Import libnacl from dnscrypt-proxy

COPYING

@@ -0,0 +1 @@
+Public domain

README

@@ -0,0 +1 @@
+See README.markdown

autogen.sh

@@ -0,0 +1,11 @@
+#! /bin/sh
+
+if [ -x "`which autoreconf 2>/dev/null`" ] ; then
+  exec autoreconf -ivf
+fi
+
+aclocal && \
+autoheader && \
+automake --add-missing --force-missing --include-deps && \
+autoconf
+

configure.ac

@@ -0,0 +1,204 @@
+AC_PREREQ([2.61])
+AC_INIT([nacl-ref],[0.0.1],[https://github.com/jedisct1/nacl-ref])
+AC_CONFIG_MACRO_DIR([m4])
+AC_CONFIG_SRCDIR([src/libnacl/PROTOTYPES.c])
+AC_CONFIG_HEADER([config.h])
+AC_CANONICAL_HOST
+AM_INIT_AUTOMAKE([1.9 dist-bzip2 tar-ustar])
+AM_MAINTAINER_MODE
+AM_DEP_TRACK
+
+AC_SUBST(VERSION)
+ISODATE=`date +%Y-%m-%d`
+AC_SUBST(ISODATE)
+
+LX_CFLAGS=${CFLAGS-NONE}
+AC_PROG_CC_C99
+AC_USE_SYSTEM_EXTENSIONS
+CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"
+
+AS_IF([test "$cross_compiling" != no],
+  AC_DEFINE(CROSS_COMPILING,,[define if you are cross-compiling])
+)
+
+AX_CHECK_COMPILE_FLAG([-fPIC], [
+  AX_CHECK_LINK_FLAG([-fPIC],
+    [CFLAGS="$CFLAGS -fPIC"]
+  )
+])
+
+AS_IF([test "$enable_pie" != "no"],[
+  AX_CHECK_COMPILE_FLAG([-fPIE], [
+    AX_CHECK_LINK_FLAG([-fPIE],
+      [AX_CHECK_LINK_FLAG([-pie],
+        [CFLAGS="$CFLAGS -fPIE"
+         LDFLAGS="$LDFLAGS -pie"])
+    ])
+  ])
+])
+
+AX_CHECK_COMPILE_FLAG([-fcatch-undefined-c99-behavior],
+  [CFLAGS="$CFLAGS -fcatch-undefined-c99-behavior"],
+  [AX_CHECK_COMPILE_FLAG([-fwrapv], [CFLAGS="$CFLAGS -fwrapv"])]
+)
+AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"])
+AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"])
+
+case $host_os in
+  cygwin* | mingw* | pw32* | cegcc*)
+    AX_CHECK_LINK_FLAG([-Wl,--dynamicbase], [LDFLAGS="$LDFLAGS -Wl,--dynamicbase"])
+    AX_CHECK_LINK_FLAG([-Wl,--nxcompat], [LDFLAGS="$LDFLAGS -Wl,--nxcompat"])
+    AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
+      AX_CHECK_LINK_FLAG([-fstack-protector-all],
+        [CFLAGS="$CFLAGS -fstack-protector-all"]
+      )
+    ])
+  ;;
+  dragonfly*)
+    AX_CHECK_COMPILE_FLAG([-fstack-protector], [
+      AX_CHECK_LINK_FLAG([-fstack-protector],
+        [CFLAGS="$CFLAGS -fstack-protector"]
+      )
+    ])
+  ;;
+  *)
+    AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [
+      AX_CHECK_LINK_FLAG([-fstack-protector-all],
+        [CFLAGS="$CFLAGS -fstack-protector-all"]
+      )
+    ])
+  ;;
+esac
+
+AX_CHECK_COMPILE_FLAG([-Wbounded], [CFLAGS="$CFLAGS -Wbounded"])
+AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"])
+AX_CHECK_COMPILE_FLAG([-Wwrite-strings], [CFLAGS="$CFLAGS -Wwrite-strings"])
+AX_CHECK_COMPILE_FLAG([-Wdiv-by-zero], [CFLAGS="$CFLAGS -Wdiv-by-zero"])
+
+AC_ARG_VAR([CWFLAGS], [define to compilation flags for generating extra warnings])
+
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wall], [CWFLAGS="$CWFLAGS -Wall"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wextra], [CWFLAGS="$CWFLAGS -Wextra"])
+
+AC_MSG_CHECKING(for clang)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[
+#ifndef __clang__
+be sad
+#endif
+]])],
+  [AC_MSG_RESULT(yes)
+   AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wno-unknown-warning-option],
+  [CWFLAGS="$CWFLAGS -Wno-unknown-warning-option"])],
+  [AC_MSG_RESULT(no)
+])
+
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wbad-function-cast], [CWFLAGS="$CWFLAGS -Wbad-function-cast"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcast-align], [CWFLAGS="$CWFLAGS -Wcast-align"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcast-qual], [CWFLAGS="$CWFLAGS -Wcast-qual"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wchar-subscripts], [CWFLAGS="$CWFLAGS -Wchar-subscripts"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wcomment], [CWFLAGS="$CWFLAGS -Wcomment"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wfloat-equal], [CWFLAGS="$CWFLAGS -Wfloat-equal"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wformat=2], [CWFLAGS="$CWFLAGS -Wformat=2"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wimplicit], [CWFLAGS="$CWFLAGS -Wimplicit"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wmissing-declarations], [CWFLAGS="$CWFLAGS -Wmissing-declarations"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wmissing-prototypes], [CWFLAGS="$CWFLAGS -Wmissing-prototypes"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wnormalized=id], [CWFLAGS="$CWFLAGS -Wnormalized=id"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Woverride-init], [CWFLAGS="$CWFLAGS -Woverride-init"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wparentheses], [CWFLAGS="$CWFLAGS -Wparentheses"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wpointer-arith], [CWFLAGS="$CWFLAGS -Wpointer-arith"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wredundant-decls], [CWFLAGS="$CWFLAGS -Wredundant-decls"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wstrict-prototypes], [CWFLAGS="$CWFLAGS -Wstrict-prototypes"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wswitch-enum], [CWFLAGS="$CWFLAGS -Wswitch-enum"])
+AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wvariable-decl], [CWFLAGS="$CWFLAGS -Wvariable-decl"])
+
+AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"])
+AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"])
+AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"])
+
+AC_ARG_VAR([AR], [path to the ar utility])
+AC_CHECK_TOOL([AR], [ar], [ar])
+
+AS_IF([test -d /usr/local/include], [
+  CPPFLAGS="$CPPFLAGS -I/usr/local/include"
+])
+
+AS_IF([test -d /usr/local/lib], [
+  LDFLAGS="$LDFLAGS -L/usr/local/lib"
+])
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+
+AC_C_BIGENDIAN
+
+dnl Switches.
+
+AC_ARG_ENABLE(pie,
+[AS_HELP_STRING(--enable-pie,Produce position independent executables @<:@default=yes@:>@)],
+ enable_pie=$enableval, enable_pie="maybe")
+
+AC_ARG_ENABLE(ssp,
+[AS_HELP_STRING(--disable-ssp,Don't compile with -fstack-protector)],
+[AS_IF([test "x$enableval" = "xno"], [
+    nxflags=""
+    for flag in `echo $CFLAGS`; do
+      case "$flag" in
+       -fstack-protector*) ;;
+        *) AS_VAR_APPEND([nxflags], [" $flag"]) ;;
+      esac
+    done
+    CFLAGS="$nxflags"
+  ])
+])
+
+AC_ARG_ENABLE(debug,
+[AS_HELP_STRING(--enable-debug,For maintainers only - please do not use)],
+[
+  AS_IF([test "x$LX_CFLAGS" = "xNONE"], [
+    nxflags=""
+    for flag in `echo $CFLAGS`; do
+      case "$flag" in
+        -O*) ;;
+        -g*) ;;
+        *) AS_VAR_APPEND([nxflags], [" $flag"]) ;;
+      esac
+    done
+    CFLAGS="$nxflags -O0 -g3"
+  ])
+  CPPFLAGS="$CPPFLAGS -DDEBUG=1"
+])
+
+AC_ARG_WITH(safecode,
+[AS_HELP_STRING(--with-safecode,For maintainers only - please do not use)],
+[AS_IF([test "x$withval" = "xyes"], [
+    AC_ARG_VAR([SAFECODE_HOME], [set to the safecode base directory])
+    : ${SAFECODE_HOME:=/opt/safecode}
+    LDFLAGS="$LDFLAGS -L${SAFECODE_HOME}/lib"
+    LIBS="$LIBS -lsc_dbg_rt -lpoolalloc_bitmap -lstdc++"
+    CFLAGS="$CFLAGS -fmemsafety"
+  ])
+])
+
+NACL_HOSTNAME="localhost"
+NACL_PATH=libnacl/build/${NACL_HOSTNAME}
+
+AC_SUBST([MAINT])
+AC_SUBST([NACL_PATH])
+
+dnl Output.
+
+AH_VERBATIM([NDEBUG], [/* Never ever ignore assertions */
+#ifdef NDEBUG
+#/**/undef/**/ NDEBUG
+#endif])
+
+AC_CONFIG_FILES([Makefile
+                 src/Makefile
+                 src/libnacl/Makefile
+                 src/libnacl/tests/Makefile
+                 src/libnacl/okcompilers/c
+                 src/libnacl/okcompilers/do])
+
+AC_OUTPUT
+
+chmod +x src/libnacl/do
+chmod +x src/libnacl/okcompilers/do

m4/ax_check_compile_flag.m4

@@ -0,0 +1,73 @@
+# ===========================================================================
+#   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the current language's compiler
+#   or gives an error.  (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 2
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>]],
+  [[char x[42U], fodder = 0;if (fodder > -1000 && fgets(x,1000,stdin)) puts(x)]])],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS

m4/ax_check_gnu_make.m4

@@ -0,0 +1,78 @@
+# ===========================================================================
+#     http://www.gnu.org/software/autoconf-archive/ax_check_gnu_make.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_GNU_MAKE()
+#
+# DESCRIPTION
+#
+#   This macro searches for a GNU version of make. If a match is found, the
+#   makefile variable `ifGNUmake' is set to the empty string, otherwise it
+#   is set to "#". This is useful for including a special features in a
+#   Makefile, which cannot be handled by other versions of make. The
+#   variable _cv_gnu_make_command is set to the command to invoke GNU make
+#   if it exists, the empty string otherwise.
+#
+#   Here is an example of its use:
+#
+#   Makefile.in might contain:
+#
+#     # A failsafe way of putting a dependency rule into a makefile
+#     $(DEPEND):
+#             $(CC) -MM $(srcdir)/*.c > $(DEPEND)
+#
+#     @ifGNUmake@ ifeq ($(DEPEND),$(wildcard $(DEPEND)))
+#     @ifGNUmake@ include $(DEPEND)
+#     @ifGNUmake@ endif
+#
+#   Then configure.in would normally contain:
+#
+#     AX_CHECK_GNU_MAKE()
+#     AC_OUTPUT(Makefile)
+#
+#   Then perhaps to cause gnu make to override any other make, we could do
+#   something like this (note that GNU make always looks for GNUmakefile
+#   first):
+#
+#     if  ! test x$_cv_gnu_make_command = x ; then
+#             mv Makefile GNUmakefile
+#             echo .DEFAULT: > Makefile ;
+#             echo \  $_cv_gnu_make_command \$@ >> Makefile;
+#     fi
+#
+#   Then, if any (well almost any) other make is called, and GNU make also
+#   exists, then the other make wraps the GNU make.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 John Darrington <j.darrington@elvis.murdoch.edu.au>
+#
+#   Copying and distribution of this file, with or without modification, are
+#   permitted in any medium without royalty provided the copyright notice
+#   and this notice are preserved. This file is offered as-is, without any
+#   warranty.
+
+#serial 7
+
+AC_DEFUN([AX_CHECK_GNU_MAKE], [ AC_CACHE_CHECK( for GNU make,_cv_gnu_make_command,
+                _cv_gnu_make_command='' ;
+dnl Search all the common names for GNU make
+                for a in "$MAKE" make gmake gnumake ; do
+                        if test -z "$a" ; then continue ; fi ;
+                        if  ( sh -c "$a --version" 2> /dev/null | grep GNU  2>&1 > /dev/null ) ;  then
+                                _cv_gnu_make_command=$a ;
+                                break;
+                        fi
+                done ;
+        ) ;
+dnl If there was a GNU version, then set @ifGNUmake@ to the empty string, '#' otherwise
+        if test  "x$_cv_gnu_make_command" != "x"  ; then
+                ifGNUmake='' ;
+        else
+                ifGNUmake='#' ;
+                AC_MSG_RESULT("Not found");
+        fi
+        AC_SUBST(ifGNUmake)
+] )

m4/ax_check_link_flag.m4

@@ -0,0 +1,72 @@
+# ===========================================================================
+#    http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the linker or gives an error.
+#   (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the linker's default flags
+#   when the check is done.  The check is thus made with the flags: "LDFLAGS
+#   EXTRA-FLAGS FLAG".  This can for example be used to force the linker to
+#   issue an error when a bad flag is given.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 2
+
+AC_DEFUN([AX_CHECK_LINK_FLAG],
+[AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
+AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
+  ax_check_save_flags=$LDFLAGS
+  LDFLAGS="$LDFLAGS $4 $1"
+  AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>]],
+  [[char x[42U];if (fgets(x,1000,stdin)) puts(x)]])],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  LDFLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_LINK_FLAGS

m4/ax_pthread.m4

@@ -0,0 +1,302 @@
+# ===========================================================================
+#        http://www.gnu.org/software/autoconf-archive/ax_pthread.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]])
+#
+# DESCRIPTION
+#
+#   This macro figures out how to build C programs using POSIX threads. It
+#   sets the PTHREAD_LIBS output variable to the threads library and linker
+#   flags, and the PTHREAD_CFLAGS output variable to any special C compiler
+#   flags that are needed. (The user can also force certain compiler
+#   flags/libs to be tested by setting these environment variables.)
+#
+#   Also sets PTHREAD_CC to any special C compiler that is needed for
+#   multi-threaded programs (defaults to the value of CC otherwise). (This
+#   is necessary on AIX to use the special cc_r compiler alias.)
+#
+#   NOTE: You are assumed to not only compile your program with these flags,
+#   but also link it with them as well. e.g. you should link with
+#   $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS
+#
+#   If you are only building threads programs, you may wish to use these
+#   variables in your default LIBS, CFLAGS, and CC:
+#
+#     LIBS="$PTHREAD_LIBS $LIBS"
+#     CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+#     CC="$PTHREAD_CC"
+#
+#   In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant
+#   has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name
+#   (e.g. PTHREAD_CREATE_UNDETACHED on AIX).
+#
+#   Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the
+#   PTHREAD_PRIO_INHERIT symbol is defined when compiling with
+#   PTHREAD_CFLAGS.
+#
+#   ACTION-IF-FOUND is a list of shell commands to run if a threads library
+#   is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it
+#   is not found. If ACTION-IF-FOUND is not specified, the default action
+#   will define HAVE_PTHREAD.
+#
+#   Please let the authors know if this macro fails on any platform, or if
+#   you have any other suggestions or comments. This macro was based on work
+#   by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help
+#   from M. Frigo), as well as ac_pthread and hb_pthread macros posted by
+#   Alejandro Forero Cuervo to the autoconf macro repository. We are also
+#   grateful for the helpful feedback of numerous users.
+#
+#   Updated for Autoconf 2.68 by Daniel Richard G.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu>
+#   Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 16
+
+AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD])
+AC_DEFUN([AX_PTHREAD], [
+AC_REQUIRE([AC_CANONICAL_HOST])
+AC_LANG_PUSH([C])
+ax_pthread_ok=no
+
+# We used to check for pthread.h first, but this fails if pthread.h
+# requires special compiler flags (e.g. on True64 or Sequent).
+# It gets checked for in the link test anyway.
+
+# First of all, check if the user has set any of the PTHREAD_LIBS,
+# etcetera environment variables, and if threads linking works using
+# them:
+if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then
+        save_CFLAGS="$CFLAGS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+        save_LIBS="$LIBS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS])
+        AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes)
+        AC_MSG_RESULT($ax_pthread_ok)
+        if test x"$ax_pthread_ok" = xno; then
+                PTHREAD_LIBS=""
+                PTHREAD_CFLAGS=""
+        fi
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+fi
+
+# We must check for the threads library under a number of different
+# names; the ordering is very important because some systems
+# (e.g. DEC) have both -lpthread and -lpthreads, where one of the
+# libraries is broken (non-POSIX).
+
+# Create a list of thread flags to try.  Items starting with a "-" are
+# C compiler flags, and other items are library names, except for "none"
+# which indicates that we try without any flags at all, and "pthread-config"
+# which is a program returning the flags for the Pth emulation library.
+
+ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config"
+
+# The ordering *is* (sometimes) important.  Some notes on the
+# individual items follow:
+
+# pthreads: AIX (must check this before -lpthread)
+# none: in case threads are in libc; should be tried before -Kthread and
+#       other compiler flags to prevent continual compiler warnings
+# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h)
+# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able)
+# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread)
+# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads)
+# -pthreads: Solaris/gcc
+# -mthreads: Mingw32/gcc, Lynx/gcc
+# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it
+#      doesn't hurt to check since this sometimes defines pthreads too;
+#      also defines -D_REENTRANT)
+#      ... -mt is also the pthreads flag for HP/aCC
+# pthread: Linux, etcetera
+# --thread-safe: KAI C++
+# pthread-config: use pthread-config program (for GNU Pth library)
+
+case "${host_cpu}-${host_os}" in
+        *solaris*)
+
+        # On Solaris (at least, for some versions), libc contains stubbed
+        # (non-functional) versions of the pthreads routines, so link-based
+        # tests will erroneously succeed.  (We need to link with -pthreads/-mt/
+        # -lpthread.)  (The stubs are missing pthread_cleanup_push, or rather
+        # a function called by this macro, so we could check for that, but
+        # who knows whether they'll stub that too in a future libc.)  So,
+        # we'll just look for -pthreads and -lpthread first:
+
+        ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags"
+        ;;
+
+        *-darwin*)
+        ax_pthread_flags="-pthread $ax_pthread_flags"
+        ;;
+esac
+
+if test x"$ax_pthread_ok" = xno; then
+for flag in $ax_pthread_flags; do
+
+        case $flag in
+                none)
+                AC_MSG_CHECKING([whether pthreads work without any flags])
+                ;;
+
+                -*)
+                AC_MSG_CHECKING([whether pthreads work with $flag])
+                PTHREAD_CFLAGS="$flag"
+                ;;
+
+                pthread-config)
+                AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no)
+                if test x"$ax_pthread_config" = xno; then continue; fi
+                PTHREAD_CFLAGS="`pthread-config --cflags`"
+                PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`"
+                ;;
+
+                *)
+                AC_MSG_CHECKING([for the pthreads library -l$flag])
+                PTHREAD_LIBS="-l$flag"
+                ;;
+        esac
+
+        save_LIBS="$LIBS"
+        save_CFLAGS="$CFLAGS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+
+        # Check for various functions.  We must include pthread.h,
+        # since some functions may be macros.  (On the Sequent, we
+        # need a special flag -Kthread to make this header compile.)
+        # We check for pthread_join because it is in -lpthread on IRIX
+        # while pthread_create is in libc.  We check for pthread_attr_init
+        # due to DEC craziness with -lpthreads.  We check for
+        # pthread_cleanup_push because it is one of the few pthread
+        # functions on Solaris that doesn't have a non-functional libc stub.
+        # We try pthread_create on general principles.
+        AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>
+                        static void routine(void *a) { a = 0; }
+                        static void *start_routine(void *a) { return a; }],
+                       [pthread_t th; pthread_attr_t attr;
+                        pthread_create(&th, 0, start_routine, 0);
+                        pthread_join(th, 0);
+                        pthread_attr_init(&attr);
+                        pthread_cleanup_push(routine, 0);
+                        pthread_cleanup_pop(0) /* ; */])],
+                [ax_pthread_ok=yes],
+                [])
+
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+
+        AC_MSG_RESULT($ax_pthread_ok)
+        if test "x$ax_pthread_ok" = xyes; then
+                break;
+        fi
+
+        PTHREAD_LIBS=""
+        PTHREAD_CFLAGS=""
+done
+fi
+
+# Various other checks:
+if test "x$ax_pthread_ok" = xyes; then
+        save_LIBS="$LIBS"
+        LIBS="$PTHREAD_LIBS $LIBS"
+        save_CFLAGS="$CFLAGS"
+        CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
+
+        # Detect AIX lossage: JOINABLE attribute is called UNDETACHED.
+        AC_MSG_CHECKING([for joinable pthread attribute])
+        attr_name=unknown
+        for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do
+            AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>],
+                           [int attr = $attr; return attr /* ; */])],
+                [attr_name=$attr; break],
+                [])
+        done
+        AC_MSG_RESULT($attr_name)
+        if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then
+            AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name,
+                               [Define to necessary symbol if this constant
+                                uses a non-standard name on your system.])
+        fi
+
+        AC_MSG_CHECKING([if more special flags are required for pthreads])
+        flag=no
+        case "${host_cpu}-${host_os}" in
+            *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";;
+            *solaris* | *-osf* | *-hpux*) flag="-D_REENTRANT";;
+        esac
+        AC_MSG_RESULT(${flag})
+        if test "x$flag" != xno; then
+            PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS"
+        fi
+
+        AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT],
+            ax_cv_PTHREAD_PRIO_INHERIT, [
+                AC_LINK_IFELSE([
+                    AC_LANG_PROGRAM([[#include <pthread.h>]], [[int i = PTHREAD_PRIO_INHERIT;]])],
+                    [ax_cv_PTHREAD_PRIO_INHERIT=yes],
+                    [ax_cv_PTHREAD_PRIO_INHERIT=no])
+            ])
+        AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"],
+            AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.]))
+
+        LIBS="$save_LIBS"
+        CFLAGS="$save_CFLAGS"
+
+        # More AIX lossage: must compile with xlc_r or cc_r
+        if test x"$GCC" != xyes; then
+          AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC})
+        else
+          PTHREAD_CC=$CC
+        fi
+else
+        PTHREAD_CC="$CC"
+fi
+
+AC_SUBST(PTHREAD_LIBS)
+AC_SUBST(PTHREAD_CFLAGS)
+AC_SUBST(PTHREAD_CC)
+
+# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND:
+if test x"$ax_pthread_ok" = xyes; then
+        ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1])
+        :
+else
+        ax_pthread_ok=no
+        $2
+fi
+AC_LANG_POP
+])dnl AX_PTHREAD

src/Makefile.am

@@ -0,0 +1,3 @@
+
+SUBDIRS = \
+	libnacl

src/libnacl/MACROS

@@ -0,0 +1,56 @@
+crypto_verify
+crypto_verify_BYTES
+crypto_core
+crypto_core_OUTPUTBYTES
+crypto_core_INPUTBYTES
+crypto_core_KEYBYTES
+crypto_core_CONSTBYTES
+crypto_hashblocks
+crypto_hashblocks_STATEBYTES
+crypto_hashblocks_BLOCKBYTES
+crypto_hash
+crypto_hash_BYTES
+crypto_stream
+crypto_stream_xor
+crypto_stream_beforenm
+crypto_stream_afternm
+crypto_stream_xor_afternm
+crypto_stream_KEYBYTES
+crypto_stream_NONCEBYTES
+crypto_stream_BEFORENMBYTES
+crypto_onetimeauth
+crypto_onetimeauth_verify
+crypto_onetimeauth_BYTES
+crypto_onetimeauth_KEYBYTES
+crypto_auth
+crypto_auth_verify
+crypto_auth_BYTES
+crypto_auth_KEYBYTES
+crypto_secretbox
+crypto_secretbox_open
+crypto_secretbox_KEYBYTES
+crypto_secretbox_NONCEBYTES
+crypto_secretbox_ZEROBYTES
+crypto_secretbox_BOXZEROBYTES
+crypto_scalarmult
+crypto_scalarmult_base
+crypto_scalarmult_BYTES
+crypto_scalarmult_SCALARBYTES
+crypto_box
+crypto_box_open
+crypto_box_keypair
+crypto_box_beforenm
+crypto_box_afternm
+crypto_box_open_afternm
+crypto_box_PUBLICKEYBYTES
+crypto_box_SECRETKEYBYTES
+crypto_box_BEFORENMBYTES
+crypto_box_NONCEBYTES
+crypto_box_ZEROBYTES
+crypto_box_BOXZEROBYTES
+crypto_sign
+crypto_sign_open
+crypto_sign_keypair
+crypto_sign_BYTES
+crypto_sign_PUBLICKEYBYTES
+crypto_sign_SECRETKEYBYTES

src/libnacl/OPERATIONS

@@ -0,0 +1,11 @@
+crypto_verify
+crypto_core
+crypto_hashblocks
+crypto_hash
+crypto_stream
+crypto_onetimeauth
+crypto_auth
+crypto_secretbox
+crypto_scalarmult
+crypto_box
+crypto_sign

src/libnacl/PROTOTYPES.c

@@ -0,0 +1,26 @@
+extern int crypto_verify(const unsigned char *,const unsigned char *);
+extern int crypto_core(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_hashblocks(unsigned char *,const unsigned char *,unsigned long long);
+extern int crypto_hash(unsigned char *,const unsigned char *,unsigned long long);
+extern int crypto_stream(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_beforenm(unsigned char *,const unsigned char *);
+extern int crypto_stream_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_stream_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_onetimeauth(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_onetimeauth_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_auth(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_auth_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_secretbox(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_secretbox_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_scalarmult(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_scalarmult_base(unsigned char *,const unsigned char *);
+extern int crypto_box(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_keypair(unsigned char *,unsigned char *);
+extern int crypto_box_beforenm(unsigned char *,const unsigned char *,const unsigned char *);
+extern int crypto_box_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_box_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *);
+extern int crypto_sign(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_open(unsigned char *,unsigned long long *,const unsigned char *,unsigned long long,const unsigned char *);
+extern int crypto_sign_keypair(unsigned char *,unsigned char *);

src/libnacl/PROTOTYPES.cpp

@@ -0,0 +1,17 @@
+extern std::string crypto_auth(const std::string &,const std::string &);
+extern void crypto_auth_verify(const std::string &,const std::string &,const std::string &);
+extern std::string crypto_box(const std::string &,const std::string &,const std::string &,const std::string &);
+extern std::string crypto_box_open(const std::string &,const std::string &,const std::string &,const std::string &);
+extern std::string crypto_box_keypair(std::string *);
+extern std::string crypto_hash(const std::string &);
+extern std::string crypto_onetimeauth(const std::string &,const std::string &);
+extern void crypto_onetimeauth_verify(const std::string &,const std::string &,const std::string &);
+extern std::string crypto_scalarmult(const std::string &,const std::string &);
+extern std::string crypto_scalarmult_base(const std::string &);
+extern std::string crypto_secretbox(const std::string &,const std::string &,const std::string &);
+extern std::string crypto_secretbox_open(const std::string &,const std::string &,const std::string &);
+extern std::string crypto_stream(size_t,const std::string &,const std::string &);
+extern std::string crypto_stream_xor(const std::string &,const std::string &,const std::string &);
+extern std::string crypto_sign(const std::string &,const std::string &);
+extern std::string crypto_sign_open(const std::string &,const std::string &);
+extern std::string crypto_sign_keypair(std::string *);

src/libnacl/commandline/nacl-sha256.c

@@ -0,0 +1,64 @@
+/*
+commandline/nacl-sha256.c version 20080713
+D. J. Bernstein
+Public domain.
+*/
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "crypto_hash_sha256.h"
+
+unsigned char *input;
+unsigned long long inputalloc;
+unsigned long long inputlen;
+
+unsigned char h[crypto_hash_sha256_BYTES];
+
+void h_print(void)
+{
+  int i;
+  for (i = 0;i < crypto_hash_sha256_BYTES;++i) printf("%02x",255 & (int) h[i]);
+  printf("\n");
+}
+
+int main()
+{
+  struct stat st;
+  int ch;
+
+  if (fstat(0,&st) == 0) {
+    input = mmap(0,st.st_size,PROT_READ,MAP_SHARED,0,0);
+    if (input != MAP_FAILED) {
+      crypto_hash_sha256(h,input,st.st_size);
+      h_print();
+      return 0;
+    }
+  }
+
+  input = 0;
+  inputalloc = 0;
+  inputlen = 0;
+
+  while ((ch = getchar()) != EOF) {
+    if (inputlen >= inputalloc) {
+      void *newinput;
+      while (inputlen >= inputalloc)
+        inputalloc = inputalloc * 2 + 1;
+      if (posix_memalign(&newinput,16,inputalloc) != 0) return 111;
+      memcpy(newinput,input,inputlen);
+      free(input);
+      input = newinput;
+    }
+    input[inputlen++] = ch;
+  }
+
+  crypto_hash_sha256(h,input,inputlen);
+  h_print();
+
+  return 0;
+}

src/libnacl/commandline/nacl-sha512.c

@@ -0,0 +1,64 @@
+/*
+commandline/nacl-sha512.c version 20080713
+D. J. Bernstein
+Public domain.
+*/
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "crypto_hash_sha512.h"
+
+unsigned char *input;
+unsigned long long inputalloc;
+unsigned long long inputlen;
+
+unsigned char h[crypto_hash_sha512_BYTES];
+
+void h_print(void)
+{
+  int i;
+  for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",255 & (int) h[i]);
+  printf("\n");
+}
+
+int main()
+{
+  struct stat st;
+  int ch;
+
+  if (fstat(0,&st) == 0) {
+    input = mmap(0,st.st_size,PROT_READ,MAP_SHARED,0,0);
+    if (input != MAP_FAILED) {
+      crypto_hash_sha512(h,input,st.st_size);
+      h_print();
+      return 0;
+    }
+  }
+
+  input = 0;
+  inputalloc = 0;
+  inputlen = 0;
+
+  while ((ch = getchar()) != EOF) {
+    if (inputlen >= inputalloc) {
+      void *newinput;
+      while (inputlen >= inputalloc)
+        inputalloc = inputalloc * 2 + 1;
+      if (posix_memalign(&newinput,16,inputalloc) != 0) return 111;
+      memcpy(newinput,input,inputlen);
+      free(input);
+      input = newinput;
+    }
+    input[inputlen++] = ch;
+  }
+
+  crypto_hash_sha512(h,input,inputlen);
+  h_print();
+
+  return 0;
+}

src/libnacl/cpucycles/alpha.c

@@ -0,0 +1,80 @@
+/*
+cpucycles/alpha.c version 20060316
+D. J. Bernstein
+Public domain.
+*/
+
+#include <time.h>
+#include <unistd.h>
+#include <sys/time.h>
+
+static long long tod(void)
+{
+  struct timeval t;
+  gettimeofday(&t,(struct timezone *) 0);
+  return t.tv_sec * (long long) 1000000 + t.tv_usec;
+}
+
+static long long rpcc(void)
+{
+  unsigned long long t;
+  asm volatile("rpcc %0" : "=r"(t));
+  return t & 0xffffffff;
+}
+
+static long long firstrpcc;
+static long long firsttod;
+static long long lastrpcc;
+static long long lasttod;
+static double mhz = 0;
+
+static void init(void)
+{
+  firstrpcc = rpcc();
+  firsttod = tod();
+
+  do {
+    lastrpcc = rpcc();
+    lasttod = tod();
+  } while (lasttod - firsttod < 10000);
+
+  lastrpcc -= firstrpcc; lastrpcc &= 0xffffffff;
+  lasttod -= firsttod;
+
+  mhz = (double) lastrpcc / (double) lasttod;
+}
+
+long long cpucycles_alpha(void)
+{
+  double x;
+  long long y;
+
+  if (!mhz) init();
+
+  lastrpcc = rpcc();
+  lasttod = tod();
+
+  lastrpcc -= firstrpcc; lastrpcc &= 0xffffffff;
+  lasttod -= firsttod;
+
+  /* Number of cycles since firstrpcc is lastrpcc + 2^32 y for unknown y. */
+  /* Number of microseconds since firsttod is lasttod. */
+
+  x = (lasttod * mhz - lastrpcc) * 0.00000000023283064365386962890625;
+  y = x;
+  while (x > y + 0.5) y += 1;
+  while (x < y - 0.5) y -= 1;
+
+  y *= 4294967296ULL;
+  lastrpcc += y;
+
+  mhz = (double) lastrpcc / (double) lasttod;
+
+  return firstrpcc + lastrpcc;
+}
+
+long long cpucycles_alpha_persecond(void)
+{
+  if (!mhz) init();
+  return 1000000.0 * mhz;
+}

src/libnacl/cpucycles/alpha.h

@@ -0,0 +1,27 @@
+/*
+cpucycles alpha.h version 20060318
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_alpha_h
+#define CPUCYCLES_alpha_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_alpha(void);
+extern long long cpucycles_alpha_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "alpha"
+#define cpucycles cpucycles_alpha
+#define cpucycles_persecond cpucycles_alpha_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/amd64cpuinfo.c

@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include "osfreq.c"
+
+long long cpucycles_amd64cpuinfo(void)
+{
+  unsigned long long result;
+  asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax"
+    : "=a" (result) ::  "%rdx");
+  return result;
+}
+
+long long cpucycles_amd64cpuinfo_persecond(void)
+{
+  return osfreq();
+}

src/libnacl/cpucycles/amd64cpuinfo.h

@@ -0,0 +1,27 @@
+/*
+cpucycles amd64cpuinfo.h version 20100803
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_amd64cpuinfo_h
+#define CPUCYCLES_amd64cpuinfo_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_amd64cpuinfo(void);
+extern long long cpucycles_amd64cpuinfo_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "amd64cpuinfo"
+#define cpucycles cpucycles_amd64cpuinfo
+#define cpucycles_persecond cpucycles_amd64cpuinfo_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/amd64cpuspeed.c

@@ -0,0 +1,25 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+
+long long cpucycles_amd64cpuspeed(void)
+{
+  unsigned long long result;
+  asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax"
+    : "=a" (result) ::  "%rdx");
+  return result;
+}
+
+long long cpucycles_amd64cpuspeed_persecond(void)
+{
+  int oid[2];
+  int val;
+  size_t size;
+  oid[0] = CTL_HW;
+  oid[1] = HW_CPUSPEED;
+  size = sizeof val;
+  if (sysctl(oid,2,&val,&size,0,0) == -1) return 0;
+  if (size != sizeof val) return 0;
+  return val * 1000000LL;
+}

src/libnacl/cpucycles/amd64cpuspeed.h

@@ -0,0 +1,27 @@
+/*
+cpucycles amd64cpuspeed.h version 20090716
+Matthew Dempsky
+Public domain.
+*/
+
+#ifndef CPUCYCLES_amd64cpuspeed_h
+#define CPUCYCLES_amd64cpuspeed_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_amd64cpuspeed(void);
+extern long long cpucycles_amd64cpuspeed_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "amd64cpuspeed"
+#define cpucycles cpucycles_amd64cpuspeed
+#define cpucycles_persecond cpucycles_amd64cpuspeed_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/amd64tscfreq.c

@@ -0,0 +1,18 @@
+#include <stdio.h>
+#include <sys/types.h>
+
+long long cpucycles_amd64tscfreq(void)
+{
+  unsigned long long result;
+  asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax"
+    : "=a" (result) ::  "%rdx");
+  return result;
+}
+
+long long cpucycles_amd64tscfreq_persecond(void)
+{
+  long result = 0;
+  size_t resultlen = sizeof(long);
+  sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0);
+  return result;
+}

src/libnacl/cpucycles/amd64tscfreq.h

@@ -0,0 +1,27 @@
+/*
+cpucycles amd64tscfreq.h version 20060318
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_amd64tscfreq_h
+#define CPUCYCLES_amd64tscfreq_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_amd64tscfreq(void);
+extern long long cpucycles_amd64tscfreq_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "amd64tscfreq"
+#define cpucycles cpucycles_amd64tscfreq
+#define cpucycles_persecond cpucycles_amd64tscfreq_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/celllinux.c

@@ -0,0 +1,83 @@
+#include <time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <spu_mfcio.h>
+
+static long myround(double u)
+{
+  long result = u;
+  while (result + 0.5 < u) result += 1;
+  while (result - 0.5 > u) result -= 1;
+  return result;
+}
+
+static long long microseconds(void)
+{
+  struct timeval t;
+  gettimeofday(&t,(struct timezone *) 0);
+  return t.tv_sec * (long long) 1000000 + t.tv_usec;
+}
+
+static long long timebase(void)
+{
+  unsigned long long result;
+  result = -spu_read_decrementer();
+  return 0xffffffff & result;
+}
+
+static double cpufrequency = 0;
+static long tbcycles = 0;
+
+static double guesstbcycles(void)
+{
+  long long tb0; long long us0;
+  long long tb1; long long us1;
+
+  tb0 = timebase();
+  us0 = microseconds();
+  do {
+    tb1 = timebase();
+    us1 = microseconds();
+  } while (us1 - us0 < 10000 || tb1 - tb0 < 1000);
+  if (tb1 <= tb0) return 0;
+  tb1 -= tb0;
+  us1 -= us0;
+  return (cpufrequency * 0.000001 * (double) us1) / (double) tb1;
+}
+
+static void init(void)
+{
+  int loop;
+  double guess1;
+  double guess2;
+
+  spu_write_decrementer(0xffffffff);
+
+  cpufrequency = 3192000000.0;
+
+  for (loop = 0;loop < 100;++loop) {
+    guess1 = guesstbcycles();
+    guess2 = guesstbcycles();
+    tbcycles = myround(guess1);
+    if (guess1 - tbcycles > 0.1) continue;
+    if (tbcycles - guess1 > 0.1) continue;
+    if (guess2 - tbcycles > 0.1) continue;
+    if (tbcycles - guess2 > 0.1) continue;
+    return;
+  }
+  tbcycles = 0;
+}
+
+long long cpucycles_celllinux(void)
+{
+  if (!tbcycles) init();
+  return timebase() * tbcycles;
+}
+
+long long cpucycles_celllinux_persecond(void)
+{
+  if (!tbcycles) init();
+  return cpufrequency;
+}

src/libnacl/cpucycles/celllinux.h

@@ -0,0 +1,27 @@
+/*
+cpucycles celllinux.h version 20081201
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_celllinux_h
+#define CPUCYCLES_celllinux_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_celllinux(void);
+extern long long cpucycles_celllinux_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "celllinux"
+#define cpucycles cpucycles_celllinux
+#define cpucycles_persecond cpucycles_celllinux_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/cortex.c

@@ -0,0 +1,73 @@
+/*
+cpucycles/cortex.c version 20101203
+D. J. Bernstein
+Public domain.
+*/
+
+#define SCALE 1
+#include <time.h>
+#include <unistd.h>
+#include <sys/time.h>
+
+static int enabled = 0;
+
+static int prev[3];
+static unsigned long long prevcycles = 0;
+static int now[3];
+static long long cyclespersec = 0;
+
+static void readticks(unsigned int *result)
+{
+  struct timeval t;
+  unsigned int cc;
+  if (!enabled) {
+    asm volatile("mcr p15, 0, %0, c9, c12, 0" :: "r"(17));
+    asm volatile("mcr p15, 0, %0, c9, c12, 1" :: "r"(0x8000000f));
+    asm volatile("mcr p15, 0, %0, c9, c12, 3" :: "r"(0x8000000f));
+    enabled = 1;
+  }
+  asm volatile("mrc p15, 0, %0, c9, c13, 0" : "=r"(cc));
+  gettimeofday(&t,(struct timezone *) 0);
+  result[0] = cc;
+  result[1] = t.tv_usec;
+  result[2] = t.tv_sec;
+}
+
+long long cpucycles_cortex(void)
+{
+  unsigned long long delta4;
+  int deltan;
+  int deltas;
+  unsigned long long guesscycles;
+
+  readticks(now);
+  delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */
+  deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */
+  deltas = now[2] - prev[2]; /* signed change in number of seconds */
+  if ((deltas == 0 && deltan < 200000) || (deltas == 1 && deltan < -800000))
+    return (prevcycles + delta4) * SCALE;
+
+  prev[0] = now[0];
+  prev[1] = now[1];
+  prev[2] = now[2];
+
+  if ((deltas == 0 && deltan < 300000) || (deltas == 1 && deltan < -700000)) {
+    // actual number of cycles cannot have increased by 2^32 in <0.3ms
+    cyclespersec = 1000000 * (unsigned long long) delta4;
+    cyclespersec /= deltan + 1000000 * (long long) deltas;
+  } else {
+    guesscycles = deltas * cyclespersec;
+    guesscycles += (deltan * cyclespersec) / 1000000;
+    while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL;
+    /* XXX: could do longer-term extrapolation here */
+  }
+
+  prevcycles += delta4;
+  return prevcycles * SCALE;
+}
+
+long long cpucycles_cortex_persecond(void)
+{
+  while (!cyclespersec) cpucycles_cortex();
+  return cyclespersec * SCALE;
+}

src/libnacl/cpucycles/cortex.h

@@ -0,0 +1,27 @@
+/*
+cpucycles cortex.h version 20100912
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_cortex_h
+#define CPUCYCLES_cortex_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_cortex(void);
+extern long long cpucycles_cortex_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "cortex"
+#define cpucycles cpucycles_cortex
+#define cpucycles_persecond cpucycles_cortex_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/dev4ns.c

@@ -0,0 +1,62 @@
+#include <sys/types.h>
+#include <fcntl.h>
+#include <time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/time.h>
+
+static int fddev = -1;
+static int prev[3];
+static unsigned long long prevcycles = 0;
+static int now[3];
+static long long cyclespersec = 0;
+
+static void readdev(unsigned int *result)
+{
+  if (read(fddev,result,12) == 12) return;
+  result[0] = result[1] = result[2] = 0;
+}
+
+long long cpucycles_dev4ns(void)
+{
+  unsigned long long delta4;
+  int deltan;
+  int deltas;
+  unsigned long long guesscycles;
+
+  if (fddev == -1) {
+    fddev = open("/dev/cpucycles4ns",O_RDONLY);
+    readdev(prev);
+  }
+
+  readdev(now);
+  delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */
+  deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */
+  deltas = now[2] - prev[2]; /* signed change in number of seconds */
+  if ((deltas == 0 && deltan < 200000000) || (deltas == 1 && deltan < -800000000))
+    return prevcycles + delta4;
+
+  prev[0] = now[0];
+  prev[1] = now[1];
+  prev[2] = now[2];
+
+  if ((deltas == 0 && deltan < 300000000) || (deltas == 1 && deltan < -700000000)) {
+    // actual number of cycles cannot have increased by 2^32 in <0.3ms
+    cyclespersec = 1000000000 * (unsigned long long) delta4;
+    cyclespersec /= deltan + 1000000000 * (long long) deltas;
+  } else {
+    guesscycles = deltas * cyclespersec;
+    guesscycles += (deltan * cyclespersec) / 1000000000;
+    while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL;
+    /* XXX: could do longer-term extrapolation here */
+  }
+
+  prevcycles += delta4;
+  return prevcycles;
+}
+
+long long cpucycles_dev4ns_persecond(void)
+{
+  while (!cyclespersec) cpucycles_dev4ns();
+  return cyclespersec;
+}

src/libnacl/cpucycles/dev4ns.h

@@ -0,0 +1,27 @@
+/*
+cpucycles dev4ns.h version 20100803
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_dev4ns_h
+#define CPUCYCLES_dev4ns_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_dev4ns(void);
+extern long long cpucycles_dev4ns_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "dev4ns"
+#define cpucycles cpucycles_dev4ns
+#define cpucycles_persecond cpucycles_dev4ns_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/do

@@ -0,0 +1,44 @@
+#!/bin/sh -e
+
+okabi | (
+  while read abi
+  do
+
+    rm -f cpucycles.o cpucycles.h
+
+    (
+      echo monotoniccpuinfo
+      echo monotonic
+      echo gettimeofday
+    ) | (
+      while read n
+      do
+        okc-$abi | (
+          while read c
+          do
+            echo "=== `date` === Trying $n.c with $c..." >&2
+            rm -f test cpucycles-impl.o cpucycles-impl.h cpucycles-impl.c
+            cp $n.c cpucycles-impl.c || continue
+            cp $n.h cpucycles-impl.h || continue
+            $c -c cpucycles-impl.c || continue
+            $c -o test test.c cpucycles-impl.o || continue
+            echo "=== `date` === Success. Using $n.c." >&2
+            mkdir -p lib/$abi
+            mv cpucycles-impl.o lib/$abi/cpucycles.o
+            mkdir -p include/$abi
+            mv cpucycles-impl.h include/$abi/cpucycles.h
+            exit 0
+          done
+          exit 111
+        ) && exit 0
+      done
+      exit 111
+    ) || (
+      echo ===== Giving up. >&2
+      rm -f test cpucycles-impl.o cpucycles-impl.h cpucycles-impl.c
+      exit 111
+    ) || exit 0
+
+  done
+  exit 0
+) || exit 111

src/libnacl/cpucycles/gettimeofday.c

@@ -0,0 +1,32 @@
+#include <time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include "osfreq.c"
+
+static double cpufrequency = 0;
+
+static void init(void)
+{
+  cpufrequency = osfreq();
+}
+
+long long cpucycles_gettimeofday(void)
+{
+  double result;
+  struct timeval t;
+  if (!cpufrequency) init();
+  gettimeofday(&t,(struct timezone *) 0);
+  result = t.tv_usec;
+  result *= 0.000001;
+  result += (double) t.tv_sec;
+  result *= cpufrequency;
+  return result;
+}
+
+long long cpucycles_gettimeofday_persecond(void)
+{
+  if (!cpufrequency) init();
+  return cpufrequency;
+}

src/libnacl/cpucycles/gettimeofday.h

@@ -0,0 +1,27 @@
+/*
+cpucycles gettimeofday.h version 20060318
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_gettimeofday_h
+#define CPUCYCLES_gettimeofday_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_gettimeofday(void);
+extern long long cpucycles_gettimeofday_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "gettimeofday"
+#define cpucycles cpucycles_gettimeofday
+#define cpucycles_persecond cpucycles_gettimeofday_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/hppapstat.c

@@ -0,0 +1,26 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/pstat.h>
+#include <machine/inline.h>
+
+long long cpucycles_hppapstat(void)
+{
+  register long long result;
+  _MFCTL(16,result);
+  return result;
+}
+
+long long cpucycles_hppapstat_persecond(void)
+{
+  struct pst_processor pst;
+  union pstun pu;
+  double result;
+
+  pu.pst_processor = &pst;
+  if (pstat(PSTAT_PROCESSOR,pu,sizeof(pst),1,0) < 0) return 0;
+  result = pst.psp_iticksperclktick;
+  result *= (double) sysconf(_SC_CLK_TCK);
+  return result;
+}

src/libnacl/cpucycles/hppapstat.h

@@ -0,0 +1,27 @@
+/*
+cpucycles hppapstat.h version 20060319
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_hppapstat_h
+#define CPUCYCLES_hppapstat_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_hppapstat(void);
+extern long long cpucycles_hppapstat_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "hppapstat"
+#define cpucycles cpucycles_hppapstat
+#define cpucycles_persecond cpucycles_hppapstat_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/ia64cpuinfo.c

@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include "osfreq.c"
+
+long long cpucycles_ia64cpuinfo(void)
+{
+  long long result;
+  asm volatile("mov %0=ar.itc" : "=r"(result));
+  return result;
+}
+
+long long cpucycles_ia64cpuinfo_persecond(void)
+{
+  return osfreq();
+}

src/libnacl/cpucycles/ia64cpuinfo.h

@@ -0,0 +1,27 @@
+/*
+cpucycles ia64cpuinfo.h version 20100803
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_ia64cpuinfo_h
+#define CPUCYCLES_ia64cpuinfo_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_ia64cpuinfo(void);
+extern long long cpucycles_ia64cpuinfo_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "ia64cpuinfo"
+#define cpucycles cpucycles_ia64cpuinfo
+#define cpucycles_persecond cpucycles_ia64cpuinfo_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/mips.c

@@ -0,0 +1,65 @@
+/*
+cpucycles/mips.c version 20100803
+D. J. Bernstein
+Public domain.
+*/
+
+#define SCALE 2
+#include <time.h>
+#include <unistd.h>
+#include <sys/time.h>
+
+static int prev[3];
+static unsigned long long prevcycles = 0;
+static int now[3];
+static long long cyclespersec = 0;
+
+static void readticks(unsigned int *result)
+{
+  struct timeval t;
+  unsigned int cc;
+  asm volatile(".byte 59; .byte 16; .byte 2; .byte 124; move %0,$2" : "=r"(cc) : : "$2");
+  gettimeofday(&t,(struct timezone *) 0);
+  result[0] = cc;
+  result[1] = t.tv_usec;
+  result[2] = t.tv_sec;
+}
+
+long long cpucycles_mips(void)
+{
+  unsigned long long delta4;
+  int deltan;
+  int deltas;
+  unsigned long long guesscycles;
+
+  readticks(now);
+  delta4 = (unsigned int) (now[0] - prev[0]); /* unsigned change in number of cycles mod 2^32 */
+  deltan = now[1] - prev[1]; /* signed change in number of nanoseconds mod 10^9 */
+  deltas = now[2] - prev[2]; /* signed change in number of seconds */
+  if ((deltas == 0 && deltan < 200000) || (deltas == 1 && deltan < -800000))
+    return (prevcycles + delta4) * SCALE;
+
+  prev[0] = now[0];
+  prev[1] = now[1];
+  prev[2] = now[2];
+
+  if ((deltas == 0 && deltan < 300000) || (deltas == 1 && deltan < -700000)) {
+    // actual number of cycles cannot have increased by 2^32 in <0.3ms
+    cyclespersec = 1000000 * (unsigned long long) delta4;
+    cyclespersec /= deltan + 1000000 * (long long) deltas;
+  } else {
+    guesscycles = deltas * cyclespersec;
+    guesscycles += (deltan * cyclespersec) / 1000000;
+    while (delta4 + 2147483648ULL < guesscycles) delta4 += 4294967296ULL;
+    /* XXX: could do longer-term extrapolation here */
+  }
+
+  prevcycles += delta4;
+  return prevcycles * SCALE;
+}
+
+long long cpucycles_mips_persecond(void)
+{
+  while (!cyclespersec) cpucycles_mips();
+  return cyclespersec * SCALE;
+}

src/libnacl/cpucycles/mips.h

@@ -0,0 +1,27 @@
+/*
+cpucycles mips.h version 20100802
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_mips_h
+#define CPUCYCLES_mips_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_mips(void);
+extern long long cpucycles_mips_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "mips"
+#define cpucycles cpucycles_mips
+#define cpucycles_persecond cpucycles_mips_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/monotonic.c

@@ -0,0 +1,35 @@
+#include <time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+
+static double cpufrequency = 0;
+
+static void init(void)
+{
+  long result = 0; size_t resultlen = sizeof(long);
+  sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0);
+  cpufrequency = result;
+}
+
+long long cpucycles_monotonic(void)
+{
+  double result;
+  struct timespec t;
+  if (!cpufrequency) init();
+  clock_gettime(CLOCK_MONOTONIC,&t);
+  result = t.tv_nsec;
+  result *= 0.000000001;
+  result += (double) t.tv_sec;
+  result *= cpufrequency;
+  return result;
+}
+
+long long cpucycles_monotonic_persecond(void)
+{
+  if (!cpufrequency) init();
+  return cpufrequency;
+}

src/libnacl/cpucycles/monotonic.h

@@ -0,0 +1,27 @@
+/*
+cpucycles monotonic.h version 20100803
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_monotonic_h
+#define CPUCYCLES_monotonic_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_monotonic(void);
+extern long long cpucycles_monotonic_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "monotonic"
+#define cpucycles cpucycles_monotonic
+#define cpucycles_persecond cpucycles_monotonic_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/monotoniccpuinfo.c

@@ -0,0 +1,34 @@
+#include <time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include "osfreq.c"
+
+static double cpufrequency = 0;
+
+static void init(void)
+{
+  cpufrequency = osfreq();
+}
+
+long long cpucycles_monotoniccpuinfo(void)
+{
+  double result;
+  struct timespec t;
+  if (!cpufrequency) init();
+  clock_gettime(CLOCK_MONOTONIC,&t);
+  result = t.tv_nsec;
+  result *= 0.000000001;
+  result += (double) t.tv_sec;
+  result *= cpufrequency;
+  return result;
+}
+
+long long cpucycles_monotoniccpuinfo_persecond(void)
+{
+  if (!cpufrequency) init();
+  return cpufrequency;
+}

src/libnacl/cpucycles/monotoniccpuinfo.h

@@ -0,0 +1,27 @@
+/*
+cpucycles monotoniccpuinfo.h version 20100804
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_monotoniccpuinfo_h
+#define CPUCYCLES_monotoniccpuinfo_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_monotoniccpuinfo(void);
+extern long long cpucycles_monotoniccpuinfo_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "monotoniccpuinfo"
+#define cpucycles cpucycles_monotoniccpuinfo
+#define cpucycles_persecond cpucycles_monotoniccpuinfo_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/osfreq.c

@@ -0,0 +1,65 @@
+static double osfreq(void)
+{
+  FILE *f;
+  double result;
+  int s;
+
+  f = fopen("/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq", "r");
+  if (f) {
+    s = fscanf(f,"%lf",&result);
+    fclose(f);
+    if (s > 0) return 1000.0 * result;
+  }
+
+  f = fopen("/sys/devices/system/cpu/cpu0/clock_tick", "r");
+  if (f) {
+    s = fscanf(f,"%lf",&result);
+    fclose(f);
+    if (s > 0) return result;
+  }
+
+  f = fopen("/proc/cpuinfo","r");
+  if (f) {
+    for (;;) {
+      s = fscanf(f,"cpu MHz : %lf",&result);
+      if (s > 0) break;
+      if (s == 0) s = fscanf(f,"%*[^\n]\n");
+      if (s < 0) { result = 0; break; }
+    }
+    fclose(f);
+    if (result) return 1000000.0 * result;
+  }
+
+  f = fopen("/proc/cpuinfo","r");
+  if (f) {
+    for (;;) {
+      s = fscanf(f,"clock : %lf",&result);
+      if (s > 0) break;
+      if (s == 0) s = fscanf(f,"%*[^\n]\n");
+      if (s < 0) { result = 0; break; }
+    }
+    fclose(f);
+    if (result) return 1000000.0 * result;
+  }
+
+  f = popen("/usr/sbin/lsattr -E -l proc0 -a frequency 2>/dev/null","r");
+  if (f) {
+    s = fscanf(f,"frequency %lf",&result);
+    pclose(f);
+    if (s > 0) return result;
+  }
+
+  f = popen("/usr/sbin/psrinfo -v 2>/dev/null","r");
+  if (f) {
+    for (;;) {
+      s = fscanf(f," The %*s processor operates at %lf MHz",&result);
+      if (s > 0) break;
+      if (s == 0) s = fscanf(f,"%*[^\n]\n");
+      if (s < 0) { result = 0; break; }
+    }
+    pclose(f);
+    if (result) return 1000000.0 * result;
+  }
+
+  return 0;
+}

src/libnacl/cpucycles/powerpccpuinfo.c

@@ -0,0 +1,95 @@
+#include <time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include "osfreq.c"
+
+static long myround(double u)
+{
+  long result = u;
+  while (result + 0.5 < u) result += 1;
+  while (result - 0.5 > u) result -= 1;
+  return result;
+}
+
+static long long microseconds(void)
+{
+  struct timeval t;
+  gettimeofday(&t,(struct timezone *) 0);
+  return t.tv_sec * (long long) 1000000 + t.tv_usec;
+}
+
+static int tbshift = 0;
+
+static long long timebase(void)
+{
+  unsigned long high;
+  unsigned long low;
+  unsigned long newhigh;
+  unsigned long long result;
+  asm volatile(
+    "7:mftbu %0;mftb %1;mftbu %2;cmpw %0,%2;bne 7b"
+    : "=r" (high), "=r" (low), "=r" (newhigh)
+  );
+  result = high;
+  result <<= 32;
+  result |= low;
+  return result >> tbshift;
+}
+
+static double cpufrequency = 0;
+static long tbcycles = 0;
+
+static double guesstbcycles(void)
+{
+  long long tb0; long long us0;
+  long long tb1; long long us1;
+
+  tb0 = timebase();
+  us0 = microseconds();
+  do {
+    tb1 = timebase();
+    us1 = microseconds();
+  } while (us1 - us0 < 10000 || tb1 - tb0 < 1000);
+  if (tb1 <= tb0) return 0;
+  tb1 -= tb0;
+  us1 -= us0;
+  return (cpufrequency * 0.000001 * (double) us1) / (double) tb1;
+}
+
+static void init(void)
+{
+  int loop;
+  double guess1;
+  double guess2;
+
+  cpufrequency = osfreq();
+  if (!cpufrequency) return;
+
+  for (tbshift = 0;tbshift < 10;++tbshift) {
+    for (loop = 0;loop < 100;++loop) {
+      guess1 = guesstbcycles();
+      guess2 = guesstbcycles();
+      tbcycles = myround(guess1);
+      if (guess1 - tbcycles > 0.1) continue;
+      if (tbcycles - guess1 > 0.1) continue;
+      if (guess2 - tbcycles > 0.1) continue;
+      if (tbcycles - guess2 > 0.1) continue;
+      return;
+    }
+  }
+  tbcycles = 0;
+}
+
+long long cpucycles_powerpccpuinfo(void)
+{
+  if (!tbcycles) init();
+  return timebase() * tbcycles;
+}
+
+long long cpucycles_powerpccpuinfo_persecond(void)
+{
+  if (!tbcycles) init();
+  return cpufrequency;
+}

src/libnacl/cpucycles/powerpccpuinfo.h

@@ -0,0 +1,27 @@
+/*
+cpucycles powerpccpuinfo.h version 20100803
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_powerpccpuinfo_h
+#define CPUCYCLES_powerpccpuinfo_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_powerpccpuinfo(void);
+extern long long cpucycles_powerpccpuinfo_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "powerpccpuinfo"
+#define cpucycles cpucycles_powerpccpuinfo
+#define cpucycles_persecond cpucycles_powerpccpuinfo_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/powerpcmacos.c

@@ -0,0 +1,43 @@
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <mach/mach_time.h>
+
+#define timebase mach_absolute_time
+
+static int cpumib[2] = { CTL_HW, HW_CPU_FREQ } ;
+static int tbmib[2] = { CTL_HW, HW_TB_FREQ } ;
+
+static long myround(double u)
+{
+  long result = u;
+  while (result + 0.5 < u) result += 1;
+  while (result - 0.5 > u) result -= 1;
+  return result;
+}
+
+static long tbcycles = 0;
+
+static void init(void)
+{
+  unsigned int cpufrequency = 0; size_t cpufrequencylen = sizeof(unsigned int);
+  unsigned int tbfrequency = 0; size_t tbfrequencylen = sizeof(unsigned int);
+  sysctl(cpumib,2,&cpufrequency,&cpufrequencylen,0,0);
+  sysctl(tbmib,2,&tbfrequency,&tbfrequencylen,0,0);
+  if (tbfrequency > 0)
+    tbcycles = myround((double) (unsigned long long) cpufrequency
+                     / (double) (unsigned long long) tbfrequency);
+}
+
+long long cpucycles_powerpcmacos(void)
+{
+  if (!tbcycles) init();
+  return timebase() * tbcycles;
+}
+
+long long cpucycles_powerpcmacos_persecond(void)
+{
+  unsigned int result = 0; size_t resultlen = sizeof(unsigned int);
+  sysctl(cpumib,2,&result,&resultlen,0,0);
+  return (unsigned long long) result;
+}

src/libnacl/cpucycles/powerpcmacos.h

@@ -0,0 +1,27 @@
+/*
+cpucycles powerpcmacos.h version 20060319
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_powerpcmacos_h
+#define CPUCYCLES_powerpcmacos_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_powerpcmacos(void);
+extern long long cpucycles_powerpcmacos_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "powerpcmacos"
+#define cpucycles cpucycles_powerpcmacos
+#define cpucycles_persecond cpucycles_powerpcmacos_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/sgi.c

@@ -0,0 +1,39 @@
+#include <time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+
+static double cpufrequency = 0;
+
+static void init(void)
+{
+  FILE *f;
+
+  f = popen("hinv -c processor | awk '{if ($3==\"MHZ\") print $2*1000000}'","r");
+  if (!f) return;
+  if (fscanf(f,"%lf",&cpufrequency) < 1) cpufrequency = 0;
+  pclose(f);
+  if (!cpufrequency) return;
+}
+
+long long cpucycles_sgi(void)
+{
+  double result;
+  struct timespec t;
+  if (!cpufrequency) init();
+  clock_gettime(CLOCK_SGI_CYCLE,&t);
+  result = t.tv_nsec;
+  result *= 0.000000001;
+  result += (double) t.tv_sec;
+  result *= cpufrequency;
+  return result;
+}
+
+long long cpucycles_sgi_persecond(void)
+{
+  if (!cpufrequency) init();
+  return cpufrequency;
+}

src/libnacl/cpucycles/sgi.h

@@ -0,0 +1,27 @@
+/*
+cpucycles sgi.h version 20070916
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_sgi_h
+#define CPUCYCLES_sgi_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_sgi(void);
+extern long long cpucycles_sgi_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "sgi"
+#define cpucycles cpucycles_sgi
+#define cpucycles_persecond cpucycles_sgi_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/sparc32cpuinfo.c

@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include "osfreq.c"
+
+long long cpucycles_sparc32cpuinfo(void)
+{
+  long long result;
+  asm volatile(".word 2202075136; .word 2570088480; srl %%g1,0,%L0; mov %%o4,%H0"
+    : "=r" (result) : : "g1","o4");
+  return result;
+}
+
+long long cpucycles_sparc32cpuinfo_persecond(void)
+{
+  return osfreq();
+}

src/libnacl/cpucycles/sparc32cpuinfo.h

@@ -0,0 +1,27 @@
+/*
+cpucycles sparc32cpuinfo.h version 20100804
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_sparc32cpuinfo_h
+#define CPUCYCLES_sparc32cpuinfo_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_sparc32cpuinfo(void);
+extern long long cpucycles_sparc32cpuinfo_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "sparc32cpuinfo"
+#define cpucycles cpucycles_sparc32cpuinfo
+#define cpucycles_persecond cpucycles_sparc32cpuinfo_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/sparccpuinfo.c

@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include "osfreq.c"
+
+long long cpucycles_sparccpuinfo(void)
+{
+  long long result;
+  asm volatile("rd %%tick,%0" : "=r" (result));
+  return result;
+}
+
+long long cpucycles_sparccpuinfo_persecond(void)
+{
+  return osfreq();
+}

src/libnacl/cpucycles/sparccpuinfo.h

@@ -0,0 +1,27 @@
+/*
+cpucycles sparccpuinfo.h version 20100803
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_sparccpuinfo_h
+#define CPUCYCLES_sparccpuinfo_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_sparccpuinfo(void);
+extern long long cpucycles_sparccpuinfo_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "sparccpuinfo"
+#define cpucycles cpucycles_sparccpuinfo
+#define cpucycles_persecond cpucycles_sparccpuinfo_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/test.c

@@ -0,0 +1,27 @@
+#include <time.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include "cpucycles-impl.h"
+
+static long long tod(void)
+{
+  struct timeval t;
+  gettimeofday(&t,(struct timezone *) 0);
+  return t.tv_sec * (long long) 1000000 + t.tv_usec;
+}
+
+long long todstart;
+long long todend;
+long long cpustart;
+long long cpuend;
+
+long long cyclespersecond;
+long long cyclespertod;
+
+long long t[1001];
+
+int main()
+{
+  return 0;
+}

src/libnacl/cpucycles/x86cpuinfo.c

@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include "osfreq.c"
+
+long long cpucycles_x86cpuinfo(void)
+{
+  long long result;
+  asm volatile(".byte 15;.byte 49" : "=A" (result));
+  return result;
+}
+
+long long cpucycles_x86cpuinfo_persecond(void)
+{
+  return osfreq();
+}

src/libnacl/cpucycles/x86cpuinfo.h

@@ -0,0 +1,27 @@
+/*
+cpucycles x86cpuinfo.h version 20100803
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_x86cpuinfo_h
+#define CPUCYCLES_x86cpuinfo_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_x86cpuinfo(void);
+extern long long cpucycles_x86cpuinfo_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "x86cpuinfo"
+#define cpucycles cpucycles_x86cpuinfo
+#define cpucycles_persecond cpucycles_x86cpuinfo_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/x86cpuspeed.c

@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+
+long long cpucycles_x86cpuspeed(void)
+{
+  long long result;
+  asm volatile(".byte 15;.byte 49" : "=A" (result));
+  return result;
+}
+
+long long cpucycles_x86cpuspeed_persecond(void)
+{
+  int oid[2];
+  int val;
+  size_t size;
+  oid[0] = CTL_HW;
+  oid[1] = HW_CPUSPEED;
+  size = sizeof val;
+  if (sysctl(oid,2,&val,&size,0,0) == -1) return 0;
+  if (size != sizeof val) return 0;
+  return val * 1000000LL;
+}

src/libnacl/cpucycles/x86cpuspeed.h

@@ -0,0 +1,27 @@
+/*
+cpucycles x86cpuspeed.h version 20090716
+Matthew Dempsky
+Public domain.
+*/
+
+#ifndef CPUCYCLES_x86cpuspeed_h
+#define CPUCYCLES_x86cpuspeed_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_x86cpuspeed(void);
+extern long long cpucycles_x86cpuspeed_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "x86cpuspeed"
+#define cpucycles cpucycles_x86cpuspeed
+#define cpucycles_persecond cpucycles_x86cpuspeed_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/x86estimate.c

@@ -0,0 +1,60 @@
+#include <time.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+
+long long cpucycles_x86estimate(void)
+{
+  long long result;
+  asm volatile(".byte 15;.byte 49" : "=A" (result));
+  return result;
+}
+
+static long long microseconds(void)
+{
+  struct timeval t;
+  gettimeofday(&t,(struct timezone *) 0);
+  return t.tv_sec * (long long) 1000000 + t.tv_usec;
+}
+
+static double guessfreq(void)
+{
+  long long tb0; long long us0;
+  long long tb1; long long us1;
+
+  tb0 = cpucycles_x86estimate();
+  us0 = microseconds();
+  do {
+    tb1 = cpucycles_x86estimate();
+    us1 = microseconds();
+  } while (us1 - us0 < 10000 || tb1 - tb0 < 1000);
+  if (tb1 <= tb0) return 0;
+  tb1 -= tb0;
+  us1 -= us0;
+  return ((double) tb1) / (0.000001 * (double) us1);
+}
+
+static double cpufrequency = 0;
+
+static void init(void)
+{
+  double guess1;
+  double guess2;
+  int loop;
+
+  for (loop = 0;loop < 100;++loop) {
+    guess1 = guessfreq();
+    guess2 = guessfreq();
+    if (guess1 > 1.01 * guess2) continue;
+    if (guess2 > 1.01 * guess1) continue;
+    cpufrequency = 0.5 * (guess1 + guess2);
+    break;
+  }
+}
+
+long long cpucycles_x86estimate_persecond(void)
+{
+  if (!cpufrequency) init();
+  return cpufrequency;
+}

src/libnacl/cpucycles/x86estimate.h

@@ -0,0 +1,27 @@
+/*
+cpucycles x86estimate.h version 20070121
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_x86estimate_h
+#define CPUCYCLES_x86estimate_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_x86estimate(void);
+extern long long cpucycles_x86estimate_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "x86estimate"
+#define cpucycles cpucycles_x86estimate
+#define cpucycles_persecond cpucycles_x86estimate_persecond
+#endif
+
+#endif

src/libnacl/cpucycles/x86tscfreq.c

@@ -0,0 +1,18 @@
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+
+long long cpucycles_x86tscfreq(void)
+{
+  long long result;
+  asm volatile(".byte 15;.byte 49" : "=A" (result));
+  return result;
+}
+
+long long cpucycles_x86tscfreq_persecond(void)
+{
+  long result = 0;
+  size_t resultlen = sizeof(long);
+  sysctlbyname("machdep.tsc_freq",&result,&resultlen,0,0);
+  return result;
+}

src/libnacl/cpucycles/x86tscfreq.h

@@ -0,0 +1,27 @@
+/*
+cpucycles x86tscfreq.h version 20060318
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef CPUCYCLES_x86tscfreq_h
+#define CPUCYCLES_x86tscfreq_h
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern long long cpucycles_x86tscfreq(void);
+extern long long cpucycles_x86tscfreq_persecond(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef cpucycles_implementation
+#define cpucycles_implementation "x86tscfreq"
+#define cpucycles cpucycles_x86tscfreq
+#define cpucycles_persecond cpucycles_x86tscfreq_persecond
+#endif
+
+#endif

src/libnacl/cpuid/cbytes.c

@@ -0,0 +1,16 @@
+#include <stdio.h>
+
+int main()
+{
+  char ch;
+  int loop = 0;
+  while (scanf("%c",&ch) == 1) {
+    printf("0x%02x,",255 & (int) ch);
+    if (++loop == 16) {
+      loop = 0;
+      printf("\n");
+    }
+  }
+  printf("0x00\n");
+  return 0;
+}

src/libnacl/cpuid/cpuid.c

@@ -0,0 +1,41 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <unistd.h>
+
+void nope()
+{
+  exit(1);
+}
+
+int main()
+{
+  unsigned long x[4];
+  unsigned long y[4];
+  int i;
+  int j;
+  char c;
+
+  signal(SIGILL,nope);
+
+  x[0] = 0;
+  x[1] = 0;
+  x[2] = 0;
+  x[3] = 0;
+
+  asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) );
+  if (!x[0]) return 0;
+  asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) );
+
+  for (i = 1;i < 4;++i)
+    for (j = 0;j < 4;++j) {
+      c = x[i] >> (8 * j);
+      if (c < 32) c = 32;
+      if (c > 126) c = 126;
+      putchar(c);
+    }
+
+  printf("-%08x-%08x\n",y[0],y[3]);
+
+  return 0;
+}

src/libnacl/cpuid/do

@@ -0,0 +1,37 @@
+#!/bin/sh -e
+
+mkdir include
+
+(
+  echo x86
+  echo unknown
+) | (
+  while read n
+  do
+    okabi | (
+      while read abi
+      do
+        okc-$abi | (
+          while read c
+          do
+            echo "=== `date` === Trying $n.c with $c..." >&2
+            rm -f cpuid.c
+	    cp $n.c cpuid.c || continue
+            $c -o cpuid cpuid.c || continue
+            $c -o cbytes cbytes.c || continue
+	    ./cpuid > cpuid.out || continue
+	    echo 'static const char cpuid[] = {' > cpuid.h || continue
+	    ./cbytes < cpuid.out >> cpuid.h || continue
+	    echo '} ;' >> cpuid.h || continue
+	    cp cpuid.h include/cpuid.h || continue
+	    cat cpuid.out
+            exit 0
+          done
+          exit 111
+        ) && exit 0
+      done
+      exit 111
+    ) && exit 0
+  done
+  exit 111
+)

src/libnacl/cpuid/unknown.c

@@ -0,0 +1,7 @@
+#include <stdio.h>
+
+main()
+{
+  printf("unknown CPU ID\n");
+  return 0;
+}

src/libnacl/cpuid/x86.c

@@ -0,0 +1,41 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <unistd.h>
+
+void nope()
+{
+  exit(1);
+}
+
+int main()
+{
+  unsigned long x[4];
+  unsigned long y[4];
+  int i;
+  int j;
+  char c;
+
+  signal(SIGILL,nope);
+
+  x[0] = 0;
+  x[1] = 0;
+  x[2] = 0;
+  x[3] = 0;
+
+  asm volatile(".byte 15;.byte 162" : "=a"(x[0]),"=b"(x[1]),"=c"(x[3]),"=d"(x[2]) : "0"(0) );
+  if (!x[0]) return 0;
+  asm volatile(".byte 15;.byte 162" : "=a"(y[0]),"=b"(y[1]),"=c"(y[2]),"=d"(y[3]) : "0"(1) );
+
+  for (i = 1;i < 4;++i)
+    for (j = 0;j < 4;++j) {
+      c = x[i] >> (8 * j);
+      if (c < 32) c = 32;
+      if (c > 126) c = 126;
+      putchar(c);
+    }
+
+  printf("-%08x-%08x\n",(unsigned int) y[0],(unsigned int) y[3]);
+
+  return 0;
+}

src/libnacl/crypto_auth/hmacsha256/checksum

@@ -0,0 +1 @@
+3bd7abd4f4dce04396f2ac7cb1cff70607f692411c49a1563b037d31e1662632

src/libnacl/crypto_auth/hmacsha256/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_KEYBYTES 32

src/libnacl/crypto_auth/hmacsha256/ref/hmac.c

@@ -0,0 +1,83 @@
+/*
+ * 20080913
+ * D. J. Bernstein
+ * Public domain.
+ * */
+
+#include "crypto_hashblocks_sha256.h"
+#include "crypto_auth.h"
+
+#define blocks crypto_hashblocks_sha256
+
+typedef unsigned int uint32;
+
+static const char iv[32] = {
+  0x6a,0x09,0xe6,0x67,
+  0xbb,0x67,0xae,0x85,
+  0x3c,0x6e,0xf3,0x72,
+  0xa5,0x4f,0xf5,0x3a,
+  0x51,0x0e,0x52,0x7f,
+  0x9b,0x05,0x68,0x8c,
+  0x1f,0x83,0xd9,0xab,
+  0x5b,0xe0,0xcd,0x19,
+} ;
+
+int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char h[32];
+  unsigned char padded[128];
+  int i;
+  unsigned long long bits = 512 + (inlen << 3);
+
+  for (i = 0;i < 32;++i) h[i] = iv[i];
+
+  for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36;
+  for (i = 32;i < 64;++i) padded[i] = 0x36;
+
+  blocks(h,padded,64);
+  blocks(h,in,inlen);
+  in += inlen;
+  inlen &= 63;
+  in -= inlen;
+
+  for (i = 0;i < inlen;++i) padded[i] = in[i];
+  padded[inlen] = 0x80;
+
+  if (inlen < 56) {
+    for (i = inlen + 1;i < 56;++i) padded[i] = 0;
+    padded[56] = bits >> 56;
+    padded[57] = bits >> 48;
+    padded[58] = bits >> 40;
+    padded[59] = bits >> 32;
+    padded[60] = bits >> 24;
+    padded[61] = bits >> 16;
+    padded[62] = bits >> 8;
+    padded[63] = bits;
+    blocks(h,padded,64);
+  } else {
+    for (i = inlen + 1;i < 120;++i) padded[i] = 0;
+    padded[120] = bits >> 56;
+    padded[121] = bits >> 48;
+    padded[122] = bits >> 40;
+    padded[123] = bits >> 32;
+    padded[124] = bits >> 24;
+    padded[125] = bits >> 16;
+    padded[126] = bits >> 8;
+    padded[127] = bits;
+    blocks(h,padded,128);
+  }
+
+  for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c;
+  for (i = 32;i < 64;++i) padded[i] = 0x5c;
+  for (i = 0;i < 32;++i) padded[64 + i] = h[i];
+
+  for (i = 0;i < 32;++i) out[i] = iv[i];
+
+  for (i = 32;i < 64;++i) padded[64 + i] = 0;
+  padded[64 + 32] = 0x80;
+  padded[64 + 62] = 3;
+
+  blocks(out,padded,128);
+
+  return 0;
+}

src/libnacl/crypto_auth/hmacsha256/ref/verify.c

@@ -0,0 +1,9 @@
+#include "crypto_verify_32.h"
+#include "crypto_auth.h"
+
+int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[32];
+  crypto_auth(correct,in,inlen,k);
+  return crypto_verify_32(h,correct);
+}

src/libnacl/crypto_auth/hmacsha512256/checksum

@@ -0,0 +1 @@
+2f5e8a6a0cac012d8d001351d7d583e69f91390df46305c3608e0c2893491886

src/libnacl/crypto_auth/hmacsha512256/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_KEYBYTES 32

src/libnacl/crypto_auth/hmacsha512256/ref/hmac.c

@@ -0,0 +1,86 @@
+/*
+ * 20080913
+ * D. J. Bernstein
+ * Public domain.
+ * */
+
+#include "crypto_hashblocks_sha512.h"
+#include "crypto_auth.h"
+
+#define blocks crypto_hashblocks_sha512
+
+typedef unsigned long long uint64;
+
+static const unsigned char iv[64] = {
+  0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
+  0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
+  0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
+  0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
+  0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
+  0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
+  0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
+  0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
+} ;
+
+int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char h[64];
+  unsigned char padded[256];
+  int i;
+  unsigned long long bytes = 128 + inlen;
+
+  for (i = 0;i < 64;++i) h[i] = iv[i];
+
+  for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36;
+  for (i = 32;i < 128;++i) padded[i] = 0x36;
+
+  blocks(h,padded,128);
+  blocks(h,in,inlen);
+  in += inlen;
+  inlen &= 127;
+  in -= inlen;
+
+  for (i = 0;i < inlen;++i) padded[i] = in[i];
+  padded[inlen] = 0x80;
+
+  if (inlen < 112) {
+    for (i = inlen + 1;i < 119;++i) padded[i] = 0;
+    padded[119] = bytes >> 61;
+    padded[120] = bytes >> 53;
+    padded[121] = bytes >> 45;
+    padded[122] = bytes >> 37;
+    padded[123] = bytes >> 29;
+    padded[124] = bytes >> 21;
+    padded[125] = bytes >> 13;
+    padded[126] = bytes >> 5;
+    padded[127] = bytes << 3;
+    blocks(h,padded,128);
+  } else {
+    for (i = inlen + 1;i < 247;++i) padded[i] = 0;
+    padded[247] = bytes >> 61;
+    padded[248] = bytes >> 53;
+    padded[249] = bytes >> 45;
+    padded[250] = bytes >> 37;
+    padded[251] = bytes >> 29;
+    padded[252] = bytes >> 21;
+    padded[253] = bytes >> 13;
+    padded[254] = bytes >> 5;
+    padded[255] = bytes << 3;
+    blocks(h,padded,256);
+  }
+
+  for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c;
+  for (i = 32;i < 128;++i) padded[i] = 0x5c;
+
+  for (i = 0;i < 64;++i) padded[128 + i] = h[i];
+  for (i = 0;i < 64;++i) h[i] = iv[i];
+
+  for (i = 64;i < 128;++i) padded[128 + i] = 0;
+  padded[128 + 64] = 0x80;
+  padded[128 + 126] = 6;
+
+  blocks(h,padded,256);
+  for (i = 0;i < 32;++i) out[i] = h[i];
+
+  return 0;
+}

src/libnacl/crypto_auth/hmacsha512256/ref/verify.c

@@ -0,0 +1,9 @@
+#include "crypto_verify_32.h"
+#include "crypto_auth.h"
+
+int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[32];
+  crypto_auth(correct,in,inlen,k);
+  return crypto_verify_32(h,correct);
+}

src/libnacl/crypto_auth/measure.c

@@ -0,0 +1,69 @@
+#include "crypto_auth.h"
+#include "randombytes.h"
+#include "cpucycles.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
+const char *implementationversion = crypto_auth_VERSION;
+const char *sizenames[] = { "outputbytes", "keybytes", 0 };
+const long long sizes[] = { crypto_auth_BYTES, crypto_auth_KEYBYTES };
+
+#define MAXTEST_BYTES 4096
+#ifdef SUPERCOP
+#define MGAP 8192
+#else
+#define MGAP 8
+#endif
+
+static unsigned char *k;
+static unsigned char *m;
+static unsigned char *h;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  k = alignedcalloc(crypto_auth_KEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  h = alignedcalloc(crypto_auth_BYTES);
+}
+
+#define TIMINGS 15
+static long long cycles[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+  int mlen;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) {
+      randombytes(k,crypto_auth_KEYBYTES);
+      randombytes(m,mlen);
+      randombytes(h,crypto_auth_BYTES);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_auth(h,m,mlen,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_auth_verify(h,m,mlen,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"verify_cycles",cycles,TIMINGS);
+    }
+  }
+}

src/libnacl/crypto_auth/try.c

@@ -0,0 +1,121 @@
+/*
+ * crypto_auth/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_hash_sha256.h"
+#include "crypto_auth.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
+
+#define MAXTEST_BYTES 10000
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+
+static unsigned char *h;
+static unsigned char *m;
+static unsigned char *k;
+static unsigned char *h2;
+static unsigned char *m2;
+static unsigned char *k2;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  h = alignedcalloc(crypto_auth_BYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  k = alignedcalloc(crypto_auth_KEYBYTES);
+  h2 = alignedcalloc(crypto_auth_BYTES);
+  m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES);
+  k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_auth(h,m,TUNE_BYTES,k);
+  crypto_auth_verify(h,m,TUNE_BYTES,k);
+}
+
+char checksum[crypto_auth_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long mlen = i;
+    long long klen = crypto_auth_KEYBYTES;
+    long long hlen = crypto_auth_BYTES;
+
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+
+    if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
+
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
+    for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output";
+    for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output";
+
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+
+    if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero";
+    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap";
+    for (j = 0;j < hlen;++j) m2[j] = m[j];
+    if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero";
+    for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap";
+    for (j = 0;j < hlen;++j) k2[j] = k[j];
+
+    if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
+
+    for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
+
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
+    if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
+    if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
+
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
+    m[mlen] = h2[0];
+  }
+  if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero";
+  if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero";
+
+  for (i = 0;i < crypto_auth_BYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

src/libnacl/crypto_auth/wrapper-auth.cpp

@@ -0,0 +1,11 @@
+#include <string>
+using std::string;
+#include "crypto_auth.h"
+
+string crypto_auth(const string &m,const string &k)
+{
+  if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length";
+  unsigned char a[crypto_auth_BYTES];
+  crypto_auth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str());
+  return string((char *) a,crypto_auth_BYTES);
+}

src/libnacl/crypto_auth/wrapper-verify.cpp

@@ -0,0 +1,14 @@
+#include <string>
+using std::string;
+#include "crypto_auth.h"
+
+void crypto_auth_verify(const string &a,const string &m,const string &k)
+{
+  if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length";
+  if (a.size() != crypto_auth_BYTES) throw "incorrect authenticator length";
+  if (crypto_auth_verify(
+       (const unsigned char *) a.c_str(),
+       (const unsigned char *) m.c_str(),m.size(),
+       (const unsigned char *) k.c_str()) == 0) return;
+  throw "invalid authenticator";
+}

src/libnacl/crypto_box/curve25519xsalsa20poly1305/checksum

@@ -0,0 +1 @@
+5fac7400caabc14a99c5c0bc13fb1df5e468e870382a3a1c

src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/after.c

@@ -0,0 +1,22 @@
+#include "crypto_secretbox_xsalsa20poly1305.h"
+#include "crypto_box.h"
+
+int crypto_box_afternm(
+  unsigned char *c,
+  const unsigned char *m,unsigned long long mlen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  return crypto_secretbox_xsalsa20poly1305(c,m,mlen,n,k);
+}
+
+int crypto_box_open_afternm(
+  unsigned char *m,
+  const unsigned char *c,unsigned long long clen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  return crypto_secretbox_xsalsa20poly1305_open(m,c,clen,n,k);
+}

src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/api.h

@@ -0,0 +1,6 @@
+#define CRYPTO_PUBLICKEYBYTES 32
+#define CRYPTO_SECRETKEYBYTES 32
+#define CRYPTO_BEFORENMBYTES 32
+#define CRYPTO_NONCEBYTES 24
+#define CRYPTO_ZEROBYTES 32
+#define CRYPTO_BOXZEROBYTES 16

src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/before.c

@@ -0,0 +1,17 @@
+#include "crypto_core_hsalsa20.h"
+#include "crypto_scalarmult_curve25519.h"
+#include "crypto_box.h"
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+static const unsigned char n[16] = {0};
+
+int crypto_box_beforenm(
+  unsigned char *k,
+  const unsigned char *pk,
+  const unsigned char *sk
+)
+{
+  unsigned char s[32];
+  crypto_scalarmult_curve25519(s,sk,pk);
+  return crypto_core_hsalsa20(k,n,s,sigma);
+}

src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/box.c

@@ -0,0 +1,27 @@
+#include "crypto_box.h"
+
+int crypto_box(
+  unsigned char *c,
+  const unsigned char *m,unsigned long long mlen,
+  const unsigned char *n,
+  const unsigned char *pk,
+  const unsigned char *sk
+)
+{
+  unsigned char k[crypto_box_BEFORENMBYTES];
+  crypto_box_beforenm(k,pk,sk);
+  return crypto_box_afternm(c,m,mlen,n,k);
+}
+
+int crypto_box_open(
+  unsigned char *m,
+  const unsigned char *c,unsigned long long clen,
+  const unsigned char *n,
+  const unsigned char *pk,
+  const unsigned char *sk
+)
+{
+  unsigned char k[crypto_box_BEFORENMBYTES];
+  crypto_box_beforenm(k,pk,sk);
+  return crypto_box_open_afternm(m,c,clen,n,k);
+}

src/libnacl/crypto_box/curve25519xsalsa20poly1305/ref/keypair.c

@@ -0,0 +1,12 @@
+#include "crypto_scalarmult_curve25519.h"
+#include "crypto_box.h"
+#include "randombytes.h"
+
+int crypto_box_keypair(
+  unsigned char *pk,
+  unsigned char *sk
+)
+{
+  randombytes(sk,32);
+  return crypto_scalarmult_curve25519_base(pk,sk);
+}

src/libnacl/crypto_box/measure.c

@@ -0,0 +1,137 @@
+#include <stdlib.h>
+#include "randombytes.h"
+#include "cpucycles.h"
+#include "crypto_box.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_box_IMPLEMENTATION;
+const char *implementationversion = crypto_box_VERSION;
+const char *sizenames[] = { "publickeybytes", "secretkeybytes", "beforenmbytes", "noncebytes", "zerobytes", "boxzerobytes", 0 };
+const long long sizes[] = { crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES, crypto_box_BEFORENMBYTES, crypto_box_NONCEBYTES, crypto_box_ZEROBYTES, crypto_box_BOXZEROBYTES };
+
+#define MAXTEST_BYTES 4096
+
+static unsigned char *ska;
+static unsigned char *pka;
+static unsigned char *skb;
+static unsigned char *pkb;
+static unsigned char *n;
+static unsigned char *m;
+static unsigned char *c;
+static unsigned char *sa;
+static unsigned char *sb;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  ska = alignedcalloc(crypto_box_SECRETKEYBYTES);
+  pka = alignedcalloc(crypto_box_PUBLICKEYBYTES);
+  skb = alignedcalloc(crypto_box_SECRETKEYBYTES);
+  pkb = alignedcalloc(crypto_box_PUBLICKEYBYTES);
+  n = alignedcalloc(crypto_box_NONCEBYTES);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
+  c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
+  sa = alignedcalloc(crypto_box_BEFORENMBYTES);
+  sb = alignedcalloc(crypto_box_BEFORENMBYTES);
+}
+
+#define TIMINGS 15
+static long long cycles[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+  int mlen;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_box_keypair(pka,ska);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"keypair_cycles",cycles,TIMINGS);
+
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_box_keypair(pkb,skb);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"keypair_cycles",cycles,TIMINGS);
+
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_box_beforenm(sa,pkb,ska);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"beforenm_cycles",cycles,TIMINGS);
+
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_box_beforenm(sb,pka,skb);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"beforenm_cycles",cycles,TIMINGS);
+
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 8) {
+      randombytes(n,crypto_box_NONCEBYTES);
+      randombytes(m + crypto_box_ZEROBYTES,mlen);
+      randombytes(c,mlen + crypto_box_ZEROBYTES);
+
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,pka,skb);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_box_open(m,c,mlen + crypto_box_ZEROBYTES,n,pkb,ska);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"open_cycles",cycles,TIMINGS);
+
+      ++c[crypto_box_ZEROBYTES];
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_box_open(m,c,mlen + crypto_box_ZEROBYTES,n,pkb,ska);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"forgery_open_cycles",cycles,TIMINGS);
+
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_box_afternm(c,m,mlen + crypto_box_ZEROBYTES,n,sb);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"afternm_cycles",cycles,TIMINGS);
+
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_box_open_afternm(m,c,mlen + crypto_box_ZEROBYTES,n,sa);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"open_afternm_cycles",cycles,TIMINGS);
+
+      ++c[crypto_box_ZEROBYTES];
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_box_open_afternm(m,c,mlen + crypto_box_ZEROBYTES,n,sa);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"forgery_open_afternm_cycles",cycles,TIMINGS);
+    }
+  }
+}

src/libnacl/crypto_box/try.c

@@ -0,0 +1,197 @@
+/*
+ * crypto_box/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_box.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_box_IMPLEMENTATION;
+
+#define MAXTEST_BYTES 10000
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+
+static unsigned char *ska;
+static unsigned char *pka;
+static unsigned char *skb;
+static unsigned char *pkb;
+static unsigned char *s;
+static unsigned char *n;
+static unsigned char *m;
+static unsigned char *c;
+static unsigned char *t;
+static unsigned char *ska2;
+static unsigned char *pka2;
+static unsigned char *skb2;
+static unsigned char *pkb2;
+static unsigned char *s2;
+static unsigned char *n2;
+static unsigned char *m2;
+static unsigned char *c2;
+static unsigned char *t2;
+
+#define sklen crypto_box_SECRETKEYBYTES
+#define pklen crypto_box_PUBLICKEYBYTES
+#define nlen crypto_box_NONCEBYTES
+#define slen crypto_box_BEFORENMBYTES
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  ska = alignedcalloc(sklen);
+  pka = alignedcalloc(pklen);
+  skb = alignedcalloc(sklen);
+  pkb = alignedcalloc(pklen);
+  n = alignedcalloc(nlen);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
+  c = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
+  t = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
+  s = alignedcalloc(slen);
+  ska2 = alignedcalloc(sklen);
+  pka2 = alignedcalloc(pklen);
+  skb2 = alignedcalloc(sklen);
+  pkb2 = alignedcalloc(pklen);
+  n2 = alignedcalloc(nlen);
+  m2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
+  c2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
+  t2 = alignedcalloc(MAXTEST_BYTES + crypto_box_ZEROBYTES);
+  s2 = alignedcalloc(slen);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_box(c,m,TUNE_BYTES + crypto_box_ZEROBYTES,n,pka,skb);
+  crypto_box_open(t,c,TUNE_BYTES + crypto_box_ZEROBYTES,n,pkb,ska);
+}
+
+char checksum[nlen * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  if (crypto_box_keypair(pka,ska) != 0) return "crypto_box_keypair returns nonzero";
+  if (crypto_box_keypair(pkb,skb) != 0) return "crypto_box_keypair returns nonzero";
+
+  for (j = 0;j < crypto_box_ZEROBYTES;++j) m[j] = 0;
+
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long mlen = i + crypto_box_ZEROBYTES;
+    long long tlen = i + crypto_box_ZEROBYTES;
+    long long clen = i + crypto_box_ZEROBYTES;
+
+    for (j = -16;j < 0;++j) ska[j] = random();
+    for (j = -16;j < 0;++j) skb[j] = random();
+    for (j = -16;j < 0;++j) pka[j] = random();
+    for (j = -16;j < 0;++j) pkb[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = -16;j < 0;++j) n[j] = random();
+
+    for (j = sklen;j < sklen + 16;++j) ska[j] = random();
+    for (j = sklen;j < sklen + 16;++j) skb[j] = random();
+    for (j = pklen;j < pklen + 16;++j) pka[j] = random();
+    for (j = pklen;j < pklen + 16;++j) pkb[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = nlen;j < nlen + 16;++j) n[j] = random();
+
+    for (j = -16;j < sklen + 16;++j) ska2[j] = ska[j];
+    for (j = -16;j < sklen + 16;++j) skb2[j] = skb[j];
+    for (j = -16;j < pklen + 16;++j) pka2[j] = pka[j];
+    for (j = -16;j < pklen + 16;++j) pkb2[j] = pkb[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    for (j = -16;j < nlen + 16;++j) n2[j] = n[j];
+    for (j = -16;j < clen + 16;++j) c2[j] = c[j] = random();
+
+    if (crypto_box(c,m,mlen,n,pkb,ska) != 0) return "crypto_box returns nonzero";
+
+    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box overwrites m";
+    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box overwrites n";
+    for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_box writes before output";
+    for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box writes after output";
+    for (j = 0;j < crypto_box_BOXZEROBYTES;++j)
+      if (c[j] != 0) return "crypto_box does not clear extra bytes";
+
+    for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box overwrites ska";
+    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box overwrites skb";
+    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box overwrites pka";
+    for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box overwrites pkb";
+
+    for (j = -16;j < 0;++j) c[j] = random();
+    for (j = clen;j < clen + 16;++j) c[j] = random();
+    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
+    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random();
+
+    if (crypto_box_open(t,c,clen,n,pka,skb) != 0) return "crypto_box_open returns nonzero";
+
+    for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_box_open overwrites c";
+    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open overwrites n";
+    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open writes before output";
+    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open writes after output";
+    for (j = 0;j < crypto_box_ZEROBYTES;++j)
+      if (t[j] != 0) return "crypto_box_open does not clear extra bytes";
+
+    for (j = -16;j < sklen + 16;++j) if (ska2[j] != ska[j]) return "crypto_box_open overwrites ska";
+    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites skb";
+    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pka";
+    for (j = -16;j < pklen + 16;++j) if (pkb2[j] != pkb[j]) return "crypto_box_open overwrites pkb";
+
+    for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "plaintext does not match";
+
+    for (j = -16;j < slen + 16;++j) s2[j] = s[j] = random();
+    if (crypto_box_beforenm(s,pkb,ska) != 0) return "crypto_box_beforenm returns nonzero";
+    for (j = -16;j < pklen + 16;++j) if (pka2[j] != pka[j]) return "crypto_box_open overwrites pk";
+    for (j = -16;j < sklen + 16;++j) if (skb2[j] != skb[j]) return "crypto_box_open overwrites sk";
+    for (j = -16;j < 0;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes before output";
+    for (j = slen;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_beforenm writes after output";
+
+    for (j = -16;j < slen + 16;++j) s2[j] = s[j];
+    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random();
+    if (crypto_box_afternm(t,m,mlen,n,s) != 0) return "crypto_box_afternm returns nonzero";
+    for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_afternm overwrites s";
+    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_afternm overwrites m";
+    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_afternm overwrites n";
+    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes before output";
+    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_afternm writes after output";
+    for (j = 0;j < crypto_box_BOXZEROBYTES;++j)
+      if (t[j] != 0) return "crypto_box_afternm does not clear extra bytes";
+    for (j = 0;j < mlen;++j) if (t[j] != c[j]) return "crypto_box_afternm does not match crypto_box";
+
+    if (crypto_box_beforenm(s,pka,skb) != 0) return "crypto_box_beforenm returns nonzero";
+
+    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random();
+    if (crypto_box_open_afternm(t,c,clen,n,s) != 0) return "crypto_box_open_afternm returns nonzero";
+    for (j = -16;j < slen + 16;++j) if (s2[j] != s[j]) return "crypto_box_open_afternm overwrites s";
+    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_box_open_afternm overwrites m";
+    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_box_open_afternm overwrites n";
+    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes before output";
+    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_box_open_afternm writes after output";
+    for (j = 0;j < crypto_box_ZEROBYTES;++j)
+      if (t[j] != 0) return "crypto_box_open_afternm does not clear extra bytes";
+    for (j = 0;j < mlen;++j) if (t[j] != m[j]) return "crypto_box_open_afternm does not match crypto_box_open";
+
+    for (j = 0;j < i;++j) n[j % nlen] ^= c[j + crypto_box_BOXZEROBYTES];
+    if (i == 0) m[crypto_box_ZEROBYTES] = 0;
+    m[i + crypto_box_ZEROBYTES] = m[crypto_box_ZEROBYTES];
+    for (j = 0;j < i;++j) m[j + crypto_box_ZEROBYTES] ^= c[j + crypto_box_BOXZEROBYTES];
+  }
+
+  for (i = 0;i < nlen;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (n[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & n[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

src/libnacl/crypto_box/wrapper-box.cpp

@@ -0,0 +1,24 @@
+#include <string>
+using std::string;
+#include "crypto_box.h"
+
+string crypto_box(const string &m,const string &n,const string &pk,const string &sk)
+{
+  if (pk.size() != crypto_box_PUBLICKEYBYTES) throw "incorrect public-key length";
+  if (sk.size() != crypto_box_SECRETKEYBYTES) throw "incorrect secret-key length";
+  if (n.size() != crypto_box_NONCEBYTES) throw "incorrect nonce length";
+  size_t mlen = m.size() + crypto_box_ZEROBYTES;
+  unsigned char mpad[mlen];
+  for (int i = 0;i < crypto_box_ZEROBYTES;++i) mpad[i] = 0;
+  for (int i = crypto_box_ZEROBYTES;i < mlen;++i) mpad[i] = m[i - crypto_box_ZEROBYTES];
+  unsigned char cpad[mlen];
+  crypto_box(cpad,mpad,mlen,
+    (const unsigned char *) n.c_str(),
+    (const unsigned char *) pk.c_str(),
+    (const unsigned char *) sk.c_str()
+    );
+  return string(
+    (char *) cpad + crypto_box_BOXZEROBYTES,
+    mlen - crypto_box_BOXZEROBYTES
+  );
+}

src/libnacl/crypto_box/wrapper-keypair.cpp

@@ -0,0 +1,12 @@
+#include <string>
+using std::string;
+#include "crypto_box.h"
+
+string crypto_box_keypair(string *sk_string)
+{
+  unsigned char pk[crypto_box_PUBLICKEYBYTES];
+  unsigned char sk[crypto_box_SECRETKEYBYTES];
+  crypto_box_keypair(pk,sk);
+  *sk_string = string((char *) sk,sizeof sk);
+  return string((char *) pk,sizeof pk);
+}

src/libnacl/crypto_box/wrapper-open.cpp

@@ -0,0 +1,27 @@
+#include <string>
+using std::string;
+#include "crypto_box.h"
+
+string crypto_box_open(const string &c,const string &n,const string &pk,const string &sk)
+{
+  if (pk.size() != crypto_box_PUBLICKEYBYTES) throw "incorrect public-key length";
+  if (sk.size() != crypto_box_SECRETKEYBYTES) throw "incorrect secret-key length";
+  if (n.size() != crypto_box_NONCEBYTES) throw "incorrect nonce length";
+  size_t clen = c.size() + crypto_box_BOXZEROBYTES;
+  unsigned char cpad[clen];
+  for (int i = 0;i < crypto_box_BOXZEROBYTES;++i) cpad[i] = 0;
+  for (int i = crypto_box_BOXZEROBYTES;i < clen;++i) cpad[i] = c[i - crypto_box_BOXZEROBYTES];
+  unsigned char mpad[clen];
+  if (crypto_box_open(mpad,cpad,clen,
+                       (const unsigned char *) n.c_str(),
+                       (const unsigned char *) pk.c_str(),
+                       (const unsigned char *) sk.c_str()
+                     ) != 0)
+    throw "ciphertext fails verification";
+  if (clen < crypto_box_ZEROBYTES)
+    throw "ciphertext too short"; // should have been caught by _open
+  return string(
+    (char *) mpad + crypto_box_ZEROBYTES,
+    clen - crypto_box_ZEROBYTES
+  );
+}

src/libnacl/crypto_core/hsalsa20/checksum

@@ -0,0 +1 @@
+28ebe700b5878570702a68740aa131e6fa907e58a3f6915cd183c6db3f7afd7a

src/libnacl/crypto_core/hsalsa20/ref/api.h

@@ -0,0 +1,4 @@
+#define CRYPTO_OUTPUTBYTES 32
+#define CRYPTO_INPUTBYTES 16
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_CONSTBYTES 16

src/libnacl/crypto_core/hsalsa20/ref/core.c

@@ -0,0 +1,135 @@
+/*
+version 20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core.h"
+
+#define ROUNDS 20
+
+typedef unsigned int uint32;
+
+static uint32 rotate(uint32 u,int c)
+{
+  return (u << c) | (u >> (32 - c));
+}
+
+static uint32 load_littleendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[0]) \
+  | (((uint32) (x[1])) << 8) \
+  | (((uint32) (x[2])) << 16) \
+  | (((uint32) (x[3])) << 24)
+  ;
+}
+
+static void store_littleendian(unsigned char *x,uint32 u)
+{
+  x[0] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[3] = u;
+}
+
+int crypto_core(
+        unsigned char *out,
+  const unsigned char *in,
+  const unsigned char *k,
+  const unsigned char *c
+)
+{
+  uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+  int i;
+
+  j0 = x0 = load_littleendian(c + 0);
+  j1 = x1 = load_littleendian(k + 0);
+  j2 = x2 = load_littleendian(k + 4);
+  j3 = x3 = load_littleendian(k + 8);
+  j4 = x4 = load_littleendian(k + 12);
+  j5 = x5 = load_littleendian(c + 4);
+  j6 = x6 = load_littleendian(in + 0);
+  j7 = x7 = load_littleendian(in + 4);
+  j8 = x8 = load_littleendian(in + 8);
+  j9 = x9 = load_littleendian(in + 12);
+  j10 = x10 = load_littleendian(c + 8);
+  j11 = x11 = load_littleendian(k + 16);
+  j12 = x12 = load_littleendian(k + 20);
+  j13 = x13 = load_littleendian(k + 24);
+  j14 = x14 = load_littleendian(k + 28);
+  j15 = x15 = load_littleendian(c + 12);
+
+  for (i = ROUNDS;i > 0;i -= 2) {
+     x4 ^= rotate( x0+x12, 7);
+     x8 ^= rotate( x4+ x0, 9);
+    x12 ^= rotate( x8+ x4,13);
+     x0 ^= rotate(x12+ x8,18);
+     x9 ^= rotate( x5+ x1, 7);
+    x13 ^= rotate( x9+ x5, 9);
+     x1 ^= rotate(x13+ x9,13);
+     x5 ^= rotate( x1+x13,18);
+    x14 ^= rotate(x10+ x6, 7);
+     x2 ^= rotate(x14+x10, 9);
+     x6 ^= rotate( x2+x14,13);
+    x10 ^= rotate( x6+ x2,18);
+     x3 ^= rotate(x15+x11, 7);
+     x7 ^= rotate( x3+x15, 9);
+    x11 ^= rotate( x7+ x3,13);
+    x15 ^= rotate(x11+ x7,18);
+     x1 ^= rotate( x0+ x3, 7);
+     x2 ^= rotate( x1+ x0, 9);
+     x3 ^= rotate( x2+ x1,13);
+     x0 ^= rotate( x3+ x2,18);
+     x6 ^= rotate( x5+ x4, 7);
+     x7 ^= rotate( x6+ x5, 9);
+     x4 ^= rotate( x7+ x6,13);
+     x5 ^= rotate( x4+ x7,18);
+    x11 ^= rotate(x10+ x9, 7);
+     x8 ^= rotate(x11+x10, 9);
+     x9 ^= rotate( x8+x11,13);
+    x10 ^= rotate( x9+ x8,18);
+    x12 ^= rotate(x15+x14, 7);
+    x13 ^= rotate(x12+x15, 9);
+    x14 ^= rotate(x13+x12,13);
+    x15 ^= rotate(x14+x13,18);
+  }
+
+  x0 += j0;
+  x1 += j1;
+  x2 += j2;
+  x3 += j3;
+  x4 += j4;
+  x5 += j5;
+  x6 += j6;
+  x7 += j7;
+  x8 += j8;
+  x9 += j9;
+  x10 += j10;
+  x11 += j11;
+  x12 += j12;
+  x13 += j13;
+  x14 += j14;
+  x15 += j15;
+
+  x0 -= load_littleendian(c + 0);
+  x5 -= load_littleendian(c + 4);
+  x10 -= load_littleendian(c + 8);
+  x15 -= load_littleendian(c + 12);
+  x6 -= load_littleendian(in + 0);
+  x7 -= load_littleendian(in + 4);
+  x8 -= load_littleendian(in + 8);
+  x9 -= load_littleendian(in + 12);
+
+  store_littleendian(out + 0,x0);
+  store_littleendian(out + 4,x5);
+  store_littleendian(out + 8,x10);
+  store_littleendian(out + 12,x15);
+  store_littleendian(out + 16,x6);
+  store_littleendian(out + 20,x7);
+  store_littleendian(out + 24,x8);
+  store_littleendian(out + 28,x9);
+
+  return 0;
+}

src/libnacl/crypto_core/hsalsa20/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_core/hsalsa20/ref2/api.h

