. point with coordinate x = 2 */ + {3673, 65, 128, 32, 9856, 32, 1, 309 }, + /* tcId: 310. point with coordinate x = 2 */ + {19923, 65, 128, 32, 9888, 32, 1, 310 }, + /* tcId: 311. point with coordinate x = 2 */ + {19988, 65, 128, 32, 9920, 32, 1, 311 }, + /* tcId: 312. point with coordinate x = 2 in left to right addition chain */ + {20053, 65, 128, 32, 9952, 32, 1, 312 }, + /* tcId: 313. point with coordinate x = 2 in left to right addition chain */ + {20118, 65, 128, 32, 9984, 32, 1, 313 }, + /* tcId: 314. point with coordinate x = 2 in left to right addition chain */ + {20183, 65, 128, 32, 10016, 32, 1, 314 }, + /* tcId: 315. point with coordinate x = 2 in left to right addition chain */ + {20248, 65, 128, 32, 10048, 32, 1, 315 }, + /* tcId: 316. point with coordinate x = 2 in left to right addition chain */ + {20313, 65, 128, 32, 10080, 32, 1, 316 }, + /* tcId: 317. point with coordinate x = 2 in left to right addition chain */ + {20378, 65, 128, 32, 10112, 32, 1, 317 }, + /* tcId: 318. point with coordinate x = 2 in left to right addition chain */ + {20443, 65, 128, 32, 10144, 32, 1, 318 }, + /* tcId: 319. point with coordinate x = 2 in left to right addition chain */ + {20508, 65, 128, 32, 10176, 32, 1, 319 }, + /* tcId: 320. point with coordinate x = 2 in left to right addition chain */ + {20573, 65, 128, 32, 10208, 32, 1, 320 }, + /* tcId: 321. point with coordinate x = 2 in left to right addition chain */ + {20638, 65, 128, 32, 10240, 32, 1, 321 }, + /* tcId: 322. point with coordinate x = 2 in left to right addition chain */ + {20703, 65, 128, 32, 10272, 32, 1, 322 }, + /* tcId: 323. point with coordinate x = 2 in left to right addition chain */ + {20768, 65, 128, 32, 10304, 32, 1, 323 }, + /* tcId: 324. point with coordinate x = 2 in left to right addition chain */ + {20833, 65, 128, 32, 10336, 32, 1, 324 }, + /* tcId: 325. point with coordinate x = 2 in left to right addition chain */ + {20898, 65, 128, 32, 10368, 32, 1, 325 }, + /* tcId: 326. point with coordinate x = 2 in left to right addition chain */ + {20963, 65, 128, 32, 10400, 32, 1, 326 }, + /* tcId: 327. point with coordinate x = 2 in left to right addition chain */ + {21028, 65, 128, 32, 10432, 32, 1, 327 }, + /* tcId: 328. point with coordinate x = 2 in precomputation or right to left addition chain */ + {21093, 65, 128, 32, 10464, 32, 1, 328 }, + /* tcId: 329. point with coordinate x = 2 in precomputation or right to left addition chain */ + {21158, 65, 128, 32, 10496, 32, 1, 329 }, + /* tcId: 330. point with coordinate x = 2 in precomputation or right to left addition chain */ + {21223, 65, 128, 32, 10528, 32, 1, 330 }, + /* tcId: 331. point with coordinate x = 2 in precomputation or right to left addition chain */ + {21288, 65, 128, 32, 10560, 32, 1, 331 }, + /* tcId: 332. point with coordinate x = 2 in precomputation or right to left addition chain */ + {21353, 65, 128, 32, 10592, 32, 1, 332 }, + /* tcId: 333. point with coordinate x = 2 in precomputation or right to left addition chain */ + {21418, 65, 128, 32, 10624, 32, 1, 333 }, + /* tcId: 334. point with coordinate x = 2 in right to left addition chain */ + {21483, 65, 128, 32, 10656, 32, 1, 334 }, + /* tcId: 335. point with coordinate x = 2 in right to left addition chain */ + {21548, 65, 128, 32, 10688, 32, 1, 335 }, + /* tcId: 336. point with coordinate x = 2 in right to left addition chain */ + {21613, 65, 128, 32, 10720, 32, 1, 336 }, + /* tcId: 337. point with coordinate x = 2 in right to left addition chain */ + {21678, 65, 128, 32, 10752, 32, 1, 337 }, + /* tcId: 338. point with coordinate x = 2 in right to left addition chain */ + {21743, 65, 128, 32, 10784, 32, 1, 338 }, + /* tcId: 339. point with coordinate x = 3 */ + {3738, 65, 128, 32, 10816, 32, 1, 339 }, + /* tcId: 340. point with coordinate x = 3 */ + {21808, 65, 128, 32, 10848, 32, 1, 340 }, + /* tcId: 341. point with coordinate x = 3 */ + {21873, 65, 128, 32, 10880, 32, 1, 341 }, + /* tcId: 342. point with coordinate x = 3 in left to right addition chain */ + {21938, 65, 128, 32, 10912, 32, 1, 342 }, + /* tcId: 343. point with coordinate x = 3 in left to right addition chain */ + {22003, 65, 128, 32, 10944, 32, 1, 343 }, + /* tcId: 344. point with coordinate x = 3 in left to right addition chain */ + {22068, 65, 128, 32, 10976, 32, 1, 344 }, + /* tcId: 345. point with coordinate x = 3 in left to right addition chain */ + {22133, 65, 128, 32, 11008, 32, 1, 345 }, + /* tcId: 346. point with coordinate x = 3 in left to right addition chain */ + {22198, 65, 128, 32, 11040, 32, 1, 346 }, + /* tcId: 347. point with coordinate x = 3 in left to right addition chain */ + {22263, 65, 128, 32, 11072, 32, 1, 347 }, + /* tcId: 348. point with coordinate x = 3 in left to right addition chain */ + {22328, 65, 128, 32, 11104, 32, 1, 348 }, + /* tcId: 349. point with coordinate x = 3 in left to right addition chain */ + {22393, 65, 128, 32, 11136, 32, 1, 349 }, + /* tcId: 350. point with coordinate x = 3 in left to right addition chain */ + {22458, 65, 128, 32, 11168, 32, 1, 350 }, + /* tcId: 351. point with coordinate x = 3 in left to right addition chain */ + {22523, 65, 128, 32, 11200, 32, 1, 351 }, + /* tcId: 352. point with coordinate x = 3 in left to right addition chain */ + {22588, 65, 128, 32, 11232, 32, 1, 352 }, + /* tcId: 353. point with coordinate x = 3 in left to right addition chain */ + {22653, 65, 128, 32, 11264, 32, 1, 353 }, + /* tcId: 354. point with coordinate x = 3 in left to right addition chain */ + {22718, 65, 128, 32, 11296, 32, 1, 354 }, + /* tcId: 355. point with coordinate x = 3 in left to right addition chain */ + {22783, 65, 128, 32, 11328, 32, 1, 355 }, + /* tcId: 356. point with coordinate x = 3 in left to right addition chain */ + {22848, 65, 128, 32, 11360, 32, 1, 356 }, + /* tcId: 357. point with coordinate x = 3 in left to right addition chain */ + {22913, 65, 128, 32, 11392, 32, 1, 357 }, + /* tcId: 358. point with coordinate x = 3 in precomputation or right to left addition chain */ + {22978, 65, 128, 32, 11424, 32, 1, 358 }, + /* tcId: 359. point with coordinate x = 3 in precomputation or right to left addition chain */ + {23043, 65, 128, 32, 11456, 32, 1, 359 }, + /* tcId: 360. point with coordinate x = 3 in precomputation or right to left addition chain */ + {23108, 65, 128, 32, 11488, 32, 1, 360 }, + /* tcId: 361. point with coordinate x = 3 in precomputation or right to left addition chain */ + {23173, 65, 128, 32, 11520, 32, 1, 361 }, + /* tcId: 362. point with coordinate x = 3 in precomputation or right to left addition chain */ + {23238, 65, 128, 32, 11552, 32, 1, 362 }, + /* tcId: 363. point with coordinate x = 3 in precomputation or right to left addition chain */ + {23303, 65, 128, 32, 11584, 32, 1, 363 }, + /* tcId: 364. point with coordinate x = 3 in right to left addition chain */ + {23368, 65, 128, 32, 11616, 32, 1, 364 }, + /* tcId: 365. point with coordinate x = 3 in right to left addition chain */ + {23433, 65, 128, 32, 11648, 32, 1, 365 }, + /* tcId: 366. point with coordinate x = 3 in right to left addition chain */ + {23498, 65, 128, 32, 11680, 32, 1, 366 }, + /* tcId: 367. point with coordinate x = 3 in right to left addition chain */ + {23563, 65, 128, 32, 11712, 32, 1, 367 }, + /* tcId: 368. point with coordinate x = 3 in right to left addition chain */ + {23628, 65, 128, 32, 11744, 32, 1, 368 }, + /* tcId: 369. point with coordinate y = 1 */ + {23693, 65, 128, 32, 11776, 32, 1, 369 }, + /* tcId: 370. point with coordinate y = 1 */ + {23758, 65, 128, 32, 11808, 32, 1, 370 }, + /* tcId: 371. point with coordinate y = 1 */ + {23823, 65, 128, 32, 11840, 32, 1, 371 }, + /* tcId: 372. point with coordinate y = 1 */ + {23888, 65, 128, 32, 11872, 32, 1, 372 }, + /* tcId: 373. point with coordinate y = 1 */ + {23953, 65, 128, 32, 11904, 32, 1, 373 }, + /* tcId: 374. point with coordinate y = 1 */ + {24018, 65, 128, 32, 11936, 32, 1, 374 }, + /* tcId: 375. point with coordinate y = 1 */ + {24083, 65, 128, 32, 11968, 32, 1, 375 }, + /* tcId: 376. point with coordinate y = 1 */ + {24148, 65, 128, 32, 12000, 32, 1, 376 }, + /* tcId: 377. point with coordinate y = 1 */ + {24213, 65, 128, 32, 12032, 32, 1, 377 }, + /* tcId: 378. point with coordinate y = 1 in left to right addition chain */ + {24278, 65, 128, 32, 12064, 32, 1, 378 }, + /* tcId: 379. point with coordinate y = 1 in left to right addition chain */ + {24343, 65, 128, 32, 12096, 32, 1, 379 }, + /* tcId: 380. point with coordinate y = 1 in left to right addition chain */ + {24408, 65, 128, 32, 12128, 32, 1, 380 }, + /* tcId: 381. point with coordinate y = 1 in left to right addition chain */ + {24473, 65, 128, 32, 12160, 32, 1, 381 }, + /* tcId: 382. point with coordinate y = 1 in left to right addition chain */ + {24538, 65, 128, 32, 12192, 32, 1, 382 }, + /* tcId: 383. point with coordinate y = 1 in left to right addition chain */ + {24603, 65, 128, 32, 12224, 32, 1, 383 }, + /* tcId: 384. point with coordinate y = 1 in left to right addition chain */ + {24668, 65, 128, 32, 12256, 32, 1, 384 }, + /* tcId: 385. point with coordinate y = 1 in left to right addition chain */ + {24733, 65, 128, 32, 12288, 32, 1, 385 }, + /* tcId: 386. point with coordinate y = 1 in left to right addition chain */ + {24798, 65, 128, 32, 12320, 32, 1, 386 }, + /* tcId: 387. point with coordinate y = 1 in left to right addition chain */ + {24863, 65, 128, 32, 12352, 32, 1, 387 }, + /* tcId: 388. point with coordinate y = 1 in left to right addition chain */ + {24928, 65, 128, 32, 12384, 32, 1, 388 }, + /* tcId: 389. point with coordinate y = 1 in left to right addition chain */ + {24993, 65, 128, 32, 12416, 32, 1, 389 }, + /* tcId: 390. point with coordinate y = 1 in left to right addition chain */ + {25058, 65, 128, 32, 12448, 32, 1, 390 }, + /* tcId: 391. point with coordinate y = 1 in left to right addition chain */ + {25123, 65, 128, 32, 12480, 32, 1, 391 }, + /* tcId: 392. point with coordinate y = 1 in left to right addition chain */ + {25188, 65, 128, 32, 12512, 32, 1, 392 }, + /* tcId: 393. point with coordinate y = 1 in left to right addition chain */ + {25253, 65, 128, 32, 12544, 32, 1, 393 }, + /* tcId: 394. point with coordinate y = 1 in left to right addition chain */ + {25318, 65, 128, 32, 12576, 32, 1, 394 }, + /* tcId: 395. point with coordinate y = 1 in left to right addition chain */ + {25383, 65, 128, 32, 12608, 32, 1, 395 }, + /* tcId: 396. point with coordinate y = 1 in left to right addition chain */ + {25448, 65, 128, 32, 12640, 32, 1, 396 }, + /* tcId: 397. point with coordinate y = 1 in left to right addition chain */ + {25513, 65, 128, 32, 12672, 32, 1, 397 }, + /* tcId: 398. point with coordinate y = 1 in left to right addition chain */ + {25578, 65, 128, 32, 12704, 32, 1, 398 }, + /* tcId: 399. point with coordinate y = 1 in left to right addition chain */ + {25643, 65, 128, 32, 12736, 32, 1, 399 }, + /* tcId: 400. point with coordinate y = 1 in left to right addition chain */ + {25708, 65, 128, 32, 12768, 32, 1, 400 }, + /* tcId: 401. point with coordinate y = 1 in left to right addition chain */ + {25773, 65, 128, 32, 12800, 32, 1, 401 }, + /* tcId: 402. point with coordinate y = 1 in left to right addition chain */ + {25838, 65, 128, 32, 12832, 32, 1, 402 }, + /* tcId: 403. point with coordinate y = 1 in left to right addition chain */ + {25903, 65, 128, 32, 12864, 32, 1, 403 }, + /* tcId: 404. point with coordinate y = 1 in left to right addition chain */ + {25968, 65, 128, 32, 12896, 32, 1, 404 }, + /* tcId: 405. point with coordinate y = 1 in left to right addition chain */ + {26033, 65, 128, 32, 12928, 32, 1, 405 }, + /* tcId: 406. point with coordinate y = 1 in left to right addition chain */ + {26098, 65, 128, 32, 12960, 32, 1, 406 }, + /* tcId: 407. point with coordinate y = 1 in left to right addition chain */ + {26163, 65, 128, 32, 12992, 32, 1, 407 }, + /* tcId: 408. point with coordinate y = 1 in left to right addition chain */ + {26228, 65, 128, 32, 13024, 32, 1, 408 }, + /* tcId: 409. point with coordinate y = 1 in left to right addition chain */ + {26293, 65, 128, 32, 13056, 32, 1, 409 }, + /* tcId: 410. point with coordinate y = 1 in left to right addition chain */ + {26358, 65, 128, 32, 13088, 32, 1, 410 }, + /* tcId: 411. point with coordinate y = 1 in left to right addition chain */ + {26423, 65, 128, 32, 13120, 32, 1, 411 }, + /* tcId: 412. point with coordinate y = 1 in left to right addition chain */ + {26488, 65, 128, 32, 13152, 32, 1, 412 }, + /* tcId: 413. point with coordinate y = 1 in left to right addition chain */ + {26553, 65, 128, 32, 13184, 32, 1, 413 }, + /* tcId: 414. point with coordinate y = 1 in left to right addition chain */ + {26618, 65, 128, 32, 13216, 32, 1, 414 }, + /* tcId: 415. point with coordinate y = 1 in left to right addition chain */ + {26683, 65, 128, 32, 13248, 32, 1, 415 }, + /* tcId: 416. point with coordinate y = 1 in left to right addition chain */ + {26748, 65, 128, 32, 13280, 32, 1, 416 }, + /* tcId: 417. point with coordinate y = 1 in left to right addition chain */ + {26813, 65, 128, 32, 13312, 32, 1, 417 }, + /* tcId: 418. point with coordinate y = 1 in left to right addition chain */ + {26878, 65, 128, 32, 13344, 32, 1, 418 }, + /* tcId: 419. point with coordinate y = 1 in left to right addition chain */ + {26943, 65, 128, 32, 13376, 32, 1, 419 }, + /* tcId: 420. point with coordinate y = 1 in left to right addition chain */ + {27008, 65, 128, 32, 13408, 32, 1, 420 }, + /* tcId: 421. point with coordinate y = 1 in left to right addition chain */ + {27073, 65, 128, 32, 13440, 32, 1, 421 }, + /* tcId: 422. point with coordinate y = 1 in left to right addition chain */ + {27138, 65, 128, 32, 13472, 32, 1, 422 }, + /* tcId: 423. point with coordinate y = 1 in left to right addition chain */ + {27203, 65, 128, 32, 13504, 32, 1, 423 }, + /* tcId: 424. point with coordinate y = 1 in left to right addition chain */ + {27268, 65, 128, 32, 13536, 32, 1, 424 }, + /* tcId: 425. point with coordinate y = 1 in left to right addition chain */ + {27333, 65, 128, 32, 13568, 32, 1, 425 }, + /* tcId: 426. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27398, 65, 128, 32, 13600, 32, 1, 426 }, + /* tcId: 427. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27463, 65, 128, 32, 13632, 32, 1, 427 }, + /* tcId: 428. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27528, 65, 128, 32, 13664, 32, 1, 428 }, + /* tcId: 429. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27593, 65, 128, 32, 13696, 32, 1, 429 }, + /* tcId: 430. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27658, 65, 128, 32, 13728, 32, 1, 430 }, + /* tcId: 431. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27723, 65, 128, 32, 13760, 32, 1, 431 }, + /* tcId: 432. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27788, 65, 128, 32, 13792, 32, 1, 432 }, + /* tcId: 433. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27853, 65, 128, 32, 13824, 32, 1, 433 }, + /* tcId: 434. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27918, 65, 128, 32, 13856, 32, 1, 434 }, + /* tcId: 435. point with coordinate y = 1 in precomputation or right to left addition chain */ + {27983, 65, 128, 32, 13888, 32, 1, 435 }, + /* tcId: 436. point with coordinate y = 1 in precomputation or right to left addition chain */ + {28048, 65, 128, 32, 13920, 32, 1, 436 }, + /* tcId: 437. point with coordinate y = 1 in precomputation or right to left addition chain */ + {28113, 65, 128, 32, 13952, 32, 1, 437 }, + /* tcId: 438. point with coordinate y = 1 in precomputation or right to left addition chain */ + {28178, 65, 128, 32, 13984, 32, 1, 438 }, + /* tcId: 439. point with coordinate y = 1 in precomputation or right to left addition chain */ + {28243, 65, 128, 32, 14016, 32, 1, 439 }, + /* tcId: 440. point with coordinate y = 1 in precomputation or right to left addition chain */ + {28308, 65, 128, 32, 14048, 32, 1, 440 }, + /* tcId: 441. point with coordinate y = 1 in precomputation or right to left addition chain */ + {28373, 65, 128, 32, 14080, 32, 1, 441 }, + /* tcId: 442. point with coordinate y = 1 in precomputation or right to left addition chain */ + {28438, 65, 128, 32, 14112, 32, 1, 442 }, + /* tcId: 443. point with coordinate y = 1 in precomputation or right to left addition chain */ + {28503, 65, 128, 32, 14144, 32, 1, 443 }, + /* tcId: 444. point with coordinate y = 1 in right to left addition chain */ + {28568, 65, 128, 32, 14176, 32, 1, 444 }, + /* tcId: 445. point with coordinate y = 1 in right to left addition chain */ + {28633, 65, 128, 32, 14208, 32, 1, 445 }, + /* tcId: 446. point with coordinate y = 1 in right to left addition chain */ + {28698, 65, 128, 32, 14240, 32, 1, 446 }, + /* tcId: 447. point with coordinate y = 1 in right to left addition chain */ + {28763, 65, 128, 32, 14272, 32, 1, 447 }, + /* tcId: 448. point with coordinate y = 1 in right to left addition chain */ + {28828, 65, 128, 32, 14304, 32, 1, 448 }, + /* tcId: 449. point with coordinate y = 1 in right to left addition chain */ + {28893, 65, 128, 32, 14336, 32, 1, 449 }, + /* tcId: 450. point with coordinate y = 1 in right to left addition chain */ + {28958, 65, 128, 32, 14368, 32, 1, 450 }, + /* tcId: 451. point with coordinate y = 1 in right to left addition chain */ + {29023, 65, 128, 32, 14400, 32, 1, 451 }, + /* tcId: 452. point with coordinate y = 1 in right to left addition chain */ + {29088, 65, 128, 32, 14432, 32, 1, 452 }, + /* tcId: 453. point with coordinate y = 1 in right to left addition chain */ + {29153, 65, 128, 32, 14464, 32, 1, 453 }, + /* tcId: 454. point with coordinate y = 1 in right to left addition chain */ + {29218, 65, 128, 32, 14496, 32, 1, 454 }, + /* tcId: 455. point with coordinate y = 1 in right to left addition chain */ + {29283, 65, 128, 32, 14528, 32, 1, 455 }, + /* tcId: 456. point with coordinate y = 1 in right to left addition chain */ + {29348, 65, 128, 32, 14560, 32, 1, 456 }, + /* tcId: 457. point with coordinate y = 1 in right to left addition chain */ + {29413, 65, 128, 32, 14592, 32, 1, 457 }, + /* tcId: 458. point with coordinate y = 1 in right to left addition chain */ + {29478, 65, 128, 32, 14624, 32, 1, 458 }, + /* tcId: 459. edge case private key */ + {29543, 65, 160, 32, 14656, 32, 1, 459 }, + /* tcId: 460. edge case private key */ + {29543, 65, 192, 32, 14688, 32, 1, 460 }, + /* tcId: 461. edge case private key */ + {29543, 65, 224, 32, 14720, 32, 1, 461 }, + /* tcId: 462. edge case private key */ + {29543, 65, 256, 32, 14752, 32, 1, 462 }, + /* tcId: 463. edge case private key */ + {29543, 65, 288, 32, 14784, 32, 1, 463 }, + /* tcId: 464. edge case private key */ + {29543, 65, 320, 32, 14816, 32, 1, 464 }, + /* tcId: 465. edge case private key */ + {29543, 65, 352, 32, 14848, 32, 1, 465 }, + /* tcId: 466. edge case private key */ + {29543, 65, 384, 32, 14880, 32, 1, 466 }, + /* tcId: 467. edge case private key */ + {29543, 65, 416, 32, 14912, 32, 1, 467 }, + /* tcId: 468. edge case private key */ + {29543, 65, 448, 32, 14944, 32, 1, 468 }, + /* tcId: 469. edge case private key */ + {29543, 65, 480, 32, 14976, 32, 1, 469 }, + /* tcId: 470. edge case private key */ + {29543, 65, 512, 32, 15008, 32, 1, 470 }, + /* tcId: 471. edge case private key */ + {29543, 65, 544, 32, 15040, 32, 1, 471 }, + /* tcId: 472. edge case private key */ + {29543, 65, 576, 32, 15072, 32, 1, 472 }, + /* tcId: 473. edge case private key */ + {29543, 65, 608, 32, 15104, 32, 1, 473 }, + /* tcId: 474. edge case private key */ + {29543, 65, 640, 32, 15136, 32, 1, 474 }, + /* tcId: 475. point is not on curve */ + {29608, 65, 672, 32, 15168, 0, 0, 475 }, + /* tcId: 476. point is not on curve */ + {29673, 65, 672, 32, 15168, 0, 0, 476 }, + /* tcId: 477. point is not on curve */ + {29738, 65, 672, 32, 15168, 0, 0, 477 }, + /* tcId: 478. point is not on curve */ + {29803, 65, 672, 32, 15168, 0, 0, 478 }, + /* tcId: 479. point is not on curve */ + {29868, 65, 672, 32, 15168, 0, 0, 479 }, + /* tcId: 480. point is not on curve */ + {29933, 65, 672, 32, 15168, 0, 0, 480 }, + /* tcId: 481. point is not on curve */ + {29998, 65, 672, 32, 15168, 0, 0, 481 }, + /* tcId: 482. point is not on curve */ + {30063, 65, 672, 32, 15168, 0, 0, 482 }, + /* tcId: 483. point is not on curve */ + {30128, 65, 672, 32, 15168, 0, 0, 483 }, + /* tcId: 484. point is not on curve */ + {30193, 65, 672, 32, 15168, 0, 0, 484 }, + /* tcId: 485. point is not on curve */ + {30258, 65, 672, 32, 15168, 0, 0, 485 }, + /* tcId: 486. point is not on curve */ + {30323, 65, 672, 32, 15168, 0, 0, 486 }, + /* tcId: 487. point is not on curve */ + {30388, 65, 672, 32, 15168, 0, 0, 487 }, + /* tcId: 488. point is not on curve */ + {30453, 65, 672, 32, 15168, 0, 0, 488 }, + /* tcId: 489. point is not on curve */ + {30518, 65, 672, 32, 15168, 0, 0, 489 }, + /* tcId: 490. point is not on curve */ + {30583, 65, 672, 32, 15168, 0, 0, 490 }, + /* tcId: 491. */ + {30648, 0, 672, 32, 15168, 0, 0, 491 }, + /* tcId: 494. public point not on curve */ + {30648, 65, 704, 32, 15168, 0, 0, 494 }, + /* tcId: 495. public point = (0,0) */ + {29608, 65, 704, 32, 15168, 0, 0, 495 }, + /* tcId: 498. order = 1 */ + {30713, 65, 704, 32, 15168, 32, 1, 498 }, + /* tcId: 499. order = 26959946667150639794667015087019630673536463705607434823784316690060 */ + {30713, 65, 704, 32, 15200, 32, 1, 499 }, + /* tcId: 500. generator = (0,0) */ + {30713, 65, 704, 32, 15232, 32, 1, 500 }, + /* tcId: 501. generator not on curve */ + {30713, 65, 704, 32, 15264, 32, 1, 501 }, + /* tcId: 506. cofactor = None */ + {30713, 65, 704, 32, 15296, 32, 1, 506 }, + /* tcId: 508. using secp224r1 */ + {30778, 57, 704, 32, 15328, 0, 0, 508 }, + /* tcId: 509. using secp256r1 */ + {30835, 65, 704, 32, 15328, 0, 0, 509 }, + /* tcId: 510. a = 0 */ + {30713, 65, 704, 32, 15328, 32, 1, 510 }, + /* tcId: 511. public key of order 3 */ + {30900, 65, 704, 32, 15360, 0, 0, 511 }, + /* tcId: 528. invalid public key */ + {30965, 33, 736, 32, 15360, 0, 0, 528 }, + +}; diff --git a/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdh_secp256k1_test.json b/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdh_secp256k1_test.json new file mode 100644 index 000000000..71da94723 --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdh_secp256k1_test.json @@ -0,0 +1,8444 @@ +{ + "algorithm" : "ECDH", + "schema" : "ecdh_test_schema.json", + "numberOfTests" : 752, + "header" : [ + "Test vectors of type EcdhTest are intended for", + "testing an ECDH implementations using X509 encoded", + "public keys and integers for private keys.", + "Test vectors of this format are useful for testing", + "Java providers." + ], + "notes" : { + "AdditionChain" : { + "bugType" : "KNOWN_BUG", + "description" : "The private key has an unusual bit pattern, such as high or low Hamming weight. The goal is to test edge cases for addition chain implementations." + }, + "CompressedPoint" : { + "bugType" : "UNKNOWN", + "description" : "The point in the public key is compressed. Not every library supports points in compressed format." + }, + "CompressedPublic" : { + "bugType" : "FUNCTIONALITY", + "description" : "The public key in the test vector is compressed. Some implementations do not support compressed points." + }, + "EdgeCaseDoubling" : { + "bugType" : "EDGE_CASE", + "description" : "The test vector contains an EC point that hits an edge case (e.g. a coordinate 0) when doubled. The goal of the test vector is to check for arithmetic errors in these test cases.", + "effect" : "The effect of such arithmetic errors is unclear and requires further analysis." + }, + "EdgeCaseEphemeralKey" : { + "bugType" : "EDGE_CASE", + "description" : "The test vector contains an ephemeral public key that is an edge case." + }, + "EdgeCaseSharedSecret" : { + "bugType" : "EDGE_CASE", + "description" : "The test vector contains a public key and private key such that the shared ECDH secret is a special case. The goal of this test vector is to detect arithmetic errors.", + "effect" : "The seriousness of an arithmetic error is unclear. It requires further analysis to determine if the bug is exploitable." + }, + "InvalidAsn" : { + "bugType" : "UNKNOWN", + "description" : "The public key in this test uses an invalid ASN encoding. Some cases where the ASN parser is not strictly checking the ASN format are benign as long as the ECDH computation still returns the correct shared value." + }, + "InvalidCompressedPublic" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The test vector contains a compressed public key that does not exist. I.e., it contains an x-coordinate that does not correspond to any points on the curve. Such keys should be rejected " + }, + "InvalidCurveAttack" : { + "bugType" : "CONFIDENTIALITY", + "description" : "The point of the public key is not on the curve. ", + "effect" : "If an implementation does not check whether a point is on the curve then it is likely that the implementation is susceptible to an invalid curve attack. Many implementations compute the shared ECDH secret over a curve defined by the point on the public key. This curve can be weak and hence leak information about the private key." + }, + "InvalidEncoding" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The test vector contains a public key with an invalid encoding." + }, + "InvalidPublic" : { + "bugType" : "CAN_OF_WORMS", + "description" : "The public key has been modified and is invalid. An implementation should always check whether the public key is valid and on the same curve as the private key. The test vector includes the shared secret computed with the original public key if the public point is on the curve of the private key.", + "effect" : "Generating a shared secret other than the one with the original key likely indicates that the bug is exploitable." + }, + "LargeCofactor" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The cofactor is larger than the limits specified in FIPS-PUB 186-4 table 1, p.36." + }, + "Modified curve parameter" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The parameters a and b of the curve have been modified. The parameters haven been chosen so that public key or generator still are also valid points on the new curve." + }, + "ModifiedCofactor" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The cofactor has been modified. ", + "effect" : "The seriousness of accepting a key with modified cofactor depends on whether the primitive using the key actually uses the cofactor." + }, + "ModifiedGenerator" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The generator of the EC group has been modified.", + "effect" : "The seriousness of the modification depends on whether the cryptographic primitive uses the generator. In the worst case such a modification allows an invalid curve attack." + }, + "ModifiedGroup" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The EC curve of the public key has been modified. EC curve primitives should always check that the keys are on the expected curve." + }, + "ModifiedPrime" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The modulus of the public key has been modified. The public point of the public key has been chosen so that it is both a point on both the curve of the modified public key and the private key." + }, + "ModifiedPublicPoint" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The public point of the key has been modified and is not on the curve.", + "effect" : "Not checking that a public point is on the curve may allow an invalid curve attack." + }, + "NegativeCofactor" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The cofactor of the curve is negative." + }, + "Normal" : { + "bugType" : "BASIC", + "description" : "The test vector contains a pseudorandomly generated, valid test case. Implementations are expected to pass this test." + }, + "UnnamedCurve" : { + "bugType" : "UNKNOWN", + "description" : "The public key does not use a named curve. RFC 3279 allows to encode such curves by explicitly encoding, the parameters of the curve equation, modulus, generator, order and cofactor. However, many crypto libraries only support named curves. Modifying some of the EC parameters and encoding the corresponding public key as an unnamed curve is a potential attack vector." + }, + "UnusedParam" : { + "bugType" : "MALLEABILITY", + "description" : "A parameter that is typically not used for ECDH has been modified. Sometimes libraries ignore small differences between public and private key. For example, a library might ignore an incorrect cofactor in the public key. We consider ignoring such changes as acceptable as long as these differences do not change the outcome of the ECDH computation, i.e. as long as the computation is done on the curve from the private key." + }, + "WeakPublicKey" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The vector contains a weak public key. The curve is not a named curve, the public key point has order 3 and has been chosen to be on the same curve as the private key. This test vector is used to check ECC implementations for missing steps in the verification of the public key." + }, + "WrongCurve" : { + "bugType" : "CONFIDENTIALITY", + "description" : "The public key and private key use distinct curves. Implementations are expected to reject such parameters.", + "effect" : "Computing an ECDH key exchange with public and private keys can in the worst case lead to an invalid curve attack. Hence, it is important that ECDH implementations check the input parameters. The severity of such bugs is typically smaller if an implementation ensures that the point is on the curve and that the ECDH computation is performed on the curve of the private key. Some of the test vectors with modified public key contain shared ECDH secrets, that were computed over the curve of the private key." + }, + "WrongOrder" : { + "bugType" : "MODIFIED_PARAMETER", + "description" : "The order of the public key has been modified.", + "effect" : "If this order is used in a cryptographic primitive instead of the correct order then an invalid curve attack is possible and the private keys may leak. E.g. ECDHC in BC 1.52 suffered from this." + } + }, + "testGroups" : [ + { + "type" : "EcdhTest", + "source" : { + "name" : "google-wycheproof", + "version" : "0.9rc5" + }, + "curve" : "secp256k1", + "encoding" : "asn", + "tests" : [ + { + "tcId" : 1, + "comment" : "normal case", + "flags" : [ + "Normal" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d8096af8a11e0b80037e1ee68246b5dcbb0aeb1cf1244fd767db80f3fa27da2b396812ea1686e7472e9692eaf3e958e50e9500d3b4c77243db1f2acd67ba9cc4", + "private" : "00f4b7ff7cccc98813a69fae3df222bfe3f4e28f764bf91b4a10d8096ce446b254", + "shared" : "544dfae22af6af939042b1d85b71a1e49e9a5614123c4d6ad0c8af65baf87d65", + "result" : "valid" + }, + { + "tcId" : 2, + "comment" : "compressed public key", + "flags" : [ + "CompressedPublic", + "CompressedPoint" + ], + "public" : "3036301006072a8648ce3d020106052b8104000a03220002d8096af8a11e0b80037e1ee68246b5dcbb0aeb1cf1244fd767db80f3fa27da2b", + "private" : "00f4b7ff7cccc98813a69fae3df222bfe3f4e28f764bf91b4a10d8096ce446b254", + "shared" : "544dfae22af6af939042b1d85b71a1e49e9a5614123c4d6ad0c8af65baf87d65", + "result" : "acceptable" + }, + { + "tcId" : 3, + "comment" : "shared secret has x-coordinate that satisfies x**2 + a = 1", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004965ff42d654e058ee7317cced7caf093fbb180d8d3a74b0dcd9d8cd47a39d5cb9c2aa4daac01a4be37c20467ede964662f12983e0b5272a47a5f2785685d8087", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000000000000000000001", + "result" : "valid" + }, + { + "tcId" : 4, + "comment" : "shared secret has x-coordinate that satisfies x**2 + a = 4", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000406c4b87ba76c6dcb101f54a050a086aa2cb0722f03137df5a922472f1bdc11b982e3c735c4b6c481d09269559f080ad08632f370a054af12c1fd1eced2ea9211", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000000000000000000002", + "result" : "valid" + }, + { + "tcId" : 5, + "comment" : "shared secret has x-coordinate that satisfies x**2 + a = 9", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bba30eef7967a2f2f08a2ffadac0e41fd4db12a93cef0b045b5706f2853821e6d50b2bf8cbf530e619869e07c021ef16f693cfc0a4b0d4ed5a8f464692bf3d6e", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000000000000000000003", + "result" : "valid" + }, + { + "tcId" : 6, + "comment" : "shared secret has x-coordinate p-3", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046da9eb2cdac02122d5f05cf6a8cd768e378f664ea4a7871d10e25f57eb1ee1cc5b2b5abf9c6c6596f8f383ddbcb3bcc2d5a7cc605984931239ca9669946032ee", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2c", + "result" : "valid" + }, + { + "tcId" : 7, + "comment" : "shared secret has x-coordinate 2**16 + 0", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f2976154c4f53ce392d1fe39a891a4611ba8cf046023cd8f1bcd9fdd2e921191b25cf31caedfbb415381637bc3f599a34fba3e1413f644cb1668469f4558a772", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000000000000000010000", + "result" : "valid" + }, + { + "tcId" : 8, + "comment" : "shared secret has x-coordinate 2**32 + 7", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045e422fea67cca5ebaeac87745c81b10ef807030367e6fce012254176ec8cf199881592f42c264371e19e3037388ab64f32fa8870e62905e7af205e43b02aad12", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000000000000100000007", + "result" : "valid" + }, + { + "tcId" : 9, + "comment" : "shared secret has x-coordinate 2**64 + 1", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bb57b9a1231be042d185c03eda6926a6def177fe6745eda000c520d66581f0cdf1d73c80453f2fe30725adf951390c739e36fc8677691db107881342613d00ab", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000000000000010000000000000001", + "result" : "valid" + }, + { + "tcId" : 10, + "comment" : "shared secret has x-coordinate 2**96 + 1", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045563c76c19377638f7d517bdbe0ace467eb5d4dd9fb4bf18332bab8f07b1d80c261332d46e316711278bacccd88005ee4c115fa84089fd190674626e5ed1ebfe", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000000000000000000000000001000000000000000000000001", + "result" : "valid" + }, + { + "tcId" : 11, + "comment" : "shared secret has x-coordinate that satisfies x**2 + a = -6", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048983aae8c002f2b555acb2370adb9b50ba4cac1bfcc9039a125c70ca7c5fc0d1f6efeb8ae4ba8c69429d93244382447ac534891c66090025282655719bd72512", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0b7beba34feb647da200bed05fad57c0348d249e2a90c88f31f9948bb65d5207", + "result" : "valid" + }, + { + "tcId" : 12, + "comment" : "shared secret has x-coordinate that satisfies x**2 + a = 2", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000423556564850c50fba51f1e64ef98378ef5c22feafa29499ca27600c473cace889d5679e917daa7f4c7899517d37826284f031de01a60bc813696414d04531a21", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "210c790573632359b1edb4302c117d8a132654692c3feeb7de3a86ac3f3b53f7", + "result" : "valid" + }, + { + "tcId" : 13, + "comment" : "shared secret has x-coordinate that satisfies x**2 + a = 8", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ddbf807e22c56a19cf6c472829150350781034a5eddec365694d4bd5c865ead14e674127028c91d3394cac37293a866055d10f0f40a3706ad16b64fc9d5998bd", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "4218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee", + "result" : "valid" + }, + { + "tcId" : 14, + "comment" : "shared secret has x-coordinate that satisfies x**2 = 2**96 + 2", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000464688eae7aabd248f6f44a0d6e2c438e4100001813eb71f9f082fad3dfe43e287dab3dabe7d436001a0fb763015dedbb90f811000ec8f5f29953e3af42f92065", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "39f883f105ac7f09f4e7e4dcc84bc7ff4b3b74f301efaaaf8b638f47720fdaec", + "result" : "valid" + }, + { + "tcId" : 15, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 2", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c404e17141d102bba2f1cb16bb954a208798b04dca8dd139a8ab7f01f0dbef39c7b8e55f2257a480077e4190570a004cbe668200c9c78eaa53b61b20fce4c685", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "5555555555555555555555555555555555555555555555555555555555555550", + "result" : "valid" + }, + { + "tcId" : 16, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 2", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e160e87c0a562a1dbb59b4c2f614720e7753608672eb8d883b91e25f8cfc58474623cba584e1324bc49bcdf0891166b545b7704e2bbda705d0d73b7530e47952", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "result" : "valid" + }, + { + "tcId" : 17, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 4", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045d4d182b18782a02685dcc7b671ec742ce308c7acc8e6260f67e81516eb546e8a38f0756074eea4857953398b6d05597c7ceb5e65e4e8cee31e81c5658824ce4", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "3333333333333333333333333333333333333333333333333333333333333333", + "result" : "valid" + }, + { + "tcId" : 18, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 4", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048ecd6a2576f42626792076935e2fe961599e484cd212bce2623b83aa22f546d2a7f855b09bef286bcbe9e8bab17fd56d7055df64f344310c3522e8f227e472c8", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccb", + "result" : "valid" + }, + { + "tcId" : 19, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 8", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046826f79ef84da803460aed09198d2bbb42d7892ed608aacbb281a95acae11465a25809191aa5bdfa61b8963beacb4eb133266a90f33d1b2ca4f6152d37a94fd8", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0c", + "result" : "valid" + }, + { + "tcId" : 20, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 8", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a54bb2ae80086053a5fa4fdb1836a8c6ac41783650b0f79a5428c98ff64d078a12bbb4cb8af20ca75ec15b2e0d47a83ca93fc78cd92640a02e8002966f1fe80b", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0", + "result" : "valid" + }, + { + "tcId" : 21, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 16", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bace46eed492743c693e1a33adb046b7722c55ce369d1438e67f9c5b3412783145262dd4a86c8a527b23f4114b8a9b9f36f9701835f50b678b24d2a9155ebc2c", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff", + "result" : "valid" + }, + { + "tcId" : 22, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 16", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000401055147863aa060c0e104e243ec01eda2b0e0c6814e232d671abcba9715d5ce0c13006aa7960c54fe3f20220bef766756c910fd05764afc318375540cef2d5c", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00", + "result" : "valid" + }, + { + "tcId" : 23, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 30", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004595e46ee7c2d7183ff2ea760ffd8472fb834ec89c08b6ef48ff92b44a13a6e1ae563e23953c97c26441323d2500c84e8cee04c15d4d5d2cc458703d1f2d02d31", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "7fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff", + "result" : "valid" + }, + { + "tcId" : 24, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 30", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046a40adc811b09e83ba0fb8a94fea50591ca9e58bb7d47304950dbff78dad777ee3bd08f742d7e8e30cff31bc6a6cc02c8717ee25838aabffa6e48f65cce74d81", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "8000fffe0003fff8000fffe0003fff8000fffe0003fff8000fffe0003fff7fff", + "result" : "valid" + }, + { + "tcId" : 25, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 32", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045a33fe91d7e35db7875208bee77f4cc0006f1439cc845f695b6a12673dcd03d18f86ee121c5ea0da3eb0210509e12db845296225ca973e2e19ce3e3d01486090", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000fffd", + "result" : "valid" + }, + { + "tcId" : 26, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 32", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f6ebaab62c35fd4b8bec9d95bcfc433e6bde7c0f0d5ef75d6fd326aaf28f23b0b2f4d1c2e891706b7bada59fb0f6a32b5463982a9c8c2d8ea38954418183b634", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000fffefffe", + "result" : "valid" + }, + { + "tcId" : 27, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 51", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004524392416f8cfc5f84dc9b72f2887c684e4bd24796f0065078e18d16bc43b56ea02178311799eb61ad3b3e7dcda10404dc4541c13e3de0ceb40c9aa7afabc53b", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "8000003ffffff0000007fffffe000000ffffffc000001ffffff8000003fffffd", + "result" : "valid" + }, + { + "tcId" : 28, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 51", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000499965c477a240aebbd19cd094c8b62852de8663d0cc9f06eeb395ffc92d121f64811882f406080d7d04ea4f339bddd2e5ef0345b5834142f75b562154d5ec7ae", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "7fffffe000000ffffffc000001ffffff8000003ffffff0000007fffffdfffffe", + "result" : "valid" + }, + { + "tcId" : 29, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 52", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ad3d179877e74ee258ba6f8e128bc2a0045c06a3d3c30fcce01ca8d9e1afee4ea3fe47156fb727fc1c55ef9db516df665cbb073405c2c301a8fe1d10f3b9b300", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003fffffc", + "result" : "valid" + }, + { + "tcId" : 30, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 52", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044bb19deae638fc5fa7070cc90e969bac3f8384a59ea11cb01bc091edf1a4cbd677ed6bdf8971d3e63c903d9acabc28b75af661a03457261c5a8d5940ad02c509", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "fffffc000000ffffffc000000ffffffc000000ffffffc000000ffffffbfffffe", + "result" : "valid" + }, + { + "tcId" : 31, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 60", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000424175c078e305d3139e5dab727a6ab8587b26daa470a529a23c10585cb56c038bf1f2b937ae074ff94b15f5cb5e60eb5d32afba2077539db794294bcaab71a81", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff", + "result" : "valid" + }, + { + "tcId" : 32, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 60", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ef691afe2ee4aa18a8485a71c0e20eff1337ae0622acc09ccda10f49574ae840b82730bb2eef59a17ab095acd131e5fcf8ba11150a9421bbab6b9f146aa78ffb", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000fffffffc0000000fffffffc0000000fffffffc0000000fffffffbffffffd", + "result" : "valid" + }, + { + "tcId" : 33, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 62", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004067e7df09f5e38f2b2823f65a6b1135c3290586fef6eceffa6d59595748879f66932b3f70d603229e10a57344ecde503a2df930651046c2f1d2b719bfc93e0a1", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ff00000001fffffffc00000007fffffff00000001fffffffc00000007ffffffd", + "result" : "valid" + }, + { + "tcId" : 34, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 62", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b8722ecdde7c85317e486b03656b83910ac3c88687a4291e8bb9a4b6a52cc6e02e4158a5a88de023d6a135bd04c1585ef46741890376135453ec562da5b3760b", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "00fffffffe00000003fffffff80000000fffffffe00000003fffffff80000000", + "result" : "valid" + }, + { + "tcId" : 35, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 64", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004728e15d578212bc42287c0118c82c84b126f97d549223c10ad07f4e98af912385d23b1a6e716925855a247b16effe92773315241ac951cdfefdfac0ed16467f6", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff", + "result" : "valid" + }, + { + "tcId" : 36, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 64", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c3ef35fd4cda66e8e850095e1e697aee56decc29484aa463f879c7b6dd7669e625945351276719c5e3bb8e514f69305b6085b7c782a07b26a842887c33a93dc6", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ffffffff00000000ffffffff00000000ffffffff00000000fffffffeffffffff", + "result" : "valid" + }, + { + "tcId" : 37, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 112", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004784907c6be6202770b98d01f1ffe11b9ed2c97515843f57c2c06363a9dadc7011de5fbaa7356cf3ba28cb7b932a07c8321007c7c45396751fe70724343d2b19f", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ffffffff00000000000000ffffffffffffff00000000000000fffffffffffffe", + "result" : "valid" + }, + { + "tcId" : 38, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 112", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047c016dee8b5411f8e95184daf8e318119e844b8bdc70d75efb99b8d0ff10ab745e905103d57d6537908e6e9864aee4f0917f5b920d06f980aa823f043ef9139e", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "00000000ffffffffffffff00000000000000ffffffffffffff00000000000000", + "result" : "valid" + }, + { + "tcId" : 39, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 128", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000436e1e76ffdbe8577520b0716eb88c18ea72a49e5a4e5680a7d290093f841cb6e7310728b59c7572c4b35fb6c29c36ebabfc53553c06ecf747fcfbefcf6114e1c", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff", + "result" : "valid" + }, + { + "tcId" : 40, + "comment" : "shared secret has x-coordinate with repeating bit-pattern of size 128", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047a19501d646fc9332a8525af4cc79523b57d736b69bb24b06270c1b1dadf88ce834efa1bce854ff5bcade40cbcee9f40154bc26036adc5cf87e50ea388af2987", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "ffffffffffffffff0000000000000000fffffffffffffffefffffffffffffff5", + "result" : "valid" + }, + { + "tcId" : 41, + "comment" : "shared secret has an x-coordinate of approx p//3", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f43b610a2a5c5f6e2b395567489657059e3351c6f9a7e2ebde52638abfea006ab2d690513e9187c0cc903ceee022ee421c594a8bd7610c68cd8143adfc741dde", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "55555555555555555555555555555555555555555555555555555554fffffebc", + "result" : "valid" + }, + { + "tcId" : 42, + "comment" : "shared secret has an x-coordinate of approx p//5", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d93bfdaa797cd4bd81dea80d7c72a24923ce50e94bfc4ee1bd5f5f10eea3f8ecc0b5941890a26e88e5029c283e0fadeccc0b980f8a5098aa7835c5c958d471e5", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "33333333333333333333333333333333333333333333333333333332ffffff3c", + "result" : "valid" + }, + { + "tcId" : 43, + "comment" : "shared secret has an x-coordinate of approx p//7", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040ac1ea7a29f7ace8a38b2fedbfe4d0d9ae45344432ab3eb5e0a5b66716f61c6aaaa39a5f098fd4472587d14bdf72b3dd3e966b5f0b6e400fff6e0e9c8453fc79", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "249249249249249249249249249249249249249249249249249249246db6dae2", + "result" : "valid" + }, + { + "tcId" : 44, + "comment" : "shared secret has an x-coordinate of approx p//9", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bf2e8a61a21d96e74a296b397e53044f373acb73a6ea4a398d89c56549e96b7fe846fd0df239691d0682b067a50a2423d88b4d970b1d3d8141a066d13c186f96", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "1c71c71c71c71c71c71c71c71c71c71c71c71c71c71c71c71c71c71c555554e8", + "result" : "valid" + }, + { + "tcId" : 45, + "comment" : "y-coordinate of the public key has many trailing 1's", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000456baf1d72606c7af5a5fa108620b0839e2c7dd40b832ef847e5b64c86efe1aa563e586a667a65bbb5692500df1ff8403736838b30ea9791d9d390e3dc6689e2c", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "800000000000000000000000009fa2f1ffffffffffffffffffffffffffffffff", + "result" : "valid" + }, + { + "tcId" : 46, + "comment" : "y-coordinate of the public key has many trailing 1's", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004800000000000000000000000009fa2f1ffffffffffffffffffffffffffffffff07ed353c9f1039edcc9cc5336c034dc131a4087692c2e56bc1dd1904e3ffffff", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "7c07b199b6a62e7ac646c7e1dee94aca55de1a97251ddf92fcd4fe0145b40f12", + "result" : "valid" + }, + { + "tcId" : 47, + "comment" : "y-coordinate of the public key is small", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045e4c2cf1320ec84ef8920867b409a9a91d2dd008216a282e36bd84e884726fa05a5e4af11cf63ceaaa42a6dc9e4ccb394852cf84284e8d2627572fbf22c0ba88", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "80000000000000000000000000a3037effffffffffffffffffffffffffffffff", + "result" : "valid" + }, + { + "tcId" : 48, + "comment" : "y-coordinate of the public key is small", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000402a30c2fabc87e6730625dec2f0d03894387b7f743ce69c47351ebe5ee98a48307eb78d38770fea1a44f4da72c26f85b17f3501a4f9394fe29856ccbf15fd284", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "8000000000000000000000000124dcb0ffffffffffffffffffffffffffffffff", + "result" : "valid" + }, + { + "tcId" : 49, + "comment" : "y-coordinate of the public key is small", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000480000000000000000000000000a3037effffffffffffffffffffffffffffffff0000031a6bf344b86730ac5c54a7751aefdba135759b9d535ca64111f298a38d", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "5206c3de46949b9da160295ee0aa142fe3e6629cc25e2d671e582e30ff875082", + "result" : "valid" + }, + { + "tcId" : 50, + "comment" : "y-coordinate of the public key is small", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048000000000000000000000000124dcb0ffffffffffffffffffffffffffffffff0000013bc6f08431e729ed2863f2f4ac8a30279695c8109c340a39fa86f451cd", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "8a8c18b78e1b1fcfd22ee18b4a3a9f391a3fdf15408fb7f8c1dba33c271dbd2f", + "result" : "valid" + }, + { + "tcId" : 51, + "comment" : "y-coordinate of the public key is large", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045e4c2cf1320ec84ef8920867b409a9a91d2dd008216a282e36bd84e884726fa0a5a1b50ee309c31555bd592361b334c6b7ad307bd7b172d9d8a8d03fdd3f41a7", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "80000000000000000000000000a3037effffffffffffffffffffffffffffffff", + "result" : "valid" + }, + { + "tcId" : 52, + "comment" : "y-coordinate of the public key is large", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000402a30c2fabc87e6730625dec2f0d03894387b7f743ce69c47351ebe5ee98a483f814872c788f015e5bb0b258d3d907a4e80cafe5b06c6b01d67a93330ea029ab", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "8000000000000000000000000124dcb0ffffffffffffffffffffffffffffffff", + "result" : "valid" + }, + { + "tcId" : 53, + "comment" : "y-coordinate of the public key is large", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000480000000000000000000000000a3037efffffffffffffffffffffffffffffffffffffce5940cbb4798cf53a3ab588ae510245eca8a6462aca359beed0d6758a2", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "5206c3de46949b9da160295ee0aa142fe3e6629cc25e2d671e582e30ff875082", + "result" : "valid" + }, + { + "tcId" : 54, + "comment" : "y-coordinate of the public key is large", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048000000000000000000000000124dcb0fffffffffffffffffffffffffffffffffffffec4390f7bce18d612d79c0d0b5375cfd8696a37ef63cbf5c604790baa62", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "8a8c18b78e1b1fcfd22ee18b4a3a9f391a3fdf15408fb7f8c1dba33c271dbd2f", + "result" : "valid" + }, + { + "tcId" : 55, + "comment" : "y-coordinate of the public key has many trailing 0's", + "flags" : [ + "EdgeCaseSharedSecret" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045450cace04386adc54a14350793e83bdc5f265d6c29287ecd07f791ad2784c4cebd3c24451322334d8d51033e9d34b6bb592b1995d07867863d1044bd59d7501", + "private" : "00a2b6442a37f8a3764aeff4011a4c422b389a1e509669c43f279c8b7e32d80c3a", + "shared" : "80000000000000000000000001126b54ffffffffffffffffffffffffffffffff", + "result" : "valid" + }, + { + "tcId" : 56, + "comment" : "y-coordinate of the public key has many trailing 0's", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000480000000000000000000000001126b54ffffffffffffffffffffffffffffffff4106a369068d454ea4b9c3ac6177f87fc8fd3aa240b2ccb4882bdccbd4000000", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "e59ddc7646e4aef0623c71c486f24d5d32f7257ef3dab8fa524b394eae19ebe1", + "result" : "valid" + }, + { + "tcId" : 57, + "comment" : "ephemeral key has x-coordinate that satisfies x**2 + a = 1", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000014218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "12c2ad36a59fda5ac4f7e97ff611728d0748ac359fca9b12f6d4f43519516487", + "result" : "valid" + }, + { + "tcId" : 58, + "comment" : "ephemeral key has x-coordinate that satisfies x**2 + a = 4", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004000000000000000000000000000000000000000000000000000000000000000266fbe727b2ba09e09f5a98d70a5efce8424c5fa425bbda1c511f860657b8535e", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "45aa9666757815e9974140d1b57191c92c588f6e5681131e0df9b3d241831ad4", + "result" : "valid" + }, + { + "tcId" : 59, + "comment" : "ephemeral key has x-coordinate that satisfies x**2 + a = 9", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000032f233395c8b07a3834a0e59bda43944b5df378852e560ebc0f22877e9f49bb4b", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "b90964c05e464c23acb747a4c83511e93007f7499b065c8e8eccec955d8731f4", + "result" : "valid" + }, + { + "tcId" : 60, + "comment" : "ephemeral key has x-coordinate p-3", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2c0e994b14ea72f8c3eb95c71ef692575e775058332d7e52d0995cf8038871b67d", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "e97fb4c4fb33d6a114da6e0d180e54f99ec1ece9ff558871054e99d221930d16", + "result" : "valid" + }, + { + "tcId" : 61, + "comment" : "ephemeral key has x-coordinate 2**16 + 0", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000100003c81e87241d9451d286ddbe65b14d47234307b80ce74b8921af7d4935707549d", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "1eea9c2756a3305bb5178f2c37436e7b41cf3805cd0a1087d2d02407fc553c09", + "result" : "valid" + }, + { + "tcId" : 62, + "comment" : "ephemeral key has x-coordinate 2**32 + 7", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004000000000000000000000000000000000000000000000000000000010000000715098598dc12cf294ea5ac1eb5eeae9139f5cfd3d0ffdcfa7297a01dce1ee9df", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "2f1c5c590f97f79351fb9d36c597d1c61f1c409fcdedaeae795112fa1a2c7453", + "result" : "valid" + }, + { + "tcId" : 63, + "comment" : "ephemeral key has x-coordinate 2**64 + 1", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004000000000000000000000000000000000000000000000001000000000000000161bd3a38f707713b97eaf8d0184e0079e2a62cfba75d428b1326ea861aade950", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "82b8e90e6b6441b7164c9725ac1a35f098788096af95c276fac3c5a383d6b56c", + "result" : "valid" + }, + { + "tcId" : 64, + "comment" : "ephemeral key has x-coordinate 2**96 + 1", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004000000000000000000000000000000000000000100000000000000000000000115820e7e26670c6b45c1e0caa951eab312754180baa9fcff9f7e7bf46deea7fc", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "8a955b6cf4d518558e59372444d3fd9b78933e2d3229dfdfa6f5f66403290e19", + "result" : "valid" + }, + { + "tcId" : 65, + "comment" : "ephemeral key has x-coordinate that satisfies x**2 + a = -6", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040b7beba34feb647da200bed05fad57c0348d249e2a90c88f31f9948bb65d52077435a6bef91b92ae32cf51d7149cad0353a46513851427c34436536ec7eae483", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "5626bbf79f10827e23fa5aef9a26533f5f4e7472934ed9759b7b3a77cda04b82", + "result" : "valid" + }, + { + "tcId" : 66, + "comment" : "ephemeral key has x-coordinate that satisfies x**2 + a = 2", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004210c790573632359b1edb4302c117d8a132654692c3feeb7de3a86ac3f3b53f75f450dbbf718a4f6582d7af83953170b3037fb81a450a5ca5acbec74ad6cac89", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "1908ae936f53b9a8a2d09707ae414084090b175365401425479b10b8c3e8d1ba", + "result" : "valid" + }, + { + "tcId" : 67, + "comment" : "ephemeral key has x-coordinate that satisfies x**2 + a = 8", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee37269a64bbcf3a3f227631c7a8ce532c77245a1c0db4343f16aa1d339fd2591a", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "5e13b3dc04e33f18d1286c606cb0191785f694e82e17796145c9e7b49bc2af58", + "result" : "valid" + }, + { + "tcId" : 68, + "comment" : "ephemeral key has x-coordinate that satisfies x**2 = 2**96 + 2", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000439f883f105ac7f09f4e7e4dcc84bc7ff4b3b74f301efaaaf8b638f47720fdaec24f50efd39b8ae7536e8806927eac6fd52210a239fb4129e0bfed333476575ea", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "a995572ad174897ff1971e6d1e39f908448a5878da1e60f3901f57cacd49e5f6", + "result" : "valid" + }, + { + "tcId" : 69, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 2", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045555555555555555555555555555555555555555555555555555555555555550134a74fc6e7d7acef5bb20e969abb6f026ec0cb04dff34f7916ca64b07fff511", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "cd8427ea93f9fede38a70d0c39dbd96759613ba00f27b9db3971c80aec07e2d6", + "result" : "valid" + }, + { + "tcId" : 70, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 2", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa769afe397a5709201bda50ce2d31a13fde4076722a857719924009cc28159869", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "766b0752cd895b4b8543d44c9a348868ffff12aed632f8070e731d450d8a8c94", + "result" : "valid" + }, + { + "tcId" : 71, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 4", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000433333333333333333333333333333333333333333333333333333333333333330434e877eaa71340aa5e57e58a01f0b0aec8d24b5c64aa77ef95fae9b4958c5d", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "09b0aa839893b7ad37cc83160e6f3c5506bbe323497c21505ae9937c75d943c8", + "result" : "valid" + }, + { + "tcId" : 72, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 4", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccb2e808a8b6c6e5bc068f96348d68171e66159a0ee27073c82fc3f9581a4a1fb28", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "3c2a61121f094d5eecddf7d3b0016c170b90fd3f2fea0b12e31db04ae7c279a2", + "result" : "valid" + }, + { + "tcId" : 73, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 8", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0c1d854210f797c547bd3b3feccde1ce3e67c61c3400141da2068520e2bae9bf90", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "9a641d5efa8be7dc723aa58e2e52a150c8efced2fa1084041249773c7562c66d", + "result" : "valid" + }, + { + "tcId" : 74, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 8", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f022bcbf40d658bf3ff02d98aea5ae45d43ed85f6de9268f0eae85210f2fed81c6", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "d32977eca64d223ea90f10f72f810ec64d661833acc4c839591da813ef86f736", + "result" : "valid" + }, + { + "tcId" : 75, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 16", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff210a46304881329c9807b71b6393ba104b9f27d976065e852429fd664de98eee", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "55137fecb21eb3ebed1b41fb2f7e1ca337009465f855f3f920bc7d0b73c2da32", + "result" : "valid" + }, + { + "tcId" : 76, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 16", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff007011d6e851e5a53fde41c1f348690c0188f24c105d5cfca5b6ff3c93dbfdef99", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "0bde659ed89281e6c8a5fbdab764d0499b86d19d33f4c978e260bbae587d4057", + "result" : "valid" + }, + { + "tcId" : 77, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 30", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047fff0001fffc0007fff0001fffc0007fff0001fffc0007fff0001fffc0007fff4b66003c7482d0f2fd7b1cb2b0b7078cd199f2208fc37eb2ef286ccb2f1224e7", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "3135a6283b97e7537a8bc208a355c2a854b8ee6e4227206730e6d725da044dee", + "result" : "valid" + }, + { + "tcId" : 78, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 30", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048000fffe0003fff8000fffe0003fff8000fffe0003fff8000fffe0003fff7fff0a2331880cb3f8f9004bf68fc379beb6e3affadcbe81bd4f9bf76e4ac5ab2c37", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "2a3d29ce049fc50b00fab50e7581b84d441d297be6515fbe83dc485bdf32b6dc", + "result" : "valid" + }, + { + "tcId" : 79, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 32", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000fffd3b6a2629d598a045be28a1687288cc4d0c389cc6fe627c5cc3aa2ab963db7495", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "03c202a64e60ff5948d29816d68420c64c0518a7522a929381365b1245770a02", + "result" : "valid" + }, + { + "tcId" : 80, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 32", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000fffefffe35e39d53d101a6aa4ab434c55a70b03d244b6a2025a18d4d549dea451c031392", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "d07fcf7b89bd1ba24194caf977db68a5503a471a37d374e0917a5fe31d48c99e", + "result" : "valid" + }, + { + "tcId" : 81, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 51", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048000003ffffff0000007fffffe000000ffffffc000001ffffff8000003fffffd3aa774f4d29fefddd9546ad1f7b2b79cf42634284fbb1d7c702e9fca3fe049af", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "ea9f3a53ab4053df0bae0156767a62ec5ba0de4373ef12cbfb19aa80c6bcd904", + "result" : "valid" + }, + { + "tcId" : 82, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 51", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047fffffe000000ffffffc000001ffffff8000003ffffff0000007fffffdfffffe23e4bca0984da424a6120a13dc676c777607562d16ed9b8fa94c21fff7151d4e", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "f0557be2b26ddb56d44d2cb852224a291de771418fe148a730a76dadf5882f18", + "result" : "valid" + }, + { + "tcId" : 83, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 52", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004000003ffffff0000003ffffff0000003ffffff0000003ffffff0000003fffffc2a95c81253ac554846812d2a4415f6edcf954209008d260a806b85aba759ff72", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "c68f07233efd0745d8bcd51a89158717c2dc532f75a9e4de2076e1b830654ec8", + "result" : "valid" + }, + { + "tcId" : 84, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 52", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffc000000ffffffc000000ffffffc000000ffffffc000000ffffffbfffffe031537fcabe5d5e25165a18b1bd408212cb523efea0fc0fd1eac46e83b0d0b52", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "6eec8a68eb5f9caf2ab3053a3047bbc08412a1d433d79eea65effc5e0cd583bf", + "result" : "valid" + }, + { + "tcId" : 85, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 60", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ffff00000003fffffff00000003fffffff00000003fffffff00000003fffffff63a88b2e0c8987c6310cf81d0c935f00213f98a3dad2f43c8128fa313a90d55b", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "bbd9d305b99ff3db56f77fea9e89f32260ee7326040067ce05dd15e0dcc13ed8", + "result" : "valid" + }, + { + "tcId" : 86, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 60", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000fffffffc0000000fffffffc0000000fffffffc0000000fffffffbffffffd2407bddc5a50b2a7b96a288efb838bf768c6066e60b72f08a9782da2e39bd34f", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "1f81aa3d70f8756b9495fba82921717d4006206a4451d8d59f3c9b8d95b548e8", + "result" : "valid" + }, + { + "tcId" : 87, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 62", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ff00000001fffffffc00000007fffffff00000001fffffffc00000007ffffffd4af9cc406a46943ffe0fe630bd21f205eefa05355f3a13c9943d58e16e880435", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "66e707faf954d1ec84fe0f68f829beb2fe95058271b636362e3eb5c5d492cbf8", + "result" : "valid" + }, + { + "tcId" : 88, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 62", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400fffffffe00000003fffffff80000000fffffffe00000003fffffff800000002796cf7bde36dc6b1950001228b7249d3438a35fe5be98661255bf63a879b3a5", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "42dd6d83bbce6afab5045e1393838a97a46161c25ae91db0143e985d29162faa", + "result" : "valid" + }, + { + "tcId" : 89, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 64", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff73b0886496aed70db371e2e49db640abba547e5e0c2763b73a0a42f84348a6b1", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "ab43917a64c1b010159643c18e2eb06d25eedae5b78d02fa9b3debacbf31b777", + "result" : "valid" + }, + { + "tcId" : 90, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 64", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ffffffff00000000ffffffff00000000ffffffff00000000fffffffeffffffff0013a9be0cbaaacf4e0f53ee45bc573eaa44dbf48d5fafc26856b44d6d00e2be", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "f39bf49011cb323ee00f77e0344a9b9da1256db92646dda0e342f8c1ad3741c5", + "result" : "valid" + }, + { + "tcId" : 91, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 112", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ffffffff00000000000000ffffffffffffff00000000000000fffffffffffffe6e563bca873bd591c9663391c826150795e3c42cedd269e68ff0e56dc971d554", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "27860fa0679edd4556f0423a21cc21e1e3f1701da3e62a544974ae94f15f91a0", + "result" : "valid" + }, + { + "tcId" : 92, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 112", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000ffffffffffffff00000000000000ffffffffffffff000000000000005b5b2ec553be67fd73add4cc2bced4ebe6d04a05b0e926e312037b3951667847", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "2bcfc95bba84524d8093dce1092bc157ca1fa42a37aaca9b0759437f940c3e7d", + "result" : "valid" + }, + { + "tcId" : 93, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 128", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000ffffffffffffffff0000000000000000ffffffffffffffff31cf13671b574e313c35217566f18bd2c5f758c140d24e94e6a4fda7f4c7b12b", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "1a32749dcf047a7e06194ccb34d7c9538a16ddabeeede74bea5f7ef04979f7f7", + "result" : "valid" + }, + { + "tcId" : 94, + "comment" : "ephemeral key has x-coordinate with repeating bit-pattern of size 128", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ffffffffffffffff0000000000000000fffffffffffffffefffffffffffffff53a54141598334650d1f99a12850769f53d34529b07ae591244c6ed702f1aa171", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "119aa477afad550e98db77bfb4e71a4b6ec79ec4fe17b7283f9b8bb7b9fdb5ec", + "result" : "valid" + }, + { + "tcId" : 95, + "comment" : "ephemeral key has an x-coordinate of approx p//3", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000455555555555555555555555555555555555555555555555555555554fffffebc7c976bddab1d1a302cfa176c25434558ec7cac238e739ca9849aa104323b106c", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "21edb700cf62c1bb816a877988ee8c5bc16a8464bcb6454adb8abf8b5cef7ceb", + "result" : "valid" + }, + { + "tcId" : 96, + "comment" : "ephemeral key has an x-coordinate of approx p//5", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000433333333333333333333333333333333333333333333333333333332ffffff3c7b2bf3716a9e336e162966597e5c423bb9d3d0d0c3c02b9e2dc4aabad17bfdcb", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "1ba54571d1d280f5fa2d0c5846ec392c721acd4ba7e4aadc3dc2353957abd80b", + "result" : "valid" + }, + { + "tcId" : 