@@ -0,0 +1,4 @@
+#define CRYPTO_OUTPUTBYTES 32
+#define CRYPTO_INPUTBYTES 16
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_CONSTBYTES 16

src/libnacl/crypto_core/hsalsa20/ref2/core.c

@@ -0,0 +1,108 @@
+/*
+version 20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core.h"
+
+#define ROUNDS 20
+
+typedef unsigned int uint32;
+
+static uint32 rotate(uint32 u,int c)
+{
+  return (u << c) | (u >> (32 - c));
+}
+
+static uint32 load_littleendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[0]) \
+  | (((uint32) (x[1])) << 8) \
+  | (((uint32) (x[2])) << 16) \
+  | (((uint32) (x[3])) << 24)
+  ;
+}
+
+static void store_littleendian(unsigned char *x,uint32 u)
+{
+  x[0] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[3] = u;
+}
+
+int crypto_core(
+        unsigned char *out,
+  const unsigned char *in,
+  const unsigned char *k,
+  const unsigned char *c
+)
+{
+  uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  int i;
+
+  x0 = load_littleendian(c + 0);
+  x1 = load_littleendian(k + 0);
+  x2 = load_littleendian(k + 4);
+  x3 = load_littleendian(k + 8);
+  x4 = load_littleendian(k + 12);
+  x5 = load_littleendian(c + 4);
+  x6 = load_littleendian(in + 0);
+  x7 = load_littleendian(in + 4);
+  x8 = load_littleendian(in + 8);
+  x9 = load_littleendian(in + 12);
+  x10 = load_littleendian(c + 8);
+  x11 = load_littleendian(k + 16);
+  x12 = load_littleendian(k + 20);
+  x13 = load_littleendian(k + 24);
+  x14 = load_littleendian(k + 28);
+  x15 = load_littleendian(c + 12);
+
+  for (i = ROUNDS;i > 0;i -= 2) {
+     x4 ^= rotate( x0+x12, 7);
+     x8 ^= rotate( x4+ x0, 9);
+    x12 ^= rotate( x8+ x4,13);
+     x0 ^= rotate(x12+ x8,18);
+     x9 ^= rotate( x5+ x1, 7);
+    x13 ^= rotate( x9+ x5, 9);
+     x1 ^= rotate(x13+ x9,13);
+     x5 ^= rotate( x1+x13,18);
+    x14 ^= rotate(x10+ x6, 7);
+     x2 ^= rotate(x14+x10, 9);
+     x6 ^= rotate( x2+x14,13);
+    x10 ^= rotate( x6+ x2,18);
+     x3 ^= rotate(x15+x11, 7);
+     x7 ^= rotate( x3+x15, 9);
+    x11 ^= rotate( x7+ x3,13);
+    x15 ^= rotate(x11+ x7,18);
+     x1 ^= rotate( x0+ x3, 7);
+     x2 ^= rotate( x1+ x0, 9);
+     x3 ^= rotate( x2+ x1,13);
+     x0 ^= rotate( x3+ x2,18);
+     x6 ^= rotate( x5+ x4, 7);
+     x7 ^= rotate( x6+ x5, 9);
+     x4 ^= rotate( x7+ x6,13);
+     x5 ^= rotate( x4+ x7,18);
+    x11 ^= rotate(x10+ x9, 7);
+     x8 ^= rotate(x11+x10, 9);
+     x9 ^= rotate( x8+x11,13);
+    x10 ^= rotate( x9+ x8,18);
+    x12 ^= rotate(x15+x14, 7);
+    x13 ^= rotate(x12+x15, 9);
+    x14 ^= rotate(x13+x12,13);
+    x15 ^= rotate(x14+x13,18);
+  }
+
+  store_littleendian(out + 0,x0);
+  store_littleendian(out + 4,x5);
+  store_littleendian(out + 8,x10);
+  store_littleendian(out + 12,x15);
+  store_littleendian(out + 16,x6);
+  store_littleendian(out + 20,x7);
+  store_littleendian(out + 24,x8);
+  store_littleendian(out + 28,x9);
+
+  return 0;
+}

src/libnacl/crypto_core/hsalsa20/ref2/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_core/measure.c

@@ -0,0 +1,18 @@
+#include "crypto_core.h"
+
+const char *primitiveimplementation = crypto_core_IMPLEMENTATION;
+const char *implementationversion = crypto_core_VERSION;
+const char *sizenames[] = { "outputbytes", "inputbytes", "keybytes", "constbytes", 0 };
+const long long sizes[] = { crypto_core_OUTPUTBYTES, crypto_core_INPUTBYTES, crypto_core_KEYBYTES, crypto_core_CONSTBYTES };
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+}
+
+void measure(void)
+{
+}

src/libnacl/crypto_core/salsa20/checksum

@@ -0,0 +1 @@
+9d1ee8d84b974e648507ffd93829376c5b4420751710e44f6593abd8769378011d85ecda51ceb8f43661d3c65ef5b57c4f5bf8df76c8202784c8df8def61e6a6

src/libnacl/crypto_core/salsa20/ref/api.h

@@ -0,0 +1,4 @@
+#define CRYPTO_OUTPUTBYTES 64
+#define CRYPTO_INPUTBYTES 16
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_CONSTBYTES 16

src/libnacl/crypto_core/salsa20/ref/core.c

@@ -0,0 +1,134 @@
+/*
+version 20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core.h"
+
+#define ROUNDS 20
+
+typedef unsigned int uint32;
+
+static uint32 rotate(uint32 u,int c)
+{
+  return (u << c) | (u >> (32 - c));
+}
+
+static uint32 load_littleendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[0]) \
+  | (((uint32) (x[1])) << 8) \
+  | (((uint32) (x[2])) << 16) \
+  | (((uint32) (x[3])) << 24)
+  ;
+}
+
+static void store_littleendian(unsigned char *x,uint32 u)
+{
+  x[0] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[3] = u;
+}
+
+int crypto_core(
+        unsigned char *out,
+  const unsigned char *in,
+  const unsigned char *k,
+  const unsigned char *c
+)
+{
+  uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+  int i;
+
+  j0 = x0 = load_littleendian(c + 0);
+  j1 = x1 = load_littleendian(k + 0);
+  j2 = x2 = load_littleendian(k + 4);
+  j3 = x3 = load_littleendian(k + 8);
+  j4 = x4 = load_littleendian(k + 12);
+  j5 = x5 = load_littleendian(c + 4);
+  j6 = x6 = load_littleendian(in + 0);
+  j7 = x7 = load_littleendian(in + 4);
+  j8 = x8 = load_littleendian(in + 8);
+  j9 = x9 = load_littleendian(in + 12);
+  j10 = x10 = load_littleendian(c + 8);
+  j11 = x11 = load_littleendian(k + 16);
+  j12 = x12 = load_littleendian(k + 20);
+  j13 = x13 = load_littleendian(k + 24);
+  j14 = x14 = load_littleendian(k + 28);
+  j15 = x15 = load_littleendian(c + 12);
+
+  for (i = ROUNDS;i > 0;i -= 2) {
+     x4 ^= rotate( x0+x12, 7);
+     x8 ^= rotate( x4+ x0, 9);
+    x12 ^= rotate( x8+ x4,13);
+     x0 ^= rotate(x12+ x8,18);
+     x9 ^= rotate( x5+ x1, 7);
+    x13 ^= rotate( x9+ x5, 9);
+     x1 ^= rotate(x13+ x9,13);
+     x5 ^= rotate( x1+x13,18);
+    x14 ^= rotate(x10+ x6, 7);
+     x2 ^= rotate(x14+x10, 9);
+     x6 ^= rotate( x2+x14,13);
+    x10 ^= rotate( x6+ x2,18);
+     x3 ^= rotate(x15+x11, 7);
+     x7 ^= rotate( x3+x15, 9);
+    x11 ^= rotate( x7+ x3,13);
+    x15 ^= rotate(x11+ x7,18);
+     x1 ^= rotate( x0+ x3, 7);
+     x2 ^= rotate( x1+ x0, 9);
+     x3 ^= rotate( x2+ x1,13);
+     x0 ^= rotate( x3+ x2,18);
+     x6 ^= rotate( x5+ x4, 7);
+     x7 ^= rotate( x6+ x5, 9);
+     x4 ^= rotate( x7+ x6,13);
+     x5 ^= rotate( x4+ x7,18);
+    x11 ^= rotate(x10+ x9, 7);
+     x8 ^= rotate(x11+x10, 9);
+     x9 ^= rotate( x8+x11,13);
+    x10 ^= rotate( x9+ x8,18);
+    x12 ^= rotate(x15+x14, 7);
+    x13 ^= rotate(x12+x15, 9);
+    x14 ^= rotate(x13+x12,13);
+    x15 ^= rotate(x14+x13,18);
+  }
+
+  x0 += j0;
+  x1 += j1;
+  x2 += j2;
+  x3 += j3;
+  x4 += j4;
+  x5 += j5;
+  x6 += j6;
+  x7 += j7;
+  x8 += j8;
+  x9 += j9;
+  x10 += j10;
+  x11 += j11;
+  x12 += j12;
+  x13 += j13;
+  x14 += j14;
+  x15 += j15;
+
+  store_littleendian(out + 0,x0);
+  store_littleendian(out + 4,x1);
+  store_littleendian(out + 8,x2);
+  store_littleendian(out + 12,x3);
+  store_littleendian(out + 16,x4);
+  store_littleendian(out + 20,x5);
+  store_littleendian(out + 24,x6);
+  store_littleendian(out + 28,x7);
+  store_littleendian(out + 32,x8);
+  store_littleendian(out + 36,x9);
+  store_littleendian(out + 40,x10);
+  store_littleendian(out + 44,x11);
+  store_littleendian(out + 48,x12);
+  store_littleendian(out + 52,x13);
+  store_littleendian(out + 56,x14);
+  store_littleendian(out + 60,x15);
+
+  return 0;
+}

src/libnacl/crypto_core/salsa20/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_core/salsa2012/checksum

@@ -0,0 +1 @@
+f36d643f798efc0fca888d3ac4bdcc54c98a968c2da16bd5b8bfe9fe9025a6ca3a207e9362dc7cf17ddfc7477ee754d3f521b1df91640093754f7275b1a54293

src/libnacl/crypto_core/salsa2012/ref/api.h

@@ -0,0 +1,4 @@
+#define CRYPTO_OUTPUTBYTES 64
+#define CRYPTO_INPUTBYTES 16
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_CONSTBYTES 16

src/libnacl/crypto_core/salsa2012/ref/core.c

@@ -0,0 +1,134 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core.h"
+
+#define ROUNDS 12
+
+typedef unsigned int uint32;
+
+static uint32 rotate(uint32 u,int c)
+{
+  return (u << c) | (u >> (32 - c));
+}
+
+static uint32 load_littleendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[0]) \
+  | (((uint32) (x[1])) << 8) \
+  | (((uint32) (x[2])) << 16) \
+  | (((uint32) (x[3])) << 24)
+  ;
+}
+
+static void store_littleendian(unsigned char *x,uint32 u)
+{
+  x[0] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[3] = u;
+}
+
+int crypto_core(
+        unsigned char *out,
+  const unsigned char *in,
+  const unsigned char *k,
+  const unsigned char *c
+)
+{
+  uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+  int i;
+
+  j0 = x0 = load_littleendian(c + 0);
+  j1 = x1 = load_littleendian(k + 0);
+  j2 = x2 = load_littleendian(k + 4);
+  j3 = x3 = load_littleendian(k + 8);
+  j4 = x4 = load_littleendian(k + 12);
+  j5 = x5 = load_littleendian(c + 4);
+  j6 = x6 = load_littleendian(in + 0);
+  j7 = x7 = load_littleendian(in + 4);
+  j8 = x8 = load_littleendian(in + 8);
+  j9 = x9 = load_littleendian(in + 12);
+  j10 = x10 = load_littleendian(c + 8);
+  j11 = x11 = load_littleendian(k + 16);
+  j12 = x12 = load_littleendian(k + 20);
+  j13 = x13 = load_littleendian(k + 24);
+  j14 = x14 = load_littleendian(k + 28);
+  j15 = x15 = load_littleendian(c + 12);
+
+  for (i = ROUNDS;i > 0;i -= 2) {
+     x4 ^= rotate( x0+x12, 7);
+     x8 ^= rotate( x4+ x0, 9);
+    x12 ^= rotate( x8+ x4,13);
+     x0 ^= rotate(x12+ x8,18);
+     x9 ^= rotate( x5+ x1, 7);
+    x13 ^= rotate( x9+ x5, 9);
+     x1 ^= rotate(x13+ x9,13);
+     x5 ^= rotate( x1+x13,18);
+    x14 ^= rotate(x10+ x6, 7);
+     x2 ^= rotate(x14+x10, 9);
+     x6 ^= rotate( x2+x14,13);
+    x10 ^= rotate( x6+ x2,18);
+     x3 ^= rotate(x15+x11, 7);
+     x7 ^= rotate( x3+x15, 9);
+    x11 ^= rotate( x7+ x3,13);
+    x15 ^= rotate(x11+ x7,18);
+     x1 ^= rotate( x0+ x3, 7);
+     x2 ^= rotate( x1+ x0, 9);
+     x3 ^= rotate( x2+ x1,13);
+     x0 ^= rotate( x3+ x2,18);
+     x6 ^= rotate( x5+ x4, 7);
+     x7 ^= rotate( x6+ x5, 9);
+     x4 ^= rotate( x7+ x6,13);
+     x5 ^= rotate( x4+ x7,18);
+    x11 ^= rotate(x10+ x9, 7);
+     x8 ^= rotate(x11+x10, 9);
+     x9 ^= rotate( x8+x11,13);
+    x10 ^= rotate( x9+ x8,18);
+    x12 ^= rotate(x15+x14, 7);
+    x13 ^= rotate(x12+x15, 9);
+    x14 ^= rotate(x13+x12,13);
+    x15 ^= rotate(x14+x13,18);
+  }
+
+  x0 += j0;
+  x1 += j1;
+  x2 += j2;
+  x3 += j3;
+  x4 += j4;
+  x5 += j5;
+  x6 += j6;
+  x7 += j7;
+  x8 += j8;
+  x9 += j9;
+  x10 += j10;
+  x11 += j11;
+  x12 += j12;
+  x13 += j13;
+  x14 += j14;
+  x15 += j15;
+
+  store_littleendian(out + 0,x0);
+  store_littleendian(out + 4,x1);
+  store_littleendian(out + 8,x2);
+  store_littleendian(out + 12,x3);
+  store_littleendian(out + 16,x4);
+  store_littleendian(out + 20,x5);
+  store_littleendian(out + 24,x6);
+  store_littleendian(out + 28,x7);
+  store_littleendian(out + 32,x8);
+  store_littleendian(out + 36,x9);
+  store_littleendian(out + 40,x10);
+  store_littleendian(out + 44,x11);
+  store_littleendian(out + 48,x12);
+  store_littleendian(out + 52,x13);
+  store_littleendian(out + 56,x14);
+  store_littleendian(out + 60,x15);
+
+  return 0;
+}

src/libnacl/crypto_core/salsa2012/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_core/salsa208/checksum

@@ -0,0 +1 @@
+1e13ea9e74cb36989f7cbf4abc80b29154e1a8b150bd5244951318abea002a93ae9fe2abbcf7217526ac2a85b66c256ba9374b1257eda0c01816da328edfa11a

src/libnacl/crypto_core/salsa208/ref/api.h

@@ -0,0 +1,4 @@
+#define CRYPTO_OUTPUTBYTES 64
+#define CRYPTO_INPUTBYTES 16
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_CONSTBYTES 16

src/libnacl/crypto_core/salsa208/ref/core.c

@@ -0,0 +1,134 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core.h"
+
+#define ROUNDS 8
+
+typedef unsigned int uint32;
+
+static uint32 rotate(uint32 u,int c)
+{
+  return (u << c) | (u >> (32 - c));
+}
+
+static uint32 load_littleendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[0]) \
+  | (((uint32) (x[1])) << 8) \
+  | (((uint32) (x[2])) << 16) \
+  | (((uint32) (x[3])) << 24)
+  ;
+}
+
+static void store_littleendian(unsigned char *x,uint32 u)
+{
+  x[0] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[3] = u;
+}
+
+int crypto_core(
+        unsigned char *out,
+  const unsigned char *in,
+  const unsigned char *k,
+  const unsigned char *c
+)
+{
+  uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+  uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+  int i;
+
+  j0 = x0 = load_littleendian(c + 0);
+  j1 = x1 = load_littleendian(k + 0);
+  j2 = x2 = load_littleendian(k + 4);
+  j3 = x3 = load_littleendian(k + 8);
+  j4 = x4 = load_littleendian(k + 12);
+  j5 = x5 = load_littleendian(c + 4);
+  j6 = x6 = load_littleendian(in + 0);
+  j7 = x7 = load_littleendian(in + 4);
+  j8 = x8 = load_littleendian(in + 8);
+  j9 = x9 = load_littleendian(in + 12);
+  j10 = x10 = load_littleendian(c + 8);
+  j11 = x11 = load_littleendian(k + 16);
+  j12 = x12 = load_littleendian(k + 20);
+  j13 = x13 = load_littleendian(k + 24);
+  j14 = x14 = load_littleendian(k + 28);
+  j15 = x15 = load_littleendian(c + 12);
+
+  for (i = ROUNDS;i > 0;i -= 2) {
+     x4 ^= rotate( x0+x12, 7);
+     x8 ^= rotate( x4+ x0, 9);
+    x12 ^= rotate( x8+ x4,13);
+     x0 ^= rotate(x12+ x8,18);
+     x9 ^= rotate( x5+ x1, 7);
+    x13 ^= rotate( x9+ x5, 9);
+     x1 ^= rotate(x13+ x9,13);
+     x5 ^= rotate( x1+x13,18);
+    x14 ^= rotate(x10+ x6, 7);
+     x2 ^= rotate(x14+x10, 9);
+     x6 ^= rotate( x2+x14,13);
+    x10 ^= rotate( x6+ x2,18);
+     x3 ^= rotate(x15+x11, 7);
+     x7 ^= rotate( x3+x15, 9);
+    x11 ^= rotate( x7+ x3,13);
+    x15 ^= rotate(x11+ x7,18);
+     x1 ^= rotate( x0+ x3, 7);
+     x2 ^= rotate( x1+ x0, 9);
+     x3 ^= rotate( x2+ x1,13);
+     x0 ^= rotate( x3+ x2,18);
+     x6 ^= rotate( x5+ x4, 7);
+     x7 ^= rotate( x6+ x5, 9);
+     x4 ^= rotate( x7+ x6,13);
+     x5 ^= rotate( x4+ x7,18);
+    x11 ^= rotate(x10+ x9, 7);
+     x8 ^= rotate(x11+x10, 9);
+     x9 ^= rotate( x8+x11,13);
+    x10 ^= rotate( x9+ x8,18);
+    x12 ^= rotate(x15+x14, 7);
+    x13 ^= rotate(x12+x15, 9);
+    x14 ^= rotate(x13+x12,13);
+    x15 ^= rotate(x14+x13,18);
+  }
+
+  x0 += j0;
+  x1 += j1;
+  x2 += j2;
+  x3 += j3;
+  x4 += j4;
+  x5 += j5;
+  x6 += j6;
+  x7 += j7;
+  x8 += j8;
+  x9 += j9;
+  x10 += j10;
+  x11 += j11;
+  x12 += j12;
+  x13 += j13;
+  x14 += j14;
+  x15 += j15;
+
+  store_littleendian(out + 0,x0);
+  store_littleendian(out + 4,x1);
+  store_littleendian(out + 8,x2);
+  store_littleendian(out + 12,x3);
+  store_littleendian(out + 16,x4);
+  store_littleendian(out + 20,x5);
+  store_littleendian(out + 24,x6);
+  store_littleendian(out + 28,x7);
+  store_littleendian(out + 32,x8);
+  store_littleendian(out + 36,x9);
+  store_littleendian(out + 40,x10);
+  store_littleendian(out + 44,x11);
+  store_littleendian(out + 48,x12);
+  store_littleendian(out + 52,x13);
+  store_littleendian(out + 56,x14);
+  store_littleendian(out + 60,x15);
+
+  return 0;
+}

src/libnacl/crypto_core/salsa208/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_core/try.c

@@ -0,0 +1,117 @@
+/*
+ * crypto_core/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_core.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_core_IMPLEMENTATION;
+
+static unsigned char *h;
+static unsigned char *n;
+static unsigned char *k;
+static unsigned char *c;
+static unsigned char *h2;
+static unsigned char *n2;
+static unsigned char *k2;
+static unsigned char *c2;
+
+#define hlen crypto_core_OUTPUTBYTES
+#define nlen crypto_core_INPUTBYTES
+#define klen crypto_core_KEYBYTES
+#define clen crypto_core_CONSTBYTES
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  h = alignedcalloc(hlen);
+  n = alignedcalloc(nlen);
+  k = alignedcalloc(klen);
+  c = alignedcalloc(clen);
+  h2 = alignedcalloc(hlen);
+  n2 = alignedcalloc(nlen + crypto_core_OUTPUTBYTES);
+  k2 = alignedcalloc(klen + crypto_core_OUTPUTBYTES);
+  c2 = alignedcalloc(clen + crypto_core_OUTPUTBYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_core(h,n,k,c);
+}
+
+static unsigned char newbyte(void)
+{
+  unsigned long long x;
+  long long j;
+  x = 8675309;
+  for (j = 0;j < hlen;++j) { x += h[j]; x *= x; x += (x >> 31); }
+  for (j = 0;j < nlen;++j) { x += n[j]; x *= x; x += (x >> 31); }
+  for (j = 0;j < klen;++j) { x += k[j]; x *= x; x += (x >> 31); }
+  for (j = 0;j < clen;++j) { x += c[j]; x *= x; x += (x >> 31); }
+  for (j = 0;j < 100;++j)  { x +=   j ; x *= x; x += (x >> 31); }
+  return x;
+}
+
+char checksum[hlen * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  for (i = 0;i < 100;++i) {
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < 0;++j) n[j] = random();
+    for (j = nlen;j < nlen + 16;++j) n[j] = random();
+    for (j = -16;j < nlen + 16;++j) n2[j] = n[j];
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < 0;++j) c[j] = random();
+    for (j = clen;j < clen + 16;++j) c[j] = random();
+    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
+    if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero";
+    for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_core writes before output";
+    for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_core writes after output";
+    for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_core writes to k";
+    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_core writes to n";
+    for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_core writes to c";
+
+    if (crypto_core(n2,n2,k,c) != 0) return "crypto_core returns nonzero";
+    for (j = 0;j < hlen;++j) if (h[j] != n2[j]) return "crypto_core does not handle n overlap";
+    for (j = 0;j < hlen;++j) n2[j] = n[j];
+    if (crypto_core(k2,n2,k2,c) != 0) return "crypto_core returns nonzero";
+    for (j = 0;j < hlen;++j) if (h[j] != k2[j]) return "crypto_core does not handle k overlap";
+    for (j = 0;j < hlen;++j) k2[j] = k[j];
+    if (crypto_core(c2,n2,k2,c2) != 0) return "crypto_core returns nonzero";
+    for (j = 0;j < hlen;++j) if (h[j] != c2[j]) return "crypto_core does not handle c overlap";
+    for (j = 0;j < hlen;++j) c2[j] = c[j];
+
+    for (j = 0;j < nlen;++j) n[j] = newbyte();
+    if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero";
+    for (j = 0;j < klen;++j) k[j] = newbyte();
+    if (crypto_core(h,n,k,c) != 0) return "crypto_core returns nonzero";
+    for (j = 0;j < clen;++j) c[j] = newbyte();
+  }
+
+  for (i = 0;i < hlen;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

src/libnacl/crypto_hash/measure.c

@@ -0,0 +1,66 @@
+#include <stdlib.h>
+#include "randombytes.h"
+#include "cpucycles.h"
+#include "crypto_hash.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_hash_IMPLEMENTATION;
+const char *implementationversion = crypto_hash_VERSION;
+const char *sizenames[] = { "outputbytes", 0 };
+const long long sizes[] = { crypto_hash_BYTES };
+
+#define MAXTEST_BYTES 4096
+#ifdef SUPERCOP
+#define MGAP 8192
+#else
+#define MGAP 8
+#endif
+
+static unsigned char *h;
+static unsigned char *m;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  h = alignedcalloc(crypto_hash_BYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+}
+
+#define TIMINGS 15
+static long long cycles[TIMINGS + 1];
+
+static void printcycles(long long mlen)
+{
+  int i;
+  for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+  printentry(mlen,"cycles",cycles,TIMINGS);
+}
+
+void measure(void)
+{
+  int i;
+  int loop;
+  int mlen;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) {
+      randombytes(m,mlen);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_hash(h,m,mlen);
+      }
+      printcycles(mlen);
+    }
+  }
+}

src/libnacl/crypto_hash/sha256/checksum

@@ -0,0 +1 @@
+86df8bd202b2a2b5fdc04a7f50a591e43a345849c12fef08d487109648a08e05

src/libnacl/crypto_hash/sha256/ref/api.h

@@ -0,0 +1 @@
+#define CRYPTO_BYTES 32

src/libnacl/crypto_hash/sha256/ref/hash.c

@@ -0,0 +1,69 @@
+/*
+20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_hashblocks_sha256.h"
+#include "crypto_hash.h"
+
+#define blocks crypto_hashblocks_sha256
+
+typedef unsigned int uint32;
+
+static const char iv[32] = {
+  0x6a,0x09,0xe6,0x67,
+  0xbb,0x67,0xae,0x85,
+  0x3c,0x6e,0xf3,0x72,
+  0xa5,0x4f,0xf5,0x3a,
+  0x51,0x0e,0x52,0x7f,
+  0x9b,0x05,0x68,0x8c,
+  0x1f,0x83,0xd9,0xab,
+  0x5b,0xe0,0xcd,0x19,
+} ;
+
+int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen)
+{
+  unsigned char h[32];
+  unsigned char padded[128];
+  int i;
+  unsigned long long bits = inlen << 3;
+
+  for (i = 0;i < 32;++i) h[i] = iv[i];
+
+  blocks(h,in,inlen);
+  in += inlen;
+  inlen &= 63;
+  in -= inlen;
+
+  for (i = 0;i < inlen;++i) padded[i] = in[i];
+  padded[inlen] = 0x80;
+
+  if (inlen < 56) {
+    for (i = inlen + 1;i < 56;++i) padded[i] = 0;
+    padded[56] = bits >> 56;
+    padded[57] = bits >> 48;
+    padded[58] = bits >> 40;
+    padded[59] = bits >> 32;
+    padded[60] = bits >> 24;
+    padded[61] = bits >> 16;
+    padded[62] = bits >> 8;
+    padded[63] = bits;
+    blocks(h,padded,64);
+  } else {
+    for (i = inlen + 1;i < 120;++i) padded[i] = 0;
+    padded[120] = bits >> 56;
+    padded[121] = bits >> 48;
+    padded[122] = bits >> 40;
+    padded[123] = bits >> 32;
+    padded[124] = bits >> 24;
+    padded[125] = bits >> 16;
+    padded[126] = bits >> 8;
+    padded[127] = bits;
+    blocks(h,padded,128);
+  }
+
+  for (i = 0;i < 32;++i) out[i] = h[i];
+
+  return 0;
+}

src/libnacl/crypto_hash/sha256/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein (wrapper around crypto_hashblocks/sha256)

src/libnacl/crypto_hash/sha512/checksum

@@ -0,0 +1 @@
+9a2a989e136a02c3362c98e6e1e0b52fab980a1dafbebe4dd5e44d15d061742e35fb686befd4e33c608d251c96e26c020f90d92bb7ec8a657f79bb8e0b00a473

src/libnacl/crypto_hash/sha512/ref/api.h

@@ -0,0 +1 @@
+#define CRYPTO_BYTES 64

src/libnacl/crypto_hash/sha512/ref/hash.c

@@ -0,0 +1,71 @@
+/*
+20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_hashblocks_sha512.h"
+#include "crypto_hash.h"
+
+#define blocks crypto_hashblocks_sha512
+
+static const unsigned char iv[64] = {
+  0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
+  0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
+  0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
+  0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
+  0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
+  0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
+  0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
+  0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
+} ;
+
+typedef unsigned long long uint64;
+
+int crypto_hash(unsigned char *out,const unsigned char *in,unsigned long long inlen)
+{
+  unsigned char h[64];
+  unsigned char padded[256];
+  int i;
+  unsigned long long bytes = inlen;
+
+  for (i = 0;i < 64;++i) h[i] = iv[i];
+
+  blocks(h,in,inlen);
+  in += inlen;
+  inlen &= 127;
+  in -= inlen;
+
+  for (i = 0;i < inlen;++i) padded[i] = in[i];
+  padded[inlen] = 0x80;
+
+  if (inlen < 112) {
+    for (i = inlen + 1;i < 119;++i) padded[i] = 0;
+    padded[119] = bytes >> 61;
+    padded[120] = bytes >> 53;
+    padded[121] = bytes >> 45;
+    padded[122] = bytes >> 37;
+    padded[123] = bytes >> 29;
+    padded[124] = bytes >> 21;
+    padded[125] = bytes >> 13;
+    padded[126] = bytes >> 5;
+    padded[127] = bytes << 3;
+    blocks(h,padded,128);
+  } else {
+    for (i = inlen + 1;i < 247;++i) padded[i] = 0;
+    padded[247] = bytes >> 61;
+    padded[248] = bytes >> 53;
+    padded[249] = bytes >> 45;
+    padded[250] = bytes >> 37;
+    padded[251] = bytes >> 29;
+    padded[252] = bytes >> 21;
+    padded[253] = bytes >> 13;
+    padded[254] = bytes >> 5;
+    padded[255] = bytes << 3;
+    blocks(h,padded,256);
+  }
+
+  for (i = 0;i < 64;++i) out[i] = h[i];
+
+  return 0;
+}

src/libnacl/crypto_hash/sha512/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein (wrapper around crypto_hashblocks/sha512)

src/libnacl/crypto_hash/try.c

@@ -0,0 +1,78 @@
+/*
+ * crypto_hash/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_hash.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_hash_IMPLEMENTATION;
+
+#define MAXTEST_BYTES (10000 + crypto_hash_BYTES)
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+
+static unsigned char *h;
+static unsigned char *h2;
+static unsigned char *m;
+static unsigned char *m2;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  h = alignedcalloc(crypto_hash_BYTES);
+  h2 = alignedcalloc(crypto_hash_BYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  m2 = alignedcalloc(MAXTEST_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_hash(h,m,TUNE_BYTES);
+}
+
+char checksum[crypto_hash_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long hlen = crypto_hash_BYTES;
+    long long mlen = i;
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    if (crypto_hash(h,m,mlen) != 0) return "crypto_hash returns nonzero";
+    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hash writes to input";
+    for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hash writes before output";
+    for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hash writes after output";
+    if (crypto_hash(m2,m2,mlen) != 0) return "crypto_hash returns nonzero";
+    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_hash does not handle overlap";
+    for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen];
+    m[mlen] = h[0];
+  }
+  if (crypto_hash(h,m,CHECKSUM_BYTES) != 0) return "crypto_hash returns nonzero";
+
+  for (i = 0;i < crypto_hash_BYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

src/libnacl/crypto_hash/wrapper-hash.cpp

@@ -0,0 +1,10 @@
+#include <string>
+using std::string;
+#include "crypto_hash.h"
+
+string crypto_hash(const string &m)
+{
+  unsigned char h[crypto_hash_BYTES];
+  crypto_hash(h,(const unsigned char *) m.c_str(),m.size());
+  return string((char *) h,sizeof h);
+}

src/libnacl/crypto_hashblocks/measure.c

@@ -0,0 +1,18 @@
+#include "crypto_hashblocks.h"
+
+const char *primitiveimplementation = crypto_hashblocks_IMPLEMENTATION;
+const char *implementationversion = crypto_hashblocks_VERSION;
+const char *sizenames[] = { "statebytes", 0 };
+const long long sizes[] = { crypto_hashblocks_STATEBYTES };
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+}
+
+void measure(void)
+{
+}

src/libnacl/crypto_hashblocks/sha256/checksum

@@ -0,0 +1 @@
+69a9dc2464f9593161e462d3dbb634b84f1d68d67d26df29aaa805f9dcd8f656

src/libnacl/crypto_hashblocks/sha256/inplace/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_STATEBYTES 32
+#define CRYPTO_BLOCKBYTES 64

src/libnacl/crypto_hashblocks/sha256/inplace/blocks.c

@@ -0,0 +1,228 @@
+#include "crypto_hashblocks.h"
+
+typedef unsigned int uint32;
+
+static uint32 load_bigendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[3]) \
+  | (((uint32) (x[2])) << 8) \
+  | (((uint32) (x[1])) << 16) \
+  | (((uint32) (x[0])) << 24)
+  ;
+}
+
+static void store_bigendian(unsigned char *x,uint32 u)
+{
+  x[3] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[0] = u;
+}
+
+#define SHR(x,c) ((x) >> (c))
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c))))
+
+#define Ch(x,y,z) ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
+#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
+
+#define M(w0,w14,w9,w1) w0 += sigma1(w14) + w9 + sigma0(w1);
+
+#define EXPAND \
+  M(w0 ,w14,w9 ,w1 ) \
+  M(w1 ,w15,w10,w2 ) \
+  M(w2 ,w0 ,w11,w3 ) \
+  M(w3 ,w1 ,w12,w4 ) \
+  M(w4 ,w2 ,w13,w5 ) \
+  M(w5 ,w3 ,w14,w6 ) \
+  M(w6 ,w4 ,w15,w7 ) \
+  M(w7 ,w5 ,w0 ,w8 ) \
+  M(w8 ,w6 ,w1 ,w9 ) \
+  M(w9 ,w7 ,w2 ,w10) \
+  M(w10,w8 ,w3 ,w11) \
+  M(w11,w9 ,w4 ,w12) \
+  M(w12,w10,w5 ,w13) \
+  M(w13,w11,w6 ,w14) \
+  M(w14,w12,w7 ,w15) \
+  M(w15,w13,w8 ,w0 )
+
+#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \
+  r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \
+  r3 += r7; \
+  r7 += Sigma0(r0) + Maj(r0,r1,r2);
+
+#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \
+  F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \
+  F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \
+  F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \
+  F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \
+  F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \
+  F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \
+  F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \
+  F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \
+  F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \
+  F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \
+  F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \
+  F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \
+  F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \
+  F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \
+  F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \
+  F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15])
+
+static const uint32 round[64] = {
+  0x428a2f98
+, 0x71374491
+, 0xb5c0fbcf
+, 0xe9b5dba5
+, 0x3956c25b
+, 0x59f111f1
+, 0x923f82a4
+, 0xab1c5ed5
+, 0xd807aa98
+, 0x12835b01
+, 0x243185be
+, 0x550c7dc3
+, 0x72be5d74
+, 0x80deb1fe
+, 0x9bdc06a7
+, 0xc19bf174
+, 0xe49b69c1
+, 0xefbe4786
+, 0x0fc19dc6
+, 0x240ca1cc
+, 0x2de92c6f
+, 0x4a7484aa
+, 0x5cb0a9dc
+, 0x76f988da
+, 0x983e5152
+, 0xa831c66d
+, 0xb00327c8
+, 0xbf597fc7
+, 0xc6e00bf3
+, 0xd5a79147
+, 0x06ca6351
+, 0x14292967
+, 0x27b70a85
+, 0x2e1b2138
+, 0x4d2c6dfc
+, 0x53380d13
+, 0x650a7354
+, 0x766a0abb
+, 0x81c2c92e
+, 0x92722c85
+, 0xa2bfe8a1
+, 0xa81a664b
+, 0xc24b8b70
+, 0xc76c51a3
+, 0xd192e819
+, 0xd6990624
+, 0xf40e3585
+, 0x106aa070
+, 0x19a4c116
+, 0x1e376c08
+, 0x2748774c
+, 0x34b0bcb5
+, 0x391c0cb3
+, 0x4ed8aa4a
+, 0x5b9cca4f
+, 0x682e6ff3
+, 0x748f82ee
+, 0x78a5636f
+, 0x84c87814
+, 0x8cc70208
+, 0x90befffa
+, 0xa4506ceb
+, 0xbef9a3f7
+, 0xc67178f2
+} ;
+
+int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+{
+  uint32 state[8];
+  uint32 r0;
+  uint32 r1;
+  uint32 r2;
+  uint32 r3;
+  uint32 r4;
+  uint32 r5;
+  uint32 r6;
+  uint32 r7;
+
+  r0 = load_bigendian(statebytes +  0); state[0] = r0;
+  r1 = load_bigendian(statebytes +  4); state[1] = r1;
+  r2 = load_bigendian(statebytes +  8); state[2] = r2;
+  r3 = load_bigendian(statebytes + 12); state[3] = r3;
+  r4 = load_bigendian(statebytes + 16); state[4] = r4;
+  r5 = load_bigendian(statebytes + 20); state[5] = r5;
+  r6 = load_bigendian(statebytes + 24); state[6] = r6;
+  r7 = load_bigendian(statebytes + 28); state[7] = r7;
+
+  while (inlen >= 64) {
+    uint32 w0  = load_bigendian(in +  0);
+    uint32 w1  = load_bigendian(in +  4);
+    uint32 w2  = load_bigendian(in +  8);
+    uint32 w3  = load_bigendian(in + 12);
+    uint32 w4  = load_bigendian(in + 16);
+    uint32 w5  = load_bigendian(in + 20);
+    uint32 w6  = load_bigendian(in + 24);
+    uint32 w7  = load_bigendian(in + 28);
+    uint32 w8  = load_bigendian(in + 32);
+    uint32 w9  = load_bigendian(in + 36);
+    uint32 w10 = load_bigendian(in + 40);
+    uint32 w11 = load_bigendian(in + 44);
+    uint32 w12 = load_bigendian(in + 48);
+    uint32 w13 = load_bigendian(in + 52);
+    uint32 w14 = load_bigendian(in + 56);
+    uint32 w15 = load_bigendian(in + 60);
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,0)
+
+    EXPAND
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,16)
+
+    EXPAND
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,32)
+
+    EXPAND
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,48)
+
+    r0 += state[0];
+    r1 += state[1];
+    r2 += state[2];
+    r3 += state[3];
+    r4 += state[4];
+    r5 += state[5];
+    r6 += state[6];
+    r7 += state[7];
+
+    state[0] = r0;
+    state[1] = r1;
+    state[2] = r2;
+    state[3] = r3;
+    state[4] = r4;
+    state[5] = r5;
+    state[6] = r6;
+    state[7] = r7;
+
+    in += 64;
+    inlen -= 64;
+  }
+
+  store_bigendian(statebytes +  0,state[0]);
+  store_bigendian(statebytes +  4,state[1]);
+  store_bigendian(statebytes +  8,state[2]);
+  store_bigendian(statebytes + 12,state[3]);
+  store_bigendian(statebytes + 16,state[4]);
+  store_bigendian(statebytes + 20,state[5]);
+  store_bigendian(statebytes + 24,state[6]);
+  store_bigendian(statebytes + 28,state[7]);
+
+  return 0;
+}

src/libnacl/crypto_hashblocks/sha256/inplace/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_hashblocks/sha256/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_STATEBYTES 32
+#define CRYPTO_BLOCKBYTES 64

src/libnacl/crypto_hashblocks/sha256/ref/blocks.c

@@ -0,0 +1,212 @@
+#include "crypto_hashblocks.h"
+
+typedef unsigned int uint32;
+
+static uint32 load_bigendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[3]) \
+  | (((uint32) (x[2])) << 8) \
+  | (((uint32) (x[1])) << 16) \
+  | (((uint32) (x[0])) << 24)
+  ;
+}
+
+static void store_bigendian(unsigned char *x,uint32 u)
+{
+  x[3] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[0] = u;
+}
+
+#define SHR(x,c) ((x) >> (c))
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c))))
+
+#define Ch(x,y,z) ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22))
+#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25))
+#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3))
+#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10))
+
+#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
+
+#define EXPAND \
+  M(w0 ,w14,w9 ,w1 ) \
+  M(w1 ,w15,w10,w2 ) \
+  M(w2 ,w0 ,w11,w3 ) \
+  M(w3 ,w1 ,w12,w4 ) \
+  M(w4 ,w2 ,w13,w5 ) \
+  M(w5 ,w3 ,w14,w6 ) \
+  M(w6 ,w4 ,w15,w7 ) \
+  M(w7 ,w5 ,w0 ,w8 ) \
+  M(w8 ,w6 ,w1 ,w9 ) \
+  M(w9 ,w7 ,w2 ,w10) \
+  M(w10,w8 ,w3 ,w11) \
+  M(w11,w9 ,w4 ,w12) \
+  M(w12,w10,w5 ,w13) \
+  M(w13,w11,w6 ,w14) \
+  M(w14,w12,w7 ,w15) \
+  M(w15,w13,w8 ,w0 )
+
+#define F(w,k) \
+  T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
+  T2 = Sigma0(a) + Maj(a,b,c); \
+  h = g; \
+  g = f; \
+  f = e; \
+  e = d + T1; \
+  d = c; \
+  c = b; \
+  b = a; \
+  a = T1 + T2;
+
+int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+{
+  uint32 state[8];
+  uint32 a;
+  uint32 b;
+  uint32 c;
+  uint32 d;
+  uint32 e;
+  uint32 f;
+  uint32 g;
+  uint32 h;
+  uint32 T1;
+  uint32 T2;
+
+  a = load_bigendian(statebytes +  0); state[0] = a;
+  b = load_bigendian(statebytes +  4); state[1] = b;
+  c = load_bigendian(statebytes +  8); state[2] = c;
+  d = load_bigendian(statebytes + 12); state[3] = d;
+  e = load_bigendian(statebytes + 16); state[4] = e;
+  f = load_bigendian(statebytes + 20); state[5] = f;
+  g = load_bigendian(statebytes + 24); state[6] = g;
+  h = load_bigendian(statebytes + 28); state[7] = h;
+
+  while (inlen >= 64) {
+    uint32 w0  = load_bigendian(in +  0);
+    uint32 w1  = load_bigendian(in +  4);
+    uint32 w2  = load_bigendian(in +  8);
+    uint32 w3  = load_bigendian(in + 12);
+    uint32 w4  = load_bigendian(in + 16);
+    uint32 w5  = load_bigendian(in + 20);
+    uint32 w6  = load_bigendian(in + 24);
+    uint32 w7  = load_bigendian(in + 28);
+    uint32 w8  = load_bigendian(in + 32);
+    uint32 w9  = load_bigendian(in + 36);
+    uint32 w10 = load_bigendian(in + 40);
+    uint32 w11 = load_bigendian(in + 44);
+    uint32 w12 = load_bigendian(in + 48);
+    uint32 w13 = load_bigendian(in + 52);
+    uint32 w14 = load_bigendian(in + 56);
+    uint32 w15 = load_bigendian(in + 60);
+
+    F(w0 ,0x428a2f98)
+    F(w1 ,0x71374491)
+    F(w2 ,0xb5c0fbcf)
+    F(w3 ,0xe9b5dba5)
+    F(w4 ,0x3956c25b)
+    F(w5 ,0x59f111f1)
+    F(w6 ,0x923f82a4)
+    F(w7 ,0xab1c5ed5)
+    F(w8 ,0xd807aa98)
+    F(w9 ,0x12835b01)
+    F(w10,0x243185be)
+    F(w11,0x550c7dc3)
+    F(w12,0x72be5d74)
+    F(w13,0x80deb1fe)
+    F(w14,0x9bdc06a7)
+    F(w15,0xc19bf174)
+
+    EXPAND
+
+    F(w0 ,0xe49b69c1)
+    F(w1 ,0xefbe4786)
+    F(w2 ,0x0fc19dc6)
+    F(w3 ,0x240ca1cc)
+    F(w4 ,0x2de92c6f)
+    F(w5 ,0x4a7484aa)
+    F(w6 ,0x5cb0a9dc)
+    F(w7 ,0x76f988da)
+    F(w8 ,0x983e5152)
+    F(w9 ,0xa831c66d)
+    F(w10,0xb00327c8)
+    F(w11,0xbf597fc7)
+    F(w12,0xc6e00bf3)
+    F(w13,0xd5a79147)
+    F(w14,0x06ca6351)
+    F(w15,0x14292967)
+
+    EXPAND
+
+    F(w0 ,0x27b70a85)
+    F(w1 ,0x2e1b2138)
+    F(w2 ,0x4d2c6dfc)
+    F(w3 ,0x53380d13)
+    F(w4 ,0x650a7354)
+    F(w5 ,0x766a0abb)
+    F(w6 ,0x81c2c92e)
+    F(w7 ,0x92722c85)
+    F(w8 ,0xa2bfe8a1)
+    F(w9 ,0xa81a664b)
+    F(w10,0xc24b8b70)
+    F(w11,0xc76c51a3)
+    F(w12,0xd192e819)
+    F(w13,0xd6990624)
+    F(w14,0xf40e3585)
+    F(w15,0x106aa070)
+
+    EXPAND
+
+    F(w0 ,0x19a4c116)
+    F(w1 ,0x1e376c08)
+    F(w2 ,0x2748774c)
+    F(w3 ,0x34b0bcb5)
+    F(w4 ,0x391c0cb3)
+    F(w5 ,0x4ed8aa4a)
+    F(w6 ,0x5b9cca4f)
+    F(w7 ,0x682e6ff3)
+    F(w8 ,0x748f82ee)
+    F(w9 ,0x78a5636f)
+    F(w10,0x84c87814)
+    F(w11,0x8cc70208)
+    F(w12,0x90befffa)
+    F(w13,0xa4506ceb)
+    F(w14,0xbef9a3f7)
+    F(w15,0xc67178f2)
+
+    a += state[0];
+    b += state[1];
+    c += state[2];
+    d += state[3];
+    e += state[4];
+    f += state[5];
+    g += state[6];
+    h += state[7];
+
+    state[0] = a;
+    state[1] = b;
+    state[2] = c;
+    state[3] = d;
+    state[4] = e;
+    state[5] = f;
+    state[6] = g;
+    state[7] = h;
+
+    in += 64;
+    inlen -= 64;
+  }
+
+  store_bigendian(statebytes +  0,state[0]);
+  store_bigendian(statebytes +  4,state[1]);
+  store_bigendian(statebytes +  8,state[2]);
+  store_bigendian(statebytes + 12,state[3]);
+  store_bigendian(statebytes + 16,state[4]);
+  store_bigendian(statebytes + 20,state[5]);
+  store_bigendian(statebytes + 24,state[6]);
+  store_bigendian(statebytes + 28,state[7]);
+
+  return 0;
+}

src/libnacl/crypto_hashblocks/sha256/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_hashblocks/sha512/checksum

@@ -0,0 +1 @@
+f005c91634ae549f0dd4529ddbaf07038cb75a59b818cd1d4eb4e2b4019ab6733556131f320c4a145c735a22594581d454cccb15c18bf198ffcb2da29fe39456

src/libnacl/crypto_hashblocks/sha512/inplace/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_STATEBYTES 64
+#define CRYPTO_BLOCKBYTES 128

src/libnacl/crypto_hashblocks/sha512/inplace/blocks.c

@@ -0,0 +1,256 @@
+#include "crypto_hashblocks.h"
+
+typedef unsigned long long uint64;
+
+static uint64 load_bigendian(const unsigned char *x)
+{
+  return
+      (uint64) (x[7]) \
+  | (((uint64) (x[6])) << 8) \
+  | (((uint64) (x[5])) << 16) \
+  | (((uint64) (x[4])) << 24) \
+  | (((uint64) (x[3])) << 32) \
+  | (((uint64) (x[2])) << 40) \
+  | (((uint64) (x[1])) << 48) \
+  | (((uint64) (x[0])) << 56)
+  ;
+}
+
+static void store_bigendian(unsigned char *x,uint64 u)
+{
+  x[7] = u; u >>= 8;
+  x[6] = u; u >>= 8;
+  x[5] = u; u >>= 8;
+  x[4] = u; u >>= 8;
+  x[3] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[0] = u;
+}
+
+#define SHR(x,c) ((x) >> (c))
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c))))
+
+#define Ch(x,y,z) ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7))
+#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6))
+
+#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
+
+#define EXPAND \
+  M(w0 ,w14,w9 ,w1 ) \
+  M(w1 ,w15,w10,w2 ) \
+  M(w2 ,w0 ,w11,w3 ) \
+  M(w3 ,w1 ,w12,w4 ) \
+  M(w4 ,w2 ,w13,w5 ) \
+  M(w5 ,w3 ,w14,w6 ) \
+  M(w6 ,w4 ,w15,w7 ) \
+  M(w7 ,w5 ,w0 ,w8 ) \
+  M(w8 ,w6 ,w1 ,w9 ) \
+  M(w9 ,w7 ,w2 ,w10) \
+  M(w10,w8 ,w3 ,w11) \
+  M(w11,w9 ,w4 ,w12) \
+  M(w12,w10,w5 ,w13) \
+  M(w13,w11,w6 ,w14) \
+  M(w14,w12,w7 ,w15) \
+  M(w15,w13,w8 ,w0 )
+
+#define F(r0,r1,r2,r3,r4,r5,r6,r7,w,k) \
+  r7 += Sigma1(r4) + Ch(r4,r5,r6) + k + w; \
+  r3 += r7; \
+  r7 += Sigma0(r0) + Maj(r0,r1,r2);
+
+#define G(r0,r1,r2,r3,r4,r5,r6,r7,i) \
+  F(r0,r1,r2,r3,r4,r5,r6,r7,w0 ,round[i + 0]) \
+  F(r7,r0,r1,r2,r3,r4,r5,r6,w1 ,round[i + 1]) \
+  F(r6,r7,r0,r1,r2,r3,r4,r5,w2 ,round[i + 2]) \
+  F(r5,r6,r7,r0,r1,r2,r3,r4,w3 ,round[i + 3]) \
+  F(r4,r5,r6,r7,r0,r1,r2,r3,w4 ,round[i + 4]) \
+  F(r3,r4,r5,r6,r7,r0,r1,r2,w5 ,round[i + 5]) \
+  F(r2,r3,r4,r5,r6,r7,r0,r1,w6 ,round[i + 6]) \
+  F(r1,r2,r3,r4,r5,r6,r7,r0,w7 ,round[i + 7]) \
+  F(r0,r1,r2,r3,r4,r5,r6,r7,w8 ,round[i + 8]) \
+  F(r7,r0,r1,r2,r3,r4,r5,r6,w9 ,round[i + 9]) \
+  F(r6,r7,r0,r1,r2,r3,r4,r5,w10,round[i + 10]) \
+  F(r5,r6,r7,r0,r1,r2,r3,r4,w11,round[i + 11]) \
+  F(r4,r5,r6,r7,r0,r1,r2,r3,w12,round[i + 12]) \
+  F(r3,r4,r5,r6,r7,r0,r1,r2,w13,round[i + 13]) \
+  F(r2,r3,r4,r5,r6,r7,r0,r1,w14,round[i + 14]) \
+  F(r1,r2,r3,r4,r5,r6,r7,r0,w15,round[i + 15])
+
+static const uint64 round[80] = {
+  0x428a2f98d728ae22ULL
+, 0x7137449123ef65cdULL
+, 0xb5c0fbcfec4d3b2fULL
+, 0xe9b5dba58189dbbcULL
+, 0x3956c25bf348b538ULL
+, 0x59f111f1b605d019ULL
+, 0x923f82a4af194f9bULL
+, 0xab1c5ed5da6d8118ULL
+, 0xd807aa98a3030242ULL
+, 0x12835b0145706fbeULL
+, 0x243185be4ee4b28cULL
+, 0x550c7dc3d5ffb4e2ULL
+, 0x72be5d74f27b896fULL
+, 0x80deb1fe3b1696b1ULL
+, 0x9bdc06a725c71235ULL
+, 0xc19bf174cf692694ULL
+, 0xe49b69c19ef14ad2ULL
+, 0xefbe4786384f25e3ULL
+, 0x0fc19dc68b8cd5b5ULL
+, 0x240ca1cc77ac9c65ULL
+, 0x2de92c6f592b0275ULL
+, 0x4a7484aa6ea6e483ULL
+, 0x5cb0a9dcbd41fbd4ULL
+, 0x76f988da831153b5ULL
+, 0x983e5152ee66dfabULL
+, 0xa831c66d2db43210ULL
+, 0xb00327c898fb213fULL
+, 0xbf597fc7beef0ee4ULL
+, 0xc6e00bf33da88fc2ULL
+, 0xd5a79147930aa725ULL
+, 0x06ca6351e003826fULL
+, 0x142929670a0e6e70ULL
+, 0x27b70a8546d22ffcULL
+, 0x2e1b21385c26c926ULL
+, 0x4d2c6dfc5ac42aedULL
+, 0x53380d139d95b3dfULL
+, 0x650a73548baf63deULL
+, 0x766a0abb3c77b2a8ULL
+, 0x81c2c92e47edaee6ULL
+, 0x92722c851482353bULL
+, 0xa2bfe8a14cf10364ULL
+, 0xa81a664bbc423001ULL
+, 0xc24b8b70d0f89791ULL
+, 0xc76c51a30654be30ULL
+, 0xd192e819d6ef5218ULL
+, 0xd69906245565a910ULL
+, 0xf40e35855771202aULL
+, 0x106aa07032bbd1b8ULL
+, 0x19a4c116b8d2d0c8ULL
+, 0x1e376c085141ab53ULL
+, 0x2748774cdf8eeb99ULL
+, 0x34b0bcb5e19b48a8ULL
+, 0x391c0cb3c5c95a63ULL
+, 0x4ed8aa4ae3418acbULL
+, 0x5b9cca4f7763e373ULL
+, 0x682e6ff3d6b2b8a3ULL
+, 0x748f82ee5defb2fcULL
+, 0x78a5636f43172f60ULL
+, 0x84c87814a1f0ab72ULL
+, 0x8cc702081a6439ecULL
+, 0x90befffa23631e28ULL
+, 0xa4506cebde82bde9ULL
+, 0xbef9a3f7b2c67915ULL
+, 0xc67178f2e372532bULL
+, 0xca273eceea26619cULL
+, 0xd186b8c721c0c207ULL
+, 0xeada7dd6cde0eb1eULL
+, 0xf57d4f7fee6ed178ULL
+, 0x06f067aa72176fbaULL
+, 0x0a637dc5a2c898a6ULL
+, 0x113f9804bef90daeULL
+, 0x1b710b35131c471bULL
+, 0x28db77f523047d84ULL
+, 0x32caab7b40c72493ULL
+, 0x3c9ebe0a15c9bebcULL
+, 0x431d67c49c100d4cULL
+, 0x4cc5d4becb3e42b6ULL
+, 0x597f299cfc657e2aULL
+, 0x5fcb6fab3ad6faecULL
+, 0x6c44198c4a475817ULL
+};
+
+int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+{
+  uint64 state[8];
+  uint64 r0;
+  uint64 r1;
+  uint64 r2;
+  uint64 r3;
+  uint64 r4;
+  uint64 r5;
+  uint64 r6;
+  uint64 r7;
+
+  r0 = load_bigendian(statebytes +  0); state[0] = r0;
+  r1 = load_bigendian(statebytes +  8); state[1] = r1;
+  r2 = load_bigendian(statebytes + 16); state[2] = r2;
+  r3 = load_bigendian(statebytes + 24); state[3] = r3;
+  r4 = load_bigendian(statebytes + 32); state[4] = r4;
+  r5 = load_bigendian(statebytes + 40); state[5] = r5;
+  r6 = load_bigendian(statebytes + 48); state[6] = r6;
+  r7 = load_bigendian(statebytes + 56); state[7] = r7;
+
+  while (inlen >= 128) {
+    uint64 w0  = load_bigendian(in +   0);
+    uint64 w1  = load_bigendian(in +   8);
+    uint64 w2  = load_bigendian(in +  16);
+    uint64 w3  = load_bigendian(in +  24);
+    uint64 w4  = load_bigendian(in +  32);
+    uint64 w5  = load_bigendian(in +  40);
+    uint64 w6  = load_bigendian(in +  48);
+    uint64 w7  = load_bigendian(in +  56);
+    uint64 w8  = load_bigendian(in +  64);
+    uint64 w9  = load_bigendian(in +  72);
+    uint64 w10 = load_bigendian(in +  80);
+    uint64 w11 = load_bigendian(in +  88);
+    uint64 w12 = load_bigendian(in +  96);
+    uint64 w13 = load_bigendian(in + 104);
+    uint64 w14 = load_bigendian(in + 112);
+    uint64 w15 = load_bigendian(in + 120);
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,0)
+
+    EXPAND
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,16)
+
+    EXPAND
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,32)
+
+    EXPAND
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,48)
+
+    EXPAND
+
+    G(r0,r1,r2,r3,r4,r5,r6,r7,64)
+
+    r0 += state[0];
+    r1 += state[1];
+    r2 += state[2];
+    r3 += state[3];
+    r4 += state[4];
+    r5 += state[5];
+    r6 += state[6];
+    r7 += state[7];
+
+    state[0] = r0;
+    state[1] = r1;
+    state[2] = r2;
+    state[3] = r3;
+    state[4] = r4;
+    state[5] = r5;
+    state[6] = r6;
+    state[7] = r7;
+
+    in += 128;
+    inlen -= 128;
+  }
+
+  store_bigendian(statebytes +  0,state[0]);
+  store_bigendian(statebytes +  8,state[1]);
+  store_bigendian(statebytes + 16,state[2]);
+  store_bigendian(statebytes + 24,state[3]);
+  store_bigendian(statebytes + 32,state[4]);
+  store_bigendian(statebytes + 40,state[5]);
+  store_bigendian(statebytes + 48,state[6]);
+  store_bigendian(statebytes + 56,state[7]);
+
+  return 0;
+}

src/libnacl/crypto_hashblocks/sha512/inplace/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_hashblocks/sha512/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_STATEBYTES 64
+#define CRYPTO_BLOCKBYTES 128

src/libnacl/crypto_hashblocks/sha512/ref/blocks.c

@@ -0,0 +1,239 @@
+#include "crypto_hashblocks.h"
+
+typedef unsigned long long uint64;
+
+static uint64 load_bigendian(const unsigned char *x)
+{
+  return
+      (uint64) (x[7]) \
+  | (((uint64) (x[6])) << 8) \
+  | (((uint64) (x[5])) << 16) \
+  | (((uint64) (x[4])) << 24) \
+  | (((uint64) (x[3])) << 32) \
+  | (((uint64) (x[2])) << 40) \
+  | (((uint64) (x[1])) << 48) \
+  | (((uint64) (x[0])) << 56)
+  ;
+}
+
+static void store_bigendian(unsigned char *x,uint64 u)
+{
+  x[7] = u; u >>= 8;
+  x[6] = u; u >>= 8;
+  x[5] = u; u >>= 8;
+  x[4] = u; u >>= 8;
+  x[3] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[0] = u;
+}
+
+#define SHR(x,c) ((x) >> (c))
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c))))
+
+#define Ch(x,y,z) ((x & y) ^ (~x & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
+#define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
+#define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7))
+#define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6))
+
+#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
+
+#define EXPAND \
+  M(w0 ,w14,w9 ,w1 ) \
+  M(w1 ,w15,w10,w2 ) \
+  M(w2 ,w0 ,w11,w3 ) \
+  M(w3 ,w1 ,w12,w4 ) \
+  M(w4 ,w2 ,w13,w5 ) \
+  M(w5 ,w3 ,w14,w6 ) \
+  M(w6 ,w4 ,w15,w7 ) \
+  M(w7 ,w5 ,w0 ,w8 ) \
+  M(w8 ,w6 ,w1 ,w9 ) \
+  M(w9 ,w7 ,w2 ,w10) \
+  M(w10,w8 ,w3 ,w11) \
+  M(w11,w9 ,w4 ,w12) \
+  M(w12,w10,w5 ,w13) \
+  M(w13,w11,w6 ,w14) \
+  M(w14,w12,w7 ,w15) \
+  M(w15,w13,w8 ,w0 )
+
+#define F(w,k) \
+  T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
+  T2 = Sigma0(a) + Maj(a,b,c); \
+  h = g; \
+  g = f; \
+  f = e; \
+  e = d + T1; \
+  d = c; \
+  c = b; \
+  b = a; \
+  a = T1 + T2;
+
+int crypto_hashblocks(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
+{
+  uint64 state[8];
+  uint64 a;
+  uint64 b;
+  uint64 c;
+  uint64 d;
+  uint64 e;
+  uint64 f;
+  uint64 g;
+  uint64 h;
+  uint64 T1;
+  uint64 T2;
+
+  a = load_bigendian(statebytes +  0); state[0] = a;
+  b = load_bigendian(statebytes +  8); state[1] = b;
+  c = load_bigendian(statebytes + 16); state[2] = c;
+  d = load_bigendian(statebytes + 24); state[3] = d;
+  e = load_bigendian(statebytes + 32); state[4] = e;
+  f = load_bigendian(statebytes + 40); state[5] = f;
+  g = load_bigendian(statebytes + 48); state[6] = g;
+  h = load_bigendian(statebytes + 56); state[7] = h;
+
+  while (inlen >= 128) {
+    uint64 w0  = load_bigendian(in +   0);
+    uint64 w1  = load_bigendian(in +   8);
+    uint64 w2  = load_bigendian(in +  16);
+    uint64 w3  = load_bigendian(in +  24);
+    uint64 w4  = load_bigendian(in +  32);
+    uint64 w5  = load_bigendian(in +  40);
+    uint64 w6  = load_bigendian(in +  48);
+    uint64 w7  = load_bigendian(in +  56);
+    uint64 w8  = load_bigendian(in +  64);
+    uint64 w9  = load_bigendian(in +  72);
+    uint64 w10 = load_bigendian(in +  80);
+    uint64 w11 = load_bigendian(in +  88);
+    uint64 w12 = load_bigendian(in +  96);
+    uint64 w13 = load_bigendian(in + 104);
+    uint64 w14 = load_bigendian(in + 112);
+    uint64 w15 = load_bigendian(in + 120);
+
+    F(w0 ,0x428a2f98d728ae22ULL)
+    F(w1 ,0x7137449123ef65cdULL)
+    F(w2 ,0xb5c0fbcfec4d3b2fULL)
+    F(w3 ,0xe9b5dba58189dbbcULL)
+    F(w4 ,0x3956c25bf348b538ULL)
+    F(w5 ,0x59f111f1b605d019ULL)
+    F(w6 ,0x923f82a4af194f9bULL)
+    F(w7 ,0xab1c5ed5da6d8118ULL)
+    F(w8 ,0xd807aa98a3030242ULL)
+    F(w9 ,0x12835b0145706fbeULL)
+    F(w10,0x243185be4ee4b28cULL)
+    F(w11,0x550c7dc3d5ffb4e2ULL)
+    F(w12,0x72be5d74f27b896fULL)
+    F(w13,0x80deb1fe3b1696b1ULL)
+    F(w14,0x9bdc06a725c71235ULL)
+    F(w15,0xc19bf174cf692694ULL)
+
+    EXPAND
+
+    F(w0 ,0xe49b69c19ef14ad2ULL)
+    F(w1 ,0xefbe4786384f25e3ULL)
+    F(w2 ,0x0fc19dc68b8cd5b5ULL)
+    F(w3 ,0x240ca1cc77ac9c65ULL)
+    F(w4 ,0x2de92c6f592b0275ULL)
+    F(w5 ,0x4a7484aa6ea6e483ULL)
+    F(w6 ,0x5cb0a9dcbd41fbd4ULL)
+    F(w7 ,0x76f988da831153b5ULL)
+    F(w8 ,0x983e5152ee66dfabULL)
+    F(w9 ,0xa831c66d2db43210ULL)
+    F(w10,0xb00327c898fb213fULL)
+    F(w11,0xbf597fc7beef0ee4ULL)
+    F(w12,0xc6e00bf33da88fc2ULL)
+    F(w13,0xd5a79147930aa725ULL)
+    F(w14,0x06ca6351e003826fULL)
+    F(w15,0x142929670a0e6e70ULL)
+
+    EXPAND
+
+    F(w0 ,0x27b70a8546d22ffcULL)
+    F(w1 ,0x2e1b21385c26c926ULL)
+    F(w2 ,0x4d2c6dfc5ac42aedULL)
+    F(w3 ,0x53380d139d95b3dfULL)
+    F(w4 ,0x650a73548baf63deULL)
+    F(w5 ,0x766a0abb3c77b2a8ULL)
+    F(w6 ,0x81c2c92e47edaee6ULL)
+    F(w7 ,0x92722c851482353bULL)
+    F(w8 ,0xa2bfe8a14cf10364ULL)
+    F(w9 ,0xa81a664bbc423001ULL)
+    F(w10,0xc24b8b70d0f89791ULL)
+    F(w11,0xc76c51a30654be30ULL)
+    F(w12,0xd192e819d6ef5218ULL)
+    F(w13,0xd69906245565a910ULL)
+    F(w14,0xf40e35855771202aULL)
+    F(w15,0x106aa07032bbd1b8ULL)
+
+    EXPAND
+
+    F(w0 ,0x19a4c116b8d2d0c8ULL)
+    F(w1 ,0x1e376c085141ab53ULL)
+    F(w2 ,0x2748774cdf8eeb99ULL)
+    F(w3 ,0x34b0bcb5e19b48a8ULL)
+    F(w4 ,0x391c0cb3c5c95a63ULL)
+    F(w5 ,0x4ed8aa4ae3418acbULL)
+    F(w6 ,0x5b9cca4f7763e373ULL)
+    F(w7 ,0x682e6ff3d6b2b8a3ULL)
+    F(w8 ,0x748f82ee5defb2fcULL)
+    F(w9 ,0x78a5636f43172f60ULL)
+    F(w10,0x84c87814a1f0ab72ULL)
+    F(w11,0x8cc702081a6439ecULL)
+    F(w12,0x90befffa23631e28ULL)
+    F(w13,0xa4506cebde82bde9ULL)
+    F(w14,0xbef9a3f7b2c67915ULL)
+    F(w15,0xc67178f2e372532bULL)
+
+    EXPAND
+
+    F(w0 ,0xca273eceea26619cULL)
+    F(w1 ,0xd186b8c721c0c207ULL)
+    F(w2 ,0xeada7dd6cde0eb1eULL)
+    F(w3 ,0xf57d4f7fee6ed178ULL)
+    F(w4 ,0x06f067aa72176fbaULL)
+    F(w5 ,0x0a637dc5a2c898a6ULL)
+    F(w6 ,0x113f9804bef90daeULL)
+    F(w7 ,0x1b710b35131c471bULL)
+    F(w8 ,0x28db77f523047d84ULL)
+    F(w9 ,0x32caab7b40c72493ULL)
+    F(w10,0x3c9ebe0a15c9bebcULL)
+    F(w11,0x431d67c49c100d4cULL)
+    F(w12,0x4cc5d4becb3e42b6ULL)
+    F(w13,0x597f299cfc657e2aULL)
+    F(w14,0x5fcb6fab3ad6faecULL)
+    F(w15,0x6c44198c4a475817ULL)
+
+    a += state[0];
+    b += state[1];
+    c += state[2];
+    d += state[3];
+    e += state[4];
+    f += state[5];
+    g += state[6];
+    h += state[7];
+
+    state[0] = a;
+    state[1] = b;
+    state[2] = c;
+    state[3] = d;
+    state[4] = e;
+    state[5] = f;
+    state[6] = g;
+    state[7] = h;
+
+    in += 128;
+    inlen -= 128;
+  }
+
+  store_bigendian(statebytes +  0,state[0]);
+  store_bigendian(statebytes +  8,state[1]);
+  store_bigendian(statebytes + 16,state[2]);
+  store_bigendian(statebytes + 24,state[3]);
+  store_bigendian(statebytes + 32,state[4]);
+  store_bigendian(statebytes + 40,state[5]);
+  store_bigendian(statebytes + 48,state[6]);
+  store_bigendian(statebytes + 56,state[7]);
+
+  return 0;
+}

src/libnacl/crypto_hashblocks/sha512/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_hashblocks/try.c

@@ -0,0 +1,80 @@
+/*
+ * crypto_hashblocks/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_hashblocks.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_hashblocks_IMPLEMENTATION;
+
+#define MAXTEST_BYTES (10000 + crypto_hashblocks_STATEBYTES)
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+
+static unsigned char *h;
+static unsigned char *h2;
+static unsigned char *m;
+static unsigned char *m2;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  h = alignedcalloc(crypto_hashblocks_STATEBYTES);
+  h2 = alignedcalloc(crypto_hashblocks_STATEBYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  m2 = alignedcalloc(MAXTEST_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_hashblocks(h,m,TUNE_BYTES);
+}
+
+char checksum[crypto_hashblocks_STATEBYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long hlen = crypto_hashblocks_STATEBYTES;
+    long long mlen = i;
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    if (crypto_hashblocks(h,m,mlen) != 0) return "crypto_hashblocks returns nonzero";
+    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_hashblocks writes to input";
+    for (j = -16;j < 0;++j) if (h2[j] != h[j]) return "crypto_hashblocks writes before output";
+    for (j = hlen;j < hlen + 16;++j) if (h2[j] != h[j]) return "crypto_hashblocks writes after output";
+    for (j = 0;j < hlen;++j) m2[j] = h2[j];
+    if (crypto_hashblocks(h2,m2,mlen) != 0) return "crypto_hashblocks returns nonzero";
+    if (crypto_hashblocks(m2,m2,mlen) != 0) return "crypto_hashblocks returns nonzero";
+    for (j = 0;j < hlen;++j) if (m2[j] != h2[j]) return "crypto_hashblocks does not handle overlap";
+    for (j = 0;j < mlen;++j) m[j] ^= h[j % hlen];
+    m[mlen] = h[0];
+  }
+  if (crypto_hashblocks(h,m,CHECKSUM_BYTES) != 0) return "crypto_hashblocks returns nonzero";
+
+  for (i = 0;i < crypto_hashblocks_STATEBYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

src/libnacl/crypto_onetimeauth/measure.c

@@ -0,0 +1,69 @@
+#include "crypto_onetimeauth.h"
+#include "randombytes.h"
+#include "cpucycles.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION;
+const char *implementationversion = crypto_onetimeauth_VERSION;
+const char *sizenames[] = { "outputbytes", "keybytes", 0 };
+const long long sizes[] = { crypto_onetimeauth_BYTES, crypto_onetimeauth_KEYBYTES };
+
+#define MAXTEST_BYTES 4096
+#ifdef SUPERCOP
+#define MGAP 8192
+#else
+#define MGAP 8
+#endif
+
+static unsigned char *k;
+static unsigned char *m;
+static unsigned char *h;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  k = alignedcalloc(crypto_onetimeauth_KEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  h = alignedcalloc(crypto_onetimeauth_BYTES);
+}
+
+#define TIMINGS 15
+static long long cycles[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+  int mlen;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) {
+      randombytes(k,crypto_onetimeauth_KEYBYTES);
+      randombytes(m,mlen);
+      randombytes(h,crypto_onetimeauth_BYTES);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_onetimeauth(h,m,mlen,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_onetimeauth_verify(h,m,mlen,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"verify_cycles",cycles,TIMINGS);
+    }
+  }
+}

src/libnacl/crypto_onetimeauth/poly1305/53/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 16
+#define CRYPTO_KEYBYTES 32

src/libnacl/crypto_onetimeauth/poly1305/53/verify.c

@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth.h"
+
+int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[16];
+  crypto_onetimeauth(correct,in,inlen,k);
+  return crypto_verify_16(h,correct);
+}

src/libnacl/crypto_onetimeauth/poly1305/amd64/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 16
+#define CRYPTO_KEYBYTES 32

src/libnacl/crypto_onetimeauth/poly1305/amd64/verify.c

@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth.h"
+
+int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[16];
+  crypto_onetimeauth(correct,in,inlen,k);
+  return crypto_verify_16(h,correct);
+}

src/libnacl/crypto_onetimeauth/poly1305/checksum

@@ -0,0 +1 @@
+e836d5ca58cf673fca2b4910f23f3990

src/libnacl/crypto_onetimeauth/poly1305/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 16
+#define CRYPTO_KEYBYTES 32

src/libnacl/crypto_onetimeauth/poly1305/ref/auth.c

@@ -0,0 +1,104 @@
+/*
+20080912
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_onetimeauth.h"
+
+static void add(unsigned int h[17],const unsigned int c[17])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 17;++j) { u += h[j] + c[j]; h[j] = u & 255; u >>= 8; }
+}
+
+static void squeeze(unsigned int h[17])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; }
+  u += h[16]; h[16] = u & 3;
+  u = 5 * (u >> 2);
+  for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; }
+  u += h[16]; h[16] = u;
+}
+
+static const unsigned int minusp[17] = {
+  5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252
+} ;
+
+static void freeze(unsigned int h[17])
+{
+  unsigned int horig[17];
+  unsigned int j;
+  unsigned int negative;
+  for (j = 0;j < 17;++j) horig[j] = h[j];
+  add(h,minusp);
+  negative = -(h[16] >> 7);
+  for (j = 0;j < 17;++j) h[j] ^= negative & (horig[j] ^ h[j]);
+}
+
+static void mulmod(unsigned int h[17],const unsigned int r[17])
+{
+  unsigned int hr[17];
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 17;++i) {
+    u = 0;
+    for (j = 0;j <= i;++j) u += h[j] * r[i - j];
+    for (j = i + 1;j < 17;++j) u += 320 * h[j] * r[i + 17 - j];
+    hr[i] = u;
+  }
+  for (i = 0;i < 17;++i) h[i] = hr[i];
+  squeeze(h);
+}
+
+int crypto_onetimeauth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned int j;
+  unsigned int r[17];
+  unsigned int h[17];
+  unsigned int c[17];
+
+  r[0] = k[0];
+  r[1] = k[1];
+  r[2] = k[2];
+  r[3] = k[3] & 15;
+  r[4] = k[4] & 252;
+  r[5] = k[5];
+  r[6] = k[6];
+  r[7] = k[7] & 15;
+  r[8] = k[8] & 252;
+  r[9] = k[9];
+  r[10] = k[10];
+  r[11] = k[11] & 15;
+  r[12] = k[12] & 252;
+  r[13] = k[13];
+  r[14] = k[14];
+  r[15] = k[15] & 15;
+  r[16] = 0;
+
+  for (j = 0;j < 17;++j) h[j] = 0;
+
+  while (inlen > 0) {
+    for (j = 0;j < 17;++j) c[j] = 0;
+    for (j = 0;(j < 16) && (j < inlen);++j) c[j] = in[j];
+    c[j] = 1;
+    in += j; inlen -= j;
+    add(h,c);
+    mulmod(h,r);
+  }
+
+  freeze(h);
+
+  for (j = 0;j < 16;++j) c[j] = k[j + 16];
+  c[16] = 0;
+  add(h,c);
+  for (j = 0;j < 16;++j) out[j] = h[j];
+  return 0;
+}

src/libnacl/crypto_onetimeauth/poly1305/ref/verify.c

@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth.h"
+
+int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[16];
+  crypto_onetimeauth(correct,in,inlen,k);
+  return crypto_verify_16(h,correct);
+}

src/libnacl/crypto_onetimeauth/poly1305/x86/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 16
+#define CRYPTO_KEYBYTES 32

src/libnacl/crypto_onetimeauth/poly1305/x86/verify.c

@@ -0,0 +1,9 @@
+#include "crypto_verify_16.h"
+#include "crypto_onetimeauth.h"
+
+int crypto_onetimeauth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[16];
+  crypto_onetimeauth(correct,in,inlen,k);
+  return crypto_verify_16(h,correct);
+}

src/libnacl/crypto_onetimeauth/try.c

@@ -0,0 +1,121 @@
+/*
+ * crypto_onetimeauth/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_hash_sha256.h"
+#include "crypto_onetimeauth.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION;
+
+#define MAXTEST_BYTES 10000
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+
+static unsigned char *h;
+static unsigned char *m;
+static unsigned char *k;
+static unsigned char *h2;
+static unsigned char *m2;
+static unsigned char *k2;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  h = alignedcalloc(crypto_onetimeauth_BYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  k = alignedcalloc(crypto_onetimeauth_KEYBYTES);
+  h2 = alignedcalloc(crypto_onetimeauth_BYTES);
+  m2 = alignedcalloc(MAXTEST_BYTES + crypto_onetimeauth_BYTES);
+  k2 = alignedcalloc(crypto_onetimeauth_KEYBYTES + crypto_onetimeauth_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_onetimeauth(h,m,TUNE_BYTES,k);
+  crypto_onetimeauth_verify(h,m,TUNE_BYTES,k);
+}
+
+char checksum[crypto_onetimeauth_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long mlen = i;
+    long long klen = crypto_onetimeauth_KEYBYTES;
+    long long hlen = crypto_onetimeauth_BYTES;
+
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+
+    if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
+    for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output";
+    for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output";
+
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+
+    if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap";
+    for (j = 0;j < hlen;++j) m2[j] = m[j];
+    if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero";
+    for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap";
+    for (j = 0;j < hlen;++j) k2[j] = k[j];
+
+    if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+
+    for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
+
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
+    if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+    if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
+    m[mlen] = h2[0];
+  }
+  if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero";
+  if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+
+  for (i = 0;i < crypto_onetimeauth_BYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

src/libnacl/crypto_onetimeauth/wrapper-auth.cpp

@@ -0,0 +1,11 @@
+#include <string>
+using std::string;
+#include "crypto_onetimeauth.h"
+
+string crypto_onetimeauth(const string &m,const string &k)
+{
+  if (k.size() != crypto_onetimeauth_KEYBYTES) throw "incorrect key length";
+  unsigned char a[crypto_onetimeauth_BYTES];
+  crypto_onetimeauth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str());
+  return string((char *) a,crypto_onetimeauth_BYTES);
+}

src/libnacl/crypto_onetimeauth/wrapper-verify.cpp

@@ -0,0 +1,14 @@
+#include <string>
+using std::string;
+#include "crypto_onetimeauth.h"
+
+void crypto_onetimeauth_verify(const string &a,const string &m,const string &k)
+{
+  if (k.size() != crypto_onetimeauth_KEYBYTES) throw "incorrect key length";
+  if (a.size() != crypto_onetimeauth_BYTES) throw "incorrect authenticator length";
+  if (crypto_onetimeauth_verify(
+       (const unsigned char *) a.c_str(),
+       (const unsigned char *) m.c_str(),m.size(),
+       (const unsigned char *) k.c_str()) == 0) return;
+  throw "invalid authenticator";
+}

src/libnacl/crypto_scalarmult/curve25519/checksum

@@ -0,0 +1 @@
+dacdae4a0f12353dfc66757f2fd1fff538fe6616115dace9afb8016a55be2a52

src/libnacl/crypto_scalarmult/curve25519/donna_c64/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_SCALARBYTES 32

src/libnacl/crypto_scalarmult/curve25519/donna_c64/base.c

@@ -0,0 +1,8 @@
+#include "crypto_scalarmult.h"
+
+static const unsigned char basepoint[32] = {9};
+
+int crypto_scalarmult_base(unsigned char *q,const unsigned char *n)
+{
+  return crypto_scalarmult(q, n, basepoint);
+}

src/libnacl/crypto_scalarmult/curve25519/donna_c64/implementors

@@ -0,0 +1 @@
+Adam Langley (Google)

src/libnacl/crypto_scalarmult/curve25519/donna_c64/smult.c

@@ -0,0 +1,477 @@
+/* Copyright 2008, Google Inc.
+ * All rights reserved.
+ *
+ * Code released into the public domain.
+ *
+ * curve25519-donna: Curve25519 elliptic curve, public key function
+ *
+ * http://code.google.com/p/curve25519-donna/
+ *
+ * Adam Langley <agl@imperialviolet.org>
+ *
+ * Derived from public domain C code by Daniel J. Bernstein <djb@cr.yp.to>
+ *
+ * More information about curve25519 can be found here
+ *   http://cr.yp.to/ecdh.html
+ *
+ * djb's sample implementation of curve25519 is written in a special assembly
+ * language called qhasm and uses the floating point registers.
+ *
+ * This is, almost, a clean room reimplementation from the curve25519 paper. It
+ * uses many of the tricks described therein. Only the crecip function is taken
+ * from the sample implementation.
+ */
+
+#include <string.h>
+#include <stdint.h>
+#include "crypto_scalarmult.h"
+
+typedef uint8_t u8;
+typedef uint64_t felem;
+// This is a special gcc mode for 128-bit integers. It's implemented on 64-bit
+// platforms only as far as I know.
+typedef unsigned uint128_t __attribute__((mode(TI)));
+
+/* Sum two numbers: output += in */
+static void fsum(felem *output, const felem *in) {
+  unsigned i;
+  for (i = 0; i < 5; ++i) output[i] += in[i];
+}
+
+/* Find the difference of two numbers: output = in - output
+ * (note the order of the arguments!)
+ */
+static void fdifference_backwards(felem *ioutput, const felem *iin) {
+  static const int64_t twotothe51 = (1l << 51);
+  const int64_t *in = (const int64_t *) iin;
+  int64_t *out = (int64_t *) ioutput;
+
+  out[0] = in[0] - out[0];
+  out[1] = in[1] - out[1];
+  out[2] = in[2] - out[2];
+  out[3] = in[3] - out[3];
+  out[4] = in[4] - out[4];
+
+  // An arithmetic shift right of 63 places turns a positive number to 0 and a
+  // negative number to all 1's. This gives us a bitmask that lets us avoid
+  // side-channel prone branches.
+  int64_t t;
+
+#define NEGCHAIN(a,b) \
+  t = out[a] >> 63; \
+  out[a] += twotothe51 & t; \
+  out[b] -= 1 & t;
+
+#define NEGCHAIN19(a,b) \
+  t = out[a] >> 63; \
+  out[a] += twotothe51 & t; \
+  out[b] -= 19 & t;
+
+  NEGCHAIN(0, 1);
+  NEGCHAIN(1, 2);
+  NEGCHAIN(2, 3);
+  NEGCHAIN(3, 4);
+  NEGCHAIN19(4, 0);
+  NEGCHAIN(0, 1);
+  NEGCHAIN(1, 2);
+  NEGCHAIN(2, 3);
+  NEGCHAIN(3, 4);
+}
+
+/* Multiply a number by a scalar: output = in * scalar */
+static void fscalar_product(felem *output, const felem *in, const felem scalar) {
+  uint128_t a;
+
+  a = ((uint128_t) in[0]) * scalar;
+  output[0] = a & 0x7ffffffffffff;
+
+  a = ((uint128_t) in[1]) * scalar + (a >> 51);
+  output[1] = a & 0x7ffffffffffff;
+
+  a = ((uint128_t) in[2]) * scalar + (a >> 51);
+  output[2] = a & 0x7ffffffffffff;
+
+  a = ((uint128_t) in[3]) * scalar + (a >> 51);
+  output[3] = a & 0x7ffffffffffff;
+
+  a = ((uint128_t) in[4]) * scalar + (a >> 51);
+  output[4] = a & 0x7ffffffffffff;
+
+  output[0] += (a >> 51) * 19;
+}
+
+/* Multiply two numbers: output = in2 * in
+ *
+ * output must be distinct to both inputs. The inputs are reduced coefficient
+ * form, the output is not.
+ */
+static void fmul(felem *output, const felem *in2, const felem *in) {
+  uint128_t t[9];
+
+  t[0] = ((uint128_t) in[0]) * in2[0];
+  t[1] = ((uint128_t) in[0]) * in2[1] +
+         ((uint128_t) in[1]) * in2[0];
+  t[2] = ((uint128_t) in[0]) * in2[2] +
+         ((uint128_t) in[2]) * in2[0] +
+         ((uint128_t) in[1]) * in2[1];
+  t[3] = ((uint128_t) in[0]) * in2[3] +
+         ((uint128_t) in[3]) * in2[0] +
+         ((uint128_t) in[1]) * in2[2] +
+         ((uint128_t) in[2]) * in2[1];
+  t[4] = ((uint128_t) in[0]) * in2[4] +
+         ((uint128_t) in[4]) * in2[0] +
+         ((uint128_t) in[3]) * in2[1] +
+         ((uint128_t) in[1]) * in2[3] +
+         ((uint128_t) in[2]) * in2[2];
+  t[5] = ((uint128_t) in[4]) * in2[1] +
+         ((uint128_t) in[1]) * in2[4] +
+         ((uint128_t) in[2]) * in2[3] +
+         ((uint128_t) in[3]) * in2[2];
+  t[6] = ((uint128_t) in[4]) * in2[2] +
+         ((uint128_t) in[2]) * in2[4] +
+         ((uint128_t) in[3]) * in2[3];
+  t[7] = ((uint128_t) in[3]) * in2[4] +
+         ((uint128_t) in[4]) * in2[3];
+  t[8] = ((uint128_t) in[4]) * in2[4];
+
+  t[0] += t[5] * 19;
+  t[1] += t[6] * 19;
+  t[2] += t[7] * 19;
+  t[3] += t[8] * 19;
+
+  t[1] += t[0] >> 51;
+  t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51;
+  t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51;
+  t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51;
+  t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51);
+  t[4] &= 0x7ffffffffffff;
+  t[1] += t[0] >> 51;
+  t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51;
+  t[1] &= 0x7ffffffffffff;
+
+  output[0] = t[0];
+  output[1] = t[1];
+  output[2] = t[2];
+  output[3] = t[3];
+  output[4] = t[4];
+}
+
+static void
+fsquare(felem *output, const felem *in) {
+  uint128_t t[9];
+
+  t[0] = ((uint128_t) in[0]) * in[0];
+  t[1] = ((uint128_t) in[0]) * in[1] * 2;
+  t[2] = ((uint128_t) in[0]) * in[2] * 2 +
+         ((uint128_t) in[1]) * in[1];
+  t[3] = ((uint128_t) in[0]) * in[3] * 2 +
+         ((uint128_t) in[1]) * in[2] * 2;
+  t[4] = ((uint128_t) in[0]) * in[4] * 2 +
+         ((uint128_t) in[3]) * in[1] * 2 +
+         ((uint128_t) in[2]) * in[2];
+  t[5] = ((uint128_t) in[4]) * in[1] * 2 +
+         ((uint128_t) in[2]) * in[3] * 2;
+  t[6] = ((uint128_t) in[4]) * in[2] * 2 +
+         ((uint128_t) in[3]) * in[3];
+  t[7] = ((uint128_t) in[3]) * in[4] * 2;
+  t[8] = ((uint128_t) in[4]) * in[4];
+
+  t[0] += t[5] * 19;
+  t[1] += t[6] * 19;
+  t[2] += t[7] * 19;
+  t[3] += t[8] * 19;
+
+  t[1] += t[0] >> 51;
+  t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51;
+  t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51;
+  t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51;
+  t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51);
+  t[4] &= 0x7ffffffffffff;
+  t[1] += t[0] >> 51;
+  t[0] &= 0x7ffffffffffff;
+
+  output[0] = t[0];
+  output[1] = t[1];
+  output[2] = t[2];
+  output[3] = t[3];
+  output[4] = t[4];
+}
+
+/* Take a little-endian, 32-byte number and expand it into polynomial form */
+static void
+fexpand(felem *output, const u8 *in) {
+  output[0] = *((const uint64_t *)(in)) & 0x7ffffffffffff;
+  output[1] = (*((const uint64_t *)(in+6)) >> 3) & 0x7ffffffffffff;
+  output[2] = (*((const uint64_t *)(in+12)) >> 6) & 0x7ffffffffffff;
+  output[3] = (*((const uint64_t *)(in+19)) >> 1) & 0x7ffffffffffff;
+  output[4] = (*((const uint64_t *)(in+25)) >> 4) & 0x7ffffffffffff;
+}
+
+/* Take a fully reduced polynomial form number and contract it into a
+ * little-endian, 32-byte array
+ */
+static void
+fcontract(u8 *output, const felem *input) {
+  uint128_t t[5];
+
+  t[0] = input[0];
+  t[1] = input[1];
+  t[2] = input[2];
+  t[3] = input[3];
+  t[4] = input[4];
+
+  t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff;
+
+  t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff;
+
+  /* now t is between 0 and 2^255-1, properly carried. */
+  /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+
+  t[0] += 19;
+
+  t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
+  t[0] += 19 * (t[4] >> 51); t[4] &= 0x7ffffffffffff;
+
+  /* now between 19 and 2^255-1 in both cases, and offset by 19. */
+
+  t[0] += 0x8000000000000 - 19;
+  t[1] += 0x8000000000000 - 1;
+  t[2] += 0x8000000000000 - 1;
+  t[3] += 0x8000000000000 - 1;
+  t[4] += 0x8000000000000 - 1;
+
+  /* now between 2^255 and 2^256-20, and offset by 2^255. */
+
+  t[1] += t[0] >> 51; t[0] &= 0x7ffffffffffff;
+  t[2] += t[1] >> 51; t[1] &= 0x7ffffffffffff;
+  t[3] += t[2] >> 51; t[2] &= 0x7ffffffffffff;
+  t[4] += t[3] >> 51; t[3] &= 0x7ffffffffffff;
+  t[4] &= 0x7ffffffffffff;
+
+  *((uint64_t *)(output)) = t[0] | (t[1] << 51);
+  *((uint64_t *)(output+8)) = (t[1] >> 13) | (t[2] << 38);
+  *((uint64_t *)(output+16)) = (t[2] >> 26) | (t[3] << 25);
+  *((uint64_t *)(output+24)) = (t[3] >> 39) | (t[4] << 12);
+}
+
+/* Input: Q, Q', Q-Q'
+ * Output: 2Q, Q+Q'
+ *
+ *   x2 z3: long form
+ *   x3 z3: long form
+ *   x z: short form, destroyed
+ *   xprime zprime: short form, destroyed
+ *   qmqp: short form, preserved
+ */
+static void
+fmonty(felem *x2, felem *z2, /* output 2Q */
+       felem *x3, felem *z3, /* output Q + Q' */
+       felem *x, felem *z,   /* input Q */
+       felem *xprime, felem *zprime, /* input Q' */
+       const felem *qmqp /* input Q - Q' */) {
+  felem origx[5], origxprime[5], zzz[5], xx[5], zz[5], xxprime[5],
+        zzprime[5], zzzprime[5];
+
+  memcpy(origx, x, 5 * sizeof(felem));
+  fsum(x, z);
+  fdifference_backwards(z, origx);  // does x - z
+
+  memcpy(origxprime, xprime, sizeof(felem) * 5);
+  fsum(xprime, zprime);
+  fdifference_backwards(zprime, origxprime);
+  fmul(xxprime, xprime, z);
+  fmul(zzprime, x, zprime);
+  memcpy(origxprime, xxprime, sizeof(felem) * 5);
+  fsum(xxprime, zzprime);
+  fdifference_backwards(zzprime, origxprime);
+  fsquare(x3, xxprime);
+  fsquare(zzzprime, zzprime);
+  fmul(z3, zzzprime, qmqp);
+
+  fsquare(xx, x);
+  fsquare(zz, z);
+  fmul(x2, xx, zz);
+  fdifference_backwards(zz, xx);  // does zz = xx - zz
+  fscalar_product(zzz, zz, 121665);
+  fsum(zzz, xx);
+  fmul(z2, zz, zzz);
+}
+
+// -----------------------------------------------------------------------------
+// Maybe swap the contents of two felem arrays (@a and @b), each @len elements
+// long. Perform the swap iff @swap is non-zero.
+//
+// This function performs the swap without leaking any side-channel
+// information.
+// -----------------------------------------------------------------------------
+static void
+swap_conditional(felem *a, felem *b, unsigned len, felem iswap) {
+  unsigned i;
+  const felem swap = -iswap;
+
+  for (i = 0; i < len; ++i) {
+    const felem x = swap & (a[i] ^ b[i]);
+    a[i] ^= x;
+    b[i] ^= x;
+  }
+}
+
+/* Calculates nQ where Q is the x-coordinate of a point on the curve
+ *
+ *   resultx/resultz: the x coordinate of the resulting curve point (short form)
+ *   n: a little endian, 32-byte number
+ *   q: a point of the curve (short form)
+ */
+static void
+cmult(felem *resultx, felem *resultz, const u8 *n, const felem *q) {
+  felem a[5] = {0}, b[5] = {1}, c[5] = {1}, d[5] = {0};
+  felem *nqpqx = a, *nqpqz = b, *nqx = c, *nqz = d, *t;
+  felem e[5] = {0}, f[5] = {1}, g[5] = {0}, h[5] = {1};
+  felem *nqpqx2 = e, *nqpqz2 = f, *nqx2 = g, *nqz2 = h;
+
+  unsigned i, j;
+
+  memcpy(nqpqx, q, sizeof(felem) * 5);
+
+  for (i = 0; i < 32; ++i) {
+    u8 byte = n[31 - i];
+    for (j = 0; j < 8; ++j) {
+      const felem bit = byte >> 7;
+
+      swap_conditional(nqx, nqpqx, 5, bit);
+      swap_conditional(nqz, nqpqz, 5, bit);
+      fmonty(nqx2, nqz2,
+             nqpqx2, nqpqz2,
+             nqx, nqz,
+             nqpqx, nqpqz,
+             q);
+      swap_conditional(nqx2, nqpqx2, 5, bit);
+      swap_conditional(nqz2, nqpqz2, 5, bit);
+
+      t = nqx;
+      nqx = nqx2;
+      nqx2 = t;
+      t = nqz;
+      nqz = nqz2;
+      nqz2 = t;
+      t = nqpqx;
+      nqpqx = nqpqx2;
+      nqpqx2 = t;
+      t = nqpqz;
+      nqpqz = nqpqz2;
+      nqpqz2 = t;
+
+      byte <<= 1;
+    }
+  }
+
+  memcpy(resultx, nqx, sizeof(felem) * 5);
+  memcpy(resultz, nqz, sizeof(felem) * 5);
+}
+
+// -----------------------------------------------------------------------------
+// Shamelessly copied from djb's code
+// -----------------------------------------------------------------------------
+static void
+crecip(felem *out, const felem *z) {
+  felem z2[5];
+  felem z9[5];
+  felem z11[5];
+  felem z2_5_0[5];
+  felem z2_10_0[5];
+  felem z2_20_0[5];
+  felem z2_50_0[5];
+  felem z2_100_0[5];
+  felem t0[5];
+  felem t1[5];
+  int i;
+
+  /* 2 */ fsquare(z2,z);
+  /* 4 */ fsquare(t1,z2);
+  /* 8 */ fsquare(t0,t1);
+  /* 9 */ fmul(z9,t0,z);
+  /* 11 */ fmul(z11,z9,z2);
+  /* 22 */ fsquare(t0,z11);
+  /* 2^5 - 2^0 = 31 */ fmul(z2_5_0,t0,z9);
+
+  /* 2^6 - 2^1 */ fsquare(t0,z2_5_0);
+  /* 2^7 - 2^2 */ fsquare(t1,t0);
+  /* 2^8 - 2^3 */ fsquare(t0,t1);
+  /* 2^9 - 2^4 */ fsquare(t1,t0);
+  /* 2^10 - 2^5 */ fsquare(t0,t1);
+  /* 2^10 - 2^0 */ fmul(z2_10_0,t0,z2_5_0);
+
+  /* 2^11 - 2^1 */ fsquare(t0,z2_10_0);
+  /* 2^12 - 2^2 */ fsquare(t1,t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^20 - 2^0 */ fmul(z2_20_0,t1,z2_10_0);
+
+  /* 2^21 - 2^1 */ fsquare(t0,z2_20_0);
+  /* 2^22 - 2^2 */ fsquare(t1,t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^40 - 2^0 */ fmul(t0,t1,z2_20_0);
+
+  /* 2^41 - 2^1 */ fsquare(t1,t0);
+  /* 2^42 - 2^2 */ fsquare(t0,t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
+  /* 2^50 - 2^0 */ fmul(z2_50_0,t0,z2_10_0);
+
+  /* 2^51 - 2^1 */ fsquare(t0,z2_50_0);
+  /* 2^52 - 2^2 */ fsquare(t1,t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^100 - 2^0 */ fmul(z2_100_0,t1,z2_50_0);
+
+  /* 2^101 - 2^1 */ fsquare(t1,z2_100_0);
+  /* 2^102 - 2^2 */ fsquare(t0,t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fsquare(t1,t0); fsquare(t0,t1); }
+  /* 2^200 - 2^0 */ fmul(t1,t0,z2_100_0);
+
+  /* 2^201 - 2^1 */ fsquare(t0,t1);
+  /* 2^202 - 2^2 */ fsquare(t1,t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fsquare(t0,t1); fsquare(t1,t0); }
+  /* 2^250 - 2^0 */ fmul(t0,t1,z2_50_0);
+
+  /* 2^251 - 2^1 */ fsquare(t1,t0);
+  /* 2^252 - 2^2 */ fsquare(t0,t1);
+  /* 2^253 - 2^3 */ fsquare(t1,t0);
+  /* 2^254 - 2^4 */ fsquare(t0,t1);
+  /* 2^255 - 2^5 */ fsquare(t1,t0);
+  /* 2^255 - 21 */ fmul(out,t1,z11);
+}
+
+int
+crypto_scalarmult(u8 *mypublic, const u8 *secret, const u8 *basepoint) {
+  felem bp[5], x[5], z[5], zmone[5];
+  unsigned char e[32];
+  int i;
+  for (i = 0;i < 32;++i) e[i] = secret[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  fexpand(bp, basepoint);
+  cmult(x, z, e, bp);
+  crecip(zmone, z);
+  fmul(z, x, zmone);
+  fcontract(mypublic, z);
+  return 0;
+}

src/libnacl/crypto_scalarmult/curve25519/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_SCALARBYTES 32

src/libnacl/crypto_scalarmult/curve25519/ref/base.c

@@ -0,0 +1,16 @@
+/*
+version 20081011
+Matthew Dempsky
+Public domain.
+Derived from public domain code by D. J. Bernstein.
+*/
+
+#include "crypto_scalarmult.h"
+
+const unsigned char base[32] = {9};
+
+int crypto_scalarmult_base(unsigned char *q,
+  const unsigned char *n)
+{
+  return crypto_scalarmult(q,n,base);
+}

src/libnacl/crypto_scalarmult/curve25519/ref/implementors

@@ -0,0 +1 @@
+Matthew Dempsky (Mochi Media)

src/libnacl/crypto_scalarmult/curve25519/ref/smult.c

@@ -0,0 +1,265 @@
+/*
+version 20081011
+Matthew Dempsky
+Public domain.
+Derived from public domain code by D. J. Bernstein.
+*/
+
+#include "crypto_scalarmult.h"
+
+static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; }
+  u += a[31] + b[31]; out[31] = u;
+}
+
+static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 218;
+  for (j = 0;j < 31;++j) {
+    u += a[j] + 65280 - b[j];
+    out[j] = u & 255;
+    u >>= 8;
+  }
+  u += a[31] - b[31];
+  out[31] = u;
+}
+
+static void squeeze(unsigned int a[32])
+{
+  unsigned int j;
+  unsigned int u;
+  u = 0;
+  for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+  u += a[31]; a[31] = u & 127;
+  u = 19 * (u >> 7);
+  for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; }
+  u += a[31]; a[31] = u;
+}
+
+static const unsigned int minusp[32] = {
+ 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128
+} ;
+
+static void freeze(unsigned int a[32])
+{
+  unsigned int aorig[32];
+  unsigned int j;
+  unsigned int negative;
+
+  for (j = 0;j < 32;++j) aorig[j] = a[j];
+  add(a,a,minusp);
+  negative = -((a[31] >> 7) & 1);
+  for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]);
+}
+
+static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
+{
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 32;++i) {
+    u = 0;
+    for (j = 0;j <= i;++j) u += a[j] * b[i - j];
+    for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j];
+    out[i] = u;
+  }
+  squeeze(out);
+}
+
+static void mult121665(unsigned int out[32],const unsigned int a[32])
+{
+  unsigned int j;
+  unsigned int u;
+
+  u = 0;
+  for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; }
+  u += 121665 * a[31]; out[31] = u & 127;
+  u = 19 * (u >> 7);
+  for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; }
+  u += out[j]; out[j] = u;
+}
+
+static void square(unsigned int out[32],const unsigned int a[32])
+{
+  unsigned int i;
+  unsigned int j;
+  unsigned int u;
+
+  for (i = 0;i < 32;++i) {
+    u = 0;
+    for (j = 0;j < i - j;++j) u += a[j] * a[i - j];
+    for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j];
+    u *= 2;
+    if ((i & 1) == 0) {
+      u += a[i / 2] * a[i / 2];
+      u += 38 * a[i / 2 + 16] * a[i / 2 + 16];
+    }
+    out[i] = u;
+  }
+  squeeze(out);
+}
+
+static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b)
+{
+  unsigned int j;
+  unsigned int t;
+  unsigned int bminus1;
+
+  bminus1 = b - 1;
+  for (j = 0;j < 64;++j) {
+    t = bminus1 & (r[j] ^ s[j]);
+    p[j] = s[j] ^ t;
+    q[j] = r[j] ^ t;
+  }
+}
+
+static void mainloop(unsigned int work[64],const unsigned char e[32])
+{
+  unsigned int xzm1[64];
+  unsigned int xzm[64];
+  unsigned int xzmb[64];
+  unsigned int xzm1b[64];
+  unsigned int xznb[64];
+  unsigned int xzn1b[64];
+  unsigned int a0[64];
+  unsigned int a1[64];
+  unsigned int b0[64];
+  unsigned int b1[64];
+  unsigned int c1[64];
+  unsigned int r[32];
+  unsigned int s[32];
+  unsigned int t[32];
+  unsigned int u[32];
+  unsigned int i;
+  unsigned int j;
+  unsigned int b;
+  int pos;
+
+  for (j = 0;j < 32;++j) xzm1[j] = work[j];
+  xzm1[32] = 1;
+  for (j = 33;j < 64;++j) xzm1[j] = 0;
+
+  xzm[0] = 1;
+  for (j = 1;j < 64;++j) xzm[j] = 0;
+
+  for (pos = 254;pos >= 0;--pos) {
+    b = e[pos / 8] >> (pos & 7);
+    b &= 1;
+    select(xzmb,xzm1b,xzm,xzm1,b);
+    add(a0,xzmb,xzmb + 32);
+    sub(a0 + 32,xzmb,xzmb + 32);
+    add(a1,xzm1b,xzm1b + 32);
+    sub(a1 + 32,xzm1b,xzm1b + 32);
+    square(b0,a0);
+    square(b0 + 32,a0 + 32);
+    mult(b1,a1,a0 + 32);
+    mult(b1 + 32,a1 + 32,a0);
+    add(c1,b1,b1 + 32);
+    sub(c1 + 32,b1,b1 + 32);
+    square(r,c1 + 32);
+    sub(s,b0,b0 + 32);
+    mult121665(t,s);
+    add(u,t,b0);
+    mult(xznb,b0,b0 + 32);
+    mult(xznb + 32,s,u);
+    square(xzn1b,c1);
+    mult(xzn1b + 32,r,work);
+    select(xzm,xzm1,xznb,xzn1b,b);
+  }
+
+  for (j = 0;j < 64;++j) work[j] = xzm[j];
+}
+
+static void recip(unsigned int out[32],const unsigned int z[32])
+{
+  unsigned int z2[32];
+  unsigned int z9[32];
+  unsigned int z11[32];
+  unsigned int z2_5_0[32];
+  unsigned int z2_10_0[32];
+  unsigned int z2_20_0[32];
+  unsigned int z2_50_0[32];
+  unsigned int z2_100_0[32];
+  unsigned int t0[32];
+  unsigned int t1[32];
+  int i;
+
+  /* 2 */ square(z2,z);
+  /* 4 */ square(t1,z2);
+  /* 8 */ square(t0,t1);
+  /* 9 */ mult(z9,t0,z);
+  /* 11 */ mult(z11,z9,z2);
+  /* 22 */ square(t0,z11);
+  /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9);
+
+  /* 2^6 - 2^1 */ square(t0,z2_5_0);
+  /* 2^7 - 2^2 */ square(t1,t0);
+  /* 2^8 - 2^3 */ square(t0,t1);
+  /* 2^9 - 2^4 */ square(t1,t0);
+  /* 2^10 - 2^5 */ square(t0,t1);
+  /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0);
+
+  /* 2^11 - 2^1 */ square(t0,z2_10_0);
+  /* 2^12 - 2^2 */ square(t1,t0);
+  /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0);
+
+  /* 2^21 - 2^1 */ square(t0,z2_20_0);
+  /* 2^22 - 2^2 */ square(t1,t0);
+  /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0);
+
+  /* 2^41 - 2^1 */ square(t1,t0);
+  /* 2^42 - 2^2 */ square(t0,t1);
+  /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); }
+  /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0);
+
+  /* 2^51 - 2^1 */ square(t0,z2_50_0);
+  /* 2^52 - 2^2 */ square(t1,t0);
+  /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0);
+
+  /* 2^101 - 2^1 */ square(t1,z2_100_0);
+  /* 2^102 - 2^2 */ square(t0,t1);
+  /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); }
+  /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0);
+
+  /* 2^201 - 2^1 */ square(t0,t1);
+  /* 2^202 - 2^2 */ square(t1,t0);
+  /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); }
+  /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0);
+
+  /* 2^251 - 2^1 */ square(t1,t0);
+  /* 2^252 - 2^2 */ square(t0,t1);
+  /* 2^253 - 2^3 */ square(t1,t0);
+  /* 2^254 - 2^4 */ square(t0,t1);
+  /* 2^255 - 2^5 */ square(t1,t0);
+  /* 2^255 - 21 */ mult(out,t1,z11);
+}
+
+int crypto_scalarmult(unsigned char *q,
+  const unsigned char *n,
+  const unsigned char *p)
+{
+  unsigned int work[96];
+  unsigned char e[32];
+  unsigned int i;
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  for (i = 0;i < 32;++i) work[i] = p[i];
+  mainloop(work,e);
+  recip(work + 32,work + 32);
+  mult(work + 64,work,work + 32);
+  freeze(work + 64);
+  for (i = 0;i < 32;++i) q[i] = work[64 + i];
+  return 0;
+}

src/libnacl/crypto_scalarmult/measure.c

@@ -0,0 +1,61 @@
+#include <stdlib.h>
+#include "randombytes.h"
+#include "cpucycles.h"
+#include "crypto_scalarmult.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION;
+const char *implementationversion = crypto_scalarmult_VERSION;
+const char *sizenames[] = { "outputbytes", "scalarbytes", 0 };
+const long long sizes[] = { crypto_scalarmult_BYTES, crypto_scalarmult_SCALARBYTES };
+
+static unsigned char *m;
+static unsigned char *n;
+static unsigned char *p;
+static unsigned char *q;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  m = alignedcalloc(crypto_scalarmult_SCALARBYTES);
+  n = alignedcalloc(crypto_scalarmult_SCALARBYTES);
+  p = alignedcalloc(crypto_scalarmult_BYTES);
+  q = alignedcalloc(crypto_scalarmult_BYTES);
+}
+
+#define TIMINGS 63
+static long long cycles[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    randombytes(m,crypto_scalarmult_SCALARBYTES);
+    randombytes(n,crypto_scalarmult_SCALARBYTES);
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_scalarmult_base(p,m);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"base_cycles",cycles,TIMINGS);
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_scalarmult(q,n,p);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"cycles",cycles,TIMINGS);
+  }
+}

src/libnacl/crypto_scalarmult/try.c

@@ -0,0 +1,127 @@
+/*
+ * crypto_scalarmult/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_scalarmult.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_scalarmult_IMPLEMENTATION;
+
+#define mlen crypto_scalarmult_SCALARBYTES
+#define nlen crypto_scalarmult_SCALARBYTES
+#define plen crypto_scalarmult_BYTES
+#define qlen crypto_scalarmult_BYTES
+#define rlen crypto_scalarmult_BYTES
+
+static unsigned char *m;
+static unsigned char *n;
+static unsigned char *p;
+static unsigned char *q;
+static unsigned char *r;
+
+static unsigned char *m2;
+static unsigned char *n2;
+static unsigned char *p2;
+static unsigned char *q2;
+static unsigned char *r2;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  m = alignedcalloc(mlen);
+  n = alignedcalloc(nlen);
+  p = alignedcalloc(plen);
+  q = alignedcalloc(qlen);
+  r = alignedcalloc(rlen);
+  m2 = alignedcalloc(mlen + crypto_scalarmult_BYTES);
+  n2 = alignedcalloc(nlen + crypto_scalarmult_BYTES);
+  p2 = alignedcalloc(plen + crypto_scalarmult_BYTES);
+  q2 = alignedcalloc(qlen + crypto_scalarmult_BYTES);
+  r2 = alignedcalloc(rlen + crypto_scalarmult_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_scalarmult(q,n,p);
+  crypto_scalarmult_base(r,n);
+}
+
+char checksum[crypto_scalarmult_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+  long long tests;
+
+  for (i = 0;i < mlen;++i) m[i] = i;
+  for (i = 0;i < nlen;++i) n[i] = i + 1;
+  for (i = 0;i < plen;++i) p[i] = i + 2;
+  for (i = 0;i < qlen;++i) q[i] = i + 3;
+  for (i = 0;i < rlen;++i) r[i] = i + 4;
+
+  for (i = -16;i < 0;++i) p[i] = random();
+  for (i = -16;i < 0;++i) n[i] = random();
+  for (i = plen;i < plen + 16;++i) p[i] = random();
+  for (i = nlen;i < nlen + 16;++i) n[i] = random();
+  for (i = -16;i < plen + 16;++i) p2[i] = p[i];
+  for (i = -16;i < nlen + 16;++i) n2[i] = n[i];
+
+  if (crypto_scalarmult_base(p,n) != 0) return "crypto_scalarmult_base returns nonzero";
+
+  for (i = -16;i < nlen + 16;++i) if (n2[i] != n[i]) return "crypto_scalarmult_base overwrites input";
+  for (i = -16;i < 0;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes before output";
+  for (i = plen;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult_base writes after output";
+
+  for (tests = 0;tests < 100;++tests) {
+    for (i = -16;i < 0;++i) q[i] = random();
+    for (i = -16;i < 0;++i) p[i] = random();
+    for (i = -16;i < 0;++i) m[i] = random();
+    for (i = qlen;i < qlen + 16;++i) q[i] = random();
+    for (i = plen;i < plen + 16;++i) p[i] = random();
+    for (i = mlen;i < mlen + 16;++i) m[i] = random();
+    for (i = -16;i < qlen + 16;++i) q2[i] = q[i];
+    for (i = -16;i < plen + 16;++i) p2[i] = p[i];
+    for (i = -16;i < mlen + 16;++i) m2[i] = m[i];
+
+    if (crypto_scalarmult(q,m,p) != 0) return "crypto_scalarmult returns nonzero";
+
+    for (i = -16;i < mlen + 16;++i) if (m2[i] != m[i]) return "crypto_scalarmult overwrites n input";
+    for (i = -16;i < plen + 16;++i) if (p2[i] != p[i]) return "crypto_scalarmult overwrites p input";
+    for (i = -16;i < 0;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes before output";
+    for (i = qlen;i < qlen + 16;++i) if (q2[i] != q[i]) return "crypto_scalarmult writes after output";
+
+    if (crypto_scalarmult(m2,m2,p) != 0) return "crypto_scalarmult returns nonzero";
+    for (i = 0;i < qlen;++i) if (q[i] != m2[i]) return "crypto_scalarmult does not handle n overlap";
+    for (i = 0;i < qlen;++i) m2[i] = m[i];
+
+    if (crypto_scalarmult(p2,m2,p2) != 0) return "crypto_scalarmult returns nonzero";
+    for (i = 0;i < qlen;++i) if (q[i] != p2[i]) return "crypto_scalarmult does not handle p overlap";
+
+    if (crypto_scalarmult(r,n,q) != 0) return "crypto_scalarmult returns nonzero";
+    if (crypto_scalarmult(q,n,p) != 0) return "crypto_scalarmult returns nonzero";
+    if (crypto_scalarmult(p,m,q) != 0) return "crypto_scalarmult returns nonzero";
+    for (j = 0;j < plen;++j) if (p[j] != r[j]) return "crypto_scalarmult not associative";
+    for (j = 0;j < mlen;++j) m[j] ^= q[j % qlen];
+    for (j = 0;j < nlen;++j) n[j] ^= p[j % plen];
+  }
+
+  for (i = 0;i < crypto_scalarmult_BYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (p[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & p[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

src/libnacl/crypto_scalarmult/wrapper-base.cpp

@@ -0,0 +1,11 @@
+#include <string>
+using std::string;
+#include "crypto_scalarmult.h"
+
+string crypto_scalarmult_base(const string &n)
+{
+  unsigned char q[crypto_scalarmult_BYTES];
+  if (n.size() != crypto_scalarmult_SCALARBYTES) throw "incorrect scalar length";
+  crypto_scalarmult_base(q,(const unsigned char *) n.c_str());
+  return string((char *) q,sizeof q);
+}

src/libnacl/crypto_scalarmult/wrapper-mult.cpp

@@ -0,0 +1,12 @@
+#include <string>
+using std::string;
+#include "crypto_scalarmult.h"
+
+string crypto_scalarmult(const string &n,const string &p)
+{
+  unsigned char q[crypto_scalarmult_BYTES];
+  if (n.size() != crypto_scalarmult_SCALARBYTES) throw "incorrect scalar length";
+  if (p.size() != crypto_scalarmult_BYTES) throw "incorrect element length";
+  crypto_scalarmult(q,(const unsigned char *) n.c_str(),(const unsigned char *) p.c_str());
+  return string((char *) q,sizeof q);
+}

src/libnacl/crypto_secretbox/measure.c

@@ -0,0 +1,75 @@
+#include <stdlib.h>
+#include "randombytes.h"
+#include "cpucycles.h"
+#include "crypto_secretbox.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_secretbox_IMPLEMENTATION;
+const char *implementationversion = crypto_secretbox_VERSION;
+const char *sizenames[] = { "keybytes", "noncebytes", "zerobytes", "boxzerobytes", 0 };
+const long long sizes[] = { crypto_secretbox_KEYBYTES, crypto_secretbox_NONCEBYTES, crypto_secretbox_ZEROBYTES, crypto_secretbox_BOXZEROBYTES };
+
+#define MAXTEST_BYTES 4096
+
+static unsigned char *k;
+static unsigned char *n;
+static unsigned char *m;
+static unsigned char *c;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  k = alignedcalloc(crypto_secretbox_KEYBYTES);
+  n = alignedcalloc(crypto_secretbox_NONCEBYTES);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
+  c = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
+}
+
+#define TIMINGS 15
+static long long cycles[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+  int mlen;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 8) {
+      randombytes(k,crypto_secretbox_KEYBYTES);
+      randombytes(n,crypto_secretbox_NONCEBYTES);
+      randombytes(m + crypto_secretbox_ZEROBYTES,mlen);
+      randombytes(c,mlen + crypto_secretbox_ZEROBYTES);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_secretbox_open(m,c,mlen + crypto_secretbox_ZEROBYTES,n,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"open_cycles",cycles,TIMINGS);
+      ++c[crypto_secretbox_ZEROBYTES];
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_secretbox_open(m,c,mlen + crypto_secretbox_ZEROBYTES,n,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"forgery_open_cycles",cycles,TIMINGS);
+    }
+  }
+}

src/libnacl/crypto_secretbox/try.c

@@ -0,0 +1,131 @@
+/*
+ * crypto_secretbox/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_secretbox.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_secretbox_IMPLEMENTATION;
+
+#define MAXTEST_BYTES 10000
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+
+static unsigned char *k;
+static unsigned char *n;
+static unsigned char *m;
+static unsigned char *c;
+static unsigned char *t;
+static unsigned char *k2;
+static unsigned char *n2;
+static unsigned char *m2;
+static unsigned char *c2;
+static unsigned char *t2;
+
+#define klen crypto_secretbox_KEYBYTES
+#define nlen crypto_secretbox_NONCEBYTES
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  k = alignedcalloc(klen);
+  n = alignedcalloc(nlen);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
+  c = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
+  t = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
+  k2 = alignedcalloc(klen);
+  n2 = alignedcalloc(nlen);
+  m2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
+  c2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
+  t2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_secretbox(c,m,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k);
+  crypto_secretbox_open(t,c,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k);
+}
+
+char checksum[klen * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) m[j] = 0;
+
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long mlen = i + crypto_secretbox_ZEROBYTES;
+    long long tlen = i + crypto_secretbox_ZEROBYTES;
+    long long clen = i + crypto_secretbox_ZEROBYTES;
+
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) n[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = nlen;j < nlen + 16;++j) n[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < nlen + 16;++j) n2[j] = n[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    for (j = -16;j < clen + 16;++j) c2[j] = c[j] = random();
+
+    if (crypto_secretbox(c,m,mlen,n,k) != 0) return "crypto_secretbox returns nonzero";
+
+    for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_secretbox overwrites m";
+    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox overwrites n";
+    for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox overwrites k";
+    for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_secretbox writes before output";
+    for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox writes after output";
+    for (j = 0;j < crypto_secretbox_BOXZEROBYTES;++j)
+      if (c[j] != 0) return "crypto_secretbox does not clear extra bytes";
+
+    for (j = -16;j < 0;++j) c[j] = random();
+    for (j = clen;j < clen + 16;++j) c[j] = random();
+    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
+    for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = random();
+
+    if (crypto_secretbox_open(t,c,clen,n,k) != 0) return "crypto_secretbox_open returns nonzero";
+
+    for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox_open overwrites c";
+    for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox_open overwrites n";
+    for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox_open overwrites k";
+    for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes before output";
+    for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes after output";
+    for (j = 0;j < crypto_secretbox_ZEROBYTES;++j)
+      if (t[j] != 0) return "crypto_secretbox_open does not clear extra bytes";
+
+    for (j = 0;j < i;++j) if (t[j] != m[j]) return "plaintext does not match";
+
+    for (j = 0;j < i;++j)
+      k[j % klen] ^= c[j + crypto_secretbox_BOXZEROBYTES];
+    crypto_secretbox(c,m,mlen,n,k);
+    for (j = 0;j < i;++j)
+      n[j % nlen] ^= c[j + crypto_secretbox_BOXZEROBYTES];
+    crypto_secretbox(c,m,mlen,n,k);
+    if (i == 0) m[crypto_secretbox_ZEROBYTES + 0] = 0;
+    m[crypto_secretbox_ZEROBYTES + i] = m[crypto_secretbox_ZEROBYTES + 0];
+    for (j = 0;j < i;++j)
+      m[j + crypto_secretbox_ZEROBYTES] ^= c[j + crypto_secretbox_BOXZEROBYTES];
+  }
+
+  for (i = 0;i < klen;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (k[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & k[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

src/libnacl/crypto_secretbox/wrapper-box.cpp

@@ -0,0 +1,19 @@
+#include <string>
+using std::string;
+#include "crypto_secretbox.h"
+
+string crypto_secretbox(const string &m,const string &n,const string &k)
+{
+  if (k.size() != crypto_secretbox_KEYBYTES) throw "incorrect key length";
+  if (n.size() != crypto_secretbox_NONCEBYTES) throw "incorrect nonce length";
+  size_t mlen = m.size() + crypto_secretbox_ZEROBYTES;
+  unsigned char mpad[mlen];
+  for (int i = 0;i < crypto_secretbox_ZEROBYTES;++i) mpad[i] = 0;
+  for (int i = crypto_secretbox_ZEROBYTES;i < mlen;++i) mpad[i] = m[i - crypto_secretbox_ZEROBYTES];
+  unsigned char cpad[mlen];
+  crypto_secretbox(cpad,mpad,mlen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str());
+  return string(
+    (char *) cpad + crypto_secretbox_BOXZEROBYTES,
+    mlen - crypto_secretbox_BOXZEROBYTES
+  );
+}

src/libnacl/crypto_secretbox/wrapper-open.cpp

@@ -0,0 +1,22 @@
+#include <string>
+using std::string;
+#include "crypto_secretbox.h"
+
+string crypto_secretbox_open(const string &c,const string &n,const string &k)
+{
+  if (k.size() != crypto_secretbox_KEYBYTES) throw "incorrect key length";
+  if (n.size() != crypto_secretbox_NONCEBYTES) throw "incorrect nonce length";
+  size_t clen = c.size() + crypto_secretbox_BOXZEROBYTES;
+  unsigned char cpad[clen];
+  for (int i = 0;i < crypto_secretbox_BOXZEROBYTES;++i) cpad[i] = 0;
+  for (int i = crypto_secretbox_BOXZEROBYTES;i < clen;++i) cpad[i] = c[i - crypto_secretbox_BOXZEROBYTES];
+  unsigned char mpad[clen];
+  if (crypto_secretbox_open(mpad,cpad,clen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str()) != 0)
+    throw "ciphertext fails verification";
+  if (clen < crypto_secretbox_ZEROBYTES)
+    throw "ciphertext too short"; // should have been caught by _open
+  return string(
+    (char *) mpad + crypto_secretbox_ZEROBYTES,
+    clen - crypto_secretbox_ZEROBYTES
+  );
+}

src/libnacl/crypto_secretbox/xsalsa20poly1305/checksum

@@ -0,0 +1 @@
+df372f95dd87381b7c9ceb6f340ccaa03d19bed5d9e4ab004d99d847675a9658

src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/api.h

@@ -0,0 +1,4 @@
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_NONCEBYTES 24
+#define CRYPTO_ZEROBYTES 32
+#define CRYPTO_BOXZEROBYTES 16

src/libnacl/crypto_secretbox/xsalsa20poly1305/ref/box.c

@@ -0,0 +1,35 @@
+#include "crypto_onetimeauth_poly1305.h"
+#include "crypto_stream_xsalsa20.h"
+#include "crypto_secretbox.h"
+
+int crypto_secretbox(
+  unsigned char *c,
+  const unsigned char *m,unsigned long long mlen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  int i;
+  if (mlen < 32) return -1;
+  crypto_stream_xsalsa20_xor(c,m,mlen,n,k);
+  crypto_onetimeauth_poly1305(c + 16,c + 32,mlen - 32,c);
+  for (i = 0;i < 16;++i) c[i] = 0;
+  return 0;
+}
+
+int crypto_secretbox_open(
+  unsigned char *m,
+  const unsigned char *c,unsigned long long clen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  int i;
+  unsigned char subkey[32];
+  if (clen < 32) return -1;
+  crypto_stream_xsalsa20(subkey,32,n,k);
+  if (crypto_onetimeauth_poly1305_verify(c + 16,c + 32,clen - 32,subkey) != 0) return -1;
+  crypto_stream_xsalsa20_xor(m,c,clen,n,k);
+  for (i = 0;i < 32;++i) m[i] = 0;
+  return 0;
+}

src/libnacl/crypto_sign/ed25519/description

@@ -0,0 +1 @@
+EdDSA signatures using Curve25519

src/libnacl/crypto_sign/ed25519/designers

@@ -0,0 +1,5 @@
+Daniel J. Bernstein
+Niels Duif
+Tanja Lange
+Peter Schwabe
+Bo-Yin Yang

src/libnacl/crypto_sign/ed25519/ref/api.h

@@ -0,0 +1,4 @@
+#define CRYPTO_SECRETKEYBYTES 64
+#define CRYPTO_PUBLICKEYBYTES 32
+#define CRYPTO_BYTES 64
+

src/libnacl/crypto_sign/ed25519/ref/ed25519.c

@@ -0,0 +1,136 @@
+#include "crypto_sign.h"
+
+#include "crypto_verify_32.h"
+#include "crypto_hash_sha512.h"
+#include "randombytes.h"
+
+#include "ge25519.h"
+
+static void get_hram(unsigned char *hram, const unsigned char *sm, const unsigned char *pk, unsigned char *playground, unsigned long long smlen)
+{
+  unsigned long long i;
+
+  for (i =  0;i < 32;++i)    playground[i] = sm[i];
+  for (i = 32;i < 64;++i)    playground[i] = pk[i-32];
+  for (i = 64;i < smlen;++i) playground[i] = sm[i];
+
+  crypto_hash_sha512(hram,playground,smlen);
+}
+
+
+int crypto_sign_keypair(
+    unsigned char *pk,
+    unsigned char *sk
+    )
+{
+  sc25519 scsk;
+  ge25519 gepk;
+  unsigned char extsk[64];
+  int i;
+
+  randombytes(sk, 32);
+  crypto_hash_sha512(extsk, sk, 32);
+  extsk[0] &= 248;
+  extsk[31] &= 127;
+  extsk[31] |= 64;
+
+  sc25519_from32bytes(&scsk,extsk);
+  
+  ge25519_scalarmult_base(&gepk, &scsk);
+  ge25519_pack(pk, &gepk);
+  for(i=0;i<32;i++)
+    sk[32 + i] = pk[i];
+  return 0;
+}
+
+int crypto_sign(
+    unsigned char *sm,unsigned long long *smlen,
+    const unsigned char *m,unsigned long long mlen,
+    const unsigned char *sk
+    )
+{
+  sc25519 sck, scs, scsk;
+  ge25519 ger;
+  unsigned char r[32];
+  unsigned char s[32];
+  unsigned char extsk[64];
+  unsigned long long i;
+  unsigned char hmg[crypto_hash_sha512_BYTES];
+  unsigned char hram[crypto_hash_sha512_BYTES];
+
+  crypto_hash_sha512(extsk, sk, 32);
+  extsk[0] &= 248;
+  extsk[31] &= 127;
+  extsk[31] |= 64;
+
+  *smlen = mlen+64;
+  for(i=0;i<mlen;i++)
+    sm[64 + i] = m[i];
+  for(i=0;i<32;i++)
+    sm[32 + i] = extsk[32+i];
+
+  crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */
+
+  /* Computation of R */
+  sc25519_from64bytes(&sck, hmg);
+  ge25519_scalarmult_base(&ger, &sck);
+  ge25519_pack(r, &ger);
+  
+  /* Computation of s */
+  for(i=0;i<32;i++)
+    sm[i] = r[i];
+
+  get_hram(hram, sm, sk+32, sm, mlen+64);
+
+  sc25519_from64bytes(&scs, hram);
+  sc25519_from32bytes(&scsk, extsk);
+  sc25519_mul(&scs, &scs, &scsk);
+  
+  sc25519_add(&scs, &scs, &sck);
+
+  sc25519_to32bytes(s,&scs); /* cat s */
+  for(i=0;i<32;i++)
+    sm[32 + i] = s[i]; 
+
+  return 0;
+}
+
+int crypto_sign_open(
+    unsigned char *m,unsigned long long *mlen,
+    const unsigned char *sm,unsigned long long smlen,
+    const unsigned char *pk
+    )
+{
+  int i, ret;
+  unsigned char t2[32];
+  ge25519 get1, get2;
+  sc25519 schram, scs;
+  unsigned char hram[crypto_hash_sha512_BYTES];
+
+  if (ge25519_unpackneg_vartime(&get1, pk)) return -1;
+
+  get_hram(hram,sm,pk,m,smlen);
+
+  sc25519_from64bytes(&schram, hram);
+
+  sc25519_from32bytes(&scs, sm+32);
+
+  ge25519_double_scalarmult_vartime(&get2, &get1, &schram, &ge25519_base, &scs);
+  ge25519_pack(t2, &get2);
+
+  ret = crypto_verify_32(sm, t2);
+
+  if (!ret)
+  {
+    for(i=0;i<smlen-64;i++)
+      m[i] = sm[i + 64];
+    *mlen = smlen-64;
+  }
+  else
+  {
+    for(i=0;i<smlen-64;i++)
+      m[i] = 0;
+    *mlen = (unsigned long long) -1;
+  }
+  return ret;
+}

src/libnacl/crypto_sign/ed25519/ref/fe25519.c

@@ -0,0 +1,326 @@
+#define WINDOWSIZE 1 /* Should be 1,2, or 4 */
+#define WINDOWMASK ((1<<WINDOWSIZE)-1)
+
+#include "fe25519.h"
+
+static crypto_uint32 equal(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+  crypto_uint32 x = a ^ b; /* 0: yes; 1..65535: no */
+  x -= 1; /* 4294967295: yes; 0..65534: no */
+  x >>= 31; /* 1: yes; 0: no */
+  return x;
+}
+
+static crypto_uint32 ge(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+  unsigned int x = a;
+  x -= (unsigned int) b; /* 0..65535: yes; 4294901761..4294967295: no */
+  x >>= 31; /* 0: yes; 1: no */
+  x ^= 1; /* 1: yes; 0: no */
+  return x;
+}
+
+static crypto_uint32 times19(crypto_uint32 a)
+{
+  return (a << 4) + (a << 1) + a;
+}
+
+static crypto_uint32 times38(crypto_uint32 a)
+{
+  return (a << 5) + (a << 2) + (a << 1);
+}
+
+static void reduce_add_sub(fe25519 *r)
+{
+  crypto_uint32 t;
+  int i,rep;
+
+  for(rep=0;rep<4;rep++)
+  {
+    t = r->v[31] >> 7;
+    r->v[31] &= 127;
+    t = times19(t);
+    r->v[0] += t;
+    for(i=0;i<31;i++)
+    {
+      t = r->v[i] >> 8;
+      r->v[i+1] += t;
+      r->v[i] &= 255;
+    }
+  }
+}
+
+static void reduce_mul(fe25519 *r)
+{
+  crypto_uint32 t;
+  int i,rep;
+
+  for(rep=0;rep<2;rep++)
+  {
+    t = r->v[31] >> 7;
+    r->v[31] &= 127;
+    t = times19(t);
+    r->v[0] += t;
+    for(i=0;i<31;i++)
+    {
+      t = r->v[i] >> 8;
+      r->v[i+1] += t;
+      r->v[i] &= 255;
+    }
+  }
+}
+
+/* reduction modulo 2^255-19 */
+void fe25519_freeze(fe25519 *r) 
+{
+  int i;
+  crypto_uint32 m = equal(r->v[31],127);
+  for(i=30;i>0;i--)
+    m &= equal(r->v[i],255);
+  m &= ge(r->v[0],237);
+
+  m = -m;
+
+  r->v[31] -= m&127;
+  for(i=30;i>0;i--)
+    r->v[i] -= m&255;
+  r->v[0] -= m&237;
+}
+
+void fe25519_unpack(fe25519 *r, const unsigned char x[32])
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i] = x[i];
+  r->v[31] &= 127;
+}
+
+/* Assumes input x being reduced below 2^255 */
+void fe25519_pack(unsigned char r[32], const fe25519 *x)
+{
+  int i;
+  fe25519 y = *x;
+  fe25519_freeze(&y);
+  for(i=0;i<32;i++) 
+    r[i] = y.v[i];
+}
+
+int fe25519_iszero(const fe25519 *x)
+{
+  int i;
+  fe25519 t = *x;
+  fe25519_freeze(&t);
+  int r = equal(t.v[0],0);
+  for(i=1;i<32;i++) 
+    r &= equal(t.v[i],0);
+  return r;
+}
+
+int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y)
+{
+  fe25519 t1 = *x;
+  fe25519 t2 = *y;
+  fe25519_freeze(&t1);
+  fe25519_freeze(&t2);
+  int i;
+  for(i=0;i<32;i++)
+    if(t1.v[i] != t2.v[i]) return 0;
+  return 1;
+}
+
+void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b)
+{
+  int i;
+  crypto_uint32 mask = b;
+  mask = -mask;
+  for(i=0;i<32;i++) r->v[i] ^= mask & (x->v[i] ^ r->v[i]);
+}
+
+unsigned char fe25519_getparity(const fe25519 *x)
+{
+  fe25519 t = *x;
+  fe25519_freeze(&t);
+  return t.v[0] & 1;
+}
+
+void fe25519_setone(fe25519 *r)
+{
+  int i;
+  r->v[0] = 1;
+  for(i=1;i<32;i++) r->v[i]=0;
+}
+
+void fe25519_setzero(fe25519 *r)
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i]=0;
+}
+
+void fe25519_neg(fe25519 *r, const fe25519 *x)
+{
+  fe25519 t;
+  int i;
+  for(i=0;i<32;i++) t.v[i]=x->v[i];
+  fe25519_setzero(r);
+  fe25519_sub(r, r, &t);
+}
+
+void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+  reduce_add_sub(r);
+}
+
+void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i;
+  crypto_uint32 t[32];
+  t[0] = x->v[0] + 0x1da;
+  t[31] = x->v[31] + 0xfe;
+  for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe;
+  for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i];
+  reduce_add_sub(r);
+}
+
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i,j;
+  crypto_uint32 t[63];
+  for(i=0;i<63;i++)t[i] = 0;
+
+  for(i=0;i<32;i++)
+    for(j=0;j<32;j++)
+      t[i+j] += x->v[i] * y->v[j];
+
+  for(i=32;i<63;i++)
+    r->v[i-32] = t[i-32] + times38(t[i]); 
+  r->v[31] = t[31]; /* result now in r[0]...r[31] */
+
+  reduce_mul(r);
+}
+
+void fe25519_square(fe25519 *r, const fe25519 *x)
+{
+  fe25519_mul(r, x, x);
+}
+
+void fe25519_invert(fe25519 *r, const fe25519 *x)
+{
+	fe25519 z2;
+	fe25519 z9;
+	fe25519 z11;
+	fe25519 z2_5_0;
+	fe25519 z2_10_0;
+	fe25519 z2_20_0;
+	fe25519 z2_50_0;
+	fe25519 z2_100_0;
+	fe25519 t0;
+	fe25519 t1;
+	int i;
+	
+	/* 2 */ fe25519_square(&z2,x);
+	/* 4 */ fe25519_square(&t1,&z2);
+	/* 8 */ fe25519_square(&t0,&t1);
+	/* 9 */ fe25519_mul(&z9,&t0,x);
+	/* 11 */ fe25519_mul(&z11,&z9,&z2);
+	/* 22 */ fe25519_square(&t0,&z11);
+	/* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9);
+
+	/* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0);
+	/* 2^7 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^8 - 2^3 */ fe25519_square(&t0,&t1);
+	/* 2^9 - 2^4 */ fe25519_square(&t1,&t0);
+	/* 2^10 - 2^5 */ fe25519_square(&t0,&t1);
+	/* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0);
+
+	/* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0);
+	/* 2^12 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+	/* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0);
+
+	/* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0);
+	/* 2^22 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+	/* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0);
+
+	/* 2^41 - 2^1 */ fe25519_square(&t1,&t0);
+	/* 2^42 - 2^2 */ fe25519_square(&t0,&t1);
+	/* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
+	/* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0);
+
+	/* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0);
+	/* 2^52 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+	/* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0);
+
+	/* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0);
+	/* 2^102 - 2^2 */ fe25519_square(&t0,&t1);
+	/* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
+	/* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0);
+
+	/* 2^201 - 2^1 */ fe25519_square(&t0,&t1);
+	/* 2^202 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+	/* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0);
+
+	/* 2^251 - 2^1 */ fe25519_square(&t1,&t0);
+	/* 2^252 - 2^2 */ fe25519_square(&t0,&t1);
+	/* 2^253 - 2^3 */ fe25519_square(&t1,&t0);
+	/* 2^254 - 2^4 */ fe25519_square(&t0,&t1);
+	/* 2^255 - 2^5 */ fe25519_square(&t1,&t0);
+	/* 2^255 - 21 */ fe25519_mul(r,&t1,&z11);
+}
+
+void fe25519_pow2523(fe25519 *r, const fe25519 *x)
+{
+	fe25519 z2;
+	fe25519 z9;
+	fe25519 z11;
+	fe25519 z2_5_0;
+	fe25519 z2_10_0;
+	fe25519 z2_20_0;
+	fe25519 z2_50_0;
+	fe25519 z2_100_0;
+	fe25519 t;
+	int i;
+		
+	/* 2 */ fe25519_square(&z2,x);
+	/* 4 */ fe25519_square(&t,&z2);
+	/* 8 */ fe25519_square(&t,&t);
+	/* 9 */ fe25519_mul(&z9,&t,x);
+	/* 11 */ fe25519_mul(&z11,&z9,&z2);
+	/* 22 */ fe25519_square(&t,&z11);
+	/* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t,&z9);
+
+	/* 2^6 - 2^1 */ fe25519_square(&t,&z2_5_0);
+	/* 2^10 - 2^5 */ for (i = 1;i < 5;i++) { fe25519_square(&t,&t); }
+	/* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t,&z2_5_0);
+
+	/* 2^11 - 2^1 */ fe25519_square(&t,&z2_10_0);
+	/* 2^20 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); }
+	/* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t,&z2_10_0);
+
+	/* 2^21 - 2^1 */ fe25519_square(&t,&z2_20_0);
+	/* 2^40 - 2^20 */ for (i = 1;i < 20;i++) { fe25519_square(&t,&t); }
+	/* 2^40 - 2^0 */ fe25519_mul(&t,&t,&z2_20_0);
+
+	/* 2^41 - 2^1 */ fe25519_square(&t,&t);
+	/* 2^50 - 2^10 */ for (i = 1;i < 10;i++) { fe25519_square(&t,&t); }
+	/* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t,&z2_10_0);
+
+	/* 2^51 - 2^1 */ fe25519_square(&t,&z2_50_0);
+	/* 2^100 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); }
+	/* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t,&z2_50_0);
+
+	/* 2^101 - 2^1 */ fe25519_square(&t,&z2_100_0);
+	/* 2^200 - 2^100 */ for (i = 1;i < 100;i++) { fe25519_square(&t,&t); }
+	/* 2^200 - 2^0 */ fe25519_mul(&t,&t,&z2_100_0);
+
+	/* 2^201 - 2^1 */ fe25519_square(&t,&t);
+	/* 2^250 - 2^50 */ for (i = 1;i < 50;i++) { fe25519_square(&t,&t); }
+	/* 2^250 - 2^0 */ fe25519_mul(&t,&t,&z2_50_0);
+
+	/* 2^251 - 2^1 */ fe25519_square(&t,&t);
+	/* 2^252 - 2^2 */ fe25519_square(&t,&t);
+	/* 2^252 - 3 */ fe25519_mul(r,&t,x);
+}

src/libnacl/crypto_sign/ed25519/ref/fe25519.h

@@ -0,0 +1,62 @@
+#ifndef FE25519_H
+#define FE25519_H
+
+#include "crypto_uint32.h"
+
+#define fe25519              crypto_sign_ed25519_ref_fe25519
+#define fe25519_freeze       crypto_sign_ed25519_ref_fe25519_freeze
+#define fe25519_unpack       crypto_sign_ed25519_ref_fe25519_unpack
+#define fe25519_pack         crypto_sign_ed25519_ref_fe25519_pack
+#define fe25519_iszero       crypto_sign_ed25519_ref_fe25519_iszero
+#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime
+#define fe25519_cmov         crypto_sign_ed25519_ref_fe25519_cmov
+#define fe25519_setone       crypto_sign_ed25519_ref_fe25519_setone
+#define fe25519_setzero      crypto_sign_ed25519_ref_fe25519_setzero
+#define fe25519_neg          crypto_sign_ed25519_ref_fe25519_neg
+#define fe25519_getparity    crypto_sign_ed25519_ref_fe25519_getparity
+#define fe25519_add          crypto_sign_ed25519_ref_fe25519_add
+#define fe25519_sub          crypto_sign_ed25519_ref_fe25519_sub
+#define fe25519_mul          crypto_sign_ed25519_ref_fe25519_mul
+#define fe25519_square       crypto_sign_ed25519_ref_fe25519_square
+#define fe25519_invert       crypto_sign_ed25519_ref_fe25519_invert
+#define fe25519_pow2523      crypto_sign_ed25519_ref_fe25519_pow2523
+
+typedef struct 
+{
+  crypto_uint32 v[32]; 
+}
+fe25519;
+
+void fe25519_freeze(fe25519 *r);
+
+void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
+
+void fe25519_pack(unsigned char r[32], const fe25519 *x);
+
+int fe25519_iszero(const fe25519 *x);
+
+int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y);
+
+void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b);
+
+void fe25519_setone(fe25519 *r);
+
+void fe25519_setzero(fe25519 *r);
+
+void fe25519_neg(fe25519 *r, const fe25519 *x);
+
+unsigned char fe25519_getparity(const fe25519 *x);
+
+void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_square(fe25519 *r, const fe25519 *x);
+
+void fe25519_invert(fe25519 *r, const fe25519 *x);
+
+void fe25519_pow2523(fe25519 *r, const fe25519 *x);
+
+#endif

src/libnacl/crypto_sign/ed25519/ref/ge25519.c

@@ -0,0 +1,310 @@
+#include "fe25519.h"
+#include "sc25519.h"
+#include "ge25519.h"
+
+/* 
+ * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 
+ * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555
+ * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960);
+ */
+
+/* d */
+static const fe25519 ge25519_ecd = {{0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00, 
+                      0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52}};
+/* 2*d */
+static const fe25519 ge25519_ec2d = {{0x59, 0xF1, 0xB2, 0x26, 0x94, 0x9B, 0xD6, 0xEB, 0x56, 0xB1, 0x83, 0x82, 0x9A, 0x14, 0xE0, 0x00, 
+                       0x30, 0xD1, 0xF3, 0xEE, 0xF2, 0x80, 0x8E, 0x19, 0xE7, 0xFC, 0xDF, 0x56, 0xDC, 0xD9, 0x06, 0x24}};
+/* sqrt(-1) */
+static const fe25519 ge25519_sqrtm1 = {{0xB0, 0xA0, 0x0E, 0x4A, 0x27, 0x1B, 0xEE, 0xC4, 0x78, 0xE4, 0x2F, 0xAD, 0x06, 0x18, 0x43, 0x2F, 
+                         0xA7, 0xD7, 0xFB, 0x3D, 0x99, 0x00, 0x4D, 0x2B, 0x0B, 0xDF, 0xC1, 0x4F, 0x80, 0x24, 0x83, 0x2B}};
+
+#define ge25519_p3 ge25519
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 z;
+  fe25519 y;
+  fe25519 t;
+} ge25519_p1p1;
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 y;
+  fe25519 z;
+} ge25519_p2;
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 y;
+} ge25519_aff;
+
+
+/* Packed coordinates of the base point */
+const ge25519 ge25519_base = {{{0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69, 
+                                0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21}},
+                              {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 
+                                0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}},
+                              {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
+                                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}},
+                              {{0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20, 
+                                0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67}}};
+
+/* Multiples of the base point in affine representation */
+static const ge25519_aff ge25519_base_multiples_affine[425] = {
+#include "ge25519_base.data"
+};
+
+static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p)
+{
+  fe25519_mul(&r->x, &p->x, &p->t);
+  fe25519_mul(&r->y, &p->y, &p->z);
+  fe25519_mul(&r->z, &p->z, &p->t);
+}
+
+static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p)
+{
+  p1p1_to_p2((ge25519_p2 *)r, p);
+  fe25519_mul(&r->t, &p->x, &p->y);
+}
+
+static void ge25519_mixadd2(ge25519_p3 *r, const ge25519_aff *q)
+{
+  fe25519 a,b,t1,t2,c,d,e,f,g,h,qt;
+  fe25519_mul(&qt, &q->x, &q->y);
+  fe25519_sub(&a, &r->y, &r->x); /* A = (Y1-X1)*(Y2-X2) */
+  fe25519_add(&b, &r->y, &r->x); /* B = (Y1+X1)*(Y2+X2) */
+  fe25519_sub(&t1, &q->y, &q->x);
+  fe25519_add(&t2, &q->y, &q->x);
+  fe25519_mul(&a, &a, &t1);
+  fe25519_mul(&b, &b, &t2);
+  fe25519_sub(&e, &b, &a); /* E = B-A */
+  fe25519_add(&h, &b, &a); /* H = B+A */
+  fe25519_mul(&c, &r->t, &qt); /* C = T1*k*T2 */
+  fe25519_mul(&c, &c, &ge25519_ec2d);
+  fe25519_add(&d, &r->z, &r->z); /* D = Z1*2 */
+  fe25519_sub(&f, &d, &c); /* F = D-C */
+  fe25519_add(&g, &d, &c); /* G = D+C */
+  fe25519_mul(&r->x, &e, &f);
+  fe25519_mul(&r->y, &h, &g);
+  fe25519_mul(&r->z, &g, &f);
+  fe25519_mul(&r->t, &e, &h);
+}
+
+static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q)
+{
+  fe25519 a, b, c, d, t;
+  
+  fe25519_sub(&a, &p->y, &p->x); /* A = (Y1-X1)*(Y2-X2) */
+  fe25519_sub(&t, &q->y, &q->x);
+  fe25519_mul(&a, &a, &t);
+  fe25519_add(&b, &p->x, &p->y); /* B = (Y1+X1)*(Y2+X2) */
+  fe25519_add(&t, &q->x, &q->y);
+  fe25519_mul(&b, &b, &t);
+  fe25519_mul(&c, &p->t, &q->t); /* C = T1*k*T2 */
+  fe25519_mul(&c, &c, &ge25519_ec2d);
+  fe25519_mul(&d, &p->z, &q->z); /* D = Z1*2*Z2 */
+  fe25519_add(&d, &d, &d);
+  fe25519_sub(&r->x, &b, &a); /* E = B-A */
+  fe25519_sub(&r->t, &d, &c); /* F = D-C */
+  fe25519_add(&r->z, &d, &c); /* G = D+C */
+  fe25519_add(&r->y, &b, &a); /* H = B+A */
+}
+
+/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */
+static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p)
+{
+  fe25519 a,b,c,d;
+  fe25519_square(&a, &p->x);
+  fe25519_square(&b, &p->y);
+  fe25519_square(&c, &p->z);
+  fe25519_add(&c, &c, &c);
+  fe25519_neg(&d, &a);
+
+  fe25519_add(&r->x, &p->x, &p->y);
+  fe25519_square(&r->x, &r->x);
+  fe25519_sub(&r->x, &r->x, &a);
+  fe25519_sub(&r->x, &r->x, &b);
+  fe25519_add(&r->z, &d, &b);
+  fe25519_sub(&r->t, &r->z, &c);
+  fe25519_sub(&r->y, &d, &b);
+}
+
+/* Constant-time version of: if(b) r = p */
+static void cmov_aff(ge25519_aff *r, const ge25519_aff *p, unsigned char b)
+{
+  fe25519_cmov(&r->x, &p->x, b);
+  fe25519_cmov(&r->y, &p->y, b);
+}
+
+static unsigned char equal(signed char b,signed char c)
+{
+  unsigned char ub = b;
+  unsigned char uc = c;
+  unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */
+  crypto_uint32 y = x; /* 0: yes; 1..255: no */
+  y -= 1; /* 4294967295: yes; 0..254: no */
+  y >>= 31; /* 1: yes; 0: no */
+  return y;
+}
+
+static unsigned char negative(signed char b)
+{
+  unsigned long long x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */
+  x >>= 63; /* 1: yes; 0: no */
+  return x;
+}
+
+static void choose_t(ge25519_aff *t, unsigned long long pos, signed char b)
+{
+  /* constant time */
+  fe25519 v;
+  *t = ge25519_base_multiples_affine[5*pos+0];
+  cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
+  cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
+  cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
+  cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4));
+  fe25519_neg(&v, &t->x);
+  fe25519_cmov(&t->x, &v, negative(b));
+}
+
+static void setneutral(ge25519 *r)
+{
+  fe25519_setzero(&r->x);
+  fe25519_setone(&r->y);
+  fe25519_setone(&r->z);
+  fe25519_setzero(&r->t);
+}
+
+/* ********************************************************************
+ *                    EXPORTED FUNCTIONS
+ ******************************************************************** */
+
+/* return 0 on success, -1 otherwise */
+int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32])
+{
+  fe25519 t, chk, num, den, den2, den4, den6;
+  fe25519_setone(&r->z);
+  unsigned char par = p[31] >> 7;
+  fe25519_unpack(&r->y, p); 
+  fe25519_square(&num, &r->y); /* x = y^2 */
+  fe25519_mul(&den, &num, &ge25519_ecd); /* den = dy^2 */
+  fe25519_sub(&num, &num, &r->z); /* x = y^2-1 */
+  fe25519_add(&den, &r->z, &den); /* den = dy^2+1 */
+
+  /* Computation of sqrt(num/den) */
+  /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */
+  fe25519_square(&den2, &den);
+  fe25519_square(&den4, &den2);
+  fe25519_mul(&den6, &den4, &den2);
+  fe25519_mul(&t, &den6, &num);
+  fe25519_mul(&t, &t, &den);
+
+  fe25519_pow2523(&t, &t);
+  /* 2. computation of r->x = t * num * den^3 */
+  fe25519_mul(&t, &t, &num);
+  fe25519_mul(&t, &t, &den);
+  fe25519_mul(&t, &t, &den);
+  fe25519_mul(&r->x, &t, &den);
+
+  /* 3. Check whether sqrt computation gave correct result, multiply by sqrt(-1) if not: */
+  fe25519_square(&chk, &r->x);
+  fe25519_mul(&chk, &chk, &den);
+  if (!fe25519_iseq_vartime(&chk, &num))
+    fe25519_mul(&r->x, &r->x, &ge25519_sqrtm1);
+
+  /* 4. Now we have one of the two square roots, except if input was not a square */
+  fe25519_square(&chk, &r->x);
+  fe25519_mul(&chk, &chk, &den);
+  if (!fe25519_iseq_vartime(&chk, &num))
+    return -1;
+
+  /* 5. Choose the desired square root according to parity: */
+  if(fe25519_getparity(&r->x) != (1-par))
+    fe25519_neg(&r->x, &r->x);
+
+  fe25519_mul(&r->t, &r->x, &r->y);
+  return 0;
+}
+
+void ge25519_pack(unsigned char r[32], const ge25519_p3 *p)
+{
+  fe25519 tx, ty, zi;
+  fe25519_invert(&zi, &p->z); 
+  fe25519_mul(&tx, &p->x, &zi);
+  fe25519_mul(&ty, &p->y, &zi);
+  fe25519_pack(r, &ty);
+  r[31] ^= fe25519_getparity(&tx) << 7;
+}
+
+int ge25519_isneutral_vartime(const ge25519_p3 *p)
+{
+  int ret = 1;
+  if(!fe25519_iszero(&p->x)) ret = 0;
+  if(!fe25519_iseq_vartime(&p->y, &p->z)) ret = 0;
+  return ret;
+}
+
+/* computes [s1]p1 + [s2]p2 */
+void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const ge25519_p3 *p2, const sc25519 *s2)
+{
+  ge25519_p1p1 tp1p1;
+  ge25519_p3 pre[16];
+  unsigned char b[127];
+
+  /* precomputation                                                        s2 s1 */
+  setneutral(pre);                                                      /* 00 00 */
+  pre[1] = *p1;                                                         /* 00 01 */
+  dbl_p1p1(&tp1p1,(ge25519_p2 *)p1);      p1p1_to_p3( &pre[2], &tp1p1); /* 00 10 */
+  add_p1p1(&tp1p1,&pre[1], &pre[2]);      p1p1_to_p3( &pre[3], &tp1p1); /* 00 11 */
+  pre[4] = *p2;                                                         /* 01 00 */
+  add_p1p1(&tp1p1,&pre[1], &pre[4]);      p1p1_to_p3( &pre[5], &tp1p1); /* 01 01 */
+  add_p1p1(&tp1p1,&pre[2], &pre[4]);      p1p1_to_p3( &pre[6], &tp1p1); /* 01 10 */
+  add_p1p1(&tp1p1,&pre[3], &pre[4]);      p1p1_to_p3( &pre[7], &tp1p1); /* 01 11 */
+  dbl_p1p1(&tp1p1,(ge25519_p2 *)p2);      p1p1_to_p3( &pre[8], &tp1p1); /* 10 00 */
+  add_p1p1(&tp1p1,&pre[1], &pre[8]);      p1p1_to_p3( &pre[9], &tp1p1); /* 10 01 */
+  dbl_p1p1(&tp1p1,(ge25519_p2 *)&pre[5]); p1p1_to_p3(&pre[10], &tp1p1); /* 10 10 */
+  add_p1p1(&tp1p1,&pre[3], &pre[8]);      p1p1_to_p3(&pre[11], &tp1p1); /* 10 11 */
+  add_p1p1(&tp1p1,&pre[4], &pre[8]);      p1p1_to_p3(&pre[12], &tp1p1); /* 11 00 */
+  add_p1p1(&tp1p1,&pre[1],&pre[12]);      p1p1_to_p3(&pre[13], &tp1p1); /* 11 01 */
+  add_p1p1(&tp1p1,&pre[2],&pre[12]);      p1p1_to_p3(&pre[14], &tp1p1); /* 11 10 */
+  add_p1p1(&tp1p1,&pre[3],&pre[12]);      p1p1_to_p3(&pre[15], &tp1p1); /* 11 11 */
+
+  sc25519_2interleave2(b,s1,s2);
+
+  /* scalar multiplication */
+  *r = pre[b[126]];
+  int i;
+  for(i=125;i>=0;i--)
+  {
+    dbl_p1p1(&tp1p1, (ge25519_p2 *)r);
+    p1p1_to_p2((ge25519_p2 *) r, &tp1p1);
+    dbl_p1p1(&tp1p1, (ge25519_p2 *)r);
+    if(b[i]!=0)
+    {
+      p1p1_to_p3(r, &tp1p1);
+      add_p1p1(&tp1p1, r, &pre[b[i]]);
+    }
+    if(i != 0) p1p1_to_p2((ge25519_p2 *)r, &tp1p1);
+    else p1p1_to_p3(r, &tp1p1);
+  }
+}
+
+void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s)
+{
+  signed char b[85];
+  int i;
+  ge25519_aff t;
+  sc25519_window3(b,s);
+
+  choose_t((ge25519_aff *)r, 0, b[0]);
+  fe25519_setone(&r->z);
+  fe25519_mul(&r->t, &r->x, &r->y);
+  for(i=1;i<85;i++)
+  {
+    choose_t(&t, (unsigned long long) i, b[i]);
+    ge25519_mixadd2(r, &t);
+  }
+}

src/libnacl/crypto_sign/ed25519/ref/ge25519.h

@@ -0,0 +1,35 @@
+#ifndef GE25519_H
+#define GE25519_H
+
+#include "fe25519.h"
+#include "sc25519.h"
+
+#define ge25519                           crypto_sign_ed25519_ref_ge25519
+#define ge25519_base                      crypto_sign_ed25519_ref_ge25519_base
+#define ge25519_unpackneg_vartime         crypto_sign_ed25519_ref_unpackneg_vartime
+#define ge25519_pack                      crypto_sign_ed25519_ref_pack
+#define ge25519_isneutral_vartime         crypto_sign_ed25519_ref_isneutral_vartime
+#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime
+#define ge25519_scalarmult_base           crypto_sign_ed25519_ref_scalarmult_base
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 y;
+  fe25519 z;
+  fe25519 t;
+} ge25519;
+
+const ge25519 ge25519_base;
+
+int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
+
+void ge25519_pack(unsigned char r[32], const ge25519 *p);
+
+int ge25519_isneutral_vartime(const ge25519 *p);
+
+void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2);
+
+void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
+
+#endif