97, + "comment" : "ephemeral key has an x-coordinate of approx p//7", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004249249249249249249249249249249249249249249249249249249246db6dae22817588aa19f910e8bed1f89a6b5ea6cde4800dd9beb28d1336bb46075118144", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "9d422ce42f74aa0272e5530b5dd094225f11d1100fed954ff714a2d471559cef", + "result" : "valid" + }, + { + "tcId" : 98, + "comment" : "ephemeral key has an x-coordinate of approx p//9", + "flags" : [ + "EdgeCaseEphemeralKey" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041c71c71c71c71c71c71c71c71c71c71c71c71c71c71c71c71c71c71c555554e83c4d16ba6991011cf3f94feeff3f48ad29ed9a22bcef8fac40d9b2af25e2b909", + "private" : "2bc15cf3981eab61e594ebf591290a045ca9326a8d3dd49f3de1190d39270bb8", + "shared" : "a5ab2cc5bb6881f7e734d7ccc9d448127d9465fd342d81c8381572059b3aa2b7", + "result" : "valid" + }, + { + "tcId" : 99, + "comment" : "edge case for Jacobian and projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000459294e8bc54e76d48b5594f01fe4729566d9b6df6385982fbb533183921f1a124543e4110bf4cd22e1d444d83e24c5ecdb328a98f2f93e8edcb99b07d5d9fafc", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "e976057e8a322dfdb2debd55d8e58802fb54425950b2dbfd00f0813de27105e4", + "result" : "valid" + }, + { + "tcId" : 100, + "comment" : "edge case for Jacobian and projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000429b579690264954985187aaa9ea313d39b5c828e022afce8fd0cb764ed693473ba8cde1b2be1749cf4d5bc0df578009c9650e44b6c385c5ee2621ffffc205cb7", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "09fa5a510558a12110daf75117af1e175f93d7c4d8ba41c5bf3efe95d829ff50", + "result" : "valid" + }, + { + "tcId" : 101, + "comment" : "edge case for Jacobian and projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044150a111e0489cc82d43ba66f404ba0df2b1fa13ffea361442f7854f9abb381465627e96f372fd0400eca42113890cb110c11eda22405bcd295b1caab9d93af7", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "98bc618faef7c4311c3d8fd37b39e9baad780e14f0527fa69a3f4c2b66ac6394", + "result" : "valid" + }, + { + "tcId" : 102, + "comment" : "edge case for Jacobian and projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a74646c798fd5a0af442da69c822cdf1134adba361f90663d626481aa10e0004567160696818286b72f01a3e5e8caca736249160c7ded69dd51913c303a2fa97", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8a0b2ddef3a1108f6ea367ed08079a0ec98494fe46cfad584bdc98e99e6d7f99", + "result" : "valid" + }, + { + "tcId" : 103, + "comment" : "edge case for Jacobian and projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004611c65eecd9e3de528f639e8b6698688db1f4fc8c11650a601fe6daeca5c59665fa45a23400633ba3630244aa6b0144de2ab3b6295e3dfa15f586e40a84053af", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "89b86329f0f13aab07a48d0d3b7afe530ad260a90de6c25ec3da8b6905502551", + "result" : "valid" + }, + { + "tcId" : 104, + "comment" : "edge case for Jacobian and projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b49c6791647937568c7570064856420835d44af1ceddd682967fbd44fc97294cd135651bd7ee3aab957eba10ed4b7a5c40ca00d959ca663080c4eaf0e189bc21", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "751b521de6384a017caafa10419fc35d58f6dbace86f6b533c117e38dab1d689", + "result" : "valid" + }, + { + "tcId" : 105, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c73c71d856cb949a31c249c1e99b11ffb698cbc1dbf4002e956cdeb655f84045716e98dec10a9905fa1d3a851f4f1fe617356cb56d5643a148eec376237a27f1", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "f282a78942218fac638eeb0eb15098f5aabae15b3ddb7abdd40a8ad3b5540c8e", + "result" : "valid" + }, + { + "tcId" : 106, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004acabedbe760e9330af3508209ba0081b9ce061327d1ea0b6ffdc577dbaf28e269cd00176358828215d30ade0cff8cdc0856c84fcdb424feb93ce58a2554a9bcd", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "6aeb7004f6cf6b05f30bf481e8b32a1e25fc66d96a4a53165727bb304cc27baa", + "result" : "valid" + }, + { + "tcId" : 107, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044cc9197bfdef17d33a9ea743bf83747b564d6ad11e6080957a9d3ac44165fa793ce20d13d431071be367e592f8a22f88edee1cd51cadb0845ebea64b11c45708", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "67b5a9926bc58025c8bc2b9504b72c3a8465173d70f5d5ec1580fe88c5a4887b", + "result" : "valid" + }, + { + "tcId" : 108, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fbf411afc88358dff2ba156ce273d7b15d0ba3980a60a82eb38bfa58995e163d57c62e53070e8e6cb1df4ef509eb2598dbdb07a5ffd71301eaa2892ad1238f4a", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "12182c05568a6b18a98ea19110330146e7dbc49274f324b5edef4eb861f72bec", + "result" : "valid" + }, + { + "tcId" : 109, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004cd7863adddaf0099647139ce64ca0b39dbd312ccf96c15a62f2c49e628248235999f82afd0f76e744afd0fca2aab36f22ff7ebefd8e541fcb6e972704b8ac521", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "f75920e61e7d05c3cf4107e5e81f3c1be7ffb0637f0ac8b895d87361345d9a87", + "result" : "valid" + }, + { + "tcId" : 110, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bd4fd857640a6bdf5da42ffc5c2c1755c4c125a99d380a5935eb1c4c3a9c2a3a4760df25ca561724a82e3f9c9d782536db4310d6c9c769f51b733de44a9c02f1", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "373aca70b036b70cf8e46fc9457a8e19c6821be2f2d6c16edadd20d7b30eb3ba", + "result" : "valid" + }, + { + "tcId" : 111, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000445654b3b66065743ac86854daa77c9e5cf713a402fbd4ada365f4f96bf1717cd63cf23ba035de430a2128dab0d2c7b939d44c66624f6979275cd37cd02370669", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "caec9de4a74d76603c5d5d07de2df0d435bef2b9063b5123305d2fcbd5dbb318", + "result" : "valid" + }, + { + "tcId" : 112, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004dda793fe7fdea5c7481c756f59fbff48481777a54218d95eaa24e7b86d8a5858fdac18590cd96e193db51c50307d2606674d5b8afcc82d1b672dd8e09719a6ac", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "27980511f433feea84475b82281b1fa6b946c97c646738d5ac3345250f86037d", + "result" : "valid" + }, + { + "tcId" : 113, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042e043b851fc5a5f12deb76fe94182b99bbce727b476783f9d868ad3ab7ac7a251462b469c2e02491e05a3a4523e09a6be8e5b2d10419cb7760a8503ae4eb7e7b", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "20b27f84ae128f674e144d82bcd1544146bfd0150b0843ea585314f59cc54aae", + "result" : "valid" + }, + { + "tcId" : 114, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043d8fddf41e52320c8081e0d60f5397993abdfa979c4b5e832ac61bf3cc2e6fd94504fe3207dbd18ebad2b921a52a16a33659939c16fbb9186caf5e2cf3170346", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "92592791ff90b595dd2ae7ec039bf6b7bfeae7f044761f5e7fa86564ebc46b2b", + "result" : "valid" + }, + { + "tcId" : 115, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000465106fdca0c408738c2316f3ec2238d459157bab2c2855323b95bd271c91dedcd9fc2d685446789829251d293a50d150df5f1fc1a0604e4defaa9a8e3f8c9169", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "8e61b2e072bd1401da12a3f3d8164daedab0bf0ca795bcf56aff81d07caf7281", + "result" : "valid" + }, + { + "tcId" : 116, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004320c813548183aadb0e7d21a0ffe472bfa9b4ffe815adefd09180a3ae2d15fbcd0ca20611d2232847aa80e7f7691c008ff886dfce550f90c4c19982ed779b466", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "a41170f616c5499e289b4893b3973e1155f66ff354ae6a812bcd0e33bd7dd5cc", + "result" : "valid" + }, + { + "tcId" : 117, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a0e2b1a92a6afa9fe68424bc63dcad620b7dc844e4571f5404ab9d18bf08545ccba1c1ff49bf7baa9be1fc0ac4bba63b41ba7a374e15fc39b884d80a75b07092", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "b8cbc27d4ea1b25f2292292ae53a3bb954b7ca77ccca5b4dccf1b958b0aad163", + "result" : "valid" + }, + { + "tcId" : 118, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004dc97139a3dd1411d74616154aa0d6bce787cfafbd8fd060b680b04b422b0d22f6ab50e5c68e027805953bf7c3be40a8f7c9b56c6dbbe86337e6163ada01d9d63", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "4baaee93a752397bf2ad0be72ac82b0ad2417e167bfdfce4904f012d4c33fea6", + "result" : "valid" + }, + { + "tcId" : 119, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040978d42e1594569589b578266cedb6088a84c9cc9baff0070dc1d934342605e62ce80a966b5ca0344981f4229c7ab622a853bd9bc59b662ecd92df238e4e46ed", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "3b3d86187d05a0012d83be280987dc95b1c0c9b57f253b64530d1d4220aa4abf", + "result" : "valid" + }, + { + "tcId" : 120, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a8630a7bdb78a970a01b20c3e7b95d25d3eebdc8e94ecfe0f508e4136eca49afa5eb12114b50ac77d68d410cd5ef5107b2e68f08600e5e6938c452d51d6993ba", + "private" : "00938f3dbe37135cd8c8c48a676b28b2334b72a3f09814c8efb6a451be00c93d23", + "shared" : "472d4b34f5be6b499f76b0d9e439e115f6a89b725d9e9e811185a615f14007d0", + "result" : "valid" + }, + { + "tcId" : 121, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c4ea8ed31ab4a8c994a965efd4770bbb5e26ee54cb7217ffd31fa888c108feca063c415201329dda130f43973f442ad320da0ccf289cd1b71489ca0a7201d5a6", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "fa67f4a9ea34fde196a7dff6bc1a2917b1526d54950335bea2abe22e1edab410", + "result" : "valid" + }, + { + "tcId" : 122, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000491780d1905316105d6a6aca94a0d4488d134f985f7e29adecb1bc6cd0c211a788035b06e495d1e58b085bfb6720bca84557b670de34587df0d7e3aad5bbc803a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "95c131de0c89e5b17f91e56779c1571de2c8a20794084fa274eccc8eed1d3d65", + "result" : "valid" + }, + { + "tcId" : 123, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041961a1a4b29671f1d835b313ffeba4d8203d8414cdc0ea11e47d619b47038b1de50a63b89cbc8956a5870c6c4830e2102d5281b9b5dc127b1052fe7b3e11c438", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5bae6d6d23a68f283fe0de46f1d74c0f52e278cb181f55c4353f768ba162aac7", + "result" : "valid" + }, + { + "tcId" : 124, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000429a9e7f25109a8c4bd80dbea05fbb46aade58797c3b2fa5f00f0f081669ae39d2c78fb1160de6eda50f472ba659d4f1db4ea6e297244b6ae68a051d96e62e75e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b4fe1201a8647be6d6d59f406fa970cc858f5a46a50a6ae9d992c0e23f5e2ad3", + "result" : "valid" + }, + { + "tcId" : 125, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041617dc03d3eea42e8ea2c5bd034a38c5a3d74165a548074b7b5765ccd8465b7f61089d6dde53430f34cf8285ddbc584d1543fdc70c2333fc315eed4e930ac3a1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b721ebc7eb1b09438d754ae80302b2a2bf40f866ec507540ab5120b22f868886", + "result" : "valid" + }, + { + "tcId" : 126, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000420e7a1358436f675f3774d60954b5621145b8f5260b5503636f54878ecaaff8dccaf2fffcb7c7084e325dae5e24bff5a34e37980d1722016dd6667da71f164c4", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b8da5d1bf9419e2b876e708871a9a29574686689bae8d87985d72a4e573dded4", + "result" : "valid" + }, + { + "tcId" : 127, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042759bf4c336501340cbc67afb4a8f5744f9131d973966a9de50ded60fbe045121b67a9e81e53b064adeddd16a4c030dbb189ccd7019b329d67a527c311723469", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "39aa2bbc4b6f30c268b19909d5070155c39c60649b7a2ebec266bdd18fff8cbf", + "result" : "valid" + }, + { + "tcId" : 128, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000419b8a10f5021f11e29e18611fa8284b7e9a3f67cf36eec8ecc4d7a5b54803411311a8a4e199d98eb358e19a27e80cda6af142d6091ddaa9370ed610453abc6c8", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e40396a908c2cca4504f4f40be394a12244ae184f6909ec725ce723485bbbb97", + "result" : "valid" + }, + { + "tcId" : 129, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200049ba841f41245ac08955966470425593290b9e1d87bda8f47df19048db8e3d83097f68905f360ced26801872a7ff124c3637b02c4a596b83abafe7bce567ca177", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "13a21dc50cdfaeabd572f2d94dc0f3f768f17f990ee59d7f16ace9bfad8a705c", + "result" : "valid" + }, + { + "tcId" : 130, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000468af761d053dee64aca5e98f547feb2dfb6f5edb8138011c7f5c33809b4b9e00466dd76cb8ceeb5132862052ad3e08bfea245ef16ca0d00ed0c4b45fb6bd3028", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a82fb3bbdf6d69c7398ee9020fe006d5b28c632f2da357393fe58deb8d27fd08", + "result" : "valid" + }, + { + "tcId" : 131, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000405dc8b18bc286f203213b1319413dfa4911d6c2e30f3c778c55e4e5f5d9bfdbacd0b3b209e76049895ae80ff63c0225a563228cd99243f628a9dbae70d773c66", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8fa44f09cfddef86aa9007cd4bea6f0bc9b5b2115256303df09f8a20909c5271", + "result" : "valid" + }, + { + "tcId" : 132, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bacb606384b1930bb4b74ded236d03d3bb1739a51b73f20dc3349ec3b383180a6896ed59fa0b654a9c404b34fee2c767be2383f4b8b171d2359806b04b502d16", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ef762992d22bacaf06aa1e482c0711046b52e0e40de2a21d4e38df0109ad67c0", + "result" : "valid" + }, + { + "tcId" : 133, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000448ab89b2a312de510a6d3c9ac9e4c4f5b46e04d3f858433b7646e46273d94dce4a0c7da616388f1eb8d55ece64ab695e5405d779c92f3bc2595c27d65def8db9", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3b0936f22337ece971ee102178f37bca3cb69b50b8ec9c9b47334c68b5d4320b", + "result" : "valid" + }, + { + "tcId" : 134, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fd9de304ea5f18dd641510b9809473d39a2373ed5a470ffc5ea7c83093911b4540baabb9d912279aeea44379110abec75ab7994a6183c6294bad27bab5bbf821", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ec571878fb1e3b1f5d4f66b8b080bd4e50410b6eeea4dcd3cedd4622bf876160", + "result" : "valid" + }, + { + "tcId" : 135, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bf8976a28221000d7f5219fa8d06f9f8ae47be626f89c2bb6c4d0323bf02f8490c78bc948c6bf82a191f1de972e57db35b05918594ccfbe8da19bd46facbda78", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9f3d9de87d9cc5099ff4f56d913b98b5eb1260e2b3a2d7a3c5e01a7e68219d10", + "result" : "valid" + }, + { + "tcId" : 136, + "comment" : "edge case for Jacobian and projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c3229c9b4f409a6539484152b39535c512a66748972025165fd888c388369fb3298cc41dda36fcb15a0d97cabf757bf0737dae70829f4b9a1d499d9e9911673a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "23adda6571d4ad7e940c21023af3ffedef9d8f64e83cc1cf6e992d1da1451d91", + "result" : "valid" + }, + { + "tcId" : 137, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046f2c3dd84b44daca936a2edaf43adc8c1bd5f42801231718fce6f5e94d144717a247598c11eaa2c507b0e96dfdd03294cba4472ae8a2128e36f1eabd315aeb25", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "91e70bd8bf85bc6311b2cd7791b7edf00e22f9cb8bfd72571ec9a03bbf716f37", + "result" : "valid" + }, + { + "tcId" : 138, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a511b09334f032cc33ee4ddbb839304f6bbf1daa4a80de524ca24ebb65a0a92e4ea48243cf7e26deaf4de7779ca71f76d9dc6c8c1b7f44cf190fddbe82c2c940", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a7d2f3e3faa772d7a86026e2f183dbe7a298ae3d1bc3abcea0df3c11cae4ca60", + "result" : "valid" + }, + { + "tcId" : 139, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047cf4a6ec110db892e45a7b2ab38b411a6c41e86fd21a6455ca1a4c2e2220681309b3e399ae30098bf872c9aed5db69d14cb71149abb05cf5227a620c4b16b740", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c611d27e7cb52e7c56cfa9062e59f3defe7c1e225727b9049384a180bd1688a8", + "result" : "valid" + }, + { + "tcId" : 140, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000436c7dcd152fb7e53fd16228465ea0c419da29cc6c79fd4266303b3bd06aa0b9036363a959f8c0b400da525ad7674677f829092ae7f7e8dbf88397fcd19047af5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "661f5d36b57af48982e44ff89ae75f849a08b1daed6417a20212bea88c7f2f8a", + "result" : "valid" + }, + { + "tcId" : 141, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b61d3cd27bfa1269234a777e118f7db10a3844e8c7d1162c099a8099d887dfb849520e9a038f8ba8804d44f22b37452514f0aefea93bab7bdf180db54485aada", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "540e255f6cb58d237990a7437cc7aae770428796deb607bc29fbf0a4d11873c8", + "result" : "valid" + }, + { + "tcId" : 142, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ac9cbc8bd917192928d9a065fb1f89be4bea850186fd466a7a9014066ce002c51a906c90eee55cb5692f0ac046746ee4bd2205fe5f435d1e71f19a8cb8550f3e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ac6705af9d059cac9977967c0ce514d70dc51d88fde684123a921244933ba8ec", + "result" : "valid" + }, + { + "tcId" : 143, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c050d058aada9e43767f1f760abdbc421ae220fd01e832ae81c628bfb1277c99d35483fe6aea51dea9c017c326ba7bbd4175687a72dc5c4f449eed0c53a08052", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f7a5b69bc39a976bfa6644a152789c3149352093b1dcc4b6b06f6c4c7c90fdf3", + "result" : "valid" + }, + { + "tcId" : 144, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004399542882ca4d5fae3282c4edffc3c7eda7c451e46adee4219015e91c8c69cf8b123f8ede48ab76fe2c9218326cb06542a832d0a32b7ac0d485b4629bfaf0d76", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f0587fbd10e332ad297b5e463d4f09d2167c8589c46dc6680c13b044a34485ea", + "result" : "valid" + }, + { + "tcId" : 145, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bfc304fd88ad8f11801d35286a49505cf349403d8100efe903d078efd5d3a66ebf05d6fe2a14c069902f0d8eb6800460731d48395efac4428ed87b00f3fc6fb0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2fb4991332a5d648df5ca6bbd08575c7553773a97312303440cfe7e43d3a268c", + "result" : "valid" + }, + { + "tcId" : 146, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046881678d6c6d8ceb01de5d6664a0b57b470f149492e8e7513e121fad849aba1b2ad34db024ccd2694e497f6adf4d3cf5adbf518c768a4628bc2e159d0949f2aa", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "cb65082df5f54cdc668625017cdf45f22f305a8f34ad91fabf36c071496c84cc", + "result" : "valid" + }, + { + "tcId" : 147, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e38dac9ca4ef5b35da77d846093e0d29c1ca350e72b5a6ce901bed9f472ea199f805fc3202920782f49f4b6e7257a4364dd5451d982f29b62d5d4b8e07a33068", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "6441ac7be81c2fb6472655528f21454d40236a878fbac2ce31e4358ab4ed02cc", + "result" : "valid" + }, + { + "tcId" : 148, + "comment" : "edge case for Jacobian and projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042d8c6732e3d0e1822193243bb9ec3fc2c7f264e94ee61b295de5b3c10db937f135343453838114a4752a5514bcfb9dce10f83e0190c540fef10675cb42584a05", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0b586c442eaf016f382199729f60240ce50c0f7107c488a423d42794db5f6663", + "result" : "valid" + }, + { + "tcId" : 149, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000420bec8d2b5aae1f955b7992198bcfe20880494150058cf6151fe14f6071bad3132dc1ce503969b824c5a9e23aeb472255dd23f97d02f68281ad0269818b17e49", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b376d9bc1909eef92953cebc3bd6f2bc0cd6cca620c190141740f62239579334", + "result" : "valid" + }, + { + "tcId" : 150, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f456946770af5d069d60b279ae519ea18e719abaf5787476873a5e61f969074d47eb27520d72fce10650d312a5431bbd6b3f37cd46755b7a8e1ef1a796f90908", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ae739f624ccb1f0ec964b2d1896d2df83ca1969ad6ca26b334342013d83282aa", + "result" : "valid" + }, + { + "tcId" : 151, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d1390a944d24f300fdab9bd272bbaca056feb71c0c37468e0327b08504d55f3a80a4b240565aa43be8f3e2089b4788049c5d378b667e987e01aa8a08a4cd2c95", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3c25126ece58ad8e93ebfe6e7547b05b39c6d9858e559fc01ff6b6e50b0a22ac", + "result" : "valid" + }, + { + "tcId" : 152, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043e61ff2443d10b1e25fb0ce19f57ae39223d33fbb0e5ee2b4740fa19384b7d0e1408119a70aa9b230d9f18269c065c53d4c2619673b49377af4cdd536c931aae", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e47d658df5c1f9599d4e560954ab860e9a6377decb0b56ef3c13dee36185b2f3", + "result" : "valid" + }, + { + "tcId" : 153, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b06028d729039617f912e86d1d1f44e93e63aa216ab0641813d06c16a3edaee979d21572f9540d7b07b0a6667f7e0a9452f6f9f3671e522e2b497eec138a46ea", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d8279c1ec95189fe63d75d1c6d7fc312e411a3d11e4d671a49fa17fa36c3cee1", + "result" : "valid" + }, + { + "tcId" : 154, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040a8f74cee50d1e853a38c026f627fe47d81fc11f886268b35379a32ada249bb91d63cf0198e1c926bcb65ce21813e4d72118b7092a5e8bc152909222ac19603a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "077c7a4e606099d781cbe5a89caf7bdf4f448b1c0d7d3097263a045170275a3a", + "result" : "valid" + }, + { + "tcId" : 155, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040edb7020cf4d6ab14b5a3f8f698d66eff983588846d718b4845d674e7bbfc0edd92a27e40e5ab2e0cd2d0ac1ab679402ce36f16d3ebfc0fd9df817dab17292d9", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2025808c609ab0b07924444ea4aa0fa52563858a53221f719c91b15576f49ea2", + "result" : "valid" + }, + { + "tcId" : 156, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f06c77cac24a6ee51421863a0d1469418f0a6430e062da18f27dd57401c0b612032b7e0591455ca33b4e49e53facf5864410ba046ba5d4fc6bacfea9a0782ff3", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9832405d565c97ba1d6ff46e1d8fe33886222cbaa69963868d12a8be07abac6d", + "result" : "valid" + }, + { + "tcId" : 157, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004cb2b9df4ddc430df7b0befcb5a826da1589a15bef1b6b25f1201daab5b2fa4ac3801e27d112f0f3276722dcb58b8b4f4844a2e614de49db440b7cc7620812734", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c4bbf44547e8128b9a46ed92ceb07df691e2e91d0b47dac0dc2afd14121e7a80", + "result" : "valid" + }, + { + "tcId" : 158, + "comment" : "edge case for Jacobian and projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000445206b62e4a3c4404c74ae8695cdb905a8e6a9456da09c72c72eb7712d9d52e81ddc2d56b634e4ab66b798cdb4db86cf94f02208f747304ab3d5aa2bb125e137", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "170a91aa8196df6f0d09ec197fc526996ffcb6792880f01018b3327a096fe638", + "result" : "valid" + }, + { + "tcId" : 159, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004584d2dc258bd4650e6fa04fe9d3d2a5e768d795945ed2323f844d0a8fa0c6fbd5f96256b9e1b7263fa00fa758cd6be15d9f6157fad66c729ab0dad694564e834", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ed527e31223f175aa786f146b3fe0561a41b1051d5eb32249790481eab1ef381", + "result" : "valid" + }, + { + "tcId" : 160, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046c5527898ae8067da56ac82caf338c9e7f40ee4489115daf0aba923a8b6e501e430f5970ce9d01d03ec076f8daf685cf4d5a9ccd5eb9e849d43ae2f36f2e80e5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5a74555732d8541d2f73e3a59eb31a131c8d41464a1f2c37531a25f4a6d3bfe4", + "result" : "valid" + }, + { + "tcId" : 161, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000452cd9924795fe2a251af7cb569f66d9141db894545d798a0db3d30e50f100fe204ea81c808587c90f3f2c94d993c2d0cc4be64dd6aeb9dc81c70d78885b2f776", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f2750c996f22762629a3f808da6eedd7cc72af4fb0bd816c86e636264bf57664", + "result" : "valid" + }, + { + "tcId" : 162, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bbad8da4c018bdc15a5af8f3da4b384c530ea75560cdfd242bfa3235d8d3595f734cbd866487b83fcb84a4ac74ac548f2535b79b57d02f03a1a37e2791a096e4", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5d2163ca850749991cf782c3852e86b05e6b05ec8662905b60cc7b7e37434fbd", + "result" : "valid" + }, + { + "tcId" : 163, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004389aa52235043bbd759868898bbe277ab996ea9387bd7098b0072442bd2b42f5b823364e9144a1eef1f10093fda0c30168f3004e2c2ea74fde4978f3aa1a31c0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f8cf2cccdcb53b3d3c6d1990ae16c71ad9d141ca49f8574a72047ce6c2da950b", + "result" : "valid" + }, + { + "tcId" : 164, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fd1bac144354cfe1cd4c64aa3a2f77f0aefa26cc5141082676370a0f1ec92cd8fee66992d2d2fcb87f90da0a6743378466655519bc782dd7b0ab570f6ed451d8", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ccf6e14d1add6e4b5a4228e5aad0b31fac4b45e2112c1c767e933c6a0c3f2edb", + "result" : "valid" + }, + { + "tcId" : 165, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000478c926b0ee01c000c25a83631219f08d8b34745d2ea2fdc9ebdc5a2288fa9b0306bc00ab3790508e5705eeabfbaa0744719c9bd7b467ca4a37a06f6fdbe6d86c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "57556459e9d32b75a13776bddc8f547cb64708133e7917b61e3697c392003de7", + "result" : "valid" + }, + { + "tcId" : 166, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044cae5606bad6013f7f36190d7254cbf0d5a92b338e4a47702a3c97a3371d7ec280d273dd598c20392c540e58bec9b180406f3fa6e6c529a851bcf2b96d8f3809", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e5490cb494bc6ab2108da2cb0b926cd878712f54bfa72b59f702c180c62b0c91", + "result" : "valid" + }, + { + "tcId" : 167, + "comment" : "edge case for computation of x with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000408ccbd74f297fe71ca3115c0b1ef4e0421b99ce91ffcd4b72a530b22993e18e9ba0ae1bdbe1c2836ffe9a61ae5a899f152c90b42823638be4d51dc3afa99e6a0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b3ca753c1e1067b550736a66c0d6b6f47e9394c56bb80b5d4204fbec9e59b490", + "result" : "valid" + }, + { + "tcId" : 168, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004aaccef834f57e6c5526fe92748cd8cdc1375c2ac71139f5d2587305bd3fdd3cd965dd5374b6a319850c23ebc2ec7a2deb7ff3e428679d4afc9df7e75f2e06e4d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b0cf8c178ad95952520264d0f4a24389bf1b23dc7ac1b65d4e8fe822dcf20d67", + "result" : "valid" + }, + { + "tcId" : 169, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a585e1ed6e47224a472cf4ed4ff34e6251c62ac682e4b70992d5002f08d9e203e9b7b28895b9db4016e5d94a9f59385c16db738a83b84e6d43ecef820c55d462", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "15e40dc49ed62d35e8c91999b05068f419238a222deba206df47d909d3a1f40f", + "result" : "valid" + }, + { + "tcId" : 170, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b104d0cc4a987771655105cfc840f195746e112334c54801fd93f4be8b114a1d3cd8cbcf4b274166f82cfe57393042e3534e68df2f4c3dad1b7ce72b47cad256", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e9458064d3bfc444417486ac1334a93c9aa4468031134ee0196ca6e31713956c", + "result" : "valid" + }, + { + "tcId" : 171, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000482bed3d552098d2fc9e02f1f3cc32f5f31cf6cd101bbb8b42bc6f732badc1976229257d92b241f2031ecaeba10f1ac154d8a3bea309328231272eb6aa01aa65f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f4446e98a63b0598011baaa4f930513218e8370abfbd46f721c8dbf37e170d85", + "result" : "valid" + }, + { + "tcId" : 172, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045c4fb681213bf39b68e7ca914d2830b12a7a32c96a9c788ad2987c009e08d0a376a02ccf594c28995cfcb285ed5d91dded92921108a0b40928487cd07180ab21", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "dca827687aa24f2fcbcab5c38069f4860dee6698fc23908b06c7dae713a141f9", + "result" : "valid" + }, + { + "tcId" : 173, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046b29f8c006869ab6be793ea72b970aceebb7a4c4b6fbafecd1e35713a28bf284c76b07dc14f1dc533f1c4ccb0973eb53e53023f0b0f1a8914c7708c2d73d4817", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "19714f1d4aaf8bd61520b647633a8e53099499ac368c3dd6f1b084891619b0c0", + "result" : "valid" + }, + { + "tcId" : 174, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046e6849c2b07a37c4f36be911b323e4ce70c18b15902612c4fc0fe6d91e7c180de925544363c68035498cbb2236f5c1ecd0e4b2cbb5801a8cac4d0883f651bbd0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d7a2da8de2434e2ad264f9706b30d0657c727606d8285d2179800a970b4faee3", + "result" : "valid" + }, + { + "tcId" : 175, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000433649a1e74c7ffb5edc3949c58b7a7f4b5348288f621c50fbbdb714fa42aa793cbfd969e077b00ead21082f0980009868f79e430ef1c216394bb0e9eda135e9c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "853d4e01d4dd4c9d6e7820adc16f32ce7bfeec0d578deaf28af9cbb3315e8f1b", + "result" : "valid" + }, + { + "tcId" : 176, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bf976ef204532bf67443e8b8d9987a683184ec26420329ba268e54e90b480de0beb108df26eda91eb4fd23d26af6f2d78a4281d5ede075c2c715fb1c4f876784", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "35715befcfded16e67fc0dcebe945c6264ca0d91b3663bd3ec0722b585e5d652", + "result" : "valid" + }, + { + "tcId" : 177, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042c435d9faa598070b4920277506c100de62a7df05c34a39317785d628d74dde3c7f5d0bedf54af1c7d21ff955128002fd5296237384723fef1fb806c2a6d8ea9", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2baf108668e82b7fcaf3f5e3272637b426c551d8af0e55f5d74bc317a4474767", + "result" : "valid" + }, + { + "tcId" : 178, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043819dfaab5537863c8dbf406ac18dd675619c9a7a554620ad8a14492bba425a3d68e8c68181555e22362415c95a31724ebfe8b2bf1764e209eae9e53b3f462a0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bba443b160997aa8b7fb2748911dc2154c0f6b986fbe9a49e0a2934fa5f32954", + "result" : "valid" + }, + { + "tcId" : 179, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000470ad3a9c9a9db71d420abae84ccdb12768851bac6a82ffd03d89621a50a7c311bfff7c664c211f93768f84b5255d95c7f67887c3305d789d7fcedc2d29989f9a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b4831736601e7387050ba3d401aea241c3506b56a0473886c408b366c8696429", + "result" : "valid" + }, + { + "tcId" : 180, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000458391361fbc8115c978e82037814d31aa3a88873ed6c74c4aaea9727e300d94542924c67b5cf828be827e581dafcbd16e653e72a4f2d4d0550805387b9417e77", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ecd0c9e1acb90ff8bde88f7757a089cc86cba27f0d15fdf737ab3b8ecf9fd9c8", + "result" : "valid" + }, + { + "tcId" : 181, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000423a2be684b0b5f04bef5c6ca8a991bf752f5964f6fdf36d7129100daf80f1434b6f3ca2a5e85ce005e1cb6d2b13094c434fdc1c095a3ae5e53f64949ca56691b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "6b9ee618598f33c184cd63cf8930a4db3a2d4ea022d50e63cdfff85734a77ab4", + "result" : "valid" + }, + { + "tcId" : 182, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004147b8a2fb4f6e85eead81ca0b3f230b8d8cc230de73107d9cabcbc5b39e4e7eadaa44ec1ed0b95f6109223bc480e917419d860f9b9a75f81d6f8ca3ada377533", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d801dc9354cb756e6c27de5a7cc88ed5cb214ac5091b4090624ee8afbcba35f9", + "result" : "valid" + }, + { + "tcId" : 183, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042b3fe64bb142789e89e1092db46b613012bcfae57759ea908165c0362f804f36c0053faf3266ad7eecedcb24636b99c935f1c8e73168f0eeb3ddfb660801e55b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "03307ea557024686910d2d1d2d2760d82664413b8feec66ae8d2dbf1025f0c45", + "result" : "valid" + }, + { + "tcId" : 184, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c4ed72445465cdb44f58b0e1af0823226ea79eb2e1bc3f27fb8e4ce7b85f4a30c237e574c59a992406fd517f4d905e03d7a2b0a40ef85aa3c73bd46a1a06a918", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "dc2cd94321643e89dcc92acb0128d886b28cb7d66a0eaa5b96194465708780d6", + "result" : "valid" + }, + { + "tcId" : 185, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000418ef4e2fadaac1b982a7d2d12e9d5148ecf336b1d3775da2f7df822ad49a1324bd07046a3f8e949e7a0d960fe9d9a1de0f61497cb4e7b2f39aee6844396f997f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b831f4a0fb75927bdd2945c0081f11cce871c9d6dbf83b7895748c3f46375ac7", + "result" : "valid" + }, + { + "tcId" : 186, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004398ca1a944210a10b1f5732071259528df87d42d3d7b006bc6fd9e1e09f6fa30fed379db3f1bd915db2ba27384ec13715417446ee84fb5fd0a4bf6431cfd3f15", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ed607a9e6d41a4bc0535c5161c98613edac6b519590b481420fb2ba1ed2c35e6", + "result" : "valid" + }, + { + "tcId" : 187, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d1c182adb101ebe5fec3910f80058e091d1325433d4fd3bbb38eb75bcaf2698a21218f7544ce84dcfe52e817ec0ba6bf84460f49932b3ec5ed27682d337f270d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "64a68fad2378591a18f8f2a4e346faf59da29446ec16b3fb8c37aef2d79faea5", + "result" : "valid" + }, + { + "tcId" : 188, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043f68c4e412c57da015568e0a9fcc3db499b77e6c0f55050828c50c35493af5e3d0b53fe30b0c6cf42cdf9f4f01d5c9058f8169b241bdea225932f9033f8bc5eb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0fddd50bb27666d4d38e6ec18c8ae1be3d763be7dd11067213e997fa4059c67a", + "result" : "valid" + }, + { + "tcId" : 189, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000456dd4c2b1d7a1a2d6559b5203fcb8974fa81be7d64cf0ae7a14fd965dfd69cddebe1ca78d5583fda3487040dcd94764f8dc619e8d74aae8d9665f340693c21b3", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9c412023b7a66ebc9579a8d16bfd3109ba085c42f3fd395e07534529ad2340a4", + "result" : "valid" + }, + { + "tcId" : 190, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e1e5053b6f43b8714a025acfb86a8f51195488099b1f5d63310a6becd7ccb47ef0d16bc0c3234470ffa8d45f582fcb65ff9ccaaa6ae0cd6b572bebaa50c17741", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "28717726dc3674abb4f82b66837e8685ede16cb0cd965824352ac0a2f9d893a7", + "result" : "valid" + }, + { + "tcId" : 191, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041a46571a1438ca23dc7912a8a7b2245d70c852a6e9f4d385dd608427ec3c41e7fe06e2dedfbaa376a614657ce61701a7db181e5b1f3139045b8424ee54964b7a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2e74661109f0cbc6d587790330d67988658bcfabf1f7498a2b3279212828e207", + "result" : "valid" + }, + { + "tcId" : 192, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048ce5a3c8bd2544695a005841612a7c5d05beb07cf7bca1027172b030acf7d275fba0c339f74ce36d104fffbd5ae1c9c72588693190ed2b3687433087213b5bdf", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d202df6662ba06d3088363c60e341283f7b6300104d58cf6d707262be6972b59", + "result" : "valid" + }, + { + "tcId" : 193, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a0abcdb1ef035e186e720606b07fd615532039275ac1b6f22720b756c0f857cf76e465cfdef30602b2e055a303bc6e176dfe972d06cc6f3821780387bd6357c1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a54a81c18f4b7ab0f3702013678566ce29e91c4142114d62f867a5278f89cfff", + "result" : "valid" + }, + { + "tcId" : 194, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004859b6beb70671b3e64991bb661180dbbe835f63c0a5878c3f83f0922660a7c093389bf4ce6b5c1c2f801c84c54391d53aa953ead5e51b7757b3508345bb4cdeb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9a954112f52d76709d64739dc75e9ce7a76aa19242b306391fcf25ff92b76901", + "result" : "valid" + }, + { + "tcId" : 195, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000435510d43f4d1a173a0467d5cb35a4170c3fc407e55b416b4dfce28650f8802afe8ef2adbde8b40a1714286176d674489bf9acb2e4a8353a7dae1a9e97cbb4150", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8763cb235f2780c1bbd35fe6c387d5505f72eb0a77b104c775c2b3b42786d7c9", + "result" : "valid" + }, + { + "tcId" : 196, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fa4af089c14d6a8be1881135989411607160d141a7a8cb4546f358a797d2aafdbe0086796436344daeec063f4f4a414a8779e72a960892335acdfbfd452f727a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b9309ddc5eb64a4d819a8a332b061a59f163a5f50d4865697e4d123efc9b2b29", + "result" : "valid" + }, + { + "tcId" : 197, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043cdcaa086427023bbd91b5b2e212be77de5591a1a0c210d54f0482f27c426558f8e1f4fe6e3bf037c0e03d4043c1d9b25436e0803b1a42b6de2e40d99e839c68", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "87e9f5ec4a9091d94ac22a6a71408213f444be094c618d459682e17357631939", + "result" : "valid" + }, + { + "tcId" : 198, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d7adbe30a5682acf9d398f58da8fd3b583283d9eda74ae067b9b533cd6c0824cfe50d0371c0e7b59043ffad25e17445cfbdfb3fea40e55bc7de19ac5f27c64a2", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c69a00017184a13c713cc0a70e89c60174361d07dea5085fd707f4b5ed3faead", + "result" : "valid" + }, + { + "tcId" : 199, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004029e1c6eb37c383fb4e27ebb3197688f8d8af755db83b7628e17579cb3f90f058a2bf57857f5ff6331cdcf87440b6e69cc1b6e444ce540b8222b955c98a99955", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c139b75615e1010c920b07d14f6a1980ff4c97a0a9bb8a097aec2a456b6bc4ed", + "result" : "valid" + }, + { + "tcId" : 200, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043a35de213b2dc33eb348948a22ed5a93600fad071bb017a6a250e6609b13f7cafbec06b663a5f54689d0ee6709fd0da46acfd26038935935f749d6d4bc21060f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "70aab5e96e4991321faf440ca2dea861ba007df08ee46c6f579731ead51636da", + "result" : "valid" + }, + { + "tcId" : 201, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046b910d9e9943cbeff717ca9546aa5677e06118f5f04a0246b5bab73505775d65c87a4c1fd7bc584c56991119699b90b4b3a568e508eaa83f118332da9152b13a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e2ae03b844b3f279d5cd16bff20ab5cad07e4c984f21cbe73e1997a02bd2c291", + "result" : "valid" + }, + { + "tcId" : 202, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f102b90ad378725fb7ffe3fc3fe6efb320a728a03ce09a88ee25bab2cf133c04af2cfee528f3913c83504498ca8b3b6deb9e284241b8d01c678ab79ad8091888", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0aab6b19e4205548f929362e72b077f2365667bdd81d93a404343e7a5f84c6ba", + "result" : "valid" + }, + { + "tcId" : 203, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047f420fcef93b0b9d0a9f86b2c65e18938e17aa84eade2a7a6440adec914cb2f6ec1663baab8af308333399adceff908ee33c8f86b3df9ef93a51520931f851ec", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d96cdd08e6eeeca690989b659024f324e18c2faf5c50958da6985f70826095c5", + "result" : "valid" + }, + { + "tcId" : 204, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046b83adf58bbf00da4b77b6c4615925cf5a8f7b72997ad96904855490834bcf82224db940bba028dbddaf3cba949dc41b0db795515e34549fac11a183b89d5bb7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "434bd68e45630ca1b3484517da080e3c3198ddec5ef1f7e9d2e3425df214b90d", + "result" : "valid" + }, + { + "tcId" : 205, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000404102367dc53576a8385fc58ee2337e2b9af547e69934fe3ec797a84c225df0c621cecc727669f2e558762b65b33b3cf3f228fe9a9c22223ab71e77f904d6aa9", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "aea47444c897f7157f336c77b7401979066d6617b59a01988f78f6c9a98feedf", + "result" : "valid" + }, + { + "tcId" : 206, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004258340105842ebe760c4fde13e31eefd52e51aaef938c4477d148bbac6d37412301f4b4d1bfe0e7046cb1f993a359f9191fd7bca7c53e039fa51db8a117efaa3", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "486cf8959f7d939c4c79a0715ba7bbf0cc3fa7b2a1d60e86ad097c91e5612e24", + "result" : "valid" + }, + { + "tcId" : 207, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d9a521d8147c1e83df82b9db62b25e6ff1417ddd41aef3ffb182ad23f27822f7b0ad917462cd2a5abce2ec2c4a4f7456ebdb65db10d962056e75f6f8853d2a4c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5a1f0674b1397b6e653ff6e473d641da4fb9e7bc90a73802739a0349148500fa", + "result" : "valid" + }, + { + "tcId" : 208, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040b58006e371570686658d458f26faa34ccf8b49fba8234ebd7304cbba3ab1b2468787e9c7ea3043e0bf27aa9730a5abe473060b77c53bddc70e201d7f5b1d89c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9a907514a9ecc85f9659b9e97909a38f972b0c9a7c009778b8190438a8ebc00a", + "result" : "valid" + }, + { + "tcId" : 209, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044ab8f5ac88eecfcb0394f6cfe5528596b6b4c4fdac8247fd62957289133e620e1af51852e11b19d6137852e218fd64d2ebb567f8fa92a1ed43a5e34f5694a94b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "941685fe4de816261157b2fe3d3ac28195d81fac6225fd3103ee60a0c24df472", + "result" : "valid" + }, + { + "tcId" : 210, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004903201ba08353ba6158c06e66df0b413b771d21acc0832213bd03d589575e67677a90ccf2f3079cd2ac6c59cc0256a612c079b8a91b59ece1efd076f53bf5b04", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b203eb0365a40624a442572e0bad80e1f0c9958e5709512e76b28f4e0bfb2291", + "result" : "valid" + }, + { + "tcId" : 211, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c8021be2269a2ee83853e4a12bb0680825088d9ac0e56fb505109f4708dd9d5dd802ad690d8e8b817a815de607865afabfbed7650988f925ecf23fe5654d0c9c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e09d25f822471e647064b5b68cd2ae42d6be7b8765cdc026bb7696a524c83f49", + "result" : "valid" + }, + { + "tcId" : 212, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a53f7c412c11ad6a362bd2be2e7d1f20440297be86594abbcbea2594ddf9372379db08ad87b536939a70582682cb7570263655cc25a2979f845fd68be3d82953", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "97e3c29f69d9032e676933edb152f2438ec7dffb17641442ce9342e138f81667", + "result" : "valid" + }, + { + "tcId" : 213, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000446feed4e522963192cbd6c6edabd5175d10f93999a585a045a3026b69bb4d528ed7f6abd7b39e40e08e2126991ed410394bfdabea990abb7b2ca5eb9f048fa4f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "cd7874612d68c907b434bd81bf1b1a83cf9429b24cee753cc228ecbdd6657388", + "result" : "valid" + }, + { + "tcId" : 214, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000467db11ee0b73071bf3b815864a178581ada3d100918365e7120d9bdec9cd9c3325f5eb5a1b66ad104a5c9e43b07afa4b152a75fa22a3e429af41e459e7993e45", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "621ddb1893137c12147e909dff830859dcd73ddb00acdb4097f1d66e14fe366e", + "result" : "valid" + }, + { + "tcId" : 215, + "comment" : "edge case for computation of x with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000414cdc4f16c07d6e6074caa8ecca26a0186347e723dcedf9aff9dc6fc8c3815bf5d64fe2d7e6abc20802a1c158040cebd614deda0347987e0cdcfd41e09618cf5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "19ad362ef44a36342cf9143b88470d5659fca6a3a30c904271f6d6bdc05e9407", + "result" : "valid" + }, + { + "tcId" : 216, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000424193c3501ffa77ebf1ee62f7c118b28c05a1c0a946f442b208a8305c6a745f8863603299dfdf5d2bda19230007d0e03ae61fe1caeafa584ddad4cea6dc7d76a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "43bd8cf370257bc88f38b0ded68af2f9d93977234a19fbf67abf2e0a4c09c120", + "result" : "valid" + }, + { + "tcId" : 217, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004081ceab1d3cd5317fc782c9c8dc33399705aba6899c0b804efa96ed4ee944da900adf51cd31b5000f2d175695d48a12213ae1595b98372643ec0eb400ef79d41", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9d920e7a6f61fe4140bbe56f4317e3892d21a80fb480a091a3c16a0a67a7a97d", + "result" : "valid" + }, + { + "tcId" : 218, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000413e56b207855eabb4b8a27dfe8d1ec89644be7c096f6c2f3a122c9cd0b8b508bb5b7970e3a1411f4ffe3711405ec65ef98db12a2b37d8c18c8d1984134e85492", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0796221792860298f1b4c5aa1561ec5db01ad876c3552bd96b00aa23ef47b71d", + "result" : "valid" + }, + { + "tcId" : 219, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045cf95e23e681059f008b32df326ffb7795bdf74bb337f77cff5052de7826794b5cb038ec1fdefde51f6c68dc5e12a198a51ce86b92167883687b253415d6d37a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8cec890842617de7789c3c2909e2d38031d5aad957d995bdec622b010ce9e0b7", + "result" : "valid" + }, + { + "tcId" : 220, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200049c49754a4c45d97e5b70d0931b98f60b3a99f51a95497537bd85ede7e9879429dcadfe273a4086c30dde4755667923e58c463e8d94cbb7d56c9e0f4de79e6d21", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "1d4c7c7aa359140edf907c8234ef16b92f201f562c2237aa32adbcbdc0cabd0c", + "result" : "valid" + }, + { + "tcId" : 221, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fc7fd984dd0dc3c93846f8b41b07296ea854401325f155f1236f2e4414a9b9da473f38a5f84d08c0ac7a1dab8a568eac21066074947449a8c3d16f055a379bff", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b15134b9e91996e228ea7ba6cb4500a117983c8eeb687174657354e59961e521", + "result" : "valid" + }, + { + "tcId" : 222, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004337e2e260a3565ff81e0be900c8dafb2ce2310688c3eeb6c025cac208b08a18a4484fc5fb01c2d404da99b56a4dc226420dc3e676fd0223ba3a45d43cdcf3562", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "906acb96120ec7684e391100cf0bb747691678eb3e147f53db886ba0fc5aa70d", + "result" : "valid" + }, + { + "tcId" : 223, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e2b170d1dc4d9e329514a54f10dc81d902f3752c3a6e2f8be5d820fafefa9d8be087dbd390152ebb04c73b8c504b994a768372d3f920a5cedc4242bf834ccc6f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "73dd087b1cb3c5a07acdb9b0a4a02c64b7087ae97836e943439dbfdf41eac833", + "result" : "valid" + }, + { + "tcId" : 224, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046702ab6b257c24440bf719c02d2161e4e31e22d55ed8ad0f33e5af9568ac4a9abf87accc758577389042f5b650c37db6b0c7682203156de73728a582bed6a6d4", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f73c49f6da537b2ff30ead7538c04726bc74152535d22b6baf92d06adb45e676", + "result" : "valid" + }, + { + "tcId" : 225, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040cec0aa4de0c143f5d4c3d36de3db4cd72e8fe0fbd336de879a562ac87e628d8e75d0d0ae3d7b4d869e7f6ff564e21efc30a15ff2d4c87618104fbd42ef5e00b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f4a757ceb0ba6cb9618acd8fef68d2c8fe9901fff14177f27b6e6b8c6bd34cb7", + "result" : "valid" + }, + { + "tcId" : 226, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200049276151fb999ff3f7fcf542491fb62479fd1eae93fc2e7d22c38d944867c447ef0e7185e4d55a1c2eafa2cf8d262636d6e4b353fe71ae3d3cce6b158d86cf5fe", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3eb4a634d0090175347613b7eed6d49b9b5944e70acc3ed98474989d30a4c299", + "result" : "valid" + }, + { + "tcId" : 227, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e657a91abdcb67bffa8f78565ec796b4901f2991c12722d27bca6a0217f2b00c9bb2cf5f6c5780c70fa8f03159bcb0d56096aeecf53ea5e28d1058c3a50d2091", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "520dff4d04085871cff69b3a20a75b8f3b103da0e468365e8c9287c0a7ad7d9e", + "result" : "valid" + }, + { + "tcId" : 228, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047c051c1eebc76746eb267e8e91a47d8ab81b89bd3b3a9de6f1c3e6b98db81c7b75df088882150b97e20146547ee07b6b5620bcece4d40a53eeed84e5d4779a1f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c80ac13c5d2e6723e848edb023fc17ecae553781a4aac90f2577fae7511711cf", + "result" : "valid" + }, + { + "tcId" : 229, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d890400f1230fa80d8d4c95173924e9e7b3458f7e54680ab1834e505a2dccb26f714374c9978432830b8e1b82742ca86777f9b8b686b1924ee55e7c572c2b119", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b0c28a9938cf095a4b0ebf3daa6a16e19e3f4199e3475ca3aa58746f651b921e", + "result" : "valid" + }, + { + "tcId" : 230, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f44866b8ee1b937d182ff79aade41b549b71ff1bfa882a192ec90dc87a51774d5e335f19880e8438b9f205932664512cd6dd53d5a40a7008fc5c98124a7d9554", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "78dbfec6b4aad2d0a99bdde7b90996324c0f7b9d136a6ede5c2995197d0d412a", + "result" : "valid" + }, + { + "tcId" : 231, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fd298ab944a08702816a7395f84e45ed782968b701838b67fa2528111cd4f4148599867c89174f00ccf30627815e6618bd2845f35819db0754180535bb4d4b2f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "36a2e77f56c3e5b11e35bf4ba5de1885cf0264643cac5d6f7bfb1ae01e39a6c0", + "result" : "valid" + }, + { + "tcId" : 232, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047b78d59967ed07c83f0ed7f8f0b26388db76b0863b64ac14b7ecbed8e3a1bda24b49dae1adf948860741376c919cfd50ffcf749672f19f78ad565e88f6096df6", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9f4e92d9a959c09eeddd152f6d95ff2c3157446f477fbed214a00621d014f936", + "result" : "valid" + }, + { + "tcId" : 233, + "comment" : "edge case for computation of x with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004791c9017b3a93ca2f2d03fcf18b4230331fdc3de5785e847c9f51d22caf50cdbedc729c92f0a88233a29a2259e7e6265b92a1438c0b5959167fbe2aa4a65a6c0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d0b16561349f182ef2792d0c2dd585601ce4e032754b7628b3d801f187c14fd4", + "result" : "valid" + }, + { + "tcId" : 234, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004475786ce215a1873e04a0c67642c319a6d24dffb06a4cffbb15a8256d2c811ec5a1bba7f661e38d694d9a11564b511af6c6632a5efc933732642dd5c4928a41b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5fd6d7f0ba317a36434e1a995bed54a42898d940ee5fa4578373e8d4c23f5567", + "result" : "valid" + }, + { + "tcId" : 235, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004759ae77233b119fb3789059760112f38e8d9e69f431cf0e8f0bbe6a06e23bc5b18d69b80980f53b7e8c76c9b82dc61f05cdc03826c2c9637cc02af2a6db0e4fa", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bbe559b77e83905b08954dc3736a2752d56a5bc366a5fcd84e042a78c8af68d3", + "result" : "valid" + }, + { + "tcId" : 236, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043af2b8629a3475294ee0d5437321fcd5fa4554c780b6b18b86242d3edf36f551ede37c4ea319d42f8fc3cf97cfe7dd17e85ba6e11ba260ed991c22ee891abc2b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e62429b8eb322d24e4bdb9a72bf6e9c94d82962b26d99f633e1f21709b7eddbe", + "result" : "valid" + }, + { + "tcId" : 237, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ca2df3b3d7d958b0d46ed6e0ffe3b7488f2e13660951eb821c24246d6c7f2ec2055e780e6a534f9ff469b0ba3c8d38962ac0acdc7b4b3dc057c07ead3f4b7aa0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5822c168aab9bb6ffe00b7c4c7be5551daa8304b8d2c0696e2d77fe50b9d8d8d", + "result" : "valid" + }, + { + "tcId" : 238, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ef17ac084abad12496df80d80dbe21dfade58e302ac0398002c5349d852528ccef34500266a5dd3fb454828ed85684a62e6eb142f65f5497e64d23148f757976", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bae26fa69da00aa03fd9028fa84d46b92c13d5e555b2e7b3db0d09bb95d41486", + "result" : "valid" + }, + { + "tcId" : 239, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004624cf7459a3e097f114383a125c7cdec33b947c5bc0a2679d7aae508b5d46479408cac791f2ed71d9bd594bd66f6ce70d928d3b20fe02b5b66cf743b51739a74", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "97ce8c4b6e031776b19fc7c9577cb26f085274a58407267bca35a97692a2e8e6", + "result" : "valid" + }, + { + "tcId" : 240, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e41ec556bb3f85cef6651a2db1816dab3bc82898871482dbf1cc801407ce4d1dedeafe8c33721250bf75cdb9181e990492d37080e7dab41da1673d62a8b835df", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5eb5722f98aad0622097d944bb120e09e7a122498b20ae2bfff91c8b362daad2", + "result" : "valid" + }, + { + "tcId" : 241, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b5c3cb146d30fecfd7fed0093dcba01846a28aa50c7fe3c0cf4b8c5aa837d5b0b21b7605cadbc7b6206e5dd4289e1de9cc36bc98094fb18223be636e6d36e0fa", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f5c9b88d48112041334c574f93313670cdecbe0c0b6c2655778df8ff62025d3f", + "result" : "valid" + }, + { + "tcId" : 242, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b3c62848beb063fc8f285c0da7207e707c71460b8f792ae0890f2362fc8f02109cf80c0e0d75d2f54a6bffe3fef39441ed0cbf29c8397b76a824ff9ecf4c772b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "effa362fce62e271016d50a0e35c031455fca280b80ed2cce87c83e57e3cfd36", + "result" : "valid" + }, + { + "tcId" : 243, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000407ad8cd055528feb4b3a53d354c7c7cc0616ca3ff787bbb0bf79909606d27e8a70b4d271ebd8363d9ad910cf4d84e52171b5b359792f7ff8a89c4427fb6afa21", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "59b8dcdc6676029109871fc67b466a7fb622225cd6c77bbc21b1b628464798a2", + "result" : "valid" + }, + { + "tcId" : 244, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047c66fd67b79f88531a0747288726dbeb299dd8e1159612bff2d979fe4bd1060c15c54c5cf40b7a6b36f4400bdbaa2b6dd0669c3b45a55925635287116aaaff1c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "42dd3a8e14dfe9fe2ebf80746989ba66f28e5460116a02bce24c549d117d6b0f", + "result" : "valid" + }, + { + "tcId" : 245, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000494064698280e7eb6e14dd81efa9f0ab527fe6ceeded60cd4d422162c397d5bad163a63342b44629e57c09bb490118b1daf06bc0bd1de48a98ea7ac3e893e4470", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b0e1025b39c5481a748a0461aa7773a6b342adead4b4587521a1953d4ff0296b", + "result" : "valid" + }, + { + "tcId" : 246, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b454039384abb191e593463976dea937428b76a2f21f8553a994e0e23a0de3282888d4e22eaa986dfcd20e5a4c9666a2a341eaadcdf86b6e137660c95561566f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9dd7118006ee56fccf307a31a6334be7e19db2deca68fd45b3f4f94f100de6a4", + "result" : "valid" + }, + { + "tcId" : 247, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d43b704bcda6ed2cd8cacd64a67191da2f68f25a6a983dd79010b1066942730f2eaa0d0933f710917e3223f2feb23388add3fed3a2a7de18af50803b0b20d6c9", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "1fb16336393ba603fb2eb701fed0e982ad32964afae7dbbfbc5a8112382e51e3", + "result" : "valid" + }, + { + "tcId" : 248, + "comment" : "edge case for computation of x with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200049ea3db44d3c1e09715ec330d3607a06cfdc1b0baf4f570fbad15d63e1a8d190bdae78a1a46ed6fdaa02ea2785c2bad33aace95397b290eb7c26428ef68494abf", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9a6d03a17e68561a105da66d2fb1d9ec9e3ca6c686f65d9da926849d7af4fcb7", + "result" : "valid" + }, + { + "tcId" : 249, + "comment" : "edge case for computation of y with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e4cb3b67d62108687c74b36a081c3adb9fc4e188b5e611727312b70886e81a795edba4df71b9c4b06f7b052b5b48d9e0be855ffcc2f27926524cb22ffbb9e865", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3c03077e0098a845f7c9b22b73eecd495a2d6a0b34d211154ee3898634f823b4", + "result" : "valid" + }, + { + "tcId" : 250, + "comment" : "edge case for computation of y with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046e833dc786039cb081ca12034adfae41e3454cad0976a09612f1af4c390d589f16f499bb679ce63d15bd4b821392e6c3deb9ac2163d0211a68a6167bcb5dd0e2", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b8454bcf8463c2bd59f7538b65f11b9c98c18c13438417cc08a39c8842a0b7ed", + "result" : "valid" + }, + { + "tcId" : 251, + "comment" : "edge case for computation of y with projective coordinates", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000493b0cf66e6c51ec9f5b02589607443bab7b97b18f3dd2c9cc831c0a356b60c21f960bebf79b0c295794237c60576d6a74e5f694d9fccdc2c4a469e00b18115ac", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b4df5f335a0461a38852205ac73bc51512b5c7f6a8305f1a8d4f191cb6fd3b2a", + "result" : "valid" + }, + { + "tcId" : 252, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000467f4d7cf5b8574fa36ec8d3d4caa369efe0521ff9e25760cf99894c64f064ca34db1597fbd96d7b7e319236e0660b05800ed99099c8c1022d55be3a8fd231e96", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a9de6e92af14bf4eb11d7533bbcb28cf622ec5e52e4a2f4cde4ddc3d21babcee", + "result" : "valid" + }, + { + "tcId" : 253, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004439638adcda870137436eeb09e27c32637307921974b64b9f73e266d8e95393094cfcf350b98282437974db3e402fd86e3ebdddc5e23fcd07303a0a5cf282ba4", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "edcd8e48df11aa67a90c75614983466d244e4b5473f8ac01a41c146db13c4827", + "result" : "valid" + }, + { + "tcId" : 254, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bf32693dd77e182d8b2650382832f37f6770090132aa77a7ebc18215e00c44c04642ea3461ff10e2e1800dc392738d7d01174679c9d2e382a80ed4961fe48b6b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2c8dd74792ced281f9cb161d2f64d238cbac2d18f8661b0f5674d79cd5c6edb8", + "result" : "valid" + }, + { + "tcId" : 255, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d20a02a6d0424820f7c2ed6afd1b7c149f6762bf8ce4dba50ded9792368dceacc574cc6298fa1d96edd178309f7508ce8aabf69fc0c49b85299baf91239e6665", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "503fb9bf4b57b00e0c239b3e8371f24660aa01cbf79f4c499e4fe1a155528ff9", + "result" : "valid" + }, + { + "tcId" : 256, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004afd321e9ff7b24d856bf14bbc5afef1952744867cae4a9f3e38f6673da908aed714966dfee5af5b7ddfc1779db74987e9e87f532bea76a2cbed717a36c9100e7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e61ad5f80632382b626f9a77fb7f5db020dbc084c888c6b09993e12fe4d31604", + "result" : "valid" + }, + { + "tcId" : 257, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004cfd6d84113fc920b44bf6d67cb841691dbae07bd6732e5dec045e60d90b98f7110cbf8c9ffaef36f3d53132b1c10db5672acd5df5b87cb98d19daf87b0de3573", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "51c10b8332b33faf529c58cc2da45a23bbfecc1d4e0aa4ea54fd819b7e31e555", + "result" : "valid" + }, + { + "tcId" : 258, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f09616827b93b6017d770c75e35b0162c5455ce2380ef2fec54e336dfe94cbbcf3d01b7b102bec4ff0245db8c943c68c23cf1172c65544aa1174e44cd524f049", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "98d67822c318db0653a470a6ed96e7c22a046a2a25664c19539af62ae1d3a96b", + "result" : "valid" + }, + { + "tcId" : 259, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bfeb62d5cdb7333e0976fad3a259ddb9cb525aeee68327657aed59285352f3476e88bc9799df4d0c142bc632c81d40486fe2376392e0180af93debcb82c639cd", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7c4648cd808df9a54f992b294a3ece562ba5efbeba7e1760f1f107ed1af8c187", + "result" : "valid" + }, + { + "tcId" : 260, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046d864a7cb7f8e3a1fe1c8094e3852f8f43cc4ca6a9039512b2ade5f040e3b4237c908ec1cb9fbc1f6d49460ac19f2d4526f66e00db60d207408bd46c95bffff0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "41b89b46f018a3ac884ad921e49fcf5d9677ae84e39e6ea8de844acc337d8481", + "result" : "valid" + }, + { + "tcId" : 261, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004feb68f41e806a239f62445d23d1b925978a9b696d6f0caa9dc29f40539b073cc2c902affb20066d2c2c920ceb8a453e42cd2454988c332cf0db907bb4fe95943", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d155b0e0e37da1a19af0e85e68e7bb4180aab55b1e95501a1a3ae0cd95404aee", + "result" : "valid" + }, + { + "tcId" : 262, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000457d04c653325a6cb998f61ce347109eca0efff9a16a734134a69cd1e0b081aceb43aea4f71b1f2802fbe4107d0bfb9f6fbbda464501b87ff73c47103e372f635", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "12bd72e952e6b81255ad79af19310da2e0ef9772003384a1f35753e6beab71d6", + "result" : "valid" + }, + { + "tcId" : 263, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004605fd33a42d921e01ee7f75806106de72cb5039f65ff31d6ca2e1efd6aa81a1c95789f0923d705fd19d5a8ae18b66687cb29091e17944b37d27f398bd5546bdb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3514b8362ee1e70e846ede7ed57283f5d5891fdb9b0c5605da45dbc5c6f44e53", + "result" : "valid" + }, + { + "tcId" : 264, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004303ce896aa570cf8f97954ba48fcc25f5f252867f01a9b9edeceaa6bfccedf561134d6290e1649bb028a16c6f54eb06c7e724a947a6248274a4bf6a6aa139096", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f6c829ed9ca3dfdd1f165a204461e1c16620e752216e2b6e3aab6197f3dd2b3b", + "result" : "valid" + }, + { + "tcId" : 265, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041c2ca67311dc5c454dc830386b7997e50bc67e3d5ff522d3e8a39f144998f884862c975f548a5f55dd8504dab5c9e88f0ed3123688d475b211da5a4d6920dd63", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3719f7afe82c3fa54c0c1260476246441d387970935e4c76965ced96da3a07de", + "result" : "valid" + }, + { + "tcId" : 266, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045633cbcfdf74327de0883f59e1788eed76bb0b9e0f9e55e2769ec9aa365a30e1d913bd531f4a61c2d07b847d318ee96482d2f8fa7a12aab3b303c10851ce7fcd", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0a368c74c56c61aab02440e64b2699c24cdacb4dfbcdebe0b3cf801e86f1f74f", + "result" : "valid" + }, + { + "tcId" : 267, + "comment" : "edge case for computation of y with projective coordinates in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000419d53e44b058c317fbedbf106c98f31832cdfb84f21add753cf213ba5de9026a614cf7b7b60e759a15a6c7d864eddec6dc253519975df7f3e9bc0c77fd80e510", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "de5b6c29f2f4f17f8ed925f129159410e4557dffc5472944b8862c42bd2b180a", + "result" : "valid" + }, + { + "tcId" : 268, + "comment" : "edge case for computation of y with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041c96cc2b22e5bdb195b2a47187fad5ee6736bd96dcefef20259a551e9847b5e0c5ab052c8836e4f7cc7b65545775d55b0c7b0c7f830c6539915cb624a507dbfe", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8fca30fc5d731f42d37664d52b64e022d98a25065fb1f8bd77853d7f2bbf07e0", + "result" : "valid" + }, + { + "tcId" : 269, + "comment" : "edge case for computation of y with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004733242cc4afb82271034111b81309e156ae4466e7f2fc5fc1042f4f6e3c44f435c6f614d4be18a73170c85a6b68a9614052934e1d612466dd4921989474ff513", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c9431b6deda0c9f92f368f7ca12986f0e07e012422b840c7aa784a0c713b501f", + "result" : "valid" + }, + { + "tcId" : 270, + "comment" : "edge case for computation of y with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041a24b6520af4f028824beece59b603d15d6d15cde0719ad2f7b8e3fcb6c1342c7ed702a30e875b2436db2f2d3687d9580d3bd7b3f8d1280a81071f3ccd6b407d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "672c2339e4c39e36cfe13e2cfe352859e1ef66318fe9f97dd26d9d03a9171f7f", + "result" : "valid" + }, + { + "tcId" : 271, + "comment" : "edge case for computation of y with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044ade6fa13e59117e054ac1bca3ca52f414035493ac2ee7b1a811f1fb52521e8116ad612cd7ab0c21ef78938945d870dac827becb5b873c84225c4aef159ee4bb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8cd11340313b978fa37749f4b367c087fd900f17941002de22ce4029aa550e7f", + "result" : "valid" + }, + { + "tcId" : 272, + "comment" : "edge case for computation of y with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000434b2ac5a3e4916d081d1ed404b5bccfe076aa7f41e29d0362390f7f08458b44c25987b7f7a214323763e1aa1044a8779bbffc5e22be628138a1d80268364698e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "6f1cc2d07f6ee07d0b138b601c94deb20aa234e526fab3ee4adc98707085a73d", + "result" : "valid" + }, + { + "tcId" : 273, + "comment" : "edge case for computation of y with projective coordinates in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000458c25f4047782b815b41001dea636c86ef19d67ec056324127225aaf6ff10832761325c4a70307dceb9bf451c7405e42580868e665f3f259995f8c358eb0799d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c2812eb9b456297572e8d870754b48489ea366f351f822759de831726815e582", + "result" : "valid" + }, + { + "tcId" : 274, + "comment" : "edge case for computation of y with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e3d05f1aff72acff70e4d51b4207880ec06b4c269db02753d6d858aa5e6d561e7c756f6b0cd106bb732e5f20c91ddde4f24a3699df1125206fcc47449abb7d1e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9cf1689a015ac3958dc95fc71cb0d103e81b4594684638933a5daaa99fb3b1fa", + "result" : "valid" + }, + { + "tcId" : 275, + "comment" : "edge case for computation of y with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000475638ca9ef9fa252429d21243c778be355bd130c1ef626593ca0c244cf2b6ef253b88766230ce8ded7900956a5291a6967c2a54279844cb07d7c585d87d40661", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2d6049f8e46c67c17ddfc8178dd918b23fd1969e11c959b64ea42e39c9a87dea", + "result" : "valid" + }, + { + "tcId" : 276, + "comment" : "edge case for computation of y with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000444682e437448730f594a820ead232c4443f7e784370bfb031304b85199c4159f7151eceaa0a698d15785cc7a2e812aeda12f9ba4238a7f5e76e930f3905015aa", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9b7f8be262b9cd2751ef8eae2bad7b1ecf07cb76613cfe7088cc9bdef1d04436", + "result" : "valid" + }, + { + "tcId" : 277, + "comment" : "edge case for computation of y with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c98b01fe92feae441d9f4de50d4dfbe9789711d911be6ef7cd9c55f4b3e8cabdd9e3aaf16605b0ab50632df6c00ec8554f36ecf427d31df930d4458fe1cbaf11", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "52980b5980df38f7c2d59e4e307da25655d50c6e030234b241c098c935a5596d", + "result" : "valid" + }, + { + "tcId" : 278, + "comment" : "edge case for computation of y with projective coordinates in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200049173ae014b645724587ee26e17bfeb61f91253fe8653dafbda4381da9fa57e9815a9166e1dfc2a81cbe126a2594e51fb98fbee7b3d6588ad86a86431141444f4", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2f1f6990c30136d6f44de8145f191840c4b9efbcf87c39b7995c262bdcdf9d40", + "result" : "valid" + }, + { + "tcId" : 279, + "comment" : "point with coordinate x = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000014218f20ae6c646b363db68605822fb14264ca8d2587fdd6fbc750d587e76a7ee", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "afe5b60fe3e1dc873b3f3022893a359880e817537beb96b3d48d375766ab59e6", + "result" : "valid" + }, + { + "tcId" : 280, + "comment" : "point with coordinate x = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e4102f16fa7f386e912d3a7f77dcc7dc9f8af54cae117ddba10a3d09620eff8c689c20e12ce8f78412945e1d3acbf9935e4653fb0dce02b14a7d526a114f1387", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "33150538973510827cafdfe9449e7a5a2e1a7946f4e485a00ff219b2cd58d801", + "result" : "valid" + }, + { + "tcId" : 281, + "comment" : "point with coordinate x = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047aa67d0033226fb2b1bf975d4568e1f2299e82f2e459ff0b6ee3c0c57dbd40417c20634644993bd84aa361037ce8bf3fb72286dfdf4482458b076a7a5f46d1dd", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b5523f9382b35ed9e1c4f2b420df9f61e6ac8f6d342213fa4d75458f5bd828d1", + "result" : "valid" + }, + { + "tcId" : 282, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000480694ba7d6ad6efa8ad5ce0435a1bd225e0288b6fc22a11e7013aa0d4e9a496b316d67d1c70e6c130420f57cb6e0d60cda154c737f0118007cfea5c2d5b4e397", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ad9a53d05315009fb1487369f72fdc33e6dbba1485efaede2951433526d2fd0a", + "result" : "valid" + }, + { + "tcId" : 283, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000406c66970e539d9ae0f8f67a72f426c100b3b2cf2e276e9b0aea75b4efc98832524eeab2b413ba17db811f740f9fb9fc3c73b5ce51f1e74e7e08bcd8ab48dae83", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a88cca88b59cd86edda202cb4ea1b2d541d5c8c22c062a08f9db496d56257330", + "result" : "valid" + }, + { + "tcId" : 284, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000441277a6f20d855af6acec53e9923216d74ee2aed18a4140591ebbb0b3455072669bc7f19d64647e74ff00d0c89bbfe508e322b4397ddb8564ed2832eaa5b2d92", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b7f531b4a9ac00952bfcf2cbec41e58b54c4f412f464bcf1f1bf10a24b9b1974", + "result" : "valid" + }, + { + "tcId" : 285, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004146dee2bcaa5cc0817fe191b6d10def6259df744afdc9e5b0dde523b348aaab445b1546f79b7a6aadfa547bfa416f62b54f7a476d6d888056b9c05c72e0139f1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "473473518f0e843d1fb5105b16fe88edaa418b396cab7cb5532416d171f2e7bc", + "result" : "valid" + }, + { + "tcId" : 286, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c48ee90f8fe800664086ed5ba12930cacdfa175a67a2c4398168f626699deb8dd78c35a48042aafbc6c7caf3a68385ddb5d406acee86d96403e75baffece00e3", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c2563f49e623b139a83c4cb71cb73deb06458385658bf8796bac0c2ed12c8a67", + "result" : "valid" + }, + { + "tcId" : 287, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004737d92f5dad51d58261a77e755678ab02b107912041c5d295f5829cbd10cd8c59b55dd084f84937c27565a9075fe108745e17001666743db551436e691ea818d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "28c247ae91fdac1b29896415fec60f4252feed9c9ffa0216d31350d708646d89", + "result" : "valid" + }, + { + "tcId" : 288, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000459efed747303891baab0e1dfdc32d69906e0fc6815b056dae0eda2080957a3ebf205fd299c63e549d24c153935d950141c3dc2699afe8731a46304e203cac15d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "76e9e6f1339bff54b82a45980745526ff9249e942b1f836aab719fd959fc8099", + "result" : "valid" + }, + { + "tcId" : 289, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048ef9a7997b717fdbc5d2a7f9a67f705e5dee4c82ca383b7ee2d07c24850396d072c98f7dc1658f9dc3c434a9fddc2f986cc0e3e3ef409827537617ee67105f2b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0de82177c80f4e35f3b7a300e89ac288f30e01a8658933c16b8c90605e35d6c7", + "result" : "valid" + }, + { + "tcId" : 290, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000404569ec9fb3d6bcedc059e7fd04ab7d3f6bac730b1b75a11749e4346458f9296a051c84d558dbd2957c15907477776af660ac01582c001dc1f868ebfc6b3b264", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f41de3a77597835fa904d1f05411368e6e878abd0485477d162b2c764ef045ac", + "result" : "valid" + }, + { + "tcId" : 291, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044b298a3eba6a09fcd8415976e0faea997fd519ffd3363bd20107752123e101466abb70c013ba2389c371be19dd3296f0600e64f05755e15cf89320ac7ffb25d6", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c4dbe3b94e729b1e0ae34ffb0f6b0d95d7e619ab3943aa3836cf1e721a470a9e", + "result" : "valid" + }, + { + "tcId" : 292, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000418bde07952d7be8914d2b2544c65a3debdddd9e7ce8a9c46a03d124acfb8548b01a4a175a2a81af98e6028770d055e22f1016df15462b65f55a2d4850cc415e5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "83b31061f1b70148870a9282a4641cc8428943a3b10e0301955f5960c386fb04", + "result" : "valid" + }, + { + "tcId" : 293, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004002beb755f694a09f60bce5b34dc347c5c3aa236de9007bcdd0707e9bc8071694f443b0045999f2f5899ca793424a9b423b0ec0a3edcbbf4afb9e66526cf89b2", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5f74c066595fe9ea283274964ae83fba1a73ef9d29d24e6604a4aa0881fe390d", + "result" : "valid" + }, + { + "tcId" : 294, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004957e5bcd11fc450bffcefe636c0b73f10fe8585e04c6c7aa7fa0b603d24162d99e553e940956aa04a237a0c2570a0c7bc3712172b8f78c7b470a042ae31f3223", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c672601d951bdb550ea9cc58d2031337db39a3799de21af4e5c23e2fd7f537da", + "result" : "valid" + }, + { + "tcId" : 295, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c43b1b4099da70f8d33fbb61b68d9b0e9c7aedd4f4761c6722996666974e298e978c02ea7899cdd46a47405ac0d89fd6a4d66718a4502438ad45463260976841", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b2c2c00532d468d25374ae2e6ec9bc52bcb2e8df20ad1a40719b7d91746daeab", + "result" : "valid" + }, + { + "tcId" : 296, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004deb85f604be1930dbac6629cb96210f6fbc87ce2b260b66cc7d661861806afe1120bbcf8356dcfbf1de4bbb7d2066c3dddfbaf330af754c57859137a9cc4a68e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e5fe7c96371878cf86db4210a487d7d33ac4bcc45b8df2152e82aa7228a991e2", + "result" : "valid" + }, + { + "tcId" : 297, + "comment" : "point with coordinate x = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000427899fe24811adc869d49ac451cb210631d19aff8971ac7c3dd2fe826262507fd9ddffef4cc9cd81bdd3eab8acdd5c287a8934f82dfc255dded1ac1f1100aa17", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "1bb9a501ab9d215230cd1072042b3c8271aec3b2c1da10d1a8c810fceaed47a4", + "result" : "valid" + }, + { + "tcId" : 298, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044301f54b3592d1ea2a40989c94261d2b1d1fe297ed6ed64125ee241de05d004bc79014f156e9b7bfb36b8ad2d66d55f3a753829a9ddb86055bb9166dd3aff457", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "fdc15a26abbade3416e1201a6d737128a2f897f0d88108645453a1b3ddd05688", + "result" : "valid" + }, + { + "tcId" : 299, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000436b0f66bf5f9fd4b2df9cdae2af873a075c55497d7fec4737a7c9643c2c76fe5da9f7287b3cd4e5f05b9a1a4f64e8a8d96c316e452594d02a4592a2107ece90b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e36348e3a464bc518384806c548e156edd994cb6946473c265a24914d5559f1c", + "result" : "valid" + }, + { + "tcId" : 300, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000482abb58afb62d261878bdee12664df1499b824f1d60fb02811642cb02f4aff5d30719835d96f32dc03c49d815ffa21285733137f507ce316cec65ca562ce2ad0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7d65684bdce4ac95db002fba350dc89d0d0fc9e12260d01868543f2a6c8c5b8d", + "result" : "valid" + }, + { + "tcId" : 301, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047de7b7cf5c5ff4240daf31a50ac6cf6b169aad07d2c5936c73b83ee3987e22a1940c1bd78e4be6692585c99dc92b47671e2ccbcf12a9a9854c6607f98213c108", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "6ec6ba2374ab0a9ae663f3f73671158aaabac3ac689d6c2702ebdf4186597a85", + "result" : "valid" + }, + { + "tcId" : 302, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000406fa93527294c8533aa401ce4e6c8aeb05a6921bc48798a8e20a0f84a5085af4ec4828f8394d22de43043117b8595fb113245f7285cb35439389e8547a105039", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "6d6e87787d0a947ecfbf7962142fde8ff9b590e472c0c46bbc5d39020e4f78a7", + "result" : "valid" + }, + { + "tcId" : 303, + "comment" : "point with coordinate x = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048a4f625210b448dc846ad2399b31cd1bc3f1788c7bed69cc1cb7aac8ab28d5393007c6f11f3e248de651c6622de308ee5576be84ef1ed8ed91fd244f14fc2053", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "56ea4382f8e1abfcb211989f500676449abcebfe2cd2204dd8923deb530a6c7b", + "result" : "valid" + }, + { + "tcId" : 304, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004885e452cbb0e4b2a9768b7596c153198a922dabbb8d0ca1dc3faf4f097f09113be9aaa630918d5056053ecf7388f448b912d9ccfbed80d7ca23c0e7991a34901", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2c362c27b3107ea8a042c05cc50c4a8ddaae8cdc33d058492951a03f8d8f8194", + "result" : "valid" + }, + { + "tcId" : 305, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e226df1fcf7c137a41c920ff74d6204faa2093eeffc4a9ee0a23fb2e994041c3457107442cc4b3af631c4dfb5f53e2c5608bed04ff6653b771f7cd4670f81034", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0188da289ce8974a4f44520960fae8b353750aca789272e9f90d1215bacdd870", + "result" : "valid" + }, + { + "tcId" : 306, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f53ead9575eebba3b0eb0d033acb7e99388e8590b4ad2db5ea4f6bd9bde16995b5f3ab15f973ca9e3aa9dfe2914eebbd2e11010b455513907908800396fb9d1a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f78bd7ff899c81b866be17c0a94bec592838d78d1f0c0cf532829b6c464c28ac", + "result" : "valid" + }, + { + "tcId" : 307, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004882773ec7e10605c8f9e2e3b8700943be26bcc4c9d1fedf2bdcfb36994f23c7f8e5d05b2fdd2954b6188736ebe3f5646602a58d978b716b5304ea56777691db3", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "99f6151fba28067eac73354920fcc1fa17fea63225a583323cb6c3d4054ecaca", + "result" : "valid" + }, + { + "tcId" : 308, + "comment" : "point with coordinate x = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a60b6458256b38d4644451b490bd357feade7bb6b8453c1fc89794d5a45f768d81eee90548a59e5d2cecd72d4b0b5e6574d65a9d837c7c590d1d125ee37c4d51", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "68ca39de0cec2297529f56876bc3de7be370f300e87c2b09cdbb5120382d6977", + "result" : "valid" + }, + { + "tcId" : 309, + "comment" : "point with coordinate x = 2", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004000000000000000000000000000000000000000000000000000000000000000266fbe727b2ba09e09f5a98d70a5efce8424c5fa425bbda1c511f860657b8535e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "1af254af90c16dbd217f3356f7fef9ad532d4902a6d67218e3188a9e840fc929", + "result" : "valid" + }, + { + "tcId" : 310, + "comment" : "point with coordinate x = 2", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000452d9a44bf0bc729e5f3ffc8a73a4da332e2962b22013391b60eb66de6e1b83431eb0d9c6e92a424bc24ab23caf99e3cda830263689653626f8be91590fb75cbd", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9e232223afd0d57a7b150f65700ac60a78bae2aafc0cf9d1a820452ca1e57a14", + "result" : "valid" + }, + { + "tcId" : 311, + "comment" : "point with coordinate x = 2", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000478a99dfcb7df4d9277f97b5e24e979f48a8aa8983ef9dd86765dccc33d8ade9f9857dccce2a7ff0ac41b255eb8df45df61b4db58fb5e997614bf0d5ab217dd90", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ec2f7542cc1df665764c5b9bff751208d668be9f3d61cd6c33b35ed0f4fe5a17", + "result" : "valid" + }, + { + "tcId" : 312, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041162424aa9fa0d42bf60e06a16b7e7ea45ac0e2f07f1e36735bd0d98c70b8850693f2ac128f47f213322c5f8872dde9261affe614e3f364a792d17b0e8421840", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b095e9c2f933a00053a95758dc20fe1e72a798462f90fd67fafbbd68d761dd67", + "result" : "valid" + }, + { + "tcId" : 313, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000430d2d42a85385b64817d0900bc8c984716934529056da032d5fde844915d669b0e5ef40d566f5b23992132c4ae588017ebd160e5dbf4804f936cb0f257a93446", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "95484c5554b543f8eb2fc218cc46ffe648a3bfac41e6dfafca1ba11f8c53ed6e", + "result" : "valid" + }, + { + "tcId" : 314, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a77a259a55ed98d643e1a3e13804c95e543c1557e6141e4ed47dcf13b941a6fa8bfa5f879ab14aeba7b2ac06e5a719c86f4a2ed391160380aa3b6f74141cd354", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f22ebb6843281b54b22a9ff1a91485c7db8f95db4bf8a1131f892b3bfce56662", + "result" : "valid" + }, + { + "tcId" : 315, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f89454593dba5720164d17bc1ca32f10ddd1a7d37b7bf02e5ec0d59794f4d63d34268de3f6a2c108514a52702f7e67d27829fa0340b3c4710651291483c8b213", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "99623d9f447b66cb322488ea463b3e40d5620f4df78f89c62fe0ba8b90ff386e", + "result" : "valid" + }, + { + "tcId" : 316, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b00befcb868eeb5d558ef2ec2ec679dc082ec15a57c5899311178424674b8f50588742728a6384a180506b8739a79c4ce95e1055c0d0eab2254ca55b18a3e7b2", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d611afb4046c9f4b2887b7dd4d45b80e9584eca93f5a855dc30e529eedbf5017", + "result" : "valid" + }, + { + "tcId" : 317, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b3e2f9c7f9f068c5da8882fd581e7112e538aa01feb5f017433c00fc8a828fccc56a3f692e3b237b7caf49869009e6743e35ec5aed19d814cfc13869f78eb895", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0438085ab0104fb47c696be5c08f95e319ed5507ab781fe1cdccd6ddb34bda67", + "result" : "valid" + }, + { + "tcId" : 318, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e5dae9779e0c168e60b842508e253d2ac80e7e504daed9fac077b9b449c368b57bd8661bbbccef478f050f4ffec8aa47ed7f98e89514d9083facf0a7f2f7b70f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "326dbabffe17c6efc710bdb8d04d16c8624c083d48bfa6e4411d221264d8277f", + "result" : "valid" + }, + { + "tcId" : 319, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004420e10bb81b379d728879fe600e6f1bf2b85d8023848a040c7654a9734da1ac4cbee561571a616b094a38436e02c6d7b54b4279a234193a828e86e21e6b71d16", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f47a91e29ebe69baab6b340bb64a6dc34fca7546fd6eba53f5bbe41f6178c7c6", + "result" : "valid" + }, + { + "tcId" : 320, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048dbf1ba87597004af552317225916abf3d71dff90fe9e61f9d2863a6de218d4a0897e334000139b0849d772757b150e5d86b55d7a00a744bccbb7cb8d1a6b07b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "cf83319c735348dd13c44b055f67a292f7afc5d9d2bd0706c966ad765368d422", + "result" : "valid" + }, + { + "tcId" : 321, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041accb85b612d32d58459caec0bb6768f05ce8094e3862422a7c12340dd31bd7397e0377d33ccdce8bd872f898be6cbcf7274b3beefb5dd7cadddf027d0c02c2e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "41ee7801ccb702f2f633d1d0ec20d7c427936886df89ad33d19dbb56f66a2656", + "result" : "valid" + }, + { + "tcId" : 322, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000414eef41b67c17b1d4a040554287cd6a9e6b3080335ea4e16821dbd643ec67dba6d67cadcbd1a3f0227b7caf2c0604d2b3507aeb96ed98c32e2350fe295ed8998", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "af828d6bc21ad6b4570b5f68a6208d3a2f46edca69b1980fe5046792c68cab80", + "result" : "valid" + }, + { + "tcId" : 323, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a99af5dec3c995080ddcc15d7994daff266aa53f181fba4bcdd504d206bfca2f3739588f071e4192b615361ec81735fe2ef2923c4056c432f4c2782e5d722215", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "4ebf7f174cdb3fda94f99698317ffef5f4d4fb933f3292f1aaa782c354ba03e7", + "result" : "valid" + }, + { + "tcId" : 324, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a355d8d17d50f6428e0af345921662587e2b6249eed1e326abb7c8605036b1db1fd72efaca9082bb6fab44359fa7f6ef8a45d036852832e2ade9d41f28219144", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "1649f83c47a6640a94b773ab4309bd6964109433e3f3ee5b024d1915ef5139de", + "result" : "valid" + }, + { + "tcId" : 325, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fa53e5b58d55ebf517d8db07b021d80918d1f260f9e0b3d00bd47b24a91ae6ab85ab2adcc31b98caaec2681a841d50bc0eda875561fab70c979463ffb6a1d74c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f434c3ffe109528456c23d6cfe51ec0b10be606d7a26775fe2ff0a9b18f92f39", + "result" : "valid" + }, + { + "tcId" : 326, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000433fe37949375debd9734f54b7036b7a978bc8fc4ae3fe927a521f940d9e35dd38f81a9160c05df04e34290db40c3e045b832373941ca85b433854e43caed323d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bd02b9dfc8ef760708950bd972f2dc244893b61b6b46c3b19be1b2da7b034ac5", + "result" : "valid" + }, + { + "tcId" : 327, + "comment" : "point with coordinate x = 2 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b9ba8445067d0e81bd32dd99e6b4ea3d442d063a8eb9873518ee3bb18c053706099964b6889105784d9d6d9d9aa79c76b6a3d3376315953afdcb5a7439e7c706", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "412269bfc15d8b1fd7f25de33b1515ea67f2194e73ba06c85ef99bb42722f95d", + "result" : "valid" + }, + { + "tcId" : 328, + "comment" : "point with coordinate x = 2 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000478b248634270a7a6640bd0c64595dc4e98adfe6bdb8112593a4173e36d4a9b4969a1f3d19b325898e36459c41eba1de99229b0ba2cf1337461c84391d9aea1fc", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0ad7556a621074a771bf129163d09a2e9d2e174f2b8a4b6973e89ea138c9a603", + "result" : "valid" + }, + { + "tcId" : 329, + "comment" : "point with coordinate x = 2 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c788884ac868593db241f5b3ea7013810d3ce28a02680a96ff357b261fad611bef353b0e82c1c68c471ff1ed5c4749e168e7af8591a5e6dab599b96620de0ede", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "76acc74dd60872ab29e1bcb99dd46365c7c7f792619c901c7ba5c68378b233f5", + "result" : "valid" + }, + { + "tcId" : 330, + "comment" : "point with coordinate x = 2 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041864e373ac60c23543fea9e1f237950a8169e07c817db69d500e5592d1df9d5a10da4651efccc46d37e7eae16c36ac86a9a86b88ad08751a8dcd15060019704b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "50e23b94fcc33d93dbcd71e955e195fe0bf6ac9b04b15f001e53b5dc7bad158e", + "result" : "valid" + }, + { + "tcId" : 331, + "comment" : "point with coordinate x = 2 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004dd7308d2a6757f924dc979066e75ee6fa52b03393d2892f59788effa553b690d1fef00c1c22ba80b95d529782dbef55a63046179fb4ef00fdccf5b62ce55c136", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3324bf2fb3486b1104fffa35ef38975faffba1ebe42c54399206face505448c7", + "result" : "valid" + }, + { + "tcId" : 332, + "comment" : "point with coordinate x = 2 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004575d51be2bddf5bf1ab42431ba7e3b5f2947bc574df9f60a448b8db5ca28c92cd836f55c556440a7df125de6599b21ae68f15d5b9f422d6eec88ab2f65406bf9", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "235fd3e7216c92f73860f0ac0121b4264ff89d80bc75d59dd455298597c5f2ec", + "result" : "valid" + }, + { + "tcId" : 333, + "comment" : "point with coordinate x = 2 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c7422a80aebdb518bd2daba691d39a25ea2fe49a35cdfb2a0f94bdfbadc6629ae55ac7c400afd2976b7c3b24f7126807a5a0afb931cfa5c6ada1f4ff984ea5a7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0bf758de27052319dac39b324a6ea55e928603a3ef9049ad147f8ca35f55b656", + "result" : "valid" + }, + { + "tcId" : 334, + "comment" : "point with coordinate x = 2 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ad4062216f84ffd66e326497bcbcab982283493392ec0f739cef8cd7eaf3453414c5a289a846e28bf2042ea5dc7b15e252f48d3cf980e7c4751cc35493a1c328", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "312eeaaee397224fc17dec7191ce69cef40e8fb373516c2b1edada0336c99c13", + "result" : "valid" + }, + { + "tcId" : 335, + "comment" : "point with coordinate x = 2 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ccacd1bf7c7f4ea9c7e59bd802804a9d335262716ac288c6eefd7a7135349a4f7b8612e2bdbd43b3fc4fa6941ac15a8f37e34fe7810a0c0d43c05afafb6480ef", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "aa1691858e6a1a06c6df57ce10a4c730974c06d1e0106d1a31b51b915cd6b60e", + "result" : "valid" + }, + { + "tcId" : 336, + "comment" : "point with coordinate x = 2 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200049aa7f1f93474fa370c4df3805bd2839328895880dce197a06cf9052e6ab7a6938c9a208b335bfda6b01321f029a0d83c8bb96561208481f7af6c6cf1d2657843", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5786d6ea09ffb21a63adb020b117096484ef995e8c4a72afa479cba95c959920", + "result" : "valid" + }, + { + "tcId" : 337, + "comment" : "point with coordinate x = 2 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000483b7affcec11685d15614e2d53c1e73504e3d98344bbd5fc0ad86dc4c36704323a7f73a09533d1a1076aa9c4af22a6bab92f3f0d766798db7aa4183c037f86e6", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ae0c7845b82995263c51e13e297412d17b650aa83dce4f55a069dbee671c16b8", + "result" : "valid" + }, + { + "tcId" : 338, + "comment" : "point with coordinate x = 2 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004aeebdd971cf4e988fabd8070c75c64aab90a83a36735fecfb385605979c008ae8c39888f0daf74f98cebbb08f6b91a5193f684a56761b9f2b63d87d3f60491ed", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e5e764a38b73816f6e11e7cf298b2be54d11249c615f0a71498a0a821b5736bb", + "result" : "valid" + }, + { + "tcId" : 339, + "comment" : "point with coordinate x = 3", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000032f233395c8b07a3834a0e59bda43944b5df378852e560ebc0f22877e9f49bb4b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "6aa7e74a7a838efa9607f3587d4117f1914c57fa924b441c27fb7a7c31fbaac4", + "result" : "valid" + }, + { + "tcId" : 340, + "comment" : "point with coordinate x = 3", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e38eec4c1a4d81a5d994b0d7780305af651892cbf07f3a07628f4e2473a8ab754bda96622462880d3536d390132a85db6147f814c62efb580a6f529598b0dd1e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "391b624f28eb398156666dbec1d635f8ff1753eb86297973a1c2831b1091e2df", + "result" : "valid" + }, + { + "tcId" : 341, + "comment" : "point with coordinate x = 3", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000410f02d496e9a8758c831389892a45ed009282ea1eb201ab8caf09e6f2de9fa4acc126becc204c41a94aff4f2ead7552ec23fc68f0005147625a95622b521090d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e3f39d071b743c8041454d1dacba93dc9f3f12a5ae1bfbebaa59fc4cefee6b82", + "result" : "valid" + }, + { + "tcId" : 342, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044c859aff342c56a9508b859ab1509edcabf66e044e2026cc293474389b3d58c16bc06cf99dd6d8249c5d24386a55a97214ea0cda270ad9470986c3a3d023cb07", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "09d0d1b92af1e7111d223bf5efcdfa6df2622ab3cf161af0ebbf06ad00c09b6e", + "result" : "valid" + }, + { + "tcId" : 343, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d1eb4f7c680a247a14f3d67f85cdb1c4c6f13d44821fc456c9247a606622afec4952cf05ff06f06d7030e88904737096cbf8dd90e478a3b5dfed2ee487a0835c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a738727e0f5b20448009d1029ca727f2380d2c6e152a6e2da8ea50531ce39499", + "result" : "valid" + }, + { + "tcId" : 344, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043bf79d6c1a20d85115e973079707f5131eed2f83be5683c34d0fb3eee1ae40dfd2ea4f1b735cf62341835a5721c25daa0dc1a3886ab75ef653f472d8f3aa1e97", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a314e4ee9e303d970b4e9f0cdc262657d5c5192f055466b9d09d9c888d6b7256", + "result" : "valid" + }, + { + "tcId" : 345, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b1f808286a42eeee85d585e54dc28aba2aebfb956805f5c01127bcdf435154cb5b178fda5896d9e7508661fee7ee55fa9623610b3d9f4a59156b76d8877b4ef1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8f4e1bf8e5182a1fbcdeac924df1ba2f937162d48a206783c48132cb582c07db", + "result" : "valid" + }, + { + "tcId" : 346, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a21e80d09e11acbccbc909de6c9f1159addbb5dd477211b90a370f8c7548e60d1d7aacb6e455bcdc230331d79ad9464a77b702c858400900cb4488cb6c28bd61", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "16682c862cf53755b3c28adf7de052d5cf0e81e5d8acb346702a392bc6b2b1d5", + "result" : "valid" + }, + { + "tcId" : 347, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045055a8c45e81385f4144c7b6fb32119395a94dbd07665ed7bc1cce1e62dc47c8b6d50a39a55d3b8e996624fb6ec2f2960c7c2bc0bc94b2a63d65096fd99ca41a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "cc33e840b5354bf6e088047e76dc168f15c0c1aa946731600f52d6f1c9299b27", + "result" : "valid" + }, + { + "tcId" : 348, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004af522fc0a61440173945b914d6404b1940b547a6f768550280fe28bd331c9c661d282429f2911298f9c5b82f87c7f5044706748c19035689b216d64474bf5ad0", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d7b4f5e2dd1ebecfc92318d92085271be482fe65a03e83b2e358a397a597449b", + "result" : "valid" + }, + { + "tcId" : 349, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ec1a88652de714d21fddb54db4a3423521aead5828b843bdde9a42cf4a8bf124a69568c664e2d9317ac732c98c435548dcec0eeb8ab31027ee5f1693ccd97c68", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "1d88ed8e4579a4c62fed95eafe1528f8d5056041fc41f3ef063605ddc980ee09", + "result" : "valid" + }, + { + "tcId" : 350, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000448e4c9cc88a601eb639f81ffa679540bf1d7bcbe876a955e73bfade055384160bae130243ef5fd328f65278e00cad6001327ab42fdf3b9654aad6f260542b02b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a6698578650dadb452d677c3983e6b809152d7d2d8fba349cec686e72e6f8693", + "result" : "valid" + }, + { + "tcId" : 351, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e861379f1c1b07540155bbfef4a69a84be81b1441d43e7850c7ac1005a804238bb33c7981d383a06d1b795552a7b31f49145fba937876fdc9f0d138aa5b3f322", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8e42c38902b25fa138b95f4f280b684c09e1212c4f06a2bc2c2b2b8790112034", + "result" : "valid" + }, + { + "tcId" : 352, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b4489cd499168bd48cd2c31167edad246c63859bf8b48398617a7a0556341e3c0b0f66f665038baa29db8c296d4f2ae07b9ab9193bfc00981d7df0599ce0648d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a19f1165d31c1695359929deebcd24846ccb9a3c2a38c10bdc7c855bf8a32df7", + "result" : "valid" + }, + { + "tcId" : 353, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004884e74885ea450f5aab0cc8f06c006630e8b183a06bda509322fcd97ba5d2d2b00e1373d533bd5920427d106b7f33eeb53d21b5cf46ca0151e91859e811a39cb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0a87935c036de666b7619f14ec58f9f78698cc23a667616f84c177f34661ebe2", + "result" : "valid" + }, + { + "tcId" : 354, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c50224a8cf3a19da6133e746d00217285df85589ed334b54d95b005b8f033f7df7bc6a5ddc59d033f0c66bed57149a160f25723117a2fcd413aff8c9ada43bf9", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "90accd1c3af1cd782ea1e864a307aaef6a01fd3a6305a0adae37e76844b9ce10", + "result" : "valid" + }, + { + "tcId" : 355, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c66a917fc435c9f41c47428e718a3017b3c5c992b4d94a663602f73fd825d043a03cb9f58174cffb359e2f541cfb5e551c50fd811b82362eadb216a4cfd0f8c3", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e164d88fcbd1ccdd654de0415bfbd2a171590713015f4a1755504e62f7a03870", + "result" : "valid" + }, + { + "tcId" : 356, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004f55a451e6e0d8f7600c7bf7c05741c5e5985b8ffe4eab62d4ffc04aedb725a66e942cf486efcf3b85488cf3cd4fb0248b820703b938ce77a074a2f9286af03bf", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d4b6d4251ac1f8a0b0c75bbac3517a13ea0c857b5499b03d153be663a8715480", + "result" : "valid" + }, + { + "tcId" : 357, + "comment" : "point with coordinate x = 3 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a96aa25bee8c8cb6f6aaf40be98ca047da245e8d4cae28fc892a0369b299cba3ef5f54bb59f4ad58a84332a00d89a1cf3d56c4e6ec9c3a467a4a2a04ad3bce97", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f5270d0c4119f1ef467a37501688b4bf4a516e5f58a0f5a40f23ae70ee813c26", + "result" : "valid" + }, + { + "tcId" : 358, + "comment" : "point with coordinate x = 3 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000449f572fa8cdf6750adabc3ab0e46bf23dd7ad7114bf319f35afa6a2ccbe2e7d343c44f018f8efc9f52691b274a8c89283d13ce93d1b58aea11d62c88599c309c", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "1763eb5bd3677de88e98aad84038838422d6e55605a14761788cf305672eb670", + "result" : "valid" + }, + { + "tcId" : 359, + "comment" : "point with coordinate x = 3 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b36f6b02bf1d213d9abcfc98c25fc81ab3b98cb13d678da871310aa093ab7b58a50b134818321a48ffc1ef9f8624e371ddf078d8983fda6c4eb27dfb255174e9", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "98c95ef9fded241da09392573144daf44b0332518f458167e09d672011ea4618", + "result" : "valid" + }, + { + "tcId" : 360, + "comment" : "point with coordinate x = 3 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000474f57ff3da8d60ec0b382e6866be4502f695688384b405e2179aab61066196d7d24064185d68de95bd72b219c0c0a93879324f299fb19214b33a3ed2f1bf4823", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b0fe8fc6abe853b1ea6aa4f4b4490bcd94ffd3532c1d7cce36d059ac8f29cd67", + "result" : "valid" + }, + { + "tcId" : 361, + "comment" : "point with coordinate x = 3 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004924fe3439d35427e2ad9b1f6e67877ed3441d74bdd0eb9f82ae360434bc20624537e3400007cd2d140f2caa0f7b61c7118abb9ac5c766ecab3f8f72ea5d96cdf", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "4fdc7cc04b2459f73c856023e892699b9018baca1b8e3b040ec74324607c97c5", + "result" : "valid" + }, + { + "tcId" : 362, + "comment" : "point with coordinate x = 3 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fb0e48a3815a2b80e9e725036a239757e9c5987850a941c5f5d2b89b776aac683adb5481fcd85f0013feb20505ebbaff27edf8474a7cf4d985ec567365ecbc1d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "561138979956fe6a1aeae06277456c7e5e7e7d643910e247fb248dd7435691a0", + "result" : "valid" + }, + { + "tcId" : 363, + "comment" : "point with coordinate x = 3 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e669915ee160694e8559d7965f7cff945c1cb076f194ec9894b1a38b10726fb0389675e3155b069b3862da3d1112179a04accbe7dbb70b3cc48bedb7591d2eac", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "06c06abb603bff68f356ce496c17fcd0662fa040eb0cd45a98112e6c1eea11db", + "result" : "valid" + }, + { + "tcId" : 364, + "comment" : "point with coordinate x = 3 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b760dfff4c5c200aec18b930b18df34297bb421b96017ef902139fe6b12349f6ccb8cf83d2837c7520300f197b491c0368470ee86f74ca0381682bb6ad80344f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "319297f77a75381b65d73107e826eea0e69d85985db4568fea21d12dda696921", + "result" : "valid" + }, + { + "tcId" : 365, + "comment" : "point with coordinate x = 3 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b0e4de914fe71b61636e61391528efac8b6c11edcd41c9766af8693dbb6e41f2517293725552f22dd6e1db7c2c243f80c10713f6aa48fc5e395bd9ec51f1e9c5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c3ef6eb91aad69456ede5174b0e5e3d6863c024aef3185d2258946362903e576", + "result" : "valid" + }, + { + "tcId" : 366, + "comment" : "point with coordinate x = 3 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048eb6ee2ee9e061acb9312ad015b1954ea47ca304a2cebb77f3bf6c78678c1149d93fc6e80561f3110fd0e95fdc0ce8da2c3f32f7f581f9b666d74900b3760b9f", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a18b1fba4d496419ede70cc23ceed674526f34299e5b09c0ee2dd1669693fef9", + "result" : "valid" + }, + { + "tcId" : 367, + "comment" : "point with coordinate x = 3 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000490121021546a96e7879d53e7b85c21f4047df49b9ad85020104f216d010f520d1bba6e765742395b4c894fd0eaaf87275d1c77494c01cce882de2805d1922c0b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9fc7fff3bb4d6e5a4d52eb0e3c513a3c9fa56014c030449546cda744aa126f6e", + "result" : "valid" + }, + { + "tcId" : 368, + "comment" : "point with coordinate x = 3 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000464c1712e3e9ef440c7ea8faf0540d2e6a05adccbd53a7fb24ff16a9502a818f747cfafd2209430eb7794f5da91d6c5e2db505ba287bc6ef397bf7f30c747536a", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "61cb2fb99b695ecbaf91a95e6e0c7e24633bc7613ebf518c6f1c8161dc75ea5f", + "result" : "valid" + }, + { + "tcId" : 369, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004cbb0deab125754f1fdb2038b0434ed9cb3fb53ab735391129994a535d925f6730000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "af306c993dee0dcfc441ebe53360b569e21f186052db8197f4a124fa77b98148", + "result" : "valid" + }, + { + "tcId" : 370, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000424800deac3fe4c765b6dec80ea299d771ada4f30e4e156b3acb720dba37394715fe4c64bb0648e26d05cb9cc98ac86d4e97b8bf12f92b9b2fdc3aecd8ea6648b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "aa7fc9fe60445eac2451ec24c1a44909842fa14025f2a1d3dd7f31019f962be5", + "result" : "valid" + }, + { + "tcId" : 371, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048f33652f5bda2c32953ebf2d2eca95e05b17c8ab7d99601bee445df844d46a369cf5ac007711bdbe5c0333dc0c0636a64823ee48019464940d1f27e05c4208de", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "082a43a8417782a795c8d4c70f43edcabbc245a8820ac01be90c1acf0343ba91", + "result" : "valid" + }, + { + "tcId" : 372, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004146d3b65add9f54ccca28533c88e2cbc63f7443e1658783ab41f8ef97c2a10b50000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "70810b4780a63c860427d3a0269f6c9d3c2ea33494c50e58a20b9480034bc7a0", + "result" : "valid" + }, + { + "tcId" : 373, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b0344418a4504c07e7921ed9f00714b5d390e5cb5e793bb1465f73174f6c26fe5fe4c64bb0648e26d05cb9cc98ac86d4e97b8bf12f92b9b2fdc3aecd8ea6648b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a7d34ee25fbb354f8638d31850dab41e4b086886f7ed3f2d6e035bceb8cab8a0", + "result" : "valid" + }, + { + "tcId" : 374, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048a98c1bc6be75c5796be4b29dd885c3485e75e37b4ccac9b37251e67175ff0d69cf5ac007711bdbe5c0333dc0c0636a64823ee48019464940d1f27e05c4208de", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3f09cbc12ed1701f59dd5aa83daef5e6676adf7fd235c53f69aeb5d5b67799e0", + "result" : "valid" + }, + { + "tcId" : 375, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041fe1e5ef3fceb5c135ab7741333ce5a6e80d68167653f6b2b24bcbcfaaaff5070000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e04e881f416bb5aa3796407aa5ffddf8e1b2446b185f700f6953468384faaf76", + "result" : "valid" + }, + { + "tcId" : 376, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042b4badfc97b16781bcfff4a525cf4dd31194cb03bca56d9b0ce96c0c0d2040c05fe4c64bb0648e26d05cb9cc98ac86d4e97b8bf12f92b9b2fdc3aecd8ea6648b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "adace71f40006c04557540c2ed8102d830c7f638e2201efeb47d732da79f13d9", + "result" : "valid" + }, + { + "tcId" : 377, + "comment" : "point with coordinate y = 1", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e633d914383e7775d402f5a8f3ad0deb1f00d91ccd99f348da96839ea3cb9d529cf5ac007711bdbe5c0333dc0c0636a64823ee48019464940d1f27e05c4208de", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b8cbf0968fb70d391059d090b30d1c4edcd2dad7abbf7aa4ad452f5a4644a7be", + "result" : "valid" + }, + { + "tcId" : 378, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d1c1b509c9ddb76221a066a22a3c333fee5e1d2d1a4babde4a1d33ec247a7ea30162f954534eadb1b4ea95c57d40a10214e5b746ee6aa4194ed2b2012b72f97d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "07257245da4bc26696e245531c7a97c2b529f1ca2d8c051626520e6b83d7faf2", + "result" : "valid" + }, + { + "tcId" : 379, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004755d8845e7b4fd270353f6999e97242224015527bf3f94cc2c693d1b6ba12298604f8174e3605b8f18bed3742b6871a8cffce006db31b8d7d836f50cfcda7d16", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d6aa401b9ce17ecf7dd7b0861dfeb36bb1749d12533991e66c0d942281ae13ab", + "result" : "valid" + }, + { + "tcId" : 380, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c6f9fc8644ba5c9ea9beb12ce2cb911c5487e8b1be91d5a168318f4ae44d66807bc337a1c82e3c5f7a2927987b8fae13627237d220fafb4013123bfbd95f0ba5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f43bfe4eccc24ebf6e36c5bcaca47b770c17bcb59ea788b15c74ae6c9dd055a1", + "result" : "valid" + }, + { + "tcId" : 381, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d3179fce5781d0c49ce8480a811f6f08e3f123d9f6010fbf619b5d868a8ea833ddf9a666bf0015b20e4912f70f655ef21b82087596aa1e2f1e2865350d159185", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "009bc3abb3cf0aca214f0e8db5088d520b3d4aadb1d44c4a2be7f031461c9420", + "result" : "valid" + }, + { + "tcId" : 382, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200049e098095463c91ac7107a920ccb276d45e1f7240ef2b93b957ee09393d32e001503af4a2e3b26279564fed8e772a043e75630e4e3859976ede88ffcf16f5ca71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8bcb07a3d0fa82af60c88a8d67810ebca0ea27548384e96d3483310212219312", + "result" : "valid" + }, + { + "tcId" : 383, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bf3034a9935182da362570315011544ac2ce8a9c22777c2fc767ac9c5c0daeebcf333562f3e018892374353674de8490fc9d30426598eb600779154baf2aec17", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a09ddc7cfe023acd9571ef0754010289c804678c043f900f2691dd801b942ed4", + "result" : "valid" + }, + { + "tcId" : 384, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004709c7179c2bb27ce3985ba42feb870f069dacead9294c80557be882fb57790481e6fe2c1a715163efaf86ea8b1e55ea5742d6b042e6cbf8acc69c99f8271a902", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "da98054d51ac9615e9d4f5ceda1f1bad40302ac11603431efec13ab50e32fcf2", + "result" : "valid" + }, + { + "tcId" : 385, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004264c00a2d92514a6dbe655de3c71a5740cec4fcb251aa48ca6745dbea6f5f7cfc1d5ee9fc3ce49fd4509d33c4dcfcc1a20a660529fa9ebd6e6afc3d5c84c72bb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d60795d8f310b155726534b8be3d0b8a7bc2ced468c6e64c8b9ae087b33ee00b", + "result" : "valid" + }, + { + "tcId" : 386, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a12124606bcbbb33cecec7fc8d78b3897192ca851560c539e47dd276c63bd3c2f20a0ca618ba0131a2e373f31f73b3f55e9188d46fddbc6387e32aefb9f3ba12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "675fef8f5680bf76220e91362613944099046b0ba07e5824e93f3e3cc2cc2758", + "result" : "valid" + }, + { + "tcId" : 387, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004244b7afe7f31289f9d6aaeb7f70d29a7b49a228c7bb202764aba94daaaa3332270c60975748f0c749a8b0f8fc1e222ddcbd3384f6d68f0b6b6ff679b435cdcb1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "76b439f8ea7b42f11cd59e6d91b2d2a72577c185386b6af6639be8e3864a7f27", + "result" : "valid" + }, + { + "tcId" : 388, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042ac29db2ebc4fa9473b42bd335a60226579cc186b2c676a3b01bc60e589616165aa9c0d1b240e6dd4211e3235425634b278ad88fede0337d5acf3136587d8413", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "56e63fa788121d5efa0ce3caf4605af18d48c631496cdfa862c43ecf5e5fc127", + "result" : "valid" + }, + { + "tcId" : 389, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e62aee5205a8063e3ae401d53e9343001e55eb5f4e4d6b70e2b84159cf3157e64ba2e420cabc43b6e8e86590fc2383d17827dd99a60c211f190a74269100c141", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "cff3b5e19ed67e5111dd76e310a1f11d7f99a93fbe9cc5c6f3384086cacd1142", + "result" : "valid" + }, + { + "tcId" : 390, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000431dce6de741f10267f2e8f3d572a4f49be5fe52ff7bff3c3b4646f38076c06752702a515a9a50db1d86fd42aea0834daeb62be03d0cd9033f84b9c4b56a19f12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e29483884a74fb84f4601654885a0f574691394f064ea6937a846175ef081fc5", + "result" : "valid" + }, + { + "tcId" : 391, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046518cd66b1d841e689d5dc6674c7cc7d964574d1490fff7906bd373494791599104277170692fa6bf2270580d56d1bc81b54f477d8ab6c3f5842650ac7176d71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9c6a4bcb2fc086aca8726d850fa79920214af4c151acea0fcf12a769ad1f3574", + "result" : "valid" + }, + { + "tcId" : 392, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004952a88ce31ad4cb086978e6c5621c3d8023b2c11418d6fd0dcef8de72123efc15d367688fde5e082f097855a0c0adc305dd6cf46f50ca75859bb243b70249605", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "34b7abc3f3e36e37e2d5728a870a293a16403146ca67ff91cbabeee2bb2e038b", + "result" : "valid" + }, + { + "tcId" : 393, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042a43f33573b619719099cf54f6cccb28d16df3992239fadf79c7acb9c64f7af0f4d1d22af7187c8de1b992a4046c419b801cde57d638d30f2e1ac49353117a20", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9bd1284f1bcb1934d483834cae41a77db28cd9553869384755b6983f4f3848a0", + "result" : "valid" + }, + { + "tcId" : 394, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041b1b0c75408785e84727b0e55e4ba20d0f2599c4ed08482dc1f3b5df545691380162f954534eadb1b4ea95c57d40a10214e5b746ee6aa4194ed2b2012b72f97d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "167e3db6a912ac6117644525911fc8872ed33b8e0bbd50073dd3c17a744e61e0", + "result" : "valid" + }, + { + "tcId" : 395, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200044dd1283bccd36cc3402f3a81e2e9b0d6a2b2b1debbbd44ffc1f179bd49cf0a7e604f8174e3605b8f18bed3742b6871a8cffce006db31b8d7d836f50cfcda7d16", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7c3020e279cb5af14184b4653cc87c1ddd7f49cd31cd371ae813681dd6617d0e", + "result" : "valid" + }, + { + "tcId" : 396, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a499dbf732e438be0eb084b9e6ad879dd7a2904bbb004b40027969a171f2d4267bc337a1c82e3c5f7a2927987b8fae13627237d220fafb4013123bfbd95f0ba5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "acfdff566b8b55318869fa646f789f8036d40b90f0fc520ae2a5a27544f962c0", + "result" : "valid" + }, + { + "tcId" : 397, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004adcf0ffba9cb6ef0c8031c4291a434b18d78f42e45e62ba01fbe91f9273f0ad1ddf9a666bf0015b20e4912f70f655ef21b82087596aa1e2f1e2865350d159185", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5c6b01cff4e6ce81a630238b5db3662e77fb88bffdde61443a7d8554ba001ef2", + "result" : "valid" + }, + { + "tcId" : 398, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000421712725d9806acf54d3a6c82bf93c0fe249268ca9f42eceac19e93a5eab8056503af4a2e3b26279564fed8e772a043e75630e4e3859976ede88ffcf16f5ca71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e7281d12b74b06eecb273ec3e0d8fe663e9ec1d5a50c2b6c68ec8b3693f23c4c", + "result" : "valid" + }, + { + "tcId" : 399, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041e02176824bd31eabdce03a9403c7d3c2ac631f9b0e88d9a924701c1b2f29b85cf333562f3e018892374353674de8490fc9d30426598eb600779154baf2aec17", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "80643ed8b9052a2e746a26d9178fe2ccff35edbb81f60cd78004fb8d5f143aae", + "result" : "valid" + }, + { + "tcId" : 400, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000463e7a1af36d6b540a49276aac3fec9cb45ed6bab167c06b0419a77b91399f6181e6fe2c1a715163efaf86ea8b1e55ea5742d6b042e6cbf8acc69c99f8271a902", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "75873ac544ad69d3ddc5c9cffe384d275e9da2949d6982da4b990f8bf2b76474", + "result" : "valid" + }, + { + "tcId" : 401, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041e265ab5b7f7199470e532653d2a7b9a8b728970b838137c9692ed0692897b2ac1d5ee9fc3ce49fd4509d33c4dcfcc1a20a660529fa9ebd6e6afc3d5c84c72bb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "355c9faca29cf7cc968853ee29ffe62d1127fcc1dc57e9ddaf0e0f447146064e", + "result" : "valid" + }, + { + "tcId" : 402, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000454d2a4394c109fcbd3cb9886fec3add51ba4d2e44e1d5676e4b98f0c13655fc5f20a0ca618ba0131a2e373f31f73b3f55e9188d46fddbc6387e32aefb9f3ba12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "fc175a5ef18595b69e45be2cda8ae00d9c8bdbefbcf7f692f91cefdc560e4722", + "result" : "valid" + }, + { + "tcId" : 403, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000493f1459207fb09c6f0a88c398ac80d1052a4cd33e7eef5687da99ab97c6024b770c60975748f0c749a8b0f8fc1e222ddcbd3384f6d68f0b6b6ff679b435cdcb1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "46559146a93aae904dbcaaaa07e6cd1bb450f1b37c83929a994b45792333d5f6", + "result" : "valid" + }, + { + "tcId" : 404, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200041fa049a1892b679857c6dff08af19db70cbc99b6f2d7bc51a341fe79d1647f4a5aa9c0d1b240e6dd4211e3235425634b278ad88fede0337d5acf3136587d8413", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c64b07119054a37961c0a177158256081b38b0087b307e0cad7e30d790ceb0ce", + "result" : "valid" + }, + { + "tcId" : 405, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000484e0b192d60abf531e828e887d366d869e1033a16e9c7f1167458c8134c10fba4ba2e420cabc43b6e8e86590fc2383d17827dd99a60c211f190a74269100c141", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bea8cfc0bee8571ccf0c525654ef26d1fc782bb22deccf67ea4ea0803dc15daf", + "result" : "valid" + }, + { + "tcId" : 406, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042f9707c67118724111efbbbbf06b623ab2ffd9259ddc354fcaaf81ba01f6fa7b2702a515a9a50db1d86fd42aea0834daeb62be03d0cd9033f84b9c4b56a19f12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "60451da4adfe5bb393109069efdc84415ec8a2c429955cbf22a4340f8fc48936", + "result" : "valid" + }, + { + "tcId" : 407, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ac1fbbe42293a9f9ae104ee2da0b0a9b3464d5d8b1e854df19d3c4456af8f9a6104277170692fa6bf2270580d56d1bc81b54f477d8ab6c3f5842650ac7176d71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d68e746f3d43feac5fd4898de943dc38205af7e2631ed732079bbfc8ab52511c", + "result" : "valid" + }, + { + "tcId" : 408, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bae10cf93ff7b72d6ed98519602e9f03aa40303fa0674fb3ddee7d2db1c92bb25d367688fde5e082f097855a0c0adc305dd6cf46f50ca75859bb243b70249605", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "28daeaadc609386d770dff4c7120b2a87cab3e21fdb8a6e4dc1240a51d12e55c", + "result" : "valid" + }, + { + "tcId" : 409, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004edb4288cf5567673d50a1cd9e6bea45317823f30383f60d9bc3b9ee42ac29871f4d1d22af7187c8de1b992a4046c419b801cde57d638d30f2e1ac49353117a20", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bb4110b734c8ef8a08bb6011acb35cbda9ae8e2ef6c4d0862576a68792667bb9", + "result" : "valid" + }, + { + "tcId" : 410, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000413233e80f59ac2b59737e87877782ab3027c490df8ac0bf3f3ef1633872eec540162f954534eadb1b4ea95c57d40a10214e5b746ee6aa4194ed2b2012b72f97d", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e25c50037ca1913851b9758752659fb61c02d2a7c6b6aae29bda301907d99f5d", + "result" : "valid" + }, + { + "tcId" : 411, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043cd14f7e4b779615bc7ccee47e7f2b07394bf8f98503263411a549264a8fcf19604f8174e3605b8f18bed3742b6871a8cffce006db31b8d7d836f50cfcda7d16", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "ad259f01e953263f40a39b14a538d076710c19207af936feabdf03bda7f067a5", + "result" : "valid" + }, + { + "tcId" : 412, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004946c278288616aa34790ca193686e745d3d58702866ddf1e95550711a9bfbdb87bc337a1c82e3c5f7a2927987b8fae13627237d220fafb4013123bfbd95f0ba5", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5ec6025ac7b25c0f095f3fdee3e2e508bd1437b9705c2543c0e5af1c1d363ffd", + "result" : "valid" + }, + { + "tcId" : 413, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047f195035feb2c04a9b149bb2ed3c5c458e95e7f7c418c4a07ea6107e4e32455addf9a666bf0015b20e4912f70f655ef21b82087596aa1e2f1e2865350d159185", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a2f93a84574a26b43880cde6ed440c7f7cc72c92504d5271999a8a78ffe3491d", + "result" : "valid" + }, + { + "tcId" : 414, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000440855844e04303843a24b01707544d1bbf97673266e03d77fbf80d8b64219bd8503af4a2e3b26279564fed8e772a043e75630e4e3859976ede88ffcf16f5ca71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8d0cdb4977ba7661d41036aeb7a5f2dd207716d5d76eeb26629043c559ec2900", + "result" : "valid" + }, + { + "tcId" : 415, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000422cdb3ee47f14b3b0c0c8c256fb22e79126b436a2c9ff635a65151a0f0ffb1bfcf333562f3e018892374353674de8490fc9d30426598eb600779154baf2aec17", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "defde4aa48f89b03f623ea1f946f1aa938c5aab879ca6319596926f085578edc", + "result" : "valid" + }, + { + "tcId" : 416, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042b7becd7066e22f121e7cf123d48c5445037c5a756ef314a66a7001636ee75cf1e6fe2c1a715163efaf86ea8b1e55ea5742d6b042e6cbf8acc69c99f8271a902", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "afe0bfed69a600163865406127a8972b613232aa4c933a06b5a5b5bcff1596f8", + "result" : "valid" + }, + { + "tcId" : 417, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bb8da4a76ee3d1c4b33477bc8663def167a126c422ad47f6c2f8b539c6808936c1d5ee9fc3ce49fd4509d33c4dcfcc1a20a660529fa9ebd6e6afc3d5c84c72bb", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f49bca7a6a5256ddf712775917c30e4873153469bae12fd5c5571031db7b1205", + "result" : "valid" + }, + { + "tcId" : 418, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040a0c37664823a5005d659f7c73c39ea172c862969c81e44f36c89e7c265ec8a8f20a0ca618ba0131a2e373f31f73b3f55e9188d46fddbc6387e32aefb9f3ba12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9c88b611b7f9aad33fabb09cff618bb1ca6fb904a289b1481da3d1e4e72589e4", + "result" : "valid" + }, + { + "tcId" : 419, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000447c33f6f78d3cd9971ecc50e7e2ac947f8c1103f9c5f0821379bd06ad8fca45670c60975748f0c749a8b0f8fc1e222ddcbd3384f6d68f0b6b6ff679b435cdcb1", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "42f634c06c4a0e7e956db6e86666603d26374cc74b11026f0318d1a25681a712", + "result" : "valid" + }, + { + "tcId" : 420, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b59d18ab8b0f9dd33484f43c3f6860229ba6a4c25a61cd0aaca23b76d60566cf5aa9c0d1b240e6dd4211e3235425634b278ad88fede0337d5acf3136587d8413", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "e2ceb946e7993f27a4327abdf61d4f06577e89c63b62a24aefbd905710d18669", + "result" : "valid" + }, + { + "tcId" : 421, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000494f4601b244d3a6ea6996fa244364f794399e0ff4316157db6023222fc0d90be4ba2e420cabc43b6e8e86590fc2383d17827dd99a60c211f190a74269100c141", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "71637a5da2412a921f1636c69a6ee81083ee2b0e13766ad122791ef6f771896d", + "result" : "valid" + }, + { + "tcId" : 422, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200049e8c115b1ac87d986ee1b506b86a4e7b8ea041aa6a63d6ec80ec0f0cf69cfb3f2702a515a9a50db1d86fd42aea0834daeb62be03d0cd9033f84b9c4b56a19f12", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bd265ed3078ca8c7788f594187c96c675aa623ecd01bfcad62d76a7881334f63", + "result" : "valid" + }, + { + "tcId" : 423, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004eec776b52b94141fc819d4b6b12d28e73555b5560507aba7df6f0484008de91f104277170692fa6bf2270580d56d1bc81b54f477d8ab6c3f5842650ac7176d71", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8d073fc592fb7aa6f7b908ed07148aa7be5a135c4b343ebe295198cba78e71ce", + "result" : "valid" + }, + { + "tcId" : 424, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004aff46a388e5afc220a8eec7a49af9d245384a3af1e0b407b4521f4e92d12dceb5d367688fde5e082f097855a0c0adc305dd6cf46f50ca75859bb243b70249605", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a26d698e4613595aa61c8e2907d5241d6d14909737df59895841d07727bf1348", + "result" : "valid" + }, + { + "tcId" : 425, + "comment" : "point with coordinate y = 1 in left to right addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e807e43d96f3701a9a5c13d122749084170fcd36a586a446c9fcb4600eede4fdf4d1d22af7187c8de1b992a4046c419b801cde57d638d30f2e1ac49353117a20", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a8edc6f9af6bf74122c11ca1a50afbc4a3c4987bd0d1f73284d2c1371e613405", + "result" : "valid" + }, + { + "tcId" : 426, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004798868a56916d341e7d6f96359ae3658836e221459f4f7b7b63694de18a5e9247713fdb03a8de8c6d29ca38a9fbaa82e5e02bead2f9eec69b6444b7adb05333b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "17963de078996eb8503c7cc3e1a2d5147d7f0bfb251a020b4392033063587c8d", + "result" : "valid" + }, + { + "tcId" : 427, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ff419909d8a8ce0a9416051f4e256208c1dc035581a53312d566137e22104e9877421ab01e00e83841b946dae5bb5a23973daa98fe1a8172883abcbedced7021", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "062799a19545d31b3ed72253bcde59762aa6104a88ac5e2fb68926b0f7146698", + "result" : "valid" + }, + { + "tcId" : 428, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200048b48119d7089d3b95cd2eaf8c85584fa8f5e56c4c4ccee7037d74cdbf88e571714c1aac5f0bf1b48a4abcf1d9291b9a8776a004380546a5a1c1f294690f61969", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9f42dd8fce13f8103b3b2bc15e61242e6820fe1325a20ef460fe64d9eb12b231", + "result" : "valid" + }, + { + "tcId" : 429, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e2888119379b5b2151bd788505def1d6bd786329431caf39705d9cbf96a42ea43bb7328839d2aecac64b1cdb182f08adccaac327ed008987a10edc9732413ced", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "d1b204e52d1fac6d504132c76ca233c87e377dcc79c893c970ddbb9f87b27fa0", + "result" : "valid" + }, + { + "tcId" : 430, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200046dcc3971bd20913d59a91f20d912f56d07e7f014206bef4a653ddfe5d12842c39b51b17b76ea6cc137eebd93c811e636d8ae26c70d064650f7205a865d01a6ee", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c8d6bd28c1e65ae7c7a5debe67a7dfaf92b429ede368efc9da7d578a539b7054", + "result" : "valid" + }, + { + "tcId" : 431, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200047ebea45854569a1f7ea6b95b82d6befefbf6296ebc87c810b6cba93c0c1220b23f1874fa08a693b086643ef21eb59d75562da9422d13d9a39b0b17e241b04d32", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0d1f905cc74720bde67ae84f582728588c75444c273dae4106fa20d1d6946430", + "result" : "valid" + }, + { + "tcId" : 432, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ceab5937900d34fa88378d371f4acaa7c6a2028b6143213413f16ba2dc7147877713fdb03a8de8c6d29ca38a9fbaa82e5e02bead2f9eec69b6444b7adb05333b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3f014e309192588fa83e47d4ac9685d2041204e2eaf633a1312812e51ae74cbd", + "result" : "valid" + }, + { + "tcId" : 433, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004a4ffea5e25f75e4f689c81084a35c1220e8e6b914c482f4a2e8f93cffca6964777421ab01e00e83841b946dae5bb5a23973daa98fe1a8172883abcbedced7021", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "68b404d556c82004c6c4bba4518ec00b1d4f1161cafe6c89aeb8494a9ba09db5", + "result" : "valid" + }, + { + "tcId" : 434, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004de8809ea0ecce1d24a0431429510383a6f6e5a1c51cea32d830c6c353042603e14c1aac5f0bf1b48a4abcf1d9291b9a8776a004380546a5a1c1f294690f61969", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c331ade7a457df7f12a2f5c43d7ea9486c1563b81cd8a0f23f923c1a9fa612e3", + "result" : "valid" + }, + { + "tcId" : 435, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004566209f174d6bf79720b70edb27e51350beeb2b0bcd083bbae7214f71cf824d43bb7328839d2aecac64b1cdb182f08adccaac327ed008987a10edc9732413ced", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "17b5c7a311eea9d2ab7571f8b9f848d4705997cf3eaf9bdcbe0e34a670f81f45", + "result" : "valid" + }, + { + "tcId" : 436, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004cc3181c0127137536ceec94fd45996657df72e0f97c44b9dad14763ce506e9dc9b51b17b76ea6cc137eebd93c811e636d8ae26c70d064650f7205a865d01a6ee", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "2f0e4eccbc4518ace558e06604f9bff4787f5b019437b52195ecb6b82191a6ae", + "result" : "valid" + }, + { + "tcId" : 437, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d7052a1eeafc0e78d79e7f26003aa0a409287cf476007df28d281b142be1a0e23f1874fa08a693b086643ef21eb59d75562da9422d13d9a39b0b17e241b04d32", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7494d864cb6ea9c5d982d40a5f103700d02dc982637753cfc7d8afe1beafff70", + "result" : "valid" + }, + { + "tcId" : 438, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004b7cc3e2306dbf7c38ff179658706feffb5efdb6044c7e71435d7ff7d0ae8c7b37713fdb03a8de8c6d29ca38a9fbaa82e5e02bead2f9eec69b6444b7adb05333b", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "a96873eef5d438b807853b6771c6a5197e6eef21efefca538b45e9e981c032e5", + "result" : "valid" + }, + { + "tcId" : 439, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200045bbe7c98015fd3a6034d79d867a4dcd52f95911932129da2fc0a58afe149137f77421ab01e00e83841b946dae5bb5a23973daa98fe1a8172883abcbedced7021", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9124618913f20cdffa642207f192e67eb80ade53ac5535469abe90036d4af7e2", + "result" : "valid" + }, + { + "tcId" : 440, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004962fe47880a94a745928e3c4a29a42cb01334f1ee9646e62451c46ecd72f410914c1aac5f0bf1b48a4abcf1d9291b9a8776a004380546a5a1c1f294690f61969", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9d8b74888d942870b221de7a642032892bc99e34bd8550195f6f5f097547334a", + "result" : "valid" + }, + { + "tcId" : 441, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c71574f5538de5653c37168d47a2bcf43698ea260012cd0ae1304e474c63a4e63bb7328839d2aecac64b1cdb182f08adccaac327ed008987a10edc9732413ced", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "16983377c0f1a9c004495b3fd9658363116eea644787d059d1140fb907555d4a", + "result" : "valid" + }, + { + "tcId" : 442, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c60244ce306e376f3968178f5293742d7a20e1dc47cfc517edada9db49d0cbbf9b51b17b76ea6cc137eebd93c811e636d8ae26c70d064650f7205a865d01a6ee", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "081af40a81d48c6b530140db935e605bf4cc7b10885f5b148f95f1bc8ad2e52d", + "result" : "valid" + }, + { + "tcId" : 443, + "comment" : "point with coordinate y = 1 in precomputation or right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004aa3c3188c0ad5767a9bac77e7ceea05cfae1599ccd77b9fcbc0c3badc80c36ca3f1874fa08a693b086643ef21eb59d75562da9422d13d9a39b0b17e241b04d32", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "7e4b973e6d4a357c400243a648c8a0a6a35cf231754afdef312d2f4b6abb988f", + "result" : "valid" + }, + { + "tcId" : 444, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200042cce8ddfe4827dc030ddf38f998b3f2ed5e0621d0b3805666daf48c8c31e75e5198d9ef4e973b6bdebe119a35faae86191acd758c1ed8accaf1e706ad55d83d7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0f0235da2a06c8d408c27151f3f15342ed8c1945aaf84ed14993786d6ac5f570", + "result" : "valid" + }, + { + "tcId" : 445, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000414bfc3e5a46b69881a9a346d95894418614ed91476a1ddce48676b7cbab9ba02f334d64f2caf561b063bc1f7889e937302a455ff685d8ae57cb2444a17dad068", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "5622c2fbe8af5ad6cef72a01be186e554847576106f8979772fa56114d1160ab", + "result" : "valid" + }, + { + "tcId" : 446, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bd442fa5a2a8d72e13e44fd2222c85a006f03375e0211b272f555052b03db750be345737f7c6b5e70e97d9fe9dc4ca94fb185f4b9d2a00e086c1d47273b33602", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "bb95e0d0fbaad86c5bd87b95946c77ff1d65322a175ccf16419102c0a17f5a72", + "result" : "valid" + }, + { + "tcId" : 447, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040d7a3ff49bda6a587ed07691450425aa02d253ba573a16ad86c61af412dd3c770b6d3b9e570ba004877c9a69e481fe215de03a70126305a452826e66d9b5583e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "4510683c7bfa251f0cb56bba7e0ab74d90f5e2ca01e91e7ca99312ccff2d90b6", + "result" : "valid" + }, + { + "tcId" : 448, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bdea5d2a3adde7df2e839ff63f62534b3f27cb191bb54dfa1d39cbff713ba9ed307d8f1d02c6f07146655e6383b0ef3035bee7067c336fdb91365e197a97b616", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "025485142ca1ced752289f772130fc10c75a4508c46bffdef9290ad3e7baf9ca", + "result" : "valid" + }, + { + "tcId" : 449, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004d4c063e3c036f47c92f6f5470a26a835e1a24505b14d1b29279062a16cf6f489198d9ef4e973b6bdebe119a35faae86191acd758c1ed8accaf1e706ad55d83d7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "9067932150724965aa479c1ef1be55544bed9fa94500a3b67887ed91ae3b81e5", + "result" : "valid" + }, + { + "tcId" : 450, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200043cb9f07997756859e9b9a85b681fa50ee20357f535c1b311c4637d16b76b9ebff334d64f2caf561b063bc1f7889e937302a455ff685d8ae57cb2444a17dad068", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "f8084a89adccdc3aef89e5091a0f07d6160a66cb9575241100c1d39bf0549ae2", + "result" : "valid" + }, + { + "tcId" : 451, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004793412ff636c08a2d0f6d60cc608e9a9098349a2501f91c95f692010bc1238b2be345737f7c6b5e70e97d9fe9dc4ca94fb185f4b9d2a00e086c1d47273b33602", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "4462558c89902117051cb2c599ad66f00887b54cae3da9c04d317a5b2afb463b", + "result" : "valid" + }, + { + "tcId" : 452, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004bd1eb0849e2e6a13d54b76518f11ba8775c2d7634d85152534bc7c3af4161efa0b6d3b9e570ba004877c9a69e481fe215de03a70126305a452826e66d9b5583e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "30b4741a64f87d28ec0029bd196b5a74555f2c9a976a46d628572474466a631d", + "result" : "valid" + }, + { + "tcId" : 453, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004624b3b4ba993a8b938125689f6cf757392ee390d14a90fea6db944b5a8deb8d0307d8f1d02c6f07146655e6383b0ef3035bee7067c336fdb91365e197a97b616", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "3afc04ac92117e50b0913b09dbbb4e6c780c051500201fad512b79080bff39e2", + "result" : "valid" + }, + { + "tcId" : 454, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fe710e3c5b468dc33c2b17295c4e189b487d58dd437adf706ac05493cfea8df0198d9ef4e973b6bdebe119a35faae86191acd758c1ed8accaf1e706ad55d83d7", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "609637048586edc64cf5f28f1a505768c686471110070d783de499ffe6fe84da", + "result" : "valid" + }, + { + "tcId" : 455, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004ae864ba0c41f2e1dfbac2337025716d8bcadcef6539c6f1ff335176b8ddaa36ef334d64f2caf561b063bc1f7889e937302a455ff685d8ae57cb2444a17dad068", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "b1d4f27a6983c8ee417ef0f527d889d4a1ae41d3639244578c43d650c299fcd1", + "result" : "valid" + }, + { + "tcId" : 456, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004c987bd5af9eb202f1b24da2117ca90b6ef8c82e7cfbf530f71418f9a93b0085cbe345737f7c6b5e70e97d9fe9dc4ca94fb185f4b9d2a00e086c1d47273b33602", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "0007c9a27ac5067c9f0ad1a4d1e62110da1318893a658729713d82e333855b82", + "result" : "valid" + }, + { + "tcId" : 457, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000435670f86c5f72b93abe4131d2bea1fce876ad4e25b40d42d447d68cff90ca0be0b6d3b9e570ba004877c9a69e481fe215de03a70126305a452826e66d9b5583e", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "8a3b23a91f0d5db8074a6a886889ee3e19aaf09b66ac9aad2e15c8bdba68085c", + "result" : "valid" + }, + { + "tcId" : 458, + "comment" : "point with coordinate y = 1 in right to left addition chain", + "flags" : [ + "EdgeCaseDoubling" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004dfca678a1b8e6f67996a097fc9ce37412de9fbd9cfa1a21b750cef48e5e595a1307d8f1d02c6f07146655e6383b0ef3035bee7067c336fdb91365e197a97b616", + "private" : "00c1781d86cac2c052b865f228e64bd1ce433c78ca7dfca9e8b810473e2ce17da5", + "shared" : "c2af763f414cb2d7fd46257f0313b582c099b5e23b73e073b5ab7c230c45c883", + "result" : "valid" + }, + { + "tcId" : 459, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "03", + "shared" : "34005694e3cac09332aa42807e3afdc3b3b3bc7c7be887d1f98d76778c55cfd7", + "result" : "valid" + }, + { + "tcId" : 460, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "shared" : "5841acd3cff2d62861bbe11084738006d68ccf35acae615ee9524726e93d0da5", + "result" : "valid" + }, + { + "tcId" : 461, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "0100000000000000000000000000000000000000000000000000000000000000", + "shared" : "4348e4cba371ead03982018abc9aacecaebfd636dda82e609fd298947f907de8", + "result" : "valid" + }, + { + "tcId" : 462, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "shared" : "e56221c2b0dc33b98b90dfd3239a2c0cb1e4ad0399a3aaef3f9d47fb103daef0", + "result" : "valid" + }, + { + "tcId" : 463, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "008000000000000000000000000000000000000000000000000000000000000000", + "shared" : "5b34a29b1c4ddcb2101162d34bed9f0702361fe5af505df315eff7befd0e4719", + "result" : "valid" + }, + { + "tcId" : 464, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03abfd25e8cd0364141", + "shared" : "cece521b8b5a32bbee38936ba7d645824f238e561701a386fb888e010db54b2f", + "result" : "valid" + }, + { + "tcId" : 465, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfc25e8cd0364141", + "shared" : "829521b79d71f5011e079756b851a0d5c83557866189a6258c1e78a1700c6904", + "result" : "valid" + }, + { + "tcId" : 466, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfca5e8cd0364141", + "shared" : "8c5934793505a6a1f84d41283341680c4923f1f4d562989a11cc626fea5eda5a", + "result" : "valid" + }, + { + "tcId" : 467, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8bd0364141", + "shared" : "356caee7e7eee031a15e54c3a5c4e72f9c74bb287ce601619ef85eb96c289452", + "result" : "valid" + }, + { + "tcId" : 468, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03640c3", + "shared" : "09c7337df6c2b35edf3a21382511cc5add1a71a84cbf8d3396a5be548d92fa67", + "result" : "valid" + }, + { + "tcId" : 469, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364103", + "shared" : "d16caedd25793666f9e26f5331382106f54095b3d20d40c745b68ca76c0e6983", + "result" : "valid" + }, + { + "tcId" : 470, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364123", + "shared" : "b8ae1e21d8b34ce4caffed7167a26868ec80a7d4a6a98b639d4d05cd226504de", + "result" : "valid" + }, + { + "tcId" : 471, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364133", + "shared" : "02776315fe147a36a4b0987492b6503acdea60f926450e5eddb9f88fc82178d3", + "result" : "valid" + }, + { + "tcId" : 472, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413b", + "shared" : "3988c9c7050a28794934e5bd67629b556d97a4858d22812835f4a37dca351943", + "result" : "valid" + }, + { + "tcId" : 473, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413e", + "shared" : "34005694e3cac09332aa42807e3afdc3b3b3bc7c7be887d1f98d76778c55cfd7", + "result" : "valid" + }, + { + "tcId" : 474, + "comment" : "edge case private key", + "flags" : [ + "AdditionChain" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000432bdd978eb62b1f369a56d0949ab8551a7ad527d9602e891ce457586c2a8569e981e67fae053b03fc33e1a291f0a3beb58fceb2e85bb1205dacee1232dfd316b", + "private" : "00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f", + "shared" : "4b52257d8b3ba387797fdf7a752f195ddc4f7d76263de61d0d52a5ec14a36cbf", + "result" : "valid" + }, + { + "tcId" : 475, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 476, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 477, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 478, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000000000000000000000000000000000000000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 479, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 480, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 481, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 482, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a034200040000000000000000000000000000000000000000000000000000000000000001fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 483, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e0000000000000000000000000000000000000000000000000000000000000000", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 484, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e0000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 485, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2efffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 486, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2efffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 487, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f0000000000000000000000000000000000000000000000000000000000000000", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 488, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f0000000000000000000000000000000000000000000000000000000000000001", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 489, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 490, + "comment" : "point is not on curve", + "flags" : [ + "InvalidCurveAttack" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2ffffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 491, + "comment" : "", + "flags" : [ + "InvalidEncoding" + ], + "public" : "3015301006072a8648ce3d020106052b8104000a030100", + "private" : "00c6cafb74e2a50c83b3d232c4585237f44d4c5433c4b3f50ce978e6aeda3a4f5d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 492, + "comment" : "public key has invalid point of order 2 on secp256r1. The point of the public key is a valid on secp256k1.", + "flags" : [ + "WrongCurve" + ], + "public" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004ffffffff00000001000000000000000000000000ffffffffffffffffffffffff32d98e0d77dd0e543770ec994c0ae837e7bb36eb1d910b58a14a2a08dc182f83", + "private" : "3b25129f3410ec89cc6dc539fd7601873ba6abf72a6d023f1aa9041765430ee6", + "shared" : "1d3fc2b2e48b3e96c6323380fadb467825e69f5b9078a9e02173b477bc232cc1", + "result" : "invalid" + }, + { + "tcId" : 