src/libnacl/crypto_sign/ed25519/ref/ge25519_base.data

@@ -0,0 +1,850 @@
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21}} ,
+ {{0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66}}},
+{{{0x0e, 0xce, 0x43, 0x28, 0x4e, 0xa1, 0xc5, 0x83, 0x5f, 0xa4, 0xd7, 0x15, 0x45, 0x8e, 0x0d, 0x08, 0xac, 0xe7, 0x33, 0x18, 0x7d, 0x3b, 0x04, 0x3d, 0x6c, 0x04, 0x5a, 0x9f, 0x4c, 0x38, 0xab, 0x36}} ,
+ {{0xc9, 0xa3, 0xf8, 0x6a, 0xae, 0x46, 0x5f, 0x0e, 0x56, 0x51, 0x38, 0x64, 0x51, 0x0f, 0x39, 0x97, 0x56, 0x1f, 0xa2, 0xc9, 0xe8, 0x5e, 0xa2, 0x1d, 0xc2, 0x29, 0x23, 0x09, 0xf3, 0xcd, 0x60, 0x22}}},
+{{{0x5c, 0xe2, 0xf8, 0xd3, 0x5f, 0x48, 0x62, 0xac, 0x86, 0x48, 0x62, 0x81, 0x19, 0x98, 0x43, 0x63, 0x3a, 0xc8, 0xda, 0x3e, 0x74, 0xae, 0xf4, 0x1f, 0x49, 0x8f, 0x92, 0x22, 0x4a, 0x9c, 0xae, 0x67}} ,
+ {{0xd4, 0xb4, 0xf5, 0x78, 0x48, 0x68, 0xc3, 0x02, 0x04, 0x03, 0x24, 0x67, 0x17, 0xec, 0x16, 0x9f, 0xf7, 0x9e, 0x26, 0x60, 0x8e, 0xa1, 0x26, 0xa1, 0xab, 0x69, 0xee, 0x77, 0xd1, 0xb1, 0x67, 0x12}}},
+{{{0x70, 0xf8, 0xc9, 0xc4, 0x57, 0xa6, 0x3a, 0x49, 0x47, 0x15, 0xce, 0x93, 0xc1, 0x9e, 0x73, 0x1a, 0xf9, 0x20, 0x35, 0x7a, 0xb8, 0xd4, 0x25, 0x83, 0x46, 0xf1, 0xcf, 0x56, 0xdb, 0xa8, 0x3d, 0x20}} ,
+ {{0x2f, 0x11, 0x32, 0xca, 0x61, 0xab, 0x38, 0xdf, 0xf0, 0x0f, 0x2f, 0xea, 0x32, 0x28, 0xf2, 0x4c, 0x6c, 0x71, 0xd5, 0x80, 0x85, 0xb8, 0x0e, 0x47, 0xe1, 0x95, 0x15, 0xcb, 0x27, 0xe8, 0xd0, 0x47}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc8, 0x84, 0xa5, 0x08, 0xbc, 0xfd, 0x87, 0x3b, 0x99, 0x8b, 0x69, 0x80, 0x7b, 0xc6, 0x3a, 0xeb, 0x93, 0xcf, 0x4e, 0xf8, 0x5c, 0x2d, 0x86, 0x42, 0xb6, 0x71, 0xd7, 0x97, 0x5f, 0xe1, 0x42, 0x67}} ,
+ {{0xb4, 0xb9, 0x37, 0xfc, 0xa9, 0x5b, 0x2f, 0x1e, 0x93, 0xe4, 0x1e, 0x62, 0xfc, 0x3c, 0x78, 0x81, 0x8f, 0xf3, 0x8a, 0x66, 0x09, 0x6f, 0xad, 0x6e, 0x79, 0x73, 0xe5, 0xc9, 0x00, 0x06, 0xd3, 0x21}}},
+{{{0xf8, 0xf9, 0x28, 0x6c, 0x6d, 0x59, 0xb2, 0x59, 0x74, 0x23, 0xbf, 0xe7, 0x33, 0x8d, 0x57, 0x09, 0x91, 0x9c, 0x24, 0x08, 0x15, 0x2b, 0xe2, 0xb8, 0xee, 0x3a, 0xe5, 0x27, 0x06, 0x86, 0xa4, 0x23}} ,
+ {{0xeb, 0x27, 0x67, 0xc1, 0x37, 0xab, 0x7a, 0xd8, 0x27, 0x9c, 0x07, 0x8e, 0xff, 0x11, 0x6a, 0xb0, 0x78, 0x6e, 0xad, 0x3a, 0x2e, 0x0f, 0x98, 0x9f, 0x72, 0xc3, 0x7f, 0x82, 0xf2, 0x96, 0x96, 0x70}}},
+{{{0x81, 0x6b, 0x88, 0xe8, 0x1e, 0xc7, 0x77, 0x96, 0x0e, 0xa1, 0xa9, 0x52, 0xe0, 0xd8, 0x0e, 0x61, 0x9e, 0x79, 0x2d, 0x95, 0x9c, 0x8d, 0x96, 0xe0, 0x06, 0x40, 0x5d, 0x87, 0x28, 0x5f, 0x98, 0x70}} ,
+ {{0xf1, 0x79, 0x7b, 0xed, 0x4f, 0x44, 0xb2, 0xe7, 0x08, 0x0d, 0xc2, 0x08, 0x12, 0xd2, 0x9f, 0xdf, 0xcd, 0x93, 0x20, 0x8a, 0xcf, 0x33, 0xca, 0x6d, 0x89, 0xb9, 0x77, 0xc8, 0x93, 0x1b, 0x4e, 0x60}}},
+{{{0x26, 0x4f, 0x7e, 0x97, 0xf6, 0x40, 0xdd, 0x4f, 0xfc, 0x52, 0x78, 0xf9, 0x90, 0x31, 0x03, 0xe6, 0x7d, 0x56, 0x39, 0x0b, 0x1d, 0x56, 0x82, 0x85, 0xf9, 0x1a, 0x42, 0x17, 0x69, 0x6c, 0xcf, 0x39}} ,
+ {{0x69, 0xd2, 0x06, 0x3a, 0x4f, 0x39, 0x2d, 0xf9, 0x38, 0x40, 0x8c, 0x4c, 0xe7, 0x05, 0x12, 0xb4, 0x78, 0x8b, 0xf8, 0xc0, 0xec, 0x93, 0xde, 0x7a, 0x6b, 0xce, 0x2c, 0xe1, 0x0e, 0xa9, 0x34, 0x44}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0b, 0xa4, 0x3c, 0xb0, 0x0f, 0x7a, 0x51, 0xf1, 0x78, 0xd6, 0xd9, 0x6a, 0xfd, 0x46, 0xe8, 0xb8, 0xa8, 0x79, 0x1d, 0x87, 0xf9, 0x90, 0xf2, 0x9c, 0x13, 0x29, 0xf8, 0x0b, 0x20, 0x64, 0xfa, 0x05}} ,
+ {{0x26, 0x09, 0xda, 0x17, 0xaf, 0x95, 0xd6, 0xfb, 0x6a, 0x19, 0x0d, 0x6e, 0x5e, 0x12, 0xf1, 0x99, 0x4c, 0xaa, 0xa8, 0x6f, 0x79, 0x86, 0xf4, 0x72, 0x28, 0x00, 0x26, 0xf9, 0xea, 0x9e, 0x19, 0x3d}}},
+{{{0x87, 0xdd, 0xcf, 0xf0, 0x5b, 0x49, 0xa2, 0x5d, 0x40, 0x7a, 0x23, 0x26, 0xa4, 0x7a, 0x83, 0x8a, 0xb7, 0x8b, 0xd2, 0x1a, 0xbf, 0xea, 0x02, 0x24, 0x08, 0x5f, 0x7b, 0xa9, 0xb1, 0xbe, 0x9d, 0x37}} ,
+ {{0xfc, 0x86, 0x4b, 0x08, 0xee, 0xe7, 0xa0, 0xfd, 0x21, 0x45, 0x09, 0x34, 0xc1, 0x61, 0x32, 0x23, 0xfc, 0x9b, 0x55, 0x48, 0x53, 0x99, 0xf7, 0x63, 0xd0, 0x99, 0xce, 0x01, 0xe0, 0x9f, 0xeb, 0x28}}},
+{{{0x47, 0xfc, 0xab, 0x5a, 0x17, 0xf0, 0x85, 0x56, 0x3a, 0x30, 0x86, 0x20, 0x28, 0x4b, 0x8e, 0x44, 0x74, 0x3a, 0x6e, 0x02, 0xf1, 0x32, 0x8f, 0x9f, 0x3f, 0x08, 0x35, 0xe9, 0xca, 0x16, 0x5f, 0x6e}} ,
+ {{0x1c, 0x59, 0x1c, 0x65, 0x5d, 0x34, 0xa4, 0x09, 0xcd, 0x13, 0x9c, 0x70, 0x7d, 0xb1, 0x2a, 0xc5, 0x88, 0xaf, 0x0b, 0x60, 0xc7, 0x9f, 0x34, 0x8d, 0xd6, 0xb7, 0x7f, 0xea, 0x78, 0x65, 0x8d, 0x77}}},
+{{{0x56, 0xa5, 0xc2, 0x0c, 0xdd, 0xbc, 0xb8, 0x20, 0x6d, 0x57, 0x61, 0xb5, 0xfb, 0x78, 0xb5, 0xd4, 0x49, 0x54, 0x90, 0x26, 0xc1, 0xcb, 0xe9, 0xe6, 0xbf, 0xec, 0x1d, 0x4e, 0xed, 0x07, 0x7e, 0x5e}} ,
+ {{0xc7, 0xf6, 0x6c, 0x56, 0x31, 0x20, 0x14, 0x0e, 0xa8, 0xd9, 0x27, 0xc1, 0x9a, 0x3d, 0x1b, 0x7d, 0x0e, 0x26, 0xd3, 0x81, 0xaa, 0xeb, 0xf5, 0x6b, 0x79, 0x02, 0xf1, 0x51, 0x5c, 0x75, 0x55, 0x0f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0a, 0x34, 0xcd, 0x82, 0x3c, 0x33, 0x09, 0x54, 0xd2, 0x61, 0x39, 0x30, 0x9b, 0xfd, 0xef, 0x21, 0x26, 0xd4, 0x70, 0xfa, 0xee, 0xf9, 0x31, 0x33, 0x73, 0x84, 0xd0, 0xb3, 0x81, 0xbf, 0xec, 0x2e}} ,
+ {{0xe8, 0x93, 0x8b, 0x00, 0x64, 0xf7, 0x9c, 0xb8, 0x74, 0xe0, 0xe6, 0x49, 0x48, 0x4d, 0x4d, 0x48, 0xb6, 0x19, 0xa1, 0x40, 0xb7, 0xd9, 0x32, 0x41, 0x7c, 0x82, 0x37, 0xa1, 0x2d, 0xdc, 0xd2, 0x54}}},
+{{{0x68, 0x2b, 0x4a, 0x5b, 0xd5, 0xc7, 0x51, 0x91, 0x1d, 0xe1, 0x2a, 0x4b, 0xc4, 0x47, 0xf1, 0xbc, 0x7a, 0xb3, 0xcb, 0xc8, 0xb6, 0x7c, 0xac, 0x90, 0x05, 0xfd, 0xf3, 0xf9, 0x52, 0x3a, 0x11, 0x6b}} ,
+ {{0x3d, 0xc1, 0x27, 0xf3, 0x59, 0x43, 0x95, 0x90, 0xc5, 0x96, 0x79, 0xf5, 0xf4, 0x95, 0x65, 0x29, 0x06, 0x9c, 0x51, 0x05, 0x18, 0xda, 0xb8, 0x2e, 0x79, 0x7e, 0x69, 0x59, 0x71, 0x01, 0xeb, 0x1a}}},
+{{{0x15, 0x06, 0x49, 0xb6, 0x8a, 0x3c, 0xea, 0x2f, 0x34, 0x20, 0x14, 0xc3, 0xaa, 0xd6, 0xaf, 0x2c, 0x3e, 0xbd, 0x65, 0x20, 0xe2, 0x4d, 0x4b, 0x3b, 0xeb, 0x9f, 0x4a, 0xc3, 0xad, 0xa4, 0x3b, 0x60}} ,
+ {{0xbc, 0x58, 0xe6, 0xc0, 0x95, 0x2a, 0x2a, 0x81, 0x9a, 0x7a, 0xf3, 0xd2, 0x06, 0xbe, 0x48, 0xbc, 0x0c, 0xc5, 0x46, 0xe0, 0x6a, 0xd4, 0xac, 0x0f, 0xd9, 0xcc, 0x82, 0x34, 0x2c, 0xaf, 0xdb, 0x1f}}},
+{{{0xf7, 0x17, 0x13, 0xbd, 0xfb, 0xbc, 0xd2, 0xec, 0x45, 0xb3, 0x15, 0x31, 0xe9, 0xaf, 0x82, 0x84, 0x3d, 0x28, 0xc6, 0xfc, 0x11, 0xf5, 0x41, 0xb5, 0x8b, 0xd3, 0x12, 0x76, 0x52, 0xe7, 0x1a, 0x3c}} ,
+ {{0x4e, 0x36, 0x11, 0x07, 0xa2, 0x15, 0x20, 0x51, 0xc4, 0x2a, 0xc3, 0x62, 0x8b, 0x5e, 0x7f, 0xa6, 0x0f, 0xf9, 0x45, 0x85, 0x6c, 0x11, 0x86, 0xb7, 0x7e, 0xe5, 0xd7, 0xf9, 0xc3, 0x91, 0x1c, 0x05}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xea, 0xd6, 0xde, 0x29, 0x3a, 0x00, 0xb9, 0x02, 0x59, 0xcb, 0x26, 0xc4, 0xba, 0x99, 0xb1, 0x97, 0x2f, 0x8e, 0x00, 0x92, 0x26, 0x4f, 0x52, 0xeb, 0x47, 0x1b, 0x89, 0x8b, 0x24, 0xc0, 0x13, 0x7d}} ,
+ {{0xd5, 0x20, 0x5b, 0x80, 0xa6, 0x80, 0x20, 0x95, 0xc3, 0xe9, 0x9f, 0x8e, 0x87, 0x9e, 0x1e, 0x9e, 0x7a, 0xc7, 0xcc, 0x75, 0x6c, 0xa5, 0xf1, 0x91, 0x1a, 0xa8, 0x01, 0x2c, 0xab, 0x76, 0xa9, 0x59}}},
+{{{0xde, 0xc9, 0xb1, 0x31, 0x10, 0x16, 0xaa, 0x35, 0x14, 0x6a, 0xd4, 0xb5, 0x34, 0x82, 0x71, 0xd2, 0x4a, 0x5d, 0x9a, 0x1f, 0x53, 0x26, 0x3c, 0xe5, 0x8e, 0x8d, 0x33, 0x7f, 0xff, 0xa9, 0xd5, 0x17}} ,
+ {{0x89, 0xaf, 0xf6, 0xa4, 0x64, 0xd5, 0x10, 0xe0, 0x1d, 0xad, 0xef, 0x44, 0xbd, 0xda, 0x83, 0xac, 0x7a, 0xa8, 0xf0, 0x1c, 0x07, 0xf9, 0xc3, 0x43, 0x6c, 0x3f, 0xb7, 0xd3, 0x87, 0x22, 0x02, 0x73}}},
+{{{0x64, 0x1d, 0x49, 0x13, 0x2f, 0x71, 0xec, 0x69, 0x87, 0xd0, 0x42, 0xee, 0x13, 0xec, 0xe3, 0xed, 0x56, 0x7b, 0xbf, 0xbd, 0x8c, 0x2f, 0x7d, 0x7b, 0x9d, 0x28, 0xec, 0x8e, 0x76, 0x2f, 0x6f, 0x08}} ,
+ {{0x22, 0xf5, 0x5f, 0x4d, 0x15, 0xef, 0xfc, 0x4e, 0x57, 0x03, 0x36, 0x89, 0xf0, 0xeb, 0x5b, 0x91, 0xd6, 0xe2, 0xca, 0x01, 0xa5, 0xee, 0x52, 0xec, 0xa0, 0x3c, 0x8f, 0x33, 0x90, 0x5a, 0x94, 0x72}}},
+{{{0x8a, 0x4b, 0xe7, 0x38, 0xbc, 0xda, 0xc2, 0xb0, 0x85, 0xe1, 0x4a, 0xfe, 0x2d, 0x44, 0x84, 0xcb, 0x20, 0x6b, 0x2d, 0xbf, 0x11, 0x9c, 0xd7, 0xbe, 0xd3, 0x3e, 0x5f, 0xbf, 0x68, 0xbc, 0xa8, 0x07}} ,
+ {{0x01, 0x89, 0x28, 0x22, 0x6a, 0x78, 0xaa, 0x29, 0x03, 0xc8, 0x74, 0x95, 0x03, 0x3e, 0xdc, 0xbd, 0x07, 0x13, 0xa8, 0xa2, 0x20, 0x2d, 0xb3, 0x18, 0x70, 0x42, 0xfd, 0x7a, 0xc4, 0xd7, 0x49, 0x72}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x02, 0xff, 0x32, 0x2b, 0x5c, 0x93, 0x54, 0x32, 0xe8, 0x57, 0x54, 0x1a, 0x8b, 0x33, 0x60, 0x65, 0xd3, 0x67, 0xa4, 0xc1, 0x26, 0xc4, 0xa4, 0x34, 0x1f, 0x9b, 0xa7, 0xa9, 0xf4, 0xd9, 0x4f, 0x5b}} ,
+ {{0x46, 0x8d, 0xb0, 0x33, 0x54, 0x26, 0x5b, 0x68, 0xdf, 0xbb, 0xc5, 0xec, 0xc2, 0xf9, 0x3c, 0x5a, 0x37, 0xc1, 0x8e, 0x27, 0x47, 0xaa, 0x49, 0x5a, 0xf8, 0xfb, 0x68, 0x04, 0x23, 0xd1, 0xeb, 0x40}}},
+{{{0x65, 0xa5, 0x11, 0x84, 0x8a, 0x67, 0x9d, 0x9e, 0xd1, 0x44, 0x68, 0x7a, 0x34, 0xe1, 0x9f, 0xa3, 0x54, 0xcd, 0x07, 0xca, 0x79, 0x1f, 0x54, 0x2f, 0x13, 0x70, 0x4e, 0xee, 0xa2, 0xfa, 0xe7, 0x5d}} ,
+ {{0x36, 0xec, 0x54, 0xf8, 0xce, 0xe4, 0x85, 0xdf, 0xf6, 0x6f, 0x1d, 0x90, 0x08, 0xbc, 0xe8, 0xc0, 0x92, 0x2d, 0x43, 0x6b, 0x92, 0xa9, 0x8e, 0xab, 0x0a, 0x2e, 0x1c, 0x1e, 0x64, 0x23, 0x9f, 0x2c}}},
+{{{0xa7, 0xd6, 0x2e, 0xd5, 0xcc, 0xd4, 0xcb, 0x5a, 0x3b, 0xa7, 0xf9, 0x46, 0x03, 0x1d, 0xad, 0x2b, 0x34, 0x31, 0x90, 0x00, 0x46, 0x08, 0x82, 0x14, 0xc4, 0xe0, 0x9c, 0xf0, 0xe3, 0x55, 0x43, 0x31}} ,
+ {{0x60, 0xd6, 0xdd, 0x78, 0xe6, 0xd4, 0x22, 0x42, 0x1f, 0x00, 0xf9, 0xb1, 0x6a, 0x63, 0xe2, 0x92, 0x59, 0xd1, 0x1a, 0xb7, 0x00, 0x54, 0x29, 0xc9, 0xc1, 0xf6, 0x6f, 0x7a, 0xc5, 0x3c, 0x5f, 0x65}}},
+{{{0x27, 0x4f, 0xd0, 0x72, 0xb1, 0x11, 0x14, 0x27, 0x15, 0x94, 0x48, 0x81, 0x7e, 0x74, 0xd8, 0x32, 0xd5, 0xd1, 0x11, 0x28, 0x60, 0x63, 0x36, 0x32, 0x37, 0xb5, 0x13, 0x1c, 0xa0, 0x37, 0xe3, 0x74}} ,
+ {{0xf1, 0x25, 0x4e, 0x11, 0x96, 0x67, 0xe6, 0x1c, 0xc2, 0xb2, 0x53, 0xe2, 0xda, 0x85, 0xee, 0xb2, 0x9f, 0x59, 0xf3, 0xba, 0xbd, 0xfa, 0xcf, 0x6e, 0xf9, 0xda, 0xa4, 0xb3, 0x02, 0x8f, 0x64, 0x08}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x34, 0x94, 0xf2, 0x64, 0x54, 0x47, 0x37, 0x07, 0x40, 0x8a, 0x20, 0xba, 0x4a, 0x55, 0xd7, 0x3f, 0x47, 0xba, 0x25, 0x23, 0x14, 0xb0, 0x2c, 0xe8, 0x55, 0xa8, 0xa6, 0xef, 0x51, 0xbd, 0x6f, 0x6a}} ,
+ {{0x71, 0xd6, 0x16, 0x76, 0xb2, 0x06, 0xea, 0x79, 0xf5, 0xc4, 0xc3, 0x52, 0x7e, 0x61, 0xd1, 0xe1, 0xad, 0x70, 0x78, 0x1d, 0x16, 0x11, 0xf8, 0x7c, 0x2b, 0xfc, 0x55, 0x9f, 0x52, 0xf8, 0xf5, 0x16}}},
+{{{0x34, 0x96, 0x9a, 0xf6, 0xc5, 0xe0, 0x14, 0x03, 0x24, 0x0e, 0x4c, 0xad, 0x9e, 0x9a, 0x70, 0x23, 0x96, 0xb2, 0xf1, 0x2e, 0x9d, 0xc3, 0x32, 0x9b, 0x54, 0xa5, 0x73, 0xde, 0x88, 0xb1, 0x3e, 0x24}} ,
+ {{0xf6, 0xe2, 0x4c, 0x1f, 0x5b, 0xb2, 0xaf, 0x82, 0xa5, 0xcf, 0x81, 0x10, 0x04, 0xef, 0xdb, 0xa2, 0xcc, 0x24, 0xb2, 0x7e, 0x0b, 0x7a, 0xeb, 0x01, 0xd8, 0x52, 0xf4, 0x51, 0x89, 0x29, 0x79, 0x37}}},
+{{{0x74, 0xde, 0x12, 0xf3, 0x68, 0xb7, 0x66, 0xc3, 0xee, 0x68, 0xdc, 0x81, 0xb5, 0x55, 0x99, 0xab, 0xd9, 0x28, 0x63, 0x6d, 0x8b, 0x40, 0x69, 0x75, 0x6c, 0xcd, 0x5c, 0x2a, 0x7e, 0x32, 0x7b, 0x29}} ,
+ {{0x02, 0xcc, 0x22, 0x74, 0x4d, 0x19, 0x07, 0xc0, 0xda, 0xb5, 0x76, 0x51, 0x2a, 0xaa, 0xa6, 0x0a, 0x5f, 0x26, 0xd4, 0xbc, 0xaf, 0x48, 0x88, 0x7f, 0x02, 0xbc, 0xf2, 0xe1, 0xcf, 0xe9, 0xdd, 0x15}}},
+{{{0xed, 0xb5, 0x9a, 0x8c, 0x9a, 0xdd, 0x27, 0xf4, 0x7f, 0x47, 0xd9, 0x52, 0xa7, 0xcd, 0x65, 0xa5, 0x31, 0x22, 0xed, 0xa6, 0x63, 0x5b, 0x80, 0x4a, 0xad, 0x4d, 0xed, 0xbf, 0xee, 0x49, 0xb3, 0x06}} ,
+ {{0xf8, 0x64, 0x8b, 0x60, 0x90, 0xe9, 0xde, 0x44, 0x77, 0xb9, 0x07, 0x36, 0x32, 0xc2, 0x50, 0xf5, 0x65, 0xdf, 0x48, 0x4c, 0x37, 0xaa, 0x68, 0xab, 0x9a, 0x1f, 0x3e, 0xff, 0x89, 0x92, 0xa0, 0x07}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x7d, 0x4f, 0x9c, 0x19, 0xc0, 0x4a, 0x31, 0xec, 0xf9, 0xaa, 0xeb, 0xb2, 0x16, 0x9c, 0xa3, 0x66, 0x5f, 0xd1, 0xd4, 0xed, 0xb8, 0x92, 0x1c, 0xab, 0xda, 0xea, 0xd9, 0x57, 0xdf, 0x4c, 0x2a, 0x48}} ,
+ {{0x4b, 0xb0, 0x4e, 0x6e, 0x11, 0x3b, 0x51, 0xbd, 0x6a, 0xfd, 0xe4, 0x25, 0xa5, 0x5f, 0x11, 0x3f, 0x98, 0x92, 0x51, 0x14, 0xc6, 0x5f, 0x3c, 0x0b, 0xa8, 0xf7, 0xc2, 0x81, 0x43, 0xde, 0x91, 0x73}}},
+{{{0x3c, 0x8f, 0x9f, 0x33, 0x2a, 0x1f, 0x43, 0x33, 0x8f, 0x68, 0xff, 0x1f, 0x3d, 0x73, 0x6b, 0xbf, 0x68, 0xcc, 0x7d, 0x13, 0x6c, 0x24, 0x4b, 0xcc, 0x4d, 0x24, 0x0d, 0xfe, 0xde, 0x86, 0xad, 0x3b}} ,
+ {{0x79, 0x51, 0x81, 0x01, 0xdc, 0x73, 0x53, 0xe0, 0x6e, 0x9b, 0xea, 0x68, 0x3f, 0x5c, 0x14, 0x84, 0x53, 0x8d, 0x4b, 0xc0, 0x9f, 0x9f, 0x89, 0x2b, 0x8c, 0xba, 0x86, 0xfa, 0xf2, 0xcd, 0xe3, 0x2d}}},
+{{{0x06, 0xf9, 0x29, 0x5a, 0xdb, 0x3d, 0x84, 0x52, 0xab, 0xcc, 0x6b, 0x60, 0x9d, 0xb7, 0x4a, 0x0e, 0x36, 0x63, 0x91, 0xad, 0xa0, 0x95, 0xb0, 0x97, 0x89, 0x4e, 0xcf, 0x7d, 0x3c, 0xe5, 0x7c, 0x28}} ,
+ {{0x2e, 0x69, 0x98, 0xfd, 0xc6, 0xbd, 0xcc, 0xca, 0xdf, 0x9a, 0x44, 0x7e, 0x9d, 0xca, 0x89, 0x6d, 0xbf, 0x27, 0xc2, 0xf8, 0xcd, 0x46, 0x00, 0x2b, 0xb5, 0x58, 0x4e, 0xb7, 0x89, 0x09, 0xe9, 0x2d}}},
+{{{0x54, 0xbe, 0x75, 0xcb, 0x05, 0xb0, 0x54, 0xb7, 0xe7, 0x26, 0x86, 0x4a, 0xfc, 0x19, 0xcf, 0x27, 0x46, 0xd4, 0x22, 0x96, 0x5a, 0x11, 0xe8, 0xd5, 0x1b, 0xed, 0x71, 0xc5, 0x5d, 0xc8, 0xaf, 0x45}} ,
+ {{0x40, 0x7b, 0x77, 0x57, 0x49, 0x9e, 0x80, 0x39, 0x23, 0xee, 0x81, 0x0b, 0x22, 0xcf, 0xdb, 0x7a, 0x2f, 0x14, 0xb8, 0x57, 0x8f, 0xa1, 0x39, 0x1e, 0x77, 0xfc, 0x0b, 0xa6, 0xbf, 0x8a, 0x0c, 0x6c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x77, 0x3a, 0xd4, 0xd8, 0x27, 0xcf, 0xe8, 0xa1, 0x72, 0x9d, 0xca, 0xdd, 0x0d, 0x96, 0xda, 0x79, 0xed, 0x56, 0x42, 0x15, 0x60, 0xc7, 0x1c, 0x6b, 0x26, 0x30, 0xf6, 0x6a, 0x95, 0x67, 0xf3, 0x0a}} ,
+ {{0xc5, 0x08, 0xa4, 0x2b, 0x2f, 0xbd, 0x31, 0x81, 0x2a, 0xa6, 0xb6, 0xe4, 0x00, 0x91, 0xda, 0x3d, 0xb2, 0xb0, 0x96, 0xce, 0x8a, 0xd2, 0x8d, 0x70, 0xb3, 0xd3, 0x34, 0x01, 0x90, 0x8d, 0x10, 0x21}}},
+{{{0x33, 0x0d, 0xe7, 0xba, 0x4f, 0x07, 0xdf, 0x8d, 0xea, 0x7d, 0xa0, 0xc5, 0xd6, 0xb1, 0xb0, 0xe5, 0x57, 0x1b, 0x5b, 0xf5, 0x45, 0x13, 0x14, 0x64, 0x5a, 0xeb, 0x5c, 0xfc, 0x54, 0x01, 0x76, 0x2b}} ,
+ {{0x02, 0x0c, 0xc2, 0xaf, 0x96, 0x36, 0xfe, 0x4a, 0xe2, 0x54, 0x20, 0x6a, 0xeb, 0xb2, 0x9f, 0x62, 0xd7, 0xce, 0xa2, 0x3f, 0x20, 0x11, 0x34, 0x37, 0xe0, 0x42, 0xed, 0x6f, 0xf9, 0x1a, 0xc8, 0x7d}}},
+{{{0xd8, 0xb9, 0x11, 0xe8, 0x36, 0x3f, 0x42, 0xc1, 0xca, 0xdc, 0xd3, 0xf1, 0xc8, 0x23, 0x3d, 0x4f, 0x51, 0x7b, 0x9d, 0x8d, 0xd8, 0xe4, 0xa0, 0xaa, 0xf3, 0x04, 0xd6, 0x11, 0x93, 0xc8, 0x35, 0x45}} ,
+ {{0x61, 0x36, 0xd6, 0x08, 0x90, 0xbf, 0xa7, 0x7a, 0x97, 0x6c, 0x0f, 0x84, 0xd5, 0x33, 0x2d, 0x37, 0xc9, 0x6a, 0x80, 0x90, 0x3d, 0x0a, 0xa2, 0xaa, 0xe1, 0xb8, 0x84, 0xba, 0x61, 0x36, 0xdd, 0x69}}},
+{{{0x6b, 0xdb, 0x5b, 0x9c, 0xc6, 0x92, 0xbc, 0x23, 0xaf, 0xc5, 0xb8, 0x75, 0xf8, 0x42, 0xfa, 0xd6, 0xb6, 0x84, 0x94, 0x63, 0x98, 0x93, 0x48, 0x78, 0x38, 0xcd, 0xbb, 0x18, 0x34, 0xc3, 0xdb, 0x67}} ,
+ {{0x96, 0xf3, 0x3a, 0x09, 0x56, 0xb0, 0x6f, 0x7c, 0x51, 0x1e, 0x1b, 0x39, 0x48, 0xea, 0xc9, 0x0c, 0x25, 0xa2, 0x7a, 0xca, 0xe7, 0x92, 0xfc, 0x59, 0x30, 0xa3, 0x89, 0x85, 0xdf, 0x6f, 0x43, 0x38}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x79, 0x84, 0x44, 0x19, 0xbd, 0xe9, 0x54, 0xc4, 0xc0, 0x6e, 0x2a, 0xa8, 0xa8, 0x9b, 0x43, 0xd5, 0x71, 0x22, 0x5f, 0xdc, 0x01, 0xfa, 0xdf, 0xb3, 0xb8, 0x47, 0x4b, 0x0a, 0xa5, 0x44, 0xea, 0x29}} ,
+ {{0x05, 0x90, 0x50, 0xaf, 0x63, 0x5f, 0x9d, 0x9e, 0xe1, 0x9d, 0x38, 0x97, 0x1f, 0x6c, 0xac, 0x30, 0x46, 0xb2, 0x6a, 0x19, 0xd1, 0x4b, 0xdb, 0xbb, 0x8c, 0xda, 0x2e, 0xab, 0xc8, 0x5a, 0x77, 0x6c}}},
+{{{0x2b, 0xbe, 0xaf, 0xa1, 0x6d, 0x2f, 0x0b, 0xb1, 0x8f, 0xe3, 0xe0, 0x38, 0xcd, 0x0b, 0x41, 0x1b, 0x4a, 0x15, 0x07, 0xf3, 0x6f, 0xdc, 0xb8, 0xe9, 0xde, 0xb2, 0xa3, 0x40, 0x01, 0xa6, 0x45, 0x1e}} ,
+ {{0x76, 0x0a, 0xda, 0x8d, 0x2c, 0x07, 0x3f, 0x89, 0x7d, 0x04, 0xad, 0x43, 0x50, 0x6e, 0xd2, 0x47, 0xcb, 0x8a, 0xe6, 0x85, 0x1a, 0x24, 0xf3, 0xd2, 0x60, 0xfd, 0xdf, 0x73, 0xa4, 0x0d, 0x73, 0x0e}}},
+{{{0xfd, 0x67, 0x6b, 0x71, 0x9b, 0x81, 0x53, 0x39, 0x39, 0xf4, 0xb8, 0xd5, 0xc3, 0x30, 0x9b, 0x3b, 0x7c, 0xa3, 0xf0, 0xd0, 0x84, 0x21, 0xd6, 0xbf, 0xb7, 0x4c, 0x87, 0x13, 0x45, 0x2d, 0xa7, 0x55}} ,
+ {{0x5d, 0x04, 0xb3, 0x40, 0x28, 0x95, 0x2d, 0x30, 0x83, 0xec, 0x5e, 0xe4, 0xff, 0x75, 0xfe, 0x79, 0x26, 0x9d, 0x1d, 0x36, 0xcd, 0x0a, 0x15, 0xd2, 0x24, 0x14, 0x77, 0x71, 0xd7, 0x8a, 0x1b, 0x04}}},
+{{{0x5d, 0x93, 0xc9, 0xbe, 0xaa, 0x90, 0xcd, 0x9b, 0xfb, 0x73, 0x7e, 0xb0, 0x64, 0x98, 0x57, 0x44, 0x42, 0x41, 0xb1, 0xaf, 0xea, 0xc1, 0xc3, 0x22, 0xff, 0x60, 0x46, 0xcb, 0x61, 0x81, 0x70, 0x61}} ,
+ {{0x0d, 0x82, 0xb9, 0xfe, 0x21, 0xcd, 0xc4, 0xf5, 0x98, 0x0c, 0x4e, 0x72, 0xee, 0x87, 0x49, 0xf8, 0xa1, 0x95, 0xdf, 0x8f, 0x2d, 0xbd, 0x21, 0x06, 0x7c, 0x15, 0xe8, 0x12, 0x6d, 0x93, 0xd6, 0x38}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x91, 0xf7, 0x51, 0xd9, 0xef, 0x7d, 0x42, 0x01, 0x13, 0xe9, 0xb8, 0x7f, 0xa6, 0x49, 0x17, 0x64, 0x21, 0x80, 0x83, 0x2c, 0x63, 0x4c, 0x60, 0x09, 0x59, 0x91, 0x92, 0x77, 0x39, 0x51, 0xf4, 0x48}} ,
+ {{0x60, 0xd5, 0x22, 0x83, 0x08, 0x2f, 0xff, 0x99, 0x3e, 0x69, 0x6d, 0x88, 0xda, 0xe7, 0x5b, 0x52, 0x26, 0x31, 0x2a, 0xe5, 0x89, 0xde, 0x68, 0x90, 0xb6, 0x22, 0x5a, 0xbd, 0xd3, 0x85, 0x53, 0x31}}},
+{{{0xd8, 0xce, 0xdc, 0xf9, 0x3c, 0x4b, 0xa2, 0x1d, 0x2c, 0x2f, 0x36, 0xbe, 0x7a, 0xfc, 0xcd, 0xbc, 0xdc, 0xf9, 0x30, 0xbd, 0xff, 0x05, 0xc7, 0xe4, 0x8e, 0x17, 0x62, 0xf8, 0x4d, 0xa0, 0x56, 0x79}} ,
+ {{0x82, 0xe7, 0xf6, 0xba, 0x53, 0x84, 0x0a, 0xa3, 0x34, 0xff, 0x3c, 0xa3, 0x6a, 0xa1, 0x37, 0xea, 0xdd, 0xb6, 0x95, 0xb3, 0x78, 0x19, 0x76, 0x1e, 0x55, 0x2f, 0x77, 0x2e, 0x7f, 0xc1, 0xea, 0x5e}}},
+{{{0x83, 0xe1, 0x6e, 0xa9, 0x07, 0x33, 0x3e, 0x83, 0xff, 0xcb, 0x1c, 0x9f, 0xb1, 0xa3, 0xb4, 0xc9, 0xe1, 0x07, 0x97, 0xff, 0xf8, 0x23, 0x8f, 0xce, 0x40, 0xfd, 0x2e, 0x5e, 0xdb, 0x16, 0x43, 0x2d}} ,
+ {{0xba, 0x38, 0x02, 0xf7, 0x81, 0x43, 0x83, 0xa3, 0x20, 0x4f, 0x01, 0x3b, 0x8a, 0x04, 0x38, 0x31, 0xc6, 0x0f, 0xc8, 0xdf, 0xd7, 0xfa, 0x2f, 0x88, 0x3f, 0xfc, 0x0c, 0x76, 0xc4, 0xa6, 0x45, 0x72}}},
+{{{0xbb, 0x0c, 0xbc, 0x6a, 0xa4, 0x97, 0x17, 0x93, 0x2d, 0x6f, 0xde, 0x72, 0x10, 0x1c, 0x08, 0x2c, 0x0f, 0x80, 0x32, 0x68, 0x27, 0xd4, 0xab, 0xdd, 0xc5, 0x58, 0x61, 0x13, 0x6d, 0x11, 0x1e, 0x4d}} ,
+ {{0x1a, 0xb9, 0xc9, 0x10, 0xfb, 0x1e, 0x4e, 0xf4, 0x84, 0x4b, 0x8a, 0x5e, 0x7b, 0x4b, 0xe8, 0x43, 0x8c, 0x8f, 0x00, 0xb5, 0x54, 0x13, 0xc5, 0x5c, 0xb6, 0x35, 0x4e, 0x9d, 0xe4, 0x5b, 0x41, 0x6d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x15, 0x7d, 0x12, 0x48, 0x82, 0x14, 0x42, 0xcd, 0x32, 0xd4, 0x4b, 0xc1, 0x72, 0x61, 0x2a, 0x8c, 0xec, 0xe2, 0xf8, 0x24, 0x45, 0x94, 0xe3, 0xbe, 0xdd, 0x67, 0xa8, 0x77, 0x5a, 0xae, 0x5b, 0x4b}} ,
+ {{0xcb, 0x77, 0x9a, 0x20, 0xde, 0xb8, 0x23, 0xd9, 0xa0, 0x0f, 0x8c, 0x7b, 0xa5, 0xcb, 0xae, 0xb6, 0xec, 0x42, 0x67, 0x0e, 0x58, 0xa4, 0x75, 0x98, 0x21, 0x71, 0x84, 0xb3, 0xe0, 0x76, 0x94, 0x73}}},
+{{{0xdf, 0xfc, 0x69, 0x28, 0x23, 0x3f, 0x5b, 0xf8, 0x3b, 0x24, 0x37, 0xf3, 0x1d, 0xd5, 0x22, 0x6b, 0xd0, 0x98, 0xa8, 0x6c, 0xcf, 0xff, 0x06, 0xe1, 0x13, 0xdf, 0xb9, 0xc1, 0x0c, 0xa9, 0xbf, 0x33}} ,
+ {{0xd9, 0x81, 0xda, 0xb2, 0x4f, 0x82, 0x9d, 0x43, 0x81, 0x09, 0xf1, 0xd2, 0x01, 0xef, 0xac, 0xf4, 0x2d, 0x7d, 0x01, 0x09, 0xf1, 0xff, 0xa5, 0x9f, 0xe5, 0xca, 0x27, 0x63, 0xdb, 0x20, 0xb1, 0x53}}},
+{{{0x67, 0x02, 0xe8, 0xad, 0xa9, 0x34, 0xd4, 0xf0, 0x15, 0x81, 0xaa, 0xc7, 0x4d, 0x87, 0x94, 0xea, 0x75, 0xe7, 0x4c, 0x94, 0x04, 0x0e, 0x69, 0x87, 0xe7, 0x51, 0x91, 0x10, 0x03, 0xc7, 0xbe, 0x56}} ,
+ {{0x32, 0xfb, 0x86, 0xec, 0x33, 0x6b, 0x2e, 0x51, 0x2b, 0xc8, 0xfa, 0x6c, 0x70, 0x47, 0x7e, 0xce, 0x05, 0x0c, 0x71, 0xf3, 0xb4, 0x56, 0xa6, 0xdc, 0xcc, 0x78, 0x07, 0x75, 0xd0, 0xdd, 0xb2, 0x6a}}},
+{{{0xc6, 0xef, 0xb9, 0xc0, 0x2b, 0x22, 0x08, 0x1e, 0x71, 0x70, 0xb3, 0x35, 0x9c, 0x7a, 0x01, 0x92, 0x44, 0x9a, 0xf6, 0xb0, 0x58, 0x95, 0xc1, 0x9b, 0x02, 0xed, 0x2d, 0x7c, 0x34, 0x29, 0x49, 0x44}} ,
+ {{0x45, 0x62, 0x1d, 0x2e, 0xff, 0x2a, 0x1c, 0x21, 0xa4, 0x25, 0x7b, 0x0d, 0x8c, 0x15, 0x39, 0xfc, 0x8f, 0x7c, 0xa5, 0x7d, 0x1e, 0x25, 0xa3, 0x45, 0xd6, 0xab, 0xbd, 0xcb, 0xc5, 0x5e, 0x78, 0x77}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0xd3, 0x42, 0xed, 0x1d, 0x00, 0x3c, 0x15, 0x2c, 0x9c, 0x77, 0x81, 0xd2, 0x73, 0xd1, 0x06, 0xd5, 0xc4, 0x7f, 0x94, 0xbb, 0x92, 0x2d, 0x2c, 0x4b, 0x45, 0x4b, 0xe9, 0x2a, 0x89, 0x6b, 0x2b}} ,
+ {{0xd2, 0x0c, 0x88, 0xc5, 0x48, 0x4d, 0xea, 0x0d, 0x4a, 0xc9, 0x52, 0x6a, 0x61, 0x79, 0xe9, 0x76, 0xf3, 0x85, 0x52, 0x5c, 0x1b, 0x2c, 0xe1, 0xd6, 0xc4, 0x0f, 0x18, 0x0e, 0x4e, 0xf6, 0x1c, 0x7f}}},
+{{{0xb4, 0x04, 0x2e, 0x42, 0xcb, 0x1f, 0x2b, 0x11, 0x51, 0x7b, 0x08, 0xac, 0xaa, 0x3e, 0x9e, 0x52, 0x60, 0xb7, 0xc2, 0x61, 0x57, 0x8c, 0x84, 0xd5, 0x18, 0xa6, 0x19, 0xfc, 0xb7, 0x75, 0x91, 0x1b}} ,
+ {{0xe8, 0x68, 0xca, 0x44, 0xc8, 0x38, 0x38, 0xcc, 0x53, 0x0a, 0x32, 0x35, 0xcc, 0x52, 0xcb, 0x0e, 0xf7, 0xc5, 0xe7, 0xec, 0x3d, 0x85, 0xcc, 0x58, 0xe2, 0x17, 0x47, 0xff, 0x9f, 0xa5, 0x30, 0x17}}},
+{{{0xe3, 0xae, 0xc8, 0xc1, 0x71, 0x75, 0x31, 0x00, 0x37, 0x41, 0x5c, 0x0e, 0x39, 0xda, 0x73, 0xa0, 0xc7, 0x97, 0x36, 0x6c, 0x5b, 0xf2, 0xee, 0x64, 0x0a, 0x3d, 0x89, 0x1e, 0x1d, 0x49, 0x8c, 0x37}} ,
+ {{0x4c, 0xe6, 0xb0, 0xc1, 0xa5, 0x2a, 0x82, 0x09, 0x08, 0xad, 0x79, 0x9c, 0x56, 0xf6, 0xf9, 0xc1, 0xd7, 0x7c, 0x39, 0x7f, 0x93, 0xca, 0x11, 0x55, 0xbf, 0x07, 0x1b, 0x82, 0x29, 0x69, 0x95, 0x5c}}},
+{{{0x87, 0xee, 0xa6, 0x56, 0x9e, 0xc2, 0x9a, 0x56, 0x24, 0x42, 0x85, 0x4d, 0x98, 0x31, 0x1e, 0x60, 0x4d, 0x87, 0x85, 0x04, 0xae, 0x46, 0x12, 0xf9, 0x8e, 0x7f, 0xe4, 0x7f, 0xf6, 0x1c, 0x37, 0x01}} ,
+ {{0x73, 0x4c, 0xb6, 0xc5, 0xc4, 0xe9, 0x6c, 0x85, 0x48, 0x4a, 0x5a, 0xac, 0xd9, 0x1f, 0x43, 0xf8, 0x62, 0x5b, 0xee, 0x98, 0x2a, 0x33, 0x8e, 0x79, 0xce, 0x61, 0x06, 0x35, 0xd8, 0xd7, 0xca, 0x71}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x72, 0xd3, 0xae, 0xa6, 0xca, 0x8f, 0xcd, 0xcc, 0x78, 0x8e, 0x19, 0x4d, 0xa7, 0xd2, 0x27, 0xe9, 0xa4, 0x3c, 0x16, 0x5b, 0x84, 0x80, 0xf9, 0xd0, 0xcc, 0x6a, 0x1e, 0xca, 0x1e, 0x67, 0xbd, 0x63}} ,
+ {{0x7b, 0x6e, 0x2a, 0xd2, 0x87, 0x48, 0xff, 0xa1, 0xca, 0xe9, 0x15, 0x85, 0xdc, 0xdb, 0x2c, 0x39, 0x12, 0x91, 0xa9, 0x20, 0xaa, 0x4f, 0x29, 0xf4, 0x15, 0x7a, 0xd2, 0xf5, 0x32, 0xcc, 0x60, 0x04}}},
+{{{0xe5, 0x10, 0x47, 0x3b, 0xfa, 0x90, 0xfc, 0x30, 0xb5, 0xea, 0x6f, 0x56, 0x8f, 0xfb, 0x0e, 0xa7, 0x3b, 0xc8, 0xb2, 0xff, 0x02, 0x7a, 0x33, 0x94, 0x93, 0x2a, 0x03, 0xe0, 0x96, 0x3a, 0x6c, 0x0f}} ,
+ {{0x5a, 0x63, 0x67, 0xe1, 0x9b, 0x47, 0x78, 0x9f, 0x38, 0x79, 0xac, 0x97, 0x66, 0x1d, 0x5e, 0x51, 0xee, 0x24, 0x42, 0xe8, 0x58, 0x4b, 0x8a, 0x03, 0x75, 0x86, 0x37, 0x86, 0xe2, 0x97, 0x4e, 0x3d}}},
+{{{0x3f, 0x75, 0x8e, 0xb4, 0xff, 0xd8, 0xdd, 0xd6, 0x37, 0x57, 0x9d, 0x6d, 0x3b, 0xbd, 0xd5, 0x60, 0x88, 0x65, 0x9a, 0xb9, 0x4a, 0x68, 0x84, 0xa2, 0x67, 0xdd, 0x17, 0x25, 0x97, 0x04, 0x8b, 0x5e}} ,
+ {{0xbb, 0x40, 0x5e, 0xbc, 0x16, 0x92, 0x05, 0xc4, 0xc0, 0x4e, 0x72, 0x90, 0x0e, 0xab, 0xcf, 0x8a, 0xed, 0xef, 0xb9, 0x2d, 0x3b, 0xf8, 0x43, 0x5b, 0xba, 0x2d, 0xeb, 0x2f, 0x52, 0xd2, 0xd1, 0x5a}}},
+{{{0x40, 0xb4, 0xab, 0xe6, 0xad, 0x9f, 0x46, 0x69, 0x4a, 0xb3, 0x8e, 0xaa, 0xea, 0x9c, 0x8a, 0x20, 0x16, 0x5d, 0x8c, 0x13, 0xbd, 0xf6, 0x1d, 0xc5, 0x24, 0xbd, 0x90, 0x2a, 0x1c, 0xc7, 0x13, 0x3b}} ,
+ {{0x54, 0xdc, 0x16, 0x0d, 0x18, 0xbe, 0x35, 0x64, 0x61, 0x52, 0x02, 0x80, 0xaf, 0x05, 0xf7, 0xa6, 0x42, 0xd3, 0x8f, 0x2e, 0x79, 0x26, 0xa8, 0xbb, 0xb2, 0x17, 0x48, 0xb2, 0x7a, 0x0a, 0x89, 0x14}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x20, 0xa8, 0x88, 0xe3, 0x91, 0xc0, 0x6e, 0xbb, 0x8a, 0x27, 0x82, 0x51, 0x83, 0xb2, 0x28, 0xa9, 0x83, 0xeb, 0xa6, 0xa9, 0x4d, 0x17, 0x59, 0x22, 0x54, 0x00, 0x50, 0x45, 0xcb, 0x48, 0x4b, 0x18}} ,
+ {{0x33, 0x7c, 0xe7, 0x26, 0xba, 0x4d, 0x32, 0xfe, 0x53, 0xf4, 0xfa, 0x83, 0xe3, 0xa5, 0x79, 0x66, 0x73, 0xef, 0x80, 0x23, 0x68, 0xc2, 0x60, 0xdd, 0xa9, 0x33, 0xdc, 0x03, 0x7a, 0xe0, 0xe0, 0x3e}}},
+{{{0x34, 0x5c, 0x13, 0xfb, 0xc0, 0xe3, 0x78, 0x2b, 0x54, 0x58, 0x22, 0x9b, 0x76, 0x81, 0x7f, 0x93, 0x9c, 0x25, 0x3c, 0xd2, 0xe9, 0x96, 0x21, 0x26, 0x08, 0xf5, 0xed, 0x95, 0x11, 0xae, 0x04, 0x5a}} ,
+ {{0xb9, 0xe8, 0xc5, 0x12, 0x97, 0x1f, 0x83, 0xfe, 0x3e, 0x94, 0x99, 0xd4, 0x2d, 0xf9, 0x52, 0x59, 0x5c, 0x82, 0xa6, 0xf0, 0x75, 0x7e, 0xe8, 0xec, 0xcc, 0xac, 0x18, 0x21, 0x09, 0x67, 0x66, 0x67}}},
+{{{0xb3, 0x40, 0x29, 0xd1, 0xcb, 0x1b, 0x08, 0x9e, 0x9c, 0xb7, 0x53, 0xb9, 0x3b, 0x71, 0x08, 0x95, 0x12, 0x1a, 0x58, 0xaf, 0x7e, 0x82, 0x52, 0x43, 0x4f, 0x11, 0x39, 0xf4, 0x93, 0x1a, 0x26, 0x05}} ,
+ {{0x6e, 0x44, 0xa3, 0xf9, 0x64, 0xaf, 0xe7, 0x6d, 0x7d, 0xdf, 0x1e, 0xac, 0x04, 0xea, 0x3b, 0x5f, 0x9b, 0xe8, 0x24, 0x9d, 0x0e, 0xe5, 0x2e, 0x3e, 0xdf, 0xa9, 0xf7, 0xd4, 0x50, 0x71, 0xf0, 0x78}}},
+{{{0x3e, 0xa8, 0x38, 0xc2, 0x57, 0x56, 0x42, 0x9a, 0xb1, 0xe2, 0xf8, 0x45, 0xaa, 0x11, 0x48, 0x5f, 0x17, 0xc4, 0x54, 0x27, 0xdc, 0x5d, 0xaa, 0xdd, 0x41, 0xbc, 0xdf, 0x81, 0xb9, 0x53, 0xee, 0x52}} ,
+ {{0xc3, 0xf1, 0xa7, 0x6d, 0xb3, 0x5f, 0x92, 0x6f, 0xcc, 0x91, 0xb8, 0x95, 0x05, 0xdf, 0x3c, 0x64, 0x57, 0x39, 0x61, 0x51, 0xad, 0x8c, 0x38, 0x7b, 0xc8, 0xde, 0x00, 0x34, 0xbe, 0xa1, 0xb0, 0x7e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0x24, 0x1d, 0x8a, 0x67, 0x20, 0xee, 0x42, 0xeb, 0x38, 0xed, 0x0b, 0x8b, 0xcd, 0x46, 0x9d, 0x5e, 0x6b, 0x1e, 0x24, 0x9d, 0x12, 0x05, 0x1a, 0xcc, 0x05, 0x4e, 0x92, 0x38, 0xe1, 0x1f, 0x50}} ,
+ {{0x4e, 0xee, 0x1c, 0x91, 0xe6, 0x11, 0xbd, 0x8e, 0x55, 0x1a, 0x18, 0x75, 0x66, 0xaf, 0x4d, 0x7b, 0x0f, 0xae, 0x6d, 0x85, 0xca, 0x82, 0x58, 0x21, 0x9c, 0x18, 0xe0, 0xed, 0xec, 0x22, 0x80, 0x2f}}},
+{{{0x68, 0x3b, 0x0a, 0x39, 0x1d, 0x6a, 0x15, 0x57, 0xfc, 0xf0, 0x63, 0x54, 0xdb, 0x39, 0xdb, 0xe8, 0x5c, 0x64, 0xff, 0xa0, 0x09, 0x4f, 0x3b, 0xb7, 0x32, 0x60, 0x99, 0x94, 0xfd, 0x94, 0x82, 0x2d}} ,
+ {{0x24, 0xf6, 0x5a, 0x44, 0xf1, 0x55, 0x2c, 0xdb, 0xea, 0x7c, 0x84, 0x7c, 0x01, 0xac, 0xe3, 0xfd, 0xc9, 0x27, 0xc1, 0x5a, 0xb9, 0xde, 0x4f, 0x5a, 0x90, 0xdd, 0xc6, 0x67, 0xaa, 0x6f, 0x8a, 0x3a}}},
+{{{0x78, 0x52, 0x87, 0xc9, 0x97, 0x63, 0xb1, 0xdd, 0x54, 0x5f, 0xc1, 0xf8, 0xf1, 0x06, 0xa6, 0xa8, 0xa3, 0x88, 0x82, 0xd4, 0xcb, 0xa6, 0x19, 0xdd, 0xd1, 0x11, 0x87, 0x08, 0x17, 0x4c, 0x37, 0x2a}} ,
+ {{0xa1, 0x0c, 0xf3, 0x08, 0x43, 0xd9, 0x24, 0x1e, 0x83, 0xa7, 0xdf, 0x91, 0xca, 0xbd, 0x69, 0x47, 0x8d, 0x1b, 0xe2, 0xb9, 0x4e, 0xb5, 0xe1, 0x76, 0xb3, 0x1c, 0x93, 0x03, 0xce, 0x5f, 0xb3, 0x5a}}},
+{{{0x1d, 0xda, 0xe4, 0x61, 0x03, 0x50, 0xa9, 0x8b, 0x68, 0x18, 0xef, 0xb2, 0x1c, 0x84, 0x3b, 0xa2, 0x44, 0x95, 0xa3, 0x04, 0x3b, 0xd6, 0x99, 0x00, 0xaf, 0x76, 0x42, 0x67, 0x02, 0x7d, 0x85, 0x56}} ,
+ {{0xce, 0x72, 0x0e, 0x29, 0x84, 0xb2, 0x7d, 0xd2, 0x45, 0xbe, 0x57, 0x06, 0xed, 0x7f, 0xcf, 0xed, 0xcd, 0xef, 0x19, 0xd6, 0xbc, 0x15, 0x79, 0x64, 0xd2, 0x18, 0xe3, 0x20, 0x67, 0x3a, 0x54, 0x0b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x52, 0xfd, 0x04, 0xc5, 0xfb, 0x99, 0xe7, 0xe8, 0xfb, 0x8c, 0xe1, 0x42, 0x03, 0xef, 0x9d, 0xd9, 0x9e, 0x4d, 0xf7, 0x80, 0xcf, 0x2e, 0xcc, 0x9b, 0x45, 0xc9, 0x7b, 0x7a, 0xbc, 0x37, 0xa8, 0x52}} ,
+ {{0x96, 0x11, 0x41, 0x8a, 0x47, 0x91, 0xfe, 0xb6, 0xda, 0x7a, 0x54, 0x63, 0xd1, 0x14, 0x35, 0x05, 0x86, 0x8c, 0xa9, 0x36, 0x3f, 0xf2, 0x85, 0x54, 0x4e, 0x92, 0xd8, 0x85, 0x01, 0x46, 0xd6, 0x50}}},
+{{{0x53, 0xcd, 0xf3, 0x86, 0x40, 0xe6, 0x39, 0x42, 0x95, 0xd6, 0xcb, 0x45, 0x1a, 0x20, 0xc8, 0x45, 0x4b, 0x32, 0x69, 0x04, 0xb1, 0xaf, 0x20, 0x46, 0xc7, 0x6b, 0x23, 0x5b, 0x69, 0xee, 0x30, 0x3f}} ,
+ {{0x70, 0x83, 0x47, 0xc0, 0xdb, 0x55, 0x08, 0xa8, 0x7b, 0x18, 0x6d, 0xf5, 0x04, 0x5a, 0x20, 0x0c, 0x4a, 0x8c, 0x60, 0xae, 0xae, 0x0f, 0x64, 0x55, 0x55, 0x2e, 0xd5, 0x1d, 0x53, 0x31, 0x42, 0x41}}},
+{{{0xca, 0xfc, 0x88, 0x6b, 0x96, 0x78, 0x0a, 0x8b, 0x83, 0xdc, 0xbc, 0xaf, 0x40, 0xb6, 0x8d, 0x7f, 0xef, 0xb4, 0xd1, 0x3f, 0xcc, 0xa2, 0x74, 0xc9, 0xc2, 0x92, 0x55, 0x00, 0xab, 0xdb, 0xbf, 0x4f}} ,
+ {{0x93, 0x1c, 0x06, 0x2d, 0x66, 0x65, 0x02, 0xa4, 0x97, 0x18, 0xfd, 0x00, 0xe7, 0xab, 0x03, 0xec, 0xce, 0xc1, 0xbf, 0x37, 0xf8, 0x13, 0x53, 0xa5, 0xe5, 0x0c, 0x3a, 0xa8, 0x55, 0xb9, 0xff, 0x68}}},
+{{{0xe4, 0xe6, 0x6d, 0x30, 0x7d, 0x30, 0x35, 0xc2, 0x78, 0x87, 0xf9, 0xfc, 0x6b, 0x5a, 0xc3, 0xb7, 0x65, 0xd8, 0x2e, 0xc7, 0xa5, 0x0c, 0xc6, 0xdc, 0x12, 0xaa, 0xd6, 0x4f, 0xc5, 0x38, 0xbc, 0x0e}} ,
+ {{0xe2, 0x3c, 0x76, 0x86, 0x38, 0xf2, 0x7b, 0x2c, 0x16, 0x78, 0x8d, 0xf5, 0xa4, 0x15, 0xda, 0xdb, 0x26, 0x85, 0xa0, 0x56, 0xdd, 0x1d, 0xe3, 0xb3, 0xfd, 0x40, 0xef, 0xf2, 0xd9, 0xa1, 0xb3, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xdb, 0x49, 0x0e, 0xe6, 0x58, 0x10, 0x7a, 0x52, 0xda, 0xb5, 0x7d, 0x37, 0x6a, 0x3e, 0xa1, 0x78, 0xce, 0xc7, 0x1c, 0x24, 0x23, 0xdb, 0x7d, 0xfb, 0x8c, 0x8d, 0xdc, 0x30, 0x67, 0x69, 0x75, 0x3b}} ,
+ {{0xa9, 0xea, 0x6d, 0x16, 0x16, 0x60, 0xf4, 0x60, 0x87, 0x19, 0x44, 0x8c, 0x4a, 0x8b, 0x3e, 0xfb, 0x16, 0x00, 0x00, 0x54, 0xa6, 0x9e, 0x9f, 0xef, 0xcf, 0xd9, 0xd2, 0x4c, 0x74, 0x31, 0xd0, 0x34}}},
+{{{0xa4, 0xeb, 0x04, 0xa4, 0x8c, 0x8f, 0x71, 0x27, 0x95, 0x85, 0x5d, 0x55, 0x4b, 0xb1, 0x26, 0x26, 0xc8, 0xae, 0x6a, 0x7d, 0xa2, 0x21, 0xca, 0xce, 0x38, 0xab, 0x0f, 0xd0, 0xd5, 0x2b, 0x6b, 0x00}} ,
+ {{0xe5, 0x67, 0x0c, 0xf1, 0x3a, 0x9a, 0xea, 0x09, 0x39, 0xef, 0xd1, 0x30, 0xbc, 0x33, 0xba, 0xb1, 0x6a, 0xc5, 0x27, 0x08, 0x7f, 0x54, 0x80, 0x3d, 0xab, 0xf6, 0x15, 0x7a, 0xc2, 0x40, 0x73, 0x72}}},
+{{{0x84, 0x56, 0x82, 0xb6, 0x12, 0x70, 0x7f, 0xf7, 0xf0, 0xbd, 0x5b, 0xa9, 0xd5, 0xc5, 0x5f, 0x59, 0xbf, 0x7f, 0xb3, 0x55, 0x22, 0x02, 0xc9, 0x44, 0x55, 0x87, 0x8f, 0x96, 0x98, 0x64, 0x6d, 0x15}} ,
+ {{0xb0, 0x8b, 0xaa, 0x1e, 0xec, 0xc7, 0xa5, 0x8f, 0x1f, 0x92, 0x04, 0xc6, 0x05, 0xf6, 0xdf, 0xa1, 0xcc, 0x1f, 0x81, 0xf5, 0x0e, 0x9c, 0x57, 0xdc, 0xe3, 0xbb, 0x06, 0x87, 0x1e, 0xfe, 0x23, 0x6c}}},
+{{{0xd8, 0x2b, 0x5b, 0x16, 0xea, 0x20, 0xf1, 0xd3, 0x68, 0x8f, 0xae, 0x5b, 0xd0, 0xa9, 0x1a, 0x19, 0xa8, 0x36, 0xfb, 0x2b, 0x57, 0x88, 0x7d, 0x90, 0xd5, 0xa6, 0xf3, 0xdc, 0x38, 0x89, 0x4e, 0x1f}} ,
+ {{0xcc, 0x19, 0xda, 0x9b, 0x3b, 0x43, 0x48, 0x21, 0x2e, 0x23, 0x4d, 0x3d, 0xae, 0xf8, 0x8c, 0xfc, 0xdd, 0xa6, 0x74, 0x37, 0x65, 0xca, 0xee, 0x1a, 0x19, 0x8e, 0x9f, 0x64, 0x6f, 0x0c, 0x8b, 0x5a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0xb9, 0xc2, 0xf0, 0x72, 0xb8, 0x15, 0x16, 0xcc, 0x8d, 0x3c, 0x6f, 0x25, 0xed, 0xf4, 0x46, 0x2e, 0x0c, 0x60, 0x0f, 0xe2, 0x84, 0x34, 0x55, 0x89, 0x59, 0x34, 0x1b, 0xf5, 0x8d, 0xfe, 0x08}} ,
+ {{0xf8, 0xab, 0x93, 0xbc, 0x44, 0xba, 0x1b, 0x75, 0x4b, 0x49, 0x6f, 0xd0, 0x54, 0x2e, 0x63, 0xba, 0xb5, 0xea, 0xed, 0x32, 0x14, 0xc9, 0x94, 0xd8, 0xc5, 0xce, 0xf4, 0x10, 0x68, 0xe0, 0x38, 0x27}}},
+{{{0x74, 0x1c, 0x14, 0x9b, 0xd4, 0x64, 0x61, 0x71, 0x5a, 0xb6, 0x21, 0x33, 0x4f, 0xf7, 0x8e, 0xba, 0xa5, 0x48, 0x9a, 0xc7, 0xfa, 0x9a, 0xf0, 0xb4, 0x62, 0xad, 0xf2, 0x5e, 0xcc, 0x03, 0x24, 0x1a}} ,
+ {{0xf5, 0x76, 0xfd, 0xe4, 0xaf, 0xb9, 0x03, 0x59, 0xce, 0x63, 0xd2, 0x3b, 0x1f, 0xcd, 0x21, 0x0c, 0xad, 0x44, 0xa5, 0x97, 0xac, 0x80, 0x11, 0x02, 0x9b, 0x0c, 0xe5, 0x8b, 0xcd, 0xfb, 0x79, 0x77}}},
+{{{0x15, 0xbe, 0x9a, 0x0d, 0xba, 0x38, 0x72, 0x20, 0x8a, 0xf5, 0xbe, 0x59, 0x93, 0x79, 0xb7, 0xf6, 0x6a, 0x0c, 0x38, 0x27, 0x1a, 0x60, 0xf4, 0x86, 0x3b, 0xab, 0x5a, 0x00, 0xa0, 0xce, 0x21, 0x7d}} ,
+ {{0x6c, 0xba, 0x14, 0xc5, 0xea, 0x12, 0x9e, 0x2e, 0x82, 0x63, 0xce, 0x9b, 0x4a, 0xe7, 0x1d, 0xec, 0xf1, 0x2e, 0x51, 0x1c, 0xf4, 0xd0, 0x69, 0x15, 0x42, 0x9d, 0xa3, 0x3f, 0x0e, 0xbf, 0xe9, 0x5c}}},
+{{{0xe4, 0x0d, 0xf4, 0xbd, 0xee, 0x31, 0x10, 0xed, 0xcb, 0x12, 0x86, 0xad, 0xd4, 0x2f, 0x90, 0x37, 0x32, 0xc3, 0x0b, 0x73, 0xec, 0x97, 0x85, 0xa4, 0x01, 0x1c, 0x76, 0x35, 0xfe, 0x75, 0xdd, 0x71}} ,
+ {{0x11, 0xa4, 0x88, 0x9f, 0x3e, 0x53, 0x69, 0x3b, 0x1b, 0xe0, 0xf7, 0xba, 0x9b, 0xad, 0x4e, 0x81, 0x5f, 0xb5, 0x5c, 0xae, 0xbe, 0x67, 0x86, 0x37, 0x34, 0x8e, 0x07, 0x32, 0x45, 0x4a, 0x67, 0x39}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x90, 0x70, 0x58, 0x20, 0x03, 0x1e, 0x67, 0xb2, 0xc8, 0x9b, 0x58, 0xc5, 0xb1, 0xeb, 0x2d, 0x4a, 0xde, 0x82, 0x8c, 0xf2, 0xd2, 0x14, 0xb8, 0x70, 0x61, 0x4e, 0x73, 0xd6, 0x0b, 0x6b, 0x0d, 0x30}} ,
+ {{0x81, 0xfc, 0x55, 0x5c, 0xbf, 0xa7, 0xc4, 0xbd, 0xe2, 0xf0, 0x4b, 0x8f, 0xe9, 0x7d, 0x99, 0xfa, 0xd3, 0xab, 0xbc, 0xc7, 0x83, 0x2b, 0x04, 0x7f, 0x0c, 0x19, 0x43, 0x03, 0x3d, 0x07, 0xca, 0x40}}},
+{{{0xf9, 0xc8, 0xbe, 0x8c, 0x16, 0x81, 0x39, 0x96, 0xf6, 0x17, 0x58, 0xc8, 0x30, 0x58, 0xfb, 0xc2, 0x03, 0x45, 0xd2, 0x52, 0x76, 0xe0, 0x6a, 0x26, 0x28, 0x5c, 0x88, 0x59, 0x6a, 0x5a, 0x54, 0x42}} ,
+ {{0x07, 0xb5, 0x2e, 0x2c, 0x67, 0x15, 0x9b, 0xfb, 0x83, 0x69, 0x1e, 0x0f, 0xda, 0xd6, 0x29, 0xb1, 0x60, 0xe0, 0xb2, 0xba, 0x69, 0xa2, 0x9e, 0xbd, 0xbd, 0xe0, 0x1c, 0xbd, 0xcd, 0x06, 0x64, 0x70}}},
+{{{0x41, 0xfa, 0x8c, 0xe1, 0x89, 0x8f, 0x27, 0xc8, 0x25, 0x8f, 0x6f, 0x5f, 0x55, 0xf8, 0xde, 0x95, 0x6d, 0x2f, 0x75, 0x16, 0x2b, 0x4e, 0x44, 0xfd, 0x86, 0x6e, 0xe9, 0x70, 0x39, 0x76, 0x97, 0x7e}} ,
+ {{0x17, 0x62, 0x6b, 0x14, 0xa1, 0x7c, 0xd0, 0x79, 0x6e, 0xd8, 0x8a, 0xa5, 0x6d, 0x8c, 0x93, 0xd2, 0x3f, 0xec, 0x44, 0x8d, 0x6e, 0x91, 0x01, 0x8c, 0x8f, 0xee, 0x01, 0x8f, 0xc0, 0xb4, 0x85, 0x0e}}},
+{{{0x02, 0x3a, 0x70, 0x41, 0xe4, 0x11, 0x57, 0x23, 0xac, 0xe6, 0xfc, 0x54, 0x7e, 0xcd, 0xd7, 0x22, 0xcb, 0x76, 0x9f, 0x20, 0xce, 0xa0, 0x73, 0x76, 0x51, 0x3b, 0xa4, 0xf8, 0xe3, 0x62, 0x12, 0x6c}} ,
+ {{0x7f, 0x00, 0x9c, 0x26, 0x0d, 0x6f, 0x48, 0x7f, 0x3a, 0x01, 0xed, 0xc5, 0x96, 0xb0, 0x1f, 0x4f, 0xa8, 0x02, 0x62, 0x27, 0x8a, 0x50, 0x8d, 0x9a, 0x8b, 0x52, 0x0f, 0x1e, 0xcf, 0x41, 0x38, 0x19}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf5, 0x6c, 0xd4, 0x2f, 0x0f, 0x69, 0x0f, 0x87, 0x3f, 0x61, 0x65, 0x1e, 0x35, 0x34, 0x85, 0xba, 0x02, 0x30, 0xac, 0x25, 0x3d, 0xe2, 0x62, 0xf1, 0xcc, 0xe9, 0x1b, 0xc2, 0xef, 0x6a, 0x42, 0x57}} ,
+ {{0x34, 0x1f, 0x2e, 0xac, 0xd1, 0xc7, 0x04, 0x52, 0x32, 0x66, 0xb2, 0x33, 0x73, 0x21, 0x34, 0x54, 0xf7, 0x71, 0xed, 0x06, 0xb0, 0xff, 0xa6, 0x59, 0x6f, 0x8a, 0x4e, 0xfb, 0x02, 0xb0, 0x45, 0x6b}}},
+{{{0xf5, 0x48, 0x0b, 0x03, 0xc5, 0x22, 0x7d, 0x80, 0x08, 0x53, 0xfe, 0x32, 0xb1, 0xa1, 0x8a, 0x74, 0x6f, 0xbd, 0x3f, 0x85, 0xf4, 0xcf, 0xf5, 0x60, 0xaf, 0x41, 0x7e, 0x3e, 0x46, 0xa3, 0x5a, 0x20}} ,
+ {{0xaa, 0x35, 0x87, 0x44, 0x63, 0x66, 0x97, 0xf8, 0x6e, 0x55, 0x0c, 0x04, 0x3e, 0x35, 0x50, 0xbf, 0x93, 0x69, 0xd2, 0x8b, 0x05, 0x55, 0x99, 0xbe, 0xe2, 0x53, 0x61, 0xec, 0xe8, 0x08, 0x0b, 0x32}}},
+{{{0xb3, 0x10, 0x45, 0x02, 0x69, 0x59, 0x2e, 0x97, 0xd9, 0x64, 0xf8, 0xdb, 0x25, 0x80, 0xdc, 0xc4, 0xd5, 0x62, 0x3c, 0xed, 0x65, 0x91, 0xad, 0xd1, 0x57, 0x81, 0x94, 0xaa, 0xa1, 0x29, 0xfc, 0x68}} ,
+ {{0xdd, 0xb5, 0x7d, 0xab, 0x5a, 0x21, 0x41, 0x53, 0xbb, 0x17, 0x79, 0x0d, 0xd1, 0xa8, 0x0c, 0x0c, 0x20, 0x88, 0x09, 0xe9, 0x84, 0xe8, 0x25, 0x11, 0x67, 0x7a, 0x8b, 0x1a, 0xe4, 0x5d, 0xe1, 0x5d}}},
+{{{0x37, 0xea, 0xfe, 0x65, 0x3b, 0x25, 0xe8, 0xe1, 0xc2, 0xc5, 0x02, 0xa4, 0xbe, 0x98, 0x0a, 0x2b, 0x61, 0xc1, 0x9b, 0xe2, 0xd5, 0x92, 0xe6, 0x9e, 0x7d, 0x1f, 0xca, 0x43, 0x88, 0x8b, 0x2c, 0x59}} ,
+ {{0xe0, 0xb5, 0x00, 0x1d, 0x2a, 0x6f, 0xaf, 0x79, 0x86, 0x2f, 0xa6, 0x5a, 0x93, 0xd1, 0xfe, 0xae, 0x3a, 0xee, 0xdb, 0x7c, 0x61, 0xbe, 0x7c, 0x01, 0xf9, 0xfe, 0x52, 0xdc, 0xd8, 0x52, 0xa3, 0x42}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x22, 0xaf, 0x13, 0x37, 0xbd, 0x37, 0x71, 0xac, 0x04, 0x46, 0x63, 0xac, 0xa4, 0x77, 0xed, 0x25, 0x38, 0xe0, 0x15, 0xa8, 0x64, 0x00, 0x0d, 0xce, 0x51, 0x01, 0xa9, 0xbc, 0x0f, 0x03, 0x1c, 0x04}} ,
+ {{0x89, 0xf9, 0x80, 0x07, 0xcf, 0x3f, 0xb3, 0xe9, 0xe7, 0x45, 0x44, 0x3d, 0x2a, 0x7c, 0xe9, 0xe4, 0x16, 0x5c, 0x5e, 0x65, 0x1c, 0xc7, 0x7d, 0xc6, 0x7a, 0xfb, 0x43, 0xee, 0x25, 0x76, 0x46, 0x72}}},
+{{{0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62}} ,
+ {{0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03}}},
+{{{0x51, 0x16, 0x50, 0x7c, 0xd5, 0x5d, 0xf6, 0x99, 0xe8, 0x77, 0x72, 0x4e, 0xfa, 0x62, 0xcb, 0x76, 0x75, 0x0c, 0xe2, 0x71, 0x98, 0x92, 0xd5, 0xfa, 0x45, 0xdf, 0x5c, 0x6f, 0x1e, 0x9e, 0x28, 0x69}} ,
+ {{0x0d, 0xac, 0x66, 0x6d, 0xc3, 0x8b, 0xba, 0x16, 0xb5, 0xe2, 0xa0, 0x0d, 0x0c, 0xbd, 0xa4, 0x8e, 0x18, 0x6c, 0xf2, 0xdc, 0xf9, 0xdc, 0x4a, 0x86, 0x25, 0x95, 0x14, 0xcb, 0xd8, 0x1a, 0x04, 0x0f}}},
+{{{0x97, 0xa5, 0xdb, 0x8b, 0x2d, 0xaa, 0x42, 0x11, 0x09, 0xf2, 0x93, 0xbb, 0xd9, 0x06, 0x84, 0x4e, 0x11, 0xa8, 0xa0, 0x25, 0x2b, 0xa6, 0x5f, 0xae, 0xc4, 0xb4, 0x4c, 0xc8, 0xab, 0xc7, 0x3b, 0x02}} ,
+ {{0xee, 0xc9, 0x29, 0x0f, 0xdf, 0x11, 0x85, 0xed, 0xce, 0x0d, 0x62, 0x2c, 0x8f, 0x4b, 0xf9, 0x04, 0xe9, 0x06, 0x72, 0x1d, 0x37, 0x20, 0x50, 0xc9, 0x14, 0xeb, 0xec, 0x39, 0xa7, 0x97, 0x2b, 0x4d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x69, 0xd1, 0x39, 0xbd, 0xfb, 0x33, 0xbe, 0xc4, 0xf0, 0x5c, 0xef, 0xf0, 0x56, 0x68, 0xfc, 0x97, 0x47, 0xc8, 0x72, 0xb6, 0x53, 0xa4, 0x0a, 0x98, 0xa5, 0xb4, 0x37, 0x71, 0xcf, 0x66, 0x50, 0x6d}} ,
+ {{0x17, 0xa4, 0x19, 0x52, 0x11, 0x47, 0xb3, 0x5c, 0x5b, 0xa9, 0x2e, 0x22, 0xb4, 0x00, 0x52, 0xf9, 0x57, 0x18, 0xb8, 0xbe, 0x5a, 0xe3, 0xab, 0x83, 0xc8, 0x87, 0x0a, 0x2a, 0xd8, 0x8c, 0xbb, 0x54}}},
+{{{0xa9, 0x62, 0x93, 0x85, 0xbe, 0xe8, 0x73, 0x4a, 0x0e, 0xb0, 0xb5, 0x2d, 0x94, 0x50, 0xaa, 0xd3, 0xb2, 0xea, 0x9d, 0x62, 0x76, 0x3b, 0x07, 0x34, 0x4e, 0x2d, 0x70, 0xc8, 0x9a, 0x15, 0x66, 0x6b}} ,
+ {{0xc5, 0x96, 0xca, 0xc8, 0x22, 0x1a, 0xee, 0x5f, 0xe7, 0x31, 0x60, 0x22, 0x83, 0x08, 0x63, 0xce, 0xb9, 0x32, 0x44, 0x58, 0x5d, 0x3a, 0x9b, 0xe4, 0x04, 0xd5, 0xef, 0x38, 0xef, 0x4b, 0xdd, 0x19}}},
+{{{0x4d, 0xc2, 0x17, 0x75, 0xa1, 0x68, 0xcd, 0xc3, 0xc6, 0x03, 0x44, 0xe3, 0x78, 0x09, 0x91, 0x47, 0x3f, 0x0f, 0xe4, 0x92, 0x58, 0xfa, 0x7d, 0x1f, 0x20, 0x94, 0x58, 0x5e, 0xbc, 0x19, 0x02, 0x6f}} ,
+ {{0x20, 0xd6, 0xd8, 0x91, 0x54, 0xa7, 0xf3, 0x20, 0x4b, 0x34, 0x06, 0xfa, 0x30, 0xc8, 0x6f, 0x14, 0x10, 0x65, 0x74, 0x13, 0x4e, 0xf0, 0x69, 0x26, 0xce, 0xcf, 0x90, 0xf4, 0xd0, 0xc5, 0xc8, 0x64}}},
+{{{0x26, 0xa2, 0x50, 0x02, 0x24, 0x72, 0xf1, 0xf0, 0x4e, 0x2d, 0x93, 0xd5, 0x08, 0xe7, 0xae, 0x38, 0xf7, 0x18, 0xa5, 0x32, 0x34, 0xc2, 0xf0, 0xa6, 0xec, 0xb9, 0x61, 0x7b, 0x64, 0x99, 0xac, 0x71}} ,
+ {{0x25, 0xcf, 0x74, 0x55, 0x1b, 0xaa, 0xa9, 0x38, 0x41, 0x40, 0xd5, 0x95, 0x95, 0xab, 0x1c, 0x5e, 0xbc, 0x41, 0x7e, 0x14, 0x30, 0xbe, 0x13, 0x89, 0xf4, 0xe5, 0xeb, 0x28, 0xc0, 0xc2, 0x96, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2b, 0x77, 0x45, 0xec, 0x67, 0x76, 0x32, 0x4c, 0xb9, 0xdf, 0x25, 0x32, 0x6b, 0xcb, 0xe7, 0x14, 0x61, 0x43, 0xee, 0xba, 0x9b, 0x71, 0xef, 0xd2, 0x48, 0x65, 0xbb, 0x1b, 0x8a, 0x13, 0x1b, 0x22}} ,
+ {{0x84, 0xad, 0x0c, 0x18, 0x38, 0x5a, 0xba, 0xd0, 0x98, 0x59, 0xbf, 0x37, 0xb0, 0x4f, 0x97, 0x60, 0x20, 0xb3, 0x9b, 0x97, 0xf6, 0x08, 0x6c, 0xa4, 0xff, 0xfb, 0xb7, 0xfa, 0x95, 0xb2, 0x51, 0x79}}},
+{{{0x28, 0x5c, 0x3f, 0xdb, 0x6b, 0x18, 0x3b, 0x5c, 0xd1, 0x04, 0x28, 0xde, 0x85, 0x52, 0x31, 0xb5, 0xbb, 0xf6, 0xa9, 0xed, 0xbe, 0x28, 0x4f, 0xb3, 0x7e, 0x05, 0x6a, 0xdb, 0x95, 0x0d, 0x1b, 0x1c}} ,
+ {{0xd5, 0xc5, 0xc3, 0x9a, 0x0a, 0xd0, 0x31, 0x3e, 0x07, 0x36, 0x8e, 0xc0, 0x8a, 0x62, 0xb1, 0xca, 0xd6, 0x0e, 0x1e, 0x9d, 0xef, 0xab, 0x98, 0x4d, 0xbb, 0x6c, 0x05, 0xe0, 0xe4, 0x5d, 0xbd, 0x57}}},
+{{{0xcc, 0x21, 0x27, 0xce, 0xfd, 0xa9, 0x94, 0x8e, 0xe1, 0xab, 0x49, 0xe0, 0x46, 0x26, 0xa1, 0xa8, 0x8c, 0xa1, 0x99, 0x1d, 0xb4, 0x27, 0x6d, 0x2d, 0xc8, 0x39, 0x30, 0x5e, 0x37, 0x52, 0xc4, 0x6e}} ,
+ {{0xa9, 0x85, 0xf4, 0xe7, 0xb0, 0x15, 0x33, 0x84, 0x1b, 0x14, 0x1a, 0x02, 0xd9, 0x3b, 0xad, 0x0f, 0x43, 0x6c, 0xea, 0x3e, 0x0f, 0x7e, 0xda, 0xdd, 0x6b, 0x4c, 0x7f, 0x6e, 0xd4, 0x6b, 0xbf, 0x0f}}},
+{{{0x47, 0x9f, 0x7c, 0x56, 0x7c, 0x43, 0x91, 0x1c, 0xbb, 0x4e, 0x72, 0x3e, 0x64, 0xab, 0xa0, 0xa0, 0xdf, 0xb4, 0xd8, 0x87, 0x3a, 0xbd, 0xa8, 0x48, 0xc9, 0xb8, 0xef, 0x2e, 0xad, 0x6f, 0x84, 0x4f}} ,
+ {{0x2d, 0x2d, 0xf0, 0x1b, 0x7e, 0x2a, 0x6c, 0xf8, 0xa9, 0x6a, 0xe1, 0xf0, 0x99, 0xa1, 0x67, 0x9a, 0xd4, 0x13, 0xca, 0xca, 0xba, 0x27, 0x92, 0xaa, 0xa1, 0x5d, 0x50, 0xde, 0xcc, 0x40, 0x26, 0x0a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9f, 0x3e, 0xf2, 0xb2, 0x90, 0xce, 0xdb, 0x64, 0x3e, 0x03, 0xdd, 0x37, 0x36, 0x54, 0x70, 0x76, 0x24, 0xb5, 0x69, 0x03, 0xfc, 0xa0, 0x2b, 0x74, 0xb2, 0x05, 0x0e, 0xcc, 0xd8, 0x1f, 0x6a, 0x1f}} ,
+ {{0x19, 0x5e, 0x60, 0x69, 0x58, 0x86, 0xa0, 0x31, 0xbd, 0x32, 0xe9, 0x2c, 0x5c, 0xd2, 0x85, 0xba, 0x40, 0x64, 0xa8, 0x74, 0xf8, 0x0e, 0x1c, 0xb3, 0xa9, 0x69, 0xe8, 0x1e, 0x40, 0x64, 0x99, 0x77}}},
+{{{0x6c, 0x32, 0x4f, 0xfd, 0xbb, 0x5c, 0xbb, 0x8d, 0x64, 0x66, 0x4a, 0x71, 0x1f, 0x79, 0xa3, 0xad, 0x8d, 0xf9, 0xd4, 0xec, 0xcf, 0x67, 0x70, 0xfa, 0x05, 0x4a, 0x0f, 0x6e, 0xaf, 0x87, 0x0a, 0x6f}} ,
+ {{0xc6, 0x36, 0x6e, 0x6c, 0x8c, 0x24, 0x09, 0x60, 0xbe, 0x26, 0xd2, 0x4c, 0x5e, 0x17, 0xca, 0x5f, 0x1d, 0xcc, 0x87, 0xe8, 0x42, 0x6a, 0xcb, 0xcb, 0x7d, 0x92, 0x05, 0x35, 0x81, 0x13, 0x60, 0x6b}}},
+{{{0xf4, 0x15, 0xcd, 0x0f, 0x0a, 0xaf, 0x4e, 0x6b, 0x51, 0xfd, 0x14, 0xc4, 0x2e, 0x13, 0x86, 0x74, 0x44, 0xcb, 0x66, 0x6b, 0xb6, 0x9d, 0x74, 0x56, 0x32, 0xac, 0x8d, 0x8e, 0x8c, 0x8c, 0x8c, 0x39}} ,
+ {{0xca, 0x59, 0x74, 0x1a, 0x11, 0xef, 0x6d, 0xf7, 0x39, 0x5c, 0x3b, 0x1f, 0xfa, 0xe3, 0x40, 0x41, 0x23, 0x9e, 0xf6, 0xd1, 0x21, 0xa2, 0xbf, 0xad, 0x65, 0x42, 0x6b, 0x59, 0x8a, 0xe8, 0xc5, 0x7f}}},
+{{{0x64, 0x05, 0x7a, 0x84, 0x4a, 0x13, 0xc3, 0xf6, 0xb0, 0x6e, 0x9a, 0x6b, 0x53, 0x6b, 0x32, 0xda, 0xd9, 0x74, 0x75, 0xc4, 0xba, 0x64, 0x3d, 0x3b, 0x08, 0xdd, 0x10, 0x46, 0xef, 0xc7, 0x90, 0x1f}} ,
+ {{0x7b, 0x2f, 0x3a, 0xce, 0xc8, 0xa1, 0x79, 0x3c, 0x30, 0x12, 0x44, 0x28, 0xf6, 0xbc, 0xff, 0xfd, 0xf4, 0xc0, 0x97, 0xb0, 0xcc, 0xc3, 0x13, 0x7a, 0xb9, 0x9a, 0x16, 0xe4, 0xcb, 0x4c, 0x34, 0x63}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x07, 0x4e, 0xd3, 0x2d, 0x09, 0x33, 0x0e, 0xd2, 0x0d, 0xbe, 0x3e, 0xe7, 0xe4, 0xaa, 0xb7, 0x00, 0x8b, 0xe8, 0xad, 0xaa, 0x7a, 0x8d, 0x34, 0x28, 0xa9, 0x81, 0x94, 0xc5, 0xe7, 0x42, 0xac, 0x47}} ,
+ {{0x24, 0x89, 0x7a, 0x8f, 0xb5, 0x9b, 0xf0, 0xc2, 0x03, 0x64, 0xd0, 0x1e, 0xf5, 0xa4, 0xb2, 0xf3, 0x74, 0xe9, 0x1a, 0x16, 0xfd, 0xcb, 0x15, 0xea, 0xeb, 0x10, 0x6c, 0x35, 0xd1, 0xc1, 0xa6, 0x28}}},
+{{{0xcc, 0xd5, 0x39, 0xfc, 0xa5, 0xa4, 0xad, 0x32, 0x15, 0xce, 0x19, 0xe8, 0x34, 0x2b, 0x1c, 0x60, 0x91, 0xfc, 0x05, 0xa9, 0xb3, 0xdc, 0x80, 0x29, 0xc4, 0x20, 0x79, 0x06, 0x39, 0xc0, 0xe2, 0x22}} ,
+ {{0xbb, 0xa8, 0xe1, 0x89, 0x70, 0x57, 0x18, 0x54, 0x3c, 0xf6, 0x0d, 0x82, 0x12, 0x05, 0x87, 0x96, 0x06, 0x39, 0xe3, 0xf8, 0xb3, 0x95, 0xe5, 0xd7, 0x26, 0xbf, 0x09, 0x5a, 0x94, 0xf9, 0x1c, 0x63}}},
+{{{0x2b, 0x8c, 0x2d, 0x9a, 0x8b, 0x84, 0xf2, 0x56, 0xfb, 0xad, 0x2e, 0x7f, 0xb7, 0xfc, 0x30, 0xe1, 0x35, 0x89, 0xba, 0x4d, 0xa8, 0x6d, 0xce, 0x8c, 0x8b, 0x30, 0xe0, 0xda, 0x29, 0x18, 0x11, 0x17}} ,
+ {{0x19, 0xa6, 0x5a, 0x65, 0x93, 0xc3, 0xb5, 0x31, 0x22, 0x4f, 0xf3, 0xf6, 0x0f, 0xeb, 0x28, 0xc3, 0x7c, 0xeb, 0xce, 0x86, 0xec, 0x67, 0x76, 0x6e, 0x35, 0x45, 0x7b, 0xd8, 0x6b, 0x92, 0x01, 0x65}}},
+{{{0x3d, 0xd5, 0x9a, 0x64, 0x73, 0x36, 0xb1, 0xd6, 0x86, 0x98, 0x42, 0x3f, 0x8a, 0xf1, 0xc7, 0xf5, 0x42, 0xa8, 0x9c, 0x52, 0xa8, 0xdc, 0xf9, 0x24, 0x3f, 0x4a, 0xa1, 0xa4, 0x5b, 0xe8, 0x62, 0x1a}} ,
+ {{0xc5, 0xbd, 0xc8, 0x14, 0xd5, 0x0d, 0xeb, 0xe1, 0xa5, 0xe6, 0x83, 0x11, 0x09, 0x00, 0x1d, 0x55, 0x83, 0x51, 0x7e, 0x75, 0x00, 0x81, 0xb9, 0xcb, 0xd8, 0xc5, 0xe5, 0xa1, 0xd9, 0x17, 0x6d, 0x1f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xea, 0xf9, 0xe4, 0xe9, 0xe1, 0x52, 0x3f, 0x51, 0x19, 0x0d, 0xdd, 0xd9, 0x9d, 0x93, 0x31, 0x87, 0x23, 0x09, 0xd5, 0x83, 0xeb, 0x92, 0x09, 0x76, 0x6e, 0xe3, 0xf8, 0xc0, 0xa2, 0x66, 0xb5, 0x36}} ,
+ {{0x3a, 0xbb, 0x39, 0xed, 0x32, 0x02, 0xe7, 0x43, 0x7a, 0x38, 0x14, 0x84, 0xe3, 0x44, 0xd2, 0x5e, 0x94, 0xdd, 0x78, 0x89, 0x55, 0x4c, 0x73, 0x9e, 0xe1, 0xe4, 0x3e, 0x43, 0xd0, 0x4a, 0xde, 0x1b}}},
+{{{0xb2, 0xe7, 0x8f, 0xe3, 0xa3, 0xc5, 0xcb, 0x72, 0xee, 0x79, 0x41, 0xf8, 0xdf, 0xee, 0x65, 0xc5, 0x45, 0x77, 0x27, 0x3c, 0xbd, 0x58, 0xd3, 0x75, 0xe2, 0x04, 0x4b, 0xbb, 0x65, 0xf3, 0xc8, 0x0f}} ,
+ {{0x24, 0x7b, 0x93, 0x34, 0xb5, 0xe2, 0x74, 0x48, 0xcd, 0xa0, 0x0b, 0x92, 0x97, 0x66, 0x39, 0xf4, 0xb0, 0xe2, 0x5d, 0x39, 0x6a, 0x5b, 0x45, 0x17, 0x78, 0x1e, 0xdb, 0x91, 0x81, 0x1c, 0xf9, 0x16}}},
+{{{0x16, 0xdf, 0xd1, 0x5a, 0xd5, 0xe9, 0x4e, 0x58, 0x95, 0x93, 0x5f, 0x51, 0x09, 0xc3, 0x2a, 0xc9, 0xd4, 0x55, 0x48, 0x79, 0xa4, 0xa3, 0xb2, 0xc3, 0x62, 0xaa, 0x8c, 0xe8, 0xad, 0x47, 0x39, 0x1b}} ,
+ {{0x46, 0xda, 0x9e, 0x51, 0x3a, 0xe6, 0xd1, 0xa6, 0xbb, 0x4d, 0x7b, 0x08, 0xbe, 0x8c, 0xd5, 0xf3, 0x3f, 0xfd, 0xf7, 0x44, 0x80, 0x2d, 0x53, 0x4b, 0xd0, 0x87, 0x68, 0xc1, 0xb5, 0xd8, 0xf7, 0x07}}},
+{{{0xf4, 0x10, 0x46, 0xbe, 0xb7, 0xd2, 0xd1, 0xce, 0x5e, 0x76, 0xa2, 0xd7, 0x03, 0xdc, 0xe4, 0x81, 0x5a, 0xf6, 0x3c, 0xde, 0xae, 0x7a, 0x9d, 0x21, 0x34, 0xa5, 0xf6, 0xa9, 0x73, 0xe2, 0x8d, 0x60}} ,
+ {{0xfa, 0x44, 0x71, 0xf6, 0x41, 0xd8, 0xc6, 0x58, 0x13, 0x37, 0xeb, 0x84, 0x0f, 0x96, 0xc7, 0xdc, 0xc8, 0xa9, 0x7a, 0x83, 0xb2, 0x2f, 0x31, 0xb1, 0x1a, 0xd8, 0x98, 0x3f, 0x11, 0xd0, 0x31, 0x3b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x81, 0xd5, 0x34, 0x16, 0x01, 0xa3, 0x93, 0xea, 0x52, 0x94, 0xec, 0x93, 0xb7, 0x81, 0x11, 0x2d, 0x58, 0xf9, 0xb5, 0x0a, 0xaa, 0x4f, 0xf6, 0x2e, 0x3f, 0x36, 0xbf, 0x33, 0x5a, 0xe7, 0xd1, 0x08}} ,
+ {{0x1a, 0xcf, 0x42, 0xae, 0xcc, 0xb5, 0x77, 0x39, 0xc4, 0x5b, 0x5b, 0xd0, 0x26, 0x59, 0x27, 0xd0, 0x55, 0x71, 0x12, 0x9d, 0x88, 0x3d, 0x9c, 0xea, 0x41, 0x6a, 0xf0, 0x50, 0x93, 0x93, 0xdd, 0x47}}},
+{{{0x6f, 0xc9, 0x51, 0x6d, 0x1c, 0xaa, 0xf5, 0xa5, 0x90, 0x3f, 0x14, 0xe2, 0x6e, 0x8e, 0x64, 0xfd, 0xac, 0xe0, 0x4e, 0x22, 0xe5, 0xc1, 0xbc, 0x29, 0x0a, 0x6a, 0x9e, 0xa1, 0x60, 0xcb, 0x2f, 0x0b}} ,
+ {{0xdc, 0x39, 0x32, 0xf3, 0xa1, 0x44, 0xe9, 0xc5, 0xc3, 0x78, 0xfb, 0x95, 0x47, 0x34, 0x35, 0x34, 0xe8, 0x25, 0xde, 0x93, 0xc6, 0xb4, 0x76, 0x6d, 0x86, 0x13, 0xc6, 0xe9, 0x68, 0xb5, 0x01, 0x63}}},
+{{{0x1f, 0x9a, 0x52, 0x64, 0x97, 0xd9, 0x1c, 0x08, 0x51, 0x6f, 0x26, 0x9d, 0xaa, 0x93, 0x33, 0x43, 0xfa, 0x77, 0xe9, 0x62, 0x9b, 0x5d, 0x18, 0x75, 0xeb, 0x78, 0xf7, 0x87, 0x8f, 0x41, 0xb4, 0x4d}} ,
+ {{0x13, 0xa8, 0x82, 0x3e, 0xe9, 0x13, 0xad, 0xeb, 0x01, 0xca, 0xcf, 0xda, 0xcd, 0xf7, 0x6c, 0xc7, 0x7a, 0xdc, 0x1e, 0x6e, 0xc8, 0x4e, 0x55, 0x62, 0x80, 0xea, 0x78, 0x0c, 0x86, 0xb9, 0x40, 0x51}}},
+{{{0x27, 0xae, 0xd3, 0x0d, 0x4c, 0x8f, 0x34, 0xea, 0x7d, 0x3c, 0xe5, 0x8a, 0xcf, 0x5b, 0x92, 0xd8, 0x30, 0x16, 0xb4, 0xa3, 0x75, 0xff, 0xeb, 0x27, 0xc8, 0x5c, 0x6c, 0xc2, 0xee, 0x6c, 0x21, 0x0b}} ,
+ {{0xc3, 0xba, 0x12, 0x53, 0x2a, 0xaa, 0x77, 0xad, 0x19, 0x78, 0x55, 0x8a, 0x2e, 0x60, 0x87, 0xc2, 0x6e, 0x91, 0x38, 0x91, 0x3f, 0x7a, 0xc5, 0x24, 0x8f, 0x51, 0xc5, 0xde, 0xb0, 0x53, 0x30, 0x56}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x02, 0xfe, 0x54, 0x12, 0x18, 0xca, 0x7d, 0xa5, 0x68, 0x43, 0xa3, 0x6d, 0x14, 0x2a, 0x6a, 0xa5, 0x8e, 0x32, 0xe7, 0x63, 0x4f, 0xe3, 0xc6, 0x44, 0x3e, 0xab, 0x63, 0xca, 0x17, 0x86, 0x74, 0x3f}} ,
+ {{0x1e, 0x64, 0xc1, 0x7d, 0x52, 0xdc, 0x13, 0x5a, 0xa1, 0x9c, 0x4e, 0xee, 0x99, 0x28, 0xbb, 0x4c, 0xee, 0xac, 0xa9, 0x1b, 0x89, 0xa2, 0x38, 0x39, 0x7b, 0xc4, 0x0f, 0x42, 0xe6, 0x89, 0xed, 0x0f}}},
+{{{0xf3, 0x3c, 0x8c, 0x80, 0x83, 0x10, 0x8a, 0x37, 0x50, 0x9c, 0xb4, 0xdf, 0x3f, 0x8c, 0xf7, 0x23, 0x07, 0xd6, 0xff, 0xa0, 0x82, 0x6c, 0x75, 0x3b, 0xe4, 0xb5, 0xbb, 0xe4, 0xe6, 0x50, 0xf0, 0x08}} ,
+ {{0x62, 0xee, 0x75, 0x48, 0x92, 0x33, 0xf2, 0xf4, 0xad, 0x15, 0x7a, 0xa1, 0x01, 0x46, 0xa9, 0x32, 0x06, 0x88, 0xb6, 0x36, 0x47, 0x35, 0xb9, 0xb4, 0x42, 0x85, 0x76, 0xf0, 0x48, 0x00, 0x90, 0x38}}},
+{{{0x51, 0x15, 0x9d, 0xc3, 0x95, 0xd1, 0x39, 0xbb, 0x64, 0x9d, 0x15, 0x81, 0xc1, 0x68, 0xd0, 0xb6, 0xa4, 0x2c, 0x7d, 0x5e, 0x02, 0x39, 0x00, 0xe0, 0x3b, 0xa4, 0xcc, 0xca, 0x1d, 0x81, 0x24, 0x10}} ,
+ {{0xe7, 0x29, 0xf9, 0x37, 0xd9, 0x46, 0x5a, 0xcd, 0x70, 0xfe, 0x4d, 0x5b, 0xbf, 0xa5, 0xcf, 0x91, 0xf4, 0xef, 0xee, 0x8a, 0x29, 0xd0, 0xe7, 0xc4, 0x25, 0x92, 0x8a, 0xff, 0x36, 0xfc, 0xe4, 0x49}}},
+{{{0xbd, 0x00, 0xb9, 0x04, 0x7d, 0x35, 0xfc, 0xeb, 0xd0, 0x0b, 0x05, 0x32, 0x52, 0x7a, 0x89, 0x24, 0x75, 0x50, 0xe1, 0x63, 0x02, 0x82, 0x8e, 0xe7, 0x85, 0x0c, 0xf2, 0x56, 0x44, 0x37, 0x83, 0x25}} ,
+ {{0x8f, 0xa1, 0xce, 0xcb, 0x60, 0xda, 0x12, 0x02, 0x1e, 0x29, 0x39, 0x2a, 0x03, 0xb7, 0xeb, 0x77, 0x40, 0xea, 0xc9, 0x2b, 0x2c, 0xd5, 0x7d, 0x7e, 0x2c, 0xc7, 0x5a, 0xfd, 0xff, 0xc4, 0xd1, 0x62}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x1d, 0x88, 0x98, 0x5b, 0x4e, 0xfc, 0x41, 0x24, 0x05, 0xe6, 0x50, 0x2b, 0xae, 0x96, 0x51, 0xd9, 0x6b, 0x72, 0xb2, 0x33, 0x42, 0x98, 0x68, 0xbb, 0x10, 0x5a, 0x7a, 0x8c, 0x9d, 0x07, 0xb4, 0x05}} ,
+ {{0x2f, 0x61, 0x9f, 0xd7, 0xa8, 0x3f, 0x83, 0x8c, 0x10, 0x69, 0x90, 0xe6, 0xcf, 0xd2, 0x63, 0xa3, 0xe4, 0x54, 0x7e, 0xe5, 0x69, 0x13, 0x1c, 0x90, 0x57, 0xaa, 0xe9, 0x53, 0x22, 0x43, 0x29, 0x23}}},
+{{{0xe5, 0x1c, 0xf8, 0x0a, 0xfd, 0x2d, 0x7e, 0xf5, 0xf5, 0x70, 0x7d, 0x41, 0x6b, 0x11, 0xfe, 0xbe, 0x99, 0xd1, 0x55, 0x29, 0x31, 0xbf, 0xc0, 0x97, 0x6c, 0xd5, 0x35, 0xcc, 0x5e, 0x8b, 0xd9, 0x69}} ,
+ {{0x8e, 0x4e, 0x9f, 0x25, 0xf8, 0x81, 0x54, 0x2d, 0x0e, 0xd5, 0x54, 0x81, 0x9b, 0xa6, 0x92, 0xce, 0x4b, 0xe9, 0x8f, 0x24, 0x3b, 0xca, 0xe0, 0x44, 0xab, 0x36, 0xfe, 0xfb, 0x87, 0xd4, 0x26, 0x3e}}},
+{{{0x0f, 0x93, 0x9c, 0x11, 0xe7, 0xdb, 0xf1, 0xf0, 0x85, 0x43, 0x28, 0x15, 0x37, 0xdd, 0xde, 0x27, 0xdf, 0xad, 0x3e, 0x49, 0x4f, 0xe0, 0x5b, 0xf6, 0x80, 0x59, 0x15, 0x3c, 0x85, 0xb7, 0x3e, 0x12}} ,
+ {{0xf5, 0xff, 0xcc, 0xf0, 0xb4, 0x12, 0x03, 0x5f, 0xc9, 0x84, 0xcb, 0x1d, 0x17, 0xe0, 0xbc, 0xcc, 0x03, 0x62, 0xa9, 0x8b, 0x94, 0xa6, 0xaa, 0x18, 0xcb, 0x27, 0x8d, 0x49, 0xa6, 0x17, 0x15, 0x07}}},
+{{{0xd9, 0xb6, 0xd4, 0x9d, 0xd4, 0x6a, 0xaf, 0x70, 0x07, 0x2c, 0x10, 0x9e, 0xbd, 0x11, 0xad, 0xe4, 0x26, 0x33, 0x70, 0x92, 0x78, 0x1c, 0x74, 0x9f, 0x75, 0x60, 0x56, 0xf4, 0x39, 0xa8, 0xa8, 0x62}} ,
+ {{0x3b, 0xbf, 0x55, 0x35, 0x61, 0x8b, 0x44, 0x97, 0xe8, 0x3a, 0x55, 0xc1, 0xc8, 0x3b, 0xfd, 0x95, 0x29, 0x11, 0x60, 0x96, 0x1e, 0xcb, 0x11, 0x9d, 0xc2, 0x03, 0x8a, 0x1b, 0xc6, 0xd6, 0x45, 0x3d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x7e, 0x0e, 0x50, 0xb2, 0xcc, 0x0d, 0x6b, 0xa6, 0x71, 0x5b, 0x42, 0xed, 0xbd, 0xaf, 0xac, 0xf0, 0xfc, 0x12, 0xa2, 0x3f, 0x4e, 0xda, 0xe8, 0x11, 0xf3, 0x23, 0xe1, 0x04, 0x62, 0x03, 0x1c, 0x4e}} ,
+ {{0xc8, 0xb1, 0x1b, 0x6f, 0x73, 0x61, 0x3d, 0x27, 0x0d, 0x7d, 0x7a, 0x25, 0x5f, 0x73, 0x0e, 0x2f, 0x93, 0xf6, 0x24, 0xd8, 0x4f, 0x90, 0xac, 0xa2, 0x62, 0x0a, 0xf0, 0x61, 0xd9, 0x08, 0x59, 0x6a}}},
+{{{0x6f, 0x2d, 0x55, 0xf8, 0x2f, 0x8e, 0xf0, 0x18, 0x3b, 0xea, 0xdd, 0x26, 0x72, 0xd1, 0xf5, 0xfe, 0xe5, 0xb8, 0xe6, 0xd3, 0x10, 0x48, 0x46, 0x49, 0x3a, 0x9f, 0x5e, 0x45, 0x6b, 0x90, 0xe8, 0x7f}} ,
+ {{0xd3, 0x76, 0x69, 0x33, 0x7b, 0xb9, 0x40, 0x70, 0xee, 0xa6, 0x29, 0x6b, 0xdd, 0xd0, 0x5d, 0x8d, 0xc1, 0x3e, 0x4a, 0xea, 0x37, 0xb1, 0x03, 0x02, 0x03, 0x35, 0xf1, 0x28, 0x9d, 0xff, 0x00, 0x13}}},
+{{{0x7a, 0xdb, 0x12, 0xd2, 0x8a, 0x82, 0x03, 0x1b, 0x1e, 0xaf, 0xf9, 0x4b, 0x9c, 0xbe, 0xae, 0x7c, 0xe4, 0x94, 0x2a, 0x23, 0xb3, 0x62, 0x86, 0xe7, 0xfd, 0x23, 0xaa, 0x99, 0xbd, 0x2b, 0x11, 0x6c}} ,
+ {{0x8d, 0xa6, 0xd5, 0xac, 0x9d, 0xcc, 0x68, 0x75, 0x7f, 0xc3, 0x4d, 0x4b, 0xdd, 0x6c, 0xbb, 0x11, 0x5a, 0x60, 0xe5, 0xbd, 0x7d, 0x27, 0x8b, 0xda, 0xb4, 0x95, 0xf6, 0x03, 0x27, 0xa4, 0x92, 0x3f}}},
+{{{0x22, 0xd6, 0xb5, 0x17, 0x84, 0xbf, 0x12, 0xcc, 0x23, 0x14, 0x4a, 0xdf, 0x14, 0x31, 0xbc, 0xa1, 0xac, 0x6e, 0xab, 0xfa, 0x57, 0x11, 0x53, 0xb3, 0x27, 0xe6, 0xf9, 0x47, 0x33, 0x44, 0x34, 0x1e}} ,
+ {{0x79, 0xfc, 0xa6, 0xb4, 0x0b, 0x35, 0x20, 0xc9, 0x4d, 0x22, 0x84, 0xc4, 0xa9, 0x20, 0xec, 0x89, 0x94, 0xba, 0x66, 0x56, 0x48, 0xb9, 0x87, 0x7f, 0xca, 0x1e, 0x06, 0xed, 0xa5, 0x55, 0x59, 0x29}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x56, 0xe1, 0xf5, 0xf1, 0xd5, 0xab, 0xa8, 0x2b, 0xae, 0x89, 0xf3, 0xcf, 0x56, 0x9f, 0xf2, 0x4b, 0x31, 0xbc, 0x18, 0xa9, 0x06, 0x5b, 0xbe, 0xb4, 0x61, 0xf8, 0xb2, 0x06, 0x9c, 0x81, 0xab, 0x4c}} ,
+ {{0x1f, 0x68, 0x76, 0x01, 0x16, 0x38, 0x2b, 0x0f, 0x77, 0x97, 0x92, 0x67, 0x4e, 0x86, 0x6a, 0x8b, 0xe5, 0xe8, 0x0c, 0xf7, 0x36, 0x39, 0xb5, 0x33, 0xe6, 0xcf, 0x5e, 0xbd, 0x18, 0xfb, 0x10, 0x1f}}},
+{{{0x83, 0xf0, 0x0d, 0x63, 0xef, 0x53, 0x6b, 0xb5, 0x6b, 0xf9, 0x83, 0xcf, 0xde, 0x04, 0x22, 0x9b, 0x2c, 0x0a, 0xe0, 0xa5, 0xd8, 0xc7, 0x9c, 0xa5, 0xa3, 0xf6, 0x6f, 0xcf, 0x90, 0x6b, 0x68, 0x7c}} ,
+ {{0x33, 0x15, 0xd7, 0x7f, 0x1a, 0xd5, 0x21, 0x58, 0xc4, 0x18, 0xa5, 0xf0, 0xcc, 0x73, 0xa8, 0xfd, 0xfa, 0x18, 0xd1, 0x03, 0x91, 0x8d, 0x52, 0xd2, 0xa3, 0xa4, 0xd3, 0xb1, 0xea, 0x1d, 0x0f, 0x00}}},
+{{{0xcc, 0x48, 0x83, 0x90, 0xe5, 0xfd, 0x3f, 0x84, 0xaa, 0xf9, 0x8b, 0x82, 0x59, 0x24, 0x34, 0x68, 0x4f, 0x1c, 0x23, 0xd9, 0xcc, 0x71, 0xe1, 0x7f, 0x8c, 0xaf, 0xf1, 0xee, 0x00, 0xb6, 0xa0, 0x77}} ,
+ {{0xf5, 0x1a, 0x61, 0xf7, 0x37, 0x9d, 0x00, 0xf4, 0xf2, 0x69, 0x6f, 0x4b, 0x01, 0x85, 0x19, 0x45, 0x4d, 0x7f, 0x02, 0x7c, 0x6a, 0x05, 0x47, 0x6c, 0x1f, 0x81, 0x20, 0xd4, 0xe8, 0x50, 0x27, 0x72}}},
+{{{0x2c, 0x3a, 0xe5, 0xad, 0xf4, 0xdd, 0x2d, 0xf7, 0x5c, 0x44, 0xb5, 0x5b, 0x21, 0xa3, 0x89, 0x5f, 0x96, 0x45, 0xca, 0x4d, 0xa4, 0x21, 0x99, 0x70, 0xda, 0xc4, 0xc4, 0xa0, 0xe5, 0xf4, 0xec, 0x0a}} ,
+ {{0x07, 0x68, 0x21, 0x65, 0xe9, 0x08, 0xa0, 0x0b, 0x6a, 0x4a, 0xba, 0xb5, 0x80, 0xaf, 0xd0, 0x1b, 0xc5, 0xf5, 0x4b, 0x73, 0x50, 0x60, 0x2d, 0x71, 0x69, 0x61, 0x0e, 0xc0, 0x20, 0x40, 0x30, 0x19}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0x75, 0x57, 0x3b, 0xeb, 0x5c, 0x14, 0x56, 0x50, 0xc9, 0x4f, 0xb8, 0xb8, 0x1e, 0xa3, 0xf4, 0xab, 0xf5, 0xa9, 0x20, 0x15, 0x94, 0x82, 0xda, 0x96, 0x1c, 0x9b, 0x59, 0x8c, 0xff, 0xf4, 0x51}} ,
+ {{0xc1, 0x3a, 0x86, 0xd7, 0xb0, 0x06, 0x84, 0x7f, 0x1b, 0xbd, 0xd4, 0x07, 0x78, 0x80, 0x2e, 0xb1, 0xb4, 0xee, 0x52, 0x38, 0xee, 0x9a, 0xf9, 0xf6, 0xf3, 0x41, 0x6e, 0xd4, 0x88, 0x95, 0xac, 0x35}}},
+{{{0x41, 0x97, 0xbf, 0x71, 0x6a, 0x9b, 0x72, 0xec, 0xf3, 0xf8, 0x6b, 0xe6, 0x0e, 0x6c, 0x69, 0xa5, 0x2f, 0x68, 0x52, 0xd8, 0x61, 0x81, 0xc0, 0x63, 0x3f, 0xa6, 0x3c, 0x13, 0x90, 0xe6, 0x8d, 0x56}} ,
+ {{0xe8, 0x39, 0x30, 0x77, 0x23, 0xb1, 0xfd, 0x1b, 0x3d, 0x3e, 0x74, 0x4d, 0x7f, 0xae, 0x5b, 0x3a, 0xb4, 0x65, 0x0e, 0x3a, 0x43, 0xdc, 0xdc, 0x41, 0x47, 0xe6, 0xe8, 0x92, 0x09, 0x22, 0x48, 0x4c}}},
+{{{0x85, 0x57, 0x9f, 0xb5, 0xc8, 0x06, 0xb2, 0x9f, 0x47, 0x3f, 0xf0, 0xfa, 0xe6, 0xa9, 0xb1, 0x9b, 0x6f, 0x96, 0x7d, 0xf9, 0xa4, 0x65, 0x09, 0x75, 0x32, 0xa6, 0x6c, 0x7f, 0x47, 0x4b, 0x2f, 0x4f}} ,
+ {{0x34, 0xe9, 0x59, 0x93, 0x9d, 0x26, 0x80, 0x54, 0xf2, 0xcc, 0x3c, 0xc2, 0x25, 0x85, 0xe3, 0x6a, 0xc1, 0x62, 0x04, 0xa7, 0x08, 0x32, 0x6d, 0xa1, 0x39, 0x84, 0x8a, 0x3b, 0x87, 0x5f, 0x11, 0x13}}},
+{{{0xda, 0x03, 0x34, 0x66, 0xc4, 0x0c, 0x73, 0x6e, 0xbc, 0x24, 0xb5, 0xf9, 0x70, 0x81, 0x52, 0xe9, 0xf4, 0x7c, 0x23, 0xdd, 0x9f, 0xb8, 0x46, 0xef, 0x1d, 0x22, 0x55, 0x7d, 0x71, 0xc4, 0x42, 0x33}} ,
+ {{0xc5, 0x37, 0x69, 0x5b, 0xa8, 0xc6, 0x9d, 0xa4, 0xfc, 0x61, 0x6e, 0x68, 0x46, 0xea, 0xd7, 0x1c, 0x67, 0xd2, 0x7d, 0xfa, 0xf1, 0xcc, 0x54, 0x8d, 0x36, 0x35, 0xc9, 0x00, 0xdf, 0x6c, 0x67, 0x50}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9a, 0x4d, 0x42, 0x29, 0x5d, 0xa4, 0x6b, 0x6f, 0xa8, 0x8a, 0x4d, 0x91, 0x7b, 0xd2, 0xdf, 0x36, 0xef, 0x01, 0x22, 0xc5, 0xcc, 0x8d, 0xeb, 0x58, 0x3d, 0xb3, 0x50, 0xfc, 0x8b, 0x97, 0x96, 0x33}} ,
+ {{0x93, 0x33, 0x07, 0xc8, 0x4a, 0xca, 0xd0, 0xb1, 0xab, 0xbd, 0xdd, 0xa7, 0x7c, 0xac, 0x3e, 0x45, 0xcb, 0xcc, 0x07, 0x91, 0xbf, 0x35, 0x9d, 0xcb, 0x7d, 0x12, 0x3c, 0x11, 0x59, 0x13, 0xcf, 0x5c}}},
+{{{0x45, 0xb8, 0x41, 0xd7, 0xab, 0x07, 0x15, 0x00, 0x8e, 0xce, 0xdf, 0xb2, 0x43, 0x5c, 0x01, 0xdc, 0xf4, 0x01, 0x51, 0x95, 0x10, 0x5a, 0xf6, 0x24, 0x24, 0xa0, 0x19, 0x3a, 0x09, 0x2a, 0xaa, 0x3f}} ,
+ {{0xdc, 0x8e, 0xeb, 0xc6, 0xbf, 0xdd, 0x11, 0x7b, 0xe7, 0x47, 0xe6, 0xce, 0xe7, 0xb6, 0xc5, 0xe8, 0x8a, 0xdc, 0x4b, 0x57, 0x15, 0x3b, 0x66, 0xca, 0x89, 0xa3, 0xfd, 0xac, 0x0d, 0xe1, 0x1d, 0x7a}}},
+{{{0x89, 0xef, 0xbf, 0x03, 0x75, 0xd0, 0x29, 0x50, 0xcb, 0x7d, 0xd6, 0xbe, 0xad, 0x5f, 0x7b, 0x00, 0x32, 0xaa, 0x98, 0xed, 0x3f, 0x8f, 0x92, 0xcb, 0x81, 0x56, 0x01, 0x63, 0x64, 0xa3, 0x38, 0x39}} ,
+ {{0x8b, 0xa4, 0xd6, 0x50, 0xb4, 0xaa, 0x5d, 0x64, 0x64, 0x76, 0x2e, 0xa1, 0xa6, 0xb3, 0xb8, 0x7c, 0x7a, 0x56, 0xf5, 0x5c, 0x4e, 0x84, 0x5c, 0xfb, 0xdd, 0xca, 0x48, 0x8b, 0x48, 0xb9, 0xba, 0x34}}},
+{{{0xc5, 0xe3, 0xe8, 0xae, 0x17, 0x27, 0xe3, 0x64, 0x60, 0x71, 0x47, 0x29, 0x02, 0x0f, 0x92, 0x5d, 0x10, 0x93, 0xc8, 0x0e, 0xa1, 0xed, 0xba, 0xa9, 0x96, 0x1c, 0xc5, 0x76, 0x30, 0xcd, 0xf9, 0x30}} ,
+ {{0x95, 0xb0, 0xbd, 0x8c, 0xbc, 0xa7, 0x4f, 0x7e, 0xfd, 0x4e, 0x3a, 0xbf, 0x5f, 0x04, 0x79, 0x80, 0x2b, 0x5a, 0x9f, 0x4f, 0x68, 0x21, 0x19, 0x71, 0xc6, 0x20, 0x01, 0x42, 0xaa, 0xdf, 0xae, 0x2c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x90, 0x6e, 0x7e, 0x4b, 0x71, 0x93, 0xc0, 0x72, 0xed, 0xeb, 0x71, 0x24, 0x97, 0x26, 0x9c, 0xfe, 0xcb, 0x3e, 0x59, 0x19, 0xa8, 0x0f, 0x75, 0x7d, 0xbe, 0x18, 0xe6, 0x96, 0x1e, 0x95, 0x70, 0x60}} ,
+ {{0x89, 0x66, 0x3e, 0x1d, 0x4c, 0x5f, 0xfe, 0xc0, 0x04, 0x43, 0xd6, 0x44, 0x19, 0xb5, 0xad, 0xc7, 0x22, 0xdc, 0x71, 0x28, 0x64, 0xde, 0x41, 0x38, 0x27, 0x8f, 0x2c, 0x6b, 0x08, 0xb8, 0xb8, 0x7b}}},
+{{{0x3d, 0x70, 0x27, 0x9d, 0xd9, 0xaf, 0xb1, 0x27, 0xaf, 0xe3, 0x5d, 0x1e, 0x3a, 0x30, 0x54, 0x61, 0x60, 0xe8, 0xc3, 0x26, 0x3a, 0xbc, 0x7e, 0xf5, 0x81, 0xdd, 0x64, 0x01, 0x04, 0xeb, 0xc0, 0x1e}} ,
+ {{0xda, 0x2c, 0xa4, 0xd1, 0xa1, 0xc3, 0x5c, 0x6e, 0x32, 0x07, 0x1f, 0xb8, 0x0e, 0x19, 0x9e, 0x99, 0x29, 0x33, 0x9a, 0xae, 0x7a, 0xed, 0x68, 0x42, 0x69, 0x7c, 0x07, 0xb3, 0x38, 0x2c, 0xf6, 0x3d}}},
+{{{0x64, 0xaa, 0xb5, 0x88, 0x79, 0x65, 0x38, 0x8c, 0x94, 0xd6, 0x62, 0x37, 0x7d, 0x64, 0xcd, 0x3a, 0xeb, 0xff, 0xe8, 0x81, 0x09, 0xc7, 0x6a, 0x50, 0x09, 0x0d, 0x28, 0x03, 0x0d, 0x9a, 0x93, 0x0a}} ,
+ {{0x42, 0xa3, 0xf1, 0xc5, 0xb4, 0x0f, 0xd8, 0xc8, 0x8d, 0x15, 0x31, 0xbd, 0xf8, 0x07, 0x8b, 0xcd, 0x08, 0x8a, 0xfb, 0x18, 0x07, 0xfe, 0x8e, 0x52, 0x86, 0xef, 0xbe, 0xec, 0x49, 0x52, 0x99, 0x08}}},
+{{{0x0f, 0xa9, 0xd5, 0x01, 0xaa, 0x48, 0x4f, 0x28, 0x66, 0x32, 0x1a, 0xba, 0x7c, 0xea, 0x11, 0x80, 0x17, 0x18, 0x9b, 0x56, 0x88, 0x25, 0x06, 0x69, 0x12, 0x2c, 0xea, 0x56, 0x69, 0x41, 0x24, 0x19}} ,
+ {{0xde, 0x21, 0xf0, 0xda, 0x8a, 0xfb, 0xb1, 0xb8, 0xcd, 0xc8, 0x6a, 0x82, 0x19, 0x73, 0xdb, 0xc7, 0xcf, 0x88, 0xeb, 0x96, 0xee, 0x6f, 0xfb, 0x06, 0xd2, 0xcd, 0x7d, 0x7b, 0x12, 0x28, 0x8e, 0x0c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x93, 0x44, 0x97, 0xce, 0x28, 0xff, 0x3a, 0x40, 0xc4, 0xf5, 0xf6, 0x9b, 0xf4, 0x6b, 0x07, 0x84, 0xfb, 0x98, 0xd8, 0xec, 0x8c, 0x03, 0x57, 0xec, 0x49, 0xed, 0x63, 0xb6, 0xaa, 0xff, 0x98, 0x28}} ,
+ {{0x3d, 0x16, 0x35, 0xf3, 0x46, 0xbc, 0xb3, 0xf4, 0xc6, 0xb6, 0x4f, 0xfa, 0xf4, 0xa0, 0x13, 0xe6, 0x57, 0x45, 0x93, 0xb9, 0xbc, 0xd6, 0x59, 0xe7, 0x77, 0x94, 0x6c, 0xab, 0x96, 0x3b, 0x4f, 0x09}}},
+{{{0x5a, 0xf7, 0x6b, 0x01, 0x12, 0x4f, 0x51, 0xc1, 0x70, 0x84, 0x94, 0x47, 0xb2, 0x01, 0x6c, 0x71, 0xd7, 0xcc, 0x17, 0x66, 0x0f, 0x59, 0x5d, 0x5d, 0x10, 0x01, 0x57, 0x11, 0xf5, 0xdd, 0xe2, 0x34}} ,
+ {{0x26, 0xd9, 0x1f, 0x5c, 0x58, 0xac, 0x8b, 0x03, 0xd2, 0xc3, 0x85, 0x0f, 0x3a, 0xc3, 0x7f, 0x6d, 0x8e, 0x86, 0xcd, 0x52, 0x74, 0x8f, 0x55, 0x77, 0x17, 0xb7, 0x8e, 0xb7, 0x88, 0xea, 0xda, 0x1b}}},
+{{{0xb6, 0xea, 0x0e, 0x40, 0x93, 0x20, 0x79, 0x35, 0x6a, 0x61, 0x84, 0x5a, 0x07, 0x6d, 0xf9, 0x77, 0x6f, 0xed, 0x69, 0x1c, 0x0d, 0x25, 0x76, 0xcc, 0xf0, 0xdb, 0xbb, 0xc5, 0xad, 0xe2, 0x26, 0x57}} ,
+ {{0xcf, 0xe8, 0x0e, 0x6b, 0x96, 0x7d, 0xed, 0x27, 0xd1, 0x3c, 0xa9, 0xd9, 0x50, 0xa9, 0x98, 0x84, 0x5e, 0x86, 0xef, 0xd6, 0xf0, 0xf8, 0x0e, 0x89, 0x05, 0x2f, 0xd9, 0x5f, 0x15, 0x5f, 0x73, 0x79}}},
+{{{0xc8, 0x5c, 0x16, 0xfe, 0xed, 0x9f, 0x26, 0x56, 0xf6, 0x4b, 0x9f, 0xa7, 0x0a, 0x85, 0xfe, 0xa5, 0x8c, 0x87, 0xdd, 0x98, 0xce, 0x4e, 0xc3, 0x58, 0x55, 0xb2, 0x7b, 0x3d, 0xd8, 0x6b, 0xb5, 0x4c}} ,
+ {{0x65, 0x38, 0xa0, 0x15, 0xfa, 0xa7, 0xb4, 0x8f, 0xeb, 0xc4, 0x86, 0x9b, 0x30, 0xa5, 0x5e, 0x4d, 0xea, 0x8a, 0x9a, 0x9f, 0x1a, 0xd8, 0x5b, 0x53, 0x14, 0x19, 0x25, 0x63, 0xb4, 0x6f, 0x1f, 0x5d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xac, 0x8f, 0xbc, 0x1e, 0x7d, 0x8b, 0x5a, 0x0b, 0x8d, 0xaf, 0x76, 0x2e, 0x71, 0xe3, 0x3b, 0x6f, 0x53, 0x2f, 0x3e, 0x90, 0x95, 0xd4, 0x35, 0x14, 0x4f, 0x8c, 0x3c, 0xce, 0x57, 0x1c, 0x76, 0x49}} ,
+ {{0xa8, 0x50, 0xe1, 0x61, 0x6b, 0x57, 0x35, 0xeb, 0x44, 0x0b, 0x0c, 0x6e, 0xf9, 0x25, 0x80, 0x74, 0xf2, 0x8f, 0x6f, 0x7a, 0x3e, 0x7f, 0x2d, 0xf3, 0x4e, 0x09, 0x65, 0x10, 0x5e, 0x03, 0x25, 0x32}}},
+{{{0xa9, 0x60, 0xdc, 0x0f, 0x64, 0xe5, 0x1d, 0xe2, 0x8d, 0x4f, 0x79, 0x2f, 0x0e, 0x24, 0x02, 0x00, 0x05, 0x77, 0x43, 0x25, 0x3d, 0x6a, 0xc7, 0xb7, 0xbf, 0x04, 0x08, 0x65, 0xf4, 0x39, 0x4b, 0x65}} ,
+ {{0x96, 0x19, 0x12, 0x6b, 0x6a, 0xb7, 0xe3, 0xdc, 0x45, 0x9b, 0xdb, 0xb4, 0xa8, 0xae, 0xdc, 0xa8, 0x14, 0x44, 0x65, 0x62, 0xce, 0x34, 0x9a, 0x84, 0x18, 0x12, 0x01, 0xf1, 0xe2, 0x7b, 0xce, 0x50}}},
+{{{0x41, 0x21, 0x30, 0x53, 0x1b, 0x47, 0x01, 0xb7, 0x18, 0xd8, 0x82, 0x57, 0xbd, 0xa3, 0x60, 0xf0, 0x32, 0xf6, 0x5b, 0xf0, 0x30, 0x88, 0x91, 0x59, 0xfd, 0x90, 0xa2, 0xb9, 0x55, 0x93, 0x21, 0x34}} ,
+ {{0x97, 0x67, 0x9e, 0xeb, 0x6a, 0xf9, 0x6e, 0xd6, 0x73, 0xe8, 0x6b, 0x29, 0xec, 0x63, 0x82, 0x00, 0xa8, 0x99, 0x1c, 0x1d, 0x30, 0xc8, 0x90, 0x52, 0x90, 0xb6, 0x6a, 0x80, 0x4e, 0xff, 0x4b, 0x51}}},
+{{{0x0f, 0x7d, 0x63, 0x8c, 0x6e, 0x5c, 0xde, 0x30, 0xdf, 0x65, 0xfa, 0x2e, 0xb0, 0xa3, 0x25, 0x05, 0x54, 0xbd, 0x25, 0xba, 0x06, 0xae, 0xdf, 0x8b, 0xd9, 0x1b, 0xea, 0x38, 0xb3, 0x05, 0x16, 0x09}} ,
+ {{0xc7, 0x8c, 0xbf, 0x64, 0x28, 0xad, 0xf8, 0xa5, 0x5a, 0x6f, 0xc9, 0xba, 0xd5, 0x7f, 0xd5, 0xd6, 0xbd, 0x66, 0x2f, 0x3d, 0xaa, 0x54, 0xf6, 0xba, 0x32, 0x22, 0x9a, 0x1e, 0x52, 0x05, 0xf4, 0x1d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xaa, 0x1f, 0xbb, 0xeb, 0xfe, 0xe4, 0x87, 0xfc, 0xb1, 0x2c, 0xb7, 0x88, 0xf4, 0xc6, 0xb9, 0xf5, 0x24, 0x46, 0xf2, 0xa5, 0x9f, 0x8f, 0x8a, 0x93, 0x70, 0x69, 0xd4, 0x56, 0xec, 0xfd, 0x06, 0x46}} ,
+ {{0x4e, 0x66, 0xcf, 0x4e, 0x34, 0xce, 0x0c, 0xd9, 0xa6, 0x50, 0xd6, 0x5e, 0x95, 0xaf, 0xe9, 0x58, 0xfa, 0xee, 0x9b, 0xb8, 0xa5, 0x0f, 0x35, 0xe0, 0x43, 0x82, 0x6d, 0x65, 0xe6, 0xd9, 0x00, 0x0f}}},
+{{{0x7b, 0x75, 0x3a, 0xfc, 0x64, 0xd3, 0x29, 0x7e, 0xdd, 0x49, 0x9a, 0x59, 0x53, 0xbf, 0xb4, 0xa7, 0x52, 0xb3, 0x05, 0xab, 0xc3, 0xaf, 0x16, 0x1a, 0x85, 0x42, 0x32, 0xa2, 0x86, 0xfa, 0x39, 0x43}} ,
+ {{0x0e, 0x4b, 0xa3, 0x63, 0x8a, 0xfe, 0xa5, 0x58, 0xf1, 0x13, 0xbd, 0x9d, 0xaa, 0x7f, 0x76, 0x40, 0x70, 0x81, 0x10, 0x75, 0x99, 0xbb, 0xbe, 0x0b, 0x16, 0xe9, 0xba, 0x62, 0x34, 0xcc, 0x07, 0x6d}}},
+{{{0xc3, 0xf1, 0xc6, 0x93, 0x65, 0xee, 0x0b, 0xbc, 0xea, 0x14, 0xf0, 0xc1, 0xf8, 0x84, 0x89, 0xc2, 0xc9, 0xd7, 0xea, 0x34, 0xca, 0xa7, 0xc4, 0x99, 0xd5, 0x50, 0x69, 0xcb, 0xd6, 0x21, 0x63, 0x7c}} ,
+ {{0x99, 0xeb, 0x7c, 0x31, 0x73, 0x64, 0x67, 0x7f, 0x0c, 0x66, 0xaa, 0x8c, 0x69, 0x91, 0xe2, 0x26, 0xd3, 0x23, 0xe2, 0x76, 0x5d, 0x32, 0x52, 0xdf, 0x5d, 0xc5, 0x8f, 0xb7, 0x7c, 0x84, 0xb3, 0x70}}},
+{{{0xeb, 0x01, 0xc7, 0x36, 0x97, 0x4e, 0xb6, 0xab, 0x5f, 0x0d, 0x2c, 0xba, 0x67, 0x64, 0x55, 0xde, 0xbc, 0xff, 0xa6, 0xec, 0x04, 0xd3, 0x8d, 0x39, 0x56, 0x5e, 0xee, 0xf8, 0xe4, 0x2e, 0x33, 0x62}} ,
+ {{0x65, 0xef, 0xb8, 0x9f, 0xc8, 0x4b, 0xa7, 0xfd, 0x21, 0x49, 0x9b, 0x92, 0x35, 0x82, 0xd6, 0x0a, 0x9b, 0xf2, 0x79, 0xf1, 0x47, 0x2f, 0x6a, 0x7e, 0x9f, 0xcf, 0x18, 0x02, 0x3c, 0xfb, 0x1b, 0x3e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2f, 0x8b, 0xc8, 0x40, 0x51, 0xd1, 0xac, 0x1a, 0x0b, 0xe4, 0xa9, 0xa2, 0x42, 0x21, 0x19, 0x2f, 0x7b, 0x97, 0xbf, 0xf7, 0x57, 0x6d, 0x3f, 0x3d, 0x4f, 0x0f, 0xe2, 0xb2, 0x81, 0x00, 0x9e, 0x7b}} ,
+ {{0x8c, 0x85, 0x2b, 0xc4, 0xfc, 0xf1, 0xab, 0xe8, 0x79, 0x22, 0xc4, 0x84, 0x17, 0x3a, 0xfa, 0x86, 0xa6, 0x7d, 0xf9, 0xf3, 0x6f, 0x03, 0x57, 0x20, 0x4d, 0x79, 0xf9, 0x6e, 0x71, 0x54, 0x38, 0x09}}},
+{{{0x40, 0x29, 0x74, 0xa8, 0x2f, 0x5e, 0xf9, 0x79, 0xa4, 0xf3, 0x3e, 0xb9, 0xfd, 0x33, 0x31, 0xac, 0x9a, 0x69, 0x88, 0x1e, 0x77, 0x21, 0x2d, 0xf3, 0x91, 0x52, 0x26, 0x15, 0xb2, 0xa6, 0xcf, 0x7e}} ,
+ {{0xc6, 0x20, 0x47, 0x6c, 0xa4, 0x7d, 0xcb, 0x63, 0xea, 0x5b, 0x03, 0xdf, 0x3e, 0x88, 0x81, 0x6d, 0xce, 0x07, 0x42, 0x18, 0x60, 0x7e, 0x7b, 0x55, 0xfe, 0x6a, 0xf3, 0xda, 0x5c, 0x8b, 0x95, 0x10}}},
+{{{0x62, 0xe4, 0x0d, 0x03, 0xb4, 0xd7, 0xcd, 0xfa, 0xbd, 0x46, 0xdf, 0x93, 0x71, 0x10, 0x2c, 0xa8, 0x3b, 0xb6, 0x09, 0x05, 0x70, 0x84, 0x43, 0x29, 0xa8, 0x59, 0xf5, 0x8e, 0x10, 0xe4, 0xd7, 0x20}} ,
+ {{0x57, 0x82, 0x1c, 0xab, 0xbf, 0x62, 0x70, 0xe8, 0xc4, 0xcf, 0xf0, 0x28, 0x6e, 0x16, 0x3c, 0x08, 0x78, 0x89, 0x85, 0x46, 0x0f, 0xf6, 0x7f, 0xcf, 0xcb, 0x7e, 0xb8, 0x25, 0xe9, 0x5a, 0xfa, 0x03}}},
+{{{0xfb, 0x95, 0x92, 0x63, 0x50, 0xfc, 0x62, 0xf0, 0xa4, 0x5e, 0x8c, 0x18, 0xc2, 0x17, 0x24, 0xb7, 0x78, 0xc2, 0xa9, 0xe7, 0x6a, 0x32, 0xd6, 0x29, 0x85, 0xaf, 0xcb, 0x8d, 0x91, 0x13, 0xda, 0x6b}} ,
+ {{0x36, 0x0a, 0xc2, 0xb6, 0x4b, 0xa5, 0x5d, 0x07, 0x17, 0x41, 0x31, 0x5f, 0x62, 0x46, 0xf8, 0x92, 0xf9, 0x66, 0x48, 0x73, 0xa6, 0x97, 0x0d, 0x7d, 0x88, 0xee, 0x62, 0xb1, 0x03, 0xa8, 0x3f, 0x2c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x4a, 0xb1, 0x70, 0x8a, 0xa9, 0xe8, 0x63, 0x79, 0x00, 0xe2, 0x25, 0x16, 0xca, 0x4b, 0x0f, 0xa4, 0x66, 0xad, 0x19, 0x9f, 0x88, 0x67, 0x0c, 0x8b, 0xc2, 0x4a, 0x5b, 0x2b, 0x6d, 0x95, 0xaf, 0x19}} ,
+ {{0x8b, 0x9d, 0xb6, 0xcc, 0x60, 0xb4, 0x72, 0x4f, 0x17, 0x69, 0x5a, 0x4a, 0x68, 0x34, 0xab, 0xa1, 0x45, 0x32, 0x3c, 0x83, 0x87, 0x72, 0x30, 0x54, 0x77, 0x68, 0xae, 0xfb, 0xb5, 0x8b, 0x22, 0x5e}}},
+{{{0xf1, 0xb9, 0x87, 0x35, 0xc5, 0xbb, 0xb9, 0xcf, 0xf5, 0xd6, 0xcd, 0xd5, 0x0c, 0x7c, 0x0e, 0xe6, 0x90, 0x34, 0xfb, 0x51, 0x42, 0x1e, 0x6d, 0xac, 0x9a, 0x46, 0xc4, 0x97, 0x29, 0x32, 0xbf, 0x45}} ,
+ {{0x66, 0x9e, 0xc6, 0x24, 0xc0, 0xed, 0xa5, 0x5d, 0x88, 0xd4, 0xf0, 0x73, 0x97, 0x7b, 0xea, 0x7f, 0x42, 0xff, 0x21, 0xa0, 0x9b, 0x2f, 0x9a, 0xfd, 0x53, 0x57, 0x07, 0x84, 0x48, 0x88, 0x9d, 0x52}}},
+{{{0xc6, 0x96, 0x48, 0x34, 0x2a, 0x06, 0xaf, 0x94, 0x3d, 0xf4, 0x1a, 0xcf, 0xf2, 0xc0, 0x21, 0xc2, 0x42, 0x5e, 0xc8, 0x2f, 0x35, 0xa2, 0x3e, 0x29, 0xfa, 0x0c, 0x84, 0xe5, 0x89, 0x72, 0x7c, 0x06}} ,
+ {{0x32, 0x65, 0x03, 0xe5, 0x89, 0xa6, 0x6e, 0xb3, 0x5b, 0x8e, 0xca, 0xeb, 0xfe, 0x22, 0x56, 0x8b, 0x5d, 0x14, 0x4b, 0x4d, 0xf9, 0xbe, 0xb5, 0xf5, 0xe6, 0x5c, 0x7b, 0x8b, 0xf4, 0x13, 0x11, 0x34}}},
+{{{0x07, 0xc6, 0x22, 0x15, 0xe2, 0x9c, 0x60, 0xa2, 0x19, 0xd9, 0x27, 0xae, 0x37, 0x4e, 0xa6, 0xc9, 0x80, 0xa6, 0x91, 0x8f, 0x12, 0x49, 0xe5, 0x00, 0x18, 0x47, 0xd1, 0xd7, 0x28, 0x22, 0x63, 0x39}} ,
+ {{0xe8, 0xe2, 0x00, 0x7e, 0xf2, 0x9e, 0x1e, 0x99, 0x39, 0x95, 0x04, 0xbd, 0x1e, 0x67, 0x7b, 0xb2, 0x26, 0xac, 0xe6, 0xaa, 0xe2, 0x46, 0xd5, 0xe4, 0xe8, 0x86, 0xbd, 0xab, 0x7c, 0x55, 0x59, 0x6f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x24, 0x64, 0x6e, 0x9b, 0x35, 0x71, 0x78, 0xce, 0x33, 0x03, 0x21, 0x33, 0x36, 0xf1, 0x73, 0x9b, 0xb9, 0x15, 0x8b, 0x2c, 0x69, 0xcf, 0x4d, 0xed, 0x4f, 0x4d, 0x57, 0x14, 0x13, 0x82, 0xa4, 0x4d}} ,
+ {{0x65, 0x6e, 0x0a, 0xa4, 0x59, 0x07, 0x17, 0xf2, 0x6b, 0x4a, 0x1f, 0x6e, 0xf6, 0xb5, 0xbc, 0x62, 0xe4, 0xb6, 0xda, 0xa2, 0x93, 0xbc, 0x29, 0x05, 0xd2, 0xd2, 0x73, 0x46, 0x03, 0x16, 0x40, 0x31}}},
+{{{0x4c, 0x73, 0x6d, 0x15, 0xbd, 0xa1, 0x4d, 0x5c, 0x13, 0x0b, 0x24, 0x06, 0x98, 0x78, 0x1c, 0x5b, 0xeb, 0x1f, 0x18, 0x54, 0x43, 0xd9, 0x55, 0x66, 0xda, 0x29, 0x21, 0xe8, 0xb8, 0x3c, 0x42, 0x22}} ,
+ {{0xb4, 0xcd, 0x08, 0x6f, 0x15, 0x23, 0x1a, 0x0b, 0x22, 0xed, 0xd1, 0xf1, 0xa7, 0xc7, 0x73, 0x45, 0xf3, 0x9e, 0xce, 0x76, 0xb7, 0xf6, 0x39, 0xb6, 0x8e, 0x79, 0xbe, 0xe9, 0x9b, 0xcf, 0x7d, 0x62}}},
+{{{0x92, 0x5b, 0xfc, 0x72, 0xfd, 0xba, 0xf1, 0xfd, 0xa6, 0x7c, 0x95, 0xe3, 0x61, 0x3f, 0xe9, 0x03, 0xd4, 0x2b, 0xd4, 0x20, 0xd9, 0xdb, 0x4d, 0x32, 0x3e, 0xf5, 0x11, 0x64, 0xe3, 0xb4, 0xbe, 0x32}} ,
+ {{0x86, 0x17, 0x90, 0xe7, 0xc9, 0x1f, 0x10, 0xa5, 0x6a, 0x2d, 0x39, 0xd0, 0x3b, 0xc4, 0xa6, 0xe9, 0x59, 0x13, 0xda, 0x1a, 0xe6, 0xa0, 0xb9, 0x3c, 0x50, 0xb8, 0x40, 0x7c, 0x15, 0x36, 0x5a, 0x42}}},
+{{{0xb4, 0x0b, 0x32, 0xab, 0xdc, 0x04, 0x51, 0x55, 0x21, 0x1e, 0x0b, 0x75, 0x99, 0x89, 0x73, 0x35, 0x3a, 0x91, 0x2b, 0xfe, 0xe7, 0x49, 0xea, 0x76, 0xc1, 0xf9, 0x46, 0xb9, 0x53, 0x02, 0x23, 0x04}} ,
+ {{0xfc, 0x5a, 0x1e, 0x1d, 0x74, 0x58, 0x95, 0xa6, 0x8f, 0x7b, 0x97, 0x3e, 0x17, 0x3b, 0x79, 0x2d, 0xa6, 0x57, 0xef, 0x45, 0x02, 0x0b, 0x4d, 0x6e, 0x9e, 0x93, 0x8d, 0x2f, 0xd9, 0x9d, 0xdb, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc0, 0xd7, 0x56, 0x97, 0x58, 0x91, 0xde, 0x09, 0x4f, 0x9f, 0xbe, 0x63, 0xb0, 0x83, 0x86, 0x43, 0x5d, 0xbc, 0xe0, 0xf3, 0xc0, 0x75, 0xbf, 0x8b, 0x8e, 0xaa, 0xf7, 0x8b, 0x64, 0x6e, 0xb0, 0x63}} ,
+ {{0x16, 0xae, 0x8b, 0xe0, 0x9b, 0x24, 0x68, 0x5c, 0x44, 0xc2, 0xd0, 0x08, 0xb7, 0x7b, 0x62, 0xfd, 0x7f, 0xd8, 0xd4, 0xb7, 0x50, 0xfd, 0x2c, 0x1b, 0xbf, 0x41, 0x95, 0xd9, 0x8e, 0xd8, 0x17, 0x1b}}},
+{{{0x86, 0x55, 0x37, 0x8e, 0xc3, 0x38, 0x48, 0x14, 0xb5, 0x97, 0xd2, 0xa7, 0x54, 0x45, 0xf1, 0x35, 0x44, 0x38, 0x9e, 0xf1, 0x1b, 0xb6, 0x34, 0x00, 0x3c, 0x96, 0xee, 0x29, 0x00, 0xea, 0x2c, 0x0b}} ,
+ {{0xea, 0xda, 0x99, 0x9e, 0x19, 0x83, 0x66, 0x6d, 0xe9, 0x76, 0x87, 0x50, 0xd1, 0xfd, 0x3c, 0x60, 0x87, 0xc6, 0x41, 0xd9, 0x8e, 0xdb, 0x5e, 0xde, 0xaa, 0x9a, 0xd3, 0x28, 0xda, 0x95, 0xea, 0x47}}},
+{{{0xd0, 0x80, 0xba, 0x19, 0xae, 0x1d, 0xa9, 0x79, 0xf6, 0x3f, 0xac, 0x5d, 0x6f, 0x96, 0x1f, 0x2a, 0xce, 0x29, 0xb2, 0xff, 0x37, 0xf1, 0x94, 0x8f, 0x0c, 0xb5, 0x28, 0xba, 0x9a, 0x21, 0xf6, 0x66}} ,
+ {{0x02, 0xfb, 0x54, 0xb8, 0x05, 0xf3, 0x81, 0x52, 0x69, 0x34, 0x46, 0x9d, 0x86, 0x76, 0x8f, 0xd7, 0xf8, 0x6a, 0x66, 0xff, 0xe6, 0xa7, 0x90, 0xf7, 0x5e, 0xcd, 0x6a, 0x9b, 0x55, 0xfc, 0x9d, 0x48}}},
+{{{0xbd, 0xaa, 0x13, 0xe6, 0xcd, 0x45, 0x4a, 0xa4, 0x59, 0x0a, 0x64, 0xb1, 0x98, 0xd6, 0x34, 0x13, 0x04, 0xe6, 0x97, 0x94, 0x06, 0xcb, 0xd4, 0x4e, 0xbb, 0x96, 0xcd, 0xd1, 0x57, 0xd1, 0xe3, 0x06}} ,
+ {{0x7a, 0x6c, 0x45, 0x27, 0xc4, 0x93, 0x7f, 0x7d, 0x7c, 0x62, 0x50, 0x38, 0x3a, 0x6b, 0xb5, 0x88, 0xc6, 0xd9, 0xf1, 0x78, 0x19, 0xb9, 0x39, 0x93, 0x3d, 0xc9, 0xe0, 0x9c, 0x3c, 0xce, 0xf5, 0x72}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x24, 0xea, 0x23, 0x7d, 0x56, 0x2c, 0xe2, 0x59, 0x0e, 0x85, 0x60, 0x04, 0x88, 0x5a, 0x74, 0x1e, 0x4b, 0xef, 0x13, 0xda, 0x4c, 0xff, 0x83, 0x45, 0x85, 0x3f, 0x08, 0x95, 0x2c, 0x20, 0x13, 0x1f}} ,
+ {{0x48, 0x5f, 0x27, 0x90, 0x5c, 0x02, 0x42, 0xad, 0x78, 0x47, 0x5c, 0xb5, 0x7e, 0x08, 0x85, 0x00, 0xfa, 0x7f, 0xfd, 0xfd, 0xe7, 0x09, 0x11, 0xf2, 0x7e, 0x1b, 0x38, 0x6c, 0x35, 0x6d, 0x33, 0x66}}},
+{{{0x93, 0x03, 0x36, 0x81, 0xac, 0xe4, 0x20, 0x09, 0x35, 0x4c, 0x45, 0xb2, 0x1e, 0x4c, 0x14, 0x21, 0xe6, 0xe9, 0x8a, 0x7b, 0x8d, 0xfe, 0x1e, 0xc6, 0x3e, 0xc1, 0x35, 0xfa, 0xe7, 0x70, 0x4e, 0x1d}} ,
+ {{0x61, 0x2e, 0xc2, 0xdd, 0x95, 0x57, 0xd1, 0xab, 0x80, 0xe8, 0x63, 0x17, 0xb5, 0x48, 0xe4, 0x8a, 0x11, 0x9e, 0x72, 0xbe, 0x85, 0x8d, 0x51, 0x0a, 0xf2, 0x9f, 0xe0, 0x1c, 0xa9, 0x07, 0x28, 0x7b}}},