493, + "comment" : "public key has invalid point of order 2 on FRP256v1. The point of the public key is a valid on secp256k1.", + "flags" : [ + "WrongCurve" + ], + "public" : "305b301506072a8648ce3d0201060a2a817a01815f6582000103420004f1fd178c0b3ad58f10126de8ce42435b3961adbcabc8ca6de8fcf353d86e9c03247e9edb2a633201dfc68fbd34556690db38ef76732f8a9052ee40d84e2ec35b", + "private" : "485dea32cd245db99d88e1852587c161b81abeabb151ad3fc1e4dd2f591e9936", + "shared" : "0a373d77057a50e3aad60b1e51bc017523dc2bdfef1c07cf4ed8393839224d0a", + "result" : "invalid" + }, + { + "tcId" : 494, + "comment" : "public point not on curve", + "flags" : [ + "ModifiedPublicPoint", + "InvalidPublic" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e4", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 495, + "comment" : "public point = (0,0)", + "flags" : [ + "ModifiedPublicPoint", + "InvalidPublic" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a0342000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 496, + "comment" : "order = -115792089237316195423570985008687907852837564279074904382605163141518161494337", + "flags" : [ + "WrongOrder", + "InvalidPublic", + "UnnamedCurve" + ], + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b80221ff000000000000000000000000000000014551231950b75fc4402da1732fc9bebf0201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid" + }, + { + "tcId" : 497, + "comment" : "order = 0", + "flags" : [ + "WrongOrder", + "InvalidPublic", + "UnnamedCurve" + ], + "public" : "308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b80201000201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid" + }, + { + "tcId" : 498, + "comment" : "order = 1", + "flags" : [ + "WrongOrder", + "UnusedParam", + "UnnamedCurve" + ], + "public" : "308201133081cc06072a8648ce3d02013081c0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b80201010201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable" + }, + { + "tcId" : 499, + "comment" : "order = 26959946667150639794667015087019630673536463705607434823784316690060", + "flags" : [ + "WrongOrder", + "UnusedParam", + "UnnamedCurve" + ], + "public" : "3082012f3081e806072a8648ce3d02013081dc020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8021d00fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8c0201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable" + }, + { + "tcId" : 500, + "comment" : "generator = (0,0)", + "flags" : [ + "ModifiedGenerator", + "UnusedParam", + "UnnamedCurve" + ], + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable" + }, + { + "tcId" : 501, + "comment" : "generator not on curve", + "flags" : [ + "ModifiedGenerator", + "UnusedParam", + "UnnamedCurve" + ], + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4ba022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable" + }, + { + "tcId" : 502, + "comment" : "cofactor = -1", + "flags" : [ + "NegativeCofactor", + "InvalidPublic", + "UnnamedCurve" + ], + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201ff0342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid" + }, + { + "tcId" : 503, + "comment" : "cofactor = 0", + "flags" : [ + "NegativeCofactor", + "InvalidPublic", + "UnnamedCurve" + ], + "public" : "308201303081e906072a8648ce3d02013081dd020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid" + }, + { + "tcId" : 504, + "comment" : "cofactor = 2", + "flags" : [ + "ModifiedCofactor", + "UnusedParam", + "UnnamedCurve" + ], + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201020342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable" + }, + { + "tcId" : 505, + "comment" : "cofactor = n", + "flags" : [ + "LargeCofactor", + "InvalidPublic", + "UnnamedCurve" + ], + "public" : "308201553082010d06072a8648ce3d020130820100020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "invalid" + }, + { + "tcId" : 506, + "comment" : "cofactor = None", + "flags" : [ + "ModifiedCofactor", + "UnusedParam", + "UnnamedCurve" + ], + "public" : "308201303081e906072a8648ce3d02013081dd020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable" + }, + { + "tcId" : 507, + "comment" : "modified prime", + "flags" : [ + "ModifiedPrime", + "InvalidPublic", + "UnnamedCurve" + ], + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fb524ac7055bebf603a4e216abaa6a9ef8eb2bbea2cd820e59d46d8501f6268b304404200000000000000000000000000000000000000000000000000000000000000000042000000000000000000000000000000000000000000000000000000000000000070441040000000000000000000006597fa94f5b8380000000000000000000000000000f229ba06e5c03dbcba0eec01b4bcca549cda86e507e8813b5bb2b42df88f12f47022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141020101034200040000000000000000000006597fa94f5b8380000000000000000000000000000f229ba06e5c03dbcba0eec01b4bcca549cda86e507e8813b5bb2b42df88f12f47", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "c5956b8cf7244e3c0457658a214210b358205cab12374d523ecf57895cecfeb0", + "result" : "invalid" + }, + { + "tcId" : 508, + "comment" : "using secp224r1", + "flags" : [ + "ModifiedGroup", + "InvalidPublic" + ], + "public" : "304e301006072a8648ce3d020106052b81040021033a0004074f56dc2ea648ef89c3b72e23bbd2da36f60243e4d2067b70604af1c2165cec2f86603d60c8a611d5b84ba3d91dfe1a480825bcc4af3bcf", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 509, + "comment" : "using secp256r1", + "flags" : [ + "ModifiedGroup", + "InvalidPublic" + ], + "public" : "3059301306072a8648ce3d020106082a8648ce3d03010703420004cbf6606595a3ee50f9fceaa2798c2740c82540516b4e5a7d361ff24e9dd15364e5408b2e679f9d5310d1f6893b36ce16b4a507509175fcb52aea53b781556b39", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 510, + "comment" : "a = 0", + "flags" : [ + "Modified curve parameter", + "UnusedParam", + "UnnamedCurve" + ], + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f3044042000000000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000000704410449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd03641410201010342000449c248edc659e18482b7105748a4b95d3a46952a5ba72da0d702dc97a64e99799d8cff7a5c4b925e4360ece25ccf307d7a9a7063286bbd16ef64c65f546757e2", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "380c53e0a509ebb3b63346598105219b43d51ae196b4557d59bbd67824032dff", + "result" : "acceptable" + }, + { + "tcId" : 511, + "comment" : "public key of order 3", + "flags" : [ + "WeakPublicKey", + "InvalidPublic", + "UnnamedCurve" + ], + "public" : "308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f304404209234b518bfe789f01e2389571299e39b4596c63a14d598659341dd313c65e08a04209d569a9efeeb4362b094d096024cba7b53d51dbc33818c8cdf37b9315d2e7bab044104fb6075d26c3501c014e48c79b3463cd768378c390d7e6eeb379717d490c4e63487fbca88e6867877e98f43ec02f4a0f45ef0f94310d8ee3d70a10280ce2ae6b3022100fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036414102010103420004fb6075d26c3501c014e48c79b3463cd768378c390d7e6eeb379717d490c4e63478043577197987881670bc13fd0b5f0ba10f06bcef2711c28f5efd7e31d5157c", + "private" : "00cfe75ee764197aa7732a5478556b478898423d2bc0e484a6ebb3674a6036a65d", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 512, + "comment" : "Public key uses wrong curve: secp224r1", + "flags" : [ + "WrongCurve" + ], + "public" : "304e301006072a8648ce3d020106052b81040021033a000450eb062b54940a455719d523e1ec106525dda34c2fd95ace62b9b16d315d323f089173d10c45dceff155942431750c00ca36f463828e9fab", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 513, + "comment" : "Public key uses wrong curve: secp256r1", + "flags" : [ + "WrongCurve" + ], + "public" : "3059301306072a8648ce3d020106082a8648ce3d0301070342000406372852584037722a7f9bfaad5661acb623162d45f70a552c617f4080e873aa43609275dff6dcaaa122a745d0f154681f9c7726867b43e7523b7f5ab5ea963e", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 514, + "comment" : "Public key uses wrong curve: secp384r1", + "flags" : [ + "WrongCurve" + ], + "public" : "3076301006072a8648ce3d020106052b81040022036200040ef5804731d918f037506ee00b8602b877c7d509ffa2c0847a86e7a2d358ba7c981c2a74b22401ac615307a6deb275402fa6c8218c3374f8a91752d2eff6bd14ad8cae596d2f37dae8aeec085760edf4fda9a7cf70253898a54183469072a561", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 515, + "comment" : "Public key uses wrong curve: secp521r1", + "flags" : [ + "WrongCurve" + ], + "public" : "30819b301006072a8648ce3d020106052b81040023038186000400921da57110db26c7838a69d574fc98588c5c07a792cb379f46664cc773c1e1f6fa16148667748ede232d1a1f1cea7f152c5d586172acbeaa48416bcbd70bb27f0f01b4477e1ae74bf4f093184a9f26f103712ccf6ceb45a0505b191606d897edaf872b37f0f90a933000a80fc3207048323c16883a3d67a90aa78bcc9c5e58d784b9b9", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 516, + "comment" : "Public key uses wrong curve: secp224k1", + "flags" : [ + "WrongCurve" + ], + "public" : "304e301006072a8648ce3d020106052b81040020033a000456dd09f8a8c19039286b6aa79d099ff3e35ff74400437d2072fd9faa7f2901db79d793f55268980f7d395055330a91b46bf4a62c3a528230", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 517, + "comment" : "Public key uses wrong curve: brainpoolP224r1", + "flags" : [ + "WrongCurve" + ], + "public" : "3052301406072a8648ce3d020106092b2403030208010105033a00042c9fdd1914cacdb28e39e6fc24b4c3c666cc0d438acc4529a6cc297a2d0fdecb3028d9e4d84c711db352379c080c78659969bdc5d3218901", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 518, + "comment" : "Public key uses wrong curve: brainpoolP256r1", + "flags" : [ + "WrongCurve" + ], + "public" : "305a301406072a8648ce3d020106092b240303020801010703420004120e4db849e5d960741c7d221aa80fe6e4fcd578191b7f845a68a6fcb8647719a6fffb6165d8ec39389eecc530839c321b2e9040027fba5d9cb9311df7cd3d4d", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 519, + "comment" : "Public key uses wrong curve: brainpoolP320r1", + "flags" : [ + "WrongCurve" + ], + "public" : "306a301406072a8648ce3d020106092b2403030208010109035200040efb1c104938f59a931fe6bf69f7ead4036d2336075a708e66b020e1bc5bb6d9cdc86d4e8fa181d7c7ea1af28353044e8cec12eec75a6dd87a5dc902024d93f8c8d9bf43b453fd919151f9bd7bb955c7", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 520, + "comment" : "Public key uses wrong curve: brainpoolP384r1", + "flags" : [ + "WrongCurve" + ], + "public" : "307a301406072a8648ce3d020106092b240303020801010b036200043e96d75b79214e69a4550e25375478bdc9c2a9d0178a77b5700bd5f12e3ce142f50c93dc1ee7268456d7eae2d44b718d6f159e896ae14fbe3aba397801a95e2bb6a9a761e865b289dd9db64aa07c794cedf77328543b94c9b54ce0cf04c60ac8", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 521, + "comment" : "Public key uses wrong curve: brainpoolP512r1", + "flags" : [ + "WrongCurve" + ], + "public" : "30819b301406072a8648ce3d020106092b240303020801010d03818200044f191130740f1b75ae13402960eb22ea801db80ed51a461e06a7b3ba60c9bddd132a6465bbee8afd70cfb4495efbda4f1567b958e6e305bfcb4ac8f05172688e0f2f175aa12425be3ab7271b42f258639e868677d1163c12e641229f1e6427761c9e294de51db564151b21a051d2f7a13661852799557a556a5f3c51d36d083a", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 522, + "comment" : "Public key uses wrong curve: brainpoolP224t1", + "flags" : [ + "WrongCurve" + ], + "public" : "3052301406072a8648ce3d020106092b2403030208010106033a00044964b948cefa39cd769e3480d4840a3c58e966161be80df02d9aab33b4a318a32f30130224edcefe0dd64342404e594aa334995b179f641f", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 523, + "comment" : "Public key uses wrong curve: brainpoolP256t1", + "flags" : [ + "WrongCurve" + ], + "public" : "305a301406072a8648ce3d020106092b24030302080101080342000411157979c08bcd175d34572209a85f3f5d602e35bdc3b553b0f19307672b31ba69d0556bce48c43e2e7e6177055221a4c4b7eb17ee9708f49216de76d6e92ab8", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 524, + "comment" : "Public key uses wrong curve: brainpoolP320t1", + "flags" : [ + "WrongCurve" + ], + "public" : "306a301406072a8648ce3d020106092b240303020801010a035200048bb517e198930eba57293419876a8793f711de37c27f200e6fb2c2b13e9fabd4fbc42ad61751ca583031ba76cbc6d745d115addc74eab63bf415c4fa20dbbecae98ac3c3da1a041705cf8959e2ccf453", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 525, + "comment" : "Public key uses wrong curve: brainpoolP384t1", + "flags" : [ + "WrongCurve" + ], + "public" : "307a301406072a8648ce3d020106092b240303020801010c036200045eb38d0261b744b03abef4ae7c17bc886b5b426bd910958f8a49ef62053048f869541b7a05d244315fc9cd74271ec3d518d94114b6006017f4ed5e3c06322baa1c75809a1057ba6fa46d1e1a9927a262e627940d5da538b5a3d1d794d9c866a4", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 526, + "comment" : "Public key uses wrong curve: brainpoolP512t1", + "flags" : [ + "WrongCurve" + ], + "public" : "30819b301406072a8648ce3d020106092b240303020801010e0381820004035fc238e57d980beae0215fb89108f9c6c4afda5d920f9d0583ee7d65f8778ecfff24a31d4f32deb6ea5f7e3adb6affb9327a5e62e09cba07c88b119fd104a83b7811e958e393971a5c9417412070b9f18b03be37e81e0bca5d3ff0873ed1f3113ed0fc57a0344321fb4d6c43f2f6e630a3d3883efe4c21df3e0f0b1208226b", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 527, + "comment" : "Public key uses wrong curve: FRP256v1", + "flags" : [ + "WrongCurve" + ], + "public" : "305b301506072a8648ce3d0201060a2a817a01815f6582000103420004375e9438d4ab14e298a75eab1e2d51a9248c8ee0bbb24397cbd4651517faedd26d4ded568d2348a473aa5a7570107dc6fc60a2ce0c4143446b5b09ab3fcc7bb4", + "private" : "00dafa209e0f81119a4afa3f1bc46e2f7947354e3727c608b05c4950b10386643a", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 528, + "comment" : "invalid public key", + "flags" : [ + "InvalidCompressedPublic", + "CompressedPoint" + ], + "public" : "3036301006072a8648ce3d020106052b8104000a03220002977cb7fb9a0ec5b208e811d6a0795eb78d7642e3cac42a801bcc8fc0f06472d4", + "private" : "00d09182a4d0c94ba85f82eff9fc1bddb0b07d3f2af8632fc1c73a3604e8f0b335", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 529, + "comment" : "public key is a low order point on twist", + "flags" : [ + "WrongCurve", + "CompressedPoint" + ], + "public" : "3036301006072a8648ce3d020106052b8104000a032200020000000000000000000000000000000000000000000000000000000000000000", + "private" : "0098b5c223cf9cc0920a5145ba1fd2f6afee7e1f66d0120b8536685fdf05ebb300", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 530, + "comment" : "public key is a low order point on twist", + "flags" : [ + "WrongCurve", + "CompressedPoint" + ], + "public" : "3036301006072a8648ce3d020106052b8104000a032200030000000000000000000000000000000000000000000000000000000000000000", + "private" : "0098b5c223cf9cc0920a5145ba1fd2f6afee7e1f66d0120b8536685fdf05ebb2ff", + "shared" : "", + "result" : "invalid" + }, + { + "tcId" : 531, + "comment" : "length of sequence uses long form encoding", + "flags" : [ + "InvalidAsn" + ], + "public" : "308156301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 532, + "comment" : "length of sequence uses long form encoding", + "flags" : [ + "InvalidAsn" + ], + "public" : "305730811006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 533, + "comment" : "length of sequence contains a leading 0", + "flags" : [ + "InvalidAsn" + ], + "public" : "30820056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 534, + "comment" : "length of sequence contains a leading 0", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583082001006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 535, + "comment" : "length of sequence uses 87 instead of 86", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 536, + "comment" : "length of sequence uses 85 instead of 86", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 537, + "comment" : "uint32 overflow in length of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30850100000056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 538, + "comment" : "uint32 overflow in length of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b3085010000001006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 539, + "comment" : "uint64 overflow in length of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3089010000000000000056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 540, + "comment" : "uint64 overflow in length of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305f308901000000000000001006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 541, + "comment" : "length of sequence = 2**31 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "30847fffffff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 542, + "comment" : "length of sequence = 2**31 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a30847fffffff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 543, + "comment" : "length of sequence = 2**32 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "3084ffffffff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 544, + "comment" : "length of sequence = 2**32 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a3084ffffffff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 545, + "comment" : "length of sequence = 2**40 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "3085ffffffffff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 546, + "comment" : "length of sequence = 2**40 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b3085ffffffffff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 547, + "comment" : "length of sequence = 2**64 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "3088ffffffffffffffff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 548, + "comment" : "length of sequence = 2**64 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e3088ffffffffffffffff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 549, + "comment" : "incorrect length of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30ff301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 550, + "comment" : "incorrect length of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305630ff06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 551, + "comment" : "replaced sequence by an indefinite length tag without termination", + "flags" : [ + "InvalidAsn" + ], + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 552, + "comment" : "replaced sequence by an indefinite length tag without termination", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056308006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 553, + "comment" : "removing sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 554, + "comment" : "removing sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "304403420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 555, + "comment" : "lonely sequence tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "30", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 556, + "comment" : "lonely sequence tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "30453003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 557, + "comment" : "appending 0's to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 558, + "comment" : "appending 0's to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d020106052b8104000a000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 559, + "comment" : "prepending 0's to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30580000301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 560, + "comment" : "prepending 0's to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583012000006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 561, + "comment" : "appending unused 0's to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 562, + "comment" : "appending unused 0's to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 563, + "comment" : "appending null value to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 564, + "comment" : "appending null value to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d020106052b8104000a050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 565, + "comment" : "prepending garbage to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b4981773056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 566, + "comment" : "prepending garbage to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a25003056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 567, + "comment" : "prepending garbage to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b3015498177301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 568, + "comment" : "prepending garbage to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a30142500301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 569, + "comment" : "appending garbage to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670004deadbeef", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 570, + "comment" : "appending garbage to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e3012301006072a8648ce3d020106052b8104000a0004deadbeef03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 571, + "comment" : "including undefined tags", + "flags" : [ + "InvalidAsn" + ], + "public" : "305eaa00bb00cd003056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 572, + "comment" : "including undefined tags", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e3018aa00bb00cd00301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 573, + "comment" : "including undefined tags", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e3018260faa00bb00cd0006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 574, + "comment" : "including undefined tags", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e301806072a8648ce3d0201260daa00bb00cd0006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 575, + "comment" : "including undefined tags", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e301006072a8648ce3d020106052b8104000a234aaa00bb00cd0003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 576, + "comment" : "truncated length of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3081", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 577, + "comment" : "truncated length of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3046308103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 578, + "comment" : "including undefined tags to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305caa02aabb3056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 579, + "comment" : "including undefined tags to sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305c3016aa02aabb301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 580, + "comment" : "Replacing sequence with NULL", + "flags" : [ + "InvalidAsn" + ], + "public" : "0500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 581, + "comment" : "Replacing sequence with NULL", + "flags" : [ + "InvalidAsn" + ], + "public" : "3046050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 582, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "2e56301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 583, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "2f56301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 584, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3156301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 585, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3256301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 586, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "ff56301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 587, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30562e1006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 588, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30562f1006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 589, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056311006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 590, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056321006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 591, + "comment" : "changing tag value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056ff1006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 592, + "comment" : "dropping value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 593, + "comment" : "dropping value of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3046300003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 594, + "comment" : "truncated sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 595, + "comment" : "truncated sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30551006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 596, + "comment" : "truncated sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055300f06072a8648ce3d020106052b81040003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 597, + "comment" : "truncated sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055300f072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 598, + "comment" : "sequence of size 4183 to check for overflows", + "flags" : [ + "InvalidAsn" + ], + "public" : "30821057301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 599, + "comment" : "indefinite length", + "flags" : [ + "InvalidAsn" + ], + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 600, + "comment" : "indefinite length", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058308006072a8648ce3d020106052b8104000a000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 601, + "comment" : "indefinite length with truncated delimiter", + "flags" : [ + "InvalidAsn" + ], + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da326700", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 602, + "comment" : "indefinite length with truncated delimiter", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057308006072a8648ce3d020106052b8104000a0003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 603, + "comment" : "indefinite length with additional element", + "flags" : [ + "InvalidAsn" + ], + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da326705000000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 604, + "comment" : "indefinite length with additional element", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a308006072a8648ce3d020106052b8104000a0500000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 605, + "comment" : "indefinite length with truncated element", + "flags" : [ + "InvalidAsn" + ], + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267060811220000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 606, + "comment" : "indefinite length with truncated element", + "flags" : [ + "InvalidAsn" + ], + "public" : "305c308006072a8648ce3d020106052b8104000a06081122000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 607, + "comment" : "indefinite length with garbage", + "flags" : [ + "InvalidAsn" + ], + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000fe02beef", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 608, + "comment" : "indefinite length with garbage", + "flags" : [ + "InvalidAsn" + ], + "public" : "305c308006072a8648ce3d020106052b8104000a0000fe02beef03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 609, + "comment" : "indefinite length with nonempty EOC", + "flags" : [ + "InvalidAsn" + ], + "public" : "3080301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670002beef", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 610, + "comment" : "indefinite length with nonempty EOC", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a308006072a8648ce3d020106052b8104000a0002beef03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 611, + "comment" : "prepend empty sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583000301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 612, + "comment" : "prepend empty sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583012300006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 613, + "comment" : "append empty sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32673000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 614, + "comment" : "append empty sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d020106052b8104000a300003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 615, + "comment" : "append garbage with high tag number", + "flags" : [ + "InvalidAsn" + ], + "public" : "3059301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267bf7f00", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 616, + "comment" : "append garbage with high tag number", + "flags" : [ + "InvalidAsn" + ], + "public" : "3059301306072a8648ce3d020106052b8104000abf7f0003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 617, + "comment" : "append null with explicit tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267a0020500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 618, + "comment" : "append null with explicit tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301406072a8648ce3d020106052b8104000aa002050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 619, + "comment" : "append null with implicit tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267a000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 620, + "comment" : "append null with implicit tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d020106052b8104000aa00003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 621, + "comment" : "sequence of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 622, + "comment" : "sequence of sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583012301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 623, + "comment" : "truncated sequence: removed last 1 elements", + "flags" : [ + "InvalidAsn" + ], + "public" : "3012301006072a8648ce3d020106052b8104000a", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 624, + "comment" : "truncated sequence: removed last 1 elements", + "flags" : [ + "InvalidAsn" + ], + "public" : "304f300906072a8648ce3d020103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 625, + "comment" : "repeating element in sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "30819a301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da326703420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 626, + "comment" : "repeating element in sequence", + "flags" : [ + "InvalidAsn" + ], + "public" : "305d301706072a8648ce3d020106052b8104000a06052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 627, + "comment" : "length of sequence uses 17 instead of 16", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301106072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 628, + "comment" : "length of sequence uses 15 instead of 16", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056300f06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 629, + "comment" : "sequence of size 4113 to check for overflows", + "flags" : [ + "InvalidAsn" + ], + "public" : "308210593082101106072a8648ce3d020106052b8104000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 630, + "comment" : "length of oid uses long form encoding", + "flags" : [ + "InvalidAsn" + ], + "public" : "305730110681072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 631, + "comment" : "length of oid uses long form encoding", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301106072a8648ce3d02010681052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 632, + "comment" : "length of oid contains a leading 0", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583012068200072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 633, + "comment" : "length of oid contains a leading 0", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d0201068200052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 634, + "comment" : "length of oid uses 8 instead of 7", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006082a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 635, + "comment" : "length of oid uses 6 instead of 7", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006062a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 636, + "comment" : "uint32 overflow in length of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b3015068501000000072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 637, + "comment" : "uint32 overflow in length of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b301506072a8648ce3d0201068501000000052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 638, + "comment" : "uint64 overflow in length of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305f301906890100000000000000072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 639, + "comment" : "uint64 overflow in length of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305f301906072a8648ce3d020106890100000000000000052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 640, + "comment" : "length of oid = 2**31 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301406847fffffff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 641, + "comment" : "length of oid = 2**31 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301406072a8648ce3d020106847fffffff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 642, + "comment" : "length of oid = 2**32 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a30140684ffffffff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 643, + "comment" : "length of oid = 2**32 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301406072a8648ce3d02010684ffffffff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 644, + "comment" : "length of oid = 2**40 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b30150685ffffffffff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 645, + "comment" : "length of oid = 2**40 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b301506072a8648ce3d02010685ffffffffff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 646, + "comment" : "length of oid = 2**64 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e30180688ffffffffffffffff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 647, + "comment" : "length of