+{{{0xbb, 0x71, 0x14, 0x5e, 0x26, 0x8c, 0x3d, 0xc8, 0xe9, 0x7c, 0xd3, 0xd6, 0xd1, 0x2f, 0x07, 0x6d, 0xe6, 0xdf, 0xfb, 0x79, 0xd6, 0x99, 0x59, 0x96, 0x48, 0x40, 0x0f, 0x3a, 0x7b, 0xb2, 0xa0, 0x72}} ,
+ {{0x4e, 0x3b, 0x69, 0xc8, 0x43, 0x75, 0x51, 0x6c, 0x79, 0x56, 0xe4, 0xcb, 0xf7, 0xa6, 0x51, 0xc2, 0x2c, 0x42, 0x0b, 0xd4, 0x82, 0x20, 0x1c, 0x01, 0x08, 0x66, 0xd7, 0xbf, 0x04, 0x56, 0xfc, 0x02}}},
+{{{0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c}} ,
+ {{0x6b, 0xa6, 0xf5, 0x4b, 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, 0xe6, 0x99, 0x2c, 0x5f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x85, 0xe0, 0x24, 0x32, 0xb4, 0xd1, 0xef, 0xfc, 0x69, 0xa2, 0xbf, 0x8f, 0x72, 0x2c, 0x95, 0xf6, 0xe4, 0x6e, 0x7d, 0x90, 0xf7, 0x57, 0x81, 0xa0, 0xf7, 0xda, 0xef, 0x33, 0x07, 0xe3, 0x6b, 0x78}} ,
+ {{0x36, 0x27, 0x3e, 0xc6, 0x12, 0x07, 0xab, 0x4e, 0xbe, 0x69, 0x9d, 0xb3, 0xbe, 0x08, 0x7c, 0x2a, 0x47, 0x08, 0xfd, 0xd4, 0xcd, 0x0e, 0x27, 0x34, 0x5b, 0x98, 0x34, 0x2f, 0x77, 0x5f, 0x3a, 0x65}}},
+{{{0x13, 0xaa, 0x2e, 0x4c, 0xf0, 0x22, 0xb8, 0x6c, 0xb3, 0x19, 0x4d, 0xeb, 0x6b, 0xd0, 0xa4, 0xc6, 0x9c, 0xdd, 0xc8, 0x5b, 0x81, 0x57, 0x89, 0xdf, 0x33, 0xa9, 0x68, 0x49, 0x80, 0xe4, 0xfe, 0x21}} ,
+ {{0x00, 0x17, 0x90, 0x30, 0xe9, 0xd3, 0x60, 0x30, 0x31, 0xc2, 0x72, 0x89, 0x7a, 0x36, 0xa5, 0xbd, 0x39, 0x83, 0x85, 0x50, 0xa1, 0x5d, 0x6c, 0x41, 0x1d, 0xb5, 0x2c, 0x07, 0x40, 0x77, 0x0b, 0x50}}},
+{{{0x64, 0x34, 0xec, 0xc0, 0x9e, 0x44, 0x41, 0xaf, 0xa0, 0x36, 0x05, 0x6d, 0xea, 0x30, 0x25, 0x46, 0x35, 0x24, 0x9d, 0x86, 0xbd, 0x95, 0xf1, 0x6a, 0x46, 0xd7, 0x94, 0x54, 0xf9, 0x3b, 0xbd, 0x5d}} ,
+ {{0x77, 0x5b, 0xe2, 0x37, 0xc7, 0xe1, 0x7c, 0x13, 0x8c, 0x9f, 0x7b, 0x7b, 0x2a, 0xce, 0x42, 0xa3, 0xb9, 0x2a, 0x99, 0xa8, 0xc0, 0xd8, 0x3c, 0x86, 0xb0, 0xfb, 0xe9, 0x76, 0x77, 0xf7, 0xf5, 0x56}}},
+{{{0xdf, 0xb3, 0x46, 0x11, 0x6e, 0x13, 0xb7, 0x28, 0x4e, 0x56, 0xdd, 0xf1, 0xac, 0xad, 0x58, 0xc3, 0xf8, 0x88, 0x94, 0x5e, 0x06, 0x98, 0xa1, 0xe4, 0x6a, 0xfb, 0x0a, 0x49, 0x5d, 0x8a, 0xfe, 0x77}} ,
+ {{0x46, 0x02, 0xf5, 0xa5, 0xaf, 0xc5, 0x75, 0x6d, 0xba, 0x45, 0x35, 0x0a, 0xfe, 0xc9, 0xac, 0x22, 0x91, 0x8d, 0x21, 0x95, 0x33, 0x03, 0xc0, 0x8a, 0x16, 0xf3, 0x39, 0xe0, 0x01, 0x0f, 0x53, 0x3c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x34, 0x75, 0x37, 0x1f, 0x34, 0x4e, 0xa9, 0x1d, 0x68, 0x67, 0xf8, 0x49, 0x98, 0x96, 0xfc, 0x4c, 0x65, 0x97, 0xf7, 0x02, 0x4a, 0x52, 0x6c, 0x01, 0xbd, 0x48, 0xbb, 0x1b, 0xed, 0xa4, 0xe2, 0x53}} ,
+ {{0x59, 0xd5, 0x9b, 0x5a, 0xa2, 0x90, 0xd3, 0xb8, 0x37, 0x4c, 0x55, 0x82, 0x28, 0x08, 0x0f, 0x7f, 0xaa, 0x81, 0x65, 0xe0, 0x0c, 0x52, 0xc9, 0xa3, 0x32, 0x27, 0x64, 0xda, 0xfd, 0x34, 0x23, 0x5a}}},
+{{{0xb5, 0xb0, 0x0c, 0x4d, 0xb3, 0x7b, 0x23, 0xc8, 0x1f, 0x8a, 0x39, 0x66, 0xe6, 0xba, 0x4c, 0x10, 0x37, 0xca, 0x9c, 0x7c, 0x05, 0x9e, 0xff, 0xc0, 0xf8, 0x8e, 0xb1, 0x8f, 0x6f, 0x67, 0x18, 0x26}} ,
+ {{0x4b, 0x41, 0x13, 0x54, 0x23, 0x1a, 0xa4, 0x4e, 0xa9, 0x8b, 0x1e, 0x4b, 0xfc, 0x15, 0x24, 0xbb, 0x7e, 0xcb, 0xb6, 0x1e, 0x1b, 0xf5, 0xf2, 0xc8, 0x56, 0xec, 0x32, 0xa2, 0x60, 0x5b, 0xa0, 0x2a}}},
+{{{0xa4, 0x29, 0x47, 0x86, 0x2e, 0x92, 0x4f, 0x11, 0x4f, 0xf3, 0xb2, 0x5c, 0xd5, 0x3e, 0xa6, 0xb9, 0xc8, 0xe2, 0x33, 0x11, 0x1f, 0x01, 0x8f, 0xb0, 0x9b, 0xc7, 0xa5, 0xff, 0x83, 0x0f, 0x1e, 0x28}} ,
+ {{0x1d, 0x29, 0x7a, 0xa1, 0xec, 0x8e, 0xb5, 0xad, 0xea, 0x02, 0x68, 0x60, 0x74, 0x29, 0x1c, 0xa5, 0xcf, 0xc8, 0x3b, 0x7d, 0x8b, 0x2b, 0x7c, 0xad, 0xa4, 0x40, 0x17, 0x51, 0x59, 0x7c, 0x2e, 0x5d}}},
+{{{0x0a, 0x6c, 0x4f, 0xbc, 0x3e, 0x32, 0xe7, 0x4a, 0x1a, 0x13, 0xc1, 0x49, 0x38, 0xbf, 0xf7, 0xc2, 0xd3, 0x8f, 0x6b, 0xad, 0x52, 0xf7, 0xcf, 0xbc, 0x27, 0xcb, 0x40, 0x67, 0x76, 0xcd, 0x6d, 0x56}} ,
+ {{0xe5, 0xb0, 0x27, 0xad, 0xbe, 0x9b, 0xf2, 0xb5, 0x63, 0xde, 0x3a, 0x23, 0x95, 0xb7, 0x0a, 0x7e, 0xf3, 0x9e, 0x45, 0x6f, 0x19, 0x39, 0x75, 0x8f, 0x39, 0x3d, 0x0f, 0xc0, 0x9f, 0xf1, 0xe9, 0x51}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x88, 0xaa, 0x14, 0x24, 0x86, 0x94, 0x11, 0x12, 0x3e, 0x1a, 0xb5, 0xcc, 0xbb, 0xe0, 0x9c, 0xd5, 0x9c, 0x6d, 0xba, 0x58, 0x72, 0x8d, 0xfb, 0x22, 0x7b, 0x9f, 0x7c, 0x94, 0x30, 0xb3, 0x51, 0x21}} ,
+ {{0xf6, 0x74, 0x3d, 0xf2, 0xaf, 0xd0, 0x1e, 0x03, 0x7c, 0x23, 0x6b, 0xc9, 0xfc, 0x25, 0x70, 0x90, 0xdc, 0x9a, 0xa4, 0xfb, 0x49, 0xfc, 0x3d, 0x0a, 0x35, 0x38, 0x6f, 0xe4, 0x7e, 0x50, 0x01, 0x2a}}},
+{{{0xd6, 0xe3, 0x96, 0x61, 0x3a, 0xfd, 0xef, 0x9b, 0x1f, 0x90, 0xa4, 0x24, 0x14, 0x5b, 0xc8, 0xde, 0x50, 0xb1, 0x1d, 0xaf, 0xe8, 0x55, 0x8a, 0x87, 0x0d, 0xfe, 0xaa, 0x3b, 0x82, 0x2c, 0x8d, 0x7b}} ,
+ {{0x85, 0x0c, 0xaf, 0xf8, 0x83, 0x44, 0x49, 0xd9, 0x45, 0xcf, 0xf7, 0x48, 0xd9, 0x53, 0xb4, 0xf1, 0x65, 0xa0, 0xe1, 0xc3, 0xb3, 0x15, 0xed, 0x89, 0x9b, 0x4f, 0x62, 0xb3, 0x57, 0xa5, 0x45, 0x1c}}},
+{{{0x8f, 0x12, 0xea, 0xaf, 0xd1, 0x1f, 0x79, 0x10, 0x0b, 0xf6, 0xa3, 0x7b, 0xea, 0xac, 0x8b, 0x57, 0x32, 0x62, 0xe7, 0x06, 0x12, 0x51, 0xa0, 0x3b, 0x43, 0x5e, 0xa4, 0x20, 0x78, 0x31, 0xce, 0x0d}} ,
+ {{0x84, 0x7c, 0xc2, 0xa6, 0x91, 0x23, 0xce, 0xbd, 0xdc, 0xf9, 0xce, 0xd5, 0x75, 0x30, 0x22, 0xe6, 0xf9, 0x43, 0x62, 0x0d, 0xf7, 0x75, 0x9d, 0x7f, 0x8c, 0xff, 0x7d, 0xe4, 0x72, 0xac, 0x9f, 0x1c}}},
+{{{0x88, 0xc1, 0x99, 0xd0, 0x3c, 0x1c, 0x5d, 0xb4, 0xef, 0x13, 0x0f, 0x90, 0xb9, 0x36, 0x2f, 0x95, 0x95, 0xc6, 0xdc, 0xde, 0x0a, 0x51, 0xe2, 0x8d, 0xf3, 0xbc, 0x51, 0xec, 0xdf, 0xb1, 0xa2, 0x5f}} ,
+ {{0x2e, 0x68, 0xa1, 0x23, 0x7d, 0x9b, 0x40, 0x69, 0x85, 0x7b, 0x42, 0xbf, 0x90, 0x4b, 0xd6, 0x40, 0x2f, 0xd7, 0x52, 0x52, 0xb2, 0x21, 0xde, 0x64, 0xbd, 0x88, 0xc3, 0x6d, 0xa5, 0xfa, 0x81, 0x3f}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xfb, 0xfd, 0x47, 0x7b, 0x8a, 0x66, 0x9e, 0x79, 0x2e, 0x64, 0x82, 0xef, 0xf7, 0x21, 0xec, 0xf6, 0xd8, 0x86, 0x09, 0x31, 0x7c, 0xdd, 0x03, 0x6a, 0x58, 0xa0, 0x77, 0xb7, 0x9b, 0x8c, 0x87, 0x1f}} ,
+ {{0x55, 0x47, 0xe4, 0xa8, 0x3d, 0x55, 0x21, 0x34, 0xab, 0x1d, 0xae, 0xe0, 0xf4, 0xea, 0xdb, 0xc5, 0xb9, 0x58, 0xbf, 0xc4, 0x2a, 0x89, 0x31, 0x1a, 0xf4, 0x2d, 0xe1, 0xca, 0x37, 0x99, 0x47, 0x59}}},
+{{{0xc7, 0xca, 0x63, 0xc1, 0x49, 0xa9, 0x35, 0x45, 0x55, 0x7e, 0xda, 0x64, 0x32, 0x07, 0x50, 0xf7, 0x32, 0xac, 0xde, 0x75, 0x58, 0x9b, 0x11, 0xb2, 0x3a, 0x1f, 0xf5, 0xf7, 0x79, 0x04, 0xe6, 0x08}} ,
+ {{0x46, 0xfa, 0x22, 0x4b, 0xfa, 0xe1, 0xfe, 0x96, 0xfc, 0x67, 0xba, 0x67, 0x97, 0xc4, 0xe7, 0x1b, 0x86, 0x90, 0x5f, 0xee, 0xf4, 0x5b, 0x11, 0xb2, 0xcd, 0xad, 0xee, 0xc2, 0x48, 0x6c, 0x2b, 0x1b}}},
+{{{0xe3, 0x39, 0x62, 0xb4, 0x4f, 0x31, 0x04, 0xc9, 0xda, 0xd5, 0x73, 0x51, 0x57, 0xc5, 0xb8, 0xf3, 0xa3, 0x43, 0x70, 0xe4, 0x61, 0x81, 0x84, 0xe2, 0xbb, 0xbf, 0x4f, 0x9e, 0xa4, 0x5e, 0x74, 0x06}} ,
+ {{0x29, 0xac, 0xff, 0x27, 0xe0, 0x59, 0xbe, 0x39, 0x9c, 0x0d, 0x83, 0xd7, 0x10, 0x0b, 0x15, 0xb7, 0xe1, 0xc2, 0x2c, 0x30, 0x73, 0x80, 0x3a, 0x7d, 0x5d, 0xab, 0x58, 0x6b, 0xc1, 0xf0, 0xf4, 0x22}}},
+{{{0xfe, 0x7f, 0xfb, 0x35, 0x7d, 0xc6, 0x01, 0x23, 0x28, 0xc4, 0x02, 0xac, 0x1f, 0x42, 0xb4, 0x9d, 0xfc, 0x00, 0x94, 0xa5, 0xee, 0xca, 0xda, 0x97, 0x09, 0x41, 0x77, 0x87, 0x5d, 0x7b, 0x87, 0x78}} ,
+ {{0xf5, 0xfb, 0x90, 0x2d, 0x81, 0x19, 0x9e, 0x2f, 0x6d, 0x85, 0x88, 0x8c, 0x40, 0x5c, 0x77, 0x41, 0x4d, 0x01, 0x19, 0x76, 0x60, 0xe8, 0x4c, 0x48, 0xe4, 0x33, 0x83, 0x32, 0x6c, 0xb4, 0x41, 0x03}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xff, 0x10, 0xc2, 0x09, 0x4f, 0x6e, 0xf4, 0xd2, 0xdf, 0x7e, 0xca, 0x7b, 0x1c, 0x1d, 0xba, 0xa3, 0xb6, 0xda, 0x67, 0x33, 0xd4, 0x87, 0x36, 0x4b, 0x11, 0x20, 0x05, 0xa6, 0x29, 0xc1, 0x87, 0x17}} ,
+ {{0xf6, 0x96, 0xca, 0x2f, 0xda, 0x38, 0xa7, 0x1b, 0xfc, 0xca, 0x7d, 0xfe, 0x08, 0x89, 0xe2, 0x47, 0x2b, 0x6a, 0x5d, 0x4b, 0xfa, 0xa1, 0xb4, 0xde, 0xb6, 0xc2, 0x31, 0x51, 0xf5, 0xe0, 0xa4, 0x0b}}},
+{{{0x5c, 0xe5, 0xc6, 0x04, 0x8e, 0x2b, 0x57, 0xbe, 0x38, 0x85, 0x23, 0xcb, 0xb7, 0xbe, 0x4f, 0xa9, 0xd3, 0x6e, 0x12, 0xaa, 0xd5, 0xb2, 0x2e, 0x93, 0x29, 0x9a, 0x4a, 0x88, 0x18, 0x43, 0xf5, 0x01}} ,
+ {{0x50, 0xfc, 0xdb, 0xa2, 0x59, 0x21, 0x8d, 0xbd, 0x7e, 0x33, 0xae, 0x2f, 0x87, 0x1a, 0xd0, 0x97, 0xc7, 0x0d, 0x4d, 0x63, 0x01, 0xef, 0x05, 0x84, 0xec, 0x40, 0xdd, 0xa8, 0x0a, 0x4f, 0x70, 0x0b}}},
+{{{0x41, 0x69, 0x01, 0x67, 0x5c, 0xd3, 0x8a, 0xc5, 0xcf, 0x3f, 0xd1, 0x57, 0xd1, 0x67, 0x3e, 0x01, 0x39, 0xb5, 0xcb, 0x81, 0x56, 0x96, 0x26, 0xb6, 0xc2, 0xe7, 0x5c, 0xfb, 0x63, 0x97, 0x58, 0x06}} ,
+ {{0x0c, 0x0e, 0xf3, 0xba, 0xf0, 0xe5, 0xba, 0xb2, 0x57, 0x77, 0xc6, 0x20, 0x9b, 0x89, 0x24, 0xbe, 0xf2, 0x9c, 0x8a, 0xba, 0x69, 0xc1, 0xf1, 0xb0, 0x4f, 0x2a, 0x05, 0x9a, 0xee, 0x10, 0x7e, 0x36}}},
+{{{0x3f, 0x26, 0xe9, 0x40, 0xe9, 0x03, 0xad, 0x06, 0x69, 0x91, 0xe0, 0xd1, 0x89, 0x60, 0x84, 0x79, 0xde, 0x27, 0x6d, 0xe6, 0x76, 0xbd, 0xea, 0xe6, 0xae, 0x48, 0xc3, 0x67, 0xc0, 0x57, 0xcd, 0x2f}} ,
+ {{0x7f, 0xc1, 0xdc, 0xb9, 0xc7, 0xbc, 0x86, 0x3d, 0x55, 0x4b, 0x28, 0x7a, 0xfb, 0x4d, 0xc7, 0xf8, 0xbc, 0x67, 0x2a, 0x60, 0x4d, 0x8f, 0x07, 0x0b, 0x1a, 0x17, 0xbf, 0xfa, 0xac, 0xa7, 0x3d, 0x1a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x91, 0x3f, 0xed, 0x5e, 0x18, 0x78, 0x3f, 0x23, 0x2c, 0x0d, 0x8c, 0x44, 0x00, 0xe8, 0xfb, 0xe9, 0x8e, 0xd6, 0xd1, 0x36, 0x58, 0x57, 0x9e, 0xae, 0x4b, 0x5c, 0x0b, 0x07, 0xbc, 0x6b, 0x55, 0x2b}} ,
+ {{0x6f, 0x4d, 0x17, 0xd7, 0xe1, 0x84, 0xd9, 0x78, 0xb1, 0x90, 0xfd, 0x2e, 0xb3, 0xb5, 0x19, 0x3f, 0x1b, 0xfa, 0xc0, 0x68, 0xb3, 0xdd, 0x00, 0x2e, 0x89, 0xbd, 0x7e, 0x80, 0x32, 0x13, 0xa0, 0x7b}}},
+{{{0x1a, 0x6f, 0x40, 0xaf, 0x44, 0x44, 0xb0, 0x43, 0x8f, 0x0d, 0xd0, 0x1e, 0xc4, 0x0b, 0x19, 0x5d, 0x8e, 0xfe, 0xc1, 0xf3, 0xc5, 0x5c, 0x91, 0xf8, 0x04, 0x4e, 0xbe, 0x90, 0xb4, 0x47, 0x5c, 0x3f}} ,
+ {{0xb0, 0x3b, 0x2c, 0xf3, 0xfe, 0x32, 0x71, 0x07, 0x3f, 0xaa, 0xba, 0x45, 0x60, 0xa8, 0x8d, 0xea, 0x54, 0xcb, 0x39, 0x10, 0xb4, 0xf2, 0x8b, 0xd2, 0x14, 0x82, 0x42, 0x07, 0x8e, 0xe9, 0x7c, 0x53}}},
+{{{0xb0, 0xae, 0xc1, 0x8d, 0xc9, 0x8f, 0xb9, 0x7a, 0x77, 0xef, 0xba, 0x79, 0xa0, 0x3c, 0xa8, 0xf5, 0x6a, 0xe2, 0x3f, 0x5d, 0x00, 0xe3, 0x4b, 0x45, 0x24, 0x7b, 0x43, 0x78, 0x55, 0x1d, 0x2b, 0x1e}} ,
+ {{0x01, 0xb8, 0xd6, 0x16, 0x67, 0xa0, 0x15, 0xb9, 0xe1, 0x58, 0xa4, 0xa7, 0x31, 0x37, 0x77, 0x2f, 0x8b, 0x12, 0x9f, 0xf4, 0x3f, 0xc7, 0x36, 0x66, 0xd2, 0xa8, 0x56, 0xf7, 0x7f, 0x74, 0xc6, 0x41}}},
+{{{0x5d, 0xf8, 0xb4, 0xa8, 0x30, 0xdd, 0xcc, 0x38, 0xa5, 0xd3, 0xca, 0xd8, 0xd1, 0xf8, 0xb2, 0x31, 0x91, 0xd4, 0x72, 0x05, 0x57, 0x4a, 0x3b, 0x82, 0x4a, 0xc6, 0x68, 0x20, 0xe2, 0x18, 0x41, 0x61}} ,
+ {{0x19, 0xd4, 0x8d, 0x47, 0x29, 0x12, 0x65, 0xb0, 0x11, 0x78, 0x47, 0xb5, 0xcb, 0xa3, 0xa5, 0xfa, 0x05, 0x85, 0x54, 0xa9, 0x33, 0x97, 0x8d, 0x2b, 0xc2, 0xfe, 0x99, 0x35, 0x28, 0xe5, 0xeb, 0x63}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xb1, 0x3f, 0x3f, 0xef, 0xd8, 0xf4, 0xfc, 0xb3, 0xa0, 0x60, 0x50, 0x06, 0x2b, 0x29, 0x52, 0x70, 0x15, 0x0b, 0x24, 0x24, 0xf8, 0x5f, 0x79, 0x18, 0xcc, 0xff, 0x89, 0x99, 0x84, 0xa1, 0xae, 0x13}} ,
+ {{0x44, 0x1f, 0xb8, 0xc2, 0x01, 0xc1, 0x30, 0x19, 0x55, 0x05, 0x60, 0x10, 0xa4, 0x6c, 0x2d, 0x67, 0x70, 0xe5, 0x25, 0x1b, 0xf2, 0xbf, 0xdd, 0xfb, 0x70, 0x2b, 0xa1, 0x8c, 0x9c, 0x94, 0x84, 0x08}}},
+{{{0xe7, 0xc4, 0x43, 0x4d, 0xc9, 0x2b, 0x69, 0x5d, 0x1d, 0x3c, 0xaf, 0xbb, 0x43, 0x38, 0x4e, 0x98, 0x3d, 0xed, 0x0d, 0x21, 0x03, 0xfd, 0xf0, 0x99, 0x47, 0x04, 0xb0, 0x98, 0x69, 0x55, 0x72, 0x0f}} ,
+ {{0x5e, 0xdf, 0x15, 0x53, 0x3b, 0x86, 0x80, 0xb0, 0xf1, 0x70, 0x68, 0x8f, 0x66, 0x7c, 0x0e, 0x49, 0x1a, 0xd8, 0x6b, 0xfe, 0x4e, 0xef, 0xca, 0x47, 0xd4, 0x03, 0xc1, 0x37, 0x50, 0x9c, 0xc1, 0x16}}},
+{{{0xcd, 0x24, 0xc6, 0x3e, 0x0c, 0x82, 0x9b, 0x91, 0x2b, 0x61, 0x4a, 0xb2, 0x0f, 0x88, 0x55, 0x5f, 0x5a, 0x57, 0xff, 0xe5, 0x74, 0x0b, 0x13, 0x43, 0x00, 0xd8, 0x6b, 0xcf, 0xd2, 0x15, 0x03, 0x2c}} ,
+ {{0xdc, 0xff, 0x15, 0x61, 0x2f, 0x4a, 0x2f, 0x62, 0xf2, 0x04, 0x2f, 0xb5, 0x0c, 0xb7, 0x1e, 0x3f, 0x74, 0x1a, 0x0f, 0xd7, 0xea, 0xcd, 0xd9, 0x7d, 0xf6, 0x12, 0x0e, 0x2f, 0xdb, 0x5a, 0x3b, 0x16}}},
+{{{0x1b, 0x37, 0x47, 0xe3, 0xf5, 0x9e, 0xea, 0x2c, 0x2a, 0xe7, 0x82, 0x36, 0xf4, 0x1f, 0x81, 0x47, 0x92, 0x4b, 0x69, 0x0e, 0x11, 0x8c, 0x5d, 0x53, 0x5b, 0x81, 0x27, 0x08, 0xbc, 0xa0, 0xae, 0x25}} ,
+ {{0x69, 0x32, 0xa1, 0x05, 0x11, 0x42, 0x00, 0xd2, 0x59, 0xac, 0x4d, 0x62, 0x8b, 0x13, 0xe2, 0x50, 0x5d, 0xa0, 0x9d, 0x9b, 0xfd, 0xbb, 0x12, 0x41, 0x75, 0x41, 0x9e, 0xcc, 0xdc, 0xc7, 0xdc, 0x5d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd9, 0xe3, 0x38, 0x06, 0x46, 0x70, 0x82, 0x5e, 0x28, 0x49, 0x79, 0xff, 0x25, 0xd2, 0x4e, 0x29, 0x8d, 0x06, 0xb0, 0x23, 0xae, 0x9b, 0x66, 0xe4, 0x7d, 0xc0, 0x70, 0x91, 0xa3, 0xfc, 0xec, 0x4e}} ,
+ {{0x62, 0x12, 0x37, 0x6a, 0x30, 0xf6, 0x1e, 0xfb, 0x14, 0x5c, 0x0d, 0x0e, 0xb7, 0x81, 0x6a, 0xe7, 0x08, 0x05, 0xac, 0xaa, 0x38, 0x46, 0xe2, 0x73, 0xea, 0x4b, 0x07, 0x81, 0x43, 0x7c, 0x9e, 0x5e}}},
+{{{0xfc, 0xf9, 0x21, 0x4f, 0x2e, 0x76, 0x9b, 0x1f, 0x28, 0x60, 0x77, 0x43, 0x32, 0x9d, 0xbe, 0x17, 0x30, 0x2a, 0xc6, 0x18, 0x92, 0x66, 0x62, 0x30, 0x98, 0x40, 0x11, 0xa6, 0x7f, 0x18, 0x84, 0x28}} ,
+ {{0x3f, 0xab, 0xd3, 0xf4, 0x8a, 0x76, 0xa1, 0x3c, 0xca, 0x2d, 0x49, 0xc3, 0xea, 0x08, 0x0b, 0x85, 0x17, 0x2a, 0xc3, 0x6c, 0x08, 0xfd, 0x57, 0x9f, 0x3d, 0x5f, 0xdf, 0x67, 0x68, 0x42, 0x00, 0x32}}},
+{{{0x51, 0x60, 0x1b, 0x06, 0x4f, 0x8a, 0x21, 0xba, 0x38, 0xa8, 0xba, 0xd6, 0x40, 0xf6, 0xe9, 0x9b, 0x76, 0x4d, 0x56, 0x21, 0x5b, 0x0a, 0x9b, 0x2e, 0x4f, 0x3d, 0x81, 0x32, 0x08, 0x9f, 0x97, 0x5b}} ,
+ {{0xe5, 0x44, 0xec, 0x06, 0x9d, 0x90, 0x79, 0x9f, 0xd3, 0xe0, 0x79, 0xaf, 0x8f, 0x10, 0xfd, 0xdd, 0x04, 0xae, 0x27, 0x97, 0x46, 0x33, 0x79, 0xea, 0xb8, 0x4e, 0xca, 0x5a, 0x59, 0x57, 0xe1, 0x0e}}},
+{{{0x1a, 0xda, 0xf3, 0xa5, 0x41, 0x43, 0x28, 0xfc, 0x7e, 0xe7, 0x71, 0xea, 0xc6, 0x3b, 0x59, 0xcc, 0x2e, 0xd3, 0x40, 0xec, 0xb3, 0x13, 0x6f, 0x44, 0xcd, 0x13, 0xb2, 0x37, 0xf2, 0x6e, 0xd9, 0x1c}} ,
+ {{0xe3, 0xdb, 0x60, 0xcd, 0x5c, 0x4a, 0x18, 0x0f, 0xef, 0x73, 0x36, 0x71, 0x8c, 0xf6, 0x11, 0xb4, 0xd8, 0xce, 0x17, 0x5e, 0x4f, 0x26, 0x77, 0x97, 0x5f, 0xcb, 0xef, 0x91, 0xeb, 0x6a, 0x62, 0x7a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x18, 0x4a, 0xa2, 0x97, 0x08, 0x81, 0x2d, 0x83, 0xc4, 0xcc, 0xf0, 0x83, 0x7e, 0xec, 0x0d, 0x95, 0x4c, 0x5b, 0xfb, 0xfa, 0x98, 0x80, 0x4a, 0x66, 0x56, 0x0c, 0x51, 0xb3, 0xf2, 0x04, 0x5d, 0x27}} ,
+ {{0x3b, 0xb9, 0xb8, 0x06, 0x5a, 0x2e, 0xfe, 0xc3, 0x82, 0x37, 0x9c, 0xa3, 0x11, 0x1f, 0x9c, 0xa6, 0xda, 0x63, 0x48, 0x9b, 0xad, 0xde, 0x2d, 0xa6, 0xbc, 0x6e, 0x32, 0xda, 0x27, 0x65, 0xdd, 0x57}}},
+{{{0x84, 0x4f, 0x37, 0x31, 0x7d, 0x2e, 0xbc, 0xad, 0x87, 0x07, 0x2a, 0x6b, 0x37, 0xfc, 0x5f, 0xeb, 0x4e, 0x75, 0x35, 0xa6, 0xde, 0xab, 0x0a, 0x19, 0x3a, 0xb7, 0xb1, 0xef, 0x92, 0x6a, 0x3b, 0x3c}} ,
+ {{0x3b, 0xb2, 0x94, 0x6d, 0x39, 0x60, 0xac, 0xee, 0xe7, 0x81, 0x1a, 0x3b, 0x76, 0x87, 0x5c, 0x05, 0x94, 0x2a, 0x45, 0xb9, 0x80, 0xe9, 0x22, 0xb1, 0x07, 0xcb, 0x40, 0x9e, 0x70, 0x49, 0x6d, 0x12}}},
+{{{0xfd, 0x18, 0x78, 0x84, 0xa8, 0x4c, 0x7d, 0x6e, 0x59, 0xa6, 0xe5, 0x74, 0xf1, 0x19, 0xa6, 0x84, 0x2e, 0x51, 0xc1, 0x29, 0x13, 0xf2, 0x14, 0x6b, 0x5d, 0x53, 0x51, 0xf7, 0xef, 0xbf, 0x01, 0x22}} ,
+ {{0xa4, 0x4b, 0x62, 0x4c, 0xe6, 0xfd, 0x72, 0x07, 0xf2, 0x81, 0xfc, 0xf2, 0xbd, 0x12, 0x7c, 0x68, 0x76, 0x2a, 0xba, 0xf5, 0x65, 0xb1, 0x1f, 0x17, 0x0a, 0x38, 0xb0, 0xbf, 0xc0, 0xf8, 0xf4, 0x2a}}},
+{{{0x55, 0x60, 0x55, 0x5b, 0xe4, 0x1d, 0x71, 0x4c, 0x9d, 0x5b, 0x9f, 0x70, 0xa6, 0x85, 0x9a, 0x2c, 0xa0, 0xe2, 0x32, 0x48, 0xce, 0x9e, 0x2a, 0xa5, 0x07, 0x3b, 0xc7, 0x6c, 0x86, 0x77, 0xde, 0x3c}} ,
+ {{0xf7, 0x18, 0x7a, 0x96, 0x7e, 0x43, 0x57, 0xa9, 0x55, 0xfc, 0x4e, 0xb6, 0x72, 0x00, 0xf2, 0xe4, 0xd7, 0x52, 0xd3, 0xd3, 0xb6, 0x85, 0xf6, 0x71, 0xc7, 0x44, 0x3f, 0x7f, 0xd7, 0xb3, 0xf2, 0x79}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x46, 0xca, 0xa7, 0x55, 0x7b, 0x79, 0xf3, 0xca, 0x5a, 0x65, 0xf6, 0xed, 0x50, 0x14, 0x7b, 0xe4, 0xc4, 0x2a, 0x65, 0x9e, 0xe2, 0xf9, 0xca, 0xa7, 0x22, 0x26, 0x53, 0xcb, 0x21, 0x5b, 0xa7, 0x31}} ,
+ {{0x90, 0xd7, 0xc5, 0x26, 0x08, 0xbd, 0xb0, 0x53, 0x63, 0x58, 0xc3, 0x31, 0x5e, 0x75, 0x46, 0x15, 0x91, 0xa6, 0xf8, 0x2f, 0x1a, 0x08, 0x65, 0x88, 0x2f, 0x98, 0x04, 0xf1, 0x7c, 0x6e, 0x00, 0x77}}},
+{{{0x81, 0x21, 0x61, 0x09, 0xf6, 0x4e, 0xf1, 0x92, 0xee, 0x63, 0x61, 0x73, 0x87, 0xc7, 0x54, 0x0e, 0x42, 0x4b, 0xc9, 0x47, 0xd1, 0xb8, 0x7e, 0x91, 0x75, 0x37, 0x99, 0x28, 0xb8, 0xdd, 0x7f, 0x50}} ,
+ {{0x89, 0x8f, 0xc0, 0xbe, 0x5d, 0xd6, 0x9f, 0xa0, 0xf0, 0x9d, 0x81, 0xce, 0x3a, 0x7b, 0x98, 0x58, 0xbb, 0xd7, 0x78, 0xc8, 0x3f, 0x13, 0xf1, 0x74, 0x19, 0xdf, 0xf8, 0x98, 0x89, 0x5d, 0xfa, 0x5f}}},
+{{{0x9e, 0x35, 0x85, 0x94, 0x47, 0x1f, 0x90, 0x15, 0x26, 0xd0, 0x84, 0xed, 0x8a, 0x80, 0xf7, 0x63, 0x42, 0x86, 0x27, 0xd7, 0xf4, 0x75, 0x58, 0xdc, 0x9c, 0xc0, 0x22, 0x7e, 0x20, 0x35, 0xfd, 0x1f}} ,
+ {{0x68, 0x0e, 0x6f, 0x97, 0xba, 0x70, 0xbb, 0xa3, 0x0e, 0xe5, 0x0b, 0x12, 0xf4, 0xa2, 0xdc, 0x47, 0xf8, 0xe6, 0xd0, 0x23, 0x6c, 0x33, 0xa8, 0x99, 0x46, 0x6e, 0x0f, 0x44, 0xba, 0x76, 0x48, 0x0f}}},
+{{{0xa3, 0x2a, 0x61, 0x37, 0xe2, 0x59, 0x12, 0x0e, 0x27, 0xba, 0x64, 0x43, 0xae, 0xc0, 0x42, 0x69, 0x79, 0xa4, 0x1e, 0x29, 0x8b, 0x15, 0xeb, 0xf8, 0xaf, 0xd4, 0xa2, 0x68, 0x33, 0xb5, 0x7a, 0x24}} ,
+ {{0x2c, 0x19, 0x33, 0xdd, 0x1b, 0xab, 0xec, 0x01, 0xb0, 0x23, 0xf8, 0x42, 0x2b, 0x06, 0x88, 0xea, 0x3d, 0x2d, 0x00, 0x2a, 0x78, 0x45, 0x4d, 0x38, 0xed, 0x2e, 0x2e, 0x44, 0x49, 0xed, 0xcb, 0x33}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xa0, 0x68, 0xe8, 0x41, 0x8f, 0x91, 0xf8, 0x11, 0x13, 0x90, 0x2e, 0xa7, 0xab, 0x30, 0xef, 0xad, 0xa0, 0x61, 0x00, 0x88, 0xef, 0xdb, 0xce, 0x5b, 0x5c, 0xbb, 0x62, 0xc8, 0x56, 0xf9, 0x00, 0x73}} ,
+ {{0x3f, 0x60, 0xc1, 0x82, 0x2d, 0xa3, 0x28, 0x58, 0x24, 0x9e, 0x9f, 0xe3, 0x70, 0xcc, 0x09, 0x4e, 0x1a, 0x3f, 0x11, 0x11, 0x15, 0x07, 0x3c, 0xa4, 0x41, 0xe0, 0x65, 0xa3, 0x0a, 0x41, 0x6d, 0x11}}},
+{{{0x31, 0x40, 0x01, 0x52, 0x56, 0x94, 0x5b, 0x28, 0x8a, 0xaa, 0x52, 0xee, 0xd8, 0x0a, 0x05, 0x8d, 0xcd, 0xb5, 0xaa, 0x2e, 0x38, 0xaa, 0xb7, 0x87, 0xf7, 0x2b, 0xfb, 0x04, 0xcb, 0x84, 0x3d, 0x54}} ,
+ {{0x20, 0xef, 0x59, 0xde, 0xa4, 0x2b, 0x93, 0x6e, 0x2e, 0xec, 0x42, 0x9a, 0xd4, 0x2d, 0xf4, 0x46, 0x58, 0x27, 0x2b, 0x18, 0x8f, 0x83, 0x3d, 0x69, 0x9e, 0xd4, 0x3e, 0xb6, 0xc5, 0xfd, 0x58, 0x03}}},
+{{{0x33, 0x89, 0xc9, 0x63, 0x62, 0x1c, 0x17, 0xb4, 0x60, 0xc4, 0x26, 0x68, 0x09, 0xc3, 0x2e, 0x37, 0x0f, 0x7b, 0xb4, 0x9c, 0xb6, 0xf9, 0xfb, 0xd4, 0x51, 0x78, 0xc8, 0x63, 0xea, 0x77, 0x47, 0x07}} ,
+ {{0x32, 0xb4, 0x18, 0x47, 0x79, 0xcb, 0xd4, 0x5a, 0x07, 0x14, 0x0f, 0xa0, 0xd5, 0xac, 0xd0, 0x41, 0x40, 0xab, 0x61, 0x23, 0xe5, 0x2a, 0x2a, 0x6f, 0xf7, 0xa8, 0xd4, 0x76, 0xef, 0xe7, 0x45, 0x6c}}},
+{{{0xa1, 0x5e, 0x60, 0x4f, 0xfb, 0xe1, 0x70, 0x6a, 0x1f, 0x55, 0x4f, 0x09, 0xb4, 0x95, 0x33, 0x36, 0xc6, 0x81, 0x01, 0x18, 0x06, 0x25, 0x27, 0xa4, 0xb4, 0x24, 0xa4, 0x86, 0x03, 0x4c, 0xac, 0x02}} ,
+ {{0x77, 0x38, 0xde, 0xd7, 0x60, 0x48, 0x07, 0xf0, 0x74, 0xa8, 0xff, 0x54, 0xe5, 0x30, 0x43, 0xff, 0x77, 0xfb, 0x21, 0x07, 0xff, 0xb2, 0x07, 0x6b, 0xe4, 0xe5, 0x30, 0xfc, 0x19, 0x6c, 0xa3, 0x01}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x13, 0xc5, 0x2c, 0xac, 0xd3, 0x83, 0x82, 0x7c, 0x29, 0xf7, 0x05, 0xa5, 0x00, 0xb6, 0x1f, 0x86, 0x55, 0xf4, 0xd6, 0x2f, 0x0c, 0x99, 0xd0, 0x65, 0x9b, 0x6b, 0x46, 0x0d, 0x43, 0xf8, 0x16, 0x28}} ,
+ {{0x1e, 0x7f, 0xb4, 0x74, 0x7e, 0xb1, 0x89, 0x4f, 0x18, 0x5a, 0xab, 0x64, 0x06, 0xdf, 0x45, 0x87, 0xe0, 0x6a, 0xc6, 0xf0, 0x0e, 0xc9, 0x24, 0x35, 0x38, 0xea, 0x30, 0x54, 0xb4, 0xc4, 0x52, 0x54}}},
+{{{0xe9, 0x9f, 0xdc, 0x3f, 0xc1, 0x89, 0x44, 0x74, 0x27, 0xe4, 0xc1, 0x90, 0xff, 0x4a, 0xa7, 0x3c, 0xee, 0xcd, 0xf4, 0x1d, 0x25, 0x94, 0x7f, 0x63, 0x16, 0x48, 0xbc, 0x64, 0xfe, 0x95, 0xc4, 0x0c}} ,
+ {{0x8b, 0x19, 0x75, 0x6e, 0x03, 0x06, 0x5e, 0x6a, 0x6f, 0x1a, 0x8c, 0xe3, 0xd3, 0x28, 0xf2, 0xe0, 0xb9, 0x7a, 0x43, 0x69, 0xe6, 0xd3, 0xc0, 0xfe, 0x7e, 0x97, 0xab, 0x6c, 0x7b, 0x8e, 0x13, 0x42}}},
+{{{0xd4, 0xca, 0x70, 0x3d, 0xab, 0xfb, 0x5f, 0x5e, 0x00, 0x0c, 0xcc, 0x77, 0x22, 0xf8, 0x78, 0x55, 0xae, 0x62, 0x35, 0xfb, 0x9a, 0xc6, 0x03, 0xe4, 0x0c, 0xee, 0xab, 0xc7, 0xc0, 0x89, 0x87, 0x54}} ,
+ {{0x32, 0xad, 0xae, 0x85, 0x58, 0x43, 0xb8, 0xb1, 0xe6, 0x3e, 0x00, 0x9c, 0x78, 0x88, 0x56, 0xdb, 0x9c, 0xfc, 0x79, 0xf6, 0xf9, 0x41, 0x5f, 0xb7, 0xbc, 0x11, 0xf9, 0x20, 0x36, 0x1c, 0x53, 0x2b}}},
+{{{0x5a, 0x20, 0x5b, 0xa1, 0xa5, 0x44, 0x91, 0x24, 0x02, 0x63, 0x12, 0x64, 0xb8, 0x55, 0xf6, 0xde, 0x2c, 0xdb, 0x47, 0xb8, 0xc6, 0x0a, 0xc3, 0x00, 0x78, 0x93, 0xd8, 0xf5, 0xf5, 0x18, 0x28, 0x0a}} ,
+ {{0xd6, 0x1b, 0x9a, 0x6c, 0xe5, 0x46, 0xea, 0x70, 0x96, 0x8d, 0x4e, 0x2a, 0x52, 0x21, 0x26, 0x4b, 0xb1, 0xbb, 0x0f, 0x7c, 0xa9, 0x9b, 0x04, 0xbb, 0x51, 0x08, 0xf1, 0x9a, 0xa4, 0x76, 0x7c, 0x18}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xfa, 0x94, 0xf7, 0x40, 0xd0, 0xd7, 0xeb, 0xa9, 0x82, 0x36, 0xd5, 0x15, 0xb9, 0x33, 0x7a, 0xbf, 0x8a, 0xf2, 0x63, 0xaa, 0x37, 0xf5, 0x59, 0xac, 0xbd, 0xbb, 0x32, 0x36, 0xbe, 0x73, 0x99, 0x38}} ,
+ {{0x2c, 0xb3, 0xda, 0x7a, 0xd8, 0x3d, 0x99, 0xca, 0xd2, 0xf4, 0xda, 0x99, 0x8e, 0x4f, 0x98, 0xb7, 0xf4, 0xae, 0x3e, 0x9f, 0x8e, 0x35, 0x60, 0xa4, 0x33, 0x75, 0xa4, 0x04, 0x93, 0xb1, 0x6b, 0x4d}}},
+{{{0x97, 0x9d, 0xa8, 0xcd, 0x97, 0x7b, 0x9d, 0xb9, 0xe7, 0xa5, 0xef, 0xfd, 0xa8, 0x42, 0x6b, 0xc3, 0x62, 0x64, 0x7d, 0xa5, 0x1b, 0xc9, 0x9e, 0xd2, 0x45, 0xb9, 0xee, 0x03, 0xb0, 0xbf, 0xc0, 0x68}} ,
+ {{0xed, 0xb7, 0x84, 0x2c, 0xf6, 0xd3, 0xa1, 0x6b, 0x24, 0x6d, 0x87, 0x56, 0x97, 0x59, 0x79, 0x62, 0x9f, 0xac, 0xed, 0xf3, 0xc9, 0x89, 0x21, 0x2e, 0x04, 0xb3, 0xcc, 0x2f, 0xbe, 0xd6, 0x0a, 0x4b}}},
+{{{0x39, 0x61, 0x05, 0xed, 0x25, 0x89, 0x8b, 0x5d, 0x1b, 0xcb, 0x0c, 0x55, 0xf4, 0x6a, 0x00, 0x8a, 0x46, 0xe8, 0x1e, 0xc6, 0x83, 0xc8, 0x5a, 0x76, 0xdb, 0xcc, 0x19, 0x7a, 0xcc, 0x67, 0x46, 0x0b}} ,
+ {{0x53, 0xcf, 0xc2, 0xa1, 0xad, 0x6a, 0xf3, 0xcd, 0x8f, 0xc9, 0xde, 0x1c, 0xf8, 0x6c, 0x8f, 0xf8, 0x76, 0x42, 0xe7, 0xfe, 0xb2, 0x72, 0x21, 0x0a, 0x66, 0x74, 0x8f, 0xb7, 0xeb, 0xe4, 0x6f, 0x01}}},
+{{{0x22, 0x8c, 0x6b, 0xbe, 0xfc, 0x4d, 0x70, 0x62, 0x6e, 0x52, 0x77, 0x99, 0x88, 0x7e, 0x7b, 0x57, 0x7a, 0x0d, 0xfe, 0xdc, 0x72, 0x92, 0xf1, 0x68, 0x1d, 0x97, 0xd7, 0x7c, 0x8d, 0x53, 0x10, 0x37}} ,
+ {{0x53, 0x88, 0x77, 0x02, 0xca, 0x27, 0xa8, 0xe5, 0x45, 0xe2, 0xa8, 0x48, 0x2a, 0xab, 0x18, 0xca, 0xea, 0x2d, 0x2a, 0x54, 0x17, 0x37, 0x32, 0x09, 0xdc, 0xe0, 0x4a, 0xb7, 0x7d, 0x82, 0x10, 0x7d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x8a, 0x64, 0x1e, 0x14, 0x0a, 0x57, 0xd4, 0xda, 0x5c, 0x96, 0x9b, 0x01, 0x4c, 0x67, 0xbf, 0x8b, 0x30, 0xfe, 0x08, 0xdb, 0x0d, 0xd5, 0xa8, 0xd7, 0x09, 0x11, 0x85, 0xa2, 0xd3, 0x45, 0xfb, 0x7e}} ,
+ {{0xda, 0x8c, 0xc2, 0xd0, 0xac, 0x18, 0xe8, 0x52, 0x36, 0xd4, 0x21, 0xa3, 0xdd, 0x57, 0x22, 0x79, 0xb7, 0xf8, 0x71, 0x9d, 0xc6, 0x91, 0x70, 0x86, 0x56, 0xbf, 0xa1, 0x11, 0x8b, 0x19, 0xe1, 0x0f}}},
+{{{0x18, 0x32, 0x98, 0x2c, 0x8f, 0x91, 0xae, 0x12, 0xf0, 0x8c, 0xea, 0xf3, 0x3c, 0xb9, 0x5d, 0xe4, 0x69, 0xed, 0xb2, 0x47, 0x18, 0xbd, 0xce, 0x16, 0x52, 0x5c, 0x23, 0xe2, 0xa5, 0x25, 0x52, 0x5d}} ,
+ {{0xb9, 0xb1, 0xe7, 0x5d, 0x4e, 0xbc, 0xee, 0xbb, 0x40, 0x81, 0x77, 0x82, 0x19, 0xab, 0xb5, 0xc6, 0xee, 0xab, 0x5b, 0x6b, 0x63, 0x92, 0x8a, 0x34, 0x8d, 0xcd, 0xee, 0x4f, 0x49, 0xe5, 0xc9, 0x7e}}},
+{{{0x21, 0xac, 0x8b, 0x22, 0xcd, 0xc3, 0x9a, 0xe9, 0x5e, 0x78, 0xbd, 0xde, 0xba, 0xad, 0xab, 0xbf, 0x75, 0x41, 0x09, 0xc5, 0x58, 0xa4, 0x7d, 0x92, 0xb0, 0x7f, 0xf2, 0xa1, 0xd1, 0xc0, 0xb3, 0x6d}} ,
+ {{0x62, 0x4f, 0xd0, 0x75, 0x77, 0xba, 0x76, 0x77, 0xd7, 0xb8, 0xd8, 0x92, 0x6f, 0x98, 0x34, 0x3d, 0xd6, 0x4e, 0x1c, 0x0f, 0xf0, 0x8f, 0x2e, 0xf1, 0xb3, 0xbd, 0xb1, 0xb9, 0xec, 0x99, 0xb4, 0x07}}},
+{{{0x60, 0x57, 0x2e, 0x9a, 0x72, 0x1d, 0x6b, 0x6e, 0x58, 0x33, 0x24, 0x8c, 0x48, 0x39, 0x46, 0x8e, 0x89, 0x6a, 0x88, 0x51, 0x23, 0x62, 0xb5, 0x32, 0x09, 0x36, 0xe3, 0x57, 0xf5, 0x98, 0xde, 0x6f}} ,
+ {{0x8b, 0x2c, 0x00, 0x48, 0x4a, 0xf9, 0x5b, 0x87, 0x69, 0x52, 0xe5, 0x5b, 0xd1, 0xb1, 0xe5, 0x25, 0x25, 0xe0, 0x9c, 0xc2, 0x13, 0x44, 0xe8, 0xb9, 0x0a, 0x70, 0xad, 0xbd, 0x0f, 0x51, 0x94, 0x69}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xa2, 0xdc, 0xab, 0xa9, 0x25, 0x2d, 0xac, 0x5f, 0x03, 0x33, 0x08, 0xe7, 0x7e, 0xfe, 0x95, 0x36, 0x3c, 0x5b, 0x3a, 0xd3, 0x05, 0x82, 0x1c, 0x95, 0x2d, 0xd8, 0x77, 0x7e, 0x02, 0xd9, 0x5b, 0x70}} ,
+ {{0xc2, 0xfe, 0x1b, 0x0c, 0x67, 0xcd, 0xd6, 0xe0, 0x51, 0x8e, 0x2c, 0xe0, 0x79, 0x88, 0xf0, 0xcf, 0x41, 0x4a, 0xad, 0x23, 0xd4, 0x46, 0xca, 0x94, 0xa1, 0xc3, 0xeb, 0x28, 0x06, 0xfa, 0x17, 0x14}}},
+{{{0x7b, 0xaa, 0x70, 0x0a, 0x4b, 0xfb, 0xf5, 0xbf, 0x80, 0xc5, 0xcf, 0x08, 0x7a, 0xdd, 0xa1, 0xf4, 0x9d, 0x54, 0x50, 0x53, 0x23, 0x77, 0x23, 0xf5, 0x34, 0xa5, 0x22, 0xd1, 0x0d, 0x96, 0x2e, 0x47}} ,
+ {{0xcc, 0xb7, 0x32, 0x89, 0x57, 0xd0, 0x98, 0x75, 0xe4, 0x37, 0x99, 0xa9, 0xe8, 0xba, 0xed, 0xba, 0xeb, 0xc7, 0x4f, 0x15, 0x76, 0x07, 0x0c, 0x4c, 0xef, 0x9f, 0x52, 0xfc, 0x04, 0x5d, 0x58, 0x10}}},
+{{{0xce, 0x82, 0xf0, 0x8f, 0x79, 0x02, 0xa8, 0xd1, 0xda, 0x14, 0x09, 0x48, 0xee, 0x8a, 0x40, 0x98, 0x76, 0x60, 0x54, 0x5a, 0xde, 0x03, 0x24, 0xf5, 0xe6, 0x2f, 0xe1, 0x03, 0xbf, 0x68, 0x82, 0x7f}} ,
+ {{0x64, 0xe9, 0x28, 0xc7, 0xa4, 0xcf, 0x2a, 0xf9, 0x90, 0x64, 0x72, 0x2c, 0x8b, 0xeb, 0xec, 0xa0, 0xf2, 0x7d, 0x35, 0xb5, 0x90, 0x4d, 0x7f, 0x5b, 0x4a, 0x49, 0xe4, 0xb8, 0x3b, 0xc8, 0xa1, 0x2f}}},
+{{{0x8b, 0xc5, 0xcc, 0x3d, 0x69, 0xa6, 0xa1, 0x18, 0x44, 0xbc, 0x4d, 0x77, 0x37, 0xc7, 0x86, 0xec, 0x0c, 0xc9, 0xd6, 0x44, 0xa9, 0x23, 0x27, 0xb9, 0x03, 0x34, 0xa7, 0x0a, 0xd5, 0xc7, 0x34, 0x37}} ,
+ {{0xf9, 0x7e, 0x3e, 0x66, 0xee, 0xf9, 0x99, 0x28, 0xff, 0xad, 0x11, 0xd8, 0xe2, 0x66, 0xc5, 0xcd, 0x0f, 0x0d, 0x0b, 0x6a, 0xfc, 0x7c, 0x24, 0xa8, 0x4f, 0xa8, 0x5e, 0x80, 0x45, 0x8b, 0x6c, 0x41}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xef, 0x1e, 0xec, 0xf7, 0x8d, 0x77, 0xf2, 0xea, 0xdb, 0x60, 0x03, 0x21, 0xc0, 0xff, 0x5e, 0x67, 0xc3, 0x71, 0x0b, 0x21, 0xb4, 0x41, 0xa0, 0x68, 0x38, 0xc6, 0x01, 0xa3, 0xd3, 0x51, 0x3c, 0x3c}} ,
+ {{0x92, 0xf8, 0xd6, 0x4b, 0xef, 0x42, 0x13, 0xb2, 0x4a, 0xc4, 0x2e, 0x72, 0x3f, 0xc9, 0x11, 0xbd, 0x74, 0x02, 0x0e, 0xf5, 0x13, 0x9d, 0x83, 0x1a, 0x1b, 0xd5, 0x54, 0xde, 0xc4, 0x1e, 0x16, 0x6c}}},
+{{{0x27, 0x52, 0xe4, 0x63, 0xaa, 0x94, 0xe6, 0xc3, 0x28, 0x9c, 0xc6, 0x56, 0xac, 0xfa, 0xb6, 0xbd, 0xe2, 0xcc, 0x76, 0xc6, 0x27, 0x27, 0xa2, 0x8e, 0x78, 0x2b, 0x84, 0x72, 0x10, 0xbd, 0x4e, 0x2a}} ,
+ {{0xea, 0xa7, 0x23, 0xef, 0x04, 0x61, 0x80, 0x50, 0xc9, 0x6e, 0xa5, 0x96, 0xd1, 0xd1, 0xc8, 0xc3, 0x18, 0xd7, 0x2d, 0xfd, 0x26, 0xbd, 0xcb, 0x7b, 0x92, 0x51, 0x0e, 0x4a, 0x65, 0x57, 0xb8, 0x49}}},
+{{{0xab, 0x55, 0x36, 0xc3, 0xec, 0x63, 0x55, 0x11, 0x55, 0xf6, 0xa5, 0xc7, 0x01, 0x5f, 0xfe, 0x79, 0xd8, 0x0a, 0xf7, 0x03, 0xd8, 0x98, 0x99, 0xf5, 0xd0, 0x00, 0x54, 0x6b, 0x66, 0x28, 0xf5, 0x25}} ,
+ {{0x7a, 0x8d, 0xa1, 0x5d, 0x70, 0x5d, 0x51, 0x27, 0xee, 0x30, 0x65, 0x56, 0x95, 0x46, 0xde, 0xbd, 0x03, 0x75, 0xb4, 0x57, 0x59, 0x89, 0xeb, 0x02, 0x9e, 0xcc, 0x89, 0x19, 0xa7, 0xcb, 0x17, 0x67}}},
+{{{0x6a, 0xeb, 0xfc, 0x9a, 0x9a, 0x10, 0xce, 0xdb, 0x3a, 0x1c, 0x3c, 0x6a, 0x9d, 0xea, 0x46, 0xbc, 0x45, 0x49, 0xac, 0xe3, 0x41, 0x12, 0x7c, 0xf0, 0xf7, 0x4f, 0xf9, 0xf7, 0xff, 0x2c, 0x89, 0x04}} ,
+ {{0x30, 0x31, 0x54, 0x1a, 0x46, 0xca, 0xe6, 0xc6, 0xcb, 0xe2, 0xc3, 0xc1, 0x8b, 0x75, 0x81, 0xbe, 0xee, 0xf8, 0xa3, 0x11, 0x1c, 0x25, 0xa3, 0xa7, 0x35, 0x51, 0x55, 0xe2, 0x25, 0xaa, 0xe2, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xb4, 0x48, 0x10, 0x9f, 0x8a, 0x09, 0x76, 0xfa, 0xf0, 0x7a, 0xb0, 0x70, 0xf7, 0x83, 0x80, 0x52, 0x84, 0x2b, 0x26, 0xa2, 0xc4, 0x5d, 0x4f, 0xba, 0xb1, 0xc8, 0x40, 0x0d, 0x78, 0x97, 0xc4, 0x60}} ,
+ {{0xd4, 0xb1, 0x6c, 0x08, 0xc7, 0x40, 0x38, 0x73, 0x5f, 0x0b, 0xf3, 0x76, 0x5d, 0xb2, 0xa5, 0x2f, 0x57, 0x57, 0x07, 0xed, 0x08, 0xa2, 0x6c, 0x4f, 0x08, 0x02, 0xb5, 0x0e, 0xee, 0x44, 0xfa, 0x22}}},
+{{{0x0f, 0x00, 0x3f, 0xa6, 0x04, 0x19, 0x56, 0x65, 0x31, 0x7f, 0x8b, 0xeb, 0x0d, 0xe1, 0x47, 0x89, 0x97, 0x16, 0x53, 0xfa, 0x81, 0xa7, 0xaa, 0xb2, 0xbf, 0x67, 0xeb, 0x72, 0x60, 0x81, 0x0d, 0x48}} ,
+ {{0x7e, 0x13, 0x33, 0xcd, 0xa8, 0x84, 0x56, 0x1e, 0x67, 0xaf, 0x6b, 0x43, 0xac, 0x17, 0xaf, 0x16, 0xc0, 0x52, 0x99, 0x49, 0x5b, 0x87, 0x73, 0x7e, 0xb5, 0x43, 0xda, 0x6b, 0x1d, 0x0f, 0x2d, 0x55}}},
+{{{0xe9, 0x58, 0x1f, 0xff, 0x84, 0x3f, 0x93, 0x1c, 0xcb, 0xe1, 0x30, 0x69, 0xa5, 0x75, 0x19, 0x7e, 0x14, 0x5f, 0xf8, 0xfc, 0x09, 0xdd, 0xa8, 0x78, 0x9d, 0xca, 0x59, 0x8b, 0xd1, 0x30, 0x01, 0x13}} ,
+ {{0xff, 0x76, 0x03, 0xc5, 0x4b, 0x89, 0x99, 0x70, 0x00, 0x59, 0x70, 0x9c, 0xd5, 0xd9, 0x11, 0x89, 0x5a, 0x46, 0xfe, 0xef, 0xdc, 0xd9, 0x55, 0x2b, 0x45, 0xa7, 0xb0, 0x2d, 0xfb, 0x24, 0xc2, 0x29}}},
+{{{0x38, 0x06, 0xf8, 0x0b, 0xac, 0x82, 0xc4, 0x97, 0x2b, 0x90, 0xe0, 0xf7, 0xa8, 0xab, 0x6c, 0x08, 0x80, 0x66, 0x90, 0x46, 0xf7, 0x26, 0x2d, 0xf8, 0xf1, 0xc4, 0x6b, 0x4a, 0x82, 0x98, 0x8e, 0x37}} ,
+ {{0x8e, 0xb4, 0xee, 0xb8, 0xd4, 0x3f, 0xb2, 0x1b, 0xe0, 0x0a, 0x3d, 0x75, 0x34, 0x28, 0xa2, 0x8e, 0xc4, 0x92, 0x7b, 0xfe, 0x60, 0x6e, 0x6d, 0xb8, 0x31, 0x1d, 0x62, 0x0d, 0x78, 0x14, 0x42, 0x11}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x5e, 0xa8, 0xd8, 0x04, 0x9b, 0x73, 0xc9, 0xc9, 0xdc, 0x0d, 0x73, 0xbf, 0x0a, 0x0a, 0x73, 0xff, 0x18, 0x1f, 0x9c, 0x51, 0xaa, 0xc6, 0xf1, 0x83, 0x25, 0xfd, 0xab, 0xa3, 0x11, 0xd3, 0x01, 0x24}} ,
+ {{0x4d, 0xe3, 0x7e, 0x38, 0x62, 0x5e, 0x64, 0xbb, 0x2b, 0x53, 0xb5, 0x03, 0x68, 0xc4, 0xf2, 0x2b, 0x5a, 0x03, 0x32, 0x99, 0x4a, 0x41, 0x9a, 0xe1, 0x1a, 0xae, 0x8c, 0x48, 0xf3, 0x24, 0x32, 0x65}}},
+{{{0xe8, 0xdd, 0xad, 0x3a, 0x8c, 0xea, 0xf4, 0xb3, 0xb2, 0xe5, 0x73, 0xf2, 0xed, 0x8b, 0xbf, 0xed, 0xb1, 0x0c, 0x0c, 0xfb, 0x2b, 0xf1, 0x01, 0x48, 0xe8, 0x26, 0x03, 0x8e, 0x27, 0x4d, 0x96, 0x72}} ,
+ {{0xc8, 0x09, 0x3b, 0x60, 0xc9, 0x26, 0x4d, 0x7c, 0xf2, 0x9c, 0xd4, 0xa1, 0x3b, 0x26, 0xc2, 0x04, 0x33, 0x44, 0x76, 0x3c, 0x02, 0xbb, 0x11, 0x42, 0x0c, 0x22, 0xb7, 0xc6, 0xe1, 0xac, 0xb4, 0x0e}}},
+{{{0x6f, 0x85, 0xe7, 0xef, 0xde, 0x67, 0x30, 0xfc, 0xbf, 0x5a, 0xe0, 0x7b, 0x7a, 0x2a, 0x54, 0x6b, 0x5d, 0x62, 0x85, 0xa1, 0xf8, 0x16, 0x88, 0xec, 0x61, 0xb9, 0x96, 0xb5, 0xef, 0x2d, 0x43, 0x4d}} ,
+ {{0x7c, 0x31, 0x33, 0xcc, 0xe4, 0xcf, 0x6c, 0xff, 0x80, 0x47, 0x77, 0xd1, 0xd8, 0xe9, 0x69, 0x97, 0x98, 0x7f, 0x20, 0x57, 0x1d, 0x1d, 0x4f, 0x08, 0x27, 0xc8, 0x35, 0x57, 0x40, 0xc6, 0x21, 0x0c}}},
+{{{0xd2, 0x8e, 0x9b, 0xfa, 0x42, 0x8e, 0xdf, 0x8f, 0xc7, 0x86, 0xf9, 0xa4, 0xca, 0x70, 0x00, 0x9d, 0x21, 0xbf, 0xec, 0x57, 0x62, 0x30, 0x58, 0x8c, 0x0d, 0x35, 0xdb, 0x5d, 0x8b, 0x6a, 0xa0, 0x5a}} ,
+ {{0xc1, 0x58, 0x7c, 0x0d, 0x20, 0xdd, 0x11, 0x26, 0x5f, 0x89, 0x3b, 0x97, 0x58, 0xf8, 0x8b, 0xe3, 0xdf, 0x32, 0xe2, 0xfc, 0xd8, 0x67, 0xf2, 0xa5, 0x37, 0x1e, 0x6d, 0xec, 0x7c, 0x27, 0x20, 0x79}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xd0, 0xe9, 0xc0, 0xfa, 0x95, 0x45, 0x23, 0x96, 0xf1, 0x2c, 0x79, 0x25, 0x14, 0xce, 0x40, 0x14, 0x44, 0x2c, 0x36, 0x50, 0xd9, 0x63, 0x56, 0xb7, 0x56, 0x3b, 0x9e, 0xa7, 0xef, 0x89, 0xbb, 0x0e}} ,
+ {{0xce, 0x7f, 0xdc, 0x0a, 0xcc, 0x82, 0x1c, 0x0a, 0x78, 0x71, 0xe8, 0x74, 0x8d, 0x01, 0x30, 0x0f, 0xa7, 0x11, 0x4c, 0xdf, 0x38, 0xd7, 0xa7, 0x0d, 0xf8, 0x48, 0x52, 0x00, 0x80, 0x7b, 0x5f, 0x0e}}},
+{{{0x25, 0x83, 0xe6, 0x94, 0x7b, 0x81, 0xb2, 0x91, 0xae, 0x0e, 0x05, 0xc9, 0xa3, 0x68, 0x2d, 0xd9, 0x88, 0x25, 0x19, 0x2a, 0x61, 0x61, 0x21, 0x97, 0x15, 0xa1, 0x35, 0xa5, 0x46, 0xc8, 0xa2, 0x0e}} ,
+ {{0x1b, 0x03, 0x0d, 0x8b, 0x5a, 0x1b, 0x97, 0x4b, 0xf2, 0x16, 0x31, 0x3d, 0x1f, 0x33, 0xa0, 0x50, 0x3a, 0x18, 0xbe, 0x13, 0xa1, 0x76, 0xc1, 0xba, 0x1b, 0xf1, 0x05, 0x7b, 0x33, 0xa8, 0x82, 0x3b}}},
+{{{0xba, 0x36, 0x7b, 0x6d, 0xa9, 0xea, 0x14, 0x12, 0xc5, 0xfa, 0x91, 0x00, 0xba, 0x9b, 0x99, 0xcc, 0x56, 0x02, 0xe9, 0xa0, 0x26, 0x40, 0x66, 0x8c, 0xc4, 0xf8, 0x85, 0x33, 0x68, 0xe7, 0x03, 0x20}} ,
+ {{0x50, 0x5b, 0xff, 0xa9, 0xb2, 0xf1, 0xf1, 0x78, 0xcf, 0x14, 0xa4, 0xa9, 0xfc, 0x09, 0x46, 0x94, 0x54, 0x65, 0x0d, 0x9c, 0x5f, 0x72, 0x21, 0xe2, 0x97, 0xa5, 0x2d, 0x81, 0xce, 0x4a, 0x5f, 0x79}}},
+{{{0x3d, 0x5f, 0x5c, 0xd2, 0xbc, 0x7d, 0x77, 0x0e, 0x2a, 0x6d, 0x22, 0x45, 0x84, 0x06, 0xc4, 0xdd, 0xc6, 0xa6, 0xc6, 0xd7, 0x49, 0xad, 0x6d, 0x87, 0x91, 0x0e, 0x3a, 0x67, 0x1d, 0x2c, 0x1d, 0x56}} ,
+ {{0xfe, 0x7a, 0x74, 0xcf, 0xd4, 0xd2, 0xe5, 0x19, 0xde, 0xd0, 0xdb, 0x70, 0x23, 0x69, 0xe6, 0x6d, 0xec, 0xec, 0xcc, 0x09, 0x33, 0x6a, 0x77, 0xdc, 0x6b, 0x22, 0x76, 0x5d, 0x92, 0x09, 0xac, 0x2d}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x23, 0x15, 0x17, 0xeb, 0xd3, 0xdb, 0x12, 0x5e, 0x01, 0xf0, 0x91, 0xab, 0x2c, 0x41, 0xce, 0xac, 0xed, 0x1b, 0x4b, 0x2d, 0xbc, 0xdb, 0x17, 0x66, 0x89, 0x46, 0xad, 0x4b, 0x1e, 0x6f, 0x0b, 0x14}} ,
+ {{0x11, 0xce, 0xbf, 0xb6, 0x77, 0x2d, 0x48, 0x22, 0x18, 0x4f, 0xa3, 0x5d, 0x4a, 0xb0, 0x70, 0x12, 0x3e, 0x54, 0xd7, 0xd8, 0x0e, 0x2b, 0x27, 0xdc, 0x53, 0xff, 0xca, 0x8c, 0x59, 0xb3, 0x4e, 0x44}}},
+{{{0x07, 0x76, 0x61, 0x0f, 0x66, 0xb2, 0x21, 0x39, 0x7e, 0xc0, 0xec, 0x45, 0x28, 0x82, 0xa1, 0x29, 0x32, 0x44, 0x35, 0x13, 0x5e, 0x61, 0x5e, 0x54, 0xcb, 0x7c, 0xef, 0xf6, 0x41, 0xcf, 0x9f, 0x0a}} ,
+ {{0xdd, 0xf9, 0xda, 0x84, 0xc3, 0xe6, 0x8a, 0x9f, 0x24, 0xd2, 0x96, 0x5d, 0x39, 0x6f, 0x58, 0x8c, 0xc1, 0x56, 0x93, 0xab, 0xb5, 0x79, 0x3b, 0xd2, 0xa8, 0x73, 0x16, 0xed, 0xfa, 0xb4, 0x2f, 0x73}}},
+{{{0x8b, 0xb1, 0x95, 0xe5, 0x92, 0x50, 0x35, 0x11, 0x76, 0xac, 0xf4, 0x4d, 0x24, 0xc3, 0x32, 0xe6, 0xeb, 0xfe, 0x2c, 0x87, 0xc4, 0xf1, 0x56, 0xc4, 0x75, 0x24, 0x7a, 0x56, 0x85, 0x5a, 0x3a, 0x13}} ,
+ {{0x0d, 0x16, 0xac, 0x3c, 0x4a, 0x58, 0x86, 0x3a, 0x46, 0x7f, 0x6c, 0xa3, 0x52, 0x6e, 0x37, 0xe4, 0x96, 0x9c, 0xe9, 0x5c, 0x66, 0x41, 0x67, 0xe4, 0xfb, 0x79, 0x0c, 0x05, 0xf6, 0x64, 0xd5, 0x7c}}},
+{{{0x28, 0xc1, 0xe1, 0x54, 0x73, 0xf2, 0xbf, 0x76, 0x74, 0x19, 0x19, 0x1b, 0xe4, 0xb9, 0xa8, 0x46, 0x65, 0x73, 0xf3, 0x77, 0x9b, 0x29, 0x74, 0x5b, 0xc6, 0x89, 0x6c, 0x2c, 0x7c, 0xf8, 0xb3, 0x0f}} ,
+ {{0xf7, 0xd5, 0xe9, 0x74, 0x5d, 0xb8, 0x25, 0x16, 0xb5, 0x30, 0xbc, 0x84, 0xc5, 0xf0, 0xad, 0xca, 0x12, 0x28, 0xbc, 0x9d, 0xd4, 0xfa, 0x82, 0xe6, 0xe3, 0xbf, 0xa2, 0x15, 0x2c, 0xd4, 0x34, 0x10}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x61, 0xb1, 0x46, 0xba, 0x0e, 0x31, 0xa5, 0x67, 0x6c, 0x7f, 0xd6, 0xd9, 0x27, 0x85, 0x0f, 0x79, 0x14, 0xc8, 0x6c, 0x2f, 0x5f, 0x5b, 0x9c, 0x35, 0x3d, 0x38, 0x86, 0x77, 0x65, 0x55, 0x6a, 0x7b}} ,
+ {{0xd3, 0xb0, 0x3a, 0x66, 0x60, 0x1b, 0x43, 0xf1, 0x26, 0x58, 0x99, 0x09, 0x8f, 0x2d, 0xa3, 0x14, 0x71, 0x85, 0xdb, 0xed, 0xf6, 0x26, 0xd5, 0x61, 0x9a, 0x73, 0xac, 0x0e, 0xea, 0xac, 0xb7, 0x0c}}},
+{{{0x5e, 0xf4, 0xe5, 0x17, 0x0e, 0x10, 0x9f, 0xe7, 0x43, 0x5f, 0x67, 0x5c, 0xac, 0x4b, 0xe5, 0x14, 0x41, 0xd2, 0xbf, 0x48, 0xf5, 0x14, 0xb0, 0x71, 0xc6, 0x61, 0xc1, 0xb2, 0x70, 0x58, 0xd2, 0x5a}} ,
+ {{0x2d, 0xba, 0x16, 0x07, 0x92, 0x94, 0xdc, 0xbd, 0x50, 0x2b, 0xc9, 0x7f, 0x42, 0x00, 0xba, 0x61, 0xed, 0xf8, 0x43, 0xed, 0xf5, 0xf9, 0x40, 0x60, 0xb2, 0xb0, 0x82, 0xcb, 0xed, 0x75, 0xc7, 0x65}}},
+{{{0x80, 0xba, 0x0d, 0x09, 0x40, 0xa7, 0x39, 0xa6, 0x67, 0x34, 0x7e, 0x66, 0xbe, 0x56, 0xfb, 0x53, 0x78, 0xc4, 0x46, 0xe8, 0xed, 0x68, 0x6c, 0x7f, 0xce, 0xe8, 0x9f, 0xce, 0xa2, 0x64, 0x58, 0x53}} ,
+ {{0xe8, 0xc1, 0xa9, 0xc2, 0x7b, 0x59, 0x21, 0x33, 0xe2, 0x43, 0x73, 0x2b, 0xac, 0x2d, 0xc1, 0x89, 0x3b, 0x15, 0xe2, 0xd5, 0xc0, 0x97, 0x8a, 0xfd, 0x6f, 0x36, 0x33, 0xb7, 0xb9, 0xc3, 0x88, 0x09}}},
+{{{0xd0, 0xb6, 0x56, 0x30, 0x5c, 0xae, 0xb3, 0x75, 0x44, 0xa4, 0x83, 0x51, 0x6e, 0x01, 0x65, 0xef, 0x45, 0x76, 0xe6, 0xf5, 0xa2, 0x0d, 0xd4, 0x16, 0x3b, 0x58, 0x2f, 0xf2, 0x2f, 0x36, 0x18, 0x3f}} ,
+ {{0xfd, 0x2f, 0xe0, 0x9b, 0x1e, 0x8c, 0xc5, 0x18, 0xa9, 0xca, 0xd4, 0x2b, 0x35, 0xb6, 0x95, 0x0a, 0x9f, 0x7e, 0xfb, 0xc4, 0xef, 0x88, 0x7b, 0x23, 0x43, 0xec, 0x2f, 0x0d, 0x0f, 0x7a, 0xfc, 0x5c}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b}} ,
+ {{0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61}}},
+{{{0x54, 0x83, 0x02, 0x18, 0x82, 0x93, 0x99, 0x07, 0xd0, 0xa7, 0xda, 0xd8, 0x75, 0x89, 0xfa, 0xf2, 0xd9, 0xa3, 0xb8, 0x6b, 0x5a, 0x35, 0x28, 0xd2, 0x6b, 0x59, 0xc2, 0xf8, 0x45, 0xe2, 0xbc, 0x06}} ,
+ {{0x65, 0xc0, 0xa3, 0x88, 0x51, 0x95, 0xfc, 0x96, 0x94, 0x78, 0xe8, 0x0d, 0x8b, 0x41, 0xc9, 0xc2, 0x58, 0x48, 0x75, 0x10, 0x2f, 0xcd, 0x2a, 0xc9, 0xa0, 0x6d, 0x0f, 0xdd, 0x9c, 0x98, 0x26, 0x3d}}},
+{{{0x2f, 0x66, 0x29, 0x1b, 0x04, 0x89, 0xbd, 0x7e, 0xee, 0x6e, 0xdd, 0xb7, 0x0e, 0xef, 0xb0, 0x0c, 0xb4, 0xfc, 0x7f, 0xc2, 0xc9, 0x3a, 0x3c, 0x64, 0xef, 0x45, 0x44, 0xaf, 0x8a, 0x90, 0x65, 0x76}} ,
+ {{0xa1, 0x4c, 0x70, 0x4b, 0x0e, 0xa0, 0x83, 0x70, 0x13, 0xa4, 0xaf, 0xb8, 0x38, 0x19, 0x22, 0x65, 0x09, 0xb4, 0x02, 0x4f, 0x06, 0xf8, 0x17, 0xce, 0x46, 0x45, 0xda, 0x50, 0x7c, 0x8a, 0xd1, 0x4e}}},
+{{{0xf7, 0xd4, 0x16, 0x6c, 0x4e, 0x95, 0x9d, 0x5d, 0x0f, 0x91, 0x2b, 0x52, 0xfe, 0x5c, 0x34, 0xe5, 0x30, 0xe6, 0xa4, 0x3b, 0xf3, 0xf3, 0x34, 0x08, 0xa9, 0x4a, 0xa0, 0xb5, 0x6e, 0xb3, 0x09, 0x0a}} ,
+ {{0x26, 0xd9, 0x5e, 0xa3, 0x0f, 0xeb, 0xa2, 0xf3, 0x20, 0x3b, 0x37, 0xd4, 0xe4, 0x9e, 0xce, 0x06, 0x3d, 0x53, 0xed, 0xae, 0x2b, 0xeb, 0xb6, 0x24, 0x0a, 0x11, 0xa3, 0x0f, 0xd6, 0x7f, 0xa4, 0x3a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xdb, 0x9f, 0x2c, 0xfc, 0xd6, 0xb2, 0x1e, 0x2e, 0x52, 0x7a, 0x06, 0x87, 0x2d, 0x86, 0x72, 0x2b, 0x6d, 0x90, 0x77, 0x46, 0x43, 0xb5, 0x7a, 0xf8, 0x60, 0x7d, 0x91, 0x60, 0x5b, 0x9d, 0x9e, 0x07}} ,
+ {{0x97, 0x87, 0xc7, 0x04, 0x1c, 0x38, 0x01, 0x39, 0x58, 0xc7, 0x85, 0xa3, 0xfc, 0x64, 0x00, 0x64, 0x25, 0xa2, 0xbf, 0x50, 0x94, 0xca, 0x26, 0x31, 0x45, 0x0a, 0x24, 0xd2, 0x51, 0x29, 0x51, 0x16}}},
+{{{0x4d, 0x4a, 0xd7, 0x98, 0x71, 0x57, 0xac, 0x7d, 0x8b, 0x37, 0xbd, 0x63, 0xff, 0x87, 0xb1, 0x49, 0x95, 0x20, 0x7c, 0xcf, 0x7c, 0x59, 0xc4, 0x91, 0x9c, 0xef, 0xd0, 0xdb, 0x60, 0x09, 0x9d, 0x46}} ,
+ {{0xcb, 0x78, 0x94, 0x90, 0xe4, 0x45, 0xb3, 0xf6, 0xd9, 0xf6, 0x57, 0x74, 0xd5, 0xf8, 0x83, 0x4f, 0x39, 0xc9, 0xbd, 0x88, 0xc2, 0x57, 0x21, 0x1f, 0x24, 0x32, 0x68, 0xf8, 0xc7, 0x21, 0x5f, 0x0b}}},
+{{{0x2a, 0x36, 0x68, 0xfc, 0x5f, 0xb6, 0x4f, 0xa5, 0xe3, 0x9d, 0x24, 0x2f, 0xc0, 0x93, 0x61, 0xcf, 0xf8, 0x0a, 0xed, 0xe1, 0xdb, 0x27, 0xec, 0x0e, 0x14, 0x32, 0x5f, 0x8e, 0xa1, 0x62, 0x41, 0x16}} ,
+ {{0x95, 0x21, 0x01, 0xce, 0x95, 0x5b, 0x0e, 0x57, 0xc7, 0xb9, 0x62, 0xb5, 0x28, 0xca, 0x11, 0xec, 0xb4, 0x46, 0x06, 0x73, 0x26, 0xff, 0xfb, 0x66, 0x7d, 0xee, 0x5f, 0xb2, 0x56, 0xfd, 0x2a, 0x08}}},
+{{{0x92, 0x67, 0x77, 0x56, 0xa1, 0xff, 0xc4, 0xc5, 0x95, 0xf0, 0xe3, 0x3a, 0x0a, 0xca, 0x94, 0x4d, 0x9e, 0x7e, 0x3d, 0xb9, 0x6e, 0xb6, 0xb0, 0xce, 0xa4, 0x30, 0x89, 0x99, 0xe9, 0xad, 0x11, 0x59}} ,
+ {{0xf6, 0x48, 0x95, 0xa1, 0x6f, 0x5f, 0xb7, 0xa5, 0xbb, 0x30, 0x00, 0x1c, 0xd2, 0x8a, 0xd6, 0x25, 0x26, 0x1b, 0xb2, 0x0d, 0x37, 0x6a, 0x05, 0xf4, 0x9d, 0x3e, 0x17, 0x2a, 0x43, 0xd2, 0x3a, 0x06}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x32, 0x99, 0x93, 0xd1, 0x9a, 0x72, 0xf3, 0xa9, 0x16, 0xbd, 0xb4, 0x4c, 0xdd, 0xf9, 0xd4, 0xb2, 0x64, 0x9a, 0xd3, 0x05, 0xe4, 0xa3, 0x73, 0x1c, 0xcb, 0x7e, 0x57, 0x67, 0xff, 0x04, 0xb3, 0x10}} ,
+ {{0xb9, 0x4b, 0xa4, 0xad, 0xd0, 0x6d, 0x61, 0x23, 0xb4, 0xaf, 0x34, 0xa9, 0xaa, 0x65, 0xec, 0xd9, 0x69, 0xe3, 0x85, 0xcd, 0xcc, 0xe7, 0xb0, 0x9b, 0x41, 0xc1, 0x1c, 0xf9, 0xa0, 0xfa, 0xb7, 0x13}}},
+{{{0x04, 0xfd, 0x88, 0x3c, 0x0c, 0xd0, 0x09, 0x52, 0x51, 0x4f, 0x06, 0x19, 0xcc, 0xc3, 0xbb, 0xde, 0x80, 0xc5, 0x33, 0xbc, 0xf9, 0xf3, 0x17, 0x36, 0xdd, 0xc6, 0xde, 0xe8, 0x9b, 0x5d, 0x79, 0x1b}} ,
+ {{0x65, 0x0a, 0xbe, 0x51, 0x57, 0xad, 0x50, 0x79, 0x08, 0x71, 0x9b, 0x07, 0x95, 0x8f, 0xfb, 0xae, 0x4b, 0x38, 0xba, 0xcf, 0x53, 0x2a, 0x86, 0x1e, 0xc0, 0x50, 0x5c, 0x67, 0x1b, 0xf6, 0x87, 0x6c}}},
+{{{0x4f, 0x00, 0xb2, 0x66, 0x55, 0xed, 0x4a, 0xed, 0x8d, 0xe1, 0x66, 0x18, 0xb2, 0x14, 0x74, 0x8d, 0xfd, 0x1a, 0x36, 0x0f, 0x26, 0x5c, 0x8b, 0x89, 0xf3, 0xab, 0xf2, 0xf3, 0x24, 0x67, 0xfd, 0x70}} ,
+ {{0xfd, 0x4e, 0x2a, 0xc1, 0x3a, 0xca, 0x8f, 0x00, 0xd8, 0xec, 0x74, 0x67, 0xef, 0x61, 0xe0, 0x28, 0xd0, 0x96, 0xf4, 0x48, 0xde, 0x81, 0xe3, 0xef, 0xdc, 0xaa, 0x7d, 0xf3, 0xb6, 0x55, 0xa6, 0x65}}},
+{{{0xeb, 0xcb, 0xc5, 0x70, 0x91, 0x31, 0x10, 0x93, 0x0d, 0xc8, 0xd0, 0xef, 0x62, 0xe8, 0x6f, 0x82, 0xe3, 0x69, 0x3d, 0x91, 0x7f, 0x31, 0xe1, 0x26, 0x35, 0x3c, 0x4a, 0x2f, 0xab, 0xc4, 0x9a, 0x5e}} ,
+ {{0xab, 0x1b, 0xb5, 0xe5, 0x2b, 0xc3, 0x0e, 0x29, 0xb0, 0xd0, 0x73, 0xe6, 0x4f, 0x64, 0xf2, 0xbc, 0xe4, 0xe4, 0xe1, 0x9a, 0x52, 0x33, 0x2f, 0xbd, 0xcc, 0x03, 0xee, 0x8a, 0xfa, 0x00, 0x5f, 0x50}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf6, 0xdb, 0x0d, 0x22, 0x3d, 0xb5, 0x14, 0x75, 0x31, 0xf0, 0x81, 0xe2, 0xb9, 0x37, 0xa2, 0xa9, 0x84, 0x11, 0x9a, 0x07, 0xb5, 0x53, 0x89, 0x78, 0xa9, 0x30, 0x27, 0xa1, 0xf1, 0x4e, 0x5c, 0x2e}} ,
+ {{0x8b, 0x00, 0x54, 0xfb, 0x4d, 0xdc, 0xcb, 0x17, 0x35, 0x40, 0xff, 0xb7, 0x8c, 0xfe, 0x4a, 0xe4, 0x4e, 0x99, 0x4e, 0xa8, 0x74, 0x54, 0x5d, 0x5c, 0x96, 0xa3, 0x12, 0x55, 0x36, 0x31, 0x17, 0x5c}}},
+{{{0xce, 0x24, 0xef, 0x7b, 0x86, 0xf2, 0x0f, 0x77, 0xe8, 0x5c, 0x7d, 0x87, 0x38, 0x2d, 0xef, 0xaf, 0xf2, 0x8c, 0x72, 0x2e, 0xeb, 0xb6, 0x55, 0x4b, 0x6e, 0xf1, 0x4e, 0x8a, 0x0e, 0x9a, 0x6c, 0x4c}} ,
+ {{0x25, 0xea, 0x86, 0xc2, 0xd1, 0x4f, 0xb7, 0x3e, 0xa8, 0x5c, 0x8d, 0x66, 0x81, 0x25, 0xed, 0xc5, 0x4c, 0x05, 0xb9, 0xd8, 0xd6, 0x70, 0xbe, 0x73, 0x82, 0xe8, 0xa1, 0xe5, 0x1e, 0x71, 0xd5, 0x26}}},
+{{{0x4e, 0x6d, 0xc3, 0xa7, 0x4f, 0x22, 0x45, 0x26, 0xa2, 0x7e, 0x16, 0xf7, 0xf7, 0x63, 0xdc, 0x86, 0x01, 0x2a, 0x71, 0x38, 0x5c, 0x33, 0xc3, 0xce, 0x30, 0xff, 0xf9, 0x2c, 0x91, 0x71, 0x8a, 0x72}} ,
+ {{0x8c, 0x44, 0x09, 0x28, 0xd5, 0x23, 0xc9, 0x8f, 0xf3, 0x84, 0x45, 0xc6, 0x9a, 0x5e, 0xff, 0xd2, 0xc7, 0x57, 0x93, 0xa3, 0xc1, 0x69, 0xdd, 0x62, 0x0f, 0xda, 0x5c, 0x30, 0x59, 0x5d, 0xe9, 0x4c}}},
+{{{0x92, 0x7e, 0x50, 0x27, 0x72, 0xd7, 0x0c, 0xd6, 0x69, 0x96, 0x81, 0x35, 0x84, 0x94, 0x35, 0x8b, 0x6c, 0xaa, 0x62, 0x86, 0x6e, 0x1c, 0x15, 0xf3, 0x6c, 0xb3, 0xff, 0x65, 0x1b, 0xa2, 0x9b, 0x59}} ,
+ {{0xe2, 0xa9, 0x65, 0x88, 0xc4, 0x50, 0xfa, 0xbb, 0x3b, 0x6e, 0x5f, 0x44, 0x01, 0xca, 0x97, 0xd4, 0xdd, 0xf6, 0xcd, 0x3f, 0x3f, 0xe5, 0x97, 0x67, 0x2b, 0x8c, 0x66, 0x0f, 0x35, 0x9b, 0xf5, 0x07}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xf1, 0x59, 0x27, 0xd8, 0xdb, 0x5a, 0x11, 0x5e, 0x82, 0xf3, 0x38, 0xff, 0x1c, 0xed, 0xfe, 0x3f, 0x64, 0x54, 0x3f, 0x7f, 0xd1, 0x81, 0xed, 0xef, 0x65, 0xc5, 0xcb, 0xfd, 0xe1, 0x80, 0xcd, 0x11}} ,
+ {{0xe0, 0xdb, 0x22, 0x28, 0xe6, 0xff, 0x61, 0x9d, 0x41, 0x14, 0x2d, 0x3b, 0x26, 0x22, 0xdf, 0xf1, 0x34, 0x81, 0xe9, 0x45, 0xee, 0x0f, 0x98, 0x8b, 0xa6, 0x3f, 0xef, 0xf7, 0x43, 0x19, 0xf1, 0x43}}},
+{{{0xee, 0xf3, 0x00, 0xa1, 0x50, 0xde, 0xc0, 0xb6, 0x01, 0xe3, 0x8c, 0x3c, 0x4d, 0x31, 0xd2, 0xb0, 0x58, 0xcd, 0xed, 0x10, 0x4a, 0x7a, 0xef, 0x80, 0xa9, 0x19, 0x32, 0xf3, 0xd8, 0x33, 0x8c, 0x06}} ,
+ {{0xcb, 0x7d, 0x4f, 0xff, 0x30, 0xd8, 0x12, 0x3b, 0x39, 0x1c, 0x06, 0xf9, 0x4c, 0x34, 0x35, 0x71, 0xb5, 0x16, 0x94, 0x67, 0xdf, 0xee, 0x11, 0xde, 0xa4, 0x1d, 0x88, 0x93, 0x35, 0xa9, 0x32, 0x10}}},
+{{{0xe9, 0xc3, 0xbc, 0x7b, 0x5c, 0xfc, 0xb2, 0xf9, 0xc9, 0x2f, 0xe5, 0xba, 0x3a, 0x0b, 0xab, 0x64, 0x38, 0x6f, 0x5b, 0x4b, 0x93, 0xda, 0x64, 0xec, 0x4d, 0x3d, 0xa0, 0xf5, 0xbb, 0xba, 0x47, 0x48}} ,
+ {{0x60, 0xbc, 0x45, 0x1f, 0x23, 0xa2, 0x3b, 0x70, 0x76, 0xe6, 0x97, 0x99, 0x4f, 0x77, 0x54, 0x67, 0x30, 0x9a, 0xe7, 0x66, 0xd6, 0xcd, 0x2e, 0x51, 0x24, 0x2c, 0x42, 0x4a, 0x11, 0xfe, 0x6f, 0x7e}}},
+{{{0x87, 0xc0, 0xb1, 0xf0, 0xa3, 0x6f, 0x0c, 0x93, 0xa9, 0x0a, 0x72, 0xef, 0x5c, 0xbe, 0x65, 0x35, 0xa7, 0x6a, 0x4e, 0x2c, 0xbf, 0x21, 0x23, 0xe8, 0x2f, 0x97, 0xc7, 0x3e, 0xc8, 0x17, 0xac, 0x1e}} ,
+ {{0x7b, 0xef, 0x21, 0xe5, 0x40, 0xcc, 0x1e, 0xdc, 0xd6, 0xbd, 0x97, 0x7a, 0x7c, 0x75, 0x86, 0x7a, 0x25, 0x5a, 0x6e, 0x7c, 0xe5, 0x51, 0x3c, 0x1b, 0x5b, 0x82, 0x9a, 0x07, 0x60, 0xa1, 0x19, 0x04}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x96, 0x88, 0xa6, 0xab, 0x8f, 0xe3, 0x3a, 0x49, 0xf8, 0xfe, 0x34, 0xe7, 0x6a, 0xb2, 0xfe, 0x40, 0x26, 0x74, 0x57, 0x4c, 0xf6, 0xd4, 0x99, 0xce, 0x5d, 0x7b, 0x2f, 0x67, 0xd6, 0x5a, 0xe4, 0x4e}} ,
+ {{0x5c, 0x82, 0xb3, 0xbd, 0x55, 0x25, 0xf6, 0x6a, 0x93, 0xa4, 0x02, 0xc6, 0x7d, 0x5c, 0xb1, 0x2b, 0x5b, 0xff, 0xfb, 0x56, 0xf8, 0x01, 0x41, 0x90, 0xc6, 0xb6, 0xac, 0x4f, 0xfe, 0xa7, 0x41, 0x70}}},
+{{{0xdb, 0xfa, 0x9b, 0x2c, 0xd4, 0x23, 0x67, 0x2c, 0x8a, 0x63, 0x6c, 0x07, 0x26, 0x48, 0x4f, 0xc2, 0x03, 0xd2, 0x53, 0x20, 0x28, 0xed, 0x65, 0x71, 0x47, 0xa9, 0x16, 0x16, 0x12, 0xbc, 0x28, 0x33}} ,
+ {{0x39, 0xc0, 0xfa, 0xfa, 0xcd, 0x33, 0x43, 0xc7, 0x97, 0x76, 0x9b, 0x93, 0x91, 0x72, 0xeb, 0xc5, 0x18, 0x67, 0x4c, 0x11, 0xf0, 0xf4, 0xe5, 0x73, 0xb2, 0x5c, 0x1b, 0xc2, 0x26, 0x3f, 0xbf, 0x2b}}},
+{{{0x86, 0xe6, 0x8c, 0x1d, 0xdf, 0xca, 0xfc, 0xd5, 0xf8, 0x3a, 0xc3, 0x44, 0x72, 0xe6, 0x78, 0x9d, 0x2b, 0x97, 0xf8, 0x28, 0x45, 0xb4, 0x20, 0xc9, 0x2a, 0x8c, 0x67, 0xaa, 0x11, 0xc5, 0x5b, 0x2f}} ,
+ {{0x17, 0x0f, 0x86, 0x52, 0xd7, 0x9d, 0xc3, 0x44, 0x51, 0x76, 0x32, 0x65, 0xb4, 0x37, 0x81, 0x99, 0x46, 0x37, 0x62, 0xed, 0xcf, 0x64, 0x9d, 0x72, 0x40, 0x7a, 0x4c, 0x0b, 0x76, 0x2a, 0xfb, 0x56}}},
+{{{0x33, 0xa7, 0x90, 0x7c, 0xc3, 0x6f, 0x17, 0xa5, 0xa0, 0x67, 0x72, 0x17, 0xea, 0x7e, 0x63, 0x14, 0x83, 0xde, 0xc1, 0x71, 0x2d, 0x41, 0x32, 0x7a, 0xf3, 0xd1, 0x2b, 0xd8, 0x2a, 0xa6, 0x46, 0x36}} ,
+ {{0xac, 0xcc, 0x6b, 0x7c, 0xf9, 0xb8, 0x8b, 0x08, 0x5c, 0xd0, 0x7d, 0x8f, 0x73, 0xea, 0x20, 0xda, 0x86, 0xca, 0x00, 0xc7, 0xad, 0x73, 0x4d, 0xe9, 0xe8, 0xa9, 0xda, 0x1f, 0x03, 0x06, 0xdd, 0x24}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x9c, 0xb2, 0x61, 0x0a, 0x98, 0x2a, 0xa5, 0xd7, 0xee, 0xa9, 0xac, 0x65, 0xcb, 0x0a, 0x1e, 0xe2, 0xbe, 0xdc, 0x85, 0x59, 0x0f, 0x9c, 0xa6, 0x57, 0x34, 0xa5, 0x87, 0xeb, 0x7b, 0x1e, 0x0c, 0x3c}} ,
+ {{0x2f, 0xbd, 0x84, 0x63, 0x0d, 0xb5, 0xa0, 0xf0, 0x4b, 0x9e, 0x93, 0xc6, 0x34, 0x9a, 0x34, 0xff, 0x73, 0x19, 0x2f, 0x6e, 0x54, 0x45, 0x2c, 0x92, 0x31, 0x76, 0x34, 0xf1, 0xb2, 0x26, 0xe8, 0x74}}},
+{{{0x0a, 0x67, 0x90, 0x6d, 0x0c, 0x4c, 0xcc, 0xc0, 0xe6, 0xbd, 0xa7, 0x5e, 0x55, 0x8c, 0xcd, 0x58, 0x9b, 0x11, 0xa2, 0xbb, 0x4b, 0xb1, 0x43, 0x04, 0x3c, 0x55, 0xed, 0x23, 0xfe, 0xcd, 0xb1, 0x53}} ,
+ {{0x05, 0xfb, 0x75, 0xf5, 0x01, 0xaf, 0x38, 0x72, 0x58, 0xfc, 0x04, 0x29, 0x34, 0x7a, 0x67, 0xa2, 0x08, 0x50, 0x6e, 0xd0, 0x2b, 0x73, 0xd5, 0xb8, 0xe4, 0x30, 0x96, 0xad, 0x45, 0xdf, 0xa6, 0x5c}}},
+{{{0x0d, 0x88, 0x1a, 0x90, 0x7e, 0xdc, 0xd8, 0xfe, 0xc1, 0x2f, 0x5d, 0x67, 0xee, 0x67, 0x2f, 0xed, 0x6f, 0x55, 0x43, 0x5f, 0x87, 0x14, 0x35, 0x42, 0xd3, 0x75, 0xae, 0xd5, 0xd3, 0x85, 0x1a, 0x76}} ,
+ {{0x87, 0xc8, 0xa0, 0x6e, 0xe1, 0xb0, 0xad, 0x6a, 0x4a, 0x34, 0x71, 0xed, 0x7c, 0xd6, 0x44, 0x03, 0x65, 0x4a, 0x5c, 0x5c, 0x04, 0xf5, 0x24, 0x3f, 0xb0, 0x16, 0x5e, 0x8c, 0xb2, 0xd2, 0xc5, 0x20}}},
+{{{0x98, 0x83, 0xc2, 0x37, 0xa0, 0x41, 0xa8, 0x48, 0x5c, 0x5f, 0xbf, 0xc8, 0xfa, 0x24, 0xe0, 0x59, 0x2c, 0xbd, 0xf6, 0x81, 0x7e, 0x88, 0xe6, 0xca, 0x04, 0xd8, 0x5d, 0x60, 0xbb, 0x74, 0xa7, 0x0b}} ,
+ {{0x21, 0x13, 0x91, 0xbf, 0x77, 0x7a, 0x33, 0xbc, 0xe9, 0x07, 0x39, 0x0a, 0xdd, 0x7d, 0x06, 0x10, 0x9a, 0xee, 0x47, 0x73, 0x1b, 0x15, 0x5a, 0xfb, 0xcd, 0x4d, 0xd0, 0xd2, 0x3a, 0x01, 0xba, 0x54}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x48, 0xd5, 0x39, 0x4a, 0x0b, 0x20, 0x6a, 0x43, 0xa0, 0x07, 0x82, 0x5e, 0x49, 0x7c, 0xc9, 0x47, 0xf1, 0x7c, 0x37, 0xb9, 0x23, 0xef, 0x6b, 0x46, 0x45, 0x8c, 0x45, 0x76, 0xdf, 0x14, 0x6b, 0x6e}} ,
+ {{0x42, 0xc9, 0xca, 0x29, 0x4c, 0x76, 0x37, 0xda, 0x8a, 0x2d, 0x7c, 0x3a, 0x58, 0xf2, 0x03, 0xb4, 0xb5, 0xb9, 0x1a, 0x13, 0x2d, 0xde, 0x5f, 0x6b, 0x9d, 0xba, 0x52, 0xc9, 0x5d, 0xb3, 0xf3, 0x30}}},
+{{{0x4c, 0x6f, 0xfe, 0x6b, 0x0c, 0x62, 0xd7, 0x48, 0x71, 0xef, 0xb1, 0x85, 0x79, 0xc0, 0xed, 0x24, 0xb1, 0x08, 0x93, 0x76, 0x8e, 0xf7, 0x38, 0x8e, 0xeb, 0xfe, 0x80, 0x40, 0xaf, 0x90, 0x64, 0x49}} ,
+ {{0x4a, 0x88, 0xda, 0xc1, 0x98, 0x44, 0x3c, 0x53, 0x4e, 0xdb, 0x4b, 0xb9, 0x12, 0x5f, 0xcd, 0x08, 0x04, 0xef, 0x75, 0xe7, 0xb1, 0x3a, 0xe5, 0x07, 0xfa, 0xca, 0x65, 0x7b, 0x72, 0x10, 0x64, 0x7f}}},
+{{{0x3d, 0x81, 0xf0, 0xeb, 0x16, 0xfd, 0x58, 0x33, 0x8d, 0x7c, 0x1a, 0xfb, 0x20, 0x2c, 0x8a, 0xee, 0x90, 0xbb, 0x33, 0x6d, 0x45, 0xe9, 0x8e, 0x99, 0x85, 0xe1, 0x08, 0x1f, 0xc5, 0xf1, 0xb5, 0x46}} ,
+ {{0xe4, 0xe7, 0x43, 0x4b, 0xa0, 0x3f, 0x2b, 0x06, 0xba, 0x17, 0xae, 0x3d, 0xe6, 0xce, 0xbd, 0xb8, 0xed, 0x74, 0x11, 0x35, 0xec, 0x96, 0xfe, 0x31, 0xe3, 0x0e, 0x7a, 0x4e, 0xc9, 0x1d, 0xcb, 0x20}}},
+{{{0xe0, 0x67, 0xe9, 0x7b, 0xdb, 0x96, 0x5c, 0xb0, 0x32, 0xd0, 0x59, 0x31, 0x90, 0xdc, 0x92, 0x97, 0xac, 0x09, 0x38, 0x31, 0x0f, 0x7e, 0xd6, 0x5d, 0xd0, 0x06, 0xb6, 0x1f, 0xea, 0xf0, 0x5b, 0x07}} ,
+ {{0x81, 0x9f, 0xc7, 0xde, 0x6b, 0x41, 0x22, 0x35, 0x14, 0x67, 0x77, 0x3e, 0x90, 0x81, 0xb0, 0xd9, 0x85, 0x4c, 0xca, 0x9b, 0x3f, 0x04, 0x59, 0xd6, 0xaa, 0x17, 0xc3, 0x88, 0x34, 0x37, 0xba, 0x43}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x4c, 0xb6, 0x69, 0xc8, 0x81, 0x95, 0x94, 0x33, 0x92, 0x34, 0xe9, 0x3c, 0x84, 0x0d, 0x3d, 0x5a, 0x37, 0x9c, 0x22, 0xa0, 0xaa, 0x65, 0xce, 0xb4, 0xc2, 0x2d, 0x66, 0x67, 0x02, 0xff, 0x74, 0x10}} ,
+ {{0x22, 0xb0, 0xd5, 0xe6, 0xc7, 0xef, 0xb1, 0xa7, 0x13, 0xda, 0x60, 0xb4, 0x80, 0xc1, 0x42, 0x7d, 0x10, 0x70, 0x97, 0x04, 0x4d, 0xda, 0x23, 0x89, 0xc2, 0x0e, 0x68, 0xcb, 0xde, 0xe0, 0x9b, 0x29}}},
+{{{0x33, 0xfe, 0x42, 0x2a, 0x36, 0x2b, 0x2e, 0x36, 0x64, 0x5c, 0x8b, 0xcc, 0x81, 0x6a, 0x15, 0x08, 0xa1, 0x27, 0xe8, 0x57, 0xe5, 0x78, 0x8e, 0xf2, 0x58, 0x19, 0x12, 0x42, 0xae, 0xc4, 0x63, 0x3e}} ,
+ {{0x78, 0x96, 0x9c, 0xa7, 0xca, 0x80, 0xae, 0x02, 0x85, 0xb1, 0x7c, 0x04, 0x5c, 0xc1, 0x5b, 0x26, 0xc1, 0xba, 0xed, 0xa5, 0x59, 0x70, 0x85, 0x8c, 0x8c, 0xe8, 0x87, 0xac, 0x6a, 0x28, 0x99, 0x35}}},
+{{{0x9f, 0x04, 0x08, 0x28, 0xbe, 0x87, 0xda, 0x80, 0x28, 0x38, 0xde, 0x9f, 0xcd, 0xe4, 0xe3, 0x62, 0xfb, 0x2e, 0x46, 0x8d, 0x01, 0xb3, 0x06, 0x51, 0xd4, 0x19, 0x3b, 0x11, 0xfa, 0xe2, 0xad, 0x1e}} ,
+ {{0xa0, 0x20, 0x99, 0x69, 0x0a, 0xae, 0xa3, 0x70, 0x4e, 0x64, 0x80, 0xb7, 0x85, 0x9c, 0x87, 0x54, 0x43, 0x43, 0x55, 0x80, 0x6d, 0x8d, 0x7c, 0xa9, 0x64, 0xca, 0x6c, 0x2e, 0x21, 0xd8, 0xc8, 0x6c}}},
+{{{0x91, 0x4a, 0x07, 0xad, 0x08, 0x75, 0xc1, 0x4f, 0xa4, 0xb2, 0xc3, 0x6f, 0x46, 0x3e, 0xb1, 0xce, 0x52, 0xab, 0x67, 0x09, 0x54, 0x48, 0x6b, 0x6c, 0xd7, 0x1d, 0x71, 0x76, 0xcb, 0xff, 0xdd, 0x31}} ,
+ {{0x36, 0x88, 0xfa, 0xfd, 0xf0, 0x36, 0x6f, 0x07, 0x74, 0x88, 0x50, 0xd0, 0x95, 0x38, 0x4a, 0x48, 0x2e, 0x07, 0x64, 0x97, 0x11, 0x76, 0x01, 0x1a, 0x27, 0x4d, 0x8e, 0x25, 0x9a, 0x9b, 0x1c, 0x22}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xbe, 0x57, 0xbd, 0x0e, 0x0f, 0xac, 0x5e, 0x76, 0xa3, 0x71, 0xad, 0x2b, 0x10, 0x45, 0x02, 0xec, 0x59, 0xd5, 0x5d, 0xa9, 0x44, 0xcc, 0x25, 0x4c, 0xb3, 0x3c, 0x5b, 0x69, 0x07, 0x55, 0x26, 0x6b}} ,
+ {{0x30, 0x6b, 0xd4, 0xa7, 0x51, 0x29, 0xe3, 0xf9, 0x7a, 0x75, 0x2a, 0x82, 0x2f, 0xd6, 0x1d, 0x99, 0x2b, 0x80, 0xd5, 0x67, 0x1e, 0x15, 0x9d, 0xca, 0xfd, 0xeb, 0xac, 0x97, 0x35, 0x09, 0x7f, 0x3f}}},
+{{{0x35, 0x0d, 0x34, 0x0a, 0xb8, 0x67, 0x56, 0x29, 0x20, 0xf3, 0x19, 0x5f, 0xe2, 0x83, 0x42, 0x73, 0x53, 0xa8, 0xc5, 0x02, 0x19, 0x33, 0xb4, 0x64, 0xbd, 0xc3, 0x87, 0x8c, 0xd7, 0x76, 0xed, 0x25}} ,
+ {{0x47, 0x39, 0x37, 0x76, 0x0d, 0x1d, 0x0c, 0xf5, 0x5a, 0x6d, 0x43, 0x88, 0x99, 0x15, 0xb4, 0x52, 0x0f, 0x2a, 0xb3, 0xb0, 0x3f, 0xa6, 0xb3, 0x26, 0xb3, 0xc7, 0x45, 0xf5, 0x92, 0x5f, 0x9b, 0x17}}},
+{{{0x9d, 0x23, 0xbd, 0x15, 0xfe, 0x52, 0x52, 0x15, 0x26, 0x79, 0x86, 0xba, 0x06, 0x56, 0x66, 0xbb, 0x8c, 0x2e, 0x10, 0x11, 0xd5, 0x4a, 0x18, 0x52, 0xda, 0x84, 0x44, 0xf0, 0x3e, 0xe9, 0x8c, 0x35}} ,
+ {{0xad, 0xa0, 0x41, 0xec, 0xc8, 0x4d, 0xb9, 0xd2, 0x6e, 0x96, 0x4e, 0x5b, 0xc5, 0xc2, 0xa0, 0x1b, 0xcf, 0x0c, 0xbf, 0x17, 0x66, 0x57, 0xc1, 0x17, 0x90, 0x45, 0x71, 0xc2, 0xe1, 0x24, 0xeb, 0x27}}},
+{{{0x2c, 0xb9, 0x42, 0xa4, 0xaf, 0x3b, 0x42, 0x0e, 0xc2, 0x0f, 0xf2, 0xea, 0x83, 0xaf, 0x9a, 0x13, 0x17, 0xb0, 0xbd, 0x89, 0x17, 0xe3, 0x72, 0xcb, 0x0e, 0x76, 0x7e, 0x41, 0x63, 0x04, 0x88, 0x71}} ,
+ {{0x75, 0x78, 0x38, 0x86, 0x57, 0xdd, 0x9f, 0xee, 0x54, 0x70, 0x65, 0xbf, 0xf1, 0x2c, 0xe0, 0x39, 0x0d, 0xe3, 0x89, 0xfd, 0x8e, 0x93, 0x4f, 0x43, 0xdc, 0xd5, 0x5b, 0xde, 0xf9, 0x98, 0xe5, 0x7b}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xe7, 0x3b, 0x65, 0x11, 0xdf, 0xb2, 0xf2, 0x63, 0x94, 0x12, 0x6f, 0x5c, 0x9e, 0x77, 0xc1, 0xb6, 0xd8, 0xab, 0x58, 0x7a, 0x1d, 0x95, 0x73, 0xdd, 0xe7, 0xe3, 0x6f, 0xf2, 0x03, 0x1d, 0xdb, 0x76}} ,
+ {{0xae, 0x06, 0x4e, 0x2c, 0x52, 0x1b, 0xbc, 0x5a, 0x5a, 0xa5, 0xbe, 0x27, 0xbd, 0xeb, 0xe1, 0x14, 0x17, 0x68, 0x26, 0x07, 0x03, 0xd1, 0x18, 0x0b, 0xdf, 0xf1, 0x06, 0x5c, 0xa6, 0x1b, 0xb9, 0x24}}},
+{{{0xc5, 0x66, 0x80, 0x13, 0x0e, 0x48, 0x8c, 0x87, 0x31, 0x84, 0xb4, 0x60, 0xed, 0xc5, 0xec, 0xb6, 0xc5, 0x05, 0x33, 0x5f, 0x2f, 0x7d, 0x40, 0xb6, 0x32, 0x1d, 0x38, 0x74, 0x1b, 0xf1, 0x09, 0x3d}} ,
+ {{0xd4, 0x69, 0x82, 0xbc, 0x8d, 0xf8, 0x34, 0x36, 0x75, 0x55, 0x18, 0x55, 0x58, 0x3c, 0x79, 0xaf, 0x26, 0x80, 0xab, 0x9b, 0x95, 0x00, 0xf1, 0xcb, 0xda, 0xc1, 0x9f, 0xf6, 0x2f, 0xa2, 0xf4, 0x45}}},
+{{{0x17, 0xbe, 0xeb, 0x85, 0xed, 0x9e, 0xcd, 0x56, 0xf5, 0x17, 0x45, 0x42, 0xb4, 0x1f, 0x44, 0x4c, 0x05, 0x74, 0x15, 0x47, 0x00, 0xc6, 0x6a, 0x3d, 0x24, 0x09, 0x0d, 0x58, 0xb1, 0x42, 0xd7, 0x04}} ,
+ {{0x8d, 0xbd, 0xa3, 0xc4, 0x06, 0x9b, 0x1f, 0x90, 0x58, 0x60, 0x74, 0xb2, 0x00, 0x3b, 0x3c, 0xd2, 0xda, 0x82, 0xbb, 0x10, 0x90, 0x69, 0x92, 0xa9, 0xb4, 0x30, 0x81, 0xe3, 0x7c, 0xa8, 0x89, 0x45}}},
+{{{0x3f, 0xdc, 0x05, 0xcb, 0x41, 0x3c, 0xc8, 0x23, 0x04, 0x2c, 0x38, 0x99, 0xe3, 0x68, 0x55, 0xf9, 0xd3, 0x32, 0xc7, 0xbf, 0xfa, 0xd4, 0x1b, 0x5d, 0xde, 0xdc, 0x10, 0x42, 0xc0, 0x42, 0xd9, 0x75}} ,
+ {{0x2d, 0xab, 0x35, 0x4e, 0x87, 0xc4, 0x65, 0x97, 0x67, 0x24, 0xa4, 0x47, 0xad, 0x3f, 0x8e, 0xf3, 0xcb, 0x31, 0x17, 0x77, 0xc5, 0xe2, 0xd7, 0x8f, 0x3c, 0xc1, 0xcd, 0x56, 0x48, 0xc1, 0x6c, 0x69}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x14, 0xae, 0x5f, 0x88, 0x7b, 0xa5, 0x90, 0xdf, 0x10, 0xb2, 0x8b, 0x5e, 0x24, 0x17, 0xc3, 0xa3, 0xd4, 0x0f, 0x92, 0x61, 0x1a, 0x19, 0x5a, 0xad, 0x76, 0xbd, 0xd8, 0x1c, 0xdd, 0xe0, 0x12, 0x6d}} ,
+ {{0x8e, 0xbd, 0x70, 0x8f, 0x02, 0xa3, 0x24, 0x4d, 0x5a, 0x67, 0xc4, 0xda, 0xf7, 0x20, 0x0f, 0x81, 0x5b, 0x7a, 0x05, 0x24, 0x67, 0x83, 0x0b, 0x2a, 0x80, 0xe7, 0xfd, 0x74, 0x4b, 0x9e, 0x5c, 0x0d}}},
+{{{0x94, 0xd5, 0x5f, 0x1f, 0xa2, 0xfb, 0xeb, 0xe1, 0x07, 0x34, 0xf8, 0x20, 0xad, 0x81, 0x30, 0x06, 0x2d, 0xa1, 0x81, 0x95, 0x36, 0xcf, 0x11, 0x0b, 0xaf, 0xc1, 0x2b, 0x9a, 0x6c, 0x55, 0xc1, 0x16}} ,
+ {{0x36, 0x4f, 0xf1, 0x5e, 0x74, 0x35, 0x13, 0x28, 0xd7, 0x11, 0xcf, 0xb8, 0xde, 0x93, 0xb3, 0x05, 0xb8, 0xb5, 0x73, 0xe9, 0xeb, 0xad, 0x19, 0x1e, 0x89, 0x0f, 0x8b, 0x15, 0xd5, 0x8c, 0xe3, 0x23}}},
+{{{0x33, 0x79, 0xe7, 0x18, 0xe6, 0x0f, 0x57, 0x93, 0x15, 0xa0, 0xa7, 0xaa, 0xc4, 0xbf, 0x4f, 0x30, 0x74, 0x95, 0x5e, 0x69, 0x4a, 0x5b, 0x45, 0xe4, 0x00, 0xeb, 0x23, 0x74, 0x4c, 0xdf, 0x6b, 0x45}} ,
+ {{0x97, 0x29, 0x6c, 0xc4, 0x42, 0x0b, 0xdd, 0xc0, 0x29, 0x5c, 0x9b, 0x34, 0x97, 0xd0, 0xc7, 0x79, 0x80, 0x63, 0x74, 0xe4, 0x8e, 0x37, 0xb0, 0x2b, 0x7c, 0xe8, 0x68, 0x6c, 0xc3, 0x82, 0x97, 0x57}}},
+{{{0x22, 0xbe, 0x83, 0xb6, 0x4b, 0x80, 0x6b, 0x43, 0x24, 0x5e, 0xef, 0x99, 0x9b, 0xa8, 0xfc, 0x25, 0x8d, 0x3b, 0x03, 0x94, 0x2b, 0x3e, 0xe7, 0x95, 0x76, 0x9b, 0xcc, 0x15, 0xdb, 0x32, 0xe6, 0x66}} ,
+ {{0x84, 0xf0, 0x4a, 0x13, 0xa6, 0xd6, 0xfa, 0x93, 0x46, 0x07, 0xf6, 0x7e, 0x5c, 0x6d, 0x5e, 0xf6, 0xa6, 0xe7, 0x48, 0xf0, 0x06, 0xea, 0xff, 0x90, 0xc1, 0xcc, 0x4c, 0x19, 0x9c, 0x3c, 0x4e, 0x53}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2a, 0x50, 0xe3, 0x07, 0x15, 0x59, 0xf2, 0x8b, 0x81, 0xf2, 0xf3, 0xd3, 0x6c, 0x99, 0x8c, 0x70, 0x67, 0xec, 0xcc, 0xee, 0x9e, 0x59, 0x45, 0x59, 0x7d, 0x47, 0x75, 0x69, 0xf5, 0x24, 0x93, 0x5d}} ,
+ {{0x6a, 0x4f, 0x1b, 0xbe, 0x6b, 0x30, 0xcf, 0x75, 0x46, 0xe3, 0x7b, 0x9d, 0xfc, 0xcd, 0xd8, 0x5c, 0x1f, 0xb4, 0xc8, 0xe2, 0x24, 0xec, 0x1a, 0x28, 0x05, 0x32, 0x57, 0xfd, 0x3c, 0x5a, 0x98, 0x10}}},
+{{{0xa3, 0xdb, 0xf7, 0x30, 0xd8, 0xc2, 0x9a, 0xe1, 0xd3, 0xce, 0x22, 0xe5, 0x80, 0x1e, 0xd9, 0xe4, 0x1f, 0xab, 0xc0, 0x71, 0x1a, 0x86, 0x0e, 0x27, 0x99, 0x5b, 0xfa, 0x76, 0x99, 0xb0, 0x08, 0x3c}} ,
+ {{0x2a, 0x93, 0xd2, 0x85, 0x1b, 0x6a, 0x5d, 0xa6, 0xee, 0xd1, 0xd1, 0x33, 0xbd, 0x6a, 0x36, 0x73, 0x37, 0x3a, 0x44, 0xb4, 0xec, 0xa9, 0x7a, 0xde, 0x83, 0x40, 0xd7, 0xdf, 0x28, 0xba, 0xa2, 0x30}}},
+{{{0xd3, 0xb5, 0x6d, 0x05, 0x3f, 0x9f, 0xf3, 0x15, 0x8d, 0x7c, 0xca, 0xc9, 0xfc, 0x8a, 0x7c, 0x94, 0xb0, 0x63, 0x36, 0x9b, 0x78, 0xd1, 0x91, 0x1f, 0x93, 0xd8, 0x57, 0x43, 0xde, 0x76, 0xa3, 0x43}} ,
+ {{0x9b, 0x35, 0xe2, 0xa9, 0x3d, 0x32, 0x1e, 0xbb, 0x16, 0x28, 0x70, 0xe9, 0x45, 0x2f, 0x8f, 0x70, 0x7f, 0x08, 0x7e, 0x53, 0xc4, 0x7a, 0xbf, 0xf7, 0xe1, 0xa4, 0x6a, 0xd8, 0xac, 0x64, 0x1b, 0x11}}},
+{{{0xb2, 0xeb, 0x47, 0x46, 0x18, 0x3e, 0x1f, 0x99, 0x0c, 0xcc, 0xf1, 0x2c, 0xe0, 0xe7, 0x8f, 0xe0, 0x01, 0x7e, 0x65, 0xb8, 0x0c, 0xd0, 0xfb, 0xc8, 0xb9, 0x90, 0x98, 0x33, 0x61, 0x3b, 0xd8, 0x27}} ,
+ {{0xa0, 0xbe, 0x72, 0x3a, 0x50, 0x4b, 0x74, 0xab, 0x01, 0xc8, 0x93, 0xc5, 0xe4, 0xc7, 0x08, 0x6c, 0xb4, 0xca, 0xee, 0xeb, 0x8e, 0xd7, 0x4e, 0x26, 0xc6, 0x1d, 0xe2, 0x71, 0xaf, 0x89, 0xa0, 0x2a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x98, 0x0b, 0xe4, 0xde, 0xdb, 0xa8, 0xfa, 0x82, 0x74, 0x06, 0x52, 0x6d, 0x08, 0x52, 0x8a, 0xff, 0x62, 0xc5, 0x6a, 0x44, 0x0f, 0x51, 0x8c, 0x1f, 0x6e, 0xb6, 0xc6, 0x2c, 0x81, 0xd3, 0x76, 0x46}} ,
+ {{0xf4, 0x29, 0x74, 0x2e, 0x80, 0xa7, 0x1a, 0x8f, 0xf6, 0xbd, 0xd6, 0x8e, 0xbf, 0xc1, 0x95, 0x2a, 0xeb, 0xa0, 0x7f, 0x45, 0xa0, 0x50, 0x14, 0x05, 0xb1, 0x57, 0x4c, 0x74, 0xb7, 0xe2, 0x89, 0x7d}}},
+{{{0x07, 0xee, 0xa7, 0xad, 0xb7, 0x09, 0x0b, 0x49, 0x4e, 0xbf, 0xca, 0xe5, 0x21, 0xe6, 0xe6, 0xaf, 0xd5, 0x67, 0xf3, 0xce, 0x7e, 0x7c, 0x93, 0x7b, 0x5a, 0x10, 0x12, 0x0e, 0x6c, 0x06, 0x11, 0x75}} ,
+ {{0xd5, 0xfc, 0x86, 0xa3, 0x3b, 0xa3, 0x3e, 0x0a, 0xfb, 0x0b, 0xf7, 0x36, 0xb1, 0x5b, 0xda, 0x70, 0xb7, 0x00, 0xa7, 0xda, 0x88, 0x8f, 0x84, 0xa8, 0xbc, 0x1c, 0x39, 0xb8, 0x65, 0xf3, 0x4d, 0x60}}},
+{{{0x96, 0x9d, 0x31, 0xf4, 0xa2, 0xbe, 0x81, 0xb9, 0xa5, 0x59, 0x9e, 0xba, 0x07, 0xbe, 0x74, 0x58, 0xd8, 0xeb, 0xc5, 0x9f, 0x3d, 0xd1, 0xf4, 0xae, 0xce, 0x53, 0xdf, 0x4f, 0xc7, 0x2a, 0x89, 0x4d}} ,
+ {{0x29, 0xd8, 0xf2, 0xaa, 0xe9, 0x0e, 0xf7, 0x2e, 0x5f, 0x9d, 0x8a, 0x5b, 0x09, 0xed, 0xc9, 0x24, 0x22, 0xf4, 0x0f, 0x25, 0x8f, 0x1c, 0x84, 0x6e, 0x34, 0x14, 0x6c, 0xea, 0xb3, 0x86, 0x5d, 0x04}}},
+{{{0x07, 0x98, 0x61, 0xe8, 0x6a, 0xd2, 0x81, 0x49, 0x25, 0xd5, 0x5b, 0x18, 0xc7, 0x35, 0x52, 0x51, 0xa4, 0x46, 0xad, 0x18, 0x0d, 0xc9, 0x5f, 0x18, 0x91, 0x3b, 0xb4, 0xc0, 0x60, 0x59, 0x8d, 0x66}} ,
+ {{0x03, 0x1b, 0x79, 0x53, 0x6e, 0x24, 0xae, 0x57, 0xd9, 0x58, 0x09, 0x85, 0x48, 0xa2, 0xd3, 0xb5, 0xe2, 0x4d, 0x11, 0x82, 0xe6, 0x86, 0x3c, 0xe9, 0xb1, 0x00, 0x19, 0xc2, 0x57, 0xf7, 0x66, 0x7a}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x0f, 0xe3, 0x89, 0x03, 0xd7, 0x22, 0x95, 0x9f, 0xca, 0xb4, 0x8d, 0x9e, 0x6d, 0x97, 0xff, 0x8d, 0x21, 0x59, 0x07, 0xef, 0x03, 0x2d, 0x5e, 0xf8, 0x44, 0x46, 0xe7, 0x85, 0x80, 0xc5, 0x89, 0x50}} ,
+ {{0x8b, 0xd8, 0x53, 0x86, 0x24, 0x86, 0x29, 0x52, 0x01, 0xfa, 0x20, 0xc3, 0x4e, 0x95, 0xcb, 0xad, 0x7b, 0x34, 0x94, 0x30, 0xb7, 0x7a, 0xfa, 0x96, 0x41, 0x60, 0x2b, 0xcb, 0x59, 0xb9, 0xca, 0x50}}},
+{{{0xc2, 0x5b, 0x9b, 0x78, 0x23, 0x1b, 0x3a, 0x88, 0x94, 0x5f, 0x0a, 0x9b, 0x98, 0x2b, 0x6e, 0x53, 0x11, 0xf6, 0xff, 0xc6, 0x7d, 0x42, 0xcc, 0x02, 0x80, 0x40, 0x0d, 0x1e, 0xfb, 0xaf, 0x61, 0x07}} ,
+ {{0xb0, 0xe6, 0x2f, 0x81, 0x70, 0xa1, 0x2e, 0x39, 0x04, 0x7c, 0xc4, 0x2c, 0x87, 0x45, 0x4a, 0x5b, 0x69, 0x97, 0xac, 0x6d, 0x2c, 0x10, 0x42, 0x7c, 0x3b, 0x15, 0x70, 0x60, 0x0e, 0x11, 0x6d, 0x3a}}},
+{{{0x9b, 0x18, 0x80, 0x5e, 0xdb, 0x05, 0xbd, 0xc6, 0xb7, 0x3c, 0xc2, 0x40, 0x4d, 0x5d, 0xce, 0x97, 0x8a, 0x34, 0x15, 0xab, 0x28, 0x5d, 0x10, 0xf0, 0x37, 0x0c, 0xcc, 0x16, 0xfa, 0x1f, 0x33, 0x0d}} ,
+ {{0x19, 0xf9, 0x35, 0xaa, 0x59, 0x1a, 0x0c, 0x5c, 0x06, 0xfc, 0x6a, 0x0b, 0x97, 0x53, 0x36, 0xfc, 0x2a, 0xa5, 0x5a, 0x9b, 0x30, 0xef, 0x23, 0xaf, 0x39, 0x5d, 0x9a, 0x6b, 0x75, 0x57, 0x48, 0x0b}}},
+{{{0x26, 0xdc, 0x76, 0x3b, 0xfc, 0xf9, 0x9c, 0x3f, 0x89, 0x0b, 0x62, 0x53, 0xaf, 0x83, 0x01, 0x2e, 0xbc, 0x6a, 0xc6, 0x03, 0x0d, 0x75, 0x2a, 0x0d, 0xe6, 0x94, 0x54, 0xcf, 0xb3, 0xe5, 0x96, 0x25}} ,
+ {{0xfe, 0x82, 0xb1, 0x74, 0x31, 0x8a, 0xa7, 0x6f, 0x56, 0xbd, 0x8d, 0xf4, 0xe0, 0x94, 0x51, 0x59, 0xde, 0x2c, 0x5a, 0xf4, 0x84, 0x6b, 0x4a, 0x88, 0x93, 0xc0, 0x0c, 0x9a, 0xac, 0xa7, 0xa0, 0x68}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x25, 0x0d, 0xd6, 0xc7, 0x23, 0x47, 0x10, 0xad, 0xc7, 0x08, 0x5c, 0x87, 0x87, 0x93, 0x98, 0x18, 0xb8, 0xd3, 0x9c, 0xac, 0x5a, 0x3d, 0xc5, 0x75, 0xf8, 0x49, 0x32, 0x14, 0xcc, 0x51, 0x96, 0x24}} ,
+ {{0x65, 0x9c, 0x5d, 0xf0, 0x37, 0x04, 0xf0, 0x34, 0x69, 0x2a, 0xf0, 0xa5, 0x64, 0xca, 0xde, 0x2b, 0x5b, 0x15, 0x10, 0xd2, 0xab, 0x06, 0xdd, 0xc4, 0xb0, 0xb6, 0x5b, 0xc1, 0x17, 0xdf, 0x8f, 0x02}}},
+{{{0xbd, 0x59, 0x3d, 0xbf, 0x5c, 0x31, 0x44, 0x2c, 0x32, 0x94, 0x04, 0x60, 0x84, 0x0f, 0xad, 0x00, 0xb6, 0x8f, 0xc9, 0x1d, 0xcc, 0x5c, 0xa2, 0x49, 0x0e, 0x50, 0x91, 0x08, 0x9a, 0x43, 0x55, 0x05}} ,
+ {{0x5d, 0x93, 0x55, 0xdf, 0x9b, 0x12, 0x19, 0xec, 0x93, 0x85, 0x42, 0x9e, 0x66, 0x0f, 0x9d, 0xaf, 0x99, 0xaf, 0x26, 0x89, 0xbc, 0x61, 0xfd, 0xff, 0xce, 0x4b, 0xf4, 0x33, 0x95, 0xc9, 0x35, 0x58}}},
+{{{0x12, 0x55, 0xf9, 0xda, 0xcb, 0x44, 0xa7, 0xdc, 0x57, 0xe2, 0xf9, 0x9a, 0xe6, 0x07, 0x23, 0x60, 0x54, 0xa7, 0x39, 0xa5, 0x9b, 0x84, 0x56, 0x6e, 0xaa, 0x8b, 0x8f, 0xb0, 0x2c, 0x87, 0xaf, 0x67}} ,
+ {{0x00, 0xa9, 0x4c, 0xb2, 0x12, 0xf8, 0x32, 0xa8, 0x7a, 0x00, 0x4b, 0x49, 0x32, 0xba, 0x1f, 0x5d, 0x44, 0x8e, 0x44, 0x7a, 0xdc, 0x11, 0xfb, 0x39, 0x08, 0x57, 0x87, 0xa5, 0x12, 0x42, 0x93, 0x0e}}},
+{{{0x17, 0xb4, 0xae, 0x72, 0x59, 0xd0, 0xaa, 0xa8, 0x16, 0x8b, 0x63, 0x11, 0xb3, 0x43, 0x04, 0xda, 0x0c, 0xa8, 0xb7, 0x68, 0xdd, 0x4e, 0x54, 0xe7, 0xaf, 0x5d, 0x5d, 0x05, 0x76, 0x36, 0xec, 0x0d}} ,
+ {{0x6d, 0x7c, 0x82, 0x32, 0x38, 0x55, 0x57, 0x74, 0x5b, 0x7d, 0xc3, 0xc4, 0xfb, 0x06, 0x29, 0xf0, 0x13, 0x55, 0x54, 0xc6, 0xa7, 0xdc, 0x4c, 0x9f, 0x98, 0x49, 0x20, 0xa8, 0xc3, 0x8d, 0xfa, 0x48}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x87, 0x47, 0x9d, 0xe9, 0x25, 0xd5, 0xe3, 0x47, 0x78, 0xdf, 0x85, 0xa7, 0x85, 0x5e, 0x7a, 0x4c, 0x5f, 0x79, 0x1a, 0xf3, 0xa2, 0xb2, 0x28, 0xa0, 0x9c, 0xdd, 0x30, 0x40, 0xd4, 0x38, 0xbd, 0x28}} ,
+ {{0xfc, 0xbb, 0xd5, 0x78, 0x6d, 0x1d, 0xd4, 0x99, 0xb4, 0xaa, 0x44, 0x44, 0x7a, 0x1b, 0xd8, 0xfe, 0xb4, 0x99, 0xb9, 0xcc, 0xe7, 0xc4, 0xd3, 0x3a, 0x73, 0x83, 0x41, 0x5c, 0x40, 0xd7, 0x2d, 0x55}}},
+{{{0x26, 0xe1, 0x7b, 0x5f, 0xe5, 0xdc, 0x3f, 0x7d, 0xa1, 0xa7, 0x26, 0x44, 0x22, 0x23, 0xc0, 0x8f, 0x7d, 0xf1, 0xb5, 0x11, 0x47, 0x7b, 0x19, 0xd4, 0x75, 0x6f, 0x1e, 0xa5, 0x27, 0xfe, 0xc8, 0x0e}} ,
+ {{0xd3, 0x11, 0x3d, 0xab, 0xef, 0x2c, 0xed, 0xb1, 0x3d, 0x7c, 0x32, 0x81, 0x6b, 0xfe, 0xf8, 0x1c, 0x3c, 0x7b, 0xc0, 0x61, 0xdf, 0xb8, 0x75, 0x76, 0x7f, 0xaa, 0xd8, 0x93, 0xaf, 0x3d, 0xe8, 0x3d}}},
+{{{0xfd, 0x5b, 0x4e, 0x8d, 0xb6, 0x7e, 0x82, 0x9b, 0xef, 0xce, 0x04, 0x69, 0x51, 0x52, 0xff, 0xef, 0xa0, 0x52, 0xb5, 0x79, 0x17, 0x5e, 0x2f, 0xde, 0xd6, 0x3c, 0x2d, 0xa0, 0x43, 0xb4, 0x0b, 0x19}} ,
+ {{0xc0, 0x61, 0x48, 0x48, 0x17, 0xf4, 0x9e, 0x18, 0x51, 0x2d, 0xea, 0x2f, 0xf2, 0xf2, 0xe0, 0xa3, 0x14, 0xb7, 0x8b, 0x3a, 0x30, 0xf5, 0x81, 0xc1, 0x5d, 0x71, 0x39, 0x62, 0x55, 0x1f, 0x60, 0x5a}}},
+{{{0xe5, 0x89, 0x8a, 0x76, 0x6c, 0xdb, 0x4d, 0x0a, 0x5b, 0x72, 0x9d, 0x59, 0x6e, 0x63, 0x63, 0x18, 0x7c, 0xe3, 0xfa, 0xe2, 0xdb, 0xa1, 0x8d, 0xf4, 0xa5, 0xd7, 0x16, 0xb2, 0xd0, 0xb3, 0x3f, 0x39}} ,
+ {{0xce, 0x60, 0x09, 0x6c, 0xf5, 0x76, 0x17, 0x24, 0x80, 0x3a, 0x96, 0xc7, 0x94, 0x2e, 0xf7, 0x6b, 0xef, 0xb5, 0x05, 0x96, 0xef, 0xd3, 0x7b, 0x51, 0xda, 0x05, 0x44, 0x67, 0xbc, 0x07, 0x21, 0x4e}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xe9, 0x73, 0x6f, 0x21, 0xb9, 0xde, 0x22, 0x7d, 0xeb, 0x97, 0x31, 0x10, 0xa3, 0xea, 0xe1, 0xc6, 0x37, 0xeb, 0x8f, 0x43, 0x58, 0xde, 0x41, 0x64, 0x0e, 0x3e, 0x07, 0x99, 0x3d, 0xf1, 0xdf, 0x1e}} ,
+ {{0xf8, 0xad, 0x43, 0xc2, 0x17, 0x06, 0xe2, 0xe4, 0xa9, 0x86, 0xcd, 0x18, 0xd7, 0x78, 0xc8, 0x74, 0x66, 0xd2, 0x09, 0x18, 0xa5, 0xf1, 0xca, 0xa6, 0x62, 0x92, 0xc1, 0xcb, 0x00, 0xeb, 0x42, 0x2e}}},
+{{{0x7b, 0x34, 0x24, 0x4c, 0xcf, 0x38, 0xe5, 0x6c, 0x0a, 0x01, 0x2c, 0x22, 0x0b, 0x24, 0x38, 0xad, 0x24, 0x7e, 0x19, 0xf0, 0x6c, 0xf9, 0x31, 0xf4, 0x35, 0x11, 0xf6, 0x46, 0x33, 0x3a, 0x23, 0x59}} ,
+ {{0x20, 0x0b, 0xa1, 0x08, 0x19, 0xad, 0x39, 0x54, 0xea, 0x3e, 0x23, 0x09, 0xb6, 0xe2, 0xd2, 0xbc, 0x4d, 0xfc, 0x9c, 0xf0, 0x13, 0x16, 0x22, 0x3f, 0xb9, 0xd2, 0x11, 0x86, 0x90, 0x55, 0xce, 0x3c}}},
+{{{0xc4, 0x0b, 0x4b, 0x62, 0x99, 0x37, 0x84, 0x3f, 0x74, 0xa2, 0xf9, 0xce, 0xe2, 0x0b, 0x0f, 0x2a, 0x3d, 0xa3, 0xe3, 0xdb, 0x5a, 0x9d, 0x93, 0xcc, 0xa5, 0xef, 0x82, 0x91, 0x1d, 0xe6, 0x6c, 0x68}} ,
+ {{0xa3, 0x64, 0x17, 0x9b, 0x8b, 0xc8, 0x3a, 0x61, 0xe6, 0x9d, 0xc6, 0xed, 0x7b, 0x03, 0x52, 0x26, 0x9d, 0x3a, 0xb3, 0x13, 0xcc, 0x8a, 0xfd, 0x2c, 0x1a, 0x1d, 0xed, 0x13, 0xd0, 0x55, 0x57, 0x0e}}},
+{{{0x1a, 0xea, 0xbf, 0xfd, 0x4a, 0x3c, 0x8e, 0xec, 0x29, 0x7e, 0x77, 0x77, 0x12, 0x99, 0xd7, 0x84, 0xf9, 0x55, 0x7f, 0xf1, 0x8b, 0xb4, 0xd2, 0x95, 0xa3, 0x8d, 0xf0, 0x8a, 0xa7, 0xeb, 0x82, 0x4b}} ,
+ {{0x2c, 0x28, 0xf4, 0x3a, 0xf6, 0xde, 0x0a, 0xe0, 0x41, 0x44, 0x23, 0xf8, 0x3f, 0x03, 0x64, 0x9f, 0xc3, 0x55, 0x4c, 0xc6, 0xc1, 0x94, 0x1c, 0x24, 0x5d, 0x5f, 0x92, 0x45, 0x96, 0x57, 0x37, 0x14}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xc1, 0xcd, 0x90, 0x66, 0xb9, 0x76, 0xa0, 0x5b, 0xa5, 0x85, 0x75, 0x23, 0xf9, 0x89, 0xa5, 0x82, 0xb2, 0x6f, 0xb1, 0xeb, 0xc4, 0x69, 0x6f, 0x18, 0x5a, 0xed, 0x94, 0x3d, 0x9d, 0xd9, 0x2c, 0x1a}} ,
+ {{0x35, 0xb0, 0xe6, 0x73, 0x06, 0xb7, 0x37, 0xe0, 0xf8, 0xb0, 0x22, 0xe8, 0xd2, 0xed, 0x0b, 0xef, 0xe6, 0xc6, 0x5a, 0x99, 0x9e, 0x1a, 0x9f, 0x04, 0x97, 0xe4, 0x4d, 0x0b, 0xbe, 0xba, 0x44, 0x40}}},
+{{{0xc1, 0x56, 0x96, 0x91, 0x5f, 0x1f, 0xbb, 0x54, 0x6f, 0x88, 0x89, 0x0a, 0xb2, 0xd6, 0x41, 0x42, 0x6a, 0x82, 0xee, 0x14, 0xaa, 0x76, 0x30, 0x65, 0x0f, 0x67, 0x39, 0xa6, 0x51, 0x7c, 0x49, 0x24}} ,
+ {{0x35, 0xa3, 0x78, 0xd1, 0x11, 0x0f, 0x75, 0xd3, 0x70, 0x46, 0xdb, 0x20, 0x51, 0xcb, 0x92, 0x80, 0x54, 0x10, 0x74, 0x36, 0x86, 0xa9, 0xd7, 0xa3, 0x08, 0x78, 0xf1, 0x01, 0x29, 0xf8, 0x80, 0x3b}}},
+{{{0xdb, 0xa7, 0x9d, 0x9d, 0xbf, 0xa0, 0xcc, 0xed, 0x53, 0xa2, 0xa2, 0x19, 0x39, 0x48, 0x83, 0x19, 0x37, 0x58, 0xd1, 0x04, 0x28, 0x40, 0xf7, 0x8a, 0xc2, 0x08, 0xb7, 0xa5, 0x42, 0xcf, 0x53, 0x4c}} ,
+ {{0xa7, 0xbb, 0xf6, 0x8e, 0xad, 0xdd, 0xf7, 0x90, 0xdd, 0x5f, 0x93, 0x89, 0xae, 0x04, 0x37, 0xe6, 0x9a, 0xb7, 0xe8, 0xc0, 0xdf, 0x16, 0x2a, 0xbf, 0xc4, 0x3a, 0x3c, 0x41, 0xd5, 0x89, 0x72, 0x5a}}},
+{{{0x1f, 0x96, 0xff, 0x34, 0x2c, 0x13, 0x21, 0xcb, 0x0a, 0x89, 0x85, 0xbe, 0xb3, 0x70, 0x9e, 0x1e, 0xde, 0x97, 0xaf, 0x96, 0x30, 0xf7, 0x48, 0x89, 0x40, 0x8d, 0x07, 0xf1, 0x25, 0xf0, 0x30, 0x58}} ,
+ {{0x1e, 0xd4, 0x93, 0x57, 0xe2, 0x17, 0xe7, 0x9d, 0xab, 0x3c, 0x55, 0x03, 0x82, 0x2f, 0x2b, 0xdb, 0x56, 0x1e, 0x30, 0x2e, 0x24, 0x47, 0x6e, 0xe6, 0xff, 0x33, 0x24, 0x2c, 0x75, 0x51, 0xd4, 0x67}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0x2b, 0x06, 0xd9, 0xa1, 0x5d, 0xe1, 0xf4, 0xd1, 0x1e, 0x3c, 0x9a, 0xc6, 0x29, 0x2b, 0x13, 0x13, 0x78, 0xc0, 0xd8, 0x16, 0x17, 0x2d, 0x9e, 0xa9, 0xc9, 0x79, 0x57, 0xab, 0x24, 0x91, 0x92, 0x19}} ,
+ {{0x69, 0xfb, 0xa1, 0x9c, 0xa6, 0x75, 0x49, 0x7d, 0x60, 0x73, 0x40, 0x42, 0xc4, 0x13, 0x0a, 0x95, 0x79, 0x1e, 0x04, 0x83, 0x94, 0x99, 0x9b, 0x1e, 0x0c, 0xe8, 0x1f, 0x54, 0xef, 0xcb, 0xc0, 0x52}}},
+{{{0x14, 0x89, 0x73, 0xa1, 0x37, 0x87, 0x6a, 0x7a, 0xcf, 0x1d, 0xd9, 0x2e, 0x1a, 0x67, 0xed, 0x74, 0xc0, 0xf0, 0x9c, 0x33, 0xdd, 0xdf, 0x08, 0xbf, 0x7b, 0xd1, 0x66, 0xda, 0xe6, 0xc9, 0x49, 0x08}} ,
+ {{0xe9, 0xdd, 0x5e, 0x55, 0xb0, 0x0a, 0xde, 0x21, 0x4c, 0x5a, 0x2e, 0xd4, 0x80, 0x3a, 0x57, 0x92, 0x7a, 0xf1, 0xc4, 0x2c, 0x40, 0xaf, 0x2f, 0xc9, 0x92, 0x03, 0xe5, 0x5a, 0xbc, 0xdc, 0xf4, 0x09}}},
+{{{0xf3, 0xe1, 0x2b, 0x7c, 0x05, 0x86, 0x80, 0x93, 0x4a, 0xad, 0xb4, 0x8f, 0x7e, 0x99, 0x0c, 0xfd, 0xcd, 0xef, 0xd1, 0xff, 0x2c, 0x69, 0x34, 0x13, 0x41, 0x64, 0xcf, 0x3b, 0xd0, 0x90, 0x09, 0x1e}} ,
+ {{0x9d, 0x45, 0xd6, 0x80, 0xe6, 0x45, 0xaa, 0xf4, 0x15, 0xaa, 0x5c, 0x34, 0x87, 0x99, 0xa2, 0x8c, 0x26, 0x84, 0x62, 0x7d, 0xb6, 0x29, 0xc0, 0x52, 0xea, 0xf5, 0x81, 0x18, 0x0f, 0x35, 0xa9, 0x0e}}},
+{{{0xe7, 0x20, 0x72, 0x7c, 0x6d, 0x94, 0x5f, 0x52, 0x44, 0x54, 0xe3, 0xf1, 0xb2, 0xb0, 0x36, 0x46, 0x0f, 0xae, 0x92, 0xe8, 0x70, 0x9d, 0x6e, 0x79, 0xb1, 0xad, 0x37, 0xa9, 0x5f, 0xc0, 0xde, 0x03}} ,
+ {{0x15, 0x55, 0x37, 0xc6, 0x1c, 0x27, 0x1c, 0x6d, 0x14, 0x4f, 0xca, 0xa4, 0xc4, 0x88, 0x25, 0x46, 0x39, 0xfc, 0x5a, 0xe5, 0xfe, 0x29, 0x11, 0x69, 0xf5, 0x72, 0x84, 0x4d, 0x78, 0x9f, 0x94, 0x15}}},
+{{{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}, 
+ {{0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}}},
+{{{0xec, 0xd3, 0xff, 0x57, 0x0b, 0xb0, 0xb2, 0xdc, 0xf8, 0x4f, 0xe2, 0x12, 0xd5, 0x36, 0xbe, 0x6b, 0x09, 0x43, 0x6d, 0xa3, 0x4d, 0x90, 0x2d, 0xb8, 0x74, 0xe8, 0x71, 0x45, 0x19, 0x8b, 0x0c, 0x6a}} ,
+ {{0xb8, 0x42, 0x1c, 0x03, 0xad, 0x2c, 0x03, 0x8e, 0xac, 0xd7, 0x98, 0x29, 0x13, 0xc6, 0x02, 0x29, 0xb5, 0xd4, 0xe7, 0xcf, 0xcc, 0x8b, 0x83, 0xec, 0x35, 0xc7, 0x9c, 0x74, 0xb7, 0xad, 0x85, 0x5f}}},
+{{{0x78, 0x84, 0xe1, 0x56, 0x45, 0x69, 0x68, 0x5a, 0x4f, 0xb8, 0xb1, 0x29, 0xff, 0x33, 0x03, 0x31, 0xb7, 0xcb, 0x96, 0x25, 0xe6, 0xe6, 0x41, 0x98, 0x1a, 0xbb, 0x03, 0x56, 0xf2, 0xb2, 0x91, 0x34}} ,
+ {{0x2c, 0x6c, 0xf7, 0x66, 0xa4, 0x62, 0x6b, 0x39, 0xb3, 0xba, 0x65, 0xd3, 0x1c, 0xf8, 0x11, 0xaa, 0xbe, 0xdc, 0x80, 0x59, 0x87, 0xf5, 0x7b, 0xe5, 0xe3, 0xb3, 0x3e, 0x39, 0xda, 0xbe, 0x88, 0x09}}},
+{{{0x8b, 0xf1, 0xa0, 0xf5, 0xdc, 0x29, 0xb4, 0xe2, 0x07, 0xc6, 0x7a, 0x00, 0xd0, 0x89, 0x17, 0x51, 0xd4, 0xbb, 0xd4, 0x22, 0xea, 0x7e, 0x7d, 0x7c, 0x24, 0xea, 0xf2, 0xe8, 0x22, 0x12, 0x95, 0x06}} ,
+ {{0xda, 0x7c, 0xa4, 0x0c, 0xf4, 0xba, 0x6e, 0xe1, 0x89, 0xb5, 0x59, 0xca, 0xf1, 0xc0, 0x29, 0x36, 0x09, 0x44, 0xe2, 0x7f, 0xd1, 0x63, 0x15, 0x99, 0xea, 0x25, 0xcf, 0x0c, 0x9d, 0xc0, 0x44, 0x6f}}},
+{{{0x1d, 0x86, 0x4e, 0xcf, 0xf7, 0x37, 0x10, 0x25, 0x8f, 0x12, 0xfb, 0x19, 0xfb, 0xe0, 0xed, 0x10, 0xc8, 0xe2, 0xf5, 0x75, 0xb1, 0x33, 0xc0, 0x96, 0x0d, 0xfb, 0x15, 0x6c, 0x0d, 0x07, 0x5f, 0x05}} ,
+ {{0x69, 0x3e, 0x47, 0x97, 0x2c, 0xaf, 0x52, 0x7c, 0x78, 0x83, 0xad, 0x1b, 0x39, 0x82, 0x2f, 0x02, 0x6f, 0x47, 0xdb, 0x2a, 0xb0, 0xe1, 0x91, 0x99, 0x55, 0xb8, 0x99, 0x3a, 0xa0, 0x44, 0x11, 0x51}}}

src/libnacl/crypto_sign/ed25519/ref/implementors

@@ -0,0 +1,5 @@
+Daniel J. Bernstein
+Niels Duif
+Tanja Lange
+lead: Peter Schwabe
+Bo-Yin Yang

src/libnacl/crypto_sign/ed25519/ref/sc25519.c

@@ -0,0 +1,298 @@
+#include "sc25519.h"
+
+/*Arithmetic modulo the group order m = 2^252 +  27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */
+
+static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14, 
+                                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10};
+
+static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21, 
+                                     0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F};
+
+static crypto_uint32 lt(crypto_uint32 a,crypto_uint32 b) /* 16-bit inputs */
+{
+  unsigned int x = a;
+  x -= (unsigned int) b; /* 0..65535: no; 4294901761..4294967295: yes */
+  x >>= 31; /* 0: no; 1: yes */
+  return x;
+}
+
+/* Reduce coefficients of r before calling reduce_add_sub */
+static void reduce_add_sub(sc25519 *r)
+{
+  crypto_uint32 pb = 0;
+  crypto_uint32 b;
+  crypto_uint32 mask;
+  int i;
+  unsigned char t[32];
+
+  for(i=0;i<32;i++) 
+  {
+    pb += m[i];
+    b = lt(r->v[i],pb);
+    t[i] = r->v[i]-pb+(b<<8);
+    pb = b;
+  }
+  mask = b - 1;
+  for(i=0;i<32;i++) 
+    r->v[i] ^= mask & (r->v[i] ^ t[i]);
+}
+
+/* Reduce coefficients of x before calling barrett_reduce */
+static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
+{
+  /* See HAC, Alg. 14.42 */
+  int i,j;
+  crypto_uint32 q2[66];
+  crypto_uint32 *q3 = q2 + 33;
+  crypto_uint32 r1[33];
+  crypto_uint32 r2[33];
+  crypto_uint32 carry;
+  crypto_uint32 pb = 0;
+  crypto_uint32 b;
+
+  for (i = 0;i < 66;++i) q2[i] = 0;
+  for (i = 0;i < 33;++i) r2[i] = 0;
+
+  for(i=0;i<33;i++)
+    for(j=0;j<33;j++)
+      if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
+  carry = q2[31] >> 8;
+  q2[32] += carry;
+  carry = q2[32] >> 8;
+  q2[33] += carry;
+
+  for(i=0;i<33;i++)r1[i] = x[i];
+  for(i=0;i<32;i++)
+    for(j=0;j<33;j++)
+      if(i+j < 33) r2[i+j] += m[i]*q3[j];
+
+  for(i=0;i<32;i++)
+  {
+    carry = r2[i] >> 8;
+    r2[i+1] += carry;
+    r2[i] &= 0xff;
+  }
+
+  for(i=0;i<32;i++) 
+  {
+    pb += r2[i];
+    b = lt(r1[i],pb);
+    r->v[i] = r1[i]-pb+(b<<8);
+    pb = b;
+  }
+
+  /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3 
+   * If so: Handle  it here!
+   */
+
+  reduce_add_sub(r);
+  reduce_add_sub(r);
+}
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
+{
+  int i;
+  crypto_uint32 t[64];
+  for(i=0;i<32;i++) t[i] = x[i];
+  for(i=32;i<64;++i) t[i] = 0;
+  barrett_reduce(r, t);
+}
+
+void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16])
+{
+  int i;
+  for(i=0;i<16;i++) r->v[i] = x[i];
+}
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
+{
+  int i;
+  crypto_uint32 t[64];
+  for(i=0;i<64;i++) t[i] = x[i];
+  barrett_reduce(r, t);
+}
+
+void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x)
+{
+  int i;
+  for(i=0;i<16;i++)
+    r->v[i] = x->v[i];
+  for(i=0;i<16;i++)
+    r->v[16+i] = 0;
+}
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
+{
+  int i;
+  for(i=0;i<32;i++) r[i] = x->v[i];
+}
+
+int sc25519_iszero_vartime(const sc25519 *x)
+{
+  int i;
+  for(i=0;i<32;i++)
+    if(x->v[i] != 0) return 0;
+  return 1;
+}
+
+int sc25519_isshort_vartime(const sc25519 *x)
+{
+  int i;
+  for(i=31;i>15;i--)
+    if(x->v[i] != 0) return 0;
+  return 1;
+}
+
+int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y)
+{
+  int i;
+  for(i=31;i>=0;i--)
+  {
+    if(x->v[i] < y->v[i]) return 1;
+    if(x->v[i] > y->v[i]) return 0;
+  }
+  return 0;
+}
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  int i, carry;
+  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+  for(i=0;i<31;i++)
+  {
+    carry = r->v[i] >> 8;
+    r->v[i+1] += carry;
+    r->v[i] &= 0xff;
+  }
+  reduce_add_sub(r);
+}
+
+void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  crypto_uint32 b = 0;
+  crypto_uint32 t;
+  int i;
+  for(i=0;i<32;i++)
+  {
+    t = x->v[i] - y->v[i] - b;
+    r->v[i] = t & 255;
+    b = (t >> 8) & 1;
+  }
+}
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  int i,j,carry;
+  crypto_uint32 t[64];
+  for(i=0;i<64;i++)t[i] = 0;
+
+  for(i=0;i<32;i++)
+    for(j=0;j<32;j++)
+      t[i+j] += x->v[i] * y->v[j];
+
+  /* Reduce coefficients */
+  for(i=0;i<63;i++)
+  {
+    carry = t[i] >> 8;
+    t[i+1] += carry;
+    t[i] &= 0xff;
+  }
+
+  barrett_reduce(r, t);
+}
+
+void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y)
+{
+  sc25519 t;
+  sc25519_from_shortsc(&t, y);
+  sc25519_mul(r, x, &t);
+}
+
+void sc25519_window3(signed char r[85], const sc25519 *s)
+{
+  char carry;
+  int i;
+  for(i=0;i<10;i++)
+  {
+    r[8*i+0]  =  s->v[3*i+0]       & 7;
+    r[8*i+1]  = (s->v[3*i+0] >> 3) & 7;
+    r[8*i+2]  = (s->v[3*i+0] >> 6) & 7;
+    r[8*i+2] ^= (s->v[3*i+1] << 2) & 7;
+    r[8*i+3]  = (s->v[3*i+1] >> 1) & 7;
+    r[8*i+4]  = (s->v[3*i+1] >> 4) & 7;
+    r[8*i+5]  = (s->v[3*i+1] >> 7) & 7;
+    r[8*i+5] ^= (s->v[3*i+2] << 1) & 7;
+    r[8*i+6]  = (s->v[3*i+2] >> 2) & 7;
+    r[8*i+7]  = (s->v[3*i+2] >> 5) & 7;
+  }
+  r[8*i+0]  =  s->v[3*i+0]       & 7;
+  r[8*i+1]  = (s->v[3*i+0] >> 3) & 7;
+  r[8*i+2]  = (s->v[3*i+0] >> 6) & 7;
+  r[8*i+2] ^= (s->v[3*i+1] << 2) & 7;
+  r[8*i+3]  = (s->v[3*i+1] >> 1) & 7;
+  r[8*i+4]  = (s->v[3*i+1] >> 4) & 7;
+
+  /* Making it signed */
+  carry = 0;
+  for(i=0;i<84;i++)
+  {
+    r[i] += carry;
+    r[i+1] += r[i] >> 3;
+    r[i] &= 7;
+    carry = r[i] >> 2;
+    r[i] -= carry<<3;
+  }
+  r[84] += carry;
+}
+
+void sc25519_window5(signed char r[51], const sc25519 *s)
+{
+  char carry;
+  int i;
+  for(i=0;i<6;i++)
+  {
+    r[8*i+0]  =  s->v[5*i+0]       & 31;
+    r[8*i+1]  = (s->v[5*i+0] >> 5) & 31;
+    r[8*i+1] ^= (s->v[5*i+1] << 3) & 31;
+    r[8*i+2]  = (s->v[5*i+1] >> 2) & 31;
+    r[8*i+3]  = (s->v[5*i+1] >> 7) & 31;
+    r[8*i+3] ^= (s->v[5*i+2] << 1) & 31;
+    r[8*i+4]  = (s->v[5*i+2] >> 4) & 31;
+    r[8*i+4] ^= (s->v[5*i+3] << 4) & 31;
+    r[8*i+5]  = (s->v[5*i+3] >> 1) & 31;
+    r[8*i+6]  = (s->v[5*i+3] >> 6) & 31;
+    r[8*i+6] ^= (s->v[5*i+4] << 2) & 31;
+    r[8*i+7]  = (s->v[5*i+4] >> 3) & 31;
+  }
+  r[8*i+0]  =  s->v[5*i+0]       & 31;
+  r[8*i+1]  = (s->v[5*i+0] >> 5) & 31;
+  r[8*i+1] ^= (s->v[5*i+1] << 3) & 31;
+  r[8*i+2]  = (s->v[5*i+1] >> 2) & 31;
+
+  /* Making it signed */
+  carry = 0;
+  for(i=0;i<50;i++)
+  {
+    r[i] += carry;
+    r[i+1] += r[i] >> 5;
+    r[i] &= 31;
+    carry = r[i] >> 4;
+    r[i] -= carry<<5;
+  }
+  r[50] += carry;
+}
+
+void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2)
+{
+  int i;
+  for(i=0;i<31;i++)
+  {
+    r[4*i]   = ( s1->v[i]       & 3) ^ (( s2->v[i]       & 3) << 2);
+    r[4*i+1] = ((s1->v[i] >> 2) & 3) ^ (((s2->v[i] >> 2) & 3) << 2);
+    r[4*i+2] = ((s1->v[i] >> 4) & 3) ^ (((s2->v[i] >> 4) & 3) << 2);
+    r[4*i+3] = ((s1->v[i] >> 6) & 3) ^ (((s2->v[i] >> 6) & 3) << 2);
+  }
+  r[124] = ( s1->v[31]       & 3) ^ (( s2->v[31]       & 3) << 2);
+  r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2);
+  r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2);
+}

src/libnacl/crypto_sign/ed25519/ref/sc25519.h

@@ -0,0 +1,72 @@
+#ifndef SC25519_H
+#define SC25519_H
+
+#include "crypto_uint32.h"
+
+#define sc25519                  crypto_sign_ed25519_ref_sc25519
+#define shortsc25519             crypto_sign_ed25519_ref_shortsc25519
+#define sc25519_from32bytes      crypto_sign_ed25519_ref_sc25519_from32bytes
+#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes
+#define sc25519_from64bytes      crypto_sign_ed25519_ref_sc25519_from64bytes
+#define sc25519_from_shortsc     crypto_sign_ed25519_ref_sc25519_from_shortsc
+#define sc25519_to32bytes        crypto_sign_ed25519_ref_sc25519_to32bytes
+#define sc25519_iszero_vartime   crypto_sign_ed25519_ref_sc25519_iszero_vartime
+#define sc25519_isshort_vartime  crypto_sign_ed25519_ref_sc25519_isshort_vartime
+#define sc25519_lt_vartime       crypto_sign_ed25519_ref_sc25519_lt_vartime
+#define sc25519_add              crypto_sign_ed25519_ref_sc25519_add
+#define sc25519_sub_nored        crypto_sign_ed25519_ref_sc25519_sub_nored
+#define sc25519_mul              crypto_sign_ed25519_ref_sc25519_mul
+#define sc25519_mul_shortsc      crypto_sign_ed25519_ref_sc25519_mul_shortsc
+#define sc25519_window3          crypto_sign_ed25519_ref_sc25519_window3
+#define sc25519_window5          crypto_sign_ed25519_ref_sc25519_window5
+#define sc25519_2interleave2     crypto_sign_ed25519_ref_sc25519_2interleave2
+
+typedef struct 
+{
+  crypto_uint32 v[32]; 
+}
+sc25519;
+
+typedef struct 
+{
+  crypto_uint32 v[16]; 
+}
+shortsc25519;
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
+
+void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]);
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
+
+void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x);
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
+
+int sc25519_iszero_vartime(const sc25519 *x);
+
+int sc25519_isshort_vartime(const sc25519 *x);
+
+int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y);
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y);
+
+/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3
+ * with r[i] in {-4,...,3}
+ */
+void sc25519_window3(signed char r[85], const sc25519 *s);
+
+/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5
+ * with r[i] in {-16,...,15}
+ */
+void sc25519_window5(signed char r[51], const sc25519 *s);
+
+void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
+
+#endif

src/libnacl/crypto_sign/edwards25519sha512batch/ref/api.h

@@ -0,0 +1,3 @@
+#define CRYPTO_SECRETKEYBYTES 64
+#define CRYPTO_PUBLICKEYBYTES 32
+#define CRYPTO_BYTES 64

src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.c

@@ -0,0 +1,345 @@
+#include "fe25519.h"
+
+#define WINDOWSIZE 4 /* Should be 1,2, or 4 */
+#define WINDOWMASK ((1<<WINDOWSIZE)-1)
+
+static void reduce_add_sub(fe25519 *r)
+{
+  crypto_uint32 t;
+  int i,rep;
+
+  for(rep=0;rep<4;rep++)
+  {
+    t = r->v[31] >> 7;
+    r->v[31] &= 127;
+    t *= 19;
+    r->v[0] += t;
+    for(i=0;i<31;i++)
+    {
+      t = r->v[i] >> 8;
+      r->v[i+1] += t;
+      r->v[i] &= 255;
+    }
+  }
+}
+
+static void reduce_mul(fe25519 *r)
+{
+  crypto_uint32 t;
+  int i,rep;
+
+  for(rep=0;rep<2;rep++)
+  {
+    t = r->v[31] >> 7;
+    r->v[31] &= 127;
+    t *= 19;
+    r->v[0] += t;
+    for(i=0;i<31;i++)
+    {
+      t = r->v[i] >> 8;
+      r->v[i+1] += t;
+      r->v[i] &= 255;
+    }
+  }
+}
+
+/* reduction modulo 2^255-19 */
+static void freeze(fe25519 *r)
+{
+  int i;
+  unsigned int m = (r->v[31] == 127);
+  for(i=30;i>1;i--)
+    m *= (r->v[i] == 255);
+  m *= (r->v[0] >= 237);
+
+  r->v[31] -= m*127;
+  for(i=30;i>0;i--)
+    r->v[i] -= m*255;
+  r->v[0] -= m*237;
+}
+
+/*freeze input before calling isone*/
+static int isone(const fe25519 *x)
+{
+  int i;
+  int r = (x->v[0] == 1);
+  for(i=1;i<32;i++)
+    r *= (x->v[i] == 0);
+  return r;
+}
+
+/*freeze input before calling iszero*/
+static int iszero(const fe25519 *x)
+{
+  int i;
+  int r = (x->v[0] == 0);
+  for(i=1;i<32;i++)
+    r *= (x->v[i] == 0);
+  return r;
+}
+
+
+static int issquare(const fe25519 *x)
+{
+  unsigned char e[32] = {0xf6,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x3f}; /* (p-1)/2 */
+  fe25519 t;
+
+  fe25519_pow(&t,x,e);
+  freeze(&t);
+  return isone(&t) || iszero(&t);
+}
+
+void fe25519_unpack(fe25519 *r, const unsigned char x[32])
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i] = x[i];
+  r->v[31] &= 127;
+}
+
+/* Assumes input x being reduced mod 2^255 */
+void fe25519_pack(unsigned char r[32], const fe25519 *x)
+{
+  int i;
+  for(i=0;i<32;i++)
+    r[i] = x->v[i];
+
+  /* freeze byte array */
+  unsigned int m = (r[31] == 127); /* XXX: some compilers might use branches; fix */
+  for(i=30;i>1;i--)
+    m *= (r[i] == 255);
+  m *= (r[0] >= 237);
+  r[31] -= m*127;
+  for(i=30;i>0;i--)
+    r[i] -= m*255;
+  r[0] -= m*237;
+}
+
+void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b)
+{
+  unsigned char nb = 1-b;
+  int i;
+  for(i=0;i<32;i++) r->v[i] = nb * r->v[i] + b * x->v[i];
+}
+
+unsigned char fe25519_getparity(const fe25519 *x)
+{
+  fe25519 t;
+  int i;
+  for(i=0;i<32;i++) t.v[i] = x->v[i];
+  freeze(&t);
+  return t.v[0] & 1;
+}
+
+void fe25519_setone(fe25519 *r)
+{
+  int i;
+  r->v[0] = 1;
+  for(i=1;i<32;i++) r->v[i]=0;
+}
+
+void fe25519_setzero(fe25519 *r)
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i]=0;
+}
+
+void fe25519_neg(fe25519 *r, const fe25519 *x)
+{
+  fe25519 t;
+  int i;
+  for(i=0;i<32;i++) t.v[i]=x->v[i];
+  fe25519_setzero(r);
+  fe25519_sub(r, r, &t);
+}
+
+void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i;
+  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+  reduce_add_sub(r);
+}
+
+void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i;
+  crypto_uint32 t[32];
+  t[0] = x->v[0] + 0x1da;
+  t[31] = x->v[31] + 0xfe;
+  for(i=1;i<31;i++) t[i] = x->v[i] + 0x1fe;
+  for(i=0;i<32;i++) r->v[i] = t[i] - y->v[i];
+  reduce_add_sub(r);
+}
+
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y)
+{
+  int i,j;
+  crypto_uint32 t[63];
+  for(i=0;i<63;i++)t[i] = 0;
+
+  for(i=0;i<32;i++)
+    for(j=0;j<32;j++)
+      t[i+j] += x->v[i] * y->v[j];
+
+  for(i=32;i<63;i++)
+    r->v[i-32] = t[i-32] + 38*t[i];
+  r->v[31] = t[31]; /* result now in r[0]...r[31] */
+
+  reduce_mul(r);
+}
+
+void fe25519_square(fe25519 *r, const fe25519 *x)
+{
+  fe25519_mul(r, x, x);
+}
+
+/*XXX: Make constant time! */
+void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e)
+{
+  /*
+  fe25519 g;
+  fe25519_setone(&g);
+  int i;
+  unsigned char j;
+  for(i=32;i>0;i--)
+  {
+    for(j=128;j>0;j>>=1)
+    {
+      fe25519_square(&g,&g);
+      if(e[i-1] & j)
+        fe25519_mul(&g,&g,x);
+    }
+  }
+  for(i=0;i<32;i++) r->v[i] = g.v[i];
+  */
+  fe25519 g;
+  fe25519_setone(&g);
+  int i,j,k;
+  fe25519 pre[(1 << WINDOWSIZE)];
+  fe25519 t;
+  unsigned char w;
+
+  // Precomputation
+  fe25519_setone(pre);
+  pre[1] = *x;
+  for(i=2;i<(1<<WINDOWSIZE);i+=2)
+  {
+    fe25519_square(pre+i, pre+i/2);
+    fe25519_mul(pre+i+1, pre+i, pre+1);
+  }
+
+  // Fixed-window scalar multiplication
+  for(i=32;i>0;i--)
+  {
+    for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE)
+    {
+      for(k=0;k<WINDOWSIZE;k++)
+        fe25519_square(&g, &g);
+      // Cache-timing resistant loading of precomputed value:
+      w = (e[i-1]>>j) & WINDOWMASK;
+      t = pre[0];
+      for(k=1;k<(1<<WINDOWSIZE);k++)
+        fe25519_cmov(&t, &pre[k], k==w);
+      fe25519_mul(&g, &g, &t);
+    }
+  }
+  *r = g;
+}
+
+/* Return 0 on success, 1 otherwise */
+int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity)
+{
+  /* See HAC, Alg. 3.37 */
+  if (!issquare(x)) return -1;
+  unsigned char e[32] = {0xfb,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x1f}; /* (p-1)/4 */
+  unsigned char e2[32] = {0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0f}; /* (p+3)/8 */
+  unsigned char e3[32] = {0xfd,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x0f}; /* (p-5)/8 */
+  fe25519 p = {{0}};
+  fe25519 d;
+  int i;
+  fe25519_pow(&d,x,e);
+  freeze(&d);
+  if(isone(&d))
+    fe25519_pow(r,x,e2);
+  else
+  {
+    for(i=0;i<32;i++)
+      d.v[i] = 4*x->v[i];
+    fe25519_pow(&d,&d,e3);
+    for(i=0;i<32;i++)
+      r->v[i] = 2*x->v[i];
+    fe25519_mul(r,r,&d);
+  }
+  freeze(r);
+  if((r->v[0] & 1) != (parity & 1))
+  {
+    fe25519_sub(r,&p,r);
+  }
+  return 0;
+}
+
+void fe25519_invert(fe25519 *r, const fe25519 *x)
+{
+	fe25519 z2;
+	fe25519 z9;
+	fe25519 z11;
+	fe25519 z2_5_0;
+	fe25519 z2_10_0;
+	fe25519 z2_20_0;
+	fe25519 z2_50_0;
+	fe25519 z2_100_0;
+	fe25519 t0;
+	fe25519 t1;
+	int i;
+
+	/* 2 */ fe25519_square(&z2,x);
+	/* 4 */ fe25519_square(&t1,&z2);
+	/* 8 */ fe25519_square(&t0,&t1);
+	/* 9 */ fe25519_mul(&z9,&t0,x);
+	/* 11 */ fe25519_mul(&z11,&z9,&z2);
+	/* 22 */ fe25519_square(&t0,&z11);
+	/* 2^5 - 2^0 = 31 */ fe25519_mul(&z2_5_0,&t0,&z9);
+
+	/* 2^6 - 2^1 */ fe25519_square(&t0,&z2_5_0);
+	/* 2^7 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^8 - 2^3 */ fe25519_square(&t0,&t1);
+	/* 2^9 - 2^4 */ fe25519_square(&t1,&t0);
+	/* 2^10 - 2^5 */ fe25519_square(&t0,&t1);
+	/* 2^10 - 2^0 */ fe25519_mul(&z2_10_0,&t0,&z2_5_0);
+
+	/* 2^11 - 2^1 */ fe25519_square(&t0,&z2_10_0);
+	/* 2^12 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+	/* 2^20 - 2^0 */ fe25519_mul(&z2_20_0,&t1,&z2_10_0);
+
+	/* 2^21 - 2^1 */ fe25519_square(&t0,&z2_20_0);
+	/* 2^22 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+	/* 2^40 - 2^0 */ fe25519_mul(&t0,&t1,&z2_20_0);
+
+	/* 2^41 - 2^1 */ fe25519_square(&t1,&t0);
+	/* 2^42 - 2^2 */ fe25519_square(&t0,&t1);
+	/* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
+	/* 2^50 - 2^0 */ fe25519_mul(&z2_50_0,&t0,&z2_10_0);
+
+	/* 2^51 - 2^1 */ fe25519_square(&t0,&z2_50_0);
+	/* 2^52 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+	/* 2^100 - 2^0 */ fe25519_mul(&z2_100_0,&t1,&z2_50_0);
+
+	/* 2^101 - 2^1 */ fe25519_square(&t1,&z2_100_0);
+	/* 2^102 - 2^2 */ fe25519_square(&t0,&t1);
+	/* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { fe25519_square(&t1,&t0); fe25519_square(&t0,&t1); }
+	/* 2^200 - 2^0 */ fe25519_mul(&t1,&t0,&z2_100_0);
+
+	/* 2^201 - 2^1 */ fe25519_square(&t0,&t1);
+	/* 2^202 - 2^2 */ fe25519_square(&t1,&t0);
+	/* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { fe25519_square(&t0,&t1); fe25519_square(&t1,&t0); }
+	/* 2^250 - 2^0 */ fe25519_mul(&t0,&t1,&z2_50_0);
+
+	/* 2^251 - 2^1 */ fe25519_square(&t1,&t0);
+	/* 2^252 - 2^2 */ fe25519_square(&t0,&t1);
+	/* 2^253 - 2^3 */ fe25519_square(&t1,&t0);
+	/* 2^254 - 2^4 */ fe25519_square(&t0,&t1);
+	/* 2^255 - 2^5 */ fe25519_square(&t1,&t0);
+	/* 2^255 - 21 */ fe25519_mul(r,&t1,&z11);
+}

src/libnacl/crypto_sign/edwards25519sha512batch/ref/fe25519.h

@@ -0,0 +1,54 @@
+#ifndef FE25519_H
+#define FE25519_H
+
+#define fe25519 crypto_sign_edwards25519sha512batch_fe25519
+#define fe25519_unpack crypto_sign_edwards25519sha512batch_fe25519_unpack
+#define fe25519_pack crypto_sign_edwards25519sha512batch_fe25519_pack
+#define fe25519_cmov crypto_sign_edwards25519sha512batch_fe25519_cmov
+#define fe25519_setone crypto_sign_edwards25519sha512batch_fe25519_setone
+#define fe25519_setzero crypto_sign_edwards25519sha512batch_fe25519_setzero
+#define fe25519_neg crypto_sign_edwards25519sha512batch_fe25519_neg
+#define fe25519_getparity crypto_sign_edwards25519sha512batch_fe25519_getparity
+#define fe25519_add crypto_sign_edwards25519sha512batch_fe25519_add
+#define fe25519_sub crypto_sign_edwards25519sha512batch_fe25519_sub
+#define fe25519_mul crypto_sign_edwards25519sha512batch_fe25519_mul
+#define fe25519_square crypto_sign_edwards25519sha512batch_fe25519_square
+#define fe25519_pow crypto_sign_edwards25519sha512batch_fe25519_pow
+#define fe25519_sqrt_vartime crypto_sign_edwards25519sha512batch_fe25519_sqrt_vartime
+#define fe25519_invert crypto_sign_edwards25519sha512batch_fe25519_invert
+
+#include "crypto_uint32.h"
+
+typedef struct {
+  crypto_uint32 v[32];
+} fe25519;
+
+void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
+
+void fe25519_pack(unsigned char r[32], const fe25519 *x);
+
+void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b);
+
+void fe25519_setone(fe25519 *r);
+
+void fe25519_setzero(fe25519 *r);
+
+void fe25519_neg(fe25519 *r, const fe25519 *x);
+
+unsigned char fe25519_getparity(const fe25519 *x);
+
+void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_square(fe25519 *r, const fe25519 *x);
+
+void fe25519_pow(fe25519 *r, const fe25519 *x, const unsigned char *e);
+
+int fe25519_sqrt_vartime(fe25519 *r, const fe25519 *x, unsigned char parity);
+
+void fe25519_invert(fe25519 *r, const fe25519 *x);
+
+#endif

src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.c

@@ -0,0 +1,227 @@
+#include "fe25519.h"
+#include "sc25519.h"
+#include "ge25519.h"
+
+/*
+ * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2
+ * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555
+ * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960);
+ */
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 z;
+  fe25519 y;
+  fe25519 t;
+} ge25519_p1p1;
+
+typedef struct
+{
+  fe25519 x;
+  fe25519 y;
+  fe25519 z;
+} ge25519_p2;
+
+#define ge25519_p3 ge25519
+
+/* Windowsize for fixed-window scalar multiplication */
+#define WINDOWSIZE 2                      /* Should be 1,2, or 4 */
+#define WINDOWMASK ((1<<WINDOWSIZE)-1)
+
+/* packed parameter d in the Edwards curve equation */
+static const unsigned char ecd[32] = {0xA3, 0x78, 0x59, 0x13, 0xCA, 0x4D, 0xEB, 0x75, 0xAB, 0xD8, 0x41, 0x41, 0x4D, 0x0A, 0x70, 0x00,
+                                      0x98, 0xE8, 0x79, 0x77, 0x79, 0x40, 0xC7, 0x8C, 0x73, 0xFE, 0x6F, 0x2B, 0xEE, 0x6C, 0x03, 0x52};
+
+/* Packed coordinates of the base point */
+static const unsigned char ge25519_base_x[32] = {0x1A, 0xD5, 0x25, 0x8F, 0x60, 0x2D, 0x56, 0xC9, 0xB2, 0xA7, 0x25, 0x95, 0x60, 0xC7, 0x2C, 0x69,
+                                                 0x5C, 0xDC, 0xD6, 0xFD, 0x31, 0xE2, 0xA4, 0xC0, 0xFE, 0x53, 0x6E, 0xCD, 0xD3, 0x36, 0x69, 0x21};
+static const unsigned char ge25519_base_y[32] = {0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
+                                                 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66};
+static const unsigned char ge25519_base_z[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+static const unsigned char ge25519_base_t[32] = {0xA3, 0xDD, 0xB7, 0xA5, 0xB3, 0x8A, 0xDE, 0x6D, 0xF5, 0x52, 0x51, 0x77, 0x80, 0x9F, 0xF0, 0x20,
+                                                 0x7D, 0xE3, 0xAB, 0x64, 0x8E, 0x4E, 0xEA, 0x66, 0x65, 0x76, 0x8B, 0xD7, 0x0F, 0x5F, 0x87, 0x67};
+
+/* Packed coordinates of the neutral element */
+static const unsigned char ge25519_neutral_x[32] = {0};
+static const unsigned char ge25519_neutral_y[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+static const unsigned char ge25519_neutral_z[32] = {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+static const unsigned char ge25519_neutral_t[32] = {0};
+
+static void p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p)
+{
+  fe25519_mul(&r->x, &p->x, &p->t);
+  fe25519_mul(&r->y, &p->y, &p->z);
+  fe25519_mul(&r->z, &p->z, &p->t);
+}
+
+static void p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p)
+{
+  p1p1_to_p2((ge25519_p2 *)r, p);
+  fe25519_mul(&r->t, &p->x, &p->y);
+}
+
+/* Constant-time version of: if(b) r = p */
+static void cmov_p3(ge25519_p3 *r, const ge25519_p3 *p, unsigned char b)
+{
+  fe25519_cmov(&r->x, &p->x, b);
+  fe25519_cmov(&r->y, &p->y, b);
+  fe25519_cmov(&r->z, &p->z, b);
+  fe25519_cmov(&r->t, &p->t, b);
+}
+
+/* See http://www.hyperelliptic.org/EFD/g1p/auto-twisted-extended-1.html#doubling-dbl-2008-hwcd */
+static void dbl_p1p1(ge25519_p1p1 *r, const ge25519_p2 *p)
+{
+  fe25519 a,b,c,d;
+  fe25519_square(&a, &p->x);
+  fe25519_square(&b, &p->y);
+  fe25519_square(&c, &p->z);
+  fe25519_add(&c, &c, &c);
+  fe25519_neg(&d, &a);
+
+  fe25519_add(&r->x, &p->x, &p->y);
+  fe25519_square(&r->x, &r->x);
+  fe25519_sub(&r->x, &r->x, &a);
+  fe25519_sub(&r->x, &r->x, &b);
+  fe25519_add(&r->z, &d, &b);
+  fe25519_sub(&r->t, &r->z, &c);
+  fe25519_sub(&r->y, &d, &b);
+}
+
+static void add_p1p1(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_p3 *q)
+{
+  fe25519 a, b, c, d, t, fd;
+  fe25519_unpack(&fd, ecd);
+
+  fe25519_sub(&a, &p->y, &p->x); // A = (Y1-X1)*(Y2-X2)
+  fe25519_sub(&t, &q->y, &q->x);
+  fe25519_mul(&a, &a, &t);
+  fe25519_add(&b, &p->x, &p->y); // B = (Y1+X1)*(Y2+X2)
+  fe25519_add(&t, &q->x, &q->y);
+  fe25519_mul(&b, &b, &t);
+  fe25519_mul(&c, &p->t, &q->t); //C = T1*k*T2
+  fe25519_mul(&c, &c, &fd);
+  fe25519_add(&c, &c, &c);       //XXX: Can save this addition by precomputing 2*ecd
+  fe25519_mul(&d, &p->z, &q->z); //D = Z1*2*Z2
+  fe25519_add(&d, &d, &d);
+  fe25519_sub(&r->x, &b, &a); // E = B-A
+  fe25519_sub(&r->t, &d, &c); // F = D-C
+  fe25519_add(&r->z, &d, &c); // G = D+C
+  fe25519_add(&r->y, &b, &a); // H = B+A
+}
+
+/* ********************************************************************
+ *                    EXPORTED FUNCTIONS
+ ******************************************************************** */
+
+/* return 0 on success, -1 otherwise */
+int ge25519_unpack_vartime(ge25519_p3 *r, const unsigned char p[32])
+{
+  int ret;
+  fe25519 t, fd;
+  fe25519_setone(&r->z);
+  fe25519_unpack(&fd, ecd);
+  unsigned char par = p[31] >> 7;
+  fe25519_unpack(&r->y, p);
+  fe25519_square(&r->x, &r->y);
+  fe25519_mul(&t, &r->x, &fd);
+  fe25519_sub(&r->x, &r->x, &r->z);
+  fe25519_add(&t, &r->z, &t);
+  fe25519_invert(&t, &t);
+  fe25519_mul(&r->x, &r->x, &t);
+  ret = fe25519_sqrt_vartime(&r->x, &r->x, par);
+  fe25519_mul(&r->t, &r->x, &r->y);
+  return ret;
+}
+
+void ge25519_pack(unsigned char r[32], const ge25519_p3 *p)
+{
+  fe25519 tx, ty, zi;
+  fe25519_invert(&zi, &p->z);
+  fe25519_mul(&tx, &p->x, &zi);
+  fe25519_mul(&ty, &p->y, &zi);
+  fe25519_pack(r, &ty);
+  r[31] ^= fe25519_getparity(&tx) << 7;
+}
+
+void ge25519_add(ge25519_p3 *r, const ge25519_p3 *p, const ge25519_p3 *q)
+{
+  ge25519_p1p1 grp1p1;
+  add_p1p1(&grp1p1, p, q);
+  p1p1_to_p3(r, &grp1p1);
+}
+
+void ge25519_double(ge25519_p3 *r, const ge25519_p3 *p)
+{
+  ge25519_p1p1 grp1p1;
+  dbl_p1p1(&grp1p1, (ge25519_p2 *)p);
+  p1p1_to_p3(r, &grp1p1);
+}
+
+void ge25519_scalarmult(ge25519_p3 *r, const ge25519_p3 *p, const sc25519 *s)
+{
+  int i,j,k;
+  ge25519_p3 g;
+  fe25519_unpack(&g.x, ge25519_neutral_x);
+  fe25519_unpack(&g.y, ge25519_neutral_y);
+  fe25519_unpack(&g.z, ge25519_neutral_z);
+  fe25519_unpack(&g.t, ge25519_neutral_t);
+
+  ge25519_p3 pre[(1 << WINDOWSIZE)];
+  ge25519_p3 t;
+  ge25519_p1p1 tp1p1;
+  unsigned char w;
+  unsigned char sb[32];
+  sc25519_to32bytes(sb, s);
+
+  // Precomputation
+  pre[0] = g;
+  pre[1] = *p;
+  for(i=2;i<(1<<WINDOWSIZE);i+=2)
+  {
+    dbl_p1p1(&tp1p1, (ge25519_p2 *)(pre+i/2));
+    p1p1_to_p3(pre+i, &tp1p1);
+    add_p1p1(&tp1p1, pre+i, pre+1);
+    p1p1_to_p3(pre+i+1, &tp1p1);
+  }
+
+  // Fixed-window scalar multiplication
+  for(i=32;i>0;i--)
+  {
+    for(j=8-WINDOWSIZE;j>=0;j-=WINDOWSIZE)
+    {
+      for(k=0;k<WINDOWSIZE-1;k++)
+      {
+        dbl_p1p1(&tp1p1, (ge25519_p2 *)&g);
+        p1p1_to_p2((ge25519_p2 *)&g, &tp1p1);
+      }
+      dbl_p1p1(&tp1p1, (ge25519_p2 *)&g);
+      p1p1_to_p3(&g, &tp1p1);
+      // Cache-timing resistant loading of precomputed value:
+      w = (sb[i-1]>>j) & WINDOWMASK;
+      t = pre[0];
+      for(k=1;k<(1<<WINDOWSIZE);k++)
+        cmov_p3(&t, &pre[k], k==w);
+
+      add_p1p1(&tp1p1, &g, &t);
+      if(j != 0) p1p1_to_p2((ge25519_p2 *)&g, &tp1p1);
+      else p1p1_to_p3(&g, &tp1p1); /* convert to p3 representation at the end */
+    }
+  }
+  r->x = g.x;
+  r->y = g.y;
+  r->z = g.z;
+  r->t = g.t;
+}
+
+void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s)
+{
+  /* XXX: Better algorithm for known-base-point scalar multiplication */
+  ge25519_p3 t;
+  fe25519_unpack(&t.x, ge25519_base_x);
+  fe25519_unpack(&t.y, ge25519_base_y);
+  fe25519_unpack(&t.z, ge25519_base_z);
+  fe25519_unpack(&t.t, ge25519_base_t);
+  ge25519_scalarmult(r, &t, s);
+}