oid = 2**64 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e301806072a8648ce3d02010688ffffffffffffffff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 648, + "comment" : "incorrect length of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006ff2a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 649, + "comment" : "incorrect length of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106ff2b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 650, + "comment" : "replaced oid by an indefinite length tag without termination", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006802a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 651, + "comment" : "replaced oid by an indefinite length tag without termination", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106802b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 652, + "comment" : "removing oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "304d300706052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 653, + "comment" : "lonely oid tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "304e30080606052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 654, + "comment" : "lonely oid tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "3050300a06072a8648ce3d02010603420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 655, + "comment" : "appending 0's to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206092a8648ce3d0201000006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 656, + "comment" : "appending 0's to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d020106072b8104000a000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 657, + "comment" : "prepending 0's to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583012060900002a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 658, + "comment" : "prepending 0's to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d0201060700002b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 659, + "comment" : "appending unused 0's to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d0201000006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 660, + "comment" : "appending null value to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206092a8648ce3d0201050006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 661, + "comment" : "appending null value to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301206072a8648ce3d020106072b8104000a050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 662, + "comment" : "prepending garbage to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b3015260c49817706072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 663, + "comment" : "prepending garbage to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a3014260b250006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 664, + "comment" : "prepending garbage to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b301506072a8648ce3d0201260a49817706052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 665, + "comment" : "prepending garbage to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301406072a8648ce3d02012609250006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 666, + "comment" : "appending garbage to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e3018260906072a8648ce3d02010004deadbeef06052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 667, + "comment" : "appending garbage to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e301806072a8648ce3d0201260706052b8104000a0004deadbeef03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 668, + "comment" : "truncated length of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "304f3009068106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 669, + "comment" : "truncated length of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3051300b06072a8648ce3d0201068103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 670, + "comment" : "including undefined tags to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305c3016260daa02aabb06072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 671, + "comment" : "including undefined tags to oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305c301606072a8648ce3d0201260baa02aabb06052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 672, + "comment" : "Replacing oid with NULL", + "flags" : [ + "InvalidAsn" + ], + "public" : "304f3009050006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 673, + "comment" : "Replacing oid with NULL", + "flags" : [ + "InvalidAsn" + ], + "public" : "3051300b06072a8648ce3d0201050003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 674, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301004072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 675, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301005072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 676, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301007072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 677, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301008072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 678, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "30563010ff072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 679, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020104052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 680, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020105052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 681, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020107052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 682, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020108052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 683, + "comment" : "changing tag value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d0201ff052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 684, + "comment" : "dropping value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "304f3009060006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 685, + "comment" : "dropping value of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3051300b06072a8648ce3d0201060003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 686, + "comment" : "modifying first byte of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305630100607288648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 687, + "comment" : "modifying first byte of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d02010605298104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 688, + "comment" : "modifying last byte of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d028106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 689, + "comment" : "modifying last byte of oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104008a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 690, + "comment" : "truncated oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055300f06062a8648ce3d0206052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 691, + "comment" : "truncated oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055300f06068648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 692, + "comment" : "truncated oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055300f06072a8648ce3d020106042b81040003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 693, + "comment" : "truncated oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055300f06072a8648ce3d020106048104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 694, + "comment" : "oid of size 4104 to check for overflows", + "flags" : [ + "InvalidAsn" + ], + "public" : "3082105b30821013068210082a8648ce3d0201000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 695, + "comment" : "wrong oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3054300e06052b0e03021a06052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 696, + "comment" : "wrong oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "30583012060960864801650304020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 697, + "comment" : "wrong oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b0e03021a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 698, + "comment" : "wrong oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301406072a8648ce3d0201060960864801650304020103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 699, + "comment" : "longer oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301106082a8648ce3d02010106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 700, + "comment" : "longer oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301106072a8648ce3d020106062b8104000a0103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 701, + "comment" : "oid with modified node", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d021106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 702, + "comment" : "oid with modified node", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a3014060b2a8648ce3d02888080800106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 703, + "comment" : "oid with modified node", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104001a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 704, + "comment" : "oid with modified node", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301406072a8648ce3d020106092b810400888080800a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 705, + "comment" : "large integer in oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305f301906102a8648ce3d028280808080808080800106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 706, + "comment" : "large integer in oid", + "flags" : [ + "InvalidAsn" + ], + "public" : "305f301906072a8648ce3d0201060e2b8104008280808080808080800a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 707, + "comment" : "oid with invalid node", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301106082a8648ce3d0201e006052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 708, + "comment" : "oid with invalid node", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301106082a808648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 709, + "comment" : "oid with invalid node", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301106072a8648ce3d020106062b8104000ae003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 710, + "comment" : "oid with invalid node", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301106072a8648ce3d020106062b808104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 711, + "comment" : "oid with 263 nodes", + "flags" : [ + "InvalidAsn" + ], + "public" : "3082015b30820113068201082a8648ce3d0201010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 712, + "comment" : "length of oid uses 6 instead of 5", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106062b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 713, + "comment" : "length of oid uses 4 instead of 5", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106042b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 714, + "comment" : "oid of size 4102 to check for overflows", + "flags" : [ + "InvalidAsn" + ], + "public" : "3082105b3082101306072a8648ce3d0201068210062b8104000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 715, + "comment" : "oid with 262 nodes", + "flags" : [ + "InvalidAsn" + ], + "public" : "3082015b3082011306072a8648ce3d0201068201062b8104000a010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010103420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 716, + "comment" : "length of bit string uses long form encoding", + "flags" : [ + "InvalidAsn" + ], + "public" : "3057301006072a8648ce3d020106052b8104000a0381420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 717, + "comment" : "length of bit string contains a leading 0", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a038200420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 718, + "comment" : "length of bit string uses 67 instead of 66", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03430004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 719, + "comment" : "length of bit string uses 65 instead of 66", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03410004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 720, + "comment" : "uint32 overflow in length of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b301006072a8648ce3d020106052b8104000a038501000000420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 721, + "comment" : "uint64 overflow in length of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "305f301006072a8648ce3d020106052b8104000a03890100000000000000420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 722, + "comment" : "length of bit string = 2**31 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301006072a8648ce3d020106052b8104000a03847fffffff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 723, + "comment" : "length of bit string = 2**32 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301006072a8648ce3d020106052b8104000a0384ffffffff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 724, + "comment" : "length of bit string = 2**40 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b301006072a8648ce3d020106052b8104000a0385ffffffffff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 725, + "comment" : "length of bit string = 2**64 - 1", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e301006072a8648ce3d020106052b8104000a0388ffffffffffffffff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 726, + "comment" : "incorrect length of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03ff0004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 727, + "comment" : "replaced bit string by an indefinite length tag without termination", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03800004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 728, + "comment" : "lonely bit string tag", + "flags" : [ + "InvalidAsn" + ], + "public" : "3013301006072a8648ce3d020106052b8104000a03", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 729, + "comment" : "appending 0's to bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a03440004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 730, + "comment" : "prepending 0's to bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a034400000004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 731, + "comment" : "appending null value to bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3058301006072a8648ce3d020106052b8104000a03440004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 732, + "comment" : "prepending garbage to bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "305b301006072a8648ce3d020106052b8104000a234749817703420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 733, + "comment" : "prepending garbage to bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301006072a8648ce3d020106052b8104000a2346250003420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 734, + "comment" : "appending garbage to bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "305e301006072a8648ce3d020106052b8104000a234403420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670004deadbeef", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 735, + "comment" : "truncated length of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3014301006072a8648ce3d020106052b8104000a0381", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 736, + "comment" : "including undefined tags to bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "305c301006072a8648ce3d020106052b8104000a2348aa02aabb03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 737, + "comment" : "Replacing bit string with NULL", + "flags" : [ + "InvalidAsn" + ], + "public" : "3014301006072a8648ce3d020106052b8104000a0500", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 738, + "comment" : "changing tag value of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a01420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 739, + "comment" : "changing tag value of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a02420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 740, + "comment" : "changing tag value of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a04420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 741, + "comment" : "changing tag value of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a05420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 742, + "comment" : "changing tag value of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000aff420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 743, + "comment" : "dropping value of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3014301006072a8648ce3d020106052b8104000a0300", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 744, + "comment" : "modifying first byte of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420204e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 745, + "comment" : "modifying last byte of bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32e7", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 746, + "comment" : "truncated bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055301006072a8648ce3d020106052b8104000a03410004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 747, + "comment" : "truncated bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3055301006072a8648ce3d020106052b8104000a034104e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 748, + "comment" : "bit string of size 4163 to check for overflows", + "flags" : [ + "InvalidAsn" + ], + "public" : "30821059301006072a8648ce3d020106052b8104000a038210430004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da32670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 749, + "comment" : "declaring bits as unused in bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03420104e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 750, + "comment" : "unused bits in bit string", + "flags" : [ + "InvalidAsn" + ], + "public" : "305a301006072a8648ce3d020106052b8104000a03462004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da326701020304", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 751, + "comment" : "unused bits in empty bit-string", + "flags" : [ + "InvalidAsn" + ], + "public" : "3015301006072a8648ce3d020106052b8104000a030103", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + }, + { + "tcId" : 752, + "comment" : "128 unused bits", + "flags" : [ + "InvalidAsn" + ], + "public" : "3056301006072a8648ce3d020106052b8104000a03428004e03faca42a8b811759211d49b69dd0e0a686b28ff7b5817789a2f80050791335bf34cf495029075de25603fd56dd3cef36ee8503b9f3b0c1340c8e4012da3267", + "private" : "0495800a83e6c1d61886d332e2613aa3f70df22865b0387ca6ca195cfcd2b2b1", + "shared" : "ebdca74dbf2c8ef63af8d86e0e0ee4511399bc08a395c4ea050bab43a29d2646", + "result" : "acceptable" + } + ] + } + ] +} diff --git a/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h b/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h index 736737fd6..556c23568 100644 --- a/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h +++ b/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.h @@ -1,4 +1,4 @@ -/* Note: this file was autogenerated using tests_wycheproof_generate.py. Do not edit. */ +/* Note: this file was autogenerated using tests_wycheproof_generate_ecdsa.py. Do not edit. */ #define SECP256K1_ECDSA_WYCHEPROOF_NUMBER_TESTVECTORS (463) typedef struct { diff --git a/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json b/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json index 9c9074799..add468f59 100644 --- a/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json +++ b/secp256k1-sys/depend/secp256k1/src/wycheproof/ecdsa_secp256k1_sha256_bitcoin_test.json @@ -5,12 +5,12 @@ "numberOfTests" : 463, "header" : [ "Test vectors of type EcdsaBitcoinVerify are meant for the verification", - "of a ECDSA variant used for bitcoin, that add signature non-malleability." + "of a ECDSA variant used for Bitcoin, that add signature non-malleability." ], "notes" : { "ArithmeticError" : { "bugType" : "EDGE_CASE", - "description" : "Some implementations of ECDSA have arithmetic errors that occur when intermediate results have extreme values. This test vector has been constructed to test such occurences.", + "description" : "Some implementations of ECDSA have arithmetic errors that occur when intermediate results have extreme values. This test vector has been constructed to test such occurrences.", "cves" : [ "CVE-2017-18146" ] @@ -47,7 +47,7 @@ "InvalidSignature" : { "bugType" : "AUTH_BYPASS", "description" : "The signature contains special case values such as r=0 and s=0. Buggy implementations may accept such values, if the implementation does not check boundaries and computes s^(-1) == 0.", - "effect" : "Accepting such signatures can have the effect that an adversary can forge signatures without even knowning the message to sign.", + "effect" : "Accepting such signatures can have the effect that an adversary can forge signatures without even knowing the message to sign.", "cves" : [ "CVE-2022-21449", "CVE-2021-43572", @@ -57,7 +57,7 @@ "InvalidTypesInSignature" : { "bugType" : "AUTH_BYPASS", "description" : "The signature contains invalid types. Dynamic typed languages sometime coerce such values of different types into integers. If an implementation is careless and has additional bugs, such as not checking integer boundaries then it may be possible that such signatures are accepted.", - "effect" : "Accepting such signatures can have the effect that an adversary can forge signatures without even knowning the message to sign.", + "effect" : "Accepting such signatures can have the effect that an adversary can forge signatures without even knowing the message to sign.", "cves" : [ "CVE-2022-21449" ] @@ -95,8 +95,8 @@ }, "SignatureMalleabilityBitcoin" : { "bugType" : "SIGNATURE_MALLEABILITY", - "description" : "\"BitCoins\"-curves are curves where signature malleability can be a serious issue. An implementation should only accept a signature s where s < n/2. If an implementation is not meant for uses cases that require signature malleability then this implemenation should be tested with another set of test vectors.", - "effect" : "In bitcoin exchanges, it may be used to make a double deposits or double withdrawals", + "description" : "Signature malleability can be a serious issue in Bitcoin. An implementation should only accept a signature s where s < n/2. If an implementation is meant for use cases that tolerate signature malleability then this implementation should not be tested with this set of test vectors.", + "effect" : "In Bitcoin exchanges, it may be used to make a double deposits or double withdrawals", "links" : [ "https://en.bitcoin.it/wiki/Transaction_malleability", "https://en.bitcoinwiki.org/wiki/Transaction_Malleability" diff --git a/secp256k1-sys/depend/secp256k1/tools/check-abi.sh b/secp256k1-sys/depend/secp256k1/tools/check-abi.sh index 601a64ba9..a3ca67a6c 100755 --- a/secp256k1-sys/depend/secp256k1/tools/check-abi.sh +++ b/secp256k1-sys/depend/secp256k1/tools/check-abi.sh @@ -49,14 +49,7 @@ checkout_and_build() { -DSECP256K1_BUILD_CTIME_TESTS=OFF \ -DSECP256K1_BUILD_EXAMPLES=OFF cmake --build . -j "$(nproc)" - # FIXME: Just set LIBPATH to lib/libsecp256k1.so once version 0.6.0 is - # released. - if [ -f "src/libsecp256k1.so" ]; then - LIBPATH="src/libsecp256k1.so" - else - LIBPATH="lib/libsecp256k1.so" - fi - abi-dumper $LIBPATH -o ABI.dump -lver "$2" -public-headers ../include/ + abi-dumper lib/libsecp256k1.so -o ABI.dump -lver "$2" -public-headers ../include/ cd "$_orig_dir" } diff --git a/secp256k1-sys/depend/secp256k1/tools/symbol-check.py b/secp256k1-sys/depend/secp256k1/tools/symbol-check.py new file mode 100755 index 000000000..e7f478082 --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/tools/symbol-check.py @@ -0,0 +1,72 @@ +#!/usr/bin/env python3 +"""Check that a libsecp256k1 shared library exports only expected symbols. + +Usage examples: + - When building with Autotools: + ./tools/symbol-check.py .libs/libsecp256k1.so + ./tools/symbol-check.py .libs/libsecp256k1-.dll + ./tools/symbol-check.py .libs/libsecp256k1.dylib + + - When building with CMake: + ./tools/symbol-check.py build/lib/libsecp256k1.so + ./tools/symbol-check.py build/bin/libsecp256k1-.dll + ./tools/symbol-check.py build/lib/libsecp256k1.dylib""" + +import re +import sys +import subprocess + +import lief + + +class UnexpectedExport(RuntimeError): + pass + + +def get_exported_exports(library) -> list[str]: + """Adapter function to get exported symbols based on the library format.""" + if library.format == lief.Binary.FORMATS.ELF: + return [symbol.name for symbol in library.exported_symbols] + elif library.format == lief.Binary.FORMATS.PE: + return [entry.name for entry in library.get_export().entries] + elif library.format == lief.Binary.FORMATS.MACHO: + return [symbol.name[1:] for symbol in library.exported_symbols] + raise NotImplementedError(f"Unsupported format: {library.format}") + + +def grep_expected_symbols() -> list[str]: + """Guess the list of expected exported symbols from the source code.""" + grep_output = subprocess.check_output( + ["git", "grep", r"^\s*SECP256K1_API", "--", "include"], + universal_newlines=True, + encoding="utf-8" + ) + lines = grep_output.split("\n") + pattern = re.compile(r'\bsecp256k1_\w+') + exported: list[str] = [pattern.findall(line)[-1] for line in lines if line.strip()] + return exported + + +def check_symbols(library, expected_exports) -> None: + """Check that the library exports only the expected symbols.""" + actual_exports = get_exported_exports(library) + unexpected_exports = set(actual_exports) - set(expected_exports) + if unexpected_exports != set(): + raise UnexpectedExport(f"Unexpected exported symbols: {unexpected_exports}") + +def main(): + if len(sys.argv) != 2: + print(__doc__) + return 1 + library = lief.parse(sys.argv[1]) + expected_exports = grep_expected_symbols() + try: + check_symbols(library, expected_exports) + except UnexpectedExport as e: + print(f"{sys.argv[0]}: In {sys.argv[1]}: {e}") + return 1 + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate_ecdh.py b/secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate_ecdh.py new file mode 100755 index 000000000..97551d01a --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate_ecdh.py @@ -0,0 +1,166 @@ +#!/usr/bin/env python3 +# Copyright (c) 2024 Random "Randy" Lattice and Sean Andersen +# Distributed under the MIT software license, see the accompanying +# file COPYING or https://www.opensource.org/licenses/mit-license.php. +''' +Generate a C file with ECDH testvectors from the Wycheproof project. +''' + +import json +import sys + +from binascii import hexlify, unhexlify +from wycheproof_utils import to_c_array + +def should_skip_flags(test_vector_flags): + # skip these vectors because they are for ASN.1 encoding issues and other curves. + # for more details, see https://github.com/bitcoin-core/secp256k1/pull/1492#discussion_r1572491546 + flags_to_skip = {"InvalidAsn", "WrongCurve"} + return any(flag in test_vector_flags for flag in flags_to_skip) + +def should_skip_tcid(test_vector_tcid): + # We skip some test case IDs that have a public key whose custom ASN.1 representation explicitly + # encodes some curve parameters that are invalid. libsecp256k1 never parses this part so we do + # not care testing those. See https://github.com/bitcoin-core/secp256k1/pull/1492#discussion_r1572491546 + tcids_to_skip = [496, 497, 502, 503, 504, 505, 507] + return test_vector_tcid in tcids_to_skip + +# Rudimentary ASN.1 DER public key parser. +# This should not be used for anything other than parsing Wycheproof test vectors. +def parse_der_pk(s): + tag = s[0] + L = int(s[1]) + offset = 0 + if L & 0x80: + if L == 0x81: + L = int(s[2]) + offset = 1 + elif L == 0x82: + L = 256 * int(s[2]) + int(s[3]) + offset = 2 + else: + raise ValueError("invalid L") + value = s[(offset + 2):(L + 2 + offset)] + rest = s[(L + 2 + offset):] + + if len(rest) > 0 or tag == 0x06: # OBJECT IDENTIFIER + return parse_der_pk(rest) + if tag == 0x03: # BIT STRING + return value + if tag == 0x30: # SEQUENCE + return parse_der_pk(value) + raise ValueError("unknown tag") + +def parse_public_key(pk): + der_pub_key = parse_der_pk(unhexlify(pk)) # Convert back to str and strip off the `0x` + return hexlify(der_pub_key).decode()[2:] + +def normalize_private_key(sk): + # Ensure the private key is at most 64 characters long, retaining the last 64 if longer. + # In the wycheproof test vectors, some private keys have leading zeroes + normalized = sk[-64:].zfill(64) + if len(normalized) != 64: + raise ValueError("private key must be exactly 64 characters long.") + return normalized + +def normalize_expected_result(er): + result_mapping = {"invalid": 0, "valid": 1, "acceptable": 1} + return result_mapping[er] + +filename_input = sys.argv[1] + +with open(filename_input) as f: + doc = json.load(f) + +num_vectors = 0 +offset_sk_running, offset_pk_running, offset_shared = 0, 0, 0 +test_vectors_out = "" +private_keys = "" +shared_secrets = "" +public_keys = "" +cache_sks = {} +cache_public_keys = {} + +for group in doc['testGroups']: + assert group["type"] == "EcdhTest" + assert group["curve"] == "secp256k1" + for test_vector in group['tests']: + if should_skip_flags(test_vector['flags']) or should_skip_tcid(test_vector['tcId']): + continue + + public_key = parse_public_key(test_vector['public']) + private_key = normalize_private_key(test_vector['private']) + expected_result = normalize_expected_result(test_vector['result']) + + # // 2 to convert hex to byte length + shared_size = len(test_vector['shared']) // 2 + sk_size = len(private_key) // 2 + pk_size = len(public_key) // 2 + + new_sk = False + sk = to_c_array(private_key) + sk_offset = offset_sk_running + + # check for repeated sk + if sk not in cache_sks: + if num_vectors != 0 and sk_size != 0: + private_keys += ",\n " + cache_sks[sk] = offset_sk_running + private_keys += sk + new_sk = True + else: + sk_offset = cache_sks[sk] + + new_pk = False + pk = to_c_array(public_key) if public_key != '0x' else '' + + pk_offset = offset_pk_running + # check for repeated pk + if pk not in cache_public_keys: + if num_vectors != 0 and len(pk) != 0: + public_keys += ",\n " + cache_public_keys[pk] = offset_pk_running + public_keys += pk + new_pk = True + else: + pk_offset = cache_public_keys[pk] + + + shared_secrets += ",\n " if num_vectors and shared_size else "" + shared_secrets += to_c_array(test_vector['shared']) + wycheproof_tcid = test_vector['tcId'] + + test_vectors_out += " /" + "* tcId: " + str(test_vector['tcId']) + ". " + test_vector['comment'] + " *" + "/\n" + test_vectors_out += f" {{{pk_offset}, {pk_size}, {sk_offset}, {sk_size}, {offset_shared}, {shared_size}, {expected_result}, {wycheproof_tcid} }},\n" + if new_sk: + offset_sk_running += sk_size + if new_pk: + offset_pk_running += pk_size + offset_shared += shared_size + num_vectors += 1 + +struct_definition = """ +typedef struct { + size_t pk_offset; + size_t pk_len; + size_t sk_offset; + size_t sk_len; + size_t shared_offset; + size_t shared_len; + int expected_result; + int wycheproof_tcid; +} wycheproof_ecdh_testvector; +""" + +print("/* Note: this file was autogenerated using tests_wycheproof_ecdh.py. Do not edit. */") +print(f"#define SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS ({num_vectors})") + +print(struct_definition) + +print("static const unsigned char wycheproof_ecdh_private_keys[] = { " + private_keys + "};\n") +print("static const unsigned char wycheproof_ecdh_public_keys[] = { " + public_keys + "};\n") +print("static const unsigned char wycheproof_ecdh_shared_secrets[] = { " + shared_secrets + "};\n") + +print("static const wycheproof_ecdh_testvector testvectors[SECP256K1_ECDH_WYCHEPROOF_NUMBER_TESTVECTORS] = {") +print(test_vectors_out) +print("};") diff --git a/secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate.py b/secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate_ecdsa.py similarity index 95% rename from secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate.py rename to secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate_ecdsa.py index b26dfa89d..91ff9e318 100755 --- a/secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate.py +++ b/secp256k1-sys/depend/secp256k1/tools/tests_wycheproof_generate_ecdsa.py @@ -9,6 +9,8 @@ import json import sys +from wycheproof_utils import to_c_array + filename_input = sys.argv[1] with open(filename_input) as f: @@ -16,12 +18,6 @@ num_groups = len(doc['testGroups']) -def to_c_array(x): - if x == "": - return "" - s = ',0x'.join(a+b for a,b in zip(x[::2], x[1::2])) - return "0x" + s - num_vectors = 0 offset_msg_running, offset_pk_running, offset_sig = 0, 0, 0 @@ -101,7 +97,7 @@ def to_c_array(x): """ -print("/* Note: this file was autogenerated using tests_wycheproof_generate.py. Do not edit. */") +print("/* Note: this file was autogenerated using tests_wycheproof_generate_ecdsa.py. Do not edit. */") print(f"#define SECP256K1_ECDSA_WYCHEPROOF_NUMBER_TESTVECTORS ({num_vectors})") print(struct_definition) diff --git a/secp256k1-sys/depend/secp256k1/tools/wycheproof_utils.py b/secp256k1-sys/depend/secp256k1/tools/wycheproof_utils.py new file mode 100644 index 000000000..e8d2edd08 --- /dev/null +++ b/secp256k1-sys/depend/secp256k1/tools/wycheproof_utils.py @@ -0,0 +1,12 @@ +# Copyright (c) 2024 Random "Randy" Lattice and Sean Andersen +# Distributed under the MIT software license, see the accompanying +# file COPYING or https://www.opensource.org/licenses/mit-license.php. +''' +Utility functions for generating C files for testvectors from the Wycheproof project. +''' + +def to_c_array(x): + if x == "": + return "" + s = ',0x'.join(a + b for a, b in zip(x[::2], x[1::2])) + return "0x" + s