src/libnacl/crypto_sign/edwards25519sha512batch/ref/ge25519.h

@@ -0,0 +1,34 @@
+#ifndef GE25519_H
+#define GE25519_H
+
+#include "fe25519.h"
+#include "sc25519.h"
+
+#define ge25519 crypto_sign_edwards25519sha512batch_ge25519
+#define ge25519_unpack_vartime crypto_sign_edwards25519sha512batch_ge25519_unpack_vartime
+#define ge25519_pack crypto_sign_edwards25519sha512batch_ge25519_pack
+#define ge25519_add crypto_sign_edwards25519sha512batch_ge25519_add
+#define ge25519_double crypto_sign_edwards25519sha512batch_ge25519_double
+#define ge25519_scalarmult crypto_sign_edwards25519sha512batch_ge25519_scalarmult
+#define ge25519_scalarmult_base crypto_sign_edwards25519sha512batch_ge25519_scalarmult_base
+
+typedef struct {
+  fe25519 x;
+  fe25519 y;
+  fe25519 z;
+  fe25519 t;
+} ge25519;
+
+int ge25519_unpack_vartime(ge25519 *r, const unsigned char p[32]);
+
+void ge25519_pack(unsigned char r[32], const ge25519 *p);
+
+void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q);
+
+void ge25519_double(ge25519 *r, const ge25519 *p);
+
+void ge25519_scalarmult(ge25519 *r, const ge25519 *p, const sc25519 *s);
+
+void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
+
+#endif

src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.c

@@ -0,0 +1,146 @@
+#include "sc25519.h"
+
+/*Arithmetic modulo the group order n = 2^252 +  27742317777372353535851937790883648493 = 7237005577332262213973186563042994240857116359379907606001950938285454250989 */
+
+static const crypto_uint32 m[32] = {0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, 0xDE, 0xF9, 0xDE, 0x14,
+                                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10};
+
+static const crypto_uint32 mu[33] = {0x1B, 0x13, 0x2C, 0x0A, 0xA3, 0xE5, 0x9C, 0xED, 0xA7, 0x29, 0x63, 0x08, 0x5D, 0x21, 0x06, 0x21,
+                                     0xEB, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F};
+
+/* Reduce coefficients of r before calling reduce_add_sub */
+static void reduce_add_sub(sc25519 *r)
+{
+  int i, b, pb=0, nb;
+  unsigned char t[32];
+
+  for(i=0;i<32;i++)
+  {
+    b = (r->v[i]<pb+m[i]);
+    t[i] = r->v[i]-pb-m[i]+b*256;
+    pb = b;
+  }
+  nb = 1-b;
+  for(i=0;i<32;i++)
+    r->v[i] = r->v[i]*b + t[i]*nb;
+}
+
+/* Reduce coefficients of x before calling barrett_reduce */
+static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
+{
+  /* See HAC, Alg. 14.42 */
+  int i,j;
+  crypto_uint32 q2[66] = {0};
+  crypto_uint32 *q3 = q2 + 33;
+  crypto_uint32 r1[33];
+  crypto_uint32 r2[33] = {0};
+  crypto_uint32 carry;
+  int b, pb=0;
+
+  for(i=0;i<33;i++)
+    for(j=0;j<33;j++)
+      if(i+j >= 31) q2[i+j] += mu[i]*x[j+31];
+  carry = q2[31] >> 8;
+  q2[32] += carry;
+  carry = q2[32] >> 8;
+  q2[33] += carry;
+
+  for(i=0;i<33;i++)r1[i] = x[i];
+  for(i=0;i<32;i++)
+    for(j=0;j<33;j++)
+      if(i+j < 33) r2[i+j] += m[i]*q3[j];
+
+  for(i=0;i<32;i++)
+  {
+    carry = r2[i] >> 8;
+    r2[i+1] += carry;
+    r2[i] &= 0xff;
+  }
+
+  for(i=0;i<32;i++)
+  {
+    b = (r1[i]<pb+r2[i]);
+    r->v[i] = r1[i]-pb-r2[i]+b*256;
+    pb = b;
+  }
+
+  /* XXX: Can it really happen that r<0?, See HAC, Alg 14.42, Step 3
+   * If so: Handle  it here!
+   */
+
+  reduce_add_sub(r);
+  reduce_add_sub(r);
+}
+
+/*
+static int iszero(const sc25519 *x)
+{
+  // Implement
+  return 0;
+}
+*/
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
+{
+  int i;
+  crypto_uint32 t[64] = {0};
+  for(i=0;i<32;i++) t[i] = x[i];
+  barrett_reduce(r, t);
+}
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
+{
+  int i;
+  crypto_uint32 t[64] = {0};
+  for(i=0;i<64;i++) t[i] = x[i];
+  barrett_reduce(r, t);
+}
+
+/* XXX: What we actually want for crypto_group is probably just something like
+ * void sc25519_frombytes(sc25519 *r, const unsigned char *x, size_t xlen)
+ */
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
+{
+  int i;
+  for(i=0;i<32;i++) r[i] = x->v[i];
+}
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  int i, carry;
+  for(i=0;i<32;i++) r->v[i] = x->v[i] + y->v[i];
+  for(i=0;i<31;i++)
+  {
+    carry = r->v[i] >> 8;
+    r->v[i+1] += carry;
+    r->v[i] &= 0xff;
+  }
+  reduce_add_sub(r);
+}
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y)
+{
+  int i,j,carry;
+  crypto_uint32 t[64];
+  for(i=0;i<64;i++)t[i] = 0;
+
+  for(i=0;i<32;i++)
+    for(j=0;j<32;j++)
+      t[i+j] += x->v[i] * y->v[j];
+
+  /* Reduce coefficients */
+  for(i=0;i<63;i++)
+  {
+    carry = t[i] >> 8;
+    t[i+1] += carry;
+    t[i] &= 0xff;
+  }
+
+  barrett_reduce(r, t);
+}
+
+void sc25519_square(sc25519 *r, const sc25519 *x)
+{
+  sc25519_mul(r, x, x);
+}

src/libnacl/crypto_sign/edwards25519sha512batch/ref/sc25519.h

@@ -0,0 +1,51 @@
+#ifndef SC25519_H
+#define SC25519_H
+
+#define sc25519 crypto_sign_edwards25519sha512batch_sc25519
+#define sc25519_from32bytes crypto_sign_edwards25519sha512batch_sc25519_from32bytes
+#define sc25519_from64bytes crypto_sign_edwards25519sha512batch_sc25519_from64bytes
+#define sc25519_to32bytes crypto_sign_edwards25519sha512batch_sc25519_to32bytes
+#define sc25519_pack crypto_sign_edwards25519sha512batch_sc25519_pack
+#define sc25519_getparity crypto_sign_edwards25519sha512batch_sc25519_getparity
+#define sc25519_setone crypto_sign_edwards25519sha512batch_sc25519_setone
+#define sc25519_setzero crypto_sign_edwards25519sha512batch_sc25519_setzero
+#define sc25519_neg crypto_sign_edwards25519sha512batch_sc25519_neg
+#define sc25519_add crypto_sign_edwards25519sha512batch_sc25519_add
+#define sc25519_sub crypto_sign_edwards25519sha512batch_sc25519_sub
+#define sc25519_mul crypto_sign_edwards25519sha512batch_sc25519_mul
+#define sc25519_square crypto_sign_edwards25519sha512batch_sc25519_square
+#define sc25519_invert crypto_sign_edwards25519sha512batch_sc25519_invert
+
+#include "crypto_uint32.h"
+
+typedef struct {
+  crypto_uint32 v[32];
+} sc25519;
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
+
+void sc25519_pack(unsigned char r[32], const sc25519 *x);
+
+unsigned char sc25519_getparity(const sc25519 *x);
+
+void sc25519_setone(sc25519 *r);
+
+void sc25519_setzero(sc25519 *r);
+
+void sc25519_neg(sc25519 *r, const sc25519 *x);
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_sub(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_square(sc25519 *r, const sc25519 *x);
+
+void sc25519_invert(sc25519 *r, const sc25519 *x);
+
+#endif

src/libnacl/crypto_sign/edwards25519sha512batch/ref/sign.c

@@ -0,0 +1,103 @@
+#include "api.h"
+#include "crypto_sign.h"
+#include "crypto_hash_sha512.h"
+#include "randombytes.h"
+#include "crypto_verify_32.h"
+
+#include "ge25519.h"
+
+int crypto_sign_keypair(
+    unsigned char *pk,
+    unsigned char *sk
+    )
+{
+  sc25519 scsk;
+  ge25519 gepk;
+
+  randombytes(sk, 32);
+  crypto_hash_sha512(sk, sk, 32);
+  sk[0] &= 248;
+  sk[31] &= 127;
+  sk[31] |= 64;
+
+  sc25519_from32bytes(&scsk,sk);
+
+  ge25519_scalarmult_base(&gepk, &scsk);
+  ge25519_pack(pk, &gepk);
+  return 0;
+}
+
+int crypto_sign(
+    unsigned char *sm,unsigned long long *smlen,
+    const unsigned char *m,unsigned long long mlen,
+    const unsigned char *sk
+    )
+{
+  sc25519 sck, scs, scsk;
+  ge25519 ger;
+  unsigned char r[32];
+  unsigned char s[32];
+  unsigned long long i;
+  unsigned char hmg[crypto_hash_sha512_BYTES];
+  unsigned char hmr[crypto_hash_sha512_BYTES];
+
+  *smlen = mlen+64;
+  for(i=0;i<mlen;i++)
+    sm[32 + i] = m[i];
+  for(i=0;i<32;i++)
+    sm[i] = sk[32+i];
+  crypto_hash_sha512(hmg, sm, mlen+32); /* Generate k as h(m,sk[32],...,sk[63]) */
+
+  sc25519_from64bytes(&sck, hmg);
+  ge25519_scalarmult_base(&ger, &sck);
+  ge25519_pack(r, &ger);
+
+  for(i=0;i<32;i++)
+    sm[i] = r[i];
+
+  crypto_hash_sha512(hmr, sm, mlen+32); /* Compute h(m,r) */
+  sc25519_from64bytes(&scs, hmr);
+  sc25519_mul(&scs, &scs, &sck);
+
+  sc25519_from32bytes(&scsk, sk);
+  sc25519_add(&scs, &scs, &scsk);
+
+  sc25519_to32bytes(s,&scs); /* cat s */
+  for(i=0;i<32;i++)
+    sm[mlen+32+i] = s[i];
+
+  return 0;
+}
+
+int crypto_sign_open(
+    unsigned char *m,unsigned long long *mlen,
+    const unsigned char *sm,unsigned long long smlen,
+    const unsigned char *pk
+    )
+{
+  int i;
+  unsigned char t1[32], t2[32];
+  ge25519 get1, get2, gepk;
+  sc25519 schmr, scs;
+  unsigned char hmr[crypto_hash_sha512_BYTES];
+
+  if (ge25519_unpack_vartime(&get1, sm)) return -1;
+  if (ge25519_unpack_vartime(&gepk, pk)) return -1;
+
+  crypto_hash_sha512(hmr,sm,smlen-32);
+
+  sc25519_from64bytes(&schmr, hmr);
+  ge25519_scalarmult(&get1, &get1, &schmr);
+  ge25519_add(&get1, &get1, &gepk);
+  ge25519_pack(t1, &get1);
+
+  sc25519_from32bytes(&scs, &sm[smlen-32]);
+  ge25519_scalarmult_base(&get2, &scs);
+  ge25519_pack(t2, &get2);
+
+  for(i=0;i<smlen-64;i++)
+    m[i] = sm[i + 32];
+  *mlen = smlen-64;
+
+  return crypto_verify_32(t1, t2);
+}

src/libnacl/crypto_sign/measure.c

@@ -0,0 +1,83 @@
+#include <stdlib.h>
+#include "randombytes.h"
+#include "cpucycles.h"
+#include "crypto_sign.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_sign_IMPLEMENTATION;
+const char *implementationversion = crypto_sign_VERSION;
+const char *sizenames[] = { "outputbytes", "publickeybytes", "secretkeybytes", 0 };
+const long long sizes[] = { crypto_sign_BYTES, crypto_sign_PUBLICKEYBYTES, crypto_sign_SECRETKEYBYTES };
+
+#define MAXTEST_BYTES 100000
+
+static unsigned char *pk;
+static unsigned char *sk;
+static unsigned char *m; unsigned long long mlen;
+static unsigned char *sm; unsigned long long smlen;
+static unsigned char *t; unsigned long long tlen;
+
+void preallocate(void)
+{
+#ifdef RAND_R_PRNG_NOT_SEEDED
+  RAND_status();
+#endif
+}
+
+void allocate(void)
+{
+  pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES);
+  sk = alignedcalloc(crypto_sign_SECRETKEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+}
+
+#define TIMINGS 31
+static long long cycles[TIMINGS + 1];
+static long long bytes[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (i = 0;i <= TIMINGS;++i) {
+      cycles[i] = cpucycles();
+      crypto_sign_keypair(pk,sk);
+    }
+    for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+    printentry(-1,"keypair_cycles",cycles,TIMINGS);
+
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 4) {
+      randombytes(m,mlen);
+
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+        bytes[i] = crypto_sign(sm,&smlen,m,mlen,sk);
+	if (bytes[i] == 0) bytes[i] = smlen;
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+      printentry(mlen,"bytes",bytes,TIMINGS);
+
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+        bytes[i] = crypto_sign_open(t,&tlen,sm,smlen,pk);
+	if (bytes[i] == 0) bytes[i] = tlen;
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"open_cycles",cycles,TIMINGS);
+      printentry(mlen,"open_bytes",bytes,TIMINGS);
+    }
+  }
+}

src/libnacl/crypto_sign/try.c

@@ -0,0 +1,87 @@
+/*
+ * crypto_sign/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "randombytes.h"
+#include "crypto_sign.h"
+#include "windows/windows-quirks.h"
+
+#define MAXTEST_BYTES 10000
+#define TUNE_BYTES 1536
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_sign_IMPLEMENTATION;
+
+static unsigned char *pk;
+static unsigned char *sk;
+static unsigned char *m; unsigned long long mlen;
+static unsigned char *sm; unsigned long long smlen;
+static unsigned char *t; unsigned long long tlen;
+
+void preallocate(void)
+{
+#ifdef RAND_R_PRNG_NOT_SEEDED
+  RAND_status();
+#endif
+}
+
+void allocate(void)
+{
+  pk = alignedcalloc(crypto_sign_PUBLICKEYBYTES);
+  sk = alignedcalloc(crypto_sign_SECRETKEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+  t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
+}
+
+void predoit(void)
+{
+  crypto_sign_keypair(pk,sk);
+  mlen = TUNE_BYTES;
+  smlen = 0;
+  randombytes(m,mlen);
+  crypto_sign(sm,&smlen,m,mlen,sk);
+}
+
+void doit(void)
+{
+  crypto_sign_open(t,&tlen,sm,smlen,pk);
+}
+
+char checksum[crypto_sign_BYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long mlen;
+  long long i;
+  long long j;
+
+  if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero";
+  for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) {
+    if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero";
+    if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero";
+    if (tlen != mlen) return "crypto_sign_open does not match length";
+    for (i = 0;i < tlen;++i)
+      if (t[i] != m[i])
+        return "crypto_sign_open does not match contents";
+
+    j = random() % smlen;
+    sm[j] ^= 1;
+    if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) {
+      if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length";
+      for (i = 0;i < tlen;++i)
+        if (t[i] != m[i])
+          return "crypto_sign_open allows trivial forgery of contents";
+    }
+    sm[j] ^= 1;
+
+  }
+
+  /* do some long-term checksum */
+  checksum[0] = 0;
+  return 0;
+}

src/libnacl/crypto_sign/wrapper-keypair.cpp

@@ -0,0 +1,12 @@
+#include <string>
+using std::string;
+#include "crypto_sign.h"
+
+string crypto_sign_keypair(string *sk_string)
+{
+  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+  unsigned char sk[crypto_sign_SECRETKEYBYTES];
+  crypto_sign_keypair(pk,sk);
+  *sk_string = string((char *) sk,sizeof sk);
+  return string((char *) pk,sizeof pk);
+}

src/libnacl/crypto_sign/wrapper-sign-open.cpp

@@ -0,0 +1,24 @@
+#include <string>
+using std::string;
+#include "crypto_sign.h"
+
+string crypto_sign_open(const string &sm_string, const string &pk_string)
+{
+  if (pk_string.size() != crypto_sign_PUBLICKEYBYTES) throw "incorrect public-key length";
+  size_t smlen = sm_string.size();
+  unsigned char m[smlen];
+  unsigned long long mlen;
+  for (int i = 0;i < smlen;++i) m[i] = sm_string[i];
+  if (crypto_sign_open(
+        m,
+        &mlen,
+        m,
+        smlen,
+        (const unsigned char *) pk_string.c_str()
+        ) != 0)
+    throw "ciphertext fails verification";
+  return string(
+    (char *) m,
+    mlen
+  );
+}

src/libnacl/crypto_sign/wrapper-sign.cpp

@@ -0,0 +1,22 @@
+#include <string>
+using std::string;
+#include "crypto_sign.h"
+
+string crypto_sign(const string &m_string, const string &sk_string)
+{
+  if (sk_string.size() != crypto_sign_SECRETKEYBYTES) throw "incorrect secret-key length";
+  size_t mlen = m_string.size();
+  unsigned char sm[mlen+crypto_sign_BYTES];
+  unsigned long long smlen;
+  crypto_sign(
+      sm,
+      &smlen,
+      (const unsigned char *) m_string.data(),
+      mlen,
+      (const unsigned char *) sk_string.data()
+      );
+  return string(
+      (char *) sm,
+      smlen
+  );
+}

src/libnacl/crypto_stream/aes128ctr/checksum

@@ -0,0 +1 @@
+6e9966897837aae181e93261ae88fdf0

src/libnacl/crypto_stream/aes128ctr/portable/afternm.c

@@ -0,0 +1,158 @@
+/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper
+ * Date: 2009-03-19
+ * Public domain */
+
+#include "int128.h"
+#include "common.h"
+#include "consts.h"
+#include "crypto_stream.h"
+
+int crypto_stream_afternm(unsigned char *outp, unsigned long long len, const unsigned char *noncep, const unsigned char *c)
+{
+
+  int128 xmm0;
+  int128 xmm1;
+  int128 xmm2;
+  int128 xmm3;
+  int128 xmm4;
+  int128 xmm5;
+  int128 xmm6;
+  int128 xmm7;
+
+  int128 xmm8;
+  int128 xmm9;
+  int128 xmm10;
+  int128 xmm11;
+  int128 xmm12;
+  int128 xmm13;
+  int128 xmm14;
+  int128 xmm15;
+
+  int128 nonce_stack;
+  unsigned long long lensav;
+  unsigned char bl[128];
+  unsigned char *blp;
+  unsigned char b;
+
+  uint32 tmp;
+
+  /* Copy nonce on the stack */
+  copy2(&nonce_stack, (int128 *) (noncep + 0));
+  unsigned char *np = (unsigned char *)&nonce_stack;
+
+    enc_block:
+
+    xmm0 = *(int128 *) (np + 0);
+    copy2(&xmm1, &xmm0);
+    shufb(&xmm1, SWAP32);
+    copy2(&xmm2, &xmm1);
+    copy2(&xmm3, &xmm1);
+    copy2(&xmm4, &xmm1);
+    copy2(&xmm5, &xmm1);
+    copy2(&xmm6, &xmm1);
+    copy2(&xmm7, &xmm1);
+
+    add_uint32_big(&xmm1, 1);
+    add_uint32_big(&xmm2, 2);
+    add_uint32_big(&xmm3, 3);
+    add_uint32_big(&xmm4, 4);
+    add_uint32_big(&xmm5, 5);
+    add_uint32_big(&xmm6, 6);
+    add_uint32_big(&xmm7, 7);
+
+    shufb(&xmm0, M0);
+    shufb(&xmm1, M0SWAP);
+    shufb(&xmm2, M0SWAP);
+    shufb(&xmm3, M0SWAP);
+    shufb(&xmm4, M0SWAP);
+    shufb(&xmm5, M0SWAP);
+    shufb(&xmm6, M0SWAP);
+    shufb(&xmm7, M0SWAP);
+
+    bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, xmm8)
+
+    aesround( 1, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 2, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 3, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 4, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 5, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 6, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 7, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 8, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 9, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    lastround(xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+
+    bitslice(xmm13, xmm10, xmm15, xmm11, xmm14, xmm12, xmm9, xmm8, xmm0)
+
+    if(len < 128) goto partial;
+    if(len == 128) goto full;
+
+    tmp = load32_bigendian(np + 12);
+    tmp += 8;
+    store32_bigendian(np + 12, tmp);
+
+    *(int128 *) (outp + 0) = xmm8;
+    *(int128 *) (outp + 16) = xmm9;
+    *(int128 *) (outp + 32) = xmm12;
+    *(int128 *) (outp + 48) = xmm14;
+    *(int128 *) (outp + 64) = xmm11;
+    *(int128 *) (outp + 80) = xmm15;
+    *(int128 *) (outp + 96) = xmm10;
+    *(int128 *) (outp + 112) = xmm13;
+
+    len -= 128;
+    outp += 128;
+
+    goto enc_block;
+
+    partial:
+
+    lensav = len;
+    len >>= 4;
+
+    tmp = load32_bigendian(np + 12);
+    tmp += len;
+    store32_bigendian(np + 12, tmp);
+
+    blp = bl;
+    *(int128 *)(blp + 0) = xmm8;
+    *(int128 *)(blp + 16) = xmm9;
+    *(int128 *)(blp + 32) = xmm12;
+    *(int128 *)(blp + 48) = xmm14;
+    *(int128 *)(blp + 64) = xmm11;
+    *(int128 *)(blp + 80) = xmm15;
+    *(int128 *)(blp + 96) = xmm10;
+    *(int128 *)(blp + 112) = xmm13;
+
+    bytes:
+
+    if(lensav == 0) goto end;
+
+    b = blp[0];
+    *(unsigned char *)(outp + 0) = b;
+
+    blp += 1;
+    outp +=1;
+    lensav -= 1;
+
+    goto bytes;
+
+    full:
+
+    tmp = load32_bigendian(np + 12);
+    tmp += 8;
+    store32_bigendian(np + 12, tmp);
+
+    *(int128 *) (outp + 0) = xmm8;
+    *(int128 *) (outp + 16) = xmm9;
+    *(int128 *) (outp + 32) = xmm12;
+    *(int128 *) (outp + 48) = xmm14;
+    *(int128 *) (outp + 64) = xmm11;
+    *(int128 *) (outp + 80) = xmm15;
+    *(int128 *) (outp + 96) = xmm10;
+    *(int128 *) (outp + 112) = xmm13;
+
+    end:
+    return 0;
+
+}

src/libnacl/crypto_stream/aes128ctr/portable/api.h

@@ -0,0 +1,3 @@
+#define CRYPTO_KEYBYTES 16
+#define CRYPTO_NONCEBYTES 16
+#define CRYPTO_BEFORENMBYTES 1408

src/libnacl/crypto_stream/aes128ctr/portable/beforenm.c

@@ -0,0 +1,59 @@
+/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper
+ * Date: 2009-03-19
+ * Public domain */
+
+#include "consts.h"
+#include "int128.h"
+#include "common.h"
+#include "crypto_stream.h"
+
+int crypto_stream_beforenm(unsigned char *c, const unsigned char *k)
+{
+
+  /*
+     int64 x0;
+     int64 x1;
+     int64 x2;
+     int64 x3;
+     int64 e;
+     int64 q0;
+     int64 q1;
+     int64 q2;
+     int64 q3;
+     */
+
+  int128 xmm0;
+  int128 xmm1;
+  int128 xmm2;
+  int128 xmm3;
+  int128 xmm4;
+  int128 xmm5;
+  int128 xmm6;
+  int128 xmm7;
+  int128 xmm8;
+  int128 xmm9;
+  int128 xmm10;
+  int128 xmm11;
+  int128 xmm12;
+  int128 xmm13;
+  int128 xmm14;
+  int128 xmm15;
+  int128 t;
+
+  bitslicekey0(k, c)
+
+    keyexpbs1(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    keyexpbs(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm1);, 2,c)
+    keyexpbs(xmm0, xmm1, xmm3, xmm2, xmm6, xmm5, xmm4, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm6);, 3,c)
+    keyexpbs(xmm0, xmm1, xmm6, xmm4, xmm2, xmm7, xmm3, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 4,c)
+
+    keyexpbs(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 5,c)
+    keyexpbs(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm5);, 6,c)
+    keyexpbs(xmm0, xmm1, xmm3, xmm2, xmm6, xmm5, xmm4, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm3);, 7,c)
+    keyexpbs(xmm0, xmm1, xmm6, xmm4, xmm2, xmm7, xmm3, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm7);, 8,c)
+
+    keyexpbs(xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xor_rcon(&xmm0); xor_rcon(&xmm1); xor_rcon(&xmm6); xor_rcon(&xmm3);, 9,c)
+    keyexpbs10(xmm0, xmm1, xmm4, xmm6, xmm3, xmm7, xmm2, xmm5, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+
+    return 0;
+}

src/libnacl/crypto_stream/aes128ctr/portable/common.c

@@ -0,0 +1,64 @@
+#include "common.h"
+
+uint32 load32_bigendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[3]) \
+  | (((uint32) (x[2])) << 8) \
+  | (((uint32) (x[1])) << 16) \
+  | (((uint32) (x[0])) << 24)
+  ;
+}
+
+void store32_bigendian(unsigned char *x,uint32 u)
+{
+  x[3] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[0] = u;
+}
+
+uint32 load32_littleendian(const unsigned char *x)
+{
+  return
+      (uint32) (x[0]) \
+  | (((uint32) (x[1])) << 8) \
+  | (((uint32) (x[2])) << 16) \
+  | (((uint32) (x[3])) << 24)
+  ;
+}
+
+void store32_littleendian(unsigned char *x,uint32 u)
+{
+  x[0] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[3] = u;
+}
+
+
+uint64 load64_littleendian(const unsigned char *x)
+{
+  return
+      (uint64) (x[0]) \
+  | (((uint64) (x[1])) << 8) \
+  | (((uint64) (x[2])) << 16) \
+  | (((uint64) (x[3])) << 24)
+  | (((uint64) (x[4])) << 32)
+  | (((uint64) (x[5])) << 40)
+  | (((uint64) (x[6])) << 48)
+  | (((uint64) (x[7])) << 56)
+  ;
+}
+
+void store64_littleendian(unsigned char *x,uint64 u)
+{
+  x[0] = u; u >>= 8;
+  x[1] = u; u >>= 8;
+  x[2] = u; u >>= 8;
+  x[3] = u; u >>= 8;
+  x[4] = u; u >>= 8;
+  x[5] = u; u >>= 8;
+  x[6] = u; u >>= 8;
+  x[7] = u;
+}

src/libnacl/crypto_stream/aes128ctr/portable/common.h

@@ -0,0 +1,788 @@
+/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper
+ Date: 2009-03-19
+ Public domain */
+#ifndef COMMON_H
+#define COMMON_H
+
+#include "types.h"
+
+#define load32_bigendian crypto_stream_aes128ctr_portable_load32_bigendian
+uint32 load32_bigendian(const unsigned char *x);
+
+#define store32_bigendian crypto_stream_aes128ctr_portable_store32_bigendian
+void store32_bigendian(unsigned char *x,uint32 u);
+
+#define load32_littleendian crypto_stream_aes128ctr_portable_load32_littleendian
+uint32 load32_littleendian(const unsigned char *x);
+
+#define store32_littleendian crypto_stream_aes128ctr_portable_store32_littleendian
+void store32_littleendian(unsigned char *x,uint32 u);
+
+#define load64_littleendian crypto_stream_aes128ctr_portable_load64_littleendian
+uint64 load64_littleendian(const unsigned char *x);
+
+#define store64_littleendian crypto_stream_aes128ctr_portable_store64_littleendian
+void store64_littleendian(unsigned char *x,uint64 u);
+
+/* Macros required only for key expansion */
+
+#define keyexpbs1(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \
+  rotbyte(&b0);\
+  rotbyte(&b1);\
+  rotbyte(&b2);\
+  rotbyte(&b3);\
+  rotbyte(&b4);\
+  rotbyte(&b5);\
+  rotbyte(&b6);\
+  rotbyte(&b7);\
+  ;\
+  sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\
+  ;\
+  xor_rcon(&b0);\
+  shufb(&b0, EXPB0);\
+  shufb(&b1, EXPB0);\
+  shufb(&b4, EXPB0);\
+  shufb(&b6, EXPB0);\
+  shufb(&b3, EXPB0);\
+  shufb(&b7, EXPB0);\
+  shufb(&b2, EXPB0);\
+  shufb(&b5, EXPB0);\
+  shufb(&b0, EXPB0);\
+  ;\
+  t0 = *(int128 *)(bskey + 0);\
+  t1 = *(int128 *)(bskey + 16);\
+  t2 = *(int128 *)(bskey + 32);\
+  t3 = *(int128 *)(bskey + 48);\
+  t4 = *(int128 *)(bskey + 64);\
+  t5 = *(int128 *)(bskey + 80);\
+  t6 = *(int128 *)(bskey + 96);\
+  t7 = *(int128 *)(bskey + 112);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  *(int128 *)(bskey + 128) = b0;\
+  *(int128 *)(bskey + 144) = b1;\
+  *(int128 *)(bskey + 160) = b4;\
+  *(int128 *)(bskey + 176) = b6;\
+  *(int128 *)(bskey + 192) = b3;\
+  *(int128 *)(bskey + 208) = b7;\
+  *(int128 *)(bskey + 224) = b2;\
+  *(int128 *)(bskey + 240) = b5;\
+
+#define keyexpbs10(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) ;\
+  toggle(&b0);\
+  toggle(&b1);\
+  toggle(&b5);\
+  toggle(&b6);\
+  rotbyte(&b0);\
+  rotbyte(&b1);\
+  rotbyte(&b2);\
+  rotbyte(&b3);\
+  rotbyte(&b4);\
+  rotbyte(&b5);\
+  rotbyte(&b6);\
+  rotbyte(&b7);\
+  ;\
+  sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\
+  ;\
+  xor_rcon(&b1);\
+  xor_rcon(&b4);\
+  xor_rcon(&b3);\
+  xor_rcon(&b7);\
+  shufb(&b0, EXPB0);\
+  shufb(&b1, EXPB0);\
+  shufb(&b4, EXPB0);\
+  shufb(&b6, EXPB0);\
+  shufb(&b3, EXPB0);\
+  shufb(&b7, EXPB0);\
+  shufb(&b2, EXPB0);\
+  shufb(&b5, EXPB0);\
+  ;\
+  t0 = *(int128 *)(bskey + 9 * 128 +   0);\
+  t1 = *(int128 *)(bskey + 9 * 128 +  16);\
+  t2 = *(int128 *)(bskey + 9 * 128 +  32);\
+  t3 = *(int128 *)(bskey + 9 * 128 +  48);\
+  t4 = *(int128 *)(bskey + 9 * 128 +  64);\
+  t5 = *(int128 *)(bskey + 9 * 128 +  80);\
+  t6 = *(int128 *)(bskey + 9 * 128 +  96);\
+  t7 = *(int128 *)(bskey + 9 * 128 + 112);\
+  ;\
+  toggle(&t0);\
+  toggle(&t1);\
+  toggle(&t5);\
+  toggle(&t6);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  shufb(&b0, M0);\
+  shufb(&b1, M0);\
+  shufb(&b2, M0);\
+  shufb(&b3, M0);\
+  shufb(&b4, M0);\
+  shufb(&b5, M0);\
+  shufb(&b6, M0);\
+  shufb(&b7, M0);\
+  ;\
+  *(int128 *)(bskey + 1280) = b0;\
+  *(int128 *)(bskey + 1296) = b1;\
+  *(int128 *)(bskey + 1312) = b4;\
+  *(int128 *)(bskey + 1328) = b6;\
+  *(int128 *)(bskey + 1344) = b3;\
+  *(int128 *)(bskey + 1360) = b7;\
+  *(int128 *)(bskey + 1376) = b2;\
+  *(int128 *)(bskey + 1392) = b5;\
+
+
+#define keyexpbs(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, rcon, i, bskey) \
+  toggle(&b0);\
+  toggle(&b1);\
+  toggle(&b5);\
+  toggle(&b6);\
+  rotbyte(&b0);\
+  rotbyte(&b1);\
+  rotbyte(&b2);\
+  rotbyte(&b3);\
+  rotbyte(&b4);\
+  rotbyte(&b5);\
+  rotbyte(&b6);\
+  rotbyte(&b7);\
+  ;\
+  sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\
+  ;\
+  rcon;\
+  shufb(&b0, EXPB0);\
+  shufb(&b1, EXPB0);\
+  shufb(&b4, EXPB0);\
+  shufb(&b6, EXPB0);\
+  shufb(&b3, EXPB0);\
+  shufb(&b7, EXPB0);\
+  shufb(&b2, EXPB0);\
+  shufb(&b5, EXPB0);\
+  ;\
+  t0 = *(int128 *)(bskey + (i-1) * 128 +   0);\
+  t1 = *(int128 *)(bskey + (i-1) * 128 +  16);\
+  t2 = *(int128 *)(bskey + (i-1) * 128 +  32);\
+  t3 = *(int128 *)(bskey + (i-1) * 128 +  48);\
+  t4 = *(int128 *)(bskey + (i-1) * 128 +  64);\
+  t5 = *(int128 *)(bskey + (i-1) * 128 +  80);\
+  t6 = *(int128 *)(bskey + (i-1) * 128 +  96);\
+  t7 = *(int128 *)(bskey + (i-1) * 128 + 112);\
+  ;\
+  toggle(&t0);\
+  toggle(&t1);\
+  toggle(&t5);\
+  toggle(&t6);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  rshift32_littleendian(&t0, 8);\
+  rshift32_littleendian(&t1, 8);\
+  rshift32_littleendian(&t2, 8);\
+  rshift32_littleendian(&t3, 8);\
+  rshift32_littleendian(&t4, 8);\
+  rshift32_littleendian(&t5, 8);\
+  rshift32_littleendian(&t6, 8);\
+  rshift32_littleendian(&t7, 8);\
+  ;\
+  xor2(&b0, &t0);\
+  xor2(&b1, &t1);\
+  xor2(&b4, &t2);\
+  xor2(&b6, &t3);\
+  xor2(&b3, &t4);\
+  xor2(&b7, &t5);\
+  xor2(&b2, &t6);\
+  xor2(&b5, &t7);\
+  ;\
+  *(int128 *)(bskey + i*128 +   0) = b0;\
+  *(int128 *)(bskey + i*128 +  16) = b1;\
+  *(int128 *)(bskey + i*128 +  32) = b4;\
+  *(int128 *)(bskey + i*128 +  48) = b6;\
+  *(int128 *)(bskey + i*128 +  64) = b3;\
+  *(int128 *)(bskey + i*128 +  80) = b7;\
+  *(int128 *)(bskey + i*128 +  96) = b2;\
+  *(int128 *)(bskey + i*128 + 112) = b5;\
+
+/* Macros used in multiple contexts */
+
+#define bitslicekey0(key, bskey) \
+  xmm0 = *(int128 *) (key + 0);\
+  shufb(&xmm0, M0);\
+  copy2(&xmm1, &xmm0);\
+  copy2(&xmm2, &xmm0);\
+  copy2(&xmm3, &xmm0);\
+  copy2(&xmm4, &xmm0);\
+  copy2(&xmm5, &xmm0);\
+  copy2(&xmm6, &xmm0);\
+  copy2(&xmm7, &xmm0);\
+  ;\
+  bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\
+  ;\
+  *(int128 *) (bskey + 0) = xmm0;\
+  *(int128 *) (bskey + 16) = xmm1;\
+  *(int128 *) (bskey + 32) = xmm2;\
+  *(int128 *) (bskey + 48) = xmm3;\
+  *(int128 *) (bskey + 64) = xmm4;\
+  *(int128 *) (bskey + 80) = xmm5;\
+  *(int128 *) (bskey + 96) = xmm6;\
+  *(int128 *) (bskey + 112) = xmm7;\
+
+
+#define bitslicekey10(key, bskey) \
+  xmm0 = *(int128 *) (key + 0);\
+  copy2(xmm1, xmm0);\
+  copy2(xmm2, xmm0);\
+  copy2(xmm3, xmm0);\
+  copy2(xmm4, xmm0);\
+  copy2(xmm5, xmm0);\
+  copy2(xmm6, xmm0);\
+  copy2(xmm7, xmm0);\
+  ;\
+  bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\
+  ;\
+  toggle(&xmm6);\
+  toggle(&xmm5);\
+  toggle(&xmm1);\
+  toggle(&xmm0);\
+  ;\
+  *(int128 *) (bskey +   0 + 1280) = xmm0;\
+  *(int128 *) (bskey +  16 + 1280) = xmm1;\
+  *(int128 *) (bskey +  32 + 1280) = xmm2;\
+  *(int128 *) (bskey +  48 + 1280) = xmm3;\
+  *(int128 *) (bskey +  64 + 1280) = xmm4;\
+  *(int128 *) (bskey +  80 + 1280) = xmm5;\
+  *(int128 *) (bskey +  96 + 1280) = xmm6;\
+  *(int128 *) (bskey + 112 + 1280) = xmm7;\
+
+
+#define bitslicekey(i,key,bskey) \
+  xmm0 = *(int128 *) (key + 0);\
+  shufb(&xmm0, M0);\
+  copy2(&xmm1, &xmm0);\
+  copy2(&xmm2, &xmm0);\
+  copy2(&xmm3, &xmm0);\
+  copy2(&xmm4, &xmm0);\
+  copy2(&xmm5, &xmm0);\
+  copy2(&xmm6, &xmm0);\
+  copy2(&xmm7, &xmm0);\
+  ;\
+  bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, t);\
+  ;\
+  toggle(&xmm6);\
+  toggle(&xmm5);\
+  toggle(&xmm1);\
+  toggle(&xmm0);\
+  ;\
+  *(int128 *) (bskey +   0 + 128*i) = xmm0;\
+  *(int128 *) (bskey +  16 + 128*i) = xmm1;\
+  *(int128 *) (bskey +  32 + 128*i) = xmm2;\
+  *(int128 *) (bskey +  48 + 128*i) = xmm3;\
+  *(int128 *) (bskey +  64 + 128*i) = xmm4;\
+  *(int128 *) (bskey +  80 + 128*i) = xmm5;\
+  *(int128 *) (bskey +  96 + 128*i) = xmm6;\
+  *(int128 *) (bskey + 112 + 128*i) = xmm7;\
+
+
+#define bitslice(x0, x1, x2, x3, x4, x5, x6, x7, t) \
+	swapmove(x0, x1, 1, BS0, t);\
+	swapmove(x2, x3, 1, BS0, t);\
+	swapmove(x4, x5, 1, BS0, t);\
+	swapmove(x6, x7, 1, BS0, t);\
+	;\
+	swapmove(x0, x2, 2, BS1, t);\
+	swapmove(x1, x3, 2, BS1, t);\
+	swapmove(x4, x6, 2, BS1, t);\
+	swapmove(x5, x7, 2, BS1, t);\
+	;\
+	swapmove(x0, x4, 4, BS2, t);\
+	swapmove(x1, x5, 4, BS2, t);\
+	swapmove(x2, x6, 4, BS2, t);\
+	swapmove(x3, x7, 4, BS2, t);\
+
+
+#define swapmove(a, b, n, m, t) \
+	copy2(&t, &b);\
+  rshift64_littleendian(&t, n);\
+	xor2(&t, &a);\
+  and2(&t, &m);\
+  xor2(&a, &t);\
+  lshift64_littleendian(&t, n);\
+  xor2(&b, &t);
+
+#define rotbyte(x) \
+  shufb(x, ROTB) /* TODO: Make faster */
+
+
+/* Macros used for encryption (and decryption) */
+
+#define shiftrows(x0, x1, x2, x3, x4, x5, x6, x7, i, M, bskey) \
+	xor2(&x0, (int128 *)(bskey + 128*(i-1) + 0));\
+  shufb(&x0, M);\
+	xor2(&x1, (int128 *)(bskey + 128*(i-1) + 16));\
+  shufb(&x1, M);\
+	xor2(&x2, (int128 *)(bskey + 128*(i-1) + 32));\
+  shufb(&x2, M);\
+	xor2(&x3, (int128 *)(bskey + 128*(i-1) + 48));\
+  shufb(&x3, M);\
+	xor2(&x4, (int128 *)(bskey + 128*(i-1) + 64));\
+  shufb(&x4, M);\
+	xor2(&x5, (int128 *)(bskey + 128*(i-1) + 80));\
+  shufb(&x5, M);\
+	xor2(&x6, (int128 *)(bskey + 128*(i-1) + 96));\
+  shufb(&x6, M);\
+	xor2(&x7, (int128 *)(bskey + 128*(i-1) + 112));\
+  shufb(&x7, M);\
+
+
+#define mixcolumns(x0, x1, x2, x3, x4, x5, x6, x7, t0, t1, t2, t3, t4, t5, t6, t7) \
+  shufd(&t0, &x0, 0x93);\
+  shufd(&t1, &x1, 0x93);\
+  shufd(&t2, &x2, 0x93);\
+  shufd(&t3, &x3, 0x93);\
+  shufd(&t4, &x4, 0x93);\
+  shufd(&t5, &x5, 0x93);\
+  shufd(&t6, &x6, 0x93);\
+  shufd(&t7, &x7, 0x93);\
+	;\
+	xor2(&x0, &t0);\
+	xor2(&x1, &t1);\
+	xor2(&x2, &t2);\
+	xor2(&x3, &t3);\
+	xor2(&x4, &t4);\
+	xor2(&x5, &t5);\
+	xor2(&x6, &t6);\
+	xor2(&x7, &t7);\
+	;\
+	xor2(&t0, &x7);\
+	xor2(&t1, &x0);\
+	xor2(&t2, &x1);\
+	xor2(&t1, &x7);\
+	xor2(&t3, &x2);\
+	xor2(&t4, &x3);\
+	xor2(&t5, &x4);\
+	xor2(&t3, &x7);\
+	xor2(&t6, &x5);\
+	xor2(&t7, &x6);\
+	xor2(&t4, &x7);\
+	;\
+  shufd(&x0, &x0, 0x4e);\
+  shufd(&x1, &x1, 0x4e);\
+  shufd(&x2, &x2, 0x4e);\
+  shufd(&x3, &x3, 0x4e);\
+  shufd(&x4, &x4, 0x4e);\
+  shufd(&x5, &x5, 0x4e);\
+  shufd(&x6, &x6, 0x4e);\
+  shufd(&x7, &x7, 0x4e);\
+	;\
+	xor2(&t0, &x0);\
+	xor2(&t1, &x1);\
+	xor2(&t2, &x2);\
+	xor2(&t3, &x3);\
+	xor2(&t4, &x4);\
+	xor2(&t5, &x5);\
+	xor2(&t6, &x6);\
+	xor2(&t7, &x7);\
+
+
+#define aesround(i, b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \
+	shiftrows(b0, b1, b2, b3, b4, b5, b6, b7, i, SR, bskey);\
+	sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\
+	mixcolumns(b0, b1, b4, b6, b3, b7, b2, b5, t0, t1, t2, t3, t4, t5, t6, t7);\
+
+
+#define lastround(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7, bskey) \
+	shiftrows(b0, b1, b2, b3, b4, b5, b6, b7, 10, SRM0, bskey);\
+	sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, t4, t5, t6, t7);\
+	xor2(&b0,(int128 *)(bskey + 128*10));\
+	xor2(&b1,(int128 *)(bskey + 128*10+16));\
+	xor2(&b4,(int128 *)(bskey + 128*10+32));\
+	xor2(&b6,(int128 *)(bskey + 128*10+48));\
+	xor2(&b3,(int128 *)(bskey + 128*10+64));\
+	xor2(&b7,(int128 *)(bskey + 128*10+80));\
+	xor2(&b2,(int128 *)(bskey + 128*10+96));\
+	xor2(&b5,(int128 *)(bskey + 128*10+112));\
+
+
+#define sbox(b0, b1, b2, b3, b4, b5, b6, b7, t0, t1, t2, t3, s0, s1, s2, s3) \
+	InBasisChange(b0, b1, b2, b3, b4, b5, b6, b7); \
+	Inv_GF256(b6, b5, b0, b3, b7, b1, b4, b2, t0, t1, t2, t3, s0, s1, s2, s3); \
+	OutBasisChange(b7, b1, b4, b2, b6, b5, b0, b3); \
+
+
+#define InBasisChange(b0, b1, b2, b3, b4, b5, b6, b7) \
+	xor2(&b5, &b6);\
+	xor2(&b2, &b1);\
+	xor2(&b5, &b0);\
+	xor2(&b6, &b2);\
+	xor2(&b3, &b0);\
+	;\
+	xor2(&b6, &b3);\
+	xor2(&b3, &b7);\
+	xor2(&b3, &b4);\
+	xor2(&b7, &b5);\
+	xor2(&b3, &b1);\
+	;\
+	xor2(&b4, &b5);\
+	xor2(&b2, &b7);\
+	xor2(&b1, &b5);\
+
+#define OutBasisChange(b0, b1, b2, b3, b4, b5, b6, b7) \
+	xor2(&b0, &b6);\
+	xor2(&b1, &b4);\
+	xor2(&b2, &b0);\
+	xor2(&b4, &b6);\
+	xor2(&b6, &b1);\
+	;\
+	xor2(&b1, &b5);\
+	xor2(&b5, &b3);\
+	xor2(&b2, &b5);\
+	xor2(&b3, &b7);\
+	xor2(&b7, &b5);\
+	;\
+	xor2(&b4, &b7);\
+
+#define Mul_GF4(x0, x1, y0, y1, t0) \
+	copy2(&t0, &y0);\
+	xor2(&t0, &y1);\
+	and2(&t0, &x0);\
+	xor2(&x0, &x1);\
+	and2(&x0, &y1);\
+	and2(&x1, &y0);\
+	xor2(&x0, &x1);\
+	xor2(&x1, &t0);\
+
+#define Mul_GF4_N(x0, x1, y0, y1, t0) \
+	copy2(&t0, &y0);\
+	xor2(&t0, &y1);\
+	and2(&t0, &x0);\
+	xor2(&x0, &x1);\
+	and2(&x0, &y1);\
+	and2(&x1, &y0);\
+	xor2(&x1, &x0);\
+	xor2(&x0, &t0);\
+
+#define Mul_GF4_2(x0, x1, x2, x3, y0, y1, t0, t1) \
+	copy2(&t0, = y0);\
+	xor2(&t0, &y1);\
+	copy2(&t1, &t0);\
+	and2(&t0, &x0);\
+	and2(&t1, &x2);\
+	xor2(&x0, &x1);\
+	xor2(&x2, &x3);\
+	and2(&x0, &y1);\
+	and2(&x2, &y1);\
+	and2(&x1, &y0);\
+	and2(&x3, &y0);\
+	xor2(&x0, &x1);\
+	xor2(&x2, &x3);\
+	xor2(&x1, &t0);\
+	xor2(&x3, &t1);\
+
+#define Mul_GF16(x0, x1, x2, x3, y0, y1, y2, y3, t0, t1, t2, t3) \
+	copy2(&t0, &x0);\
+	copy2(&t1, &x1);\
+	Mul_GF4(x0, x1, y0, y1, t2);\
+	xor2(&t0, &x2);\
+	xor2(&t1, &x3);\
+	xor2(&y0, &y2);\
+	xor2(&y1, &y3);\
+	Mul_GF4_N(t0, t1, y0, y1, t2);\
+	Mul_GF4(x2, x3, y2, y3, t3);\
+	;\
+	xor2(&x0, &t0);\
+	xor2(&x2, &t0);\
+	xor2(&x1, &t1);\
+	xor2(&x3, &t1);\
+
+#define Mul_GF16_2(x0, x1, x2, x3, x4, x5, x6, x7, y0, y1, y2, y3, t0, t1, t2, t3) \
+	copy2(&t0, &x0);\
+	copy2(&t1, &x1);\
+	Mul_GF4(x0, x1, y0, y1, t2);\
+	xor2(&t0, &x2);\
+	xor2(&t1, &x3);\
+	xor2(&y0, &y2);\
+	xor2(&y1, &y3);\
+	Mul_GF4_N(t0, t1, y0, y1, t3);\
+	Mul_GF4(x2, x3, y2, y3, t2);\
+	;\
+	xor2(&x0, &t0);\
+	xor2(&x2, &t0);\
+	xor2(&x1, &t1);\
+	xor2(&x3, &t1);\
+	;\
+	copy2(&t0, &x4);\
+	copy2(&t1, &x5);\
+	xor2(&t0, &x6);\
+	xor2(&t1, &x7);\
+	Mul_GF4_N(t0, t1, y0, y1, t3);\
+	Mul_GF4(x6, x7, y2, y3, t2);\
+	xor2(&y0, &y2);\
+	xor2(&y1, &y3);\
+	Mul_GF4(x4, x5, y0, y1, t3);\
+	;\
+	xor2(&x4, &t0);\
+	xor2(&x6, &t0);\
+	xor2(&x5, &t1);\
+	xor2(&x7, &t1);\
+
+#define Inv_GF16(x0, x1, x2, x3, t0, t1, t2, t3) \
+	copy2(&t0, &x1);\
+	copy2(&t1, &x0);\
+	and2(&t0, &x3);\
+	or2(&t1, &x2);\
+	copy2(&t2, &x1);\
+	copy2(&t3, &x0);\
+	or2(&t2, &x2);\
+	or2(&t3, &x3);\
+	xor2(&t2, &t3);\
+	;\
+	xor2(&t0, &t2);\
+	xor2(&t1, &t2);\
+	;\
+	Mul_GF4_2(x0, x1, x2, x3, t1, t0, t2, t3);\
+
+
+#define Inv_GF256(x0,  x1, x2, x3, x4, x5, x6, x7, t0, t1, t2, t3, s0, s1, s2, s3) \
+	copy2(&t3, &x4);\
+	copy2(&t2, &x5);\
+	copy2(&t1, &x1);\
+	copy2(&s1, &x7);\
+	copy2(&s0, &x0);\
+	;\
+	xor2(&t3, &x6);\
+	xor2(&t2, &x7);\
+	xor2(&t1, &x3);\
+	xor2(&s1, &x6);\
+	xor2(&s0, &x2);\
+	;\
+	copy2(&s2, &t3);\
+	copy2(&t0, &t2);\
+	copy2(&s3, &t3);\
+	;\
+	or2(&t2, &t1);\
+	or2(&t3, &s0);\
+	xor2(&s3, &t0);\
+	and2(&s2, &s0);\
+	and2(&t0, &t1);\
+	xor2(&s0, &t1);\
+	and2(&s3, &s0);\
+	copy2(&s0, &x3);\
+	xor2(&s0, &x2);\
+	and2(&s1, &s0);\
+	xor2(&t3, &s1);\
+	xor2(&t2, &s1);\
+	copy2(&s1, &x4);\
+	xor2(&s1, &x5);\
+	copy2(&s0, &x1);\
+	copy2(&t1, &s1);\
+	xor2(&s0, &x0);\
+	or2(&t1, &s0);\
+	and2(&s1, &s0);\
+	xor2(&t0, &s1);\
+	xor2(&t3, &s3);\
+	xor2(&t2, &s2);\
+	xor2(&t1, &s3);\
+	xor2(&t0, &s2);\
+	xor2(&t1, &s2);\
+	copy2(&s0, &x7);\
+	copy2(&s1, &x6);\
+	copy2(&s2, &x5);\
+	copy2(&s3, &x4);\
+	and2(&s0, &x3);\
+	and2(&s1, &x2);\
+	and2(&s2, &x1);\
+	or2(&s3, &x0);\
+	xor2(&t3, &s0);\
+	xor2(&t2, &s1);\
+	xor2(&t1, &s2);\
+	xor2(&t0, &s3);\
+  ;\
+  copy2(&s0, &t3);\
+  xor2(&s0, &t2);\
+  and2(&t3, &t1);\
+  copy2(&s2, &t0);\
+  xor2(&s2, &t3);\
+  copy2(&s3, &s0);\
+  and2(&s3, &s2);\
+  xor2(&s3, &t2);\
+  copy2(&s1, &t1);\
+  xor2(&s1, &t0);\
+  xor2(&t3, &t2);\
+  and2(&s1, &t3);\
+  xor2(&s1, &t0);\
+  xor2(&t1, &s1);\
+  copy2(&t2, &s2);\
+  xor2(&t2, &s1);\
+  and2(&t2, &t0);\
+  xor2(&t1, &t2);\
+  xor2(&s2, &t2);\
+  and2(&s2, &s3);\
+  xor2(&s2, &s0);\
+  ;\
+  Mul_GF16_2(x0, x1, x2, x3, x4, x5, x6, x7, s3, s2, s1, t1, s0, t0, t2, t3);\
+
+#endif

src/libnacl/crypto_stream/aes128ctr/portable/consts.c

@@ -0,0 +1,14 @@
+#include "consts.h"
+
+const unsigned char ROTB[16] = {0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08};
+const unsigned char M0[16]   = {0x0f, 0x0b, 0x07, 0x03, 0x0e, 0x0a, 0x06, 0x02, 0x0d, 0x09, 0x05, 0x01, 0x0c, 0x08, 0x04, 0x00};
+const unsigned char EXPB0[16] = {0x03, 0x03, 0x03, 0x03, 0x07, 0x07, 0x07, 0x07, 0x0b, 0x0b, 0x0b, 0x0b, 0x0f, 0x0f, 0x0f, 0x0f};
+
+const unsigned char SWAP32[16] = {0x03, 0x02, 0x01, 0x00, 0x07, 0x06, 0x05, 0x04, 0x0b, 0x0a, 0x09, 0x08, 0x0f, 0x0e, 0x0d, 0x0c};
+const unsigned char M0SWAP[16] = {0x0c, 0x08, 0x04, 0x00, 0x0d, 0x09, 0x05, 0x01, 0x0e, 0x0a, 0x06, 0x02, 0x0f, 0x0b, 0x07, 0x03};
+const unsigned char SR[16] = {0x01, 0x02, 0x03, 0x00, 0x06, 0x07, 0x04, 0x05, 0x0b, 0x08, 0x09, 0x0a, 0x0c, 0x0d, 0x0e, 0x0f};
+const unsigned char SRM0[16] = {0x0f, 0x0a, 0x05, 0x00, 0x0e, 0x09, 0x04, 0x03, 0x0d, 0x08, 0x07, 0x02, 0x0c, 0x0b, 0x06, 0x01};
+
+const int128 BS0 = {0x5555555555555555ULL, 0x5555555555555555ULL};
+const int128 BS1 = {0x3333333333333333ULL, 0x3333333333333333ULL};
+const int128 BS2 = {0x0f0f0f0f0f0f0f0fULL, 0x0f0f0f0f0f0f0f0fULL};

src/libnacl/crypto_stream/aes128ctr/portable/consts.h

@@ -0,0 +1,28 @@
+#ifndef CONSTS_H
+#define CONSTS_H
+
+#include "int128.h"
+
+#define ROTB crypto_stream_aes128ctr_portable_ROTB
+#define M0 crypto_stream_aes128ctr_portable_M0
+#define EXPB0 crypto_stream_aes128ctr_portable_EXPB0
+#define SWAP32 crypto_stream_aes128ctr_portable_SWAP32
+#define M0SWAP crypto_stream_aes128ctr_portable_M0SWAP
+#define SR crypto_stream_aes128ctr_portable_SR
+#define SRM0 crypto_stream_aes128ctr_portable_SRM0
+#define BS0 crypto_stream_aes128ctr_portable_BS0
+#define BS1 crypto_stream_aes128ctr_portable_BS1
+#define BS2 crypto_stream_aes128ctr_portable_BS2
+
+extern const unsigned char ROTB[16];
+extern const unsigned char M0[16];
+extern const unsigned char EXPB0[16];
+extern const unsigned char SWAP32[16];
+extern const unsigned char M0SWAP[16];
+extern const unsigned char SR[16];
+extern const unsigned char SRM0[16];
+extern const int128 BS0;
+extern const int128 BS1;
+extern const int128 BS2;
+
+#endif

src/libnacl/crypto_stream/aes128ctr/portable/int128.c

@@ -0,0 +1,128 @@
+#include "int128.h"
+#include "common.h"
+
+void xor2(int128 *r, const int128 *x)
+{
+  r->a ^= x->a;
+  r->b ^= x->b;
+}
+
+void and2(int128 *r, const int128 *x)
+{
+  r->a &= x->a;
+  r->b &= x->b;
+}
+
+void or2(int128 *r, const int128 *x)
+{
+  r->a |= x->a;
+  r->b |= x->b;
+}
+
+void copy2(int128 *r, const int128 *x)
+{
+  r->a = x->a;
+  r->b = x->b;
+}
+
+void shufb(int128 *r, const unsigned char *l)
+{
+  int128 t;
+  copy2(&t,r);
+  unsigned char *cr = (unsigned char *)r;
+  unsigned char *ct = (unsigned char *)&t;
+  cr[0] = ct[l[0]];
+  cr[1] = ct[l[1]];
+  cr[2] = ct[l[2]];
+  cr[3] = ct[l[3]];
+  cr[4] = ct[l[4]];
+  cr[5] = ct[l[5]];
+  cr[6] = ct[l[6]];
+  cr[7] = ct[l[7]];
+  cr[8] = ct[l[8]];
+  cr[9] = ct[l[9]];
+  cr[10] = ct[l[10]];
+  cr[11] = ct[l[11]];
+  cr[12] = ct[l[12]];
+  cr[13] = ct[l[13]];
+  cr[14] = ct[l[14]];
+  cr[15] = ct[l[15]];
+}
+
+void shufd(int128 *r, const int128 *x, const unsigned int c)
+{
+  int128 t;
+  uint32 *tp = (uint32 *)&t;
+  uint32 *xp = (uint32 *)x;
+  tp[0] = xp[c&3];
+  tp[1] = xp[(c>>2)&3];
+  tp[2] = xp[(c>>4)&3];
+  tp[3] = xp[(c>>6)&3];
+  copy2(r,&t);
+}
+
+void rshift32_littleendian(int128 *r, const unsigned int n)
+{
+  unsigned char *rp = (unsigned char *)r;
+  uint32 t;
+  t = load32_littleendian(rp);
+  t >>= n;
+  store32_littleendian(rp, t);
+  t = load32_littleendian(rp+4);
+  t >>= n;
+  store32_littleendian(rp+4, t);
+  t = load32_littleendian(rp+8);
+  t >>= n;
+  store32_littleendian(rp+8, t);
+  t = load32_littleendian(rp+12);
+  t >>= n;
+  store32_littleendian(rp+12, t);
+}
+
+void rshift64_littleendian(int128 *r, const unsigned int n)
+{
+  unsigned char *rp = (unsigned char *)r;
+  uint64 t;
+  t = load64_littleendian(rp);
+  t >>= n;
+  store64_littleendian(rp, t);
+  t = load64_littleendian(rp+8);
+  t >>= n;
+  store64_littleendian(rp+8, t);
+}
+
+void lshift64_littleendian(int128 *r, const unsigned int n)
+{
+  unsigned char *rp = (unsigned char *)r;
+  uint64 t;
+  t = load64_littleendian(rp);
+  t <<= n;
+  store64_littleendian(rp, t);
+  t = load64_littleendian(rp+8);
+  t <<= n;
+  store64_littleendian(rp+8, t);
+}
+
+void toggle(int128 *r)
+{
+  r->a ^= 0xffffffffffffffffULL;
+  r->b ^= 0xffffffffffffffffULL;
+}
+
+void xor_rcon(int128 *r)
+{
+  unsigned char *rp = (unsigned char *)r;
+  uint32 t;
+  t = load32_littleendian(rp+12);
+  t ^= 0xffffffff;
+  store32_littleendian(rp+12, t);
+}
+
+void add_uint32_big(int128 *r, uint32 x)
+{
+  unsigned char *rp = (unsigned char *)r;
+  uint32 t;
+  t = load32_littleendian(rp+12);
+  t += x;
+  store32_littleendian(rp+12, t);
+}

src/libnacl/crypto_stream/aes128ctr/portable/int128.h

@@ -0,0 +1,47 @@
+#ifndef INT128_H
+#define INT128_H
+
+#include "common.h"
+
+typedef struct{
+  unsigned long long a;
+  unsigned long long b;
+} int128;
+
+#define xor2 crypto_stream_aes128ctr_portable_xor2
+void xor2(int128 *r, const int128 *x);
+
+#define and2 crypto_stream_aes128ctr_portable_and2
+void and2(int128 *r, const int128 *x);
+
+#define or2 crypto_stream_aes128ctr_portable_or2
+void or2(int128 *r, const int128 *x);
+
+#define copy2 crypto_stream_aes128ctr_portable_copy2
+void copy2(int128 *r, const int128 *x);
+
+#define shufb crypto_stream_aes128ctr_portable_shufb
+void shufb(int128 *r, const unsigned char *l);
+
+#define shufd crypto_stream_aes128ctr_portable_shufd
+void shufd(int128 *r, const int128 *x, const unsigned int c);
+
+#define rshift32_littleendian crypto_stream_aes128ctr_portable_rshift32_littleendian
+void rshift32_littleendian(int128 *r, const unsigned int n);
+
+#define rshift64_littleendian crypto_stream_aes128ctr_portable_rshift64_littleendian
+void rshift64_littleendian(int128 *r, const unsigned int n);
+
+#define lshift64_littleendian crypto_stream_aes128ctr_portable_lshift64_littleendian
+void lshift64_littleendian(int128 *r, const unsigned int n);
+
+#define toggle crypto_stream_aes128ctr_portable_toggle
+void toggle(int128 *r);
+
+#define xor_rcon crypto_stream_aes128ctr_portable_xor_rcon
+void xor_rcon(int128 *r);
+
+#define add_uint32_big crypto_stream_aes128ctr_portable_add_uint32_big
+void add_uint32_big(int128 *r, uint32 x);
+
+#endif

src/libnacl/crypto_stream/aes128ctr/portable/stream.c

@@ -0,0 +1,28 @@
+#include "crypto_stream.h"
+
+int crypto_stream(
+        unsigned char *out,
+        unsigned long long outlen,
+        const unsigned char *n,
+        const unsigned char *k
+        )
+{
+    unsigned char d[crypto_stream_BEFORENMBYTES];
+    crypto_stream_beforenm(d, k);
+    crypto_stream_afternm(out, outlen, n, d);
+    return 0;
+}
+
+int crypto_stream_xor(
+        unsigned char *out,
+        const unsigned char *in,
+        unsigned long long inlen,
+        const unsigned char *n,
+        const unsigned char *k
+        )
+{
+    unsigned char d[crypto_stream_BEFORENMBYTES];
+    crypto_stream_beforenm(d, k);
+    crypto_stream_xor_afternm(out, in, inlen, n, d);
+    return 0;
+}

src/libnacl/crypto_stream/aes128ctr/portable/types.h

@@ -0,0 +1,10 @@
+#ifndef TYPES_H
+#define TYPES_H
+
+#include "crypto_uint32.h"
+typedef crypto_uint32 uint32;
+
+#include "crypto_uint64.h"
+typedef crypto_uint64 uint64;
+
+#endif

src/libnacl/crypto_stream/aes128ctr/portable/xor_afternm.c

@@ -0,0 +1,180 @@
+/* Author: Peter Schwabe, ported from an assembly implementation by Emilia Käsper
+ * Date: 2009-03-19
+ * Public domain */
+
+#include <stdio.h>
+#include "int128.h"
+#include "common.h"
+#include "consts.h"
+#include "crypto_stream.h"
+
+int crypto_stream_xor_afternm(unsigned char *outp, const unsigned char *inp, unsigned long long len, const unsigned char *noncep, const unsigned char *c)
+{
+
+  int128 xmm0;
+  int128 xmm1;
+  int128 xmm2;
+  int128 xmm3;
+  int128 xmm4;
+  int128 xmm5;
+  int128 xmm6;
+  int128 xmm7;
+
+  int128 xmm8;
+  int128 xmm9;
+  int128 xmm10;
+  int128 xmm11;
+  int128 xmm12;
+  int128 xmm13;
+  int128 xmm14;
+  int128 xmm15;
+
+  int128 nonce_stack;
+  unsigned long long lensav;
+  unsigned char bl[128];
+  unsigned char *blp;
+  unsigned char b;
+
+  uint32 tmp;
+
+  /* Copy nonce on the stack */
+  copy2(&nonce_stack, (int128 *) (noncep + 0));
+  unsigned char *np = (unsigned char *)&nonce_stack;
+
+    enc_block:
+
+    xmm0 = *(int128 *) (np + 0);
+    copy2(&xmm1, &xmm0);
+    shufb(&xmm1, SWAP32);
+    copy2(&xmm2, &xmm1);
+    copy2(&xmm3, &xmm1);
+    copy2(&xmm4, &xmm1);
+    copy2(&xmm5, &xmm1);
+    copy2(&xmm6, &xmm1);
+    copy2(&xmm7, &xmm1);
+
+    add_uint32_big(&xmm1, 1);
+    add_uint32_big(&xmm2, 2);
+    add_uint32_big(&xmm3, 3);
+    add_uint32_big(&xmm4, 4);
+    add_uint32_big(&xmm5, 5);
+    add_uint32_big(&xmm6, 6);
+    add_uint32_big(&xmm7, 7);
+
+    shufb(&xmm0, M0);
+    shufb(&xmm1, M0SWAP);
+    shufb(&xmm2, M0SWAP);
+    shufb(&xmm3, M0SWAP);
+    shufb(&xmm4, M0SWAP);
+    shufb(&xmm5, M0SWAP);
+    shufb(&xmm6, M0SWAP);
+    shufb(&xmm7, M0SWAP);
+
+    bitslice(xmm7, xmm6, xmm5, xmm4, xmm3, xmm2, xmm1, xmm0, xmm8)
+
+    aesround( 1, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 2, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 3, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 4, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 5, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 6, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 7, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    aesround( 8, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+    aesround( 9, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7, xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15,c)
+    lastround(xmm8, xmm9, xmm10, xmm11, xmm12, xmm13, xmm14, xmm15, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5, xmm6, xmm7,c)
+
+    bitslice(xmm13, xmm10, xmm15, xmm11, xmm14, xmm12, xmm9, xmm8, xmm0)
+
+    if(len < 128) goto partial;
+    if(len == 128) goto full;
+
+    tmp = load32_bigendian(np + 12);
+    tmp += 8;
+    store32_bigendian(np + 12, tmp);
+
+    xor2(&xmm8, (int128 *)(inp + 0));
+    xor2(&xmm9, (int128 *)(inp + 16));
+    xor2(&xmm12, (int128 *)(inp + 32));
+    xor2(&xmm14, (int128 *)(inp + 48));
+    xor2(&xmm11, (int128 *)(inp + 64));
+    xor2(&xmm15, (int128 *)(inp + 80));
+    xor2(&xmm10, (int128 *)(inp + 96));
+    xor2(&xmm13, (int128 *)(inp + 112));
+
+    *(int128 *) (outp + 0) = xmm8;
+    *(int128 *) (outp + 16) = xmm9;
+    *(int128 *) (outp + 32) = xmm12;
+    *(int128 *) (outp + 48) = xmm14;
+    *(int128 *) (outp + 64) = xmm11;
+    *(int128 *) (outp + 80) = xmm15;
+    *(int128 *) (outp + 96) = xmm10;
+    *(int128 *) (outp + 112) = xmm13;
+
+    len -= 128;
+    inp += 128;
+    outp += 128;
+
+    goto enc_block;
+
+    partial:
+
+    lensav = len;
+    len >>= 4;
+
+    tmp = load32_bigendian(np + 12);
+    tmp += len;
+    store32_bigendian(np + 12, tmp);
+
+    blp = bl;
+    *(int128 *)(blp + 0) = xmm8;
+    *(int128 *)(blp + 16) = xmm9;
+    *(int128 *)(blp + 32) = xmm12;
+    *(int128 *)(blp + 48) = xmm14;
+    *(int128 *)(blp + 64) = xmm11;
+    *(int128 *)(blp + 80) = xmm15;
+    *(int128 *)(blp + 96) = xmm10;
+    *(int128 *)(blp + 112) = xmm13;
+
+    bytes:
+
+    if(lensav == 0) goto end;
+
+    b = blp[0];
+    b ^= *(unsigned char *)(inp + 0);
+    *(unsigned char *)(outp + 0) = b;
+
+    blp += 1;
+    inp +=1;
+    outp +=1;
+    lensav -= 1;
+
+    goto bytes;
+
+    full:
+
+    tmp = load32_bigendian(np + 12);
+    tmp += 8;
+    store32_bigendian(np + 12, tmp);
+
+    xor2(&xmm8, (int128 *)(inp + 0));
+    xor2(&xmm9, (int128 *)(inp + 16));
+    xor2(&xmm12, (int128 *)(inp + 32));
+    xor2(&xmm14, (int128 *)(inp + 48));
+    xor2(&xmm11, (int128 *)(inp + 64));
+    xor2(&xmm15, (int128 *)(inp + 80));
+    xor2(&xmm10, (int128 *)(inp + 96));
+    xor2(&xmm13, (int128 *)(inp + 112));
+
+    *(int128 *) (outp + 0) = xmm8;
+    *(int128 *) (outp + 16) = xmm9;
+    *(int128 *) (outp + 32) = xmm12;
+    *(int128 *) (outp + 48) = xmm14;
+    *(int128 *) (outp + 64) = xmm11;
+    *(int128 *) (outp + 80) = xmm15;
+    *(int128 *) (outp + 96) = xmm10;
+    *(int128 *) (outp + 112) = xmm13;
+
+    end:
+    return 0;
+
+}

src/libnacl/crypto_stream/measure.c

@@ -0,0 +1,73 @@
+#include <stdlib.h>
+#include "randombytes.h"
+#include "cpucycles.h"
+#include "crypto_stream.h"
+
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+
+const char *primitiveimplementation = crypto_stream_IMPLEMENTATION;
+const char *implementationversion = crypto_stream_VERSION;
+const char *sizenames[] = { "keybytes", "noncebytes", 0 };
+const long long sizes[] = { crypto_stream_KEYBYTES, crypto_stream_NONCEBYTES };
+
+#define MAXTEST_BYTES 4096
+#ifdef SUPERCOP
+#define MGAP 8192
+#else
+#define MGAP 8
+#endif
+
+static unsigned char *k;
+static unsigned char *n;
+static unsigned char *m;
+static unsigned char *c;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  k = alignedcalloc(crypto_stream_KEYBYTES);
+  n = alignedcalloc(crypto_stream_NONCEBYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  c = alignedcalloc(MAXTEST_BYTES);
+}
+
+#define TIMINGS 15
+static long long cycles[TIMINGS + 1];
+
+void measure(void)
+{
+  int i;
+  int loop;
+  int mlen;
+
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) {
+      randombytes(k,crypto_stream_KEYBYTES);
+      randombytes(n,crypto_stream_NONCEBYTES);
+      randombytes(m,mlen);
+      randombytes(c,mlen);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_stream(c,mlen,n,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+	crypto_stream_xor(c,m,mlen,n,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"xor_cycles",cycles,TIMINGS);
+    }
+  }
+}

src/libnacl/crypto_stream/salsa20/checksum

@@ -0,0 +1 @@
+44a3966eabcd3a2b13faca2150e38f2b7e6bac187d626618f50a9f875158ae78

src/libnacl/crypto_stream/salsa20/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_NONCEBYTES 8

src/libnacl/crypto_stream/salsa20/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_stream/salsa20/ref/stream.c

@@ -0,0 +1,49 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa20.h"
+#include "crypto_stream.h"
+
+typedef unsigned int uint32;
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream(
+        unsigned char *c,unsigned long long clen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  unsigned char in[16];
+  unsigned char block[64];
+  int i;
+  unsigned int u;
+
+  if (!clen) return 0;
+
+  for (i = 0;i < 8;++i) in[i] = n[i];
+  for (i = 8;i < 16;++i) in[i] = 0;
+
+  while (clen >= 64) {
+    crypto_core_salsa20(c,in,k,sigma);
+
+    u = 1;
+    for (i = 8;i < 16;++i) {
+      u += (unsigned int) in[i];
+      in[i] = u;
+      u >>= 8;
+    }
+
+    clen -= 64;
+    c += 64;
+  }
+
+  if (clen) {
+    crypto_core_salsa20(block,in,k,sigma);
+    for (i = 0;i < clen;++i) c[i] = block[i];
+  }
+  return 0;
+}

src/libnacl/crypto_stream/salsa20/ref/xor.c

@@ -0,0 +1,52 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa20.h"
+#include "crypto_stream.h"
+
+typedef unsigned int uint32;
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream_xor(
+        unsigned char *c,
+  const unsigned char *m,unsigned long long mlen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  unsigned char in[16];
+  unsigned char block[64];
+  int i;
+  unsigned int u;
+
+  if (!mlen) return 0;
+
+  for (i = 0;i < 8;++i) in[i] = n[i];
+  for (i = 8;i < 16;++i) in[i] = 0;
+
+  while (mlen >= 64) {
+    crypto_core_salsa20(block,in,k,sigma);
+    for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i];
+
+    u = 1;
+    for (i = 8;i < 16;++i) {
+      u += (unsigned int) in[i];
+      in[i] = u;
+      u >>= 8;
+    }
+
+    mlen -= 64;
+    c += 64;
+    m += 64;
+  }
+
+  if (mlen) {
+    crypto_core_salsa20(block,in,k,sigma);
+    for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i];
+  }
+  return 0;
+}

src/libnacl/crypto_stream/salsa2012/checksum

@@ -0,0 +1 @@
+ecc758f200061c3cc770b25797da73583548d4f90f69a967fbbe1a6d94d1705c

src/libnacl/crypto_stream/salsa2012/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_NONCEBYTES 8

src/libnacl/crypto_stream/salsa2012/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_stream/salsa2012/ref/stream.c

@@ -0,0 +1,49 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa2012.h"
+#include "crypto_stream.h"
+
+typedef unsigned int uint32;
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream(
+        unsigned char *c,unsigned long long clen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  unsigned char in[16];
+  unsigned char block[64];
+  int i;
+  unsigned int u;
+
+  if (!clen) return 0;
+
+  for (i = 0;i < 8;++i) in[i] = n[i];
+  for (i = 8;i < 16;++i) in[i] = 0;
+
+  while (clen >= 64) {
+    crypto_core_salsa2012(c,in,k,sigma);
+
+    u = 1;
+    for (i = 8;i < 16;++i) {
+      u += (unsigned int) in[i];
+      in[i] = u;
+      u >>= 8;
+    }
+
+    clen -= 64;
+    c += 64;
+  }
+
+  if (clen) {
+    crypto_core_salsa2012(block,in,k,sigma);
+    for (i = 0;i < clen;++i) c[i] = block[i];
+  }
+  return 0;
+}

src/libnacl/crypto_stream/salsa2012/ref/xor.c

@@ -0,0 +1,52 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa2012.h"
+#include "crypto_stream.h"
+
+typedef unsigned int uint32;
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream_xor(
+        unsigned char *c,
+  const unsigned char *m,unsigned long long mlen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  unsigned char in[16];
+  unsigned char block[64];
+  int i;
+  unsigned int u;
+
+  if (!mlen) return 0;
+
+  for (i = 0;i < 8;++i) in[i] = n[i];
+  for (i = 8;i < 16;++i) in[i] = 0;
+
+  while (mlen >= 64) {
+    crypto_core_salsa2012(block,in,k,sigma);
+    for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i];
+
+    u = 1;
+    for (i = 8;i < 16;++i) {
+      u += (unsigned int) in[i];
+      in[i] = u;
+      u >>= 8;
+    }
+
+    mlen -= 64;
+    c += 64;
+    m += 64;
+  }
+
+  if (mlen) {
+    crypto_core_salsa2012(block,in,k,sigma);
+    for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i];
+  }
+  return 0;
+}

src/libnacl/crypto_stream/salsa208/checksum

@@ -0,0 +1 @@
+05f32b0647417aaa446b0b3127318133cf9af32b771869eab267000bf02710cd

src/libnacl/crypto_stream/salsa208/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_NONCEBYTES 8

src/libnacl/crypto_stream/salsa208/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_stream/salsa208/ref/stream.c

@@ -0,0 +1,49 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa208.h"
+#include "crypto_stream.h"
+
+typedef unsigned int uint32;
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream(
+        unsigned char *c,unsigned long long clen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  unsigned char in[16];
+  unsigned char block[64];
+  int i;
+  unsigned int u;
+
+  if (!clen) return 0;
+
+  for (i = 0;i < 8;++i) in[i] = n[i];
+  for (i = 8;i < 16;++i) in[i] = 0;
+
+  while (clen >= 64) {
+    crypto_core_salsa208(c,in,k,sigma);
+
+    u = 1;
+    for (i = 8;i < 16;++i) {
+      u += (unsigned int) in[i];
+      in[i] = u;
+      u >>= 8;
+    }
+
+    clen -= 64;
+    c += 64;
+  }
+
+  if (clen) {
+    crypto_core_salsa208(block,in,k,sigma);
+    for (i = 0;i < clen;++i) c[i] = block[i];
+  }
+  return 0;
+}

src/libnacl/crypto_stream/salsa208/ref/xor.c

@@ -0,0 +1,52 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_salsa208.h"
+#include "crypto_stream.h"
+
+typedef unsigned int uint32;
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream_xor(
+        unsigned char *c,
+  const unsigned char *m,unsigned long long mlen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  unsigned char in[16];
+  unsigned char block[64];
+  int i;
+  unsigned int u;
+
+  if (!mlen) return 0;
+
+  for (i = 0;i < 8;++i) in[i] = n[i];
+  for (i = 8;i < 16;++i) in[i] = 0;
+
+  while (mlen >= 64) {
+    crypto_core_salsa208(block,in,k,sigma);
+    for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i];
+
+    u = 1;
+    for (i = 8;i < 16;++i) {
+      u += (unsigned int) in[i];
+      in[i] = u;
+      u >>= 8;
+    }
+
+    mlen -= 64;
+    c += 64;
+    m += 64;
+  }
+
+  if (mlen) {
+    crypto_core_salsa208(block,in,k,sigma);
+    for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i];
+  }
+  return 0;
+}

src/libnacl/crypto_stream/try.c

@@ -0,0 +1,125 @@
+/*
+ * crypto_stream/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_stream.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_stream_IMPLEMENTATION;
+
+#define MAXTEST_BYTES 10000
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+
+static unsigned char *k;
+static unsigned char *n;
+static unsigned char *m;
+static unsigned char *c;
+static unsigned char *s;
+static unsigned char *k2;
+static unsigned char *n2;
+static unsigned char *m2;
+static unsigned char *c2;
+static unsigned char *s2;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  k = alignedcalloc(crypto_stream_KEYBYTES);
+  n = alignedcalloc(crypto_stream_NONCEBYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  c = alignedcalloc(MAXTEST_BYTES);
+  s = alignedcalloc(MAXTEST_BYTES);
+  k2 = alignedcalloc(crypto_stream_KEYBYTES);
+  n2 = alignedcalloc(crypto_stream_NONCEBYTES);
+  m2 = alignedcalloc(MAXTEST_BYTES);
+  c2 = alignedcalloc(MAXTEST_BYTES);
+  s2 = alignedcalloc(MAXTEST_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_stream_xor(c,m,TUNE_BYTES,n,k);
+}
+
+char checksum[crypto_stream_KEYBYTES * 2 + 1];
+
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long mlen = i;
+    long long clen = i;
+    long long slen = i;
+    long long klen = crypto_stream_KEYBYTES;
+    long long nlen = crypto_stream_NONCEBYTES;
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = -16;j < 0;++j) c[j] = random();
+    for (j = -16;j < 0;++j) s[j] = random();
+    for (j = -16;j < 0;++j) n[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = clen;j < clen + 16;++j) c[j] = random();
+    for (j = slen;j < slen + 16;++j) s[j] = random();
+    for (j = nlen;j < nlen + 16;++j) n[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
+    for (j = -16;j < slen + 16;++j) s2[j] = s[j];
+    for (j = -16;j < nlen + 16;++j) n2[j] = n[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+
+    crypto_stream_xor(c,m,mlen,n,k);
+
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_stream_xor overwrites m";
+    for (j = -16;j < slen + 16;++j) if (s[j] != s2[j]) return "crypto_stream_xor overwrites s";
+    for (j = -16;j < nlen + 16;++j) if (n[j] != n2[j]) return "crypto_stream_xor overwrites n";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_stream_xor overwrites k";
+    for (j = -16;j < 0;++j) if (c[j] != c2[j]) return "crypto_stream_xor writes before output";
+    for (j = clen;j < clen + 16;++j) if (c[j] != c2[j]) return "crypto_stream_xor writes after output";
+
+    for (j = -16;j < clen + 16;++j) c2[j] = c[j];
+
+    crypto_stream(s,slen,n,k);
+
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_stream overwrites m";
+    for (j = -16;j < clen + 16;++j) if (c[j] != c2[j]) return "crypto_stream overwrites c";
+    for (j = -16;j < nlen + 16;++j) if (n[j] != n2[j]) return "crypto_stream overwrites n";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_stream overwrites k";
+    for (j = -16;j < 0;++j) if (s[j] != s2[j]) return "crypto_stream writes before output";
+    for (j = slen;j < slen + 16;++j) if (s[j] != s2[j]) return "crypto_stream writes after output";
+
+    for (j = 0;j < mlen;++j)
+      if ((s[j] ^ m[j]) != c[j]) return "crypto_stream_xor does not match crypto_stream";
+
+    for (j = 0;j < clen;++j) k[j % klen] ^= c[j];
+    crypto_stream_xor(m,c,clen,n,k);
+    crypto_stream(s,slen,n,k);
+    for (j = 0;j < mlen;++j)
+      if ((s[j] ^ m[j]) != c[j]) return "crypto_stream_xor does not match crypto_stream";
+    for (j = 0;j < mlen;++j) n[j % nlen] ^= m[j];
+    m[mlen] = 0;
+  }
+
+  for (i = 0;i < crypto_stream_KEYBYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (k[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & k[i]];
+  }
+  checksum[2 * i] = 0;
+
+  return 0;
+}

src/libnacl/crypto_stream/wrapper-stream.cpp

@@ -0,0 +1,12 @@
+#include <string>
+using std::string;
+#include "crypto_stream.h"
+
+string crypto_stream(size_t clen,const string &n,const string &k)
+{
+  if (n.size() != crypto_stream_NONCEBYTES) throw "incorrect nonce length";
+  if (k.size() != crypto_stream_KEYBYTES) throw "incorrect key length";
+  unsigned char c[clen];
+  crypto_stream(c,clen,(const unsigned char *) n.c_str(),(const unsigned char *) k.c_str());
+  return string((char *) c,clen);
+}

src/libnacl/crypto_stream/wrapper-xor.cpp

@@ -0,0 +1,17 @@
+#include <string>
+using std::string;
+#include "crypto_stream.h"
+
+string crypto_stream_xor(const string &m,const string &n,const string &k)
+{
+  if (n.size() != crypto_stream_NONCEBYTES) throw "incorrect nonce length";
+  if (k.size() != crypto_stream_KEYBYTES) throw "incorrect key length";
+  size_t mlen = m.size();
+  unsigned char c[mlen];
+  crypto_stream_xor(c,
+    (const unsigned char *) m.c_str(),mlen,
+    (const unsigned char *) n.c_str(),
+    (const unsigned char *) k.c_str()
+    );
+  return string((char *) c,mlen);
+}

src/libnacl/crypto_stream/xsalsa20/checksum

@@ -0,0 +1 @@
+201bc58a96adcb6ed339ca33c188af8ca04a4ce68be1e0953309ee09a0cf8e7a

src/libnacl/crypto_stream/xsalsa20/ref/api.h

@@ -0,0 +1,2 @@
+#define CRYPTO_KEYBYTES 32
+#define CRYPTO_NONCEBYTES 24

src/libnacl/crypto_stream/xsalsa20/ref/implementors

@@ -0,0 +1 @@
+Daniel J. Bernstein

src/libnacl/crypto_stream/xsalsa20/ref/stream.c

@@ -0,0 +1,22 @@
+/*
+version 20080914
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_hsalsa20.h"
+#include "crypto_stream_salsa20.h"
+#include "crypto_stream.h"
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream(
+        unsigned char *c,unsigned long long clen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  unsigned char subkey[32];
+  crypto_core_hsalsa20(subkey,n,k,sigma);
+  return crypto_stream_salsa20(c,clen,n + 16,subkey);
+}

src/libnacl/crypto_stream/xsalsa20/ref/xor.c

@@ -0,0 +1,23 @@
+/*
+version 20080913
+D. J. Bernstein
+Public domain.
+*/
+
+#include "crypto_core_hsalsa20.h"
+#include "crypto_stream_salsa20.h"
+#include "crypto_stream.h"
+
+static const unsigned char sigma[16] = "expand 32-byte k";
+
+int crypto_stream_xor(
+        unsigned char *c,
+  const unsigned char *m,unsigned long long mlen,
+  const unsigned char *n,
+  const unsigned char *k
+)
+{
+  unsigned char subkey[32];
+  crypto_core_hsalsa20(subkey,n,k,sigma);
+  return crypto_stream_salsa20_xor(c,m,mlen,n + 16,subkey);
+}

src/libnacl/crypto_verify/16/checksum

@@ -0,0 +1 @@
+0

src/libnacl/crypto_verify/16/ref/api.h

@@ -0,0 +1 @@
+#define CRYPTO_BYTES 16

src/libnacl/crypto_verify/16/ref/verify.c

@@ -0,0 +1,24 @@
+#include "crypto_verify.h"
+
+int crypto_verify(const unsigned char *x,const unsigned char *y)
+{
+  unsigned int differentbits = 0;
+#define F(i) differentbits |= x[i] ^ y[i];
+  F(0)
+  F(1)
+  F(2)
+  F(3)
+  F(4)
+  F(5)
+  F(6)
+  F(7)
+  F(8)
+  F(9)
+  F(10)
+  F(11)
+  F(12)
+  F(13)
+  F(14)
+  F(15)
+  return (1 & ((differentbits - 1) >> 8)) - 1;
+}

src/libnacl/crypto_verify/32/checksum

@@ -0,0 +1 @@
+0

src/libnacl/crypto_verify/32/ref/api.h

@@ -0,0 +1 @@
+#define CRYPTO_BYTES 32

src/libnacl/crypto_verify/32/ref/verify.c

@@ -0,0 +1,40 @@
+#include "crypto_verify.h"
+
+int crypto_verify(const unsigned char *x,const unsigned char *y)
+{
+  unsigned int differentbits = 0;
+#define F(i) differentbits |= x[i] ^ y[i];
+  F(0)
+  F(1)
+  F(2)
+  F(3)
+  F(4)
+  F(5)
+  F(6)
+  F(7)
+  F(8)
+  F(9)
+  F(10)
+  F(11)
+  F(12)
+  F(13)
+  F(14)
+  F(15)
+  F(16)
+  F(17)
+  F(18)
+  F(19)
+  F(20)
+  F(21)
+  F(22)
+  F(23)
+  F(24)
+  F(25)
+  F(26)
+  F(27)
+  F(28)
+  F(29)
+  F(30)
+  F(31)
+  return (1 & ((differentbits - 1) >> 8)) - 1;
+}

src/libnacl/crypto_verify/measure.c

@@ -0,0 +1,18 @@
+#include "crypto_verify.h"
+
+const char *primitiveimplementation = crypto_verify_IMPLEMENTATION;
+const char *implementationversion = crypto_verify_VERSION;
+const char *sizenames[] = { "inputbytes", 0 };
+const long long sizes[] = { crypto_verify_BYTES };
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+}
+
+void measure(void)
+{
+}

src/libnacl/crypto_verify/try.c

@@ -0,0 +1,76 @@
+/*
+ * crypto_verify/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdlib.h>
+#include "crypto_verify.h"
+#include "windows/windows-quirks.h"
+
+extern unsigned char *alignedcalloc(unsigned long long);
+
+const char *primitiveimplementation = crypto_verify_IMPLEMENTATION;
+
+static unsigned char *x;
+static unsigned char *y;
+
+void preallocate(void)
+{
+}
+
+void allocate(void)
+{
+  x = alignedcalloc(crypto_verify_BYTES);
+  y = alignedcalloc(crypto_verify_BYTES);
+}
+
+void predoit(void)
+{
+}
+
+void doit(void)
+{
+  crypto_verify(x,y);
+}
+
+static const char *check(void)
+{
+  int r = crypto_verify(x,y);
+  if (r == 0) {
+    if (memcmp(x,y,crypto_verify_BYTES)) return "different strings pass verify";
+  } else if (r == -1) {
+    if (!memcmp(x,y,crypto_verify_BYTES)) return "equal strings fail verify";
+  } else {
+    return "weird return value from verify";
+  }
+  return 0;
+}
+
+char checksum[2];
+
+const char *checksum_compute(void)
+{
+  long long tests;
+  long long i;
+  long long j;
+  const char *c;
+
+  for (tests = 0;tests < 100000;++tests) {
+    for (i = 0;i < crypto_verify_BYTES;++i) x[i] = random();
+    for (i = 0;i < crypto_verify_BYTES;++i) y[i] = random();
+    c = check(); if (c) return c;
+    for (i = 0;i < crypto_verify_BYTES;++i) y[i] = x[i];
+    c = check(); if (c) return c;
+    y[random() % crypto_verify_BYTES] = random();
+    c = check(); if (c) return c;
+    y[random() % crypto_verify_BYTES] = random();
+    c = check(); if (c) return c;
+    y[random() % crypto_verify_BYTES] = random();
+    c = check(); if (c) return c;
+  }
+
+  checksum[0] = '0';
+  checksum[1] = 0;
+  return 0;
+}

src/libnacl/dist-dirs

@@ -0,0 +1,74 @@
+.
+./commandline
+./cpucycles
+./cpuid
+./crypto_auth
+./crypto_auth/hmacsha256
+./crypto_auth/hmacsha256/ref
+./crypto_auth/hmacsha512256
+./crypto_auth/hmacsha512256/ref
+./crypto_box
+./crypto_box/curve25519xsalsa20poly1305
+./crypto_box/curve25519xsalsa20poly1305/ref
+./crypto_core
+./crypto_core/hsalsa20
+./crypto_core/hsalsa20/ref
+./crypto_core/hsalsa20/ref2
+./crypto_core/salsa20
+./crypto_core/salsa20/ref
+./crypto_core/salsa2012
+./crypto_core/salsa2012/ref
+./crypto_core/salsa208
+./crypto_core/salsa208/ref
+./crypto_hash
+./crypto_hash/sha256
+./crypto_hash/sha256/ref
+./crypto_hash/sha512
+./crypto_hash/sha512/ref
+./crypto_hashblocks
+./crypto_hashblocks/sha256
+./crypto_hashblocks/sha256/inplace
+./crypto_hashblocks/sha256/ref
+./crypto_hashblocks/sha512
+./crypto_hashblocks/sha512/inplace
+./crypto_hashblocks/sha512/ref
+./crypto_onetimeauth
+./crypto_onetimeauth/poly1305
+./crypto_onetimeauth/poly1305/53
+./crypto_onetimeauth/poly1305/amd64
+./crypto_onetimeauth/poly1305/ref
+./crypto_onetimeauth/poly1305/x86
+./crypto_scalarmult
+./crypto_scalarmult/curve25519
+./crypto_scalarmult/curve25519/donna_c64
+./crypto_scalarmult/curve25519/ref
+./crypto_secretbox
+./crypto_secretbox/xsalsa20poly1305
+./crypto_secretbox/xsalsa20poly1305/ref
+./crypto_sign
+./crypto_sign/ed25519
+./crypto_sign/ed25519/ref
+./crypto_sign/edwards25519sha512batch
+./crypto_sign/edwards25519sha512batch/ref
+./crypto_stream
+./crypto_stream/aes128ctr
+./crypto_stream/aes128ctr/portable
+./crypto_stream/salsa20
+./crypto_stream/salsa20/ref
+./crypto_stream/salsa2012
+./crypto_stream/salsa2012/ref
+./crypto_stream/salsa208
+./crypto_stream/salsa208/ref
+./crypto_stream/xsalsa20
+./crypto_stream/xsalsa20/ref
+./crypto_verify
+./crypto_verify/16
+./crypto_verify/16/ref
+./crypto_verify/32
+./crypto_verify/32/ref
+./inttypes
+./okcompilers
+./randombytes
+./tests
+./windows
+./windows/include

src/libnacl/dist-files

@@ -0,0 +1,422 @@
+./commandline/nacl-sha256.c
+./commandline/nacl-sha512.c
+./cpucycles/alpha.c
+./cpucycles/alpha.h
+./cpucycles/amd64cpuinfo.c
+./cpucycles/amd64cpuinfo.h
+./cpucycles/amd64cpuspeed.c
+./cpucycles/amd64cpuspeed.h
+./cpucycles/amd64tscfreq.c
+./cpucycles/amd64tscfreq.h
+./cpucycles/celllinux.c
+./cpucycles/celllinux.h
+./cpucycles/cortex.c
+./cpucycles/cortex.h
+./cpucycles/dev4ns.c
+./cpucycles/dev4ns.h
+./cpucycles/do
+./cpucycles/gettimeofday.c
+./cpucycles/gettimeofday.h
+./cpucycles/hppapstat.c
+./cpucycles/hppapstat.h
+./cpucycles/ia64cpuinfo.c
+./cpucycles/ia64cpuinfo.h
+./cpucycles/mips.c
+./cpucycles/mips.h
+./cpucycles/monotonic.c
+./cpucycles/monotonic.h
+./cpucycles/monotoniccpuinfo.c
+./cpucycles/monotoniccpuinfo.h
+./cpucycles/osfreq.c
+./cpucycles/powerpccpuinfo.c
+./cpucycles/powerpccpuinfo.h
+./cpucycles/powerpcmacos.c
+./cpucycles/powerpcmacos.h
+./cpucycles/sgi.c
+./cpucycles/sgi.h
+./cpucycles/sparc32cpuinfo.c
+./cpucycles/sparc32cpuinfo.h
+./cpucycles/sparccpuinfo.c
+./cpucycles/sparccpuinfo.h
+./cpucycles/test.c
+./cpucycles/x86cpuinfo.c
+./cpucycles/x86cpuinfo.h
+./cpucycles/x86cpuspeed.c
+./cpucycles/x86cpuspeed.h
+./cpucycles/x86estimate.c
+./cpucycles/x86estimate.h
+./cpucycles/x86tscfreq.c
+./cpucycles/x86tscfreq.h
+./cpuid/cbytes.c
+./cpuid/cpuid.c
+./cpuid/do
+./cpuid/unknown.c
+./cpuid/x86.c
+./crypto_auth/hmacsha256/checksum
+./crypto_auth/hmacsha256/ref/api.h
+./crypto_auth/hmacsha256/ref/hmac.c
+./crypto_auth/hmacsha256/ref/verify.c
+./crypto_auth/hmacsha256/used
+./crypto_auth/hmacsha512256/checksum
+./crypto_auth/hmacsha512256/ref/api.h
+./crypto_auth/hmacsha512256/ref/hmac.c
+./crypto_auth/hmacsha512256/ref/verify.c
+./crypto_auth/hmacsha512256/selected
+./crypto_auth/hmacsha512256/used
+./crypto_auth/measure.c
+./crypto_auth/try.c
+./crypto_auth/wrapper-auth.cpp
+./crypto_auth/wrapper-verify.cpp
+./crypto_box/curve25519xsalsa20poly1305/checksum
+./crypto_box/curve25519xsalsa20poly1305/ref/after.c
+./crypto_box/curve25519xsalsa20poly1305/ref/api.h
+./crypto_box/curve25519xsalsa20poly1305/ref/before.c
+./crypto_box/curve25519xsalsa20poly1305/ref/box.c
+./crypto_box/curve25519xsalsa20poly1305/ref/keypair.c
+./crypto_box/curve25519xsalsa20poly1305/selected
+./crypto_box/curve25519xsalsa20poly1305/used
+./crypto_box/measure.c
+./crypto_box/try.c
+./crypto_box/wrapper-box.cpp
+./crypto_box/wrapper-keypair.cpp
+./crypto_box/wrapper-open.cpp
+./crypto_core/hsalsa20/checksum
+./crypto_core/hsalsa20/ref/api.h
+./crypto_core/hsalsa20/ref/core.c
+./crypto_core/hsalsa20/ref/implementors
+./crypto_core/hsalsa20/ref2/api.h
+./crypto_core/hsalsa20/ref2/core.c
+./crypto_core/hsalsa20/ref2/implementors
+./crypto_core/hsalsa20/used
+./crypto_core/measure.c
+./crypto_core/salsa20/checksum
+./crypto_core/salsa20/ref/api.h
+./crypto_core/salsa20/ref/core.c
+./crypto_core/salsa20/ref/implementors
+./crypto_core/salsa20/used
+./crypto_core/salsa2012/checksum
+./crypto_core/salsa2012/ref/api.h
+./crypto_core/salsa2012/ref/core.c
+./crypto_core/salsa2012/ref/implementors
+./crypto_core/salsa2012/used
+./crypto_core/salsa208/checksum
+./crypto_core/salsa208/ref/api.h
+./crypto_core/salsa208/ref/core.c
+./crypto_core/salsa208/ref/implementors
+./crypto_core/salsa208/used
+./crypto_core/try.c
+./crypto_core/wrapper-empty.cpp
+./crypto_hash/measure.c
+./crypto_hash/sha256/checksum
+./crypto_hash/sha256/ref/api.h
+./crypto_hash/sha256/ref/hash.c
+./crypto_hash/sha256/ref/implementors
+./crypto_hash/sha256/used
+./crypto_hash/sha512/checksum
+./crypto_hash/sha512/ref/api.h
+./crypto_hash/sha512/ref/hash.c
+./crypto_hash/sha512/ref/implementors
+./crypto_hash/sha512/selected
+./crypto_hash/sha512/used
+./crypto_hash/try.c
+./crypto_hash/wrapper-hash.cpp
+./crypto_hashblocks/measure.c
+./crypto_hashblocks/sha256/checksum
+./crypto_hashblocks/sha256/inplace/api.h
+./crypto_hashblocks/sha256/inplace/blocks.c
+./crypto_hashblocks/sha256/inplace/implementors
+./crypto_hashblocks/sha256/ref/api.h
+./crypto_hashblocks/sha256/ref/blocks.c
+./crypto_hashblocks/sha256/ref/implementors
+./crypto_hashblocks/sha256/used
+./crypto_hashblocks/sha512/checksum
+./crypto_hashblocks/sha512/inplace/api.h
+./crypto_hashblocks/sha512/inplace/blocks.c
+./crypto_hashblocks/sha512/inplace/implementors
+./crypto_hashblocks/sha512/ref/api.h
+./crypto_hashblocks/sha512/ref/blocks.c
+./crypto_hashblocks/sha512/ref/implementors
+./crypto_hashblocks/sha512/selected
+./crypto_hashblocks/sha512/used
+./crypto_hashblocks/try.c
+./crypto_hashblocks/wrapper-empty.cpp
+./crypto_onetimeauth/measure.c
+./crypto_onetimeauth/poly1305/53/api.h
+./crypto_onetimeauth/poly1305/53/auth.c
+./crypto_onetimeauth/poly1305/53/verify.c
+./crypto_onetimeauth/poly1305/amd64/api.h
+./crypto_onetimeauth/poly1305/amd64/auth.s
+./crypto_onetimeauth/poly1305/amd64/constants.s
+./crypto_onetimeauth/poly1305/amd64/verify.c
+./crypto_onetimeauth/poly1305/checksum
+./crypto_onetimeauth/poly1305/ref/api.h
+./crypto_onetimeauth/poly1305/ref/auth.c
+./crypto_onetimeauth/poly1305/ref/verify.c
+./crypto_onetimeauth/poly1305/selected
+./crypto_onetimeauth/poly1305/used
+./crypto_onetimeauth/poly1305/x86/api.h
+./crypto_onetimeauth/poly1305/x86/auth.s
+./crypto_onetimeauth/poly1305/x86/constants.s
+./crypto_onetimeauth/poly1305/x86/verify.c
+./crypto_onetimeauth/try.c
+./crypto_onetimeauth/wrapper-auth.cpp
+./crypto_onetimeauth/wrapper-verify.cpp
+./crypto_scalarmult/curve25519/checksum
+./crypto_scalarmult/curve25519/donna_c64/api.h
+./crypto_scalarmult/curve25519/donna_c64/base.c
+./crypto_scalarmult/curve25519/donna_c64/implementors
+./crypto_scalarmult/curve25519/donna_c64/smult.c
+./crypto_scalarmult/curve25519/ref/api.h
+./crypto_scalarmult/curve25519/ref/base.c
+./crypto_scalarmult/curve25519/ref/implementors
+./crypto_scalarmult/curve25519/ref/smult.c
+./crypto_scalarmult/curve25519/used
+./crypto_scalarmult/measure.c
+./crypto_scalarmult/try.c
+./crypto_scalarmult/wrapper-base.cpp
+./crypto_scalarmult/wrapper-mult.cpp
+./crypto_secretbox/measure.c
+./crypto_secretbox/try.c
+./crypto_secretbox/wrapper-box.cpp
+./crypto_secretbox/wrapper-open.cpp
+./crypto_secretbox/xsalsa20poly1305/checksum
+./crypto_secretbox/xsalsa20poly1305/ref/api.h
+./crypto_secretbox/xsalsa20poly1305/ref/box.c
+./crypto_secretbox/xsalsa20poly1305/selected
+./crypto_secretbox/xsalsa20poly1305/used
+./crypto_sign/ed25519/description
+./crypto_sign/ed25519/designers
+./crypto_sign/ed25519/ref/api.h
+./crypto_sign/ed25519/ref/ed25519.c
+./crypto_sign/ed25519/ref/fe25519.c
+./crypto_sign/ed25519/ref/fe25519.h
+./crypto_sign/ed25519/ref/ge25519.c
+./crypto_sign/ed25519/ref/ge25519.h
+./crypto_sign/ed25519/ref/ge25519_base.data
+./crypto_sign/ed25519/ref/implementors
+./crypto_sign/ed25519/ref/sc25519.c
+./crypto_sign/ed25519/ref/sc25519.h
+./crypto_sign/ed25519/selected
+./crypto_sign/ed25519/used
+./crypto_sign/edwards25519sha512batch/ref/api.h
+./crypto_sign/edwards25519sha512batch/ref/fe25519.c
+./crypto_sign/edwards25519sha512batch/ref/fe25519.h
+./crypto_sign/edwards25519sha512batch/ref/ge25519.c
+./crypto_sign/edwards25519sha512batch/ref/ge25519.h
+./crypto_sign/edwards25519sha512batch/ref/sc25519.c
+./crypto_sign/edwards25519sha512batch/ref/sc25519.h
+./crypto_sign/edwards25519sha512batch/ref/sign.c
+./crypto_sign/edwards25519sha512batch/selected
+./crypto_sign/edwards25519sha512batch/used
+./crypto_sign/measure.c
+./crypto_sign/try.c
+./crypto_sign/wrapper-keypair.cpp
+./crypto_sign/wrapper-sign-open.cpp
+./crypto_sign/wrapper-sign.cpp
+./crypto_stream/aes128ctr/checksum
+./crypto_stream/aes128ctr/portable/afternm.c
+./crypto_stream/aes128ctr/portable/api.h
+./crypto_stream/aes128ctr/portable/beforenm.c
+./crypto_stream/aes128ctr/portable/common.c
+./crypto_stream/aes128ctr/portable/common.h
+./crypto_stream/aes128ctr/portable/consts.c
+./crypto_stream/aes128ctr/portable/consts.h
+./crypto_stream/aes128ctr/portable/int128.c
+./crypto_stream/aes128ctr/portable/int128.h
+./crypto_stream/aes128ctr/portable/stream.c
+./crypto_stream/aes128ctr/portable/types.h
+./crypto_stream/aes128ctr/portable/xor_afternm.c
+./crypto_stream/aes128ctr/used
+./crypto_stream/measure.c
+./crypto_stream/salsa20/checksum
+./crypto_stream/salsa20/ref/api.h
+./crypto_stream/salsa20/ref/implementors
+./crypto_stream/salsa20/ref/stream.c
+./crypto_stream/salsa20/ref/xor.c
+./crypto_stream/salsa20/used
+./crypto_stream/salsa2012/checksum
+./crypto_stream/salsa2012/ref/api.h
+./crypto_stream/salsa2012/ref/implementors
+./crypto_stream/salsa2012/ref/stream.c
+./crypto_stream/salsa2012/ref/xor.c
+./crypto_stream/salsa2012/used
+./crypto_stream/salsa208/checksum
+./crypto_stream/salsa208/ref/api.h
+./crypto_stream/salsa208/ref/implementors
+./crypto_stream/salsa208/ref/stream.c
+./crypto_stream/salsa208/ref/xor.c
+./crypto_stream/salsa208/used
+./crypto_stream/try.c
+./crypto_stream/wrapper-stream.cpp
+./crypto_stream/wrapper-xor.cpp
+./crypto_stream/xsalsa20/checksum
+./crypto_stream/xsalsa20/ref/api.h
+./crypto_stream/xsalsa20/ref/implementors
+./crypto_stream/xsalsa20/ref/stream.c
+./crypto_stream/xsalsa20/ref/xor.c
+./crypto_stream/xsalsa20/selected
+./crypto_stream/xsalsa20/used
+./crypto_verify/16/checksum
+./crypto_verify/16/ref/api.h
+./crypto_verify/16/ref/verify.c
+./crypto_verify/16/used
+./crypto_verify/32/checksum
+./crypto_verify/32/ref/api.h
+./crypto_verify/32/ref/verify.c
+./crypto_verify/32/used
+./crypto_verify/measure.c
+./crypto_verify/try.c
+./crypto_verify/wrapper-empty.cpp
+./dist-dirs
+./dist-files
+./do
+./inttypes/crypto_int16.c
+./inttypes/crypto_int32.c
+./inttypes/crypto_int64.c
+./inttypes/crypto_int8.c
+./inttypes/crypto_uint16.c
+./inttypes/crypto_uint32.c
+./inttypes/crypto_uint64.c
+./inttypes/crypto_uint8.c
+./inttypes/do
+./inttypes/signed.h
+./inttypes/unsigned.h
+./MACROS
+./Makefile.in
+./measure-anything.c
+./okcompilers/abiname.c
+./okcompilers/abinames
+./okcompilers/archivers
+./okcompilers/c.in
+./okcompilers/do.in
+./okcompilers/lib.c
+./okcompilers/lib.cpp
+./okcompilers/main.c
+./okcompilers/main.cpp
+./okcompilers/test-okar
+./okcompilers/test-okc
+./okcompilers/test-okc2
+./okcompilers/test-okclink
+./okcompilers/test.c
+./okcompilers/test10.c
+./okcompilers/test5.c
+./okcompilers/test5.cpp
+./okcompilers/test6.c
+./okcompilers/test9.c
+./OPERATIONS
+./PROTOTYPES.c
+./PROTOTYPES.cpp
+./randombytes/devurandom.c
+./randombytes/devurandom.h
+./randombytes/do
+./randombytes/test.c
+./tests/auth.c
+./tests/auth.out
+./tests/auth2.c
+./tests/auth2.out
+./tests/auth3.c
+./tests/auth3.out
+./tests/auth4.cpp
+./tests/auth4.out
+./tests/auth5.c
+./tests/auth5.out
+./tests/auth6.cpp
+./tests/auth6.out
+./tests/box.c
+./tests/box.out
+./tests/box2.c
+./tests/box2.out
+./tests/box3.cpp
+./tests/box3.out
+./tests/box4.cpp
+./tests/box4.out
+./tests/box5.cpp
+./tests/box5.out
+./tests/box6.cpp
+./tests/box6.out
+./tests/box7.c
+./tests/box7.out
+./tests/box8.c
+./tests/box8.out
+./tests/core1.c
+./tests/core1.out
+./tests/core2.c
+./tests/core2.out
+./tests/core3.c
+./tests/core3.out
+./tests/core4.c
+./tests/core4.out
+./tests/core5.c
+./tests/core5.out
+./tests/core6.c
+./tests/core6.out
+./tests/hash.c
+./tests/hash.out
+./tests/hash2.cpp
+./tests/hash2.out
+./tests/hash3.c
+./tests/hash3.out
+./tests/hash4.cpp
+./tests/hash4.out
+./tests/Makefile.in
+./tests/onetimeauth.c
+./tests/onetimeauth.out
+./tests/onetimeauth2.c
+./tests/onetimeauth2.out
+./tests/onetimeauth5.cpp
+./tests/onetimeauth5.out
+./tests/onetimeauth6.cpp
+./tests/onetimeauth6.out
+./tests/onetimeauth7.c
+./tests/onetimeauth7.out
+./tests/onetimeauth8.cpp
+./tests/onetimeauth8.out
+./tests/scalarmult.c
+./tests/scalarmult.out
+./tests/scalarmult2.c
+./tests/scalarmult2.out
+./tests/scalarmult3.cpp
+./tests/scalarmult3.out
+./tests/scalarmult4.cpp
+./tests/scalarmult4.out
+./tests/scalarmult5.c
+./tests/scalarmult5.out
+./tests/scalarmult6.c
+./tests/scalarmult6.out
+./tests/scalarmult7.cpp
+./tests/scalarmult7.out
+./tests/secretbox.c
+./tests/secretbox.out
+./tests/secretbox2.c
+./tests/secretbox2.out
+./tests/secretbox3.cpp
+./tests/secretbox3.out
+./tests/secretbox4.cpp
+./tests/secretbox4.out
+./tests/secretbox5.cpp
+./tests/secretbox5.out
+./tests/secretbox6.cpp
+./tests/secretbox6.out
+./tests/secretbox7.c
+./tests/secretbox7.out
+./tests/secretbox8.c
+./tests/secretbox8.out
+./tests/stream.c
+./tests/stream.out
+./tests/stream2.c
+./tests/stream2.out
+./tests/stream3.c
+./tests/stream3.out
+./tests/stream4.c
+./tests/stream4.out
+./tests/stream5.cpp
+./tests/stream5.out
+./tests/stream6.cpp
+./tests/stream6.out
+./tests/stream7.cpp
+./tests/stream7.out
+./tests/stream8.cpp
+./tests/stream8.out
+./try-anything.c
+./version
+./windows/include/windows-quirks.h

src/libnacl/do

@@ -0,0 +1,309 @@
+#!/bin/sh
+
+# nacl/do
+# D. J. Bernstein
+# Public domain.
+
+version=`cat version`
+project=nacl
+shorthostname="localhost"
+
+top="`pwd`/build/$shorthostname"
+bin="$top/bin"
+lib="$top/lib"
+include="$top/include"
+work="$top/work"
+
+PATH="/usr/local/bin:$PATH"
+PATH="/usr/sfw/bin:$PATH"
+PATH="$bin:$PATH"
+export PATH
+
+LD_LIBRARY_PATH="/usr/local/lib/sparcv9:/usr/local/lib:$LD_LIBRARY_PATH"
+LD_LIBRARY_PATH="/usr/sfw/lib/sparcv9:/usr/sfw/lib:$LD_LIBRARY_PATH"
+export LD_LIBRARY_PATH
+
+# and wacky MacOS X
+DYLD_LIBRARY_PATH="/usr/local/lib/sparcv9:/usr/local/lib:$DYLD_LIBRARY_PATH"
+DYLD_LIBRARY_PATH="/usr/sfw/lib/sparcv9:/usr/sfw/lib:$DYLD_LIBRARY_PATH"
+export DYLD_LIBRARY_PATH
+
+# and work around bug in GNU sort
+LANG=C
+export LANG
+
+rm -rf "$top"
+mkdir -p "$top"
+mkdir -p "$bin"
+mkdir -p "$lib"
+mkdir -p "$include"
+
+exec 5>"$top/data"
+exec 2>"$top/errors"
+exec </dev/null
+
+echo "=== `date` === starting"
+
+echo "=== `date` === hostname"
+hostname || :
+echo "=== `date` === uname -a"
+uname -a || :
+echo "=== `date` === uname -M"
+uname -M || :
+echo "=== `date` === uname -F"
+uname -F || :
+echo "=== `date` === /usr/sbin/lscfg | grep proc"
+/usr/sbin/lscfg | grep proc || :
+echo "=== `date` === /usr/sbin/lsattr -El proc0"
+/usr/sbin/lsattr -El proc0 || :
+echo "=== `date` === cat /proc/cpuinfo"
+cat /proc/cpuinfo || :
+echo "=== `date` === cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq"
+cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq || :
+echo "=== `date` === cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq"
+cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq || :
+echo "=== `date` === cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq"
+cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq || :
+echo "=== `date` === cat /sys/devices/system/cpu/cpu0/clock_tick"
+cat /sys/devices/system/cpu/cpu0/clock_tick || :
+echo "=== `date` === sysctl hw.model"
+sysctl hw.model || :
+echo "=== `date` === sysctl machdep.tsc_freq"
+sysctl machdep.tsc_freq || :
+echo "=== `date` === /usr/sbin/psrinfo -v"
+/usr/sbin/psrinfo -v || :
+
+echo "=== `date` === building okcompilers"
+rm -rf "$work"
+mkdir -p "$work"
+cp -pr okcompilers/* "$work"
+( cd "$work" && sh do )
+cp -p "$work"/bin/* "$bin"
+
+echo "=== `date` === copying windows headers"
+mkdir -p "${include}/windows"
+cp -pr windows/include/* "${include}/windows/"
+
+echo "=== `date` === building cpuid"
+rm -rf "$work"
+mkdir -p "$work"
+cp -pr cpuid/* "$work"
+( cd "$work" && sh do )
+cp -pr "$work"/include/* "$include"
+
+echo "=== `date` === building inttypes"
+rm -rf "$work"
+mkdir -p "$work"
+cp -pr inttypes/* "$work"
+( cd "$work" && sh do )
+cp -pr "$work"/include/* "$include"
+
+echo "=== `date` === building cpucycles"
+rm -rf "$work"
+mkdir -p "$work"
+cp -pr cpucycles/* "$work"
+( cd "$work" && sh do )
+cp -pr "$work"/lib/* "$lib"
+cp -pr "$work"/include/* "$include"
+
+echo "=== `date` === building randombytes"
+rm -rf "$work"
+mkdir -p "$work"
+cp -pr randombytes/* "$work"
+( cd "$work" && sh do )
+cp -pr "$work"/lib/* "$lib"
+cp -pr "$work"/include/* "$include"
+
+okabi \
+| while read abi
+do
+  rm -rf "$work"
+  mkdir -p "$work"
+  echo 'void crypto_'"$project"'_base(void) { ; }' > "$work/${project}_base.c"
+  okc-$abi \
+  | while read compiler
+  do
+    ( cd "$work" && $compiler -c ${project}_base.c ) && break
+  done
+  okar-$abi cr "$lib/$abi/lib${project}.a" "$work/${project}_base.o"
+  ( okranlib-$abi "$lib/$abi/lib${project}.a" || exit 0 )
+done
+
+ulimit -c 0
+
+# loop over operations
+cat OPERATIONS \
+| while read o
+do
+  [ -d "$o" ] || continue
+
+  selected=''
+  [ -f "$o/selected" ] && selected=`cat "$o/selected"`
+
+  # for each operation, loop over primitives
+  ls "$o" \
+  | sort \
+  | while read p
+  do
+    [ -d "$o/$p" ] || continue
+    expectedchecksum=''
+    [ -f "$o/$p/checksum" ] && expectedchecksum=`cat "$o/$p/checksum"`
+    op="${o}_${p}"
+
+    startdate=`date +%Y%m%d`
+
+    # for each operation primitive, loop over abis
+    okabi \
+    | while read abi
+    do
+      echo "=== `date` === $abi $o/$p"
+      libs=`"oklibs-$abi"`
+      libs="$lib/$abi/cpucycles.o $libs"
+      [ -f "$lib/$abi/lib${project}.a" ] && libs="$lib/$abi/lib${project}.a $libs"
+
+      rm -rf "$work"
+      mkdir -p "$work"
+      mkdir -p "$work/best"
+
+      # for each operation primitive abi, loop over implementations
+      find "$o/$p" -follow -name "api.h" \
+      | sort \
+      | while read doth
+      do
+        implementationdir=`dirname $doth`
+	opi=`echo "$implementationdir" | tr ./- ___`
+
+	echo "=== `date` === $abi $implementationdir"
+
+	rm -rf "$work/compile"
+	mkdir -p "$work/compile"
+
+	cfiles=`ls "$implementationdir" | grep '\.c$' || :`
+	sfiles=`ls "$implementationdir" | grep '\.[sS]$' || :`
+
+	cp -p "$o"/*.c "$work/compile/"
+
+	cp -pr "$implementationdir"/* "$work/compile"
+
+	cp -p "try-anything.c" "$work/compile/try-anything.c"
+
+	cp -p MACROS "$work/compile/MACROS"
+	cp -p PROTOTYPES.c "$work/compile/PROTOTYPES.c"
+
+	(
+	  cd "$work/compile"
+	  (
+	    echo "#ifndef ${o}_H"
+	    echo "#define ${o}_H"
+	    echo ""
+	    echo "#include \"${op}.h\""
+	    echo ""
+	    egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < MACROS \
+	    | sed "s/$o/$op/" | while read mop
+	    do
+	      echo "#define ${mop} ${mop}" | sed "s/$op/$o/"
+	    done
+	    echo "#define ${o}_PRIMITIVE \"${p}\""
+	    echo "#define ${o}_IMPLEMENTATION ${op}_IMPLEMENTATION"
+	    echo "#define ${o}_VERSION ${op}_VERSION"
+	    echo ""
+	    echo "#endif"
+	  ) > "$o.h"
+	  (
+	    echo "#ifndef ${op}_H"
+	    echo "#define ${op}_H"
+	    echo ""
+	    sed 's/[ 	]CRYPTO_/ '"${opi}"'_/g' < api.h
+	    echo '#ifdef __cplusplus'
+	    echo '#include <string>'
+	    echo 'extern "C" {'
+	    echo '#endif'
+	    egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < PROTOTYPES.c \
+	    | sed "s/$o/$opi/"
+	    echo '#ifdef __cplusplus'
+	    echo '}'
+	    echo '#endif'
+	    echo ""
+	    egrep "${o}"'$|'"${o}"'\(|'"${o}"'_' < MACROS \
+	    | sed "s/$o/$opi/" | while read mopi
+	    do
+	      echo "#define ${mopi} ${mopi}" | sed "s/$opi/$op/"
+	    done
+	    echo "#define ${op}_IMPLEMENTATION \"${implementationdir}\""
+	    echo "#ifndef ${opi}_VERSION"
+	    echo "#define ${opi}_VERSION \"-\""
+	    echo "#endif"
+	    echo "#define ${op}_VERSION ${opi}_VERSION"
+	    echo ""
+	    echo "#endif"
+	  ) > "$op.h"
+
+	  okc-$abi \
+	  | while read compiler
+	  do
+	    echo "=== `date` === $abi $implementationdir $compiler"
+	    compilerword=`echo "$compiler" | tr ' ' '_'`
+	    ok=1
+	    for f in $cfiles $sfiles
+	    do
+	      if [ "$ok" = 1 ]
+	      then
+		$compiler \
+		  -I. -I"$include" -I"$include/$abi" \
+		  -c "$f" >../errors 2>&1 || ok=0
+		( if [ `wc -l < ../errors` -lt 25 ]
+		  then
+		    cat ../errors
+		  else
+		    head ../errors
+		    echo ...
+		    tail ../errors
+		  fi
+		) \
+		| while read err
+		do
+		  echo "$version $shorthostname $abi $startdate $o $p fromcompiler $implementationdir $compilerword $f $err" >&5
+		done
+	      fi
+	    done
+
+	    [ "$ok" = 1 ] || continue
+	    okar-$abi cr "$op.a" *.o || continue
+	    okranlib-$abi "$op.a"
+
+	    $compiler \
+	      -I. -I"$include" -I"$include/$abi" \
+	      -o try try.c try-anything.c \
+	      "$op.a" $libs >../errors 2>&1 || ok=0
+	    cat ../errors \
+	    | while read err
+	    do
+	      echo "$version $shorthostname $abi $startdate $o $p fromcompiler $implementationdir $compilerword try.c $err" >&5
+	    done
+	    [ "$ok" = 1 ] || continue
+
+	    rm -f ../best/*.o || continue
+	    for f in *.o
+	    do
+	      cp -p "$f" "../best/${opi}-$f"
+	    done
+	    cp -p "$op.h" "../$op.h"
+	    cp -p "$o.h" "../$o.h"
+	  done
+	)
+      done
+
+      [ -f "$o/$p/used" ] \
+      && okar-$abi cr "$lib/$abi/lib${project}.a" "$work/best"/*.o \
+      && ( okranlib-$abi "$lib/$abi/lib${project}.a" || exit 0 ) \
+      && cp -p "$work/$op.h" "$include/$abi/$op.h" \
+      && [ -f "$o/$p/selected" ] \
+      && cp -p "$work/$o.h" "$include/$abi/$o.h" \
+      || :
+    done
+  done
+done
+
+echo "=== `date` === finishing"
+
+touch .done

src/libnacl/inttypes/crypto_int16.c

@@ -0,0 +1,3 @@
+#include "crypto_int16.h"
+#include "signed.h"
+DOIT(16,crypto_int16)

src/libnacl/inttypes/crypto_int32.c

@@ -0,0 +1,3 @@
+#include "crypto_int32.h"
+#include "signed.h"
+DOIT(32,crypto_int32)

src/libnacl/inttypes/crypto_int64.c

@@ -0,0 +1,3 @@
+#include "crypto_int64.h"
+#include "signed.h"
+DOIT(64,crypto_int64)

src/libnacl/inttypes/crypto_int8.c

@@ -0,0 +1,3 @@
+#include "crypto_int8.h"
+#include "signed.h"
+DOIT(8,crypto_int8)

src/libnacl/inttypes/crypto_uint16.c

@@ -0,0 +1,3 @@
+#include "crypto_uint16.h"
+#include "unsigned.h"
+DOIT(16,crypto_uint16)

src/libnacl/inttypes/crypto_uint32.c

@@ -0,0 +1,3 @@
+#include "crypto_uint32.h"
+#include "unsigned.h"
+DOIT(32,crypto_uint32)

src/libnacl/inttypes/crypto_uint64.c

@@ -0,0 +1,3 @@
+#include "crypto_uint64.h"
+#include "unsigned.h"
+DOIT(64,crypto_uint64)

src/libnacl/inttypes/crypto_uint8.c

@@ -0,0 +1,3 @@
+#include "crypto_uint8.h"
+#include "unsigned.h"
+DOIT(8,crypto_uint8)

src/libnacl/inttypes/do

@@ -0,0 +1,42 @@
+#!/bin/sh -e
+
+okabi | (
+  while read abi
+  do
+    (
+      echo 'int8 int8_t'
+      echo 'int16 int16_t'
+      echo 'int32 int32_t'
+      echo 'int64 int64_t'
+      echo 'uint8 uint8_t'
+      echo 'uint16 uint16_t'
+      echo 'uint32 uint32_t'
+      echo 'uint64 uint64_t'
+    ) | (
+      while read target source
+      do
+        okc-$abi | (
+          while read c
+	  do
+            [ -f include/$abi/crypto_$target.h ] && continue
+            echo "=== `date` === $abi trying $source as $target under $c..." >&2
+            rm -f crypto_$target crypto_$target.h
+            (
+              echo "#ifndef crypto_${target}_h"
+              echo "#define crypto_${target}_h"
+              echo ""
+              echo "#include <stdint.h>"
+              echo ""
+              echo "typedef ${source} crypto_${target};"
+              echo ""
+              echo "#endif"
+            ) > crypto_$target.h
+            $c -o crypto_$target crypto_$target.c || continue
+            mkdir -p include/$abi
+            cp crypto_$target.h include/$abi/crypto_$target.h
+	  done
+	)
+      done
+    )
+  done
+)

src/libnacl/inttypes/signed.h

@@ -0,0 +1,17 @@
+#define DOIT(bits,target) \
+int main() \
+{ \
+  target x; \
+  int i; \
+ \
+  x = 1; \
+  for (i = 0;i < bits;++i) { \
+    if (x == 0) return 100; \
+    x += x; \
+  } \
+  if (x != 0) return 100; \
+  x -= 1; \
+  if (x > 0) return 100; \
+ \
+  return 0; \
+}

src/libnacl/inttypes/unsigned.h

@@ -0,0 +1,17 @@
+#define DOIT(bits,target) \
+int main() \
+{ \
+  target x; \
+  int i; \
+ \
+  x = 1; \
+  for (i = 0;i < bits;++i) { \
+    if (x == 0) return 100; \
+    x += x; \
+  } \
+  if (x != 0) return 100; \
+  x -= 1; \
+  if (x < 0) return 100; \
+ \
+  return 0; \
+}

src/libnacl/measure-anything.c

@@ -0,0 +1,227 @@
+/*
+ * measure-anything.c version 20090223
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#ifndef _WIN32
+# include <sys/resource.h>
+#endif
+#include "cpucycles.h"
+#include "cpuid.h"
+
+typedef int uint32;
+
+static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ;
+static uint32 in[12];
+static uint32 out[8];
+static int outleft = 0;
+
+#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
+#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b));
+
+static void surf(void)
+{
+  uint32 t[12]; uint32 x; uint32 sum = 0;
+  int r; int i; int loop;
+
+  for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
+  for (i = 0;i < 8;++i) out[i] = seed[24 + i];
+  x = t[11];
+  for (loop = 0;loop < 2;++loop) {
+    for (r = 0;r < 16;++r) {
+      sum += 0x9e3779b9;
+      MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
+      MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
+      MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
+    }
+    for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
+  }
+}
+
+void randombytes(unsigned char *x,unsigned long long xlen)
+{
+  while (xlen > 0) {
+    if (!outleft) {
+      if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
+      surf();
+      outleft = 8;
+    }
+    *x = out[--outleft];
+    ++x;
+    --xlen;
+  }
+}
+
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void preallocate(void);
+extern void allocate(void);
+extern void measure(void);
+
+static void printword(const char *s)
+{
+  if (!*s) putchar('-');
+  while (*s) {
+    if (*s == ' ') putchar('_');
+    else if (*s == '\t') putchar('_');
+    else if (*s == '\r') putchar('_');
+    else if (*s == '\n') putchar('_');
+    else putchar(*s);
+    ++s;
+  }
+  putchar(' ');
+}
+
+static void printnum(long long x)
+{
+  printf("%lld ",x);
+}
+
+static void fail(const char *why)
+{
+  fprintf(stderr,"measure: fatal: %s\n",why);
+  exit(111);
+}
+
+unsigned char *alignedcalloc(unsigned long long len)
+{
+  unsigned char *x = (unsigned char *) calloc(1,len + 128);
+  if (!x) fail("out of memory");
+  /* will never deallocate so shifting is ok */
+  x += 63 & (-(unsigned long) x);
+  return x;
+}
+
+static long long cyclespersecond;
+
+static void printimplementations(void)
+{
+  int i;
+
+  printword("implementation");
+  printword(primitiveimplementation);
+  printword(implementationversion);
+  printf("\n"); fflush(stdout);
+
+  for (i = 0;sizenames[i];++i) {
+    printword(sizenames[i]);
+    printnum(sizes[i]);
+    printf("\n"); fflush(stdout);
+  }
+
+  printword("cpuid");
+  printword(cpuid);
+  printf("\n"); fflush(stdout);
+
+  printword("cpucycles_persecond");
+  printnum(cyclespersecond);
+  printf("\n"); fflush(stdout);
+
+  printword("cpucycles_implementation");
+  printword(cpucycles_implementation);
+  printf("\n"); fflush(stdout);
+
+  printword("compiler");
+  printword(COMPILER);
+#if defined(__VERSION__) && !defined(__ICC)
+  printword(__VERSION__);
+#elif defined(__xlc__)
+  printword(__xlc__);
+#elif defined(__ICC)
+  {
+    char buf[256];
+
+    sprintf(buf, "%d.%d.%d", __ICC/100, __ICC%100,
+            __INTEL_COMPILER_BUILD_DATE);
+    printword(buf);
+  }
+#elif defined(__PGIC__)
+  {
+    char buf[256];
+
+    sprintf(buf, "%d.%d.%d", __PGIC__, __PGIC_MINOR__, __PGIC_PATCHLEVEL__);
+    printword(buf);
+  }
+#elif defined(__SUNPRO_C)
+  {
+    char buf[256];
+    int major, minor, micro;
+
+    micro = __SUNPRO_C & 0xf;
+    minor = (__SUNPRO_C >> 4) & 0xf;
+    major = (__SUNPRO_C >> 8) & 0xf;
+
+    if (micro)
+      sprintf(buf, "%d.%d.%d", major, minor, micro);
+    else
+      sprintf(buf, "%d.%d", major, minor);
+    printword(buf);
+  }
+#else
+  printword("unknown compiler version");
+#endif
+  printf("\n"); fflush(stdout);
+}
+
+void printentry(long long mbytes,const char *measuring,long long *m,long long mlen)
+{
+  long long i;
+  long long j;
+  long long belowj;
+  long long abovej;
+
+  printword(measuring);
+  if (mbytes >= 0) printnum(mbytes); else printword("");
+  if (mlen > 0) {
+    for (j = 0;j + 1 < mlen;++j) {
+      belowj = 0;
+      for (i = 0;i < mlen;++i) if (m[i] < m[j]) ++belowj;
+      abovej = 0;
+      for (i = 0;i < mlen;++i) if (m[i] > m[j]) ++abovej;
+      if (belowj * 2 < mlen && abovej * 2 < mlen) break;
+    }
+    printnum(m[j]);
+    if (mlen > 1) {
+      for (i = 0;i < mlen;++i) printnum(m[i]);
+    }
+  }
+  printf("\n"); fflush(stdout);
+}
+
+void limits()
+{
+#ifdef RLIM_INFINITY
+  struct rlimit r;
+  r.rlim_cur = 0;
+  r.rlim_max = 0;
+#ifdef RLIMIT_NOFILE
+  setrlimit(RLIMIT_NOFILE,&r);
+#endif
+#ifdef RLIMIT_NPROC
+  setrlimit(RLIMIT_NPROC,&r);
+#endif
+#ifdef RLIMIT_CORE
+  setrlimit(RLIMIT_CORE,&r);
+#endif
+#endif
+}
+
+int main()
+{
+  cyclespersecond = cpucycles_persecond();
+  preallocate();
+  limits();
+  printimplementations();
+  allocate();
+  measure();
+  return 0;
+}

src/libnacl/okcompilers/abiname.c

@@ -0,0 +1,45 @@
+#include <stdio.h>
+
+const char *abi(void)
+{
+#if defined(__amd64__) || defined(__x86_64__) || defined(__AMD64__) || defined(_M_X64) || defined(__amd64)
+   return "amd64";
+#elif defined(__i386__) || defined(__x86__) || defined(__X86__) || defined(_M_IX86) || defined(__i386)
+   return "x86";
+#elif defined(__ia64__) || defined(__IA64__) || defined(__M_IA64)
+   return "ia64";
+#elif defined(__SPU__)
+   return "cellspu";
+#elif defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) || defined(_ARCH_PPC64)
+   return "ppc64";
+#elif defined(__powerpc__) || defined(__ppc__) || defined(__PPC__) || defined(_ARCH_PPC)
+   return "ppc32";
+#elif defined(__sparcv9__) || defined(__sparcv9)
+   return "sparcv9";
+#elif defined(__sparc_v8__)
+   return "sparcv8";
+#elif defined(__sparc__) || defined(__sparc)
+   if (sizeof(long) == 4) return "sparcv8";
+   return "sparcv9";
+#elif defined(__ARM_EABI__)
+   return "armeabi";
+#elif defined(__arm__)
+   return "arm";
+#elif defined(__mips__) || defined(__mips) || defined(__MIPS__)
+#  if defined(_ABIO32)
+     return "mipso32";
+#  elif defined(_ABIN32)
+     return "mips32";
+#  else
+     return "mips64";
+#  endif
+#else
+   return "default";
+#endif
+}
+
+int main(int argc,char **argv)
+{
+  printf("%s %s\n",argv[1],abi());
+  return 0;
+}

src/libnacl/okcompilers/archivers

@@ -0,0 +1,2 @@
+ar
+ar -X64

src/libnacl/okcompilers/c.in

@@ -0,0 +1 @@
+@CC@ @CPPFLAGS@ @CFLAGS@

src/libnacl/okcompilers/do.in

@@ -0,0 +1,26 @@
+#!/bin/sh -e
+
+mkdir -p bin
+
+echo '#!/bin/sh' > bin/okabi
+echo 'echo local' >> bin/okabi
+
+exec < c
+echo '#!/bin/sh' > bin/okc-local
+while read compiler; do
+  $compiler lib.c main.c -o test-c || continue
+  echo "echo $compiler" >> bin/okc-local
+done
+ 
+echo '#!/bin/sh' > bin/okcpp-local
+
+echo '#!/bin/sh' > bin/oklibs-local
+echo 'echo " @LDFLAGS@ @LIBS@"' >> bin/oklibs-local
+
+echo '#!/bin/sh' > bin/okar-local
+echo 'exec @AR@ "$@"' >> bin/okar-local
+
+echo '#!/bin/sh' > bin/okranlib-local
+echo 'exec @RANLIB@ "$@"' >> bin/okranlib-local
+
+chmod +x bin/ok*

src/libnacl/okcompilers/lib.c

@@ -0,0 +1,29 @@
+int not3(int n)
+{
+  return n != 3;
+}
+
+int bytes(int n)
+{
+  return (n + 7) / 8;
+}
+
+long long shr32(long long n)
+{
+  return n >> 32;
+}
+
+double double5(void)
+{
+  return 5.0;
+}
+
+int intbytes(void)
+{
+  return sizeof(int);
+}
+
+int longbytes(void)
+{
+  return sizeof(long);
+}

src/libnacl/okcompilers/lib.cpp

@@ -0,0 +1,19 @@
+int not3(int n)
+{
+  return n != 3;
+}
+
+int bytes(int n)
+{
+  return (n + 7) / 8;
+}
+
+long long shr32(long long n)
+{
+  return n >> 32;
+}
+
+double double5(void)
+{
+  return 5.0;
+}

src/libnacl/okcompilers/main.c

@@ -0,0 +1,25 @@
+extern int not3(int);
+extern int bytes(int);
+extern long long shr32(long long);
+extern double double5(void);
+extern int longbytes(void);
+extern int intbytes(void);
+
+int main(int argc,char **argv)
+{
+  if (intbytes() != sizeof(int)) return 100;
+  if (longbytes() != sizeof(long)) return 100;
+
+  if (not3(3)) return 100;
+
+  /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */
+  if (!not3(shr32(1))) return 100;
+
+  /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */
+  if (bytes(not3(1)) != 1) return 100;
+
+  /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */
+  if (double5() < 0) return 100;
+
+  return 0;
+}

src/libnacl/okcompilers/main.cpp

@@ -0,0 +1,22 @@
+extern "C" {
+  extern int not3(int);
+  extern int bytes(int);
+  extern long long shr32(long long);
+  extern double double5(void);
+}
+
+int main(int argc,char **argv)
+{
+  if (not3(3)) return 100;
+
+  /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */
+  if (!not3(shr32(1))) return 100;
+
+  /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */
+  if (bytes(not3(1)) != 1) return 100;
+
+  /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */
+  if (double5() < 0) return 100;
+
+  return 0;
+}

src/libnacl/okcompilers/test-okar

@@ -0,0 +1,4 @@
+#!/bin/sh
+PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"
+export PATH
+ar "$@"

src/libnacl/okcompilers/test-okc

@@ -0,0 +1,4 @@
+#!/bin/sh
+PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"
+export PATH
+gcc -O2 -fomit-frame-pointer "$@"

src/libnacl/okcompilers/test-okc2

@@ -0,0 +1,4 @@
+#!/bin/sh
+PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"
+export PATH
+g++ -O2 -fomit-frame-pointer "$@"

src/libnacl/okcompilers/test-okclink

@@ -0,0 +1,4 @@
+#!/bin/sh
+PATH="/Users/j/pear/bin:/usr/local/bin:/usr/local/sbin:/opt/local/bin:/opt/local/sbin:/opt/openssh/bin:/opt/openssh/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"
+export PATH
+gcc -O2 -fomit-frame-pointer "$@" -lrt -lm 

src/libnacl/okcompilers/test.c

@@ -0,0 +1,54 @@
+int not3(int n)
+{
+  return n != 3;
+}
+
+int bytes(int n)
+{
+  return (n + 7) / 8;
+}
+
+long long shr32(long long n)
+{
+  return n >> 32;
+}
+
+double double5(void)
+{
+  return 5.0;
+}
+
+int intbytes(void)
+{
+  return sizeof(int);
+}
+
+int longbytes(void)
+{
+  return sizeof(long);
+}
+extern int not3(int);
+extern int bytes(int);
+extern long long shr32(long long);
+extern double double5(void);
+extern int longbytes(void);
+extern int intbytes(void);
+
+int main(int argc,char **argv)
+{
+  if (intbytes() != sizeof(int)) return 100;
+  if (longbytes() != sizeof(long)) return 100;
+
+  if (not3(3)) return 100;
+
+  /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */
+  if (!not3(shr32(1))) return 100;
+
+  /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */
+  if (bytes(not3(1)) != 1) return 100;
+
+  /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */
+  if (double5() < 0) return 100;
+
+  return 0;
+}

src/libnacl/okcompilers/test10.c

@@ -0,0 +1,29 @@
+int not3(int n)
+{
+  return n != 3;
+}
+
+int bytes(int n)
+{
+  return (n + 7) / 8;
+}
+
+long long shr32(long long n)
+{
+  return n >> 32;
+}
+
+double double5(void)
+{
+  return 5.0;
+}
+
+int intbytes(void)
+{
+  return sizeof(int);
+}
+
+int longbytes(void)
+{
+  return sizeof(long);
+}

src/libnacl/okcompilers/test5.c

@@ -0,0 +1,25 @@
+extern int not3(int);
+extern int bytes(int);
+extern long long shr32(long long);
+extern double double5(void);
+extern int longbytes(void);
+extern int intbytes(void);
+
+int main(int argc,char **argv)
+{
+  if (intbytes() != sizeof(int)) return 100;
+  if (longbytes() != sizeof(long)) return 100;
+
+  if (not3(3)) return 100;
+
+  /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */
+  if (!not3(shr32(1))) return 100;
+
+  /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */
+  if (bytes(not3(1)) != 1) return 100;
+
+  /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */
+  if (double5() < 0) return 100;
+
+  return 0;
+}

src/libnacl/okcompilers/test5.cpp

@@ -0,0 +1,22 @@
+extern "C" {
+  extern int not3(int);
+  extern int bytes(int);
+  extern long long shr32(long long);
+  extern double double5(void);
+}
+
+int main(int argc,char **argv)
+{
+  if (not3(3)) return 100;
+
+  /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */
+  if (!not3(shr32(1))) return 100;
+
+  /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */
+  if (bytes(not3(1)) != 1) return 100;
+
+  /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */
+  if (double5() < 0) return 100;
+
+  return 0;
+}

src/libnacl/okcompilers/test6.c

@@ -0,0 +1,29 @@
+int not3(int n)
+{
+  return n != 3;
+}
+
+int bytes(int n)
+{
+  return (n + 7) / 8;
+}
+
+long long shr32(long long n)
+{
+  return n >> 32;
+}
+
+double double5(void)
+{
+  return 5.0;
+}
+
+int intbytes(void)
+{
+  return sizeof(int);
+}
+
+int longbytes(void)
+{
+  return sizeof(long);
+}

src/libnacl/okcompilers/test9.c

@@ -0,0 +1,25 @@
+extern int not3(int);
+extern int bytes(int);
+extern long long shr32(long long);
+extern double double5(void);
+extern int longbytes(void);
+extern int intbytes(void);
+
+int main(int argc,char **argv)
+{
+  if (intbytes() != sizeof(int)) return 100;
+  if (longbytes() != sizeof(long)) return 100;
+
+  if (not3(3)) return 100;
+
+  /* on ppc32, gcc -mpowerpc64 produces SIGILL for >>32 */
+  if (!not3(shr32(1))) return 100;
+
+  /* on pentium 1, gcc -march=pentium2 produces SIGILL for (...+7)/8 */
+  if (bytes(not3(1)) != 1) return 100;
+
+  /* on pentium 1, gcc -march=prescott produces SIGILL for double comparison */
+  if (double5() < 0) return 100;
+
+  return 0;
+}

src/libnacl/randombytes/devurandom.c

@@ -0,0 +1,46 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#ifdef _WIN32
+# include <windows.h>
+#endif
+
+/* it's really stupid that there isn't a syscall for this */
+/* -> Y U NO USE OPENBSD? */
+
+static int fd = -1;
+
+void randombytes(unsigned char *x,unsigned long long xlen)
+{
+  int i;
+
+  if (fd == -1) {
+    for (;;) {
+      fd = open("/dev/urandom",O_RDONLY);
+      if (fd != -1) break;
+#ifdef _WIN32
+      Sleep(1000);
+#else
+      sleep(1);
+#endif
+    }
+  }
+
+  while (xlen > 0) {
+    if (xlen < 1048576) i = xlen; else i = 1048576;
+
+    i = read(fd,x,i);
+    if (i < 1) {
+#ifdef _WIN32
+      Sleep(1000);
+#else
+      sleep(1);
+#endif
+      continue;
+    }
+
+    x += i;
+    xlen -= i;
+  }
+}

src/libnacl/randombytes/devurandom.h

@@ -0,0 +1,24 @@
+/*
+randombytes/devurandom.h version 20080713
+D. J. Bernstein
+Public domain.
+*/
+
+#ifndef randombytes_devurandom_H
+#define randombytes_devurandom_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern void randombytes(unsigned char *,unsigned long long);
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifndef randombytes_implementation
+#define randombytes_implementation "devurandom"
+#endif
+
+#endif

src/libnacl/randombytes/do

@@ -0,0 +1,43 @@
+#!/bin/sh -e
+
+okabi | (
+  while read abi
+  do
+
+    rm -f randombytes.o randombytes.h
+
+    (
+      echo devurandom
+    ) | (
+      while read n
+      do
+        okc-$abi | (
+          while read c
+          do
+            echo "=== `date` === Trying $n.c with $c..." >&2
+            rm -f test randombytes-impl.o randombytes-impl.h randombytes-impl.c
+            cp $n.c randombytes-impl.c || continue
+            cp $n.h randombytes-impl.h || continue
+            $c -c randombytes-impl.c || continue
+            $c -o test test.c randombytes-impl.o || continue
+            [ -r /dev/urandom ] || continue
+            echo "=== `date` === Success. Using $n.c." >&2
+            mkdir -p lib/$abi
+            mv randombytes-impl.o lib/$abi/randombytes.o
+            mkdir -p include/$abi
+            mv randombytes-impl.h include/$abi/randombytes.h
+            exit 0
+          done
+          exit 111
+        ) && exit 0
+      done
+      exit 111
+    ) || (
+      echo ===== Giving up. >&2
+      rm -f test randombytes-impl.o randombytes-impl.h randombytes-impl.c
+      exit 111
+    ) || exit 111
+
+  done
+  exit 0
+) || exit 111

src/libnacl/randombytes/test.c

@@ -0,0 +1,15 @@
+#include "randombytes-impl.h"
+
+unsigned char x[65536];
+unsigned long long freq[256];
+
+int main()
+{
+  unsigned long long i;
+
+  randombytes(x,sizeof x);
+  for (i = 0;i < 256;++i) freq[i] = 0;
+  for (i = 0;i < sizeof x;++i) ++freq[255 & (int) x[i]];
+  for (i = 0;i < 256;++i) if (!freq[i]) return 111;
+  return 0;
+}

src/libnacl/tests/auth.c

@@ -0,0 +1,19 @@
+#include <stdio.h>
+#include "crypto_auth_hmacsha512256.h"
+
+/* "Test Case 2" from RFC 4231 */
+unsigned char key[32] = "Jefe";
+unsigned char c[28] = "what do ya want for nothing?";
+
+unsigned char a[32];
+
+main()
+{
+  int i;
+  crypto_auth_hmacsha512256(a,c,sizeof c,key);
+  for (i = 0;i < 32;++i) {
+    printf(",0x%02x",(unsigned int) a[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/auth.out

@@ -0,0 +1,4 @@
+,0x16,0x4b,0x7a,0x7b,0xfc,0xf8,0x19,0xe2
+,0xe3,0x95,0xfb,0xe7,0x3b,0x56,0xe0,0xa3
+,0x87,0xbd,0x64,0x22,0x2e,0x83,0x1f,0xd6
+,0x10,0x27,0x0c,0xd7,0xea,0x25,0x05,0x54

src/libnacl/tests/auth2.c

@@ -0,0 +1,34 @@
+/* "Test Case AUTH256-4" from RFC 4868 */
+
+#include <stdio.h>
+#include "crypto_auth_hmacsha256.h"
+
+unsigned char key[32] = {
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10
+,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18
+,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20
+} ;
+
+unsigned char c[50] = {
+ 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd
+} ;
+
+unsigned char a[32];
+
+main()
+{
+  int i;
+  crypto_auth_hmacsha256(a,c,sizeof c,key);
+  for (i = 0;i < 32;++i) {
+    printf(",0x%02x",(unsigned int) a[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/auth2.out

@@ -0,0 +1,4 @@
+,0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2
+,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4
+,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25
+,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f

src/libnacl/tests/auth3.c

@@ -0,0 +1,34 @@
+/* "Test Case AUTH256-4" from RFC 4868 */
+
+#include <stdio.h>
+#include "crypto_auth_hmacsha256.h"
+
+unsigned char key[32] = {
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10
+,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18
+,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20
+} ;
+
+unsigned char c[50] = {
+ 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd
+} ;
+
+unsigned char a[32] = {
+ 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2
+,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4
+,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25
+,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f
+} ;
+
+main()
+{
+  printf("%d\n",crypto_auth_hmacsha256_verify(a,c,sizeof c,key));
+  return 0;
+}

src/libnacl/tests/auth3.out

@@ -0,0 +1 @@
+0

src/libnacl/tests/auth4.cpp

@@ -0,0 +1,44 @@
+/* "Test Case AUTH256-4" from RFC 4868 */
+
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_auth_hmacsha256.h"
+
+char key_bytes[32] = {
+ 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,0x10
+,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18
+,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f,0x20
+} ;
+
+char c_bytes[50] = {
+ 0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd,0xcd
+,0xcd,0xcd
+} ;
+
+char a_bytes[32] = {
+ 0x37,0x2e,0xfc,0xf9,0xb4,0x0b,0x35,0xc2
+,0x11,0x5b,0x13,0x46,0x90,0x3d,0x2e,0xf4
+,0x2f,0xce,0xd4,0x6f,0x08,0x46,0xe7,0x25
+,0x7b,0xb1,0x56,0xd3,0xd7,0xb3,0x0d,0x3f
+} ;
+
+main()
+{
+  string key(key_bytes,sizeof key_bytes);
+  string c(c_bytes,sizeof c_bytes);
+  string a(a_bytes,sizeof a_bytes);
+  try {
+    crypto_auth_hmacsha256_verify(a,c,key);
+    printf("0\n");
+  } catch(const char *s) {
+    printf("%s\n",s);
+  }
+  return 0;
+}

src/libnacl/tests/auth4.out

@@ -0,0 +1 @@
+0

src/libnacl/tests/auth5.c

@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_auth_hmacsha512256.h"
+#include "randombytes.h"
+#include "windows/windows-quirks.h"
+
+unsigned char key[32];
+unsigned char c[10000];
+unsigned char a[32];
+
+main()
+{
+  int clen;
+  int i;
+  for (clen = 0;clen < 10000;++clen) {
+    randombytes(key,sizeof key);
+    randombytes(c,clen);
+    crypto_auth_hmacsha512256(a,c,clen,key);
+    if (crypto_auth_hmacsha512256_verify(a,c,clen,key) != 0) {
+      printf("fail %d\n",clen);
+      return 100;
+    }
+    if (clen > 0) {
+      c[random() % clen] += 1 + (random() % 255);
+      if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) {
+        printf("forgery %d\n",clen);
+        return 100;
+      }
+      a[random() % sizeof a] += 1 + (random() % 255);
+      if (crypto_auth_hmacsha512256_verify(a,c,clen,key) == 0) {
+        printf("forgery %d\n",clen);
+        return 100;
+      }
+    }
+  }
+  return 0;
+}

src/libnacl/tests/auth6.cpp

@@ -0,0 +1,46 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_auth_hmacsha512256.h"
+#include "randombytes.h"
+
+main()
+{
+  int clen;
+  int i;
+  for (clen = 0;clen < 10000;++clen) {
+    unsigned char key_bytes[32];
+    randombytes(key_bytes,sizeof key_bytes);
+    string key((char *) key_bytes,sizeof key_bytes);
+    unsigned char c_bytes[clen];
+    randombytes(c_bytes,sizeof c_bytes);
+    string c((char *) c_bytes,sizeof c_bytes);
+    string a = crypto_auth_hmacsha512256(c,key);
+    try {
+      crypto_auth_hmacsha512256_verify(a,c,key);
+    } catch(const char *s) {
+      printf("fail %d %s\n",clen,s);
+      return 100;
+    }
+    if (clen > 0) {
+      size_t pos = random() % clen;
+      c.replace(pos,1,1,c[pos] + 1 + (random() % 255));
+      try {
+        crypto_auth_hmacsha512256_verify(a,c,key);
+	printf("forgery %d\n",clen);
+      } catch(const char *s) {
+        ;
+      }
+      pos = random() % a.size();
+      a.replace(pos,1,1,a[pos] + 1 + (random() % 255));
+      try {
+        crypto_auth_hmacsha512256_verify(a,c,key);
+	printf("forgery %d\n",clen);
+      } catch(const char *s) {
+        ;
+      }
+    }
+  }
+  return 0;
+}

src/libnacl/tests/box.c

@@ -0,0 +1,63 @@
+#include <stdio.h>
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+unsigned char alicesk[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+unsigned char bobpk[32] = {
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+// API requires first 32 bytes to be 0
+unsigned char m[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+unsigned char c[163];
+
+main()
+{
+  int i;
+  crypto_box_curve25519xsalsa20poly1305(
+    c,m,163,nonce,bobpk,alicesk
+  );
+  for (i = 16;i < 163;++i) {
+    printf(",0x%02x",(unsigned int) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/box.out

@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5

src/libnacl/tests/box2.c

@@ -0,0 +1,64 @@
+#include <stdio.h>
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+unsigned char bobsk[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+unsigned char alicepk[32] = {
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+// API requires first 16 bytes to be 0
+unsigned char c[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char m[163];
+
+main()
+{
+  int i;
+  if (crypto_box_curve25519xsalsa20poly1305_open(
+       m,c,163,nonce,alicepk,bobsk
+     ) == 0) {
+    for (i = 32;i < 163;++i) {
+      printf(",0x%02x",(unsigned int) m[i]);
+      if (i % 8 == 7) printf("\n");
+    }
+    printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/box2.out

@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05

src/libnacl/tests/box3.cpp

@@ -0,0 +1,60 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+char alicesk_bytes[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+char bobpk_bytes[32] = {
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char m_bytes[131] = {
+ 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+main()
+{
+  int i;
+  string m(m_bytes,sizeof m_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string bobpk(bobpk_bytes,sizeof bobpk_bytes);
+  string alicesk(alicesk_bytes,sizeof alicesk_bytes);
+  string c = crypto_box_curve25519xsalsa20poly1305(m,nonce,bobpk,alicesk);
+  for (i = 0;i < c.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/box3.out

@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5

src/libnacl/tests/box4.cpp

@@ -0,0 +1,66 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+
+char bobsk_bytes[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+char alicepk_bytes[32] = {
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char c_bytes[147] = {
+ 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+main()
+{
+  int i;
+  string c(c_bytes,sizeof c_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string alicepk(alicepk_bytes,sizeof alicepk_bytes);
+  string bobsk(bobsk_bytes,sizeof bobsk_bytes);
+  try {
+    string m = crypto_box_curve25519xsalsa20poly1305_open(c,nonce,alicepk,bobsk);
+    for (i = 0;i < m.size();++i) {
+      printf(",0x%02x",(unsigned int) (unsigned char) m[i]);
+      if (i % 8 == 7) printf("\n");
+    }
+    printf("\n");
+  } catch(const char *s) {
+    printf("%s\n",s);
+  }
+  return 0;
+}

src/libnacl/tests/box4.out

@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05

src/libnacl/tests/box5.cpp

@@ -0,0 +1,30 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_box.h"
+#include "randombytes.h"
+
+main()
+{
+  int mlen;
+  for (mlen = 0;mlen < 1000;++mlen) {
+    string alicesk;
+    string alicepk = crypto_box_keypair(&alicesk);
+    string bobsk;
+    string bobpk = crypto_box_keypair(&bobsk);
+    unsigned char nbytes[crypto_box_NONCEBYTES];
+    randombytes(nbytes,crypto_box_NONCEBYTES);
+    string n((char *) nbytes,crypto_box_NONCEBYTES);
+    unsigned char mbytes[mlen];
+    randombytes(mbytes,mlen);
+    string m((char *) mbytes,mlen);
+    string c = crypto_box(m,n,bobpk,alicesk);
+    try {
+      string m2 = crypto_box_open(c,n,alicepk,bobsk);
+      if (m != m2) printf("bad decryption\n");
+    } catch(const char *s) {
+      printf("%s\n",s);
+    }
+  }
+  return 0;
+}

src/libnacl/tests/box6.cpp

@@ -0,0 +1,43 @@
+#include <string>
+using std::string;
+#include <stdlib.h>
+#include <stdio.h>
+#include "crypto_box.h"
+#include "randombytes.h"
+
+main()
+{
+  int mlen;
+  for (mlen = 0;mlen < 1000;++mlen) {
+    string alicesk;
+    string alicepk = crypto_box_keypair(&alicesk);
+    string bobsk;
+    string bobpk = crypto_box_keypair(&bobsk);
+    unsigned char nbytes[crypto_box_NONCEBYTES];
+    randombytes(nbytes,crypto_box_NONCEBYTES);
+    string n((char *) nbytes,crypto_box_NONCEBYTES);
+    unsigned char mbytes[mlen];
+    randombytes(mbytes,mlen);
+    string m((char *) mbytes,mlen);
+    string c = crypto_box(m,n,bobpk,alicesk);
+    int caught = 0;
+    while (caught < 10) {
+      c.replace(random() % c.size(),1,1,random());
+      try {
+        string m2 = crypto_box_open(c,n,alicepk,bobsk);
+        if (m != m2) {
+	  printf("forgery\n");
+	  return 100;
+        }
+      } catch(const char *s) {
+	if (string(s) == string("ciphertext fails verification"))
+	  ++caught;
+	else {
+	  printf("%s\n",s);
+	  return 111;
+        }
+      }
+    }
+  }
+  return 0;
+}

src/libnacl/tests/box7.c

@@ -0,0 +1,36 @@
+#include <stdio.h>
+#include "crypto_box.h"
+#include "randombytes.h"
+
+unsigned char alicesk[crypto_box_SECRETKEYBYTES];
+unsigned char alicepk[crypto_box_PUBLICKEYBYTES];
+unsigned char bobsk[crypto_box_SECRETKEYBYTES];
+unsigned char bobpk[crypto_box_PUBLICKEYBYTES];
+unsigned char n[crypto_box_NONCEBYTES];
+unsigned char m[10000];
+unsigned char c[10000];
+unsigned char m2[10000];
+
+main()
+{
+  int mlen;
+  int i;
+
+  for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) {
+    crypto_box_keypair(alicepk,alicesk);
+    crypto_box_keypair(bobpk,bobsk);
+    randombytes(n,crypto_box_NONCEBYTES);
+    randombytes(m + crypto_box_ZEROBYTES,mlen);
+    crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk);
+    if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) {
+      for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i)
+        if (m2[i] != m[i]) {
+	  printf("bad decryption\n");
+	  break;
+	}
+    } else {
+      printf("ciphertext fails verification\n");
+    }
+  }
+  return 0;
+}

src/libnacl/tests/box8.c

@@ -0,0 +1,43 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_box.h"
+#include "randombytes.h"
+#include "windows/windows-quirks.h"
+
+unsigned char alicesk[crypto_box_SECRETKEYBYTES];
+unsigned char alicepk[crypto_box_PUBLICKEYBYTES];
+unsigned char bobsk[crypto_box_SECRETKEYBYTES];
+unsigned char bobpk[crypto_box_PUBLICKEYBYTES];
+unsigned char n[crypto_box_NONCEBYTES];
+unsigned char m[10000];
+unsigned char c[10000];
+unsigned char m2[10000];
+
+main()
+{
+  int mlen;
+  int i;
+  int caught;
+
+  for (mlen = 0;mlen < 1000 && mlen + crypto_box_ZEROBYTES < sizeof m;++mlen) {
+    crypto_box_keypair(alicepk,alicesk);
+    crypto_box_keypair(bobpk,bobsk);
+    randombytes(n,crypto_box_NONCEBYTES);
+    randombytes(m + crypto_box_ZEROBYTES,mlen);
+    crypto_box(c,m,mlen + crypto_box_ZEROBYTES,n,bobpk,alicesk);
+    caught = 0;
+    while (caught < 10) {
+      c[random() % (mlen + crypto_box_ZEROBYTES)] = random();
+      if (crypto_box_open(m2,c,mlen + crypto_box_ZEROBYTES,n,alicepk,bobsk) == 0) {
+        for (i = 0;i < mlen + crypto_box_ZEROBYTES;++i)
+          if (m2[i] != m[i]) {
+	    printf("forgery\n");
+	    return 100;
+	  }
+      } else {
+        ++caught;
+      }
+    }
+  }
+  return 0;
+}

src/libnacl/tests/core1.c

@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include "crypto_core_hsalsa20.h"
+
+unsigned char shared[32] = {
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42
+} ;
+
+unsigned char zero[32] = { 0 };
+
+unsigned char c[16] = {
+ 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
+,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
+} ;
+
+unsigned char firstkey[32];
+
+main()
+{
+  int i;
+  crypto_core_hsalsa20(firstkey,zero,shared,c);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) firstkey[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/core1.out

@@ -0,0 +1,4 @@
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89

src/libnacl/tests/core2.c

@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include "crypto_core_hsalsa20.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonceprefix[16] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+} ;
+
+unsigned char c[16] = {
+ 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
+,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
+} ;
+
+unsigned char secondkey[32];
+
+main()
+{
+  int i;
+  crypto_core_hsalsa20(secondkey,nonceprefix,firstkey,c);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) secondkey[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/core2.out

@@ -0,0 +1,4 @@
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4

src/libnacl/tests/core3.c

@@ -0,0 +1,41 @@
+#include <stdio.h>
+#include "crypto_core_salsa20.h"
+#include "crypto_hash_sha256.h"
+
+unsigned char secondkey[32] = {
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
+} ;
+
+unsigned char noncesuffix[8] = {
+ 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char c[16] = {
+ 0x65,0x78,0x70,0x61,0x6e,0x64,0x20,0x33
+,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,0x6b
+} ;
+
+unsigned char in[16] = { 0 } ;
+
+unsigned char output[64 * 256 * 256];
+
+unsigned char h[32];
+
+main()
+{
+  int i;
+  long long pos = 0;
+  for (i = 0;i < 8;++i) in[i] = noncesuffix[i];
+  do {
+    do {
+      crypto_core_salsa20(output + pos,in,secondkey,c);
+      pos += 64;
+    } while (++in[8]);
+  } while (++in[9]);
+  crypto_hash_sha256(h,output,sizeof output);
+  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
+  return 0;
+}

src/libnacl/tests/core3.out

@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2

src/libnacl/tests/core4.c

@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include "crypto_core_salsa20.h"
+
+unsigned char k[32] = {
+   1,  2,  3,  4,  5,  6,  7,  8
+,  9, 10, 11, 12, 13, 14, 15, 16
+,201,202,203,204,205,206,207,208
+,209,210,211,212,213,214,215,216
+} ;
+
+unsigned char in[16] = {
+ 101,102,103,104,105,106,107,108
+,109,110,111,112,113,114,115,116
+} ;
+
+unsigned char c[16] = {
+ 101,120,112, 97,110,100, 32, 51
+, 50, 45, 98,121,116,101, 32,107
+} ;
+
+unsigned char out[64];
+
+main()
+{
+  int i;
+  crypto_core_salsa20(out,in,k,c);
+  for (i = 0;i < 64;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("%3d",(unsigned int) out[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/core4.out

@@ -0,0 +1,8 @@
+  69, 37, 68, 39, 41, 15,107,193
+,255,139,122,  6,170,233,217, 98
+, 89,144,182,106, 21, 51,200, 65
+,239, 49,222, 34,215,114, 40,126
+,104,197,  7,225,197,153, 31,  2
+,102, 78, 76,176, 84,245,246,184
+,177,160,133,130,  6, 72,149,119
+,192,195,132,236,234,103,246, 74

src/libnacl/tests/core5.c

@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include "crypto_core_hsalsa20.h"
+
+unsigned char k[32] = {
+ 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c
+,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f
+,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b
+,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77
+} ;
+
+unsigned char in[16] = {
+ 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b
+,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52
+} ;
+
+unsigned char c[16] = {
+ 101,120,112, 97,110,100, 32, 51
+, 50, 45, 98,121,116,101, 32,107
+} ;
+
+unsigned char out[32];
+
+main()
+{
+  int i;
+  crypto_core_hsalsa20(out,in,k,c);
+  for (i = 0;i < 32;++i) {
+    printf(",0x%02x",(unsigned int) out[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/core5.out

@@ -0,0 +1,4 @@
+,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40
+,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45
+,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94
+,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd

src/libnacl/tests/core6.c

@@ -0,0 +1,47 @@
+#include <stdio.h>
+#include "crypto_core_salsa20.h"
+
+unsigned char k[32] = {
+ 0xee,0x30,0x4f,0xca,0x27,0x00,0x8d,0x8c
+,0x12,0x6f,0x90,0x02,0x79,0x01,0xd8,0x0f
+,0x7f,0x1d,0x8b,0x8d,0xc9,0x36,0xcf,0x3b
+,0x9f,0x81,0x96,0x92,0x82,0x7e,0x57,0x77
+} ;
+
+unsigned char in[16] = {
+ 0x81,0x91,0x8e,0xf2,0xa5,0xe0,0xda,0x9b
+,0x3e,0x90,0x60,0x52,0x1e,0x4b,0xb3,0x52
+} ;
+
+unsigned char c[16] = {
+ 101,120,112, 97,110,100, 32, 51
+, 50, 45, 98,121,116,101, 32,107
+} ;
+
+unsigned char out[64];
+
+void print(unsigned char *x,unsigned char *y)
+{
+  int i;
+  unsigned int borrow = 0;
+  for (i = 0;i < 4;++i) {
+    unsigned int xi = x[i];
+    unsigned int yi = y[i];
+    printf(",0x%02x",255 & (xi - yi - borrow));
+    borrow = (xi < yi + borrow);
+  }
+}
+
+main()
+{
+  crypto_core_salsa20(out,in,k,c);
+  print(out,c);
+  print(out + 20,c + 4); printf("\n");
+  print(out + 40,c + 8);
+  print(out + 60,c + 12); printf("\n");
+  print(out + 24,in);
+  print(out + 28,in + 4); printf("\n");
+  print(out + 32,in + 8);
+  print(out + 36,in + 12); printf("\n");
+  return 0;
+}

src/libnacl/tests/core6.out

@@ -0,0 +1,4 @@
+,0xbc,0x1b,0x30,0xfc,0x07,0x2c,0xc1,0x40
+,0x75,0xe4,0xba,0xa7,0x31,0xb5,0xa8,0x45
+,0xea,0x9b,0x11,0xe9,0xa5,0x19,0x1f,0x94
+,0xe1,0x8c,0xba,0x8f,0xd8,0x21,0xa7,0xcd

src/libnacl/tests/hash.c

@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include "crypto_hash.h"
+
+unsigned char x[8] = "testing\n";
+unsigned char h[crypto_hash_BYTES];
+
+int main()
+{
+  int i;
+  crypto_hash(h,x,sizeof x);
+  for (i = 0;i < crypto_hash_BYTES;++i) printf("%02x",(unsigned int) h[i]);
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/hash.out

@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28

src/libnacl/tests/hash2.cpp

@@ -0,0 +1,18 @@
+#include <iostream>
+#include <string>
+using std::string;
+using std::cout;
+using std::hex;
+#include "crypto_hash.h"
+
+int main()
+{
+  string x = "testing\n";
+  string h = crypto_hash(x);
+  for (int i = 0;i < h.size();++i) {
+    cout << hex << (15 & (int) (h[i] >> 4));
+    cout << hex << (15 & (int) h[i]);
+  }
+  cout << "\n";
+  return 0;
+}

src/libnacl/tests/hash2.out

@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28

src/libnacl/tests/hash3.c

@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include "crypto_hash_sha512.h"
+
+unsigned char x[8] = "testing\n";
+unsigned char h[crypto_hash_sha512_BYTES];
+
+int main()
+{
+  int i;
+  crypto_hash_sha512(h,x,sizeof x);
+  for (i = 0;i < crypto_hash_sha512_BYTES;++i) printf("%02x",(unsigned int) h[i]);
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/hash3.out

@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28

src/libnacl/tests/hash4.cpp

@@ -0,0 +1,18 @@
+#include <iostream>
+#include <string>
+using std::string;
+using std::cout;
+using std::hex;
+#include "crypto_hash_sha512.h"
+
+int main()
+{
+  string x = "testing\n";
+  string h = crypto_hash_sha512(x);
+  for (int i = 0;i < h.size();++i) {
+    cout << hex << (15 & (int) (h[i] >> 4));
+    cout << hex << (15 & (int) h[i]);
+  }
+  cout << "\n";
+  return 0;
+}

src/libnacl/tests/hash4.out

@@ -0,0 +1 @@
+24f950aac7b9ea9b3cb728228a0c82b67c39e96b4b344798870d5daee93e3ae5931baae8c7cacfea4b629452c38026a81d138bc7aad1af3ef7bfd5ec646d6c28

src/libnacl/tests/onetimeauth.c

@@ -0,0 +1,42 @@
+#include <stdio.h>
+#include "crypto_onetimeauth_poly1305.h"
+
+unsigned char rs[32] = {
+ 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
+} ;
+
+unsigned char c[131] = {
+ 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char a[16];
+
+main()
+{
+  int i;
+  crypto_onetimeauth_poly1305(a,c,131,rs);
+  for (i = 0;i < 16;++i) {
+    printf(",0x%02x",(unsigned int) a[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/onetimeauth.out

@@ -0,0 +1,2 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9

src/libnacl/tests/onetimeauth2.c

@@ -0,0 +1,40 @@
+#include <stdio.h>
+#include "crypto_onetimeauth_poly1305.h"
+
+unsigned char rs[32] = {
+ 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
+} ;
+
+unsigned char c[131] = {
+ 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char a[16] = {
+ 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+} ;
+
+main()
+{
+  printf("%d\n",crypto_onetimeauth_poly1305_verify(a,c,131,rs));
+  return 0;
+}

src/libnacl/tests/onetimeauth2.out

@@ -0,0 +1 @@
+0

src/libnacl/tests/onetimeauth5.cpp

@@ -0,0 +1,46 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_onetimeauth_poly1305.h"
+
+char rs_bytes[32] = {
+ 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
+} ;
+
+char c_bytes[131] = {
+ 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char a[16];
+
+main()
+{
+  int i;
+  string c(c_bytes,sizeof c_bytes);
+  string rs(rs_bytes,sizeof rs_bytes);
+  string a = crypto_onetimeauth_poly1305(c,rs);
+  for (i = 0;i < a.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) a[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/onetimeauth5.out

@@ -0,0 +1,2 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9

src/libnacl/tests/onetimeauth6.cpp

@@ -0,0 +1,50 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_onetimeauth_poly1305.h"
+
+char rs_bytes[32] = {
+ 0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80
+} ;
+
+char c_bytes[131] = {
+ 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+char a_bytes[16] = {
+ 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+} ;
+
+main()
+{
+  string rs(rs_bytes,sizeof rs_bytes);
+  string c(c_bytes,sizeof c_bytes);
+  string a(a_bytes,sizeof a_bytes);
+  try {
+    crypto_onetimeauth_poly1305_verify(a,c,rs);
+    printf("0\n");
+  } catch(const char *s) {
+    printf("%s\n",s);
+  }
+  return 0;
+}

src/libnacl/tests/onetimeauth6.out

@@ -0,0 +1 @@
+0

src/libnacl/tests/onetimeauth7.c

@@ -0,0 +1,37 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_onetimeauth_poly1305.h"
+#include "randombytes.h"
+#include "windows/windows-quirks.h"
+
+unsigned char key[32];
+unsigned char c[10000];
+unsigned char a[16];
+
+main()
+{
+  int clen;
+  int i;
+  for (clen = 0;clen < 10000;++clen) {
+    randombytes(key,sizeof key);
+    randombytes(c,clen);
+    crypto_onetimeauth_poly1305(a,c,clen,key);
+    if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) != 0) {
+      printf("fail %d\n",clen);
+      return 100;
+    }
+    if (clen > 0) {
+      c[random() % clen] += 1 + (random() % 255);
+      if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) {
+        printf("forgery %d\n",clen);
+        return 100;
+      }
+      a[random() % sizeof a] += 1 + (random() % 255);
+      if (crypto_onetimeauth_poly1305_verify(a,c,clen,key) == 0) {
+        printf("forgery %d\n",clen);
+        return 100;
+      }
+    }
+  }
+  return 0;
+}

src/libnacl/tests/onetimeauth8.cpp

@@ -0,0 +1,46 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_onetimeauth_poly1305.h"
+#include "randombytes.h"
+
+main()
+{
+  int clen;
+  int i;
+  for (clen = 0;clen < 10000;++clen) {
+    unsigned char key_bytes[32];
+    randombytes(key_bytes,sizeof key_bytes);
+    string key((char *) key_bytes,sizeof key_bytes);
+    unsigned char c_bytes[clen];
+    randombytes(c_bytes,sizeof c_bytes);
+    string c((char *) c_bytes,sizeof c_bytes);
+    string a = crypto_onetimeauth_poly1305(c,key);
+    try {
+      crypto_onetimeauth_poly1305_verify(a,c,key);
+    } catch(const char *s) {
+      printf("fail %d %s\n",clen,s);
+      return 100;
+    }
+    if (clen > 0) {
+      size_t pos = random() % clen;
+      c.replace(pos,1,1,c[pos] + 1 + (random() % 255));
+      try {
+        crypto_onetimeauth_poly1305_verify(a,c,key);
+	printf("forgery %d\n",clen);
+      } catch(const char *s) {
+        ;
+      }
+      pos = random() % a.size();
+      a.replace(pos,1,1,a[pos] + 1 + (random() % 255));
+      try {
+        crypto_onetimeauth_poly1305_verify(a,c,key);
+	printf("forgery %d\n",clen);
+      } catch(const char *s) {
+        ;
+      }
+    }
+  }
+  return 0;
+}

src/libnacl/tests/scalarmult.c

@@ -0,0 +1,23 @@
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+unsigned char alicesk[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+unsigned char alicepk[32];
+
+main()
+{
+  int i;
+  crypto_scalarmult_curve25519_base(alicepk,alicesk);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) alicepk[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/scalarmult.out

@@ -0,0 +1,4 @@
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a

src/libnacl/tests/scalarmult2.c

@@ -0,0 +1,23 @@
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+unsigned char bobsk[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+unsigned char bobpk[32];
+
+main()
+{
+  int i;
+  crypto_scalarmult_curve25519_base(bobpk,bobsk);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) bobpk[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/scalarmult2.out

@@ -0,0 +1,4 @@
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f

src/libnacl/tests/scalarmult3.cpp

@@ -0,0 +1,31 @@
+#include <iostream>
+#include <iomanip>
+#include <string>
+using std::string;
+using std::cout;
+using std::setfill;
+using std::setw;
+using std::hex;
+#include "crypto_scalarmult_curve25519.h"
+
+char alicesk_bytes[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+main()
+{
+  int i;
+  cout << setfill('0');
+  string alicesk(alicesk_bytes,sizeof alicesk_bytes);
+  string alicepk = crypto_scalarmult_curve25519_base(alicesk);
+  for (i = 0;i < alicepk.size();++i) {
+    unsigned char c = alicepk[i];
+    if (i > 0) cout << ","; else cout << " ";
+    cout << "0x" << hex << setw(2) << (unsigned int) c;
+    if (i % 8 == 7) cout << "\n";
+  }
+  return 0;
+}

src/libnacl/tests/scalarmult3.out

@@ -0,0 +1,4 @@
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a

src/libnacl/tests/scalarmult4.cpp

@@ -0,0 +1,31 @@
+#include <iostream>
+#include <iomanip>
+#include <string>
+using std::string;
+using std::cout;
+using std::setfill;
+using std::setw;
+using std::hex;
+#include "crypto_scalarmult_curve25519.h"
+
+char bobsk_bytes[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+main()
+{
+  int i;
+  cout << setfill('0');
+  string bobsk(bobsk_bytes,sizeof bobsk_bytes);
+  string bobpk = crypto_scalarmult_curve25519_base(bobsk);
+  for (i = 0;i < bobpk.size();++i) {
+    unsigned char c = bobpk[i];
+    if (i > 0) cout << ","; else cout << " ";
+    cout << "0x" << hex << setw(2) << (unsigned int) c;
+    if (i % 8 == 7) cout << "\n";
+  }
+  return 0;
+}

src/libnacl/tests/scalarmult4.out

@@ -0,0 +1,4 @@
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f

src/libnacl/tests/scalarmult5.c

@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+unsigned char alicesk[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+unsigned char bobpk[32] = {
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
+} ;
+
+unsigned char k[32];
+
+main()
+{
+  int i;
+  crypto_scalarmult_curve25519(k,alicesk,bobpk);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) k[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/scalarmult5.out

@@ -0,0 +1,4 @@
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42

src/libnacl/tests/scalarmult6.c

@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+unsigned char bobsk[32] = {
+ 0x5d,0xab,0x08,0x7e,0x62,0x4a,0x8a,0x4b
+,0x79,0xe1,0x7f,0x8b,0x83,0x80,0x0e,0xe6
+,0x6f,0x3b,0xb1,0x29,0x26,0x18,0xb6,0xfd
+,0x1c,0x2f,0x8b,0x27,0xff,0x88,0xe0,0xeb
+} ;
+
+unsigned char alicepk[32] = {
+ 0x85,0x20,0xf0,0x09,0x89,0x30,0xa7,0x54
+,0x74,0x8b,0x7d,0xdc,0xb4,0x3e,0xf7,0x5a
+,0x0d,0xbf,0x3a,0x0d,0x26,0x38,0x1a,0xf4
+,0xeb,0xa4,0xa9,0x8e,0xaa,0x9b,0x4e,0x6a
+} ;
+
+unsigned char k[32];
+
+main()
+{
+  int i;
+  crypto_scalarmult_curve25519(k,bobsk,alicepk);
+  for (i = 0;i < 32;++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) k[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/scalarmult6.out

@@ -0,0 +1,4 @@
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42

src/libnacl/tests/scalarmult7.cpp

@@ -0,0 +1,32 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_scalarmult_curve25519.h"
+
+char alicesk_bytes[32] = {
+ 0x77,0x07,0x6d,0x0a,0x73,0x18,0xa5,0x7d
+,0x3c,0x16,0xc1,0x72,0x51,0xb2,0x66,0x45
+,0xdf,0x4c,0x2f,0x87,0xeb,0xc0,0x99,0x2a
+,0xb1,0x77,0xfb,0xa5,0x1d,0xb9,0x2c,0x2a
+} ;
+
+char bobpk_bytes[32] = {
+ 0xde,0x9e,0xdb,0x7d,0x7b,0x7d,0xc1,0xb4
+,0xd3,0x5b,0x61,0xc2,0xec,0xe4,0x35,0x37
+,0x3f,0x83,0x43,0xc8,0x5b,0x78,0x67,0x4d
+,0xad,0xfc,0x7e,0x14,0x6f,0x88,0x2b,0x4f
+} ;
+
+main()
+{
+  int i;
+  string alicesk(alicesk_bytes,sizeof alicesk_bytes);
+  string bobpk(bobpk_bytes,sizeof bobpk_bytes);
+  string k = crypto_scalarmult_curve25519(alicesk,bobpk);
+  for (i = 0;i < k.size();++i) {
+    if (i > 0) printf(","); else printf(" ");
+    printf("0x%02x",(unsigned int) (unsigned char) k[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/scalarmult7.out

@@ -0,0 +1,4 @@
+ 0x4a,0x5d,0x9d,0x5b,0xa4,0xce,0x2d,0xe1
+,0x72,0x8e,0x3b,0xf4,0x80,0x35,0x0f,0x25
+,0xe0,0x7e,0x21,0xc9,0x47,0xd1,0x9e,0x33
+,0x76,0xf0,0x9b,0x3c,0x1e,0x16,0x17,0x42

src/libnacl/tests/secretbox.c

@@ -0,0 +1,56 @@
+#include <stdio.h>
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+// API requires first 32 bytes to be 0
+unsigned char m[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+unsigned char c[163];
+
+main()
+{
+  int i;
+  crypto_secretbox_xsalsa20poly1305(
+    c,m,163,nonce,firstkey
+  );
+  for (i = 16;i < 163;++i) {
+    printf(",0x%02x",(unsigned int) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/secretbox.out

@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5

src/libnacl/tests/secretbox2.c

@@ -0,0 +1,57 @@
+#include <stdio.h>
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+// API requires first 16 bytes to be 0
+unsigned char c[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+unsigned char m[163];
+
+main()
+{
+  int i;
+  if (crypto_secretbox_xsalsa20poly1305_open(
+       m,c,163,nonce,firstkey
+      ) == 0) {
+    for (i = 32;i < 163;++i) {
+      printf(",0x%02x",(unsigned int) m[i]);
+      if (i % 8 == 7) printf("\n");
+    }
+    printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/secretbox2.out

@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05

src/libnacl/tests/secretbox3.cpp

@@ -0,0 +1,52 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char m_bytes[131] = {
+ 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+main()
+{
+  int i;
+  string m(m_bytes,sizeof m_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string c = crypto_secretbox_xsalsa20poly1305(m,nonce,firstkey);
+  for (i = 0;i < c.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/secretbox3.out

@@ -0,0 +1,19 @@
+,0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5

src/libnacl/tests/secretbox4.cpp

@@ -0,0 +1,54 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_secretbox_xsalsa20poly1305.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char c_bytes[147] = {
+ 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5
+,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5
+} ;
+
+main()
+{
+  int i;
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string c(c_bytes,sizeof c_bytes);
+  string m = crypto_secretbox_xsalsa20poly1305_open(c,nonce,firstkey);
+  for (i = 0;i < m.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) m[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/secretbox4.out

@@ -0,0 +1,17 @@
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05

src/libnacl/tests/secretbox5.cpp

@@ -0,0 +1,29 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_secretbox.h"
+#include "randombytes.h"
+
+main()
+{
+  int mlen;
+  for (mlen = 0;mlen < 1000;++mlen) {
+    unsigned char kbytes[crypto_secretbox_KEYBYTES];
+    randombytes(kbytes,crypto_secretbox_KEYBYTES);
+    string k((char *) kbytes,crypto_secretbox_KEYBYTES);
+    unsigned char nbytes[crypto_secretbox_NONCEBYTES];
+    randombytes(nbytes,crypto_secretbox_NONCEBYTES);
+    string n((char *) nbytes,crypto_secretbox_NONCEBYTES);
+    unsigned char mbytes[mlen];
+    randombytes(mbytes,mlen);
+    string m((char *) mbytes,mlen);
+    string c = crypto_secretbox(m,n,k);
+    try {
+      string m2 = crypto_secretbox_open(c,n,k);
+      if (m != m2) printf("bad decryption\n");
+    } catch(const char *s) {
+      printf("%s\n",s);
+    }
+  }
+  return 0;
+}

src/libnacl/tests/secretbox6.cpp

@@ -0,0 +1,42 @@
+#include <string>
+using std::string;
+#include <stdlib.h>
+#include <stdio.h>
+#include "crypto_secretbox.h"
+#include "randombytes.h"
+
+main()
+{
+  int mlen;
+  for (mlen = 0;mlen < 1000;++mlen) {
+    unsigned char kbytes[crypto_secretbox_KEYBYTES];
+    randombytes(kbytes,crypto_secretbox_KEYBYTES);
+    string k((char *) kbytes,crypto_secretbox_KEYBYTES);
+    unsigned char nbytes[crypto_secretbox_NONCEBYTES];
+    randombytes(nbytes,crypto_secretbox_NONCEBYTES);
+    string n((char *) nbytes,crypto_secretbox_NONCEBYTES);
+    unsigned char mbytes[mlen];
+    randombytes(mbytes,mlen);
+    string m((char *) mbytes,mlen);
+    string c = crypto_secretbox(m,n,k);
+    int caught = 0;
+    while (caught < 10) {
+      c.replace(random() % c.size(),1,1,random());
+      try {
+        string m2 = crypto_secretbox_open(c,n,k);
+        if (m != m2) {
+	  printf("forgery\n");
+	  return 100;
+        }
+      } catch(const char *s) {
+	if (string(s) == string("ciphertext fails verification"))
+	  ++caught;
+	else {
+	  printf("%s\n",s);
+	  return 111;
+        }
+      }
+    }
+  }
+  return 0;
+}

src/libnacl/tests/secretbox7.c

@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include "crypto_secretbox.h"
+#include "randombytes.h"
+
+unsigned char k[crypto_secretbox_KEYBYTES];
+unsigned char n[crypto_secretbox_NONCEBYTES];
+unsigned char m[10000];
+unsigned char c[10000];
+unsigned char m2[10000];
+
+main()
+{
+  int mlen;
+  int i;
+
+  for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) {
+    randombytes(k,crypto_secretbox_KEYBYTES);
+    randombytes(n,crypto_secretbox_NONCEBYTES);
+    randombytes(m + crypto_secretbox_ZEROBYTES,mlen);
+    crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k);
+    if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) {
+      for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i)
+        if (m2[i] != m[i]) {
+	  printf("bad decryption\n");
+	  break;
+	}
+    } else {
+      printf("ciphertext fails verification\n");
+    }
+  }
+  return 0;
+}

src/libnacl/tests/secretbox8.c

@@ -0,0 +1,39 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto_secretbox.h"
+#include "randombytes.h"
+#include "windows/windows-quirks.h"
+
+unsigned char k[crypto_secretbox_KEYBYTES];
+unsigned char n[crypto_secretbox_NONCEBYTES];
+unsigned char m[10000];
+unsigned char c[10000];
+unsigned char m2[10000];
+
+main()
+{
+  int mlen;
+  int i;
+  int caught;
+
+  for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) {
+    randombytes(k,crypto_secretbox_KEYBYTES);
+    randombytes(n,crypto_secretbox_NONCEBYTES);
+    randombytes(m + crypto_secretbox_ZEROBYTES,mlen);
+    crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k);
+    caught = 0;
+    while (caught < 10) {
+      c[random() % (mlen + crypto_secretbox_ZEROBYTES)] = random();
+      if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) {
+        for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i)
+          if (m2[i] != m[i]) {
+	    printf("forgery\n");
+	    return 100;
+	  }
+      } else {
+        ++caught;
+      }
+    }
+  }
+  return 0;
+}

src/libnacl/tests/stream.c

@@ -0,0 +1,29 @@
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+#include "crypto_hash_sha256.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char output[4194304];
+
+unsigned char h[32];
+
+main()
+{
+  int i;
+  crypto_stream_xsalsa20(output,4194304,nonce,firstkey);
+  crypto_hash_sha256(h,output,sizeof output);
+  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
+  return 0;
+}

src/libnacl/tests/stream.out

@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2

src/libnacl/tests/stream2.c

@@ -0,0 +1,27 @@
+#include <stdio.h>
+#include "crypto_stream_salsa20.h"
+#include "crypto_hash_sha256.h"
+
+unsigned char secondkey[32] = {
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
+} ;
+
+unsigned char noncesuffix[8] = {
+ 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char output[4194304];
+
+unsigned char h[32];
+
+main()
+{
+  int i;
+  crypto_stream_salsa20(output,4194304,noncesuffix,secondkey);
+  crypto_hash_sha256(h,output,sizeof output);
+  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
+  return 0;
+}

src/libnacl/tests/stream2.out

@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2

src/libnacl/tests/stream3.c

@@ -0,0 +1,28 @@
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char rs[32];
+
+main()
+{
+  int i;
+  crypto_stream_xsalsa20(rs,32,nonce,firstkey);
+  for (i = 0;i < 32;++i) {
+    printf(",0x%02x",(unsigned int) rs[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/stream3.out

@@ -0,0 +1,4 @@
+,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80

src/libnacl/tests/stream4.c

@@ -0,0 +1,53 @@
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+
+unsigned char firstkey[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+unsigned char nonce[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+unsigned char m[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+unsigned char c[163];
+
+main()
+{
+  int i;
+  crypto_stream_xsalsa20_xor(c,m,163,nonce,firstkey);
+  for (i = 32;i < 163;++i) {
+    printf(",0x%02x",(unsigned int) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/stream4.out

@@ -0,0 +1,17 @@
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5

src/libnacl/tests/stream5.cpp

@@ -0,0 +1,29 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+#include "crypto_hash_sha256.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+main()
+{
+  int i;
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string output = crypto_stream_xsalsa20(4194304,nonce,firstkey);
+  string h = crypto_hash_sha256(output);
+  for (i = 0;i < 32;++i) printf("%02x",(unsigned int) (unsigned char) h[i]); printf("\n");
+  return 0;
+}

src/libnacl/tests/stream5.out

@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2

src/libnacl/tests/stream6.cpp

@@ -0,0 +1,27 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_stream_salsa20.h"
+#include "crypto_hash_sha256.h"
+
+char secondkey_bytes[32] = {
+ 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
+,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
+,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
+,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
+} ;
+
+char noncesuffix_bytes[8] = {
+ 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+main()
+{
+  int i;
+  string secondkey(secondkey_bytes,sizeof secondkey_bytes);
+  string noncesuffix(noncesuffix_bytes,sizeof noncesuffix_bytes);
+  string output = crypto_stream_salsa20(4194304,noncesuffix,secondkey);
+  string h = crypto_hash_sha256(output);
+  for (i = 0;i < 32;++i) printf("%02x",(unsigned int) (unsigned char) h[i]); printf("\n");
+  return 0;
+}

src/libnacl/tests/stream6.out

@@ -0,0 +1 @@
+662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2

src/libnacl/tests/stream7.cpp

@@ -0,0 +1,30 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+main()
+{
+  int i;
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string rs = crypto_stream_xsalsa20(32,nonce,firstkey);
+  for (i = 0;i < rs.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) rs[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  return 0;
+}

src/libnacl/tests/stream7.out

@@ -0,0 +1,4 @@
+,0xee,0xa6,0xa7,0x25,0x1c,0x1e,0x72,0x91
+,0x6d,0x11,0xc2,0xcb,0x21,0x4d,0x3c,0x25
+,0x25,0x39,0x12,0x1d,0x8e,0x23,0x4e,0x65
+,0x2d,0x65,0x1f,0xa4,0xc8,0xcf,0xf8,0x80

src/libnacl/tests/stream8.cpp

@@ -0,0 +1,56 @@
+#include <string>
+using std::string;
+#include <stdio.h>
+#include "crypto_stream_xsalsa20.h"
+
+char firstkey_bytes[32] = {
+ 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
+,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
+,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
+,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
+} ;
+
+char nonce_bytes[24] = {
+ 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
+,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
+,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
+} ;
+
+char m_bytes[163] = {
+    0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,   0,   0,   0,   0,   0,   0,   0,   0
+,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
+,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
+,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
+,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
+,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
+,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
+,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
+,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
+,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
+,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
+,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
+,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
+,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
+,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
+,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
+,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
+,0x5e,0x07,0x05
+} ;
+
+main()
+{
+  int i;
+  string firstkey(firstkey_bytes,sizeof firstkey_bytes);
+  string nonce(nonce_bytes,sizeof nonce_bytes);
+  string m(m_bytes,sizeof m_bytes);
+  string c = crypto_stream_xsalsa20_xor(m,nonce,firstkey);
+  for (i = 32;i < c.size();++i) {
+    printf(",0x%02x",(unsigned int) (unsigned char) c[i]);
+    if (i % 8 == 7) printf("\n");
+  }
+  printf("\n");
+  return 0;
+}

src/libnacl/tests/stream8.out

@@ -0,0 +1,17 @@
+,0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73
+,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce
+,0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4
+,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a
+,0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b
+,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72
+,0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2
+,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38
+,0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a
+,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae
+,0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea
+,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda
+,0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde
+,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3
+,0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6
+,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74
+,0xe3,0x55,0xa5

src/libnacl/try-anything.c

@@ -0,0 +1,177 @@
+/*
+ * try-anything.c version 20090215
+ * D. J. Bernstein
+ * Public domain.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#ifndef _WIN32
+# include <sys/resource.h>
+#endif
+#include "cpucycles.h"
+#include "windows/windows-quirks.h"
+
+typedef uint32_t uint32;
+
+static uint32 seed[32] = { 3,1,4,1,5,9,2,6,5,3,5,8,9,7,9,3,2,3,8,4,6,2,6,4,3,3,8,3,2,7,9,5 } ;
+static uint32 in[12];
+static uint32 out[8];
+static int outleft = 0;
+
+#define ROTATE(x,b) (((x) << (b)) | ((x) >> (32 - (b))))
+#define MUSH(i,b) x = t[i] += (((x ^ seed[i]) + sum) ^ ROTATE(x,b));
+
+static void surf(void)
+{
+  uint32 t[12]; uint32 x; uint32 sum = 0;
+  int r; int i; int loop;
+
+  for (i = 0;i < 12;++i) t[i] = in[i] ^ seed[12 + i];
+  for (i = 0;i < 8;++i) out[i] = seed[24 + i];
+  x = t[11];
+  for (loop = 0;loop < 2;++loop) {
+    for (r = 0;r < 16;++r) {
+      sum += 0x9e3779b9;
+      MUSH(0,5) MUSH(1,7) MUSH(2,9) MUSH(3,13)
+      MUSH(4,5) MUSH(5,7) MUSH(6,9) MUSH(7,13)
+      MUSH(8,5) MUSH(9,7) MUSH(10,9) MUSH(11,13)
+    }
+    for (i = 0;i < 8;++i) out[i] ^= t[i + 4];
+  }
+}
+
+void randombytes(unsigned char *x,unsigned long long xlen)
+{
+  while (xlen > 0) {
+    if (!outleft) {
+      if (!++in[0]) if (!++in[1]) if (!++in[2]) ++in[3];
+      surf();
+      outleft = 8;
+    }
+    *x = out[--outleft];
+    ++x;
+    --xlen;
+  }
+}
+
+extern void preallocate(void);
+extern void allocate(void);
+extern void predoit(void);
+extern void doit(void);
+extern char checksum[];
+extern const char *checksum_compute(void);
+extern const char *primitiveimplementation;
+
+static void printword(const char *s)
+{
+  if (!*s) putchar('-');
+  while (*s) {
+    if (*s == ' ') putchar('_');
+    else if (*s == '\t') putchar('_');
+    else if (*s == '\r') putchar('_');
+    else if (*s == '\n') putchar('_');
+    else putchar(*s);
+    ++s;
+  }
+  putchar(' ');
+}
+
+static void printnum(long long x)
+{
+  printf("%lld ",x);
+}
+
+static void fail(const char *why)
+{
+  printf("%s\n",why);
+  exit(111);
+}
+
+unsigned char *alignedcalloc(unsigned long long len)
+{
+  unsigned char *x = (unsigned char *) calloc(1,len + 256);
+  long long i;
+  if (!x) fail("out of memory");
+  /* will never deallocate so shifting is ok */
+  for (i = 0;i < len + 256;++i) x[i] = random();
+  x += 64;
+  x += 63 & (-(unsigned long) x);
+  for (i = 0;i < len;++i) x[i] = 0;
+  return x;
+}
+
+#define TIMINGS 63
+static long long cycles[TIMINGS + 1];
+
+void limits()
+{
+#ifdef RLIM_INFINITY
+  struct rlimit r;
+  r.rlim_cur = 0;
+  r.rlim_max = 0;
+#ifdef RLIMIT_NOFILE
+  setrlimit(RLIMIT_NOFILE,&r);
+#endif
+#ifdef RLIMIT_NPROC
+  setrlimit(RLIMIT_NPROC,&r);
+#endif
+#ifdef RLIMIT_CORE
+  setrlimit(RLIMIT_CORE,&r);
+#endif
+#endif
+}
+
+int main()
+{
+  long long i;
+  long long j;
+  long long abovej;
+  long long belowj;
+  long long checksumcycles;
+  long long cyclespersecond;
+  const char *problem;
+
+  cyclespersecond = cpucycles_persecond();
+  preallocate();
+  limits();
+
+  allocate();
+  srandom(getpid());
+
+  cycles[0] = cpucycles();
+  problem = checksum_compute(); if (problem) fail(problem);
+  cycles[1] = cpucycles();
+  checksumcycles = cycles[1] - cycles[0];
+
+  predoit();
+  for (i = 0;i <= TIMINGS;++i) {
+    cycles[i] = cpucycles();
+  }
+  for (i = 0;i <= TIMINGS;++i) {
+    cycles[i] = cpucycles();
+    doit();
+  }
+  for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+  for (j = 0;j < TIMINGS;++j) {
+    belowj = 0;
+    for (i = 0;i < TIMINGS;++i) if (cycles[i] < cycles[j]) ++belowj;
+    abovej = 0;
+    for (i = 0;i < TIMINGS;++i) if (cycles[i] > cycles[j]) ++abovej;
+    if (belowj * 2 < TIMINGS && abovej * 2 < TIMINGS) break;
+  }
+
+  printword(checksum);
+  printnum(cycles[j]);
+  printnum(checksumcycles);
+  printnum(cyclespersecond);
+  printword(primitiveimplementation);
+  printf("\n");
+  return 0;
+}

src/libnacl/version

@@ -0,0 +1 @@
+20110221

src/libnacl/windows/include/windows-quirks.h

@@ -0,0 +1,18 @@
+
+#include <stdlib.h>
+
+#ifdef _WIN32
+
+static void
+srandom(unsigned seed)
+{
+    srand(seed);
+}
+
+static long
+random(void)
+{
+    return (long) rand();
+}
+
